Shorewall users - Jul 2007 - Shorewall 4.0.0 RC2

1)     Shorewall-perl now correctly permits zones of type
''ipsec'' in the
         ZONE column of /etc/shorewall/tunnels.

2)  The shorewall-common install.sh may now be run multiple times from
    the same directory. Previously, the manpages were gzipped in-place
    which made it impossible to rerun the script.

3)  The implementation of LITEDIR has always been
    unsatisfactory. Furthermore, there have been other cases where
    people have asked to be able to designate the state directory
    (default /var/lib/shorewall[-lite]).

    To meet these objectives:

    a)  The LITEDIR variable has been eliminated in
        /usr/share/shorewall[-lite]/configpath.

    b)  A new file /etc/shorewall[-lite]/vardir has been added. This
        file is not created by default but may be added as needed. It
        is expected to contain a single variable assignment:

	   VARDIR=<directory>

	Example:

	   VARDIR=/root/shorewall
    
    To change VARDIR, copy the old directory to the new one before you
    restart Shorewall[-lite].

    To use this feature with Shorewall-lite, all packages involved
    (compiler, shorewall-common and shorewall-lite) must be version
    4.0.0-RC2 or later.

4)  Several bugs in Shorewall-perl''s handling of ipsec zones have been
    corrected.

Other changes in Shorewall 4.0.0 RC 2.

1)  The -f option is no longer the default when Shorewall is started at
    boot time (usually via /etc/init.d/shorewall). With Shorewall-perl,
    "shorewall start" is nearly as fast as "shorewall
restore" and
    "shorewall start" uses the current configuration which avoids
    confusion.

2)  Code in Shorewall-perl that allowed it to run under Shorewall 3.4
    has been removed (although it might still work under 3.4.4).

3)  Tuomo Soini has contributed bi-directional macros for various
    tunnel types:

	  IPsecah
	  GRE
	  IPsec
	  IPIP
	  IPsecnat
	  L2TP
-Tom


-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key




-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/