shorewall_code/Shorewall-lite/releasenotes.txt

91 lines
3.4 KiB
Plaintext
Raw Normal View History

Shorewall Lite 3.2.0 RC 4
Problems Corrected in 3.2.0 RC 4
1) RESTOREFILE has been added to shorewall.conf.
2) Many references to incorrect file names and commands have been
corrected in shorewall.conf.
3) /sbin/shorewall-lite still supported the 'refresh' command
whereas the firewall script generated by 'compile' did not.
This lead to the following:
gateway:~ # shorewall-lite refresh
Usage: /usr/share/shorewall-lite/firewall [ -q ] [ -v ] [ -n ] [ start|stop|clear|restart|status|version ]
gateway:~ #
Other changes in 3.2.0 RC 4
1) The progress messages produced by Shorewall Lite now correctly
identify the product as 'Shorewall Lite' rather than
'Shorewall'. In order for this to work, you must have Shorewall RC4
installed on your administrative system(s) and Shorewall Lite RC4
on the firewall system(s).
2) /usr/share/shorewall-lite/firewall has been moved to
/var/lib/shorewall-lite/firewall. When upgrading to this release of
Shorewall Lite, please execute the following command:
cp -a /usr/share/shorewall-lite/firewall /var/lib/shorewall-lite/
Note : The 'firewall' script is in /var/lib/shorewall-lite in
packages from shorewall.net. The package maintainers for the
various distributions are free to choose the directory where the
script will be stored under their distribution by altering the
value of LITEDIR in /usr/share/shorewall/configpath. You can run
the "shorewall show config" command to see how your distribution
defines LITEDIR.
New Features:
Shorewall Lite is a companion product to Shorewall and is designed to
allow you to maintain all Shorewall configuration information on a
single system within your network.
a) You install the full Shorewall release on one system within your
network. You need not configure Shorewall there and you may totally
disable startup of Shorewall in your init scripts. For ease of
reference, we call this system the 'administrative system'.
b) On each system where you wish to run a Shorewall-generated firewall,
you install Shorewall Lite. For ease of reference, we will call these
systems the 'firewall systems'
c) On the administrative system you create a separate 'configuration
directory' for each firewall system. You copy the contents of
/usr/share/shorewall/configfiles into each configuration directory.
d) On each firewall system, you run:
/usr/share/shorewall/shorecap > capabilities
scp capabilities <admin system>:<this system's config dir>
e) On the administrative system, for each firewall system you:
1) modify the files in the corresponding configuration
directory appropriately.
2) (this may be done as a non-root user)
cd <configuration directory>
/sbin/shorewall compile -e . firewall
scp firewall root@<firewall system>:/var/lib/shorewall-lite/
Note : The 'firewall' script is in /var/lib/shorewall-lite in
packages from shorewall.net. The package maintainers for the
various distributions are free to choose the directory where the
script will be stored under their distribution. You can look in
your /usr/share/shorewall-lite/configpath file to see what your
distribution defines for the value of LITEDIR.
3) On the firewall system, 'shorewall-lite start'.
It is possible to have both shorewall and Shorewall Lite
installed on the same system.
For more information, see:
http://www.shorewall.net/CompiledProgram.html#Lite