2006-06-13 23:07:46 +02:00
|
|
|
Shorewall Lite 3.2.0 RC 4
|
2006-06-03 17:16:21 +02:00
|
|
|
|
2006-06-13 23:07:46 +02:00
|
|
|
Problems Corrected in 3.2.0 RC 4
|
2006-06-03 17:16:21 +02:00
|
|
|
|
2006-06-13 23:07:46 +02:00
|
|
|
1) RESTOREFILE has been added to shorewall.conf.
|
2006-06-08 23:49:34 +02:00
|
|
|
|
2006-06-13 23:07:46 +02:00
|
|
|
Other changes in 3.2.0 RC 4
|
2006-06-08 23:49:34 +02:00
|
|
|
|
2006-06-13 23:07:46 +02:00
|
|
|
None.
|
2006-06-09 20:20:49 +02:00
|
|
|
|
2006-06-03 17:16:21 +02:00
|
|
|
New Features:
|
|
|
|
|
|
|
|
|
|
Shorewall Lite is a companion product to Shorewall and is designed to
|
|
|
|
|
allow you to maintain all Shorewall configuration information on a
|
|
|
|
|
single system within your network.
|
|
|
|
|
|
|
|
|
|
a) You install the full Shorewall release on one system within your
|
|
|
|
|
network. You need not configure Shorewall there and you may totally
|
|
|
|
|
disable startup of Shorewall in your init scripts. For ease of
|
|
|
|
|
reference, we call this system the 'administrative system'.
|
|
|
|
|
|
|
|
|
|
b) On each system where you wish to run a Shorewall-generated firewall,
|
|
|
|
|
you install Shorewall Lite. For ease of reference, we will call these
|
2006-06-13 23:07:46 +02:00
|
|
|
systems the 'firewall systems'.1) The controversial symbolic link /sbin/shorewall has been
|
|
|
|
|
eliminated. The Shorewall Lite control program is now
|
|
|
|
|
/sbin/shorewall-lite. Those users who only run Shorewall Lite and
|
|
|
|
|
who prefer the name /sbin/shorewall may create a symbolic link as
|
|
|
|
|
follows:
|
|
|
|
|
|
|
|
|
|
ln -sf shorewall-lite /sbin/shorewall
|
|
|
|
|
|
2006-06-03 17:16:21 +02:00
|
|
|
|
|
|
|
|
c) On the administrative system you create a separete 'configuration
|
|
|
|
|
directory' for each firewall system. You copy the contents of
|
|
|
|
|
/usr/share/shorewall/configfiles into each configuration directory.
|
|
|
|
|
|
|
|
|
|
d) On each firewall system, you run:
|
|
|
|
|
|
|
|
|
|
/usr/share/shorewall/shorecap > capabilities
|
2006-06-03 19:04:45 +02:00
|
|
|
scp capabilities <admin system>:<this system's config dir>
|
2006-06-03 17:16:21 +02:00
|
|
|
|
|
|
|
|
e) On the administrative system, for each firewall system you:
|
|
|
|
|
|
|
|
|
|
1) modify the files in the corresponding configuration
|
|
|
|
|
directory appropriately.
|
|
|
|
|
|
2006-06-03 19:04:45 +02:00
|
|
|
2) (this may be done as a non-root user)
|
2006-06-03 17:16:21 +02:00
|
|
|
|
|
|
|
|
cd <configuration directory>
|
2006-06-03 19:04:45 +02:00
|
|
|
/sbin/shorewall compile -e . firewall
|
|
|
|
|
scp firewall root@<firewall system>:/usr/share/shorewall/
|
2006-06-03 17:16:21 +02:00
|
|
|
|
2006-06-12 19:48:20 +02:00
|
|
|
3) On the firewall system, 'shorewall-lite start'.
|
2006-06-03 17:16:21 +02:00
|
|
|
|
2006-06-13 02:04:15 +02:00
|
|
|
It is possible to have both shorewall and Shorewall Lite
|
2006-06-12 19:48:20 +02:00
|
|
|
installed on the same system.
|
2006-06-11 17:05:10 +02:00
|
|
|
|
2006-06-13 02:04:15 +02:00
|
|
|
For more information, see:
|
|
|
|
|
|
|
|
|
|
http://www.shorewall.net/CompiledProgram.html#Lite
|
|
|
|
|
|
