Problems corrected since 2.1.7

1)  Fix parsing of ACTION with ":" but no log level (Richard Musil).

2)  Fix parsing of PROTO column in /etc/shorewall/tcrules.

3)  Packets that will be encrypted or that have been decrypted by IPSEC
    are now exempted from the rules established by one-to-one NAT. This
    allows tunnel mode IPSEC to work for local networks where some of
    the systems use one-to-one NAT.

4)  The shorewall.spec file now directs rpm to cause Shorewall to start
    automatically at boot. This feature was inadvertently removed in
    Shorewall 2.1.3.

New features since 2.1.7

1) Shorewall now verifies that your kernel and iptables have physdev
    match support if BRIDGING=Yes in shorewall.conf.

2) Beginning with this release, if your kernel and iptables have
    iprange match support (see the output from "shorewall check"), then
    with the exception of the /etc/shorewall/netmap file, anywhere that
    a network address may appear an IP address range of the form <low
    address>-<high address> may also appear.

3) Support has been added for the iptables CLASSIFY target. That
    target allows you to classify packets for traffic shaping directly
    rather than indirectly through fwmark. Simply entry the
    <major>:<minor> classification in the first column of
    /etc/shorewall/tcrules:

    Example:

#MARK/      SOURCE       DEST      PROTO     PORT(S)
#CLASSIFY
1:30     - -    tcp      25

    Marking using the CLASSIFY target always occurs in the POSTROUTING
    chain of the mangle table and is not affected by the setting of
    MARK_IN_FORWARD_CHAIN in shorewall.conf.

Visit Shorewalls Web Site

Only registered users can write comments.
Please login or register.

Powered by AkoComment 1.0 beta 2!