2002-08-13 22:45:21 +02:00
|
|
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
|
|
|
|
<html>
|
|
|
|
|
|
<head>
|
|
|
|
|
|
|
|
|
|
|
|
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
|
|
|
|
|
|
<title>Shorewall 1.3 Errata</title>
|
|
|
|
|
|
|
|
|
|
|
|
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
|
|
|
|
|
|
|
|
|
|
|
|
<meta name="ProgId" content="FrontPage.Editor.Document">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<meta name="Microsoft Theme" content="boldstri 011, default">
|
|
|
|
|
|
</head>
|
|
|
|
|
|
<body>
|
|
|
|
|
|
<h1 align="center">Shorewall Errata/Upgrade Issues</h1>
|
|
|
|
|
|
|
|
|
|
|
|
<p align="center">
|
|
|
|
|
|
<font face="Century Gothic, Arial, Helvetica">
|
|
|
|
|
|
|
|
|
|
|
|
<b><u>IMPORTANT</u></b></font></p>
|
|
|
|
|
|
|
|
|
|
|
|
<ol>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
|
|
|
|
|
|
<p align="left">
|
|
|
|
|
|
|
|
|
|
|
|
<b><u>I</u>f you use a Windows system to download a corrected script, be sure to
|
|
|
|
|
|
run the script through <u>
|
|
|
|
|
|
<a href="http://www.megaloman.com/%7Ehany/software/hd2u/" style="text-decoration: none">
|
|
|
|
|
|
dos2unix</a></u>
|
|
|
|
|
|
after you have moved it to your Linux system.</b></p>
|
|
|
|
|
|
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
|
|
|
|
|
|
<p align="left">
|
|
|
|
|
|
|
|
|
|
|
|
<b>If you are installing Shorewall for the first time and plan to use the
|
|
|
|
|
|
.tgz and install.sh script, you can untar the archive, replace the
|
|
|
|
|
|
'firewall' script in the untarred directory with the one you downloaded
|
|
|
|
|
|
below, and then run install.sh.</b></p>
|
|
|
|
|
|
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
|
|
|
|
|
|
<p align="left">
|
|
|
|
|
|
|
|
|
|
|
|
<b>When the instructions say to install a corrected firewall script in
|
|
|
|
|
|
/etc/shorewall/firewall or /var/lib/shorewall/firewall, use the 'cp' (or 'scp') utility to overwrite the
|
|
|
|
|
|
existing file. DO NOT REMOVE OR RENAME THE OLD /etc/shorewall/firewall
|
|
|
|
|
|
or /var/lib/shorewall/firewall before you do that. /etc/shorewall/firewall
|
|
|
|
|
|
and /var/lib/shorewall/firewall are symbolic links that point
|
|
|
|
|
|
to the 'shorewall' file used by your system initialization scripts to
|
|
|
|
|
|
start Shorewall during boot. It is that file that must be overwritten
|
|
|
|
|
|
with the corrected script. </b></p>
|
|
|
|
|
|
|
|
|
|
|
|
</li>
|
|
|
|
|
|
</ol>
|
|
|
|
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
<li><b><a href="#Upgrade">Upgrade Issues</a></b></li>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
|
|
|
|
|
|
<b><font color="#660066">
|
|
|
|
|
|
<a href="errata_1.htm">Problems in Version 1.1</a></font></b></li>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
|
|
|
|
|
|
<b><a href="errata_2.htm">Problems in Version 1.2</a></b></li>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
|
|
|
|
|
|
<b><a href="#V1.3">Problems in Version 1.3</a></b></li>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
|
|
|
|
|
|
<b><font color="#660066"><a href="#iptables">
|
|
|
|
|
|
