Hi Simon, Richard and Mark:
Thanks for directing me to man crontab. I'm sure I'll work the issue out within reasonable time. Yes, indeed awstats reads postfix logs, the main reason I'm installing it is because it's helpful for analyzing website traffic. There are limitations: for example, there is an Apache GeoIP plugin for matching IP addresses with countries. My IP address and domains are registered in the USA but I live in Venezuela and my websites, although being bilingual, are very geared to Venezuelan issues. Probably millions of other people worldwide share this kind of background. So how effective is it to rely on those statistics anyway? I look forward to comparing awstats with Mailman Daily Status Report.
I was honored to receive an email today from Thomas Woerner of Fedora, chief developer of the firewalld project, requesting to the Firewalld Users Discussion list to download today's release of 0.4.2. It is supposed to have fixed the various bugs we have recently dealt with. Which method should I use to download it? Am interested in upgrading firewalld immediately because the old version conflicted with ebtables and my OS python 2.7 got confused because of that last week.
You have taught me to be be careful about managing simultaneously Python 2 & 3 or Mailman 2 & 3. Here are enclosed details of firewalld upgrade. My installed version of firewalld is 0.3.9 and yum doesn't provide any updates. Until yesterday both 0.4 and 0.4.1.2 were available from sources; and 0.4.2 was released today.
"Thomas Woerner <twoerner@redhat.com> <twoerner@redhat.com> Para Firewalld users discussion list <firewalld-users@lists.fedorahosted.org>Firewalld development list <firewalld-devel@lists.fedorahosted.org> Hoy a las 14:44 The new firewalld version 0.4.2 is available with several enhancements, bug fixes and huge speed ups.
The main changes of firewalld-0.4.2 are
New transaction model
Changes are done in one big transaction instead of smaller ones. This speeds up firewalld start and restart tremendously.
The start is done up to in six or nine calls to the restore commands depending on the configuration. This depends on ipset and also direct configuration usage.
Also all other actions benefit from this change.
Enhanced handling of connections and interfaces
For interfaces that are handled by NetworkManager, requests to add or change bindings are directed to NetworkManager in the firewall-cmd and firewall-config tools.
For interfaces on Fedora and RHEL systems that are not handled by NM, there is a new mechanism that changes the ifcfg file if there is one using the interface.
This makes zone interface bindings more consistent.
Usability enhancements for firewall-config
firewall-config has a new side bar with the active bindings of connections, interfaces and also sources. With this side bar it is possible to change the binding assignments in a simple way.
A new overlay message window if the connection to firewalld could not be established or if it is lost.
Speed ups for view changes runtime to permanent and back by introduction of new D-Bus methods in firewalld.
The resize behavior has been fixed to be more expected.
Enhanced runtime to permanent migration
The enhanced migration is not saving interfaces that are under control of NetworkManager to the permanent configuration. Zones, services etc. are only migrated if there are changes compared to current permanent configuration.
New ICMP block inversion
The ICMP block is now completely handled per zone. With the new ICMP block inversion flag in the zone it is possible to invert the ICMP block. That means that the enabeld ICMP blocks are allowed and all others are blocked. In a drop zone these remaining types are dropped and not blocked.
The logging of denied rules have been added to icmp-blocks.
Source port support in zones, services and rich rules
Additionally to ports is it also now possible to allow source ports in a zones and also in a service in a similar way as existing ports. There is a new flag source-port for this.
Source ports can also be used in rich rules as elements. The source ports can be combined with logging, limiting and also an action.
Rich rules with destination only* *-------------------------------------
Destination addresses can now be used in rich rules without an element. This enabled the use of rich rules containing destination addresses combined with an action and logging only.
There are also several other bug fixes or enhancements and code optimizations.
The new firewalld version 0.4.1.2 is available here:
https://fedorahosted.org/released/firewalld/firewalld-0.4.2.tar.bz2
Also on github:
https://github.com/t-woerner/firewalld/releases/tag/v0.4.2
And in the github repository:
https://github.com/t-woerner/firewalld/ <https://github.com/t-woerner/firewalld/> <https://github.com/t-woerner/firewalld/tree/v0.4.0>
Rubén Rivero Capriles http://www.rubenrivero.net (blog global - español) http://www.rroopstr.com (global blog - English) http://www.riverocooper.com (art & mining)