Changes in 4.5.21.5
1) Update release documents.
2) Document 'postcompile'
3) Correct IPSET handling.
Changes in 4.5.21.4
1) Update release documents.
2) Add DROP support to the tcrules file.
3) Correct Broadcast actions.
4) Correct handling of HFSC classes with DMAX but no UMAX.
Changes in 4.5.21.3
1) Update release documents.
2) Make the Shorewall-init installer work on Ubuntu Raring.
3) Add logic in the installers to run update-rc.d.
Changes in 4.5.21.2
1) Update release documents.
2) Correct Shorewall-init installer.
3) Fix RAQ/Q.931/netbios-ns handling.
4) Fixed a typo that prevented multiple icmp types.
5) Fix 'nohostroute' when USE_DEFAULT_RT=Yes.
6) Eradicate use of 'fgrep'.
7) Fix |<mark>.
Changes in 4.5.21.1
1) Update release documents.
2) Correct Shorewall-init installer.
3) Fix RAQ/Q.931/netbios-ns handling.
4) Fixed a typo that prevented multiple icmp types.
5) Fix 'nohostroute' when USE_DEFAULT_RT=Yes.
Changes in 4.5.21 Final
1) Update release documents.
2) Enable 'monthdays' in the TIME column.
3) Use insserv on Debian.
4) Clean up uninstall.sh scripts
5) Display firewall's compiled version in status and version output.
Changes in 4.5.21-RC1
1) Update release documents.
2) Correct handling of litedir
3) Add 'nostroute' and 'nohostroute' options to providers.
4) Fix some broken links in the Howtos.
5) Allow Perl code in an action to manipulate the current rule comment.
Changes in 4.5.21-Beta3
1) Update release documents.
2) Apply Martin Gignac's ss/arp patch
3) Apply Thommas D's Gentoo installer patch
Changes in 4.5.21-Beta2
1) Update release documents.
2) Validate default log levels to catch absense of LOG_TARGET support.
3) Apply several Shorewall-init patches from Thomas D.
4) Make Shorewall-init obey OPTIONS setting.
5) Modify /sbin/shorewall-init when $SHAREDIR isn't /usr/share
6) Correct -lite installer's checks for coreversion
Changes in 4.5.21-Beta1
1) Update release documents.
2) Implement REJECT_ACTION option.
3) Use the ip[6]tables -w option when available.
Changes in 4.5.20 Final
1) Update release documents.
2) Correct installation of $SYSCONFFILE.
3) Add SERVICEFILE variable to shorewallrc.
4) Several corrections to Shorewall-init.
Changes in 4.5.20 RC 1
1) Update release documents.
2) Make the 'status' command obey VERBOSITY.
3) Document exit status codes.
4) Fix -lite uninstallers.
5) Correct typo in the compiled scripts 'usage' output.
Changes in 4.5.20 Beta 3
1) Update release documents.
2) Add abbreviations for common commands.
3) Use /etc/os-release to determine distribution.
Changes in 4.5.20 Beta 2
1) Update release documents.
2) Implement OPTIMIZE=All
Changes in 4.5.20 Beta 1
1) Update release documents.
2) Document TRACK_RULES
Changes in 4.5.19 Final
1) Update release documents.
Changes in 4.5.19 RC 1
1) Update release documents.
2) Add AutoBL action.
3) Add warning to existing automatic blacklisting example.
Changes in 4.5.19 Beta 3
1) Update release documents.
2) Add 'show event' and 'show events' commands.
3) Allow Events to be used in IPv6.
Changes in 4.5.19 Beta 2
1) Update release documents.
2) Allow logging rules with > 15 ports again.
3) Implement triggers
Changes in 4.5.19 Beta 1
1) Update release documents.
2) Fix Shorewall-init service file.
3) Allow -q to suppress 'Compiling...', etc. messages.
4) Add warning in the Limit action.
5) Re-implement logging rule generation.
Changes in 4.5.18 Final
1) Update release documents.
Changes in 4.5.18 RC 2
1) Update release documents.
2) Fix 'qt' and bridge detection.
Changes in 4.5.18 RC 1
1) Update release documents.
