shorewall_code/Shorewall-lite/releasenotes.txt

97 lines
3.4 KiB
Plaintext
Raw Normal View History

Shorewall Lite 3.2.0 RC 2
Problems Corrected in 3.2.0 RC 2
1) The treatment of IPTABLES and LOGFORMAT have been clarified with
respect to Shorewall Lite. If these options are set in the
shorewall.conf file used at compile time, then the generated
firewall script will use those values. /sbin/shorewall on the
firewall system will use the corresponding values from
/etc/shorewall/shorewall.conf on that system.
If the values are not given in shorewall.conf at compile time then
the values in /etc/shorewall/shorewall.conf on the firewall system
will be used by the generated firewall script.
To take advantage of this change, both the administrative system
and the firewall system(s) must be running RC2 or later.
Other changes in 3.2.0 RC 2
1) The shorecap program now gets it's version from the
/usr/share/shorewall/version file.
2) The output of "shorewall version" on Shorewall Lite systems now
includes " Lite" after the version number.
Example:
wireless:~ # shorewall version
3.2.0-RC1 Lite
wireless:~ #
3) It is now possible to have both shorewall and Shorewall Lite
installed on the same system if you use RPM. Regardless of whether
you use RPM or the installer, Shorewall Lite directory names have
been change from 'shorewall' to 'shorewall-lite':
/etc/shorewall -> /etc/shorewall-lite
/usr/share/shorewall -> /usr/share/shorewall-lite
/var/lib/shorewall -> /var/lib/shorewall-lite
If you use the RPMs, whichever package is installed first will
determine which package /sbin/shorewall invokes. /sbin/shorewall is
now a symbolic link created by 'rpm':
Shorewall: /sbin/shorewall points to /usr/share/shorewall/shorewall
Shorewall Lite:
/sbin/shorewall points to /usr/share/shorewall/shorewall-lite
You may use the 'ln -sf' command to change from one to the other:
To use 'Shorewall' rather than 'Shorewall Lite'
ln -sf /usr/share/shorewall/shorewall /sbin/shorewall
To use 'Shorewall Lite' rather than 'Shorewall'
ln -sf /usr/share/shorewall-lite/shorewall /sbin/shorewall
New Features:
Shorewall Lite is a companion product to Shorewall and is designed to
allow you to maintain all Shorewall configuration information on a
single system within your network.
a) You install the full Shorewall release on one system within your
network. You need not configure Shorewall there and you may totally
disable startup of Shorewall in your init scripts. For ease of
reference, we call this system the 'administrative system'.
b) On each system where you wish to run a Shorewall-generated firewall,
you install Shorewall Lite. For ease of reference, we will call these
systems the 'firewall systems'.
c) On the administrative system you create a separete 'configuration
directory' for each firewall system. You copy the contents of
/usr/share/shorewall/configfiles into each configuration directory.
d) On each firewall system, you run:
/usr/share/shorewall/shorecap > capabilities
scp capabilities <admin system>:<this system's config dir>
e) On the administrative system, for each firewall system you:
1) modify the files in the corresponding configuration
directory appropriately.
2) (this may be done as a non-root user)
cd <configuration directory>
/sbin/shorewall compile -e . firewall
scp firewall root@<firewall system>:/usr/share/shorewall/
3) On the firewall system, 'shorewall start'.