Problem with iptables version 1.2.3 on RH7.2</a></font></b></li>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
|
|
|
|
|
|
<b><a href="#Debug">Problems with kernels >= 2.4.18 and
|
|
|
|
|
|
RedHat iptables</a></b></li>
|
|
|
|
|
|
<li><b><a href="#SuSE">Problems installing/upgrading RPM on SuSE</a></b></li>
|
2002-08-14 23:57:38 +02:00
|
|
|
|
<li><b><a href="#Multiport">Problems with iptables version 1.2.7 and
|
|
|
|
|
|
MULTIPORT=Yes</a></b></li>
|
2002-08-13 22:45:21 +02:00
|
|
|
|
</ul>
|
|
|
|
|
|
<hr>
|
|
|
|
|
|
|
|
|
|
|
|
<h2 align="Left"><a name="Upgrade"></a>Upgrade Issues</h2>
|
|
|
|
|
|
|
|
|
|
|
|
<h3 align="Left">Version >= 1.3.6</h3>
|
|
|
|
|
|
|
|
|
|
|
|
<p align="Left">If you have a pair of firewall systems configured for
|
|
|
|
|
|
failover, you will need to modify your firewall setup slightly under
|
|
|
|
|
|
Shorewall versions >= 1.3.6. </p>
|
|
|
|
|
|
|
|
|
|
|
|
<ol>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
|
|
|
|
|
|
<p align="Left">Create the file /etc/shorewall/newnotsyn and in it add
|
|
|
|
|
|
the following rule<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
<font face="Courier">run_iptables -A newnotsyn -j RETURN # So that the
|
|
|
|
|
|
connection tracking table can be rebuilt<br>
|
|
|
|
|
|
|
|
|
|
|
|
# from non-SYN packets after takeover.<br>
|
|
|
|
|
|
</font></li>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
|
|
|
|
|
|
<p align="Left">Create /etc/shorewall/common (if you don't already
|
|
|
|
|
|
have that file) and include the following:<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
<font face="Courier">run_iptables -A common -p tcp --tcp-flags
|
|
|
|
|
|
ACK,FIN,RST ACK -j ACCEPT #Accept Acks to rebuild connection<br>
|
|
|
|
|
|
|
|
|
|
|
|
#tracking table. <br>
|
|
|
|
|
|
. /etc/shorewall/common.def</font></li>
|
|
|
|
|
|
</ol>
|
|
|
|
|
|
|
|
|
|
|
|
<h3 align="Left">Versions >= 1.3.5</h3>
|
|
|
|
|
|
|
|
|
|
|
|
<p align="Left">Some forms of pre-1.3.0 rules file syntax are no
|
|
|
|
|
|
longer supported. </p>
|
|
|
|
|
|
|
|
|
|
|
|
<p align="Left">Example 1:</p>
|
|
|
|
|
|
|
|
|
|
|
|
<div align="left">
|
|
|
|
|
|
<pre> ACCEPT net loc:192.168.1.12:22 tcp 11111 - all</pre>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
|
|
<p align="Left">Must be replaced with:</p>
|
|
|
|
|
|
|
|
|
|
|
|
<div align="left">
|
|
|
|
|
|
<pre> DNAT net loc:192.168.1.12:22 tcp 11111</pre>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div align="left">
|
|
|
|
|
|
<p align="left">Example 2:</div>
|
|
|
|
|
|
<div align="left">
|
|
|
|
|
|
<pre> ACCEPT loc fw::3128 tcp 80 - all</pre>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div align="left">
|
|
|
|
|
|
<p align="left">Must be replaced with:</div>
|
|
|
|
|
|
<div align="left">
|
|
|
|
|
|
<pre> REDIRECT loc 3128 tcp 80</pre>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
|
|
<h2 align="Left"><a name="V1.3"></a>Problems in Version 1.3</h2>
|
|
|
|
|
|
|
|
|
|
|
|
<h3 align="Left">Version 1.3.5-1.3.5b</h3>
|
|
|
|
|
|
|
|
|
|
|
|
<p align="Left">The new 'proxyarp' interface option doesn't work :-(
|
|
|
|
|
|
This is fixed in
|
|
|
|
|
|