2) Make ?...shell/perl directives case-insensitive.
Changes in 4.5.18 Beta 3
1) Update release documents.
2) Reword 'unreachable' warning.
3) Remove incorrect statement from the Macro article.
4) Make 'routeback' a binary option.
Changes in 4.5.18 Beta 2
1) Update release documents.
2) Add Kerberos macro from James Shubin
3) Allow 'unmanaged' interfaces.
Changes in 4.5.18 Beta 1
1) Update release documents.
2) Merge 4.5.17.1 fixes.
3) Re-implement 'discarded' message.
4) Replace ersatz logic with NONE policies.
Changes in 4.5.17 Final
1) Update release documents.
2) Export 'shorewall' from the Config module.
3) Don't forward between local zones.
4) Correct ICMPv6 name translations.
5) Fix minor IPv6 TPROXY bug.
6) Rework 'unreachable' warning implementation.
7) Don't drop 'nfacct' rules.
Changes in 4.5.17 RC 2
1) Update release documents.
2) Add some warning/progress messages to help understand 'update -D'
behavior.
3) Only enable nf_conntrack_helpers during 'clear'.
4) Emit 'expensive' matches last.
5) Disallow 'virtual' physical interfaces.
6) Change 'local' to 'loopback' and add 'local'.
Changes in 4.5.17 RC 1
1) Update release documents.
2) Make local zones work with destonly loopback interface.
3) Ensure correct ordering with trivial exclusion.
4) Don't generate fw->fw jumps when there is a local zone.
Changes in 4.5.17 Beta 3
1) Update release documents.
2) Apply Mr-4's Shorewall-init bugfix.
3) Allow all+ in the policy file.
4) Remove most special handling of Auth.
5) Switch 'local' to a zone type.
Changes in 4.5.17 Beta 2
1) Update release documents.
2) More shorewall-init fixes.
3) Add 'destonly' and 'local' interface options.
4) Correct an optimizer defect.
5) Apply optimize 0 for the IPV6 nat table.
Changes in 4.5.17 Beta 1
1) Update release documents.
2) Apply Mr-4's special route handling in COPY
3) Apply Mr-4's Noautosrc patch
4) Apply Mr-4's priority -> perf patch
5) Delete SWPING from the Multi-ISP doc
6) Help insure that cp doesn't copy the firewall script to itself.
7) Misc fixes to Shoreawll-init
8) Correct Debian Shoreall-init SysV init script.
9) Support the -c compile option.
Changes in 4.5.16.2
1) Update release documents.
2) Clean up temporary chains sooner
3) Correct handling of INLINE with '-j' in the rules file.
4) Correct typos in manpages (Roberto Sanchez).
Changes in 4.5.16.1
1) Update release documents.
2) Correct handling of helpers when CT_TARGET is available.
Changes in 4.5.16 Final
1) Update release documents.
2) Apply Mr-4's patch.
3) Document @caller.
Changes in 4.5.16 RC 1
1) Update release documents.
2) Update blrules manpage.
3) Allow special characters in nfacct names.
4) Update TPROXY article.
5) Centralize validation of nfacct object names.
Changes in 4.5.16 RC 2
1) Update release documents.
2) Documentation tweaks.
3) Centralize verification and registration of nfacct objects.
4) Correct INLINE in tcrules and accounting.
Changes in 4.5.16 RC 1
1) Update release documents.
2) Added CHAIN_SCRIPTS option.
3) Add INLINE to the tcrules file.
4) Apply Mr-4's NFACCT patch.
Changes in 4.5.16 Beta 6
1) Update release documents.
2) Add INLINE to the accounting file.
Changes in 4.5.16 Beta 5
1) Update release documents.
2) Preserve order when multiple instances of the same match are not
adjacent.
3) Support 'HELPERS=none'.
4) Allow multiple nfacct objects in one rule.
5) Allow an nfacct object to be incremented when an ipset is matched.
Changes in 4.5.16 Beta 4
1) Update release documents.
2) Preserve match order in rules.
Changes in 4.5.16 Beta 3
1) Update release documents.
