Shorewall users - May 2009 - Shorewall 4.0.9

The Shorewall team is pleased to announce the availability of Shorewall
4.0.9.

Problems corrected in Shorewall 4.2.9

1)  The Shorweall-perl 4.2.8 compiler did not rename the output script
    file with the result that:

     a) Shorewall would not start for the first time after
        installation.
     b) Configuration changes were apparently ignored.

2)   Placing a broadcast address in the BROADCAST column of
    /etc/shorewall/interfaces caused Shorewall-perl to generate an
    error:

	ERROR: Invalid BROADCAST address : /etc/shorewall/interfaces\
		 (line 225)

3)  When Shorewall could not determine the MAC address of of a gateway
    router where multiple providers are configured through the same
    interface, invalid iptables-restore input was generated. This
    resulted in an error message similar to the following:

        iptables-restore v1.3.5: Bad mac address `-j''

4)  Shorewall-perl was not processing the tcrules file when
    TC_ENABLED=No.

5)  When ''all'' appeared in the SOURCE column of a DNAT rule,
no rule to
    redirect output from the firewall itself was generated.

6)  The ''shorewall iprange'' command failed to produce a
minimal list of
    networks.

Known Problems Remaining:

1)  When exclusion is used in an entry in /etc/shorewall/hosts, then
    Shorewall-shell produces an invalid iptables rule if any of the
    following OPTIONS are also specified in the entry:

        blacklist
	maclist
	norfc1918
	tcpflags

2)  Shorewall-shell generates inversion rules which produce
    warnings with iptables 1.4.3.

    Example:

    iptables -A  lan2fw  -p 6  --dport 999  -s ! 192.168.20.1  -j ACCEPT

    with iptables 1.4.3.1 the following information message is produced:

    Using intrapositioned negation (`--option ! this`) is deprecated in
    favor of extrapositioned (`! --option this`).

    We don''t intend to fix this. It''s time to migrate to
Shorewall-perl
    anyway.

New Features in Shorewall 4.2.9

1)  Shorewall6 has now been validated on Ubuntu Hardy running kernel
    2.6.24. Shorewall6 is now supported on that kernel version.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables 
unlimited royalty-free distribution of the report engine 
for externally facing server and web deployment. 
http://p.sf.net/sfu/businessobjects

Tom Eastep wrote:
> The Shorewall team is pleased to announce the availability of Shorewall
> 4.0.9.
Duh -- of course we''re talking about 4.2.9...

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables 
unlimited royalty-free distribution of the report engine 
for externally facing server and web deployment. 
http://p.sf.net/sfu/businessobjects