shorewall_code/Shorewall-Website/shorewall_index.htm

278 lines
11 KiB
HTML
Raw Normal View History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta name="generator" content=
"HTML Tidy for Linux (vers 1st April 2002), see www.w3.org">
<meta http-equiv="CONTENT-TYPE" content=
"text/html; charset=utf-8">
<title>Shoreline Firewall (Shorewall) 2.0</title>
<base target="_self">
<meta name="GENERATOR" content="OpenOffice.org 1.1.1 (Linux)">
<meta name="CREATED" content="20040920;15031500">
<meta name="CHANGED" content="20040920;15183300">
</head>
<body dir="ltr" lang="en-US">
<h1>Shorewall 2.x</h1>
<h2><a href="News.htm#20050717"><font color="#ff0000">Security
vulnerability in Shorewall 2.x</font></a></h2>
<hr style="width: 100%; height: 2px;">
<p>The information on this site applies only to 2.x releases of
Shorewall. For older versions:</p>
<ul>
<li>
<p style="margin-bottom: 0in;">The 1.4 site is <a href=
"http://www.shorewall.net/1.4" target="_top">here.</a></p>
</li>
<li>
<p style="margin-bottom: 0in;">The 1.3 site is <a href=
"http://www.shorewall.net/1.3" target="_top">here.</a></p>
</li>
<li>
<p>The 1.2 site is <a href="http://shorewall.net/1.2/"
target="_top">here</a>.</p>
</li>
</ul>
<p>The current 2.4 Stable Release is 2.4.4 -- Here are the <a
href=
"http://shorewall.net/pub/shorewall/2.4/shorewall-2.4.4/releasenotes.txt">
release notes</a> and here are the <a href=
"http://shorewall.net/pub/shorewall/2.4/shorewall-2.4.4/known_problems.txt">
known problems</a> and <a href=
"http://shorewall.net/pub/shorewall/2.4/shorewall-2.4.4/errata/">
updates</a>.<br>
<br>
The current 2.5 Development Release is 2.5.6 -- Here are the <a
href=
"http://shorewall.net/pub/shorewall/2.5/shorewall-2.5.6/releasenotes.txt">
release notes</a> and the preliminary documentation is <a href=
"http://www1.shorewall.net/3.0/index.html">here</a>.<br>
<br>
Copyright © 2001-2005 Thomas M. Eastep</p>
<p>Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License,
Version 1.2 or any later version published by the Free Software
Foundation; with no Invariant Sections, with no Front-Cover,
and with no Back-Cover Texts. A copy of the license is included
in the section entitled “<a href="GnuCopyright.htm" target=
"_self">GNU Free Documentation License</a>”.</p>
<p>2005-09-17</p>
<hr style="width: 100%; height: 2px;">
<h3>Table of Contents</h3>
<p style="margin-left: 0.42in; margin-bottom: 0in;"><a href=
"#Intro">Introduction to Shorewall</a></p>
<p style="margin-left: 0.83in; margin-bottom: 0in;"><a href=
"#Glossary">Glossary</a><br>
<a href="#WhatIs">What is Shorewall?</a><br>
<a href="#GettingStarted">Getting Started with
Shorewall</a><br>
<a href="#Info">Looking for Information?</a><br>
<a href="#Mandrake">Running Shorewall on Mandrake® with a
two-interface setup?</a><br>
<a href="#License">License</a><br>
</p>
<div style="margin-left: 40px;">
<br>
<a href="#Leaf">Leaf</a><br>
<br>
<a href="#OpenWRT">OpenWRT</a><br>
</div>
<p style="margin-left: 40px;"><a href=
"#Donations">Donations</a></p>
<h2><a name="Intro"></a>Introduction to Shorewall</h2>
<h3><a name="Glossary"></a>Glossary</h3>
<ul>
<li>
<p style="margin-bottom: 0in;"><a href=
"http://www.netfilter.org/" target="_top">Netfilter</a> -
the packet filter facility built into the 2.4 and later
Linux kernels.</p>
</li>
<li>
<p style="margin-bottom: 0in;">ipchains - the packet filter
facility built into the 2.2 Linux kernels. Also the name of
the utility program used to configure and control that
facility. Netfilter can be used in ipchains compatibility
mode.</p>
</li>
<li>
<p>iptables - the utility program used to configure and
control Netfilter. The term 'iptables' is often used to
refer to the combination of iptables+Netfilter (with
Netfilter not in ipchains compatibility mode).</p>
</li>
</ul>
<h3><a name="WhatIs"></a>What is Shorewall?</h3>
<p style="margin-left: 0.42in;">The Shoreline Firewall, more
commonly known as "Shorewall", is a high-level tool for
configuring Netfilter. You describe your firewall/gateway
requirements using entries in a set of configuration files.