2) Correct generation of the blacklog chain when disposition is
audited.
3) Correct handling of MACLIST_DISPOSITION with MACLIST_TABLE=mangle.
4) Re-implement INLINE.
Changes in 4.5.16 Beta 2
1) Update release documents.
2) Add INLINE action.
3) Add NEW_TOS_MATCH capability.
Changes in 4.5.16 Beta 1
1) Update release documents.
2) Don't emit quantum calculations for hfsc qdiscs.
3) Add two new macros.
Changes in 4.5.16 Beta 1
1) Update release documents.
2) Add the ra_accept interface option for IPv6.
Changes in 4.5.15 Final.
1) Update release documents.
Changes in 4.5.15 Final.
1) Update release documents.
2) Apply Thibaut Chèze's fix for DSCP.
3) Correct range test in do_dscp().
Changes in 4.5.15 RC 1.
1) Update release documents.
2) Revert back to using 'add' for adding routes.
3) Initialize the 'id' field of reserved tables after .conf is
processed.
4) Additional uses of 'id' in place of 'number'.
Changes in 4.5.15 Beta 3.
1) Update release documents.
2) Don't use 'qt' in the undo_x_routing files.
3) Use 'replace' in IPv4 route rules rather than 'add'.
4) Detect duplicate route destinations.
5) Uniform handling of VLSM width.
6) Add USE_RT_NAMES option.
Changes in 4.5.15 Beta 2.
1) Update release documents.
2) Make NetworkManager up/down work with Shorewall Init on SuSE.
Changes in 4.5.15 Beta 1.
1) Update release documents.
2) Fix the Shorewall[6] installer WRT the routes and tcstart files.
3) Fix the Shoreawll-init installer WRT Redhat and derivatives.
4) Make the 'ifupdown' script distribution-specific.
Changes in 4.5.14 Final.
1) Update release documents.
2) Merge '-m multiport --ports' patch from master.
Changes in 4.5.14 RC 2.
1) Update release documents.
2) Detect ALL and NIL server addresses in DNAT rules.
3) Avoid duplicate 'echo' commands in generated script.
4) Remove duplicate interface names in generated case statement
5) Copy blackhole routes to secondary tables
6) Allow addition of blackhole routes.
Changes in 4.5.14 RC 1.
1) Update release documents.
2) Fix several bugs reported by Steven Springl.
3) Support IPv6 MASQUERADE.
4) Support ports to be specified with UDPLITE.
5) Correct SUBSYSLOCK setting in shorewall6.conf.
Changes in 4.5.14 Beta 3.
1) Update release documents.
2) Report used/required capabilities.
3) Simple SNAT and DNAT.
4) Rework load/reload/export commands.
Changes in 4.5.14 Beta 2.
1) Update release documents.
2) Remote outdated comments from the configpath file.
3) Fix another bug in IPv6 address list processing.
4) Unify the error reporting about the params and .conf files.
5) Correct a syntax error in uninstall.sh.
6) Make load, reload and export shorewallrc-aware.
7) Correct the configpath files.
8) Eliminate $globals{CONFDIR}
9) Save/use local SHAREDIR in reload_command()
10) Defer calling get_config() during 'update'.
11) Give address-family-specific help text for 'iptrace'
12) Remove macros during uninstall.
Changes in 4.5.14 Beta 1.
1) Update release documents.
2) Create separate chains for ESTABLISHED section rules.
3) Add a section => name-function map.
4) Only look in the specified directory for params file.
5) Add a section => state(s) map.
6) Correct IPv6 address list handling.
7) Rename BLACKLIST_LOGLEVEL to BLACKLIST_LOG_LEVEL.
Changes in 4.5.13 Final.
1) Update release documents.
2) Correct action.TCPFlags.
3) Allow parameters to be omitted in action invocations.
4) Fix reset_optflags().
5) Correct handling of numbers in simple arithmetic expressions.
6) Correct inline default actions with parameters.
Changes in 4.5.13 RC 3.
1) Update release documents.
2) Handle RETURN correctly in a state chain.
3) Correct a syntax error in action.Untracked.
