Shorewall 5.2.3 is now available for download. Problems Corrected:
1) Previously, to prevent a helper kernel module from being loaded, it
was necessary to list both its current name and its
pre-kernel-2.6.20 name in the DONT_LOAD option in
/etc/shorewall[6].conf. For example, to prevent nf_conntrack_sip
from being loaded, it was necessary to also list ip_conntrack_sip
in DONT_LOAD. That is no longer necessary.
New Features:
1) Zone exclusion (e.g., "all!z2,z2,...") is now supported in the
policy file.
2) With the availability of zone exclusion in the rules file, 'all[+]-'
and 'any[+]-' are equivalent to 'all[+]!$FW' and 'any[+]!$FW'
respectively. Beginning with this release, the former are
deprecated in favor of the latter and will result in a warning
message, if used.
3) Internal documentaton of the undocumented 'test' parameter to
compiler.pl has been added (it is used by the regression test
library to suppress versions and date/times from the generated
script).
4) The LOAD_HELPERS_ONLY option has been removed from
shorewall[6].conf. Hereafter, Shorewall[6] will behave as if
LOAD_HELPERS_ONLY=Yes had been specified. As part of this change,
the pre-kernel 2.6.20 modules have been removed from the helpers
file.
Thank you for using Shorewall,
-Tom
--
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
