Tom Eastep
2017-06-26 22:10:55 UTC
Shorewall 5.1.5 RC 1 is now available for testing.
Problems Corrected since Beta 2:
1) Previously, when 0 was used as a port number or when a port number
message. That has been corrected.
2) When running with Perl 5.26, messages such at the following could
be issued:
Unescaped left brace in regex is deprecated here (and will be
fatal in Perl 5.30), passed through in regex; marked by <-- HERE
in m/^(\s*|.*[^&@%]){ <-- HERE (.*)}\s*$/ at
/usr/share/shorewall/Shorewall/Config.pm line 2343.
That problem has been corrected.
New Features since Beta 2:
1) There is now a FIN standard action which handles TCP packets with
the FIN, ACK and PSH flags set.
2) According to the Netfilter team (see
https://patchwork.kernel.org/patch/9198133/), the --nflog-range
option of the NFLOG target has never worked correctly, and they have
deprecated that option in favor of the --nflog-size option. To
accommodate this change, there is now an "--nflog-size support"
(NFLOG_SIZE) Shorewall capability and a USE_NFLOG_SIZE option in
shorewall[6].conf.
For further information, see the Migrations Issues item number 8
in the release notes.
Thank you for testing,
-Tom
Problems Corrected since Beta 2:
1) Previously, when 0 was used as a port number or when a port number
65535 was specified, an 'uninitialized variable' Perl exception
occurred when the compiler attempted to issue an errormessage. That has been corrected.
2) When running with Perl 5.26, messages such at the following could
be issued:
Unescaped left brace in regex is deprecated here (and will be
fatal in Perl 5.30), passed through in regex; marked by <-- HERE
in m/^(\s*|.*[^&@%]){ <-- HERE (.*)}\s*$/ at
/usr/share/shorewall/Shorewall/Config.pm line 2343.
That problem has been corrected.
New Features since Beta 2:
1) There is now a FIN standard action which handles TCP packets with
the FIN, ACK and PSH flags set.
2) According to the Netfilter team (see
https://patchwork.kernel.org/patch/9198133/), the --nflog-range
option of the NFLOG target has never worked correctly, and they have
deprecated that option in favor of the --nflog-size option. To
accommodate this change, there is now an "--nflog-size support"
(NFLOG_SIZE) Shorewall capability and a USE_NFLOG_SIZE option in
shorewall[6].conf.
For further information, see the Migrations Issues item number 8
in the release notes.
Thank you for testing,
-Tom
--
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\_______________________________________________
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\_______________________________________________