4) Remove cruft from two action files.
5) Use -j unconditionally to branch to a state chain/disposition.
6) More tweaks in check_state().
7) Convert the legacy dropInvalid and allowInvalid actions to inline
actions.
Changes in 4.5.13 RC 2.
1) Update release documents.
2) Fix the state action.* files.
3) Correct state rule generation and rule combining.
Changes in 4.5.13 RC 1.
1) Update release documents.
2) Apply Evangelos Foutras's Arch Linux patches.
3) Remove requirement that the $state argument ends with a space.
4) Update Shorewall6 actions.std
5) Allow specification of the action type via perl_action_helper().
6) Simplify Perl actions even further.
7) Correct handling of audited dispositions.
8) Detect some state conflicts.
9) Add New action.
10) Delete imports of process_rule1.
11) Correct behavior when @chain is altered.
12) Documentation clarifications.
13) Handle port numbers passed to the tcp-specific actions.
14) Fix handling of normal actions in perl_action_tcp_helper().
15) Handle UNTRACKED_DISPOSITION=ACCEPT correctly.
Changes in 4.5.13 Beta 4.
1) Update release documents.
2) Update module version.
3) Favor shorter less-complex chain names in Optimize 8.
4) Handle chains ending with RETURN in Optimize 4.
5) Call handle_first_entry() before issuing a warning or error
message.
6) Allow inline actions to use BEGIN PERL .... END PERL
7) Make some of the standard actions inlined.
8) Replace BLACKLISTNEWONLY with BLACKLIST
Changes in 4.5.13 Beta 3.
1) Update release documents.
2) Correct chain completion.
3) Correct handling of audited RELATED_DISPOSITION
4) Make optimize 8 a multi-pass operation.
5) Implement the INVALID and NOTRACK rules sections.
Changes in 4.5.13 Beta 2.
1) Update release documents.
2) Allow RESET of Shorewall variables.
3) Fix use of Shorewall variables in a default action.
Changes in 4.5.13 Beta 2.
1) Update release documents.
2) Add DEFER_DNS_RESOLUTION configuration option.
3) Make Shorewall variables writable and use them to generate the log
prefix.
Changes in 4.5.12 RC 1
1) Update release documents.
2) Fix an old optimizer bug.
3) Avoid fatal Perl run-time error if an error is raised while
compiling a default action.
4) Correct handling of rules in the ESTABLISHED section.
5) Restore the ability to use DNS names without an interface name.
Changes in 4.5.12 Beta 5
1) Update release documents.
2) Support protocol lists in most files.
3) Detect and optimize for terminating rules.
4) Make CLEAR_TC work on interfaces with an @xxxxx suffix in their
names.
Changes in 4.5.12 Beta 4
1) Update release documents.
2) Fix a lot of bugs in arptables support
3) Make '+' optional in the ADD and deL statements.
4) Don't add --cstate to dropInvalid rule
5) Make inline actions work in sections other than NEW
6) Change the interpretation of the log tag when LOGTAGONLY=Yes
7) Generate error when a protocol list appears in the wrong context.
Changes in 4.5.12 Beta 3
1) Merge defect repair from 4.5.11.2
2) Correct two defects in 'update -D'.
3) Add arptables support
Changes in 4.5.12 Beta 2
1) Update release documents.
2) Avoid invalid function names involving optional interfaces (from
4.5.11.1).
3) Correct handling of wildcards whose root matches another interface.
4) Add support for fq_codel.
Changes in 4.5.12 Beta 1
1) Update release documents.
2) Add the xtables-addons modules to modules.xtables.
3) Add the 'WARNOLDCAPVERSION' option.
4) Finish centralizing the handling of 'COMMENT' and 'FORMAT'.
5) Ignore COMMENTs when deleting duplicate rules.
Changes in 4.5.11 Final
1) Update release documents
2) Update Perl module versions.
3) Make all module-global variables 'our' to aid debugging.
Changes in 4.5.11 RC 1
1) update -D
Changes in 4.5.11 Beta 3
1) Implement user-defined address variables.
2) Sort output of 'show capabilities'.
