similar to: SuSE RPM Available

In this release: 1. The ''try'' command now accepts an optional timeout. If the timeout is given in the command, the standard configuration will automatically be restarted after the new configuration has been running for that length of time. This prevents a remote admin from being locked out of the firewall in the case where the new configuration starts but prevents

Shorewall 1.3.9 is available. In this release: 1. DNS Names are now allowed in Shorewall config files (I still recommend against using them however). 2. The connection SOURCE may now be qualified by both interface and IP address in a Shorewall rule. 3. Shorewall startup is now disabled after initial installation until the file /etc/shorewall/startup_disabled is removed. 4. The

Rafa³ Dutko has just discovered a potentially serious bug in version 1.3.0 and 1.3.1. In both versions, where an interface option appears on multiple interfaces, the option may only be applied to the first interface on which it appears. A corrected firewall script for 1.3.1 is available at: http://www.shorewall.net/pub/shorewall/errata/1.3.1/firewall and

The ''firewall'' and ''functions'' file in CVS together produce a 30%+ speedup of ''shorewall restart'' on my firewall when compared to 1.3.11a. Please test with these files -- I don''t anticipate making any more performance changes for 1.3.12 and I want to be sure that I didn''t break anything. -Tom -- Tom Eastep \ Shorewall

Lorenzo Marignoni reports that: o Shorewall 1.2.10 is in the Debian Testing Branch o Shorewall 1.2.11 is in the Debian Unstable Branch Thanks, Lorenzo! -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net

I have purchased a license for Vexira MailArmor (an antivirus product) and the good news is that it is installed and working at shorewall.net. The bad news is that I have yet to get Vexira running together with SpamAssassin :-( As things currently stand, list posts will be protected from viruses but may contain Spam. I''ll continue to work to correct this situation. -Tom -- Tom Eastep

This is a minor release of Shorewall. In this release: 1. A "shorewall try" command has been added. This command attempts to restart Shorewall using an alternate configuration and if that attempt fails, Shorewall is automatically started with the default configuration. This is useful for remote administration where a failed restart of Shorewall can leave you isolated from

Let me know if there are any problems. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net

This will be the last Shorewall release for a while as I''m going to be focusing on Documentation. In this release: 1. Empty and invalid source and destination qualifiers are now detected in the rules file. It is a good idea to use the ''shorewall check'' command before you issue a ''shorewall restart'' command be be sure that you don''t

The 1.2 firewall contains messy logic to support the old sample configurations in that any rule that contains "none" in any of its columns is ignored. I''m considering removing that messiness in 1.3 and seek the opinion of the list. Thanks, -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net

I have implemented the ability to specify ''all'' in the SOURCE and DESTINATION columns of the rules file and I''m not sure I like the result. The code is in CVS if any of you are interested in giving it a try. If you do try it, please let me know what you think. If you specify ''all'' in those columns it must not be qualified (may not be followed by

The ''firewall'' script currently in the /Shorewall CVS project: a) Is approximately 15% faster starting/restarting on my configuration -- please report your experiences with it. b) Reloads Traffic Control/Shaping as part of "shorewall refresh" c) Turns off the shell trace after an error has occured (except when the command being traced is "stop" or

This is a minor release of Shorewall which rolls up a number of bug fixes. New features include: 1. A NEWNOTSYN option has been added to shorewall.conf. This option determines whether Shorewall accepts TCP packets which are not part of an established connection and that are not ''SYN'' packets (SYN flag on and ACK flag off). 2. The need for the

Tuomo Soini wrote: > You don''t happen to read shorewall-devel mailinglist ? I read it -- I just didn''t know what to make of your post and it arrived while I was on vacation. What exactly are you trying to accomplish that Shorewall isn''t doing for you now? e.g. /etc/shorewall/zones rw Roadwarriors Road Warriors /etc/shorewall/interfraces rw ipsec+

Shorewall 1.3.4 is available: 1. A new /etc/shorewall/routestopped file has been added. This file is intended to eventually replace the routestopped option in the /etc/shorewall/interface and /etc/ shorewall/hosts files. This new file makes remote firewall administration easier by allowing any IP or subnet to be enabled while Shorewall is stopped. 2. An /etc/shorewall/stopped

John, I''m taking the liberty of copying the Shorwall Development list since I believe that these issues will be of interest. On Tue, 6 Aug 2002, Links at Momsview wrote: > Tom, > I''m not sure if you ever saw this document but it describes some of the > reasons you are seeing strange packets > after setting up NEW not SYN >

does anyone know how to enable the "udp loose" function in kernel 2.4.x? one of my fave games requires this to work on the net and i''d really like to move away from the 2.2 series kernels. tia

The search capability at http://www.shorewall.net has been improved. - The quick search on the main page no longer includes the mailing list archives. - The extended search page (http://www.shorewall.net/htdig/search.html) allows you to search: a) the entire site (including the archives); b) the site excluding the archivesj; or, c) just the archives. - The mailing list information page

I think that the time has come for me to back off a bit from my involvement with Shorewall. I just don''t have enough cycles (or energy) to keep up the pace of the last several months. As a consequence, I''m going to do the following: 1. I''m going to stop personally supporting the entry level tools (samples and quick start guide). These tools are a source of constant

The maintenance (adding RAM) took a little longer than I planned: 1) Shutdown - 1 minute 2) Open Case - 30 seconds At this point, I emember that I can''t add RAM to this box without removing the Mother Board (hinge-mounted in case) - slap forehead. 3) Remove cables, PCI NIC & MB - 2 minutes 4) Add RAM - 1 Minute 5) Get the %$#@ MB back in the case and aligned -- 15 Minutes 6)