[Shorewall-announce] Shorewall 3.2.10

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Problems Corrected in 3.2.10

1)  Previously, if a 'start' or 'restart' command failed during the
    compilation step, /sbin/shorewall erroneously returned an exit
    status of zero.

2)  If IMPLICIT_CONTINUE=3DYes was in effect, then sub-zones received the=

    implicit CONTINUE policy for their intra-zone traffic (rather than
    the implicit ACCEPT policy for such traffic). This could cause
    intra-zone traffic to be rejected by rules in one of the parent
    zones.

3) The "shorewall-[lite] [re]start and stop" commands reset the
   proxy_arp flag on all interfaces on the system making it impossible
   to control proxy arp manually with Shorewall installed. With this
   change, shorewall will only clear proxy arp if there were entries in
   /etc/shorewall/proxyarp the last time that Shorewall was
   [re]started.

4)  The /usr/share/shorewall[-lite]/modules file has been updated for
    kernel 2.6.20.

5)  The /proc/net/ip_conntrack pseudo-file has been inexplicably
    renamed /proc/net/nf_conntrack in kernel 2.6.20. The lib.cli
    library has been updated to look for both files.

6)  Tunnels of type 'ipsecnat' failed to work properly due to a missing
    rule.

7)  The 'shorecap' program was not loading modules correctly.

-Tom
--=20
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ te...@sh...
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key