3) ?FORMAT and ?COMMENT
Changes in 4.5.11 Beta 2
1) Update release documents.
2) Implement @-variables.
3) Rename ALLOWUNKNOWNVARIABLES to IGNOREUNKNOWNVARIABLES.
4) Make $chain (@chain) a synonym for $0 ($0).
Changes in 4.5.11 Beta 1
1) Add ${loglevel} and ${logtag} as variables visible within actions.
2) Add 'nolog' action option.
3) Create a symbol table to hold all non-action shell variables.
4) Implement ?set and ?reset
Changes in 4.5.10 Final
1) Update release documents.
Changes in 4.5.10 RC 1
1) Change '@' substitution to '@0' (${0}'.
2) Disallow leading '0' in action parameter numbers.
3) Eliminate the need for functions called by
Shorewall::Compiler::generate_script_3 to have knowledge of the
current script file indentation.
4) Copy the temporary script to $VARDIR/$PRODUCT/firewall before
running the 'started' script.
5) Ignore 'inline' on certain actions.
6) Only initialize switches that survived optimization.
7) Be more agressive about detecting action recursion.
8) Support passing log levels inside parameters.
9) Fix AUTOCOMMENT=No
10) Delete duplicate rules in tables
Changes in 4.5.10 Beta 3
1) Update release documents.
2) Inherit 'tag' from macro/action invocation.
3) Correct NFLOG/ULOG documentation.
4) Another optimizer bug fixed.
5) Multiple parameter support for macros.
6) $0 expands to current action chain name.
7) Replace '@' by chain name in SWITCH contents.
8) Add in-line actions.
9) Add switch initialization.
10) Allowing inline override on Standard Actions.
Changes in 4.5.10 Beta 2
1) Update release documents.
2) New macro expansion capability.
3) Add NFLOG and ULOG macros.
4) Add UNTRACKED match to the secmarks file.
5) Add DROP target to the conntrack file.
6) Remove references to USE_ACTIONS
7) Allow macros to be used as default actions.
8) Correct the compiler's CHECKSUM detection
9) Don't generate start/stop functions for wildcard optional
interfaces.
10) Apply Tuomo Soini's fix for RHEL5
11) Improve handling of 'all' in the conntrack file.
12) Add SWITCH column to the conntrack file.
13) Add AUDIT built-in
14) Support audited targets on IPv6.
Changes in 4.5.10 Beta 1
1) Update release documents.
2) Treat optional interfaces as pseudo-providers.
3) New macro expansion capability.
4) Add NFLOG and ULOG macros.
Changes in 4.5.9.2
1) Update release documents.
2) Add mask to routemark rules.
3) Document TPROXY gotcha.
4) Make exclusion work with TPROXY.
Changes in 4.5.9.1
1) Update release documents.
2) Correct handling of wildcard interfaces in rules.
3) Correct shorewall-masq(5).
4) Remove spurious warning message.
5) Don't default IPSET to 'ipset'
Changes in 4.5.9 Final
1) Update release documents.
2) Small wording change in the release notes description of CHECKSUM.
The text copied from iptables(8) didn't read quite right.
Changes in 4.5.9 RC 1
1) Update release documents.
2) Add Terado Macro (Paul Gear).
3) Don't display naked chain heading when -b
4) Add CHECKSUM action in tcrules.
5) Sort IPv6 routing tables
6) Allow mark range in /etc/shorewall/tcrules.
Changes in 4.5.9 Beta 3
1) Update release documents.
2) Apply Paul Gear's typo correction
3) Add Pupet Macro (Paul Gear).
4) Don't shout in compiler directives in lib.core.
5) Don't include IPv6-specific code in the IPv4 checkkernelversion()
function.
6) Rename crvsn -> vlsm in sort_routes() (lib.core)
7) Add the Shorewall Logging URL to the "Log doesn't exist" message.
8) Correct a typo in a comment in get_params()
9) Allow quotes in paremeter to run_iptables()
10) Correct error messages in action.RST.
11) Apply Paul Gear's '-b' option patchset.
Changes in 4.5.9 Beta 2
1) Update release documents.
