diff --git a/Shorewall-init/install.sh b/Shorewall-init/install.sh index 84c4d0fe8..de141074f 100755 --- a/Shorewall-init/install.sh +++ b/Shorewall-init/install.sh @@ -23,7 +23,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.13-RC1 +VERSION=4.4.13-Beta5 usage() # $1 = exit status { diff --git a/Shorewall-init/shorewall-init.spec b/Shorewall-init/shorewall-init.spec index fe38abd41..2556d6e21 100644 --- a/Shorewall-init/shorewall-init.spec +++ b/Shorewall-init/shorewall-init.spec @@ -1,6 +1,6 @@ %define name shorewall-init %define version 4.4.13 -%define release 0RC1 +%define release 0Beta5 Summary: Shorewall-init adds functionality to Shoreline Firewall (Shorewall). Name: %{name} @@ -99,8 +99,8 @@ fi %doc COPYING changelog.txt releasenotes.txt %changelog -* Sat Sep 11 2010 Tom Eastep tom@shorewall.net -- Updated to 4.4.13-0RC1 +* Mon Sep 13 2010 Tom Eastep tom@shorewall.net +- Updated to 4.4.13-0Beta5 * Sat Sep 04 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.13-0Beta4 * Mon Aug 30 2010 Tom Eastep tom@shorewall.net diff --git a/Shorewall-init/uninstall.sh b/Shorewall-init/uninstall.sh index bf2d63b48..703a81228 100755 --- a/Shorewall-init/uninstall.sh +++ b/Shorewall-init/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.13-RC1 +VERSION=4.4.13-Beta5 usage() # $1 = exit status { diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh index 328be0d6f..ac4afaf32 100755 --- a/Shorewall-lite/install.sh +++ b/Shorewall-lite/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.13-RC1 +VERSION=4.4.13-Beta5 usage() # $1 = exit status { diff --git a/Shorewall-lite/shorewall-lite.spec b/Shorewall-lite/shorewall-lite.spec index b88786483..88fbc8d63 100644 --- a/Shorewall-lite/shorewall-lite.spec +++ b/Shorewall-lite/shorewall-lite.spec @@ -1,6 +1,6 @@ %define name shorewall-lite %define version 4.4.13 -%define release 0RC1 +%define release 0Beta5 Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems. Name: %{name} @@ -102,8 +102,8 @@ fi %doc COPYING changelog.txt releasenotes.txt %changelog -* Sat Sep 11 2010 Tom Eastep tom@shorewall.net -- Updated to 4.4.13-0RC1 +* Mon Sep 13 2010 Tom Eastep tom@shorewall.net +- Updated to 4.4.13-0Beta5 * Sat Sep 04 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.13-0Beta4 * Mon Aug 30 2010 Tom Eastep tom@shorewall.net diff --git a/Shorewall-lite/uninstall.sh b/Shorewall-lite/uninstall.sh index 6795905d5..20d851ca3 100755 --- a/Shorewall-lite/uninstall.sh +++ b/Shorewall-lite/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.13-RC1 +VERSION=4.4.13-Beta5 usage() # $1 = exit status { diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 37cc70365..d80d9f45f 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -347,7 +347,7 @@ sub initialize( $ ) { EXPORT => 0, STATEMATCH => '-m state --state', UNTRACKED => 0, - VERSION => "4.4.13-RC1", + VERSION => "4.4.13-Beta5", CAPVERSION => 40413 , ); diff --git a/Shorewall/install.sh b/Shorewall/install.sh index bec23368e..c85e571f7 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.13-RC1 +VERSION=4.4.13-Beta5 usage() # $1 = exit status { diff --git a/Shorewall/known_problems.txt b/Shorewall/known_problems.txt index 891943c89..5c3528a42 100644 --- a/Shorewall/known_problems.txt +++ b/Shorewall/known_problems.txt @@ -1 +1 @@ -There are no known problems in Shorewall 4.4.13-RC1 +There are no known problems in Shorewall 4.4.13-Beta5 diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index c50396c5d..ef9f6b017 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -1,6 +1,6 @@ ---------------------------------------------------------------------------- S H O R E W A L L 4 . 4 . 