[Firehol-support] [ANNOUNCE] FireHOL 2.0.4 and 3.0.1 released

z060822400814a at rezozer.net z060822400814a at rezozer.net
Mon Feb 22 04:36:32 GMT 2016 

Hello Forum:

I have just deposited the Debian material for FireHOL 3 at Alioth:


https://anonscm.debian.org/cgit/collab-maint/firehol.git


Thanks for your patience,
Jerome


On 10/01/16 18:19, Phil Whineray wrote:
> All
> 
> I have released versions 2.0.4 and 3.0.1 of FireHOL.
> 
> As usual, you can get them from the website:
>   http://firehol.org/download/releases/v2.0.4/
>   http://firehol.org/download/releases/v3.0.1/
> 
> Unless you have a compelling reason to stay with v2, it is recommended
> you now upgrade to the 3.x series, which is where most work will take
> place in future.
> 
> Major changes:
> 
> This release has been made to add an extra helper "ipv6mld" and update
> the recommended icmpv6 handling example to make it more likely that this
> will work for everyone unchanged.
> 
> In particular "client ipv6mld accept" should be used on any interfaces
> taking part on a network which has multicast snooping enabled. Depending
> on the snooping, not having this may prevent neighbour and router
> discovery from working. Not everyone likes MLD though, so you may want
> to read up on it as many network configurations will work fine without.
> 
> My new recommendation for enabling icmpv6 on hosts is to define a
> special interface before your regular ones, like this:
> 
>   version 6
> 
>   ipv6 interface any ipv6interop proto icmpv6
>     policy return
>     client ipv6neigh accept
>     server ipv6neigh accept
>     client ipv6mld accept
>     client ipv6router accept
>     server ipv6error accept
> 
>     # If this machine is routing traffic, it will need to be able
>     # to send Router Advertisment messages and Multicast Listener Queries
>     #server ipv6router accept
>     #server ipv6mld accept
> 
> There is then no need to include these rules in each subsequent interface.
> Routers will still need rules adding for ipv6error.
> 
> Minor:
> 
> Version 3.0.1 also adds pre_up to vnetbuild to allow running commands
> in a namespace before an interface is brought up.
> 
> Regards
> Phil
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support
>

More information about the Firehol-support mailing list