Tom Eastep
2017-03-08 00:22:05 UTC
Shorewall 5.1.2.2 is now available for download.
Problems Corrected:
1) The IPv4 AllowICMPs macro has been changed to an inline action
so that it may be used in the _DEFAULT settings in shorewall.conf.
2) Previously, the IPv4 action REJECT(icmp-tcp-reset) produced an
invalid iptables rule. That has been corrected. As part of this
change, the action may also be written REJECT(tcp-reset).
3) Previously, the following compiler directives were incorrectly
being processed when they should have been omitted due to
?if...?else logic.
ERROR
WARNING
INFO
WARNING!
INFO!
REQUIRE
That has been corrected.
4) Previously, when LOAD_HELPERS_ONLY=Yes, the ?REQUIRES compiler
directive could report that a capability was not available when it
actually was. That has been corrected.
5) Previously on Debian and derivatives, when systemd asked to stop a
Shorewall firewall, the firewall would be placed in a safe state
rather than cleared as was the default case with SysV init. Now,
the firewall is cleared to conform to the Debian init convention,
which requires that 'stop' should undo whatever 'start' did.
6) When an inline action was used as a policy action, the compiler
previously incorrectly applied the policy log level to each of the
rules in the action. That has been corrected.
7) Previously, inline policy actions had the policy log level applied
to each rule rather than the level (if any) specified in the
corresponding xxx_DEFAULT setting in shorewall[6].conf. That has
been corrected.
Thank you for using Shorewall.
- -Tom
- --
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.net \________________________________________________
Problems Corrected:
1) The IPv4 AllowICMPs macro has been changed to an inline action
so that it may be used in the _DEFAULT settings in shorewall.conf.
2) Previously, the IPv4 action REJECT(icmp-tcp-reset) produced an
invalid iptables rule. That has been corrected. As part of this
change, the action may also be written REJECT(tcp-reset).
3) Previously, the following compiler directives were incorrectly
being processed when they should have been omitted due to
?if...?else logic.
ERROR
WARNING
INFO
WARNING!
INFO!
REQUIRE
That has been corrected.
4) Previously, when LOAD_HELPERS_ONLY=Yes, the ?REQUIRES compiler
directive could report that a capability was not available when it
actually was. That has been corrected.
5) Previously on Debian and derivatives, when systemd asked to stop a
Shorewall firewall, the firewall would be placed in a safe state
rather than cleared as was the default case with SysV init. Now,
the firewall is cleared to conform to the Debian init convention,
which requires that 'stop' should undo whatever 'start' did.
6) When an inline action was used as a policy action, the compiler
previously incorrectly applied the policy log level to each of the
rules in the action. That has been corrected.
7) Previously, inline policy actions had the policy log level applied
to each rule rather than the level (if any) specified in the
corresponding xxx_DEFAULT setting in shorewall[6].conf. That has
been corrected.
Thank you for using Shorewall.
- -Tom
- --
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.net \________________________________________________