<a href="http://www.shorewall.net/pub/shorewall/errata/1.3.5/firewall">
|
|
|
|
|
|
this corrected firewall script</a> which must be installed in
|
|
|
|
|
|
/var/lib/shorewall/ as described above.</p>
|
|
|
|
|
|
|
|
|
|
|
|
<h3 align="Left">Versions 1.3.4-1.3.5a</h3>
|
|
|
|
|
|
|
|
|
|
|
|
<p align="Left">Prior to version 1.3.4, host file entries such as the
|
|
|
|
|
|
following were allowed:</p>
|
|
|
|
|
|
|
|
|
|
|
|
<div align="left">
|
|
|
|
|
|
<pre> adm eth0:1.2.4.5,eth0:5.6.7.8</pre>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div align="left">
|
|
|
|
|
|
<p align="left">That capability was lost in version 1.3.4 so that it is only
|
|
|
|
|
|
possible to include a single host specification on each line. This
|
|
|
|
|
|
problem is corrected by
|
|
|
|
|
|
<a href="http://www.shorewall.net/pub/shorewall/errata/1.3.5a/firewall">this
|
|
|
|
|
|
modified 1.3.5a firewall script</a>. Install the script in /var/lib/pub/shorewall/firewall
|
|
|
|
|
|
as instructed above.</div>
|
|
|
|
|
|
|
|
|
|
|
|
<div align="left">
|
|
|
|
|
|
<p align="left">This problem is corrected in version 1.3.5b.</div>
|
|
|
|
|
|
|
|
|
|
|
|
<h3 align="Left">Version 1.3.5</h3>
|
|
|
|
|
|
|
|
|
|
|
|
<p align="Left">REDIRECT rules are broken in this version. Install
|
|
|
|
|
|
<a href="http://www.shorewall.net/pub/shorewall/errata/1.3.5/firewall">
|
|
|
|
|
|
this corrected firewall script</a> in /var/lib/pub/shorewall/firewall
|
|
|
|
|
|
as instructed above. This problem is corrected in version 1.3.5a.</p>
|
|
|
|
|
|
|
|
|
|
|
|
<h3 align="Left">Version 1.3.n, n < 4</h3>
|
|
|
|
|
|
|
|
|
|
|
|
<p align="Left">The "shorewall start" and "shorewall restart" commands
|
|
|
|
|
|
to not verify that the zones named in the /etc/shorewall/policy file
|
|
|
|
|
|
have been previously defined in the /etc/shorewall/zones file. The
|
|
|
|
|
|
"shorewall check" command does perform this verification so it's a
|
|
|
|
|
|
good idea to run that command after you have made configuration
|
|
|
|
|
|
changes.</p>
|
|
|
|
|
|
|
|
|
|
|
|
<h3 align="Left">Version 1.3.n, n < 3</h3>
|
|
|
|
|
|
|
|
|
|
|
|
<p align="Left">If you have upgraded from Shorewall 1.2 and after
|
|
|
|
|
|
"Activating rules..." you see the message: "iptables: No
|
|
|
|
|
|
chains/target/match by that name" then you probably have an entry in
|
|
|
|
|
|
/etc/shorewall/hosts that specifies an interface that you didn't
|
|
|
|
|
|
include in /etc/shorewall/interfaces. To correct this problem, you
|
|
|
|
|
|
must add an entry to /etc/shorewall/interfaces. Shorewall 1.3.3 and
|
|
|
|
|
|
later versions produce a clearer error message in this case.</p>
|
|
|
|
|
|
|
|
|
|
|
|
<h3 align="Left">Version 1.3.2</h3>
|
|
|
|
|
|
|
|
|
|
|
|
<p align="Left">Until approximately 2130 GMT on 17 June 2002, the
|
|
|
|
|
|
download sites contained an incorrect version of the .lrp file. That
|
|
|
|
|
|
file can be identified by its size (56284 bytes). The correct version
|
|
|
|
|
|
has a size of 38126 bytes.</p>
|
|
|
|
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
<li>The code to detect a duplicate interface entry in
|
|
|
|
|
|
