holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Update News for Beta 3

Browse Source
This commit is contained in:
Tom Eastep 2009-06-30 07:09:02 -07:00
parent 4a98936290
commit cb26cacac5
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
web/News.htm
View File

@ -23,9 +23,19 @@ license is included in the section entitled <span
href="GnuCopyright.htm" target="_self">GNU Free Documentation
License</a></span>".
</p>
<p>June 18, 2009<br>
<p>June 30, 2009<br>
</p>
<hr style="width: 100%; height: 2px;">
<p><strong>2009-06-39 Shorewall 4.4.0 Beta 3<br>
</strong></p>
<pre>Read the details at <a
href="http://www1.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-Beta3/releasenotes.txt">http://www1.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-Beta3/releasenotes.txt</a><br><strong></strong></pre>
<strong></strong>
<p><strong>2009-06-21 Shorewall 4.4.0 Beta 2<br>
</strong></p>
<pre>Read the details at <a
href="http://www1.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-Beta2/releasenotes.txt">http://www1.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-Beta2/releasenotes.txt</a><br><strong></strong></pre>
<strong></strong>
<p><span style="font-weight: bold;">2009-06-18 Shorewall 4.2.10<br>
</span><span style="font-weight: bold;"></span></p>
<pre>Problems corrected in Shorewall 4.2.10<br><br>1) A 'large quantum' warning log message during restart has been<br> eliminated. The log message occurred when an interface with a large<br> OUT-BANDWIDTH was defined in /etc/shorewall/tcdevices.<br><br>2) When a REJECT rule included a log entry, the disposition in the log<br> message was incorrectly shown as 'reject' rather than 'REJECT'.<br><br>3) When 'forward' was specified on one or more interfaces in<br> /etc/shorewall6/interfaces, the progress message "Compiling<br> Interface forwarding..." was issued multiple times. Now, only one<br> instance of the message is generated.<br><br>4) A typing error in the IPv6 two-interface sample shorewall6.conf<br> file has been corrected. This error prevented the compiler from<br> being able to find macros in /usr/share/shorewall/.<br><br>Known Problems Remaining:<br><br>1) When exclusion is used in an entry in /etc/shorewall/hosts, then<br> Shorewall-shell produces an invalid iptables rule if any of the <br> following OPTIONS are also specified in the entry: <br><br> blacklist<br> maclist<br> norfc1918<br> tcpflags<br><br>2) Shorewall-shell generates inversion rules which produce<br> warnings with iptables 1.4.3. <br><br> Example:<br><br> iptables -A lan2fw -p 6 --dport 999 -s ! 192.168.20.1 -j ACCEPT<br><br> with iptables 1.4.3.1 the following information message is produced:<br><br> Using intrapositioned negation (`--option ! this`) is deprecated in<br> favor of extrapositioned (`! --option this`).<br><br> We don't intend to fix this. It's time to migrate to Shorewall-perl<br> anyway.<br><br>New Features in Shorewall 4.2.10<br><br>1) Shorewall's suppport for dynamic gateways on interfaces managed by<br> dhclient works on OpenSuSE systems but not on some other<br> distributions.<br><br> In order to generalize support for learning the gateway for dynamic<br> interfaces, a new 'findgw' extension script (user exit) has been<br> added.<br><br> The exit will be invoked in a function that has a single argument:<br><br> $1 = &lt;name of an interface&gt;<br><br> If the function can determine the gateway for the passed interface,<br> it should write the gateway to standard out. Here is a sample<br> /etc/shorewall/findgw that works with dhclient (dhcp3) in Debian<br> Lenny:<br><br> if [ -f /var/lib/dhcp3/dhclient.${1}.leases ]; then<br> grep 'option routers' /var/lib/dhcp3/dhclient.${1}.leases |\<br> tail -n 1 |\<br> while read j1 j2 gateway; do\<br> echo $gateway | sed 's/;//';\<br> done<br> fi<br><br> The same code works on Ubuntu Jaunty if you replace the first '.'<br> with '-' and replace '.leases' with '.lease' (don't you just love<br> the consistency between distributions?).<br><br> That code also works on CentOS if you replace 'dhcp3' by<br> 'dhclient'.<br><br> 'findgw' files that have been customized for various distributions<br> may be found at<br> http://www.shorewall.net/pub/shorewall/contrib/findgw.<br></pre>