This update will be of interest to you if you use dynamic zones or if
you have an /etc/shorewall/start file and use the ''save''
command.
http://shorewall.net/pub/shorewall/2.0/shorewall-2.0.12
ftp://shorewall.net/pub/shorewall/2.0/shorewall-2.0.12
Problems Corrected:
1. A typo in shorewall.conf (NETNOTSYN) has been corrected.
2. The "shorewall add" and "shorewall delete" commands
now work in
a bridged environment. The syntax is:
shorewall add <interface>[:<bridge port>][:<address>]
<zone>
shorewall delete <interface>[:<bridge
port>][:<address>] <zone>
Examples:
shorewall add br0:eth2:192.168.1.3 OK
shorewall delete br0:eth2:192.168.1.3 OK
3. Previously, "shorewall save" created an out-of-sequence
restore
script. The commands saved in the user''s /etc/shorewall/start
script were executed prior to the Netfilter configuration being
restored. This has been corrected so that "shorewall save" now
places those commands at the end of the script.
To accomplish this change, the "restore base" file
(/var/lib/shorewall/restore-base) has been split into two files:
/var/lib/shorewall/restore-base -- commands to be executed
before the Netfilter configuration is restored.
/var/lib/shorewall/restore-tail -- commands to be executed
after the Netfilter configuration is restored.
4. Previously, traffic from the firewall to a dynamic zone member
host did not need to match the interface specified when the host
was added to the zone. For example, if eth0:1.2.3.4 is added to
dynamic zone Z then traffic out of any firewall interface to
1.2.3.4 will obey the fw->Z policies and rules. This has been
corrected.
New Features:
1. Variable expansion may now be used with the INCLUDE directive.
Example:
/etc/shorewall/params
FILE=/etc/foo/bar
Any other config file:
INCLUDE $FILE
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key