/etc/shorewall/interfaces contained a typo that prevented it from
|
|
|
|
|
|
working correctly. </li>
|
|
|
|
|
|
<li>"NAT_BEFORE_RULES=No" was broken; it behaved just like "NAT_BEFORE_RULES=Yes".</li>
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
|
|
|
|
<p align="Left">Both problems are corrected in
|
|
|
|
|
|
<a href="http://www.shorewall.net/pub/shorewall/errata/1.3.2/firewall">
|
|
|
|
|
|
this script</a> which should be installed in <b><u>/var/lib/shorewall</u></b> as described above.</p>
|
|
|
|
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
<li>
|
|
|
|
|
|
|
|
|
|
|
|
<p align="Left">The IANA have just announced the allocation of subnet
|
|
|
|
|
|
221.0.0.0/8. This
|
|
|
|
|
|
<a href="http://www.shorewall.net/pub/shorewall/errata/1.3.2/rfc1918">
|
|
|
|
|
|
updated rfc1918</a> file reflects that allocation.</p>
|
|
|
|
|
|
|
|
|
|
|
|
</li>
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
|
|
|
|
<h3 align="Left">Version 1.3.1</h3>
|
|
|
|
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
<li>TCP SYN packets may be double counted when
|
|
|
|
|
|
LIMIT:BURST is included in a CONTINUE or ACCEPT policy (i.e., each
|
|
|
|
|
|
packet is sent through the limit chain twice).</li>
|
|
|
|
|
|
<li>An unnecessary jump to the policy chain is sometimes
|
|
|
|
|
|
generated for a CONTINUE policy.</li>
|
|
|
|
|
|
<li>When an option is given for more than one interface in
|
|
|
|
|
|
/etc/shorewall/interfaces then depending on the option, Shorewall
|
|
|
|
|
|
may ignore all but the first appearence of the option. For example:<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
net eth0 dhcp<br>
|
|
|
|
|
|
loc eth1 dhcp<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
Shorewall will ignore the 'dhcp' on eth1.</li>
|
|
|
|
|
|
<li>Update 17 June 2002 - The bug described in the prior bullet
|
|
|
|
|
|
affects the following options: dhcp, dropunclean, logunclean,
|
|
|
|
|
|
norfc1918, routefilter, multi, filterping and noping. An additional
|
|
|
|
|
|
bug has been found that affects only the 'routestopped' option.<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
Users who downloaded the corrected script prior to 1850 GMT today
|
|
|
|
|
|
should download and install the corrected script again to ensure
|
|
|
|
|
|
that this second problem is corrected.</li>
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
|
|
|
|
<p align="Left">These problems are corrected in
|
|
|
|
|
|
<a href="http://www.shorewall.net/pub/shorewall/errata/1.3.1/firewall">
|
|
|
|
|
|
this firewall script</a> which should be installed in
|
|
|
|
|
|
/etc/shorewall/firewall as described above.</p>
|
|
|
|
|
|
|
|
|
|
|
|
<h3 align="Left">Version 1.3.0</h3>
|
|
|
|
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
<li>Folks who downloaded 1.3.0 from the links on the download page
|
|
|
|
|
|
before 23:40 GMT, 29 May 2002 may have downloaded 1.2.13 rather than
|
|
|
|
|
|
1.3.0. The "shorewall version" command will tell you which version
|
|
|
|
|
|
that you have installed.</li>
|
|
|
|
|
|
<li>The documentation NAT.htm file uses non-existent
|
|
|
|
|
|
