From: Tom E. <te...@sh...> - 2007-02-25 16:31:24
|
I had hoped to be able to avoid another RC but there have been enough changes that I've decided that the safe thing to do is to release RC3. http://www1.shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-R= C3/ ftp://ftp1.shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-RC= 3/ Problems Corrected in 3.4.0 RC3 1) The route_rules file was being ignored. This has been corrected. 2) If an IP range was specified in a 'drop' or 'reject' command (including the logging forms) and a 'shorewall save' was performed, then the next time that Shorewall was restarted, new connections from outside the firewall were totally blocked. 3) If a 'start' or restart' command failed during the compile phase, /sbin/shorewall erroneously returned an exit status of 0. 4) If IMPLICIT_CONTINUE=3DYes was in effect, then sub-zones received the= implicit CONTINUE policy for their intra-zone traffic (rather than the implicit ACCEPT policy for such traffic). This could cause intra-zone traffic to be rejected by rules for one of the parent zones. Other Changes in 3.4.0 RC3 1) A warning is now issued when 'loose' and 'balance' are specified together for a provider. This combination of options can lead to pack= ets being dropped as 'martians'. 2) If the 'setkey' program is installed, then the IPSEC SPD and SAD are displayed in the output of "shorewall[-lite] dump. All key information (E: and A: lines) is suppressed in the command output so that the output of "dump" cannot be used to breach IPSEC security. -Tom --=20 Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ te...@sh... PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key |