Happy New Year, everyone.
With the new year, comes a new major version of Shorewall. The reasons
for opening a new version are:
1. The packaging and dependencies have changed in this release.
2. There are minor migration issues.
----------------------------------------------------------------------------
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) The start and restart commands in Shorewall Lite and Shorewall6
Lite now correctly handle the ''trace'' and
''debug''
keywords. Previously, those keywords were ignored.
----------------------------------------------------------------------------
I I. K N O W N P R O B L E M S R E M A I N I N G
----------------------------------------------------------------------------
1) On systems running Upstart, shorewall-init cannot reliably secure
the firewall before interfaces are brought up.
----------------------------------------------------------------------------
I I I. N E W F E A T U R E S I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) The rules generated by the following interface options are now
traversed after those generated by the blrules file.
dhcp
maclist
nosmurfs
sfilter
tcpflags
As part of this change, the BLACKLIST section in the rules file has
been eliminated. If you have rules in that section, you must move
them to the blrules file prior to installing this Shorewall
version.
2) The timeout interval after which the previous state is restored
may now be specified in the safe-start and safe-restart commands.
3) The packing of the Shorewall products has been changed. Beginning
with this release, the packages are:
- Shorewall Core -- Core libraries installed in
/usr/share/shorewall/
- Shorewall -- Requires Shorewall Core. Together with
Shorewall Core, provides IPv4 firewalling.
- Shorewall6 -- Requires Shorewall. Provides IPv6 firewalling.
- Shorewall Lite -- Requires Shorewall Core. As before.
- Shorewall6 Lite -- Requires Shorewall Core. As before.
- Shorewall Init -- As before.
----------------------------------------------------------------------------
V. M I G R A T I O N I S S U E S
----------------------------------------------------------------------------
1) If you are migrating from Shorewall 4.2.x or earlier, please see
http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.27/releasenotes.txt
2) The BLACKLIST section of the rules file has been eliminated.
If you have entries in that file section, you must move them to the
blrules file.
3) This version of Shorewall requires the Digest::SHA1 Perl module.
Debian: lib-digest-sha1-perl
Fedora: perl-Digest-SHA1
OpenSuSE: perl-Digest-SHA1
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don''t need a
complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
Hello Tom, Thank you very much for new features and possibilities, but very sad that you didn''t unified install/uninstall scripts for IPv4 and IPv6 versions in new branch, all the more so work was done already (I sent you new fixed versions). I hoped this can decrease troubles for users during installation. Regards, Alex 2012/1/2 Tom Eastep <teastep@shorewall.net>> Happy New Year, everyone. > > With the new year, comes a new major version of Shorewall. The reasons > for opening a new version are: > > 1. The packaging and dependencies have changed in this release. > 2. There are minor migration issues. > > > ---------------------------------------------------------------------------- > I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E > > ---------------------------------------------------------------------------- > > 1) The start and restart commands in Shorewall Lite and Shorewall6 > Lite now correctly handle the ''trace'' and ''debug'' > keywords. Previously, those keywords were ignored. > > > ---------------------------------------------------------------------------- > I I. K N O W N P R O B L E M S R E M A I N I N G > > ---------------------------------------------------------------------------- > > 1) On systems running Upstart, shorewall-init cannot reliably secure > the firewall before interfaces are brought up. > > > ---------------------------------------------------------------------------- > I I I. N E W F E A T U R E S I N T H I S R E L E A S E > > ---------------------------------------------------------------------------- > > 1) The rules generated by the following interface options are now > traversed after those generated by the blrules file. > > dhcp > maclist > nosmurfs > sfilter > tcpflags > > As part of this change, the BLACKLIST section in the rules file has > been eliminated. If you have rules in that section, you must move > them to the blrules file prior to installing this Shorewall > version. > > 2) The timeout interval after which the previous state is restored > may now be specified in the safe-start and safe-restart commands. > > 3) The packing of the Shorewall products has been changed. Beginning > with this release, the packages are: > > - Shorewall Core -- Core libraries installed in > /usr/share/shorewall/ > > - Shorewall -- Requires Shorewall Core. Together with > Shorewall Core, provides IPv4 firewalling. > > - Shorewall6 -- Requires Shorewall. Provides IPv6 firewalling. > > - Shorewall Lite -- Requires Shorewall Core. As before. > > - Shorewall6 Lite -- Requires Shorewall Core. As before. > > - Shorewall Init -- As before. > > > ---------------------------------------------------------------------------- > V. M I G R A T I O N I S S U E S > > ---------------------------------------------------------------------------- > > 