This release just fixes a few bugs. Problems corrected in Shorewall 4.0.11. 1) Previously, when IP_FORWARDING=Yes in shorewall.conf, Shorewall would enable ip forwarding before instantiating the rules. This could lead to incorrect connection tracking entries being created between the time that forwarding was enabled and when the nat table rules were instantiated. Beginning with Shorewall 4.0.11, enabling of forwarding is deferred until after the rules are in place. 2) If /etc/shorewall/vardir is used to move Shorewall''s state directory from /var/lib/shorewall, then the ''stop'' will not delete IP addresses added by ADD_IP_ALIASES=Yes or ADD_SNAT_ALIASES=Yes nor will it delete proxy ARP entries. 3) The init script on Debian now reads and utilizes the value of the OPTIONS variable from /etc/default/shorewall[-lite]. Previously, the value of that variable was not passed to the shorewall[-lite] command. Problems corrected in Shorewall-perl 4.0.11. 1) If both the ESTABLISHED and RELATED sections were present then each connection through chains controlled by a RATE/LIMIT in /etc/shorewall/policies was counted twice toward the limit. 2) If DYNAMIC_ZONES=Yes and an entry in /etc/shorewall/hosts for an IPv4 zone specified ''ipsec'', dynamic IPSEC zone members were mis-handled by the generated ruleset. 3) Previously, Shorewall-perl did not handle rates expressed in bytes/second properly: - The ''bps'' suffix was not recognized - The result was not rounded to the nearest kbit 4) If ADMINISABSENTMINDED=No, entries in /etc/shorewall/routestopped are mis-handled. 5) Shorewall-perl now accepts upper case A through F in the MARK column of the tcclasses file when the mark value is expressed in hex. Previously, only lower-case A through F were accepted. Problems corrected in Shorewall-shell 4.0.11. None. Known Problems Remaining. 1) The ''refresh'' command doesn''t refresh the mangle table. So changes made to /etc/shorewall/providers and/or /etc/shorewall/tcrules may not be reflected in the running ruleset. Other changes in 4.0.11. None. -The Shorewall Team ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/