Just a bug-fix roll up:
Problems corrected in 3.0.7
1) Previously, if your kernel did not supply the mangle table FORWARD
chain then "shorewall [re]start" would fail. Now, if your mangle
table does not supply this chain Shorewall will avoid using either
that chain or the mangle table POSTROUTING chain. This change is
strictly to stop Shorewall from blowing up during [re]start on very
old kernels (such as 2.4.17 running on a PS2); if your kernel does
not support these chains and you try to mark packets in either of
them using entries in /etc/shorewall/tcrules, [re]start will fail.
2) Previously, if there were more than 10 IP addresses on a multi-ISP
interface, some of the routing rules generated by Shorewall were
placed after the default rule which resulted in them not being
recognized.
3) When install.sh is used to install on a Debian or Ubuntu system, the
SUBSYSLOCK option in shorewall.conf was not being cleared.
It will now be cleared, provided that Perl is installed on the
system.
4) When exclusion lists appeared in the /etc/shorewall/tcrules file,
the resulting ''exclusion chains'' (whose names begin with
''excl_'')
were not deleted as part of ''shorewall [re]start''. This
meant that
''refresh'' would fail, either the first or second time that
it was
done since the last ''shorewall [re]start''.
Other changes in 3.0.7
None.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key