forked from extern/shorewall_code
c2b143cba0
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@156 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
40 lines
1.7 KiB
Plaintext
Executable File
40 lines
1.7 KiB
Plaintext
Executable File
This is a minor release of Shorewall.
|
|
|
|
In this release:
|
|
|
|
1. Empty and invalid source and destination qualifiers are now detected
|
|
in the rules file. It is a good idea to use the 'shorewall check'
|
|
command before you issue a 'shorewall restart' command be be sure
|
|
that you don't have any configuration problems that will prevent a
|
|
successful restart.
|
|
|
|
2. Added MERGE_HOSTS variable in shorewall.conf to provide saner
|
|
behavior of the /etc/shorewall/hosts file.
|
|
|
|
3. The time that the counters were last reset is now displayed in the
|
|
heading of the 'status' and 'show' commands.
|
|
|
|
4. Added MUTEX_TIMEOUT variable in shorewall.conf and changed the way
|
|
in which Shorewall protects itself from concurrent state
|
|
changes.
|
|
|
|
Previously, if a state-changing operation (like restart)
|
|
found a lock file, it would wait for 30 seconds for the lock file to
|
|
be removed. If the file was not removed within 30 seconds, a message
|
|
was issued and the operation was aborted.
|
|
|
|
With the new code, the wait time is determined by the value of
|
|
MUTEX_TIMEOUT (default 60 seconds). If the file is not removed
|
|
within MUTEX_TIMEOUT, the state-changing operation will assume that
|
|
the lock file is stale and will issue a message and continue.
|
|
|
|
An appopriate setting for MUTEX_TIMEOUT is twice the time that it takes
|
|
your firewall system to process a "shorewall restart" command.
|
|
|
|
5. Added 'proxyarp' interface option to facilitate Proxy ARP subnetting as
|
|
described in the Proxy ARP subnetting mini-HOWTO
|
|
(http://www.tldp.org/HOWTO/mini/Proxy-ARP-Subnet/)
|
|
|
|
Specifying this option for an interface causes Shorewall to set
|
|
/proc/sys/net/ipv4/conf/<interface>/proxy_arp.
|