Shorewall users - Nov 2014 - Shorewall 4.6.5 Beta 3

Shorewall 4.6.5 Beta 3 is now available for testing.

New Features since Beta 2:

1)  Previously, /bin/sh was used unconditionally to process the helper
    script 'getparams'. That shell script reads the params file and
    passes back the (variable,value) pairs to the compiler. Beginning
    with this release, $SHOREWALL_SHELL is used to process that script,
    unless the compilation is for export, in which case /bin/sh is
    still used.

    Note that the default value of $SHOREWALL_SHELL is /bin/sh, so
    unless your configuration sets that variable, this enhancement will
    have no effect. Similarly, on an administrative system, this
    enhancement has no effect on the processing of the 'compile -e',
    'load', 'reload' and 'export' commands.

2)  A -C option has been added to several commands to allow the
    ip[6]tables packet and byte counters to be preserved.

    - save command

      Causes the packet and byte counters to be saved along with the
      chains and rules.

    - restore command

      Causes the packet and byte counters (if saved) to be restored
      along with the chains and rules.

    - start command

      With Shorewall and Shorewall6, the -C option only has an effect
      if the -f option is also specified. If a previously-saved
      configuration is restored, then the packet and byte counters (if
      saved) will be restored along with the chains and rules.

    - restart command

      If an existing compiled script is used (no recompilation
      required) and if that script generated the current running
      configuration, then the current netfilter configuration is
      reloaded as is so as to preserve the current packet and byte
      counters.

   If you wish to (approximately) preserve the counters over a
   possibly unexpected reboot, then:

   - Create a cron job that periodically does 'shorewall save -C'

   - Specify the -C and -f option in the STARTOPTIONS variable in
     either /etc/default/shorewall[6][-lite] or
     /etc/sysconfig/shorewall[6][-lite], whichever is supported by your
     distribution. Note that some distributions do not distribute these
     files so you may have to create the one(s) you need (such as
     /etc/sysconfig/shorewall).

Thank you for testing,

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------