Tom Eastep
2017-01-16 23:38:08 UTC
Shorewall 5.1.1 Beta 1 is now available for testing.
Problems Corrected:
1) This release contains defect repair up through Shorewall 5.1.0.1.
New Features:
1) Previously, the compiler did not check for routefilter/provider
issues. Now, a fatal compilation error is raised in the following
cases:
a) USE_DEFAULT_RT=Yes, ROUTE_FILTER=Yes in shorewall.conf and a
regular provider (not tproxy) is defined in the
providers file.
b) USE_DEFAULT_RT=Yes and a provider interface specifies a
non-zero value for the 'routefilter' option in the interfaces
file.
c) USE_DEFAULT_RT=No, ROUTE_FILTER=Yes in shorewall.conf, and
a provider interface doesn't specify the 'balance' or 'primary'
option in the providers file.
d) USE_DEFAULT_RT=No, a provider interface specifies the non-zero
value for the 'routefilter' option in the interfaces file but
does not specify the 'balance' or 'primary' option in the
providers file.
2) When 'routefilter' is specified by itself or with a non-zero value
(e.g., routefilter=1), the 'logmartians' option is now also set
implicitly when LOG_MARTIANS=No. If you actually want route
filtering without logging, then you must also include
'logmartians=0'.
3) Since the creation of the USE_DEFAULT_RT option, when
USE_DEFAULT_RT=Yes, 'balance=1' is assumed on all provider
interfaces unless 'fallback', 'load=', 'primary', 'loose' or
'tproxy' is specified. This makes it awkward to define a provider
that does not generate a default route in either the 'balance' or
'default' routing tables; it is necessary to specify 'loose' then
add the routing rules that are suppressed by that option.
To address this issue, it is now possible to specify
USE_DEFAULT_RT=Exact. That setting works just like
USE_DEFAULT_RT=Yes, with the exception that when none of the
above-listed options is specified, the provider will generate no
entry in the 'balance' or 'default routing tables.
All of the released shorewall[6].conf files now specify
USE_DEFAULT_RT=Exact.
Thank you for testing,
- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
Problems Corrected:
1) This release contains defect repair up through Shorewall 5.1.0.1.
New Features:
1) Previously, the compiler did not check for routefilter/provider
issues. Now, a fatal compilation error is raised in the following
cases:
a) USE_DEFAULT_RT=Yes, ROUTE_FILTER=Yes in shorewall.conf and a
regular provider (not tproxy) is defined in the
providers file.
b) USE_DEFAULT_RT=Yes and a provider interface specifies a
non-zero value for the 'routefilter' option in the interfaces
file.
c) USE_DEFAULT_RT=No, ROUTE_FILTER=Yes in shorewall.conf, and
a provider interface doesn't specify the 'balance' or 'primary'
option in the providers file.
d) USE_DEFAULT_RT=No, a provider interface specifies the non-zero
value for the 'routefilter' option in the interfaces file but
does not specify the 'balance' or 'primary' option in the
providers file.
2) When 'routefilter' is specified by itself or with a non-zero value
(e.g., routefilter=1), the 'logmartians' option is now also set
implicitly when LOG_MARTIANS=No. If you actually want route
filtering without logging, then you must also include
'logmartians=0'.
3) Since the creation of the USE_DEFAULT_RT option, when
USE_DEFAULT_RT=Yes, 'balance=1' is assumed on all provider
interfaces unless 'fallback', 'load=', 'primary', 'loose' or
'tproxy' is specified. This makes it awkward to define a provider
that does not generate a default route in either the 'balance' or
'default' routing tables; it is necessary to specify 'loose' then
add the routing rules that are suppressed by that option.
To address this issue, it is now possible to specify
USE_DEFAULT_RT=Exact. That setting works just like
USE_DEFAULT_RT=Yes, with the exception that when none of the
above-listed options is specified, the provider will generate no
entry in the 'balance' or 'default routing tables.
All of the released shorewall[6].conf files now specify
USE_DEFAULT_RT=Exact.
Thank you for testing,
- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________