From: Tom E. <te...@sh...> - 2013-01-15 17:50:45
|
RC 1 is now available for testing. Problems corrected since Beta 5: 1) Under very rare circumstances, optimize level 4 could leave a rule that jumped to a non-existant chain, causing iptables-restore to fail. 2) If an error was raised while compiling a default action, the following Perl diagnostic could appear and the Shorewall error message would not be printed. 3) It is once again possible to use DNS names in rules without an interface name. New Features since Beta 5: 1) A new DEFER_DNS_RESOLUTION option has been added to shorewall.conf. Up to this time, when a DNS name appears in the SOURCE, DEST or ORIGINAL DEST column of a configuration file, the compiler verifies that the name can be resolved and then passes the name on to the generated script. This means that ip[6]tables-restore must resolve the name when the script runs. When DEFER_DNS_RESOLUTION=Yes (the default) this old behavior is retained. When DEFER_DNS_RESOLUTION=No, the compiler resolves the name and uses the address(es) in the generated script. Thank you for testing, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ |