Beta 2 is now available for testing.
----------------------------------------------------------------------------
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) This release includes all defect repair from Shorewall 4.5.17.1.
2) The following warning message could be emitted inappropriately when
running shorewall 4.5.17.
The rule(s) generated by this entry are unreachable and have been
discarded
These warnings, which were disabled in Shorewall 4.5.17.1, are now
only emitted where appropriate.
----------------------------------------------------------------------------
I I. K N O W N P R O B L E M S R E M A I N I N G
----------------------------------------------------------------------------
1) On systems running Upstart, shorewall-init cannot reliably secure
the firewall before interfaces are brought up.
----------------------------------------------------------------------------
I I I. N E W F E A T U R E S I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) ''NONE'' policies are now instantiated between
''local'' zone and zones
other than the firewall. Similarly, ''NONE'' policies are
instantiated between ''loopback'' zones to zones other than
$FW
and other ''loopback'' zones.
This provides a cleaner implementation than the one provided in
Shorewall 4.5.17, and one that should be easier to maintain going
forward.
2) James Shubin has contributed a Kerberos macro.
3) A new ''unmanaged'' interface option has been added. This
option may
be used to define interfaces that allow all traffic to/from the
firewall but that''s all. They are not accessible from hosts on
other interfaces nor can traffic from an unmanaged interface be
forwarded to hosts on other interfaces.
The following interface options are mutually-exclusive with
''unmanaged'':
- blacklist
- bridge
- destonly
- detectnets
- dhcp
- maclist
- nets
- norfc1918
- nosmurfs
- optional
- routeback
- rpfilter
- sfilter
- tcpflags
- upnp
- upnpclient
Unmanaged interfaces may not be associated with a zone in either
the interfaces or hosts files.
The ''lo'' interface may not be unmanaged when there are
vserver
zones defined.
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
