Problems corrected since 2.1.9

1)  With DELAYBLACKLISTLOAD=No, the blacklist was previously not
    loaded.

New Features sine 2.1.9

1) Using the default LOGFORMAT, chain names longer than 11 characters
    (such as in user-defined actions) may result in log prefix
    truncation. A new shorewall.conf action  LOGTAGONLY has been added
    to deal with this problem. When LOGTAGONLY=Yes, logging rules that
    specify a log tag will substitute the tag for the chain name in the
    log prefix.

    Example -- file /etc/shorewall/action.thisisaverylogactionname:

    Rule:

DROP:info:ftp 0.0.0.0/0 0.0.0.0/0 tcp     21

    Log prefix with LOGTAGONLY=No:

Shorewall:thisisaverylongacti

    Log prefix with LOGTAGONLY=Yes:

Shorewall:ftp:DROP

2) Shorewall now resets the 'accept_source_route' flag for all
    interfaces. If you wish to accept source routing on an interface,
    you must specify the new 'sourceroute' interface option in
    /etc/shorewall/interfaces.

After installing this release it appears an additional option has been added to the interface file. Here is the comment from the file

# logmartians  - turn on kernel martian logging (logging
#                                      of packets with impossible source
#                                      addresses. It is suggested that if you
#                                      set routefilter on an interface that
#                                      you also set logmartians. This option
#                                      may also be enabled globally in the
#                                      /etc/shorewall/shorewall.conf file.

Visit Shorewalls Web Site

Only registered users can write comments.
Please login or register.

Powered by AkoComment 1.0 beta 2!