Tom Eastep
2016-06-19 15:05:44 UTC
Shorewall 5.0.10 Beta 2 is now available for testing.
Problems Corrected since Beta 1:
1) Previously, the 'update' commmand could result in updated files
having the user's default permissions rather than the permissions
of the original file. That has been corrected.
2) A number of update and update-compatibility issues have been
corrected:
a) <user>: (e.g., "fred:") is once again accepted in USER columns.
b) The USER column in the mangle file can once again be specified
when :T is the chain designator.
c) The 'notrack' file is now correctly appended to the 'mangle'
file during update.
d) IPMARK entries in 'tcrules' are now correctly converted into
the 'mangle' file.
New Features since Beta 1:
1) A new 'dbl' (Dynamic Blacklist) option is now available in the
'interfaces' file. Possible settings are:
none - equivalent to specifying 'nodbl'.
src - packets entering the firewall on the interface have their
source IP address checked against the ipset-based
blacklist.
dst - packets entering the firewall on the interface have their
destination IP address checked against the ipset-based
blacklist.
src-dst - packets entering the firewall on the interface have their
source IP address checked against the ipset-based
blacklist. Packets originating on the fireawll and
leaving through the interface have their destination IP
address checked against the ipset-based blacklist.
The normal setting for an internet-facing interface will be either
'src' or 'src-dst'. The normal setting for an internal interface
will be either 'none' or 'dst'.
Thank you for testing,
- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
Problems Corrected since Beta 1:
1) Previously, the 'update' commmand could result in updated files
having the user's default permissions rather than the permissions
of the original file. That has been corrected.
2) A number of update and update-compatibility issues have been
corrected:
a) <user>: (e.g., "fred:") is once again accepted in USER columns.
b) The USER column in the mangle file can once again be specified
when :T is the chain designator.
c) The 'notrack' file is now correctly appended to the 'mangle'
file during update.
d) IPMARK entries in 'tcrules' are now correctly converted into
the 'mangle' file.
New Features since Beta 1:
1) A new 'dbl' (Dynamic Blacklist) option is now available in the
'interfaces' file. Possible settings are:
none - equivalent to specifying 'nodbl'.
src - packets entering the firewall on the interface have their
source IP address checked against the ipset-based
blacklist.
dst - packets entering the firewall on the interface have their
destination IP address checked against the ipset-based
blacklist.
src-dst - packets entering the firewall on the interface have their
source IP address checked against the ipset-based
blacklist. Packets originating on the fireawll and
leaving through the interface have their destination IP
address checked against the ipset-based blacklist.
The normal setting for an internet-facing interface will be either
'src' or 'src-dst'. The normal setting for an internal interface
will be either 'none' or 'dst'.
Thank you for testing,
- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________