Shorewall 4.6.0 Beta 3 is now available for testing.
Problems corrected since Beta 2:
1) When a non-terminating target specified logging, the compiler would
erroneously generate a 'goto' (-g) iptables command rather than a
'jump' (-j) command. This caused the wrong set of rules to be
traversed, usually the catchall 'REJECT' rule at the end of the
INPUT or FORWARD chain.
The compiler now generates a 'jump' rule in these cases.
2) When an interface containing a period (such as a VLAN interface)
was used in an 'add' or 'delete' command, the wrong ipset
name was
generated, resulting in failure of the command.
New Features since Beta 2:
1) When the installed kernel and ip[6]tables support ipset name
matches in basic TC filters, entries in the tcfilters file will
generate basic filters rather than u32 filters. This allows ipset
names to appear in the SOURCE and DEST columns of the tcfilters
file.
Please note that the manpages have not yet been updated to reflect
this change.
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable
security intelligence. It gives you real-time visual feedback on key
security issues and trends. Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk