The Shorewall team is pleased to announce the availability of Shorewall 4.6.4. Problems Corrected: 1) This release includes defect repair through release 4.6.3.4. 2) Two corrections have been made to the .service files: - The .service files now correctly specify WantedBy=basic.target - Conflicting services have been added. 3) A warning message generated during stoppedrules processing previously referred to the file as routestopped. 4) Previously, the stoppedrules file did not work properly when ADMINISABSENTMINDED=No. - A warning message was issued stating that the file would be processed as if ADMINISABSENTMINDED=Yes, and it was. - Unfortunately, part of the surrounding rule-generating logic proceded as if ADMINISABSENTMINDED=No, leading to an unusable ruleset. This problem has been corrected by changing the way that stoppedrules works with ADMINISABSENTMINDED=No. In the new implementation: - All existing connections continue to work. - Response packets and related connection requests to new accepted connections are accepted (in other words, the resulting ruleset is stateful). See shorewall[6].conf(5) for additional details. 5) The .spec files now set SBINDIR correctly. 6) The -lite installers now create INITDIR if it doesn't exist. 7) The installers no longer attempt to create a symbolic link to the init script when no init script is installed. 8) A large number of defects in the uninstallers have been corrected. New Features: 1) Install support for Centos 7 and Foobar 7 has been added (Tuomo Soini). 2) A 'terminating' option has been added to shorewall[6].actions. this option, when used with the 'builtin' option, indicates to the compiler that the built-in action is terminating. This allows the optimizer to omit rules after an unconditional jump to the built-in. 3) A LOG_BACKEND option has been added to allow specification of the default logging backends. See shorewall.conf(5) and shorewall6.conf(5) for details. 4) The SAVE_IPSETS option may now specify a list of ipsets to be saved. When such a list is specified, only those ipsets together with the ipsets supporting dynamic zones are saved. Shorewall6 now supports the SAVE_IPSETS option. When SAVE_IPSETS=Yes, only ipv6 ipsets are saved. For Shorewall, if SAVE_IPSETS=ipv4, then only ipv4 ipsets are saved. Both features require ipset version 5 or later. Note that shorewall.conf and shorewall6.conf may now both specify SAVE_IPSETS. 5) The SBINDIR setting for SuSE now defaults to /usr/sbin/. 6) With the exception of Shorewall-core, the tarball installers and uninstallers now support a -n option which inhibits any attempt to change the startup configuration. The -n option can be automatically invoked by setting the SANDBOX variable to a non-empty value, either in the environment or in your shorewallrc file. Thank you for using Shorewall, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://p.sf.net/sfu/Zoho