1) If you are migrating from Shorewall 4.2.x or earlier, please see > > > http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.27/releasenotes.txt > > 2) The BLACKLIST section of the rules file has been eliminated. > If you have entries in that file section, you must move them to the > blrules file. > > 3) This version of Shorewall requires the Digest::SHA1 Perl module. > > Debian: lib-digest-sha1-perl > Fedora: perl-Digest-SHA1 > OpenSuSE: perl-Digest-SHA1 > > Thank you for testing, > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > > ------------------------------------------------------------------------------ > Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don''t need a complex > infrastructure or vast IT resources to deliver seamless, secure access to > virtual desktops. With this all-in-one solution, easily deploy virtual > desktops for less than the cost of PCs and save 60% on VDI infrastructure > costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev
Hello Alex, The unification process is far from complete. Please consider Beta 1 as "a good first step". I don''t expect to release 4.5.0 for a couple of months yet. Thanks, -Tom On Jan 3, 2012, at 3:13 AM, alex wrote:> Hello Tom, > > Thank you very much for new features and possibilities, but very sad that you didn''t unified install/uninstall scripts for IPv4 and IPv6 versions in new branch, all the more so work was done already (I sent you new fixed versions). > I hoped this can decrease troubles for users during installation. > > > Regards, > Alex > > > > 2012/1/2 Tom Eastep <teastep@shorewall.net> > Happy New Year, everyone. > > With the new year, comes a new major version of Shorewall. The reasons > for opening a new version are: > > 1. The packaging and dependencies have changed in this release. > 2. There are minor migration issues. > > ---------------------------------------------------------------------------- > I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E > ---------------------------------------------------------------------------- > > 1) The start and restart commands in Shorewall Lite and Shorewall6 > Lite now correctly handle the ''trace'' and ''debug'' > keywords. Previously, those keywords were ignored. > > ---------------------------------------------------------------------------- > I I. K N O W N P R O B L E M S R E M A I N I N G > ---------------------------------------------------------------------------- > > 1) On systems running Upstart, shorewall-init cannot reliably secure > the firewall before interfaces are brought up. > > ---------------------------------------------------------------------------- > I I I. N E W F E A T U R E S I N T H I S R E L E A S E > ---------------------------------------------------------------------------- > > 1) The rules generated by the following interface options are now > traversed after those generated by the blrules file. > > dhcp > maclist > nosmurfs > sfilter > tcpflags > > As part of this change, the BLACKLIST section in the rules file has > been eliminated. If you have rules in that section, you must move > them to the blrules file prior to installing this Shorewall > version. > > 2) The timeout interval after which the previous state is restored > may now be specified in the safe-start and safe-restart commands. > > 3) The packing of the Shorewall products has been changed. Beginning > with this release, the packages are: > > - Shorewall Core -- Core libraries installed in > /usr/share/shorewall/ > > - Shorewall -- Requires Shorewall Core. Together with > Shorewall Core, provides IPv4 firewalling. > > - Shorewall6 -- Requires Shorewall. Provides IPv6 firewalling. > > - Shorewall Lite -- Requires Shorewall Core. As before. > > - Shorewall6 Lite -- Requires Shorewall Core. As before. > > - Shorewall Init -- As before. > > ---------------------------------------------------------------------------- > V. M I G R A T I O N I S S U E S > ---------------------------------------------------------------------------- > > 1) If you are migrating from Shorewall 4.2.x or earlier, please see > > http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.27/releasenotes.txt > > 2) The BLACKLIST section of the rules file has been eliminated. > If you have entries in that file section, you must move them to the > blrules file. > > 3) This version of Shorewall requires the Digest::SHA1 Perl module. > > Debian: lib-digest-sha1-perl > Fedora: perl-Digest-SHA1 > OpenSuSE: perl-Digest-SHA1 > > Thank you for testing, > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ------------------------------------------------------------------------------ > Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don''t need a complex > infrastructure or vast IT resources to deliver seamless, secure access to > virtual desktops. With this all-in-one solution, easily deploy virtual > desktops for less than the cost of PCs and save 60% on VDI infrastructure > costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > ------------------------------------------------------------------------------ > Write once. Port to many. > Get the SDK and tools to simplify cross-platform app development. Create > new or port existing apps to sell to consumers worldwide. Explore the > Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join > http://p.sf.net/sfu/intel-appdev_______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-usersTom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev