shorewall_code/Shorewall-lite/releasenotes.txt

121 lines
4.4 KiB
Plaintext
Raw Normal View History

Shorewall Lite 3.2.0 RC 4
Problems Corrected in 3.2.0 RC 4
1) RESTOREFILE has been added to shorewall.conf.
2) Many references to incorrect file names and commands have been
corrected in shorewall.conf.
3) /sbin/shorewall-lite still supported the 'refresh' command
whereas the firewall script generated by 'compile' did not.
This lead to the following:
gateway:~ # shorewall-lite refresh
Usage: /usr/share/shorewall-lite/firewall [ -q ] [ -v ] [ -n ] [ start|stop|clear|restart|status|version ]
gateway:~ #
Other changes in 3.2.0 RC 4
1) The progress messages produced by Shorewall Lite now correctly
identify the product as 'Shorewall Lite' rather than
'Shorewall'. In order for this to work, you must have Shorewall RC4
installed on your administrative system(s) and Shorewall Lite RC4
on the firewall system(s).
2) /usr/share/shorewall-lite/firewall has been moved to
/var/lib/shorewall-lite/firewall. When upgrading to this release of
Shorewall Lite, please execute the following command:
cp -a /usr/share/shorewall-lite/firewall /var/lib/shorewall-lite/
Note : The 'firewall' script is in /var/lib/shorewall-lite in
packages from shorewall.net. The package maintainers for the
various distributions are free to choose the directory where the
script will be stored under their distribution by altering the
value of LITEDIR in /usr/share/shorewall/configpath. You can run
the "shorewall show config" command to see how your distribution
defines LITEDIR.
New Features:
Shorewall Lite is a companion product to Shorewall and is designed to
allow you to maintain all Shorewall configuration information on a
single system within your network.
a) You install the full Shorewall release on one system within your
network. You need not configure Shorewall there and you may totally
disable startup of Shorewall in your init scripts. For ease of
reference, we call this system the 'administrative system'.
b) On each system where you wish to run a Shorewall-generated firewall,
you install Shorewall Lite. For ease of reference, we will call these
systems the 'firewall systems'
c) On the administrative system you create a separate 'configuration
directory' for each firewall system. You copy the contents of
/usr/share/shorewall/configfiles into each configuration directory.
d) On each firewall system, you run these two commands:
/usr/share/shorewall/shorecap > capabilities
scp capabilities <admin system>:<this system's config dir>
If you are running Debian or one of its derivatives like Ubuntu then
edit /etc/default/shorewall-lite and set startup=1.
Shorewall Lite includes a very limited version of shorewall.conf
(/etc/shorewall-lite/shorewall.conf). It includes the following
options which have the same meaning as in a full Shorewall
installation except as noted below:
VERBOSITY
LOGFILE
LOGFORMAT - used by /sbin/shorewall for finding 'Shorewall' log
messages. If LOGFORMAT was specified in the
shorewall.conf file used at compile time on the
administrative system, then the format of the
messages themselves is defined by that value. If
LOGFORMAT was not specified at compile time then
the firewall script will use the value from
/etc/shorewall-lite/shorewall.conf on the firewall
system.
IPTABLES - determines the iptables binary to be used by
/sbin/shorewall. The compiled firewall script will
use the IPTABLES specified in shorewall.conf at
compile time on the administrative system, if any;
if IPTABLES was not specified at compile time then
the IPTABLES value from
/etc/shorewall-lite/shorewall.conf on the firewall
system will be used by the firewall script.
PATH
SHOREWALL_SHELL
SUBSYSLOCK
RESTOREFILE
Edit the shorewall.conf file as required.
e) On the administrative system, for each firewall system you:
1) modify the files in the corresponding configuration
directory appropriately.
2) (this may be done as a non-root user)
cd <configuration directory>
/sbin/shorewall load . <firewall system>
3) If you need to change the configuration, after you
have modified the configuration:
cd <configuration directory>
/sbin/shorewall reload . <firewall system>
It is possible to have both shorewall and Shorewall Lite
installed on the same system.
For more information, see:
http://www.shorewall.net/CompiledProgram.html#Lite