Shorewall users - Dec 2007 - Shorewall 4.0.7

Shorewall 4.0.7 is available for download.

Problems corrected in Shorewall 4.0.7

1)  If any of the following files was missing, a harmless Perl warning
    was issued:

       accounting
       maclist
       masq
       nat
       netmap
       rfc1918
       routestopped
       tunnels

    This problem was experienced mostly by Debian users and users of
    Debian derivatives such as Ubuntu.

2)  The iptables utility doesn''t retry operations that fail due to
    resource shortage. Beginning with this release, Shorewall reruns
    iptables when such a failure occurs.

3)  Previously, Shorewall-perl did not accept log levels in upper case
    (e.g., INFO). Beginning with 4.0.7, log levels are treated in a
    case-insensitive manner by Shorewall-perl.

4)  The column headers in macro files were not aligned. This has been
    corrected, along with some inaccuracies in the macro.template file.

5)  The shorewall.conf files in the Samples did not contain some
    recently-defined options. They are now up to date.

6)  The names of the Jabber macros were shuffled. They are now named
    correctly.

7)  If ADD_IP_ALIASES=Yes, an alias was incorrectly added when the
    specified INTERFACE ended with ":" (e.g., eth0:).

8)  Shorewall-shell generated an incorrect iptables rule from the
    following:

    /etc/shorewall/rules:

    ACCEPT     loc:eth0:~00-02-02-02-02-02  ...

    /etc/shorewall/tcrules:

    xxxx        eth0:~00-02-02-02-02-02 ...

Known Problems Remaining.

1)  The ''refresh'' command doesn''t refresh the mangle
table. So changes
    made to /etc/shorewall/providers and/or /etc/shorewall/tcrules may
    not be reflected in the running ruleset.

Other changes in 4.0.7

1)  If the program named in SHOREWALL_SHELL doesn''t exist or is not
    executable, Shorewall and Shorewall-lite now both fall back to
    /bin/sh after issuing a warning message. Previously, both
    terminated with a fatal error.

2)  The error message has been improved when a non-root user attempts
    "shorewall show capabilities".

3)  Shorewall-perl now generates fatal error conditions when there are
    no IPv4 zones defined and when there are no interfaces defined.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

On Wed, Dec 26, 2007 at 05:11:47PM -0800, Tom Eastep
wrote:
> Shorewall 4.0.7 is available for download.
> 
Debian packages are now available for unstable from the official
repository and for Etch from my personal repository (see my signature).

Regards,

-Roberto
-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/