For those of you who haven''t noticed, 4.0.12 was released last weekend (and I just uploaded 4.0.12.1) Problems corrected in Shorewall-perl 4.0.12. 1) A value of 0 in the IN-BANDWITCH column of the tcdevices file caused Shorewall-perl to divide by zero. 2) Except in /etc/shorewall/hosts, ipset names may now be preceded by ''!'' to specify that matching IP addresses are not members of the set. Known Problems Remaining. 1) The ''refresh'' command doesn''t refresh the mangle table. So changes made to /etc/shorewall/providers and/or /etc/shorewall/tcrules may not be reflected in the running ruleset. Other changes in Shorewall 4.0.12. None. 4.0.12.1 fixes this problem introduced in 4.0.11: 1) The 4.0.11 change which defers setting up ip forwarding until the rules are in place did not handle the ''restore'' command correctly. So if ''-f'' is specified to the ''start'' command and there is a saved configuration, the setting of ip forwarding will not be changed. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php