1 3 - R C 1 + B E T A 5 ---------------------------------------------------------------------------- I. PROBLEMS CORRECTED IN THIS RELEASE @@ -199,6 +199,33 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES interfaces. Packets arriving on these interfaces is passed against the blacklist entries with the 'to' option. + As part of this change, the OPTIONS may now be a comma-separated + list of 'to' and 'from'. + +5) There is now an OUT-BANDWIDTH column in + /etc/shorewall/tcinterfaces. + + The format of this column is: + + [:[][:[][:[][:[]]]]] + + These terms are described in tc-tbf(8). Shorewall supplies default + values as follows: + + = 10kb + = 200ms + + The remaining terms are defaulted by tc. + +6) The IN-BANDWIDTH column in both /etc/shorewall/tcdevices and + /etc/shorewall/tcinterfaces now accept an optional burst parameter. + + [:] + + The default burst is 10kb. A larger burst can help make the + more accurate; often for fast lines, the enforced rate is well + below the specified . + ---------------------------------------------------------------------------- I V. R E L E A S E 4 . 4 H I G H L I G H T S ---------------------------------------------------------------------------- diff --git a/Shorewall/shorewall.spec b/Shorewall/shorewall.spec index a0f953d33..4579e520b 100644 --- a/Shorewall/shorewall.spec +++ b/Shorewall/shorewall.spec @@ -1,6 +1,6 @@ %define name shorewall %define version 4.4.13 -%define release 0RC1 +%define release 0Beta5 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Name: %{name} @@ -108,8 +108,8 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples %changelog -* Sat Sep 11 2010 Tom Eastep tom@shorewall.net -- Updated to 4.4.13-0RC1 +* Mon Sep 13 2010 Tom Eastep tom@shorewall.net +- Updated to 4.4.13-0Beta5 * Sat Sep 04 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.13-0Beta4 * Mon Aug 30 2010 Tom Eastep tom@shorewall.net diff --git a/Shorewall/uninstall.sh b/Shorewall/uninstall.sh index 26e6ae90e..33e16a987 100755 --- a/Shorewall/uninstall.sh +++ b/Shorewall/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.13-RC1 +VERSION=4.4.13-Beta5 usage() # $1 = exit status { diff --git a/Shorewall6-lite/install.sh b/Shorewall6-lite/install.sh index 85ff0cb52..b0e85d679 100755 --- a/Shorewall6-lite/install.sh +++ b/Shorewall6-lite/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.13-RC1 +VERSION=4.4.13-Beta5 usage() # $1 = exit status { diff --git a/Shorewall6-lite/shorewall6-lite.spec b/Shorewall6-lite/shorewall6-lite.spec index 23be59214..1f1d4d647 100644 --- a/Shorewall6-lite/shorewall6-lite.spec +++ b/Shorewall6-lite/shorewall6-lite.spec @@ -1,6 +1,6 @@ %define name shorewall6-lite %define version 4.4.13 -%define release 0RC1 +%define release 0Beta5 Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems. Name: %{name} @@ -93,8 +93,8 @@ fi %doc COPYING changelog.txt releasenotes.txt %changelog -* Sat Sep 11 2010 Tom Eastep tom@shorewall.net -- Updated to 4.4.13-0RC1 +* Mon Sep 13 2010 Tom Eastep tom@shorewall.net +- Updated to 4.4.13-0Beta5 * Sat Sep 04 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.13-0Beta4 * Mon Aug 30 2010 Tom Eastep tom@shorewall.net diff --git a/Shorewall6-lite/uninstall.sh b/Shorewall6-lite/uninstall.sh index fe7c4b86d..1953c398a 100755 --- a/Shorewall6-lite/uninstall.sh +++ b/Shorewall6-lite/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.13-RC1 +VERSION=4.4.13-Beta5 usage() # $1 = exit status { diff --git a/Shorewall6/install.sh b/Shorewall6/install.sh index 7234c05db..7814885cf 100755 --- a/Shorewall6/install.sh +++ b/Shorewall6/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.13-RC1 +VERSION=4.4.13-Beta5 usage() # $1 = exit status { diff --git a/Shorewall6/shorewall6.spec b/Shorewall6/shorewall6.spec index e21f9d458..909030cc4 100644 --- a/Shorewall6/shorewall6.spec +++ b/Shorewall6/shorewall6.spec @@ -1,6 +1,6 @@ %define name shorewall6 %define version 4.4.13 -%define release 0RC1 +%define release 0Beta5 Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems. Name: %{name} @@ -98,8 +98,8 