Fedora 7 Update: shorewall-3.4.5-1.fc7

updates at fedoraproject.org updates at fedoraproject.org
Tue Jul 17 16:46:16 UTC 2007

Fedora Update Notification
2007-07-17 09:46:14.585142

Name        : shorewall
Product     : Fedora 7
Version     : 3.4.5
Release     : 1.fc7
Summary     : Iptables-based firewall for Linux systems
Description :

The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/router/server or on a standalone GNU/Linux system.

Update Information:

Problems Corrected in 3.4.5.

1)  DYNAMIC_ZONES=Yes can now coexist with Shorewall-perl's 'bport'
    zones. Those zones themselves may not be dynamically modified but
    the presence of bport zones no longer causes the 'shorewall add'
    command to fail.

2)  Shorewall's internal traffic shaper once again works when the 'sed'
    utility is provided by the Busybox package.

3)  Version 3.4.4 erroneously accepted the values On, Off, on, off, ON
    and OFF for the IP_FORWARDING option. These values were treated
    like 'Keep'. The listed values are now once again flagged as an

4)  If 'routeback' and 'detectnets' were specified on an interface,
    limited broadcasts (to and multicasts were dropped
    when forwarded through the interface. This could cause
    broadcast-based and multicast applications to fail when running
    through a bridge with 'detectnets'.

5)  The 'hits' command works once again.

6)  IPSECFILE=ipsec (either explicitly or defaulted) works
    now. Previously, processing of the ipsec file was bypassed; often
    with a confusing "missing file" message.

7)  If DETECT_DNAT_IPADDRS=Yes in shorewall.conf but you did't have
    conntrack match support, then the generated script was missing

Other changes in 3.4.5.

1)  When a Shorewall release includes detection of an additional
    capability, existing capabilities files become out of
    date. Previously, this condition was not detected.

    Beginning with this release, each generated capabilities file
    contains a CAPVERSION specification which defines the capabilities
    version of the file. If the CAPVERSION in a capabilities file is
    less than the current CAPVERSION, then Shorewall will issue the
    following message:

    WARNING: <file> is out of date -- it does not contain all of
    the capabilities defined by Shorewall version <version>


        <file>    is the name of the capabilities file.
        <version> is the current Shorewall version.

    Existing capabilities files contain no CAPVERSION. When such a file
    is read, Shorewall will issue this message:

    WARNING: <file> may be not contain all of the capabilities defined
    by Shorewall version <version>

2)  When a directory is specified in a command such as 'start' or
    'compile', Shorewall now reads the shorewall.conf file (if any) in
    that directory before deciding which compiler to use. So if
    SHOREWALL_COMPILER is not specified in
    /etc/shorewall/shorewall.conf and the -C option was not specified
    on the run-line, then if Shorewall-perl is installed, the additional
    shorewall.conf file is read to see if it specifies a

3)  The 'save' command now uses iptables-save from the same directory
    containing iptables. Previously, iptables-save was located via the
    PATH setting.


* Tue Jul 17 2007 Robert Marcano <robert at marcanoonline.com> - 3.4.5-1
- Update to upstream 3.4.5
* Mon Jun 18 2007 Robert Marcano <robert at marcanoonline.com> - 3.4.4-1
- Update to upstream 3.4.4
Updated packages:

21751bd63ce5ff7d439ff280f2ac252fb0e5ce5e shorewall-3.4.5-1.fc7.noarch.rpm
fb3b6e29393c2637032025104ea2c645a7c08a85 shorewall-3.4.5-1.fc7.src.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.

More information about the Fedora-package-announce mailing list