Problems corrected since 2.1.10

1)  If TC_ENABLED=Yes but you have no /etc/shorewall/tcstart file then
    "shorewall restore" will no longer attempt to run the tcstart file.

2)  Previously it was necessary to define ipsec zones (those with
    "Yes" in the IPSEC column in /etc/shorewall/ipsec or those having
    an entry in /etc/shorewall/hosts having the "ipsec" option) before
    other zones using the same interface. This has been corrected.

3)  A typo has been corrected that prevented the 'logmartians' interface
    option from working correctly.

4)  A typo has been corrected in and a clarification added to the
    /etc/shorewall/blacklist file.

New features since 2.1.10

 1) Shorewall now resets the 'accept_source_route' flag for all
    interfaces. If you wish to accept source routing on an interface,
    you must specify the new 'sourceroute' interface option in
    /etc/shorewall/interfaces.

 2) The default Drop and Reject actions now invoke the new standard
    action 'AllowICMPs'. This new action accepts critical ICMP types:
   
Type 3 code 4 (fragmentation needed)
Type 11       (TTL exceeded)

 3) Explicit control over the kernel's Martian logging is now provided
    using the new 'logmartians' interface option. If you include
    'logmartians' in the interface option list then logging of Martian
    packets on will be enabled on the specified interface.
    If you wish to globally enable martian logging, you can set
    MARTIAN_LOGGING=Yes in shorewall.conf.

 4) You may now cause Shorewall to use the '--set-mss' option of the
    TCPMSS target. In other words, you can cause Shorewall to set the
    MSS field of SYN packets passing through the firewall to the value
    you specify. This feature extends the existing CLAMPMSS option in
    /etc/shorewall/shorewall.conf by allowing that option to have a
    numeric value as well as the values "Yes" and "No".

    Example:

CLAMPMSS=1400

Only registered users can write comments.
Please login or register.

Powered by AkoComment 1.0 beta 2!