- Update to 4.5.4 For more details see changelog.txt and
releasenotes.txt
* When EXPORTMODULES=No in shorewall.conf, the error messages
have been eliminated
* If the configuration settings in the PACKET MARK LAYOUT section
of shorewall.conf (shorewall6.conf) had empty settings, the
'update' command would previously set them to their default
settings. It now leaves them empty.
* Previously, Shorewall used 'unreachable' routes to null-route
the RFC1918 subnets. This approach has two drawbacks:
- It can cause problems for IPSEC in that it can cause packets
to be rejected rather than encrypted and forwarded.
- It can return 'host unreachable' ICMPs to other systems that
attempt to route RFC1918 addresses through the firewall.
To eliminate these problems, Shorewall now uses 'blackhole'
routes.
Such routes don't interfere with IPSEC and silently drop
packets rather than return an ICMP.
* The 'default' routing table is now cleared if there are no
'fallback' providers.
* Tproxy implementation has been reworked. For more details
please consult the releasenotes.txt and changelog.txt