Shorewall users - Dec 2004 - Shorewall 2.2.0 Beta 7

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta7
ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta7

Problems Corrected:

     1. The "shorewall add" and "shorewall delete" commands
now work in
        a bridged environment. The syntax is:
         
              shorewall add <interface>[:<port>]:<address>
<zone>
              shorewall delete <interface>[:<port>]:<address>
<zone>
         
           Examples:
         
              shorewall add br0:eth2:192.168.1.3 OK
              shorewall delete br0:eth2:192.168.1.3 OK
        
     2. Previously, "shorewall save" created an out-of-sequence
restore
        script. The commands saved in the user''s /etc/shorewall/start
        script were executed prior to the Netfilter configuration being
        restored. This has been corrected so that "shorewall save" now
        places those commands at the end of the script.
        
        To accomplish this change, the "restore base" file
        (/var/lib/shorewall/restore-base) has been split into two files:
         
        /var/lib/shorewall/restore-base -- commands to be executed
        before Netfilter the configuration is restored.
         
        /var/lib/shorewall/restore-tail -- commands to be executed after
        the Netfilter configuration is restored.
        
     3. Previously, traffic from the firewall to a dynamic zone member
        host did not need to match the interface specified when the host
        was added to the zone. For example, if eth0:1.2.3.4 is added to
        dynamic zone Z then traffic out of any firewall interface to
        1.2.3.4 will obey the fw->Z policies and rules. This has been
        corrected.
     4. Shorewall uses the temporary chain ''fooX1234'' to probe
iptables
        for detrmining which features are supported. Previously, if that
        chain happened to exist when Shorewall was run, capabilities
        were mis-detected.

New Features:

     1. The output of "shorewall status" now includes the results of
"ip
        -stat link ls". This helps diagnose performance problems caused
        by link errors.
     2. Previously, when rate-limiting was specified
        in /etc/shorewall/policy (LIMIT:BURST column), any traffic which
        exceeded the specified rate was silently dropped. Now, if a log
        level is given in the entry (LEVEL column) then drops are logged
        at that level at a rate of 5/min with a burst of 5.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key