wallpaper and bullet graphic files. The
|
|
|
|
|
|
<a href="http://www.shorewall.net/pub/shorewall/errata/1.3.0/NAT.htm">
|
|
|
|
|
|
corrected version is here</a>.</li>
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
<hr>
|
|
|
|
|
|
|
|
|
|
|
|
<h3 align="Left"><a name="iptables"></a><font color="#660066">
|
|
|
|
|
|
Problem with iptables version 1.2.3</font></h3>
|
|
|
|
|
|
|
|
|
|
|
|
<blockquote>
|
|
|
|
|
|
|
|
|
|
|
|
<p align="Left">There are a couple of serious bugs in iptables 1.2.3 that
|
|
|
|
|
|
prevent it from working with Shorewall. Regrettably,
|
|
|
|
|
|
RedHat released this buggy iptables in RedHat 7.2. </p>
|
|
|
|
|
|
|
|
|
|
|
|
<p align="Left"> I have built a <a href="ftp://ftp.shorewall.net/pub/shorewall/errata/iptables-1.2.3-3.i386.rpm">
|
|
|
|
|
|
corrected 1.2.3 rpm which you can download here</a> and I have also built
|
|
|
|
|
|
an <a href="ftp://ftp.shorewall.net/pub/shorewall/iptables-1.2.4-1.i386.rpm">
|
|
|
|
|
|
iptables-1.2.4 rpm which you can download here</a>. If
|
|
|
|
|
|
you are currently running RedHat 7.1, you can install either of these RPMs
|
|
|
|
|
|
<b><u>before</u> </b>you upgrade to RedHat 7.2.</p>
|
|
|
|
|
|
|
2002-08-14 23:57:38 +02:00
|
|
|
|
<p align="Left"><font color="#FF6633"><b>Update
|
2002-08-13 22:45:21 +02:00
|
|
|
|
11/9/2001: </b></font>RedHat has
|
|
|
|
|
|
released an iptables-1.2.4 RPM of their own which you can download from<font face="Century Gothic, Arial, Helvetica" color="#FF6633">
|
2002-08-14 23:57:38 +02:00
|
|
|
|
</font><font color="#FF6633">
|
2002-08-13 22:45:21 +02:00
|
|
|
|
<a href="http://www.redhat.com/support/errata/RHSA-2001-144.html">http://www.redhat.com/support/errata/RHSA-2001-144.html</a>.
|
|
|
|
|
|
</font>I have installed this RPM
|
|
|
|
|
|
on my firewall and it works fine.</p>
|
|
|
|
|
|
|
|
|
|
|
|
<p align="Left">If you
|
|
|
|
|
|
would like to patch iptables 1.2.3 yourself, the patches are available
|
|
|
|
|
|
for download. This <a href="ftp://ftp.shorewall.net/pub/shorewall/errata/iptables-1.2.3/loglevel.patch">patch</a>
|
|
|
|
|
|
which corrects a problem with parsing of the --log-level specification while
|
|
|
|
|
|
this <a href="ftp://ftp.shorewall.net/pub/shorewall/errata/iptables-1.2.3/tos.patch">patch</a>
|
|
|
|
|
|
corrects a problem in handling the TOS target.</p>
|
|
|
|
|
|
|
|
|
|
|
|
<p align="Left">To install one of the above patches:</p>
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
<li>cd iptables-1.2.3/extensions</li>
|
|
|
|
|
|
<li>patch -p0 < <i>the-patch-file</i></li>
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
|
|
|
|
</blockquote>
|
|
|
|
|
|
|
|
|
|
|
|
<h3><a name="Debug"></a>Problems with kernels >= 2.4.18
|
|
|
|
|
|
and RedHat iptables</h3>
|
|
|
|
|
|
<blockquote>
|
|
|
|
|
|
<p>Users who use RedHat iptables RPMs and who upgrade to kernel 2.4.18/19 may
|
|
|
|
|
|
experience the following:</p>
|
|
|
|
|
|
<blockquote>
|
|
|
|
|
|
<pre># shorewall start
|
|
|
|
|
|
Processing /etc/shorewall/shorewall.conf ...
|
|
|
|
|
|
Processing /etc/shorewall/params ...
|
|
|
|
|
|
Starting Shorewall...
|
|
|
|
|
|
Loading Modules...
