[Shorewall-users] Snapshot 20030623

Tom Eastep teastep at shorewall.net
Mon Jun 23 17:16:05 PDT 2003


Problems Corrected:

1) A problem seen on RH7.3 systems where Shorewall encountered start
   errors when started using the "service" mechanism has been worked
   around.

New Features:

1) A 'newnotsyn' interface option has been added. This option may be
   specified in /etc/shorewall/interfaces and overrides the setting
   NEWNOTSYN=No for packets arriving on the associated interface.

2) The means for specifying a range of IP addresses in
   /etc/shorewall/masq to use for SNAT is now
   documented. ADD_SNAT_ALIASES=Yes is enabled for address ranges.

3) Shorewall can now add IP addresses to subnets other than the first
   one on an interface.

4) DNAT[-] rules may now be used to round-robin over a set of
   servers. Up to 256 servers may be specified in a range of addresses
   given as <first address>-<last address>.

   Example:

	DNAT net loc:192.168.10.2-192.168.10.5 tcp 80

I believe that this version corrects problems seen with the previous 
snapsnot on older and stripped down shells such as ash.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep at shorewall.net


More information about the Shorewall-users mailing list