|
Shorewall Developement Release 2.1.7 Available
|
 |
 |
 |
|
Contributed by Chad Brandt
|
|
|
|
Monday, 30 August 2004
The latest development release of shorewall fixes a bug with an error in the ipsec file and adds a couple new featuresRead Full Change Log
Fixes since 2.1.6
- Dynamic zones marked as 'ipsec' in /etc/shorewall/ipsec now work correctly.
New Features since 2.1.6
- Normally, when SNAT or MASQUERADE is applied to a tcp or udp
connection, Netfilter attempts to retain the source port
number. If it has to change to port number to avoid
<source address>,<source port> conflicts, it tries to do so
within port ranges ( < 512, 512-1023, and > 1023). You may
now specify an explicit range of source ports to be used
by following the address or address range (if any) in the
ADDRESS column with ":" and a port range in the format
<low-port>-<high-port>. You must specify either "tcp" or
"udp" in the PROTO column.
Examples 1 -- MASQUERADE with tcp source ports 4000-5000:
#INTERFACE SUBNET ADDRESS PROTO
eth0 192.168.1.0/24 :4000-5000 tcp
Example 2 -- SNAT with udp source ports 7000-8000:
#INTERFACE SUBNET ADDRESS PROTO
eth0 10.0.0.0/8 192.0.2.44:7000-8000 udp
- You may now account by user/group ID for outbound traffic from the
firewall itself with entries in /etc/shorewall/accounting. Such
accounting rules must be placed in the OUTPUT chain.
See the comments at the top of /etc/shorewall/accounting for
details.
Only registered users can write comments.
Please login or register. Powered by AkoComment 1.0 beta 2! |
Home 
