shorewall_code/STABLE/releasenotes.txt

28 lines
1.2 KiB
Plaintext
Raw Normal View History

This is a minor release of Shorewall that has a number of new features..
New features include:
1) You may now define the contents of a zone dynamically with the
"shorewall add" and "shorewall delete" commands. These commands
are expected to be used primarily within FreeS/Wan updown scripts.
2) Shorewall can now do MAC verification on ethernet segments. You can
specify the set of allowed MAC addresses on the segment and you can
optionally tie each MAC address to an IP address.
3) PPTP Servers and Clients running on the firewall system may now be
defined in the /etc/shorewall/tunnels file.
4) A new 'ipsecnat' tunnel type is supported for use when the remote
IPSEC endpoint is behind a NAT gateway.
5) The PATH used by Shorewall may now be specified in
/etc/shorewall/shorewall.conf.
6) The main firewall script is now /usr/lib/shorewall/firewall. The
script in /etc/init.d/shorewall is very small and uses
/sbin/shorewall to do the real work. This change makes custom
distributions such as for Debian and for Gentoo easier to manage
since it is /etc/init.d/shorewall that tends to have
distribution-dependent code.