[Shorewall-users] Snapshot 20030623
teastep at shorewall.net
Mon Jun 23 17:16:05 PDT 2003
1) A problem seen on RH7.3 systems where Shorewall encountered start
errors when started using the "service" mechanism has been worked
1) A 'newnotsyn' interface option has been added. This option may be
specified in /etc/shorewall/interfaces and overrides the setting
NEWNOTSYN=No for packets arriving on the associated interface.
2) The means for specifying a range of IP addresses in
/etc/shorewall/masq to use for SNAT is now
documented. ADD_SNAT_ALIASES=Yes is enabled for address ranges.
3) Shorewall can now add IP addresses to subnets other than the first
one on an interface.
4) DNAT[-] rules may now be used to round-robin over a set of
servers. Up to 256 servers may be specified in a range of addresses
given as <first address>-<last address>.
DNAT net loc:192.168.10.2-192.168.10.5 tcp 80
I believe that this version corrects problems seen with the previous
snapsnot on older and stripped down shells such as ash.
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://www.shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-users