August 10, 2007
2007-08-19 Shorewall 3.4.6
+Problems Corrected in 3.4.6. + +1) If the "Mangle FORWARD Chain" capability was supported, entries in + the /etc/shorewall/ecn file would cause invalid iptables + commands to be generated. + +2) Certain errors occurring during + start/restart/safe-start/safe-restart/try processing could cause + the lockfile to be left behind. This resulted in a 60-second delay + the next time one of these commands was run. + +3) It was not previously possible to define traffic shaping on a + bridge port; the generated script complained that the + interface was not up and configured. + +4) Previously, using a port list in the DEST PORT(S) column of the + rules file or in an action file caused an invalid iptables command + to be generated. + +5) Using the LOG target in the rules file could result in two LOG + rules being generated. Additionally, using an IP address range in a + rule that performed logging could result in an invalid iptables + command. + +6) Shorewall now loads the act_police kernel module needed by traffic + shaping. + +7) Previously, "shorewall show -f capabilities" and "shorecap" omitted + the "TCPMSS Match" capability. This made it appear to a compiler + using a capabilities file that the TCPMSS Match capability was not + available. + +8) Previously, Shorewall would truncate long log prefixes to 29 + characters. This resulted in there being no space between the log + prefix and the IN= part of the message. + + Example: fw2net:LOG:HTTPSoutIN= OUT=eth0 + + Beginning with this release, Shorewall will truncate the prefix to + 28 bytes and add a trailing space. + + Example: fw2net:LOG:HTTPSou IN= OUT=eth0 + +9) Previously, if: + + - FASTACCEPT=No + - The policy from Z1 to Z2 was CONTINUE + - Z1 and Z2 were orphans (neither had parent zones) + - There were no Z1->Z2 rules + + then connections from Z2->Z1 would fail even if there were + rules/policies allowing them. This has been + corrected. + +Other changes in 3.4.6. + +1) Processing of the message log in the 'show log', 'logwatch' and + 'dump' commands has been speeded up thanks to a suggestion by + Andrew Suffield.+
2007-08-10 Shorewall 4.0.2
Problems corrected in 4.0.2 diff --git a/web/shorewall_index.htm b/web/shorewall_index.htm index c33220a1b..2dcea205e 100644 --- a/web/shorewall_index.htm +++ b/web/shorewall_index.htm @@ -21,7 +21,7 @@ Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”. -2007-08-10
+2007-08-19
Table of Contents
@@ -121,17 +121,17 @@ Stable Release version is 4.0.2
The previous Stable Release version -is 3.4.5
+is 3.4.6
The current Development Release is 4.1. No packages yet been made available for this release.
- Here are the release + href="http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.6/releasenotes.txt">release notes
- Here are the known + href="http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.6/known_problems.txt">known problems and updates.
+ href="http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.6/errata/">updates.