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6 %changelog -* Sat Sep 11 2010 Tom Eastep tom@shorewall.net -- Updated to 4.4.13-0RC1 +* Mon Sep 13 2010 Tom Eastep tom@shorewall.net +- Updated to 4.4.13-0Beta5 * Sat Sep 04 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.13-0Beta4 * Mon Aug 30 2010 Tom Eastep tom@shorewall.net diff --git a/Shorewall6/uninstall.sh b/Shorewall6/uninstall.sh index 077bc0359..f826ffd97 100755 --- a/Shorewall6/uninstall.sh +++ b/Shorewall6/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.13-RC1 +VERSION=4.4.13-Beta5 usage() # $1 = exit status { diff --git a/manpages/shorewall-tcinterfaces.xml b/manpages/shorewall-tcinterfaces.xml index 1fa3c050f..7c80c918a 100644 --- a/manpages/shorewall-tcinterfaces.xml +++ b/manpages/shorewall-tcinterfaces.xml @@ -80,6 +80,22 @@ Bytes per second. + + + k or kb + + + Kilo bytes. + + + + + m or mb + + + Megabytes. + + @@ -123,7 +139,8 @@ - IN-BANDWIDTH - [rate] + IN-BANDWIDTH - + [rate[:burst]] Optional. If specified, enables ingress policing on the @@ -140,6 +157,34 @@ firewall to the upstream router as you gradually increase the setting.The optimal setting is at the point beyond which the ping time increases sharply as you increase the setting. + + The burst option was added in + Shorewall 4.4.13. If not supplied, 10kb is assumed. A larger + burst size can help make the + rate estimate more accurate on fast + lines. The default burst often make the + enforced rate mush less that the specified + rate. + + + + + OUT-BANDWIDTH - + [rate[:[burst][:[latency][:[peek][:[minburst]]]]]] + + + Added in Shorewall 4.4.13. The terms are defined in + tc-tbf(8). + + Shorewall provides defaults as follows: + + + burst - 10kb + + latency - 200ms + + + The remaining options are defaulted by tc(8). @@ -159,8 +204,8 @@ shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_rules(5), - shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5), - shorewall-tcpri(5), shorewall-tcrules(5), shorewall-tos(5), - shorewall-tunnels(5), shorewall-zones(5) + shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), + shorewall-secmarks(5), shorewall-tcpri(5), shorewall-tcrules(5), + shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5) diff --git a/manpages6/shorewall6-tcinterfaces.xml b/manpages6/shorewall6-tcinterfaces.xml index dfab78be8..fc79ffe5f 100644 --- a/manpages6/shorewall6-tcinterfaces.xml +++ b/manpages6/shorewall6-tcinterfaces.xml @@ -80,6 +80,22 @@ Bytes per second. + + + k or kb + + + Kilo bytes. + + + + + m or mb + + + Megabytes. + + @@ -123,7 +139,8 @@ - IN-BANDWIDTH - [rate] + IN-BANDWIDTH - + [rate[:burst]] Optional. If specified, enables ingress policing on the @@ -140,6 +157,34 @@ firewall to the upstream router as you gradually increase the setting.The optimal setting is at the point beyond which the ping time increases sharply as you increase the setting. + + The burst option was added in + Shorewall 4.4.13. If not supplied, 10kb is assumed. A larger + burst size can help make the + rate estimate more accurate on fast + lines. The default burst often make the + enforced rate mush less that the specified + rate. + + + + + OUT-BANDWIDTH - + [rate[:[burst][:[latency][:[peek][:[minburst]]]]]] + + + Added in Shorewall 4.4.13. The terms are defined in + tc-tbf(8). + + Shorewall provides defaults as follows: + + + burst - 10kb + + latency - 200ms + + + The remaining options are defaulted by tc(8). @@ -158,7 +203,8 @@ shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-maclist(5), shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-route_rules(5), shorewall6-routestopped(5), - shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcpri, - shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5) + shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), + shorewall6-tcpri, shorewall6-tos(5), shorewall6-tunnels(5), + shorewall6-zones(5)