Shorewall 5.1.11 Beta 1 is now available for testing. Problems Corrected:
1) This release contains defect repair from releases through 5.1.10.1.
2) Previously, AUTOMAKE=Yes ran 'find' in each directory in
CONFIG_PATH with unlimited depth searching for files newer than the
current firewall script. Given that the compiler only searches the
immediate contents of each directory, the unlimited depth search
was inefficient overkill. Now, 'find' is run with a maximum depth
of 1, so that only the directories themselves are searched for a
match.
New Features:
1) Previously, the 'show' command was not available to non-root
users. Beginning with this release, non-root users may now
run the following 'show' commands:
show action <action>
show actions
show ip
show macro <macro>
show macros
show routing
2) When a RATE is specified on a policy, the rate is enforced in a
chain whose name begins with '@' (e.g., @net-dmz). Previously, log
messages in the chain omitted the '@', leading to possible
confusion. Beginning with this release, the log message will
reflect the chain's actual name (including the '@').
3) To improve efficiency, TCP CT entries in the conntrack file and
TCP entries in the rules file that specify a HELPER will now
assume that 'tcp:syn' had been specified. That way, the generated
ip[6]tables rule will only match on the first packet of the
three-way handshake. See shorewall-conntrack(5) for additional
information.
Thank you for testing,
-Tom
--
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
