Shorewall users - Nov 2011 - Shorewall 4.4.26 Beta 1

Beta 1 is now available for testing.

----------------------------------------------------------------------------
  I.  P R O B L E M S   C O R R E C T E D   I N   T H I S  R E L E A S E
----------------------------------------------------------------------------

1)  In 4.4.25, ACCEPT behaved in the BLACKLIST section the same way
    as in the other rules file sections. This could lead to connections
    being accepted inadvertently.

    Now, ACCEPT behaves like WHITELIST; that is, it exempts the packet
    from the remaining rules in the BLACKLIST section.

----------------------------------------------------------------------------
           I I.  K N O W N   P R O B L E M S   R E M A I N I N G
----------------------------------------------------------------------------

1)  On systems running Upstart, shorewall-init cannot reliably secure
    the firewall before interfaces are brought up.

----------------------------------------------------------------------------
      I I I.  N E W   F E A T U R E S   I N   T H I S  R E L E A S E
----------------------------------------------------------------------------

1)  A new ''blrules'' file has been added as an alternative to
rules in
    the BLACKLIST section of the rules file. When rules are present in
    both the blrules file and in the BLACKLIST section, those in
    blrules are processed first.

2)  A ''-b'' option has been added to the
''update'' command. In addition
    to updating the shorewall.conf file (shorewall6.conf), this option
    causes the compiler to convert your current legacy blacklist
    configuration to use the new blrules file.

    Changes include:

    a) blrules is populated with entries equivalent to your existing
       blacklist file.

    b) Your existing blacklist file is renamed blacklist.bak.

    c) The ''blacklist'' keyword is removed from your zones,
interfaces
       and hosts files. When one of these files is modified, the
       unmodified original is saved in a .bak file.

3)  The Debian init scripts now support a ''status'' command. 

Thank you for testing,
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1