http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta7 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta7 Problems Corrected: 1. The "shorewall add" and "shorewall delete" commands now work in a bridged environment. The syntax is: shorewall add <interface>[:<port>]:<address> <zone> shorewall delete <interface>[:<port>]:<address> <zone> Examples: shorewall add br0:eth2:192.168.1.3 OK shorewall delete br0:eth2:192.168.1.3 OK 2. Previously, "shorewall save" created an out-of-sequence restore script. The commands saved in the user''s /etc/shorewall/start script were executed prior to the Netfilter configuration being restored. This has been corrected so that "shorewall save" now places those commands at the end of the script. To accomplish this change, the "restore base" file (/var/lib/shorewall/restore-base) has been split into two files: /var/lib/shorewall/restore-base -- commands to be executed before Netfilter the configuration is restored. /var/lib/shorewall/restore-tail -- commands to be executed after the Netfilter configuration is restored. 3. Previously, traffic from the firewall to a dynamic zone member host did not need to match the interface specified when the host was added to the zone. For example, if eth0:1.2.3.4 is added to dynamic zone Z then traffic out of any firewall interface to 1.2.3.4 will obey the fw->Z policies and rules. This has been corrected. 4. Shorewall uses the temporary chain ''fooX1234'' to probe iptables for detrmining which features are supported. Previously, if that chain happened to exist when Shorewall was run, capabilities were mis-detected. New Features: 1. The output of "shorewall status" now includes the results of "ip -stat link ls". This helps diagnose performance problems caused by link errors. 2. Previously, when rate-limiting was specified in /etc/shorewall/policy (LIMIT:BURST column), any traffic which exceeded the specified rate was silently dropped. Now, if a log level is given in the entry (LEVEL column) then drops are logged at that level at a rate of 5/min with a burst of 5. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key