|
|
|
|
|
|
Initializing...
|
|
|
|
|
|
Determining Zones...
|
|
|
|
|
|
Zones: net
|
|
|
|
|
|
Validating interfaces file...
|
|
|
|
|
|
Validating hosts file...
|
|
|
|
|
|
Determining Hosts in Zones...
|
|
|
|
|
|
Net Zone: eth0:0.0.0.0/0
|
|
|
|
|
|
iptables: libiptc/libip4tc.c:380: do_check: Assertion
|
|
|
|
|
|
`h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
|
|
|
|
|
|
Aborted (core dumped)
|
|
|
|
|
|
iptables: libiptc/libip4tc.c:380: do_check: Assertion
|
|
|
|
|
|
`h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
|
|
|
|
|
|
Aborted (core dumped)
|
|
|
|
|
|
</pre>
|
|
|
|
|
|
</blockquote>
|
|
|
|
|
|
<p>The RedHat iptables RPM is compiled with debugging enabled but the
|
|
|
|
|
|
user-space debugging code was not updated to reflect recent changes in the
|
|
|
|
|
|
Netfilter 'mangle' table. You can correct the problem by installing
|
|
|
|
|
|
<a href="http://www.shorewall.net/pub/shorewall/iptables-1.2.5-1.i386.rpm">
|
|
|
|
|
|
this iptables RPM</a>. If you are already running a 1.2.5 version of
|
|
|
|
|
|
iptables, you will need to specify the --oldpackage option to rpm (e.g.,
|
|
|
|
|
|
"iptables -Uvh --oldpackage iptables-1.2.5-1.i386.rpm").</p>
|
|
|
|
|
|
</blockquote>
|
|
|
|
|
|
|
|
|
|
|
|
<h3><a name="SuSE"></a>Problems
|
|
|
|
|
|
installing/upgrading RPM on SuSE</h3>
|
|
|
|
|
|
|
|
|
|
|
|
<p>If you find that rpm complains about a conflict
|
|
|
|
|
|
with kernel <= 2.2 yet you have a 2.4 kernel
|
|
|
|
|
|
installed, simply use the "--nodeps" option to
|
|
|
|
|
|
rpm.</p>
|
|
|
|
|
|
|
|
|
|
|
|
<p>Installing: rpm -ivh <i><shorewall rpm></i></p>
|
|
|
|
|
|
|
|
|
|
|
|
<p>Upgrading: rpm -Uvh <i><shorewall rpm></i></p>
|
|
|
|
|
|
|
2002-08-14 23:57:38 +02:00
|
|
|
|
<p><a name="Multiport"></a><b>Problems with
|
|
|
|
|
|
iptables version 1.2.7 and MULTIPORT=Yes</b></p>
|
|
|
|
|
|
|
|
|
|
|
|
<p>The iptables 1.2.7 release of iptables has made
|
|
|
|
|
|
an incompatible change to the syntax used to
|
|
|
|
|
|
specify multiport match rules; as a consequence,
|
|
|
|
|
|
users who install iptables 1.2.7 must set
|
|
|
|
|
|
MULTIPORT=No in /etc/shorewall/shorewall.conf or
|
|
|
|
|
|
install
|
|
|
|
|
|
<a href="http://www.shorewall.net/pub/shorewall/errata/1.3.6/firewall">
|
|
|
|
|
|
this firewall script</a> in /var/lib/shorewall/firewall
|
|
|
|
|
|
as described above.</p>
|
|
|
|
|
|
|
|
|
|
|
|
<p><font size="2">
|
|
|
|
|
|
Last updated 8/14/2002 -
|
|
|
|
|
|
<a href="support.htm">Tom Eastep</a></font> </p>
|
2002-08-13 22:45:21 +02:00
|
|
|
|
|
|
|
|
|
|
<p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font>
|
|
|
|
|
|
<20> <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></p>
|
|
|
|
|
|
|
|
|
|
|
|
</body>
|
|
|
|
|
|
</html>
|
