Shorewall users - Sep 2006 - Shorewall 3.2.4

Shorewall 3.2.4 is available at a mirror near you.

The release notes for both Shorewall 3.2.4 and Shorewall Lite 3.2.4 may be
viewed at
http://www.shorewall.net/pub/shorewall/3.2/shorewall-3.2.4/releasenotes.txt

One change is worth noting -- while it won''t cause you any new problems
if you
ignore it, it can speed up "shorewall[-lite] [re]start" and reduce
kernel RAM
requirements. What follows also applies to Shorewall Lite users -- simply change
the ''shorewall'' directory name to
''shorewall-lite''.

From the release note''s ''Problems Corrected'':

2)  Previous, when /usr/share/shorewall/xmodules had been copied to
    /etc/shorewall/modules, Shorewall was not looking in the correct
    directory for the "xt_..." modules. There are two parts to the
fix:

    - The /usr/share/shorewall/xmodules file has been removed. The
      /usr/share/shorewall/modules file will now load all required
      modules regardless of which kernel version you are running.
    - The MODULESDIR option can now contain a colon-separated list of
      directories to search for modules with the default being:

      /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter:/lib/modules/$(uname
-r)/kernel/net/netfilter

And from the Migration Considerations:

     /usr/share/shorewall/modules contains a *lot* of modules. If you
     use module autoloading (which non-embedded Linux distributions
     do), then you can improve your "shorewall [re]start" time by
     trimming all but the helper modules from the file. To do that,
     create the file /etc/shorewall/modules with the following entries:

        loadmodule ip_conntrack_amanda
	loadmodule ip_conntrack_ftp
	loadmodule ip_conntrack_irc
	loadmodule ip_conntrack_netbios_ns
	loadmodule ip_conntrack_pptp
	loadmodule ip_conntrack_tftp
        loadmodule ip_nat_amanda
	loadmodule ip_nat_ftp
	loadmodule ip_nat_irc
	loadmodule ip_nat_pptp
	loadmodule ip_nat_snmp_basic
	loadmodule ip_nat_tftp

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

_______________________________________________
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel