The Shorewall team is pleased to announce the availability of Shorewall 4.4.3. ---------------------------------------------------------------------------- P R O B L E M S C O R R E C T E D I N 4 . 4 . 3 ---------------------------------------------------------------------------- 1. Previously, if ''routeback'' was specified in /etc/shorewall/routestopped: a) ''shorewall check'' produced an internal error b) The ''routeback'' option didn''t work 2) If an alias IP address was added and RETAIN_ALIASES=No in shorewall.conf, then a compiler internal error resulted. 3) Previously, the generated script would try to detect the values for all run-time variables (such as IP addresses), regardless of what command was being executed. Now, this information is only detected when it is needed. 4) Nested zones where the parent zone was defined by a wildcard interface (name ends with +) in /etc/shorewall/interfaces did not work correctly in some cases. 5) IPv4 addresses embedded in IPv6 (e.g., ::192.168.1.5) were incorrectly reported as invalid. 6) Under certain circumstances, optional providers were not detected as being usable. Additionally, the messages issued when an optional provider was not usable were confusing; the message intended to be issued when the provider shared an interface ("WARNING: Gateway <gateway> is not reachable -- Provider <name> (<number>) not Added") was being issued when the provider did not share an interface. Similarly, the message intended to be issued when the provider did not share an interface ("WARNING: Interface <interface> is not usable -- Provider <name> (<number>) not Added") was being issued when the provider did share an interface. ---------------------------------------------------------------------------- K N O W N P R O B L E M S R E M A I N I N G ---------------------------------------------------------------------------- None. ---------------------------------------------------------------------------- N E W F E A T U R E S I N 4 . 4 . 3 ---------------------------------------------------------------------------- 1) On Debian systems, a default installation will now set INITLOG=/dev/null in /etc/default/shorewall. In all configurations, the default values for the log variables are changed to: STARTUP_LOG=/var/log/shorewall-init.log LOG_VERBOSITY=2 The effect is much the same as the old defaults, with the exception that: a) Start, stop, etc. commands issued through /sbin/shorewall will be logged. b) Logging will occur at maximum verbosity. c) Log entries will be date/time stamped. On non-Debian systems, new installs will now log all Shorewall commands to /var/log/shorewall-init.log. 2) A new TRACK_PROVIDERS option has been added in shorewall.conf. The value of this option becomes the default for the ''track'' provider option in /etc/shorewall/providers. 3) A new ''limit'' option has been added to /etc/shorewall/tcclasses. This option specifies the number of packets that are allowed to be queued within the class. Packets exceeding this limit are dropped. The default value is 127 which is the value that earlier versions of Shorewall used. The option is ignored with a warning if the ''pfifo'' option has been specified. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference
> ---------------------------------------------------------------------------- > N E W F E A T U R E S I N 4 . 4 . 3 > ---------------------------------------------------------------------------- > > 1) On Debian systems, a default installation will now set > INITLOG=/dev/null in /etc/default/shorewall. In all configurations, > the default values for the log variables are changed to: > > STARTUP_LOG=/var/log/shorewall-init.log > LOG_VERBOSITY=2Hi Tom, I have added attached patch and logrotate script to my RPMs. The patch makes sure the log files don''t reveal too much information to everybody. The logrotate script makes sure the log files won''t become too large. Is it something to put into upstream? (don''t know exactly about logrotate on other distributions) As always, thanks for your good work! Regards, Simon ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference
Simon Matter wrote:>> ---------------------------------------------------------------------------- >> N E W F E A T U R E S I N 4 . 4 . 3 >> ---------------------------------------------------------------------------- >> >> 1) On Debian systems, a default installation will now set >> INITLOG=/dev/null in /etc/default/shorewall. In all configurations, >> the default values for the log variables are changed to: >> >> STARTUP_LOG=/var/log/shorewall-init.log >> LOG_VERBOSITY=2 > > Hi Tom, > > I have added attached patch and logrotate script to my RPMs. The patch > makes sure the log files don''t reveal too much information to everybody. > The logrotate script makes sure the log files won''t become too large. Is > it something to put into upstream? (don''t know exactly about logrotate on > other distributions) > > As always, thanks for your good work!Hi Simon, Thanks for the patch. I''ve added logrotate files to all four packages for 4.4.4. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference
> Simon Matter wrote: >>> ---------------------------------------------------------------------------- >>> N E W F E A T U R E S I N 4 . 4 . 3 >>> ---------------------------------------------------------------------------- >>> >>> 1) On Debian systems, a default installation will now set >>> INITLOG=/dev/null in /etc/default/shorewall. In all configurations, >>> the default values for the log variables are changed to: >>> >>> STARTUP_LOG=/var/log/shorewall-init.log >>> LOG_VERBOSITY=2 >> >> Hi Tom, >> >> I have added attached patch and logrotate script to my RPMs. The patch >> makes sure the log files don''t reveal too much information to everybody. >> The logrotate script makes sure the log files won''t become too large. Is >> it something to put into upstream? (don''t know exactly about logrotate >> on >> other distributions) >> >> As always, thanks for your good work! > > Hi Simon, > > Thanks for the patch. I''ve added logrotate files to all four packages > for 4.4.4.Thanks Tom, I guess this one is a typo? Regards, Simon --- a/Shorewall-lite/install.sh +++ b/Shorewall-lite/install.sh @@ -1,4 +1,4 @@ -#!/bin/sh +\#!/bin/sh # # Script to install Shoreline Firewall Lite # ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what''s new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
Simon Matter wrote:>> Simon Matter wrote: >>>> ---------------------------------------------------------------------------- >>>> N E W F E A T U R E S I N 4 . 4 . 3 >>>> ---------------------------------------------------------------------------- >>>> >>>> 1) On Debian systems, a default installation will now set >>>> INITLOG=/dev/null in /etc/default/shorewall. In all configurations, >>>> the default values for the log variables are changed to: >>>> >>>> STARTUP_LOG=/var/log/shorewall-init.log >>>> LOG_VERBOSITY=2 >>> Hi Tom, >>> >>> I have added attached patch and logrotate script to my RPMs. The patch >>> makes sure the log files don''t reveal too much information to everybody. >>> The logrotate script makes sure the log files won''t become too large. Is >>> it something to put into upstream? (don''t know exactly about logrotate >>> on >>> other distributions) >>> >>> As always, thanks for your good work! >> Hi Simon, >> >> Thanks for the patch. I''ve added logrotate files to all four packages >> for 4.4.4. > > Thanks Tom, > > I guess this one is a typo?Yes, thanks. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what''s new with Crystal Reports now. http://p.sf.net/sfu/bobj-july