2) More 'show dynamic fixes'
3) Implement 'dynamic_shared' zone option.
4) Implement RESTORE_ROUTEMARKS option in shorewall[6].conf.
Changes in 4.5.9 Beta 1
1) Update release documents.
2) Allow [...]/vlsm for IPv6 Nets.
3) Don't suppress '-' in generated ipset names.
4) Expunge some of the g_* variables.
Changes in 4.5.8 Final.
1) Update release documents.
Changes in 4.5.8 RC 2
1) Update release documents.
2) Minor updates to the manpages.
3) Update rc file during shorewall-core install.
4) Disallow ':' as the contents of a USER/GROUP column.
Changes in 4.5.8 RC 1
1) Add PRIORITY column to the tcfilters file.
2) Add capability to adjust priority of Shorewall-generated filters.
3) Don't require PRIORITY in HFSC classes.
4) Assign sequential priorities to filters.
Changes in 4.5.8 Beta 3
1) Don't process routestopped if stoppedrules is non-empty
2) Correct handling of -e with a directory name specified
3) Simplify handling of export rc file.
4) Add support for multiple UID/GIDs in a rule.
Changes in 4.5.8 Beta 2
1) Pass both shorewallrc file name from lib.cli-std to compiler.pl
2) Correct PRODUCT handling in rpm-generated configurations.
3) Make ./firewall the default script when 'compile -e'
Changes in 4.5.8 Beta 1
1) Update Release Documents.
2) HELPER column in the rules file.
3) Macros specify HELPER
4) Add VARLIB
5) Fix handling of different admin/firewall configurations.
6) Include "." in CONFIG_PATH when compiling for export.
Changes in 4.5.7 Final
1) Update Release Documents.
2) Downcase conditional directives in the conntrack files.
3) Adjust reference counts in the new opt level 4 logic.
4) Correct 'enable' of ppp devices.
5) Don't combine rules that specify -m policy
6) Eliminate hard-wired directory paths in the installers.
7) Workaround for silly RHEL bug.
Changes in 4.5.7 RC 2
1) Update Release Documents.
2) Merge content previously scheduled for 4.5.8.
3) Add HELPER action.
Changes in 4.5.7 RC 1
1) Update Release Documents.
2) Handle CT/NOTRACK rules from vserver zones.
3) Make conditional directives case insensitive.
Changes in 4.5.7 Beta 5
1) Update Release Documents.
2) Factor out ?IF __CT_TARGET tests in the conntrack files.
3) Correctly handle disabled helpers in pre-3.5 kernels.
Changes in 4.5.7 Beta 4
1) Update Release Documents.
2) Fix 'netbios-ns' detection in the CLIs.
3) Replace list separator in 'helper' specs.
Changes in 4.5.7 Beta 3
1) Update Release Documents.
2) Rename the notrack file to conntrack
3) Rename the AUTO_COMMENT option to AUTOCOMMENT
4) Add HELPERS option
5) Redesign the CT:helper feature.
Changes in 4.5.7 Beta 2
1) Update Release Documents.
2) Add support for nfacct.
Changes in 4.5.7 Beta 1
1) Update Release Documents
2) Implement 'rpfilter' interface option.
3) Correct systemctl command in installers.
Changes in 4.5.6 Final
1) Update release documents.
2) Simplify handling of __IPVn in conditional directives
3) Avoid a call to eval() for simple expressions
4) Apply patch from Daniel MeiÃner correcting STARTUP_ENABLED=No message
5) Correct typo in ISO 3660 doc.
6) Add FAQ 99 (empty ruleset after boot)
7) When TC_ENABLED=No, require providers to process tcrules.
Changes in 4.5.6 RC 1
1) Update release documents.
2) Add $VERSION as a defined variable.
3) Add missing 'sleep 1' when waiting for wildcard interfaces.
4) Only require MANGLE_ENABLED for tcrules processing.
Changes in 4.5.6 Beta 4
1) Support ?ELSIF
2) Allow generalized expressions in ?IF and ?ELSIF
3) Correct a logical name bug in tc
4) Add ORIGINAL DEST column to the masq file.