Shorewall reads those configuration files and with the help of
the iptables utility, Shorewall configures Netfilter to match
your requirements. Shorewall can be used on a dedicated
firewall system, a multi-function gateway/router/server or on a
standalone GNU/Linux system. Shorewall does not use Netfilter's
ipchains compatibility mode and can thus take advantage of
Netfilter's <a href=
"http://www.cs.princeton.edu/%7Ejns/security/iptables/iptables_conntrack.html"
target="_top">connection state tracking capabilities</a>.<br>
<br>
Shorewall is <u>not</u> a daemon. Once Shorewall has configured
Netfilter, it's job is complete. After that, there is no
Shorewall code running although the <a href=
"starting_and_stopping_shorewall.htm">/sbin/shorewall program
can be used at any time to monitor the Netfilter
firewall</a>.<br>
</p>
<p style="margin-left: 0.42in;">Shorewall is not the easiest to
use of the available iptables configuration tools but I believe
that it is the most flexible and powerful. So if you are
looking for a simple point-and-click set-and-forget Linux
firewall solution that requires a minimum of networking
knowledge, I would encourage you to check out the following
alternatives:</p>
<ul style="margin-left: 40px;">
<li><a href=
"http://www.m0n0.ch/wall">http://www.m0n0.ch/wall</a></li>
<li><a href=
"http://www.fs-security.com/">http://www.fs-security.com/</a><br>
</li>
</ul>
<p style="margin-left: 0.42in;">On the other hand, if you are
looking for a Linux firewall solution that can handle complex
and fast changing network environments then Shorewall is a
logical choice.<br>
</p>
<h3><a name="GettingStarted"></a>Getting Started with
Shorewall</h3>
<p style="margin-left: 0.42in;">New to Shorewall? Start by
selecting the <a href=
"shorewall_quickstart_guide.htm">QuickStart Guide</a> that most
closely matches your environment and follow the step by step
instructions.</p>
<h3><a name="Info"></a>Looking for Information?</h3>
<p style="margin-left: 0.42in;">The <a href=
"Documentation_Index.html">Documentation Index</a> is a good
place to start as is the Site Search in the frame above.<br>
</p>
<h3><a name="Mandrake"></a>Running Shorewall on Mandrake® with
a two-interface setup?</h3>
<p style="margin-left: 0.42in;">If so, the documentation on
this site will not apply directly to your setup. If you want to
use the documentation that you find here, you will want to
consider uninstalling what you have and installing a setup that
matches the documentation on this site. See the <a href=
"two-interface.htm">Two-interface QuickStart Guide</a> for
details.<br>
<br>
<b>Update:</b> I have been informed by Mandrake Development
that this problem has been corrected in Mandrake 10.0 Final
(the problem still exists in the 10.0 Community release).</p>
<h3><a name="License"></a>License</h3>
<p style="margin-left: 0.42in;">This program is free software;
you can redistribute it and/or modify it under the terms of <a
href="http://www.gnu.org/licenses/gpl.html">Version 2 of the
GNU General Public License</a> as published by the Free
Software Foundation.</p>
<p style="margin-left: 0.42in;">This program is distributed in
the hope that it will be useful, but WITHOUT ANY WARRANTY;
without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more detail.</p>
<p style="margin-left: 0.42in;">You should have received a copy
of the GNU General Public License along with this program; if
not, write to the Free Software Foundation, Inc., 675 Mass Ave,
Cambridge, MA 02139, USA</p>
<p style="margin-left: 0.42in;">Permission is granted to copy,
distribute and/or modify this document under the terms of the
GNU Free Documentation License, Version 1.2 or any later
version published by the Free Software Foundation; with no
Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section
entitled "GNU Free Documentation License".</p>
<hr>
<h2><a name="Leaf"></a>Leaf</h2>
<p><a href="http://leaf.sourceforge.net/" target="_top"><font
color="#000000"><img src="images/leaflogo.gif" name="Graphic1"
alt="(Leaf Logo)" align="bottom" border="1" height="39" width=
"52"></font></a> LEAF is an open source project which provides
a Firewall/router on a floppy, CD or CF. Several LEAF
distributions including Bering and Bering-uClibc use Shorewall
as their Netfilter configuration tool.</p>
<hr style="width: 100%; height: 2px;">
<h2><a name="OpenWRT"></a>OpenWRT</h2>
<a href="http://openwrt.org"><img alt="(OpenWRT Logo)" src=
"images/openwrt.png" style=
"border: 0px solid ; width: 88px; height: 31px;" hspace=
"4"></a>OpenWRT is a project which provides open source
firmware for Linksys WRT54G wireless routers. Two different
Shorewall packages are available for OpenWRT.<br>
<hr>
<h2><a name="Donations"></a>Donations</h2>
<p align="left"><a href="http://www.alz.org/" target=
"_top"><font color="#000000"><img src="images/alz_logo2.gif"
name="Graphic2" alt="(Alzheimer's Association Logo)" align=
"right" border="1" height="63" width="303"></font></a><a href=
"http://www.starlight.org/" target="_top"><font color=
"#000000"><img src="images/newlog.gif" name="Graphic3" alt=
"(Starlight Foundation Logo)" align="right" border="1" height=
"105" width="62"></font></a><font size="4">Shorewall is free
but if you try it and find it useful, please consider making a
donation to the <a href="http://www.alz.org/" target=
"_top">Alzheimer's Association</a> or to the <a href=
"http://www.starlight.org/" target="_top">Starlight Children's
Foundation</a>.</font></p>
<p align="left"><font size="4">Thank You<br>
</font></p>
<p align="left"><br>
<br>
</p>
</body>
</html>