2002-11-09 19:10:22 +01:00
|
|
|
This is a minor release of Shorewall that has a number of new features..
|
2002-08-07 16:28:04 +02:00
|
|
|
|
|
|
|
New features include:
|
|
|
|
|
2002-11-09 19:10:22 +01:00
|
|
|
1) You may now define the contents of a zone dynamically with the
|
|
|
|
"shorewall add" and "shorewall delete" commands. These commands
|
|
|
|
are expected to be used primarily within FreeS/Wan updown scripts.
|
|
|
|
|
|
|
|
2) Shorewall can now do MAC verification on ethernet segments. You can
|
|
|
|
specify the set of allowed MAC addresses on the segment and you can
|
|
|
|
optionally tie each MAC address to an IP address.
|
|
|
|
|
|
|
|
3) PPTP Servers and Clients running on the firewall system may now be
|
|
|
|
defined in the /etc/shorewall/tunnels file.
|
2002-08-22 23:33:54 +02:00
|
|
|
|
2002-11-09 19:10:22 +01:00
|
|
|
4) A new 'ipsecnat' tunnel type is supported for use when the remote
|
|
|
|
IPSEC endpoint is behind a NAT gateway.
|
|
|
|
|
|
|
|
5) The PATH used by Shorewall may now be specified in
|
|
|
|
/etc/shorewall/shorewall.conf.
|
|
|
|
|
|
|
|
6) The main firewall script is now /usr/lib/shorewall/firewall. The
|
|
|
|
script in /etc/init.d/shorewall is very small and uses
|
|
|
|
/sbin/shorewall to do the real work. This change makes custom
|
|
|
|
distributions such as for Debian and for Gentoo easier to manage
|
|
|
|
since it is /etc/init.d/shorewall that tends to have
|
|
|
|
distribution-dependent code.
|