Problems corrected in Shorewall-perl 4.0.8.
1) Mark tests (such as in the TEST column of tcrules or the MARK
column of the rules file) were ignoring the value 0. As part of
this fix, the default mask generated by entries in these columns
has been changed from 0xFF to 0xFFFF for compatibility with
Shorewall-shell.
2) The compilation date recorded in the firewall.conf file produced by
Shorewall-perl was previously mangled.
3) The ability to specify a DEST IP range (round-robin) in a DNAT rule
has been restored. In versions 4.0.5 - 4.0.7, an IP range was
incorrectly flagged as an error.
Problems corrected in Shorewall-shell 4.0.8.
1) Shorewall-shell now properly parses comma separated SOURCE (formerly
SUBNET) values in the masq configuration file. Previously, the comma
separated list was not split up into its components, resulting in an
invalid address being passed to the iptables command.
Example:
# /etc/shorewall/masq
#INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC
eth0 192.168.2.1,192.168.2.3
Known Problems Remaining.
1) The ''refresh'' command doesn''t refresh the mangle
table. So changes
made to /etc/shorewall/providers and/or /etc/shorewall/tcrules may
not be reflected in the running ruleset.
Other changes in 4.0.8.
None.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/