Changes in 4.5.6 Beta 3
1) Rewrote RED option handling.
2) Rewrote USER/GROUP column handling.
3) Allow UID/GID ranges in USR/GROUP.
4) Display PROXY_MARK in 'show marks'.
Changes in 4.5.6 Beta 2
1) May logical->physical name when using an IFB.
2) Allow fractional delays in TC.
3) Allow Linksharing rate to be specified in HFSC.
4) Add RED support.
Changes in 4.5.6 Beta 1
1) Fix multiple unweighted 'fallback' providers.
2) Add stab TC support.
Changes in 4.5.5 Final
1) Restore fix to configure script.
2) Fix installer's handling of SYSCONFDIR
3) Add DIGEST support.
Changes in 4.5.5 RC 1
1) Change in 'ignore' behavior.
2) Optional '?' in embedded script directives.
3) Fix IPv6 Shorecap
4) Fix iprange match on RHEL5
Changes in 4.5.5 Beta 2
1) Merged bug fixes from 4.5.4.
2) Added LOGFILE setting for Shorewall-init.
3) Reverse the order of continuation/directive checks.
Changes in 4.5.5 Beta 1
1) Add support for additional log options.
2) Many fixes for Shoreawll-init.
Changes in 4.5.4 Final
1) Update the release documents.
Changes in 4.5.4 RC 2
1) Remove GeoIP from Shorewall6/actions.std
2) Minor cleanup of geoip; mostly documentation
Changes in 4.5.4 RC 1
1) Use 'blackhole' routes rather than 'unreachable' for null-routing
RFC1918 addresses.
2) Don't overwrite empty mark geometry settings during update.
3) Additional optimization under level 4.
4) Allow bracketing of CC lists in [...]
5) Load country codes from geoip database.
6) Clear the DEFAULT table if no fallback providers are up.
Changes in 4.5.4 Beta 3
1) Replace {...} with '^' prefix to denote CC list.
Changes in 4.5.4 Beta 2
1) Clear the balance table if no balanced providers.
2) Use "(S)" consistently in column headings.
3) Correct add of default IPv6 when no gateway
4) Update .status file on 'disable'.
5) Ignore 'isusable' on 'disable'
6) Split a couple of functions with address-family dependent logic.
7) Don't allow RSTs to be rejected
8) Exit the tcpost chain if a connection mark is restored
9) Add geoip support.
Changes in 4.5.4 Beta 1
1) Correct nested conditional defect.
2) Re-implement TPROXY
Changes in 4.5.3 Final
1) Update release documents.
2) Add RST Action.
3) Remove a couple of hard-coded '/usr/share' instances.
4) Allow synonyms for column names in the alternate specification
formats.
5) Allow COMMENT by itself in the tunnels file.
Changes in 4.5.3 RC 1
1) Print out include/openstack in warning and error messages.
2) Fix manual chain invocation in macro.
3) Make BLACKLIST use blacklog
Changes in 4.5.3 Beta 2
1) Use format 2 for all interfaces files.
2) Fix the installers WRT Debian startup on boot.
3) Enhance 'refresh' command.
Changes in 4.5.3 Beta 1
1) Eliminate read_a_line1().
2) Add the -T option to the load, reload, restart and start commands.
3) Improve debuggability of assertion failures.
4) Allow multiple tunnel gateways.
Changes in 4.5.2.1
1) Added configure.pl script to allow rpm builds on old systems.
2) Correct INCLUDE inside an ?IF ... ?ENDIF
3) Add comments to shorewallrc files.
4) Correct a couple of defects in the shorewallrc files.
5) Modify Makefiles if directories non-standard.
6) configure[.pl] improvements.
Changes in 4.5.2 Final
1) Update release documents.
2) Don't strip comments in embedded Perl and Shell because it can
lead to an un-terminated string when '#' appears in a string.
3) Don't suppress whitespace in embedded Perl and Shell.
Changes in 4.5.2 RC 1
1) Update release documents.
2) Remove several more absolute pathnames.
3) Deimplement option '?' in BEGIN and END directives.
