[Shorewall-announce] Shorewall 1.3.5
Thu, 25 Jul 2002 13:26:51 -0700 (PDT)
This will be the last Shorewall release for a while as I'm going to be
focusing on Documentation.
In this release:
1. Empty and invalid source and destination qualifiers are now detected
in the rules file. It is a good idea to use the 'shorewall check'
command before you issue a 'shorewall restart' command be be sure
that you don't have any configuration problems that will prevent a
2. Added MERGE_HOSTS variable in shorewall.conf to provide saner
behavior of the /etc/shorewall/hosts file.
3. The time that the counters were last reset is now displayed in the
heading of the 'status' and 'show' commands.
4. Added MUTEX_TIMEOUT variable in shorewall.conf and changed the way
in which Shorewall protects itself from concurrent state
Previously, if a state-changing operation (like restart)
found a lock file, it would wait for 30 seconds for the lock file to
be removed. If the file was not removed within 30 seconds, a message
was issued and the operation was aborted.
With the new code, the wait time is determined by the value of
MUTEX_TIMEOUT (default 60 seconds). If the file is not removed
within MUTEX_TIMEOUT, the state-changing operation will assume that
the lock file is stale and will issue a message and continue.
An appopriate setting for MUTEX_TIMEOUT is twice the time that it takes
your firewall system to process a "shorewall restart" command.
5. Added 'proxyarp' interface option to facilitate Proxy ARP subnetting as
described in the Proxy ARP subnetting mini-HOWTO
Specifying this option for an interface causes Shorewall to set
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ email@example.com