Tom Eastep
2016-06-06 20:18:58 UTC
Shorewall 5.0.9 is now available for download.
Problems Corrected:
1) This release contains defect repair through Shorewall 5.0.8.2.
2) Previously, if:
- DOCKER=Yes
- docker0 was defined in /etc/shorewall/interfaces
- Docker was not running
then Shorewall would fail to start with an error similar to this
iptables-restore v1.4.21: Couldn't load target `DOCKER':
No such file or directory
Error occurred at line: 29
Try `iptables-restore -h' or
'iptables-restore --help' for more information.
ERROR: /sbin/iptables-restore Failed.
This has been corrected such that Shorewall starts correctly under
these conditions.
New Features:
1) The file 'lib.core' has been renamed 'lib.runtime' to more
accurately reflect the file's role.
2) The CLI now produces helpful error messages rather than simply
dumping out the complete usage syntax.
3) The 'status' and 'version -a" command outputs now include the time
and date when the current firewall script was compiled.
This feature implements a new 'info' command that is recognized by
the compiled script. That command produces output similar to the
following:
compiled Thu Apr 28 14:18:58 2016 by Shorewall version 5.0.9
Note 1: The time and date of compilation will only be displayed
after the firewall script has been compiled using this or a later
Shorewall release.
Note 2: Information about the current firewall script is only
displayed by the 'version -a' command when the command is executed
by root.
Caution: If you execute 'shorewall compile', a subsequent 'status'
command will display the compilation information for the newly
compiled script and not for the one that was used to instantiate
the running firewall configuration. Note that the compilation
date/time, in this case, will be later than the started date/time:
Example:
State:Started Sun Apr 24 12:22:18 PDT 2016 from /etc/shorewall/
(/var/lib/shorewall/firewall compiled Thu Apr 28 14:18:58 2016
by Shorewall version 5.0.9)
4) The ?INFO and ?WARNING directives added in Shorewall 5.0.8 include
the current filename and line number in the generated message. That
behavior can be suppressed by using ?INFO! AND ?WARNING!
instead. Additionally, the default behavior can be changed by
setting VERBOSE_MESSAGES=No in shorewall[6].conf. In that case,
including the exclaimation point causes the filename and line
number to be included.
5) NFLOG(...) is now supported in the mangle files.
6) The compiler now checks the version of the installed Shorewall-core
and issues a warning message if there is a mis-match.
Example (folded to fit within 72 columns):
WARNING: Version Mismatch: Shorewall-core is version 5.0.8.2,
while the Shorewall version is 5.0.9-Beta2
When compiling for IPv6, the Shorewall6 version is also verified
and a similar warning is issued in the case of a mismatch.
7) The sample configurations now have AUTOMAKE enabled.
8) Full date and time strings generated by the compiler are now in
'date' format rather than Perl's 'localtime' format.
Thank you for using Shorewall.
-Tom
Problems Corrected:
1) This release contains defect repair through Shorewall 5.0.8.2.
2) Previously, if:
- DOCKER=Yes
- docker0 was defined in /etc/shorewall/interfaces
- Docker was not running
then Shorewall would fail to start with an error similar to this
iptables-restore v1.4.21: Couldn't load target `DOCKER':
No such file or directory
Error occurred at line: 29
Try `iptables-restore -h' or
'iptables-restore --help' for more information.
ERROR: /sbin/iptables-restore Failed.
This has been corrected such that Shorewall starts correctly under
these conditions.
New Features:
1) The file 'lib.core' has been renamed 'lib.runtime' to more
accurately reflect the file's role.
2) The CLI now produces helpful error messages rather than simply
dumping out the complete usage syntax.
3) The 'status' and 'version -a" command outputs now include the time
and date when the current firewall script was compiled.
This feature implements a new 'info' command that is recognized by
the compiled script. That command produces output similar to the
following:
compiled Thu Apr 28 14:18:58 2016 by Shorewall version 5.0.9
Note 1: The time and date of compilation will only be displayed
after the firewall script has been compiled using this or a later
Shorewall release.
Note 2: Information about the current firewall script is only
displayed by the 'version -a' command when the command is executed
by root.
Caution: If you execute 'shorewall compile', a subsequent 'status'
command will display the compilation information for the newly
compiled script and not for the one that was used to instantiate
the running firewall configuration. Note that the compilation
date/time, in this case, will be later than the started date/time:
Example:
State:Started Sun Apr 24 12:22:18 PDT 2016 from /etc/shorewall/
(/var/lib/shorewall/firewall compiled Thu Apr 28 14:18:58 2016
by Shorewall version 5.0.9)
4) The ?INFO and ?WARNING directives added in Shorewall 5.0.8 include
the current filename and line number in the generated message. That
behavior can be suppressed by using ?INFO! AND ?WARNING!
instead. Additionally, the default behavior can be changed by
setting VERBOSE_MESSAGES=No in shorewall[6].conf. In that case,
including the exclaimation point causes the filename and line
number to be included.
5) NFLOG(...) is now supported in the mangle files.
6) The compiler now checks the version of the installed Shorewall-core
and issues a warning message if there is a mis-match.
Example (folded to fit within 72 columns):
WARNING: Version Mismatch: Shorewall-core is version 5.0.8.2,
while the Shorewall version is 5.0.9-Beta2
When compiling for IPv6, the Shorewall6 version is also verified
and a similar warning is issued in the case of a mismatch.
7) The sample configurations now have AUTOMAKE enabled.
8) Full date and time strings generated by the compiler are now in
'date' format rather than Perl's 'localtime' format.
Thank you for using Shorewall.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________