[Shorewall-announce] Two Shorewall 3.2 Issues

[Tom E. <te...@sh...>]

Updates are available at
http://www.shorewall.net/pub/shorewall/3.2/shorewall-3.2.5/

1)  If a DNAT or REDIRECT rule was used where the effective policy
    between the source and final destination zones is ACCEPT, the ACCEPT
    part of the rule was not generated. This could lead to confusing
    results if there was a DROP or REJECT rule following.

2)  If "all+" appeared in a rule then "all" appearing in following rules
    was treated like "all+".

    For both problems, either:

    a) Replace /usr/share/shorewall/compiler and
       /usr/share/shorewall/functions with the 'compiler' and
       'functions' files from the errata/Shorewall/ sub-directory.

    b) Patch /usr/share/shorewall/compiler and
       /usr/share/shorewall/functions with the patch-3.2.5-4.diff patch
       from the errata/patches directory.

-Tom
--=20
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ te...@sh...
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key