Shorewall 4.0.7 is available for download.
Problems corrected in Shorewall 4.0.7
1) If any of the following files was missing, a harmless Perl warning
was issued:
accounting
maclist
masq
nat
netmap
rfc1918
routestopped
tunnels
This problem was experienced mostly by Debian users and users of
Debian derivatives such as Ubuntu.
2) The iptables utility doesn''t retry operations that fail due to
resource shortage. Beginning with this release, Shorewall reruns
iptables when such a failure occurs.
3) Previously, Shorewall-perl did not accept log levels in upper case
(e.g., INFO). Beginning with 4.0.7, log levels are treated in a
case-insensitive manner by Shorewall-perl.
4) The column headers in macro files were not aligned. This has been
corrected, along with some inaccuracies in the macro.template file.
5) The shorewall.conf files in the Samples did not contain some
recently-defined options. They are now up to date.
6) The names of the Jabber macros were shuffled. They are now named
correctly.
7) If ADD_IP_ALIASES=Yes, an alias was incorrectly added when the
specified INTERFACE ended with ":" (e.g., eth0:).
8) Shorewall-shell generated an incorrect iptables rule from the
following:
/etc/shorewall/rules:
ACCEPT loc:eth0:~00-02-02-02-02-02 ...
/etc/shorewall/tcrules:
xxxx eth0:~00-02-02-02-02-02 ...
Known Problems Remaining.
1) The ''refresh'' command doesn''t refresh the mangle
table. So changes
made to /etc/shorewall/providers and/or /etc/shorewall/tcrules may
not be reflected in the running ruleset.
Other changes in 4.0.7
1) If the program named in SHOREWALL_SHELL doesn''t exist or is not
executable, Shorewall and Shorewall-lite now both fall back to
/bin/sh after issuing a warning message. Previously, both
terminated with a fatal error.
2) The error message has been improved when a non-root user attempts
"shorewall show capabilities".
3) Shorewall-perl now generates fatal error conditions when there are
no IPv4 zones defined and when there are no interfaces defined.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/