4) Allow ?IF, ?ELSE and ?END in embedded Perl and Shell.
Changes in 4.5.2 RC 1
1) Update release documents.
2) Allow remote firewalls with a different directory structure.
3) Fix a lot of bugs.
4) Avoid modifying shorewallrc variables (except VARDIR).
Changes in 4.5.2 Beta 5
1) Eliminate 'local file' error in installers.
2) Make requested change to the shorewallrc.suse file.
3) Add aliases to configure.
4) Fix 'nets=' with 'dhcp'.
Changes in 4.5.2 Beta 4
1) Add a configure script
2) Expand the places where .shorewallrc can be found.
Changes in 4.5.2 Beta 3
1) Fix syntax error in init.sh
2) Fix shorewall-core.spec
3) Modify Redhat/Fedora init scripts for shorewallrc.
Changes in 4.5.2 Beta 2
1) Fix conditional compilation.
2) Add IPSET_WARNINGS option.
3) Add configuration files to track where Shorewall components are
installed.
Changes in 4.5.2 Beta 1
1) Implement 'mss=' in the hosts file.
2) Implement conditional compilation.
3) Promote a couple of zone options out of the 'options' hash.
4) Remove the 'nexted' zone option.
5) Rename the MARK/CLASSIFY column to ACTION
Changes in 4.5.1 Final
1) Update release documents.
Changes in 4.5.1 RC 1
1) Update release documents.
2) Don't automatically install 'isusable'
3) Clean up TOS handling
Changes in 4.5.1 Beta 3
1) Add support for packager's config file
2) Implement run-time gateway variables.
3) Add /sbin/shorewall-init
4) Don't copy non-default mark layout settings during update.
Changes in 4.5.1 Beta 2
1) Remove some cruft from the Zones module.
2) Collapse the three 'dont_' members of the chain table into a single
'optflags' member.
3) Add DSCP match and target support.
4) Rework install.sh scripts and .spec files.
5) Fix standard init files.
Changes in 4.5.1 Beta 1
1) Add IMQ support.
2) Remove requirement to supply a mark value on the default class.
3) New install script structure.
4) Give warning when opposite flag is used in an ipset invocation.
5) Add a SWITCH column to the masq file.
6) Correct a typo in the blrules files.
7) Eliminate compiler crash from unknown IPv6 interface.
Changes in 4.5.0 Final
1) Update release documents.
Changes in 4.5.0 RC 2
1) Correct 'get_routed_networks()' in lib.core.
2) Move Samples and Manpages under their corresponding product
directories.
Changes in 4.5.0 RC 1
1) Sort the routing table in 'show_routing'.
2) Restore shorewall-init functionality.
3) Correct 'ip -p route' commands for Proxy NDP.
Changes in 4.5.0 Beta 4
1) Implement load=<load-factor>
2) Add STARTOPTIONS and RESTARTOPTIONS to /etc/default/shorweall*
(/etc/sysconfig/shorewall*).
3) Ensure a routing rule targeting the main table when
USE_DEFAULT_RT=Yes.
Changes in 4.5.0 Beta 3
1) Move lib.core from Shorewall-core to Shorewall.
2) Make '0' equivalent to '-' in the IN_BANDWIDTH column.
3) Fix MARK_IN_FORWARD_CHAIN=Yes with $FW source
4) Allow runtime address variables in the SOURCE column of
route_rules.
5) Add a PROBABILITY column to the tcrules file.
6) Don't rm /usr/share/shorewall/wait4ifup during Shorewall install.
7) Combine prog.footer and prog.footer6
Changes in 4.5.0 Beta 2
1) Move common routines from prog.header/prog.header6 to lib.core.
2) Unify install between Shorewall and Shorewall6.
2) Unify install between Shorewall-lite and Shorewall6-lite.
Changes in 4.5.0 Beta 1
1) Reorganize blacklist and interface option handling.
2) Allow <timeout> on safe- commands.
3) Add Shorewall Core package
distrib
>
Mageia
>
4
>
i586
>
media
>
core-release
>
by-pkgid
>
f1e0663d7c4e8265b8e5b6a277871fd8
>
files
>
10
