[Shorewall-users] Shorewall 1.3.5

Martinez, Mike (MHS-ACS) Mike.Martinez@mhs-helpdesk.com
Thu, 25 Jul 2002 15:54:00 -0500


Tom,

Thanks for all the hard work and effort you put into this firewall. The
addition of the proxy-arp interface option will be really nice and I'm
looking forward to implementing it seeing as I have 254 entries in my
current proxyarp file and we are in the process of adding another Class c
sub-net. 

Your Documentation already Kicks Ass and I really appreciate it.

Thanks Again and take it easy.
Mike

-----Original Message-----
From: Tom Eastep [mailto:teastep@shorewall.net]
Sent: Thursday, July 25, 2002 3:27 PM
To: Shorewall Users; Shorewall Announcements
Subject: [Shorewall-users] Shorewall 1.3.5


This will be the last Shorewall release for a while as I'm going to be 
focusing on Documentation.

In this release:

1. Empty and invalid source and destination qualifiers are now detected
   in the rules file. It is a good idea to use the 'shorewall check'
   command before you issue a 'shorewall restart' command be be sure
   that you don't have any configuration problems that will prevent a
   successful restart.

2. Added MERGE_HOSTS variable in shorewall.conf to provide saner
   behavior of the /etc/shorewall/hosts file.

3. The time that the counters were last reset is now displayed in the
   heading of the 'status' and 'show' commands.

4. Added MUTEX_TIMEOUT variable in shorewall.conf and changed the way
   in which Shorewall protects itself from concurrent state
   changes.

   Previously, if a state-changing operation (like restart)
   found a lock file, it would wait for 30 seconds for the lock file to
   be removed. If the file was not removed within 30 seconds, a message
   was issued and the operation was aborted.

   With the new code, the wait time is determined by the value of
   MUTEX_TIMEOUT (default 60 seconds). If the file is not removed
   within MUTEX_TIMEOUT, the state-changing operation will assume that
   the lock file is stale and will issue a message and continue.

   An appopriate setting for MUTEX_TIMEOUT is twice the time that it takes
   your firewall system to process a "shorewall restart" command.

5. Added 'proxyarp' interface option to facilitate Proxy ARP subnetting as
   described in the Proxy ARP subnetting mini-HOWTO
   (http://www.tldp.org/HOWTO/mini/Proxy-ARP-Subnet/)

   Specifying this option for an interface causes Shorewall to set
   /proc/sys/net/ipv4/conf/<interface>/proxy_arp.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

_______________________________________________
Shorewall-users mailing list
Shorewall-users@shorewall.net
http://www.shorewall.net/mailman/listinfo/shorewall-users