Shorewall 4.5.4.2 is now available for download. Problems Corrected: 1) The problems corrected section of the 4.5.4.1 release notes was missing the third problem corrected in the release. It has now been added. 2) A number of problems in Shorewall-init have been corrected: a) When Shorewall-init was installed using the tarball installer, it was not enabled at boot. That has been corrected. b) If more than one product was listed in the PRODUCTS setting in /etc/default/shorewall-init (/etc/sysconfig/shorewall-init) then the second product would not be started/stopped. c) Shorewall-init used ''restart'' in response to an optional provider interface coming up. If the interface has been marked unusable (1 in the interface''s .status file), then the ''restart'' would not enable the interface. d) Shorewal-init produced a lot of clutter on the console during boot. You may now specify a LOGFILE in /etc/default/shorewall-init (/etc/sysconfig/shorewall-init) and all output produced by up and down events will be sent to that log. If no log is specified, this output is sent to /dev/null. 3) The order in which the compiler processes line-continuation (line ending in ''\'') and conditional-inclusion directives (?IF, ?ELSE, and ?ENDIF) has been reversed. Previously, the compiler built a concatenated line, then checked to see if the line began with ?IF, ?ELSE or ?ENDIF. Now, the compiler checks for ?IF, ?ELSE or ?ENDIF first and prevents those lines from becoming part of the concatenation. Example: Previously, given these lines and assuming that $FOO was non-empty and non-zero: ACCEPT:\ ?IF $FOO bar ?ELSE baz ?END then the lines would become ACCEPT:\?IF $FOO bar ?ELSE baz ?END Now, they will be become simply ACCEPT:bar 3) Two issues with the shorecap programs have been corrected: a) The Shorewall6-lite version failed to run with the message: /usr/share/shorewall6-lite/lib.cli: No such file or directory b) The Shorewall-lite version would not run if SHAREDIR was set to a value other than /usr/share in shorewallrc. 4) If an iprange appeared in the SOURCE column of /etc/shorewall/masq, then compilation would fail on RHEL5-based systems with the error: Address Ranges require the Multiple Match capability in your kernel and iptables 5) The Shorewall 4.5.2.3 fix for the Shorewall-core installer''s handling of --host=linux was not brought forward into 4.5.3. It has been included again in this version. 6) Single-line embedded PERL and SHELL commands have been re-enabled. 7) If an iprange appeared in the SOURCE column of /etc/shorewall/masq, then compilation would fail on RHEL5-based systems with the error: Address Ranges require the Multiple Match capability in your kernel and iptables Thank you for using Shorewall. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/