Beta 2 is now available for testing.
Problems Corrected:
1) A line containing only ''INCLUDE'' appearing in an extension
script
now generates a compile-time diagnostic rather than a run-time
diagnostic.
2) Previously, the uninstall.sh scripts used insserv (if installed) on
Debian-based systems. These scripts now used the preferred tool
(updaterc.d).
3) Beginning with 4.4.16, compilation would fail if an empty shell
variable was referenced in a config file on a system where /bin/sh
is the Bourne Again Shell (bash).
4) In earlier versions. if OPTIMIZE=8 then the ruleset displayed by
''check -r'' was the same as when OPTIMIZE=0
(unoptimized). Similarly, if OPTIMIZE=9 then the ruleset displayed
was the same as when OPTIMIZE=1.
5) Startup could previously fail on a system where module autoloading
was not available and where TC_ENABLED=Simple was specified in
shorewall.conf.
New Features:
1) Traditionally, the -lite products have used the modules (or
helpers) file on the firewall system unless there is a modules (or
helpers) file in the configuration directory. This release
introduces the USE_LOCAL_MODULES option in shorewall[6].conf.
When USE_LOCAL_MODULES=Yes, the modules (helpers) file on the
administrative system will be used to determine the set of modules
loaded.
2) Given that shell variables are expanded at compile time, there was
previously no way to cause such variables to be expended at run
time. This made it difficult (to impossible) to include dynamic IP
addresses in a Shorewall-lite configuration.
This release implements "Run-time address variables". In
configuration files, these variables are expressed as an apersand
(''&'') followed by the name of an interface defined in
/etc/shorewall/interfaces.
Example:
ð0 would represent the primary IP address of eth0.
Run-time address variables may be used in the SOURCE and DEST
column of the following configuration files:
accounting
action files
blacklist
macro files
rules
tcrules
tos
They may also appear in the ORIGINAL DEST column of
action files
macro files
rules
For optional interfaces, if the interface is not usable at the time
that the firewall starts the all-zero address will be used (0.0.0.0
in IPv4 and :: in IPv6), resulting in no packets matching the rule.
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d