Just Launched: You can now import projects and releases from Google Code onto SourceForge
We are excited to release new functionality to enable a 1-click import from Google Code onto the Allura platform on SourceForge. You can import tickets, wikis, source, releases, and more with a few simple steps. Read More
I had hoped to be able to avoid another RC but there have been enough
changes that I've decided that the safe thing to do is to release RC3.
Problems Corrected in 3.4.0 RC3
1) The route_rules file was being ignored. This has been corrected.
2) If an IP range was specified in a 'drop' or 'reject' command
(including the logging forms) and a 'shorewall save' was performed,
then the next time that Shorewall was restarted, new connections
from outside the firewall were totally blocked.
3) If a 'start' or restart' command failed during the compile phase,
/sbin/shorewall erroneously returned an exit status of 0.
4) If IMPLICIT_CONTINUE=3DYes was in effect, then sub-zones received the=
implicit CONTINUE policy for their intra-zone traffic (rather than
the implicit ACCEPT policy for such traffic). This could cause
intra-zone traffic to be rejected by rules for one of the
Other Changes in 3.4.0 RC3
1) A warning is now issued when 'loose' and 'balance' are specified
together for a provider. This combination of options can lead to pack=
being dropped as 'martians'.
2) If the 'setkey' program is installed, then the IPSEC SPD and SAD
are displayed in the output of "shorewall[-lite] dump. All key
information (E: and A: lines) is suppressed in the command output
so that the output of "dump" cannot be used to breach IPSEC
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@...
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key