Tom Eastep
2016-11-17 05:23:58 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Shorewall 5.0.15 Beta 1 is now available for testing.
Problems Corrected:
1) This release includes defect repair through Shorewall 5.0.14.1.
2) Previously, when the 'update' command transformed a superseded
file's contents into a newer file, with the exception of the
'notrack' -> 'conntrack' conversion, the transformation was
incomplete:
a) All shell variables were expanded in the converted file.
b) Any lines omitted by compiler directives ( ?if.... etc. ) were
also omitted from the converted file.
These deficiencies have been corrected. Now, shell variables are
preserved in the converted file and omitted lines are now
translated.
EXCEPTIONS: Because the translations of the 'blacklist' and
'routestopped' files are not 1:1, omitted lines and compiler
directives are not transferred to the converted files. If either
are present, the compiler issues a warning:
WARNING: "Omitted rules and compiler directives were not
translated
3) In earlier versions, when USE_DEFAULT_RT=No in shorewall6.conf,
the generated script would attempt to copy fe80:* routes from the
DUPLICATE routing table to provider tables, which could fail.
Now, the generated script ignores these routes.
4) ) While the 'ip' utility now accepts IPv6 routes with multiple
'nexthop' destinations, these routes are not balanced. They are
rather instantiated as a sequence of single routes with different
metrics. Furthermore, the 'ip route replace' command fails on
such routes. Beginning with Shorewall6 5.0.15, the generated script
will use a "delete..add.." sequence on these routes rather than a
single "replace" command.
Thank you for testing,
- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJYLT7uAAoJEJbms/JCOk0Q8tYP/0wtr3jU8gmJ+WCmUVDbxJuv
q2AULM5zOn6XDyyulSW2nrKwkkaE9RNcRnTT85hWI2xY1G+pZj8neXQHpVXWSC0m
+q/Lm8/r7EqdWgzCVrrxNJxuNLz4zBpd4q6LpGzAd8KlfHyycFhp5+YBfGV4FfLa
1acTo94lt70O93OBetTKcpD4KgVqTlARJbl5VOMvI9H2PZYI2vFBhdn1Z0jAXsUU
2cvrkv2fO7b11CnYweIUrb/M7UJRueuoYeNMR79y18j2kwoBXt5vus7YySvJp02d
xeuPCFxZwIkK5C23oGj97O2aFRuVgA+e4ex66wuf0v34JgpDLW9+5qH6+uFs7SHF
XGx5Y0x8EUB5xaNlkP6LR/6Iddh/LoD7NxjB8fvliueQAzASi+rUYXpX2kvxqJTA
MBMpJv8N/6p67Q0fPfVE5x6SFSiFF6N3Dnf/nMQzREp9qIJzOL0koZjoq1BgLY3c
lb0OJalVUUGtfK2dpPWXo9Tr8oPPufo03m4cyBSDeS5JG0fZ6KMqbE8cPgd4KBlq
YTgB0EZ5meoptmS/kNs4pjRFqW/UoSpERFm+aRlsItOKfYFmUWF1aBg7nHK3nwoB
M9gqpUV4ETHVr8w07wAUvDBM4BtvQNsTx0Wz2xhrK2Wq4S8TIxIC6Po4279Lf/Dj
Xh4/n/67pfuue1v0c6MW
=giNI
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Hash: SHA256
Shorewall 5.0.15 Beta 1 is now available for testing.
Problems Corrected:
1) This release includes defect repair through Shorewall 5.0.14.1.
2) Previously, when the 'update' command transformed a superseded
file's contents into a newer file, with the exception of the
'notrack' -> 'conntrack' conversion, the transformation was
incomplete:
a) All shell variables were expanded in the converted file.
b) Any lines omitted by compiler directives ( ?if.... etc. ) were
also omitted from the converted file.
These deficiencies have been corrected. Now, shell variables are
preserved in the converted file and omitted lines are now
translated.
EXCEPTIONS: Because the translations of the 'blacklist' and
'routestopped' files are not 1:1, omitted lines and compiler
directives are not transferred to the converted files. If either
are present, the compiler issues a warning:
WARNING: "Omitted rules and compiler directives were not
translated
3) In earlier versions, when USE_DEFAULT_RT=No in shorewall6.conf,
the generated script would attempt to copy fe80:* routes from the
DUPLICATE routing table to provider tables, which could fail.
Now, the generated script ignores these routes.
4) ) While the 'ip' utility now accepts IPv6 routes with multiple
'nexthop' destinations, these routes are not balanced. They are
rather instantiated as a sequence of single routes with different
metrics. Furthermore, the 'ip route replace' command fails on
such routes. Beginning with Shorewall6 5.0.15, the generated script
will use a "delete..add.." sequence on these routes rather than a
single "replace" command.
Thank you for testing,
- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJYLT7uAAoJEJbms/JCOk0Q8tYP/0wtr3jU8gmJ+WCmUVDbxJuv
q2AULM5zOn6XDyyulSW2nrKwkkaE9RNcRnTT85hWI2xY1G+pZj8neXQHpVXWSC0m
+q/Lm8/r7EqdWgzCVrrxNJxuNLz4zBpd4q6LpGzAd8KlfHyycFhp5+YBfGV4FfLa
1acTo94lt70O93OBetTKcpD4KgVqTlARJbl5VOMvI9H2PZYI2vFBhdn1Z0jAXsUU
2cvrkv2fO7b11CnYweIUrb/M7UJRueuoYeNMR79y18j2kwoBXt5vus7YySvJp02d
xeuPCFxZwIkK5C23oGj97O2aFRuVgA+e4ex66wuf0v34JgpDLW9+5qH6+uFs7SHF
XGx5Y0x8EUB5xaNlkP6LR/6Iddh/LoD7NxjB8fvliueQAzASi+rUYXpX2kvxqJTA
MBMpJv8N/6p67Q0fPfVE5x6SFSiFF6N3Dnf/nMQzREp9qIJzOL0koZjoq1BgLY3c
lb0OJalVUUGtfK2dpPWXo9Tr8oPPufo03m4cyBSDeS5JG0fZ6KMqbE8cPgd4KBlq
YTgB0EZ5meoptmS/kNs4pjRFqW/UoSpERFm+aRlsItOKfYFmUWF1aBg7nHK3nwoB
M9gqpUV4ETHVr8w07wAUvDBM4BtvQNsTx0Wz2xhrK2Wq4S8TIxIC6Po4279Lf/Dj
Xh4/n/67pfuue1v0c6MW
=giNI
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------