Shorewall users - Jun 2009 - Shorewall 4.4.0 Beta 2

Shorewall 4.4.0 Beta 2 is now available for download.

http://www.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-Beta2/
ftp://ftp.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-Beta2

----------------------------------------------------------------------------
          P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 0  Beta 2
----------------------------------------------------------------------------

1)  The find_first_interface_address() and
    find_first_interface_addresss_if_any() functions were not in scope when
    /etc/shorewall/params was processed.

2)  The compiled script could fail with an error such as the following
    when the internal traffic shaper was enabled:

    ERROR: Command "tc qdisc add dev dsl0 root handle 1: htb
           default 0 r2q 5.5" Failed

3)  The help output from the install.sh scripts mentioned the
''-n''
    option but support for that option has been removed.

4)  The ''continue'' script is no longer used in Shorewall 4.4
but it was
    still being released.

----------------------------------------------------------------------------
             K N O W N   P R O B L E M S   R E M A I N I N G
----------------------------------------------------------------------------

None.

----------------------------------------------------------------------------
                N E W   F E A T U R E S   I N   4 . 4 . 0 Beta 2
----------------------------------------------------------------------------

1)  A ''upnpclient'' option has been added to
    /etc/shorewall/interfaces. This option is intended for laptop users
    who always run Shorewall on their system yet need to run
    UPnP-enabled client apps such as Transmission (BitTorrent client).

    The option causes Shorewall to detect the default gateway through
    the interface and to accept UDP packets from that gateway. Note
    that, like all aspects of UPnP, this is a security hole so use this
    option at your own risk.

2)  ''iptrace'' and ''noiptrace'' commands have
been added to both
    /sbin/shorewall and /sbin/shorewall6.

    These are low-level debugging commands that cause
    iptables/ip6tables TRACE log messages to be generated. See ''man
    iptables'' and ''man ip6tables'' for details.

    The syntax for the commands is:

        iptrace <iptables/ip6tables match expression>
        noiptrace <iptables/ip6tables match expression>

    iptrace starts the trace; noiptrace turns it off.

    The  match expression must be an expression that is legal in both
    the raw table OUTPUT and PREROUTING chains.

    Examaple:

        To trace all packets destined for IP address 206.124.146.176:

           shorewall iptrace -d 206.124.146.176

        To turn that trace off:

           shorewall noiptrace -d 206.124.146.176

3)  A USER/GROUP column has been added to /etc/shorewall/masq. The
    column works similarly to USER/GROUP columns in other Shorewall
    configuration files. Only locally-generated traffic is matched.

4)  A new extension script, ''lib.private'' has been added. This
file is
    intended to include declarations of shell functions that will be
    called by the other run-time extension scripts.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________





------------------------------------------------------------------------------
Are you an open source citizen? Join us for the Open Source Bridge conference!
Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250.
Need another reason to go? 24-hour hacker lounge. Register today!
http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org