[Shorewall-users] Shorewall 1.4.6 Beta 2

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Changes since Beta 1:

Problems Corrected:

1. Corrected a problem in Beta 1 where DNS names containing a "-" were
   mis-handled when they appeared in the DEST column of a rule.

New Features:

1. The limit of 256 addresses for an address range has been removed.  
   Shorewall now decomposes the range into an optimal set of 
   network/host addresses (see also the 'iprange' command below).

2. An 'ipcalc' command has been added to /sbin/shorewall.

      ipcalc [ <address> <netmask> | <address>/<vlsm> ]

   Examples:

      [root@wookie root]# shorewall ipcalc 192.168.1.0/24
         CIDR=192.168.1.0/24
         NETMASK=255.255.255.0
         NETWORK=192.168.1.0
         BROADCAST=192.168.1.255
      [root@wookie root]#

      [root@wookie root]# shorewall ipcalc 192.168.1.0 255.255.255.0
         CIDR=192.168.1.0/24
         NETMASK=255.255.255.0
         NETWORK=192.168.1.0
         BROADCAST=192.168.1.255
      [root@wookie root]#

   Warning:

      If your shell only supports 32-bit signed arithmatic (ash or
      dash), then the ipcalc command produces incorrect information for
      IP addresses 128.0.0.0-1 and for /1 networks. Bash should produce
      correct information for all valid IP addresses.

3) An 'iprange' command has been added to /sbin/shorewall. 

      iprange <address>-<address>

   This command decomposes a range of IP addressses into a list of
   network and host addresses. The command can be useful if you need to
   construct an efficient set of rules that accept connections from a
   range of network addresses.

   Note: If your shell only supports 32-bit signed arithmetic (ash or
   dash) then the range may not span 128.0.0.0.

   Example:

      [root@gateway root]# shorewall iprange 192.168.1.4-192.168.12.9
      192.168.1.4/30
      192.168.1.8/29
      192.168.1.16/28
      192.168.1.32/27
      192.168.1.64/26
      192.168.1.128/25
      192.168.2.0/23
      192.168.4.0/22
      192.168.8.0/22
      192.168.12.0/29
      192.168.12.8/31
      [root@gateway root]#

4) A list of host/net addresses is now allowed in an entry in
    /etc/shorewall/hosts.

    Example:

	foo	eth1:192.168.1.0/24,192.168.2.0/24

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ te...@sh...