2006-06-08 00:22:56 +02:00
|
|
|
Shorewall Lite 3.2.0 RC 2
|
2006-06-03 17:16:21 +02:00
|
|
|
|
2006-06-08 00:22:56 +02:00
|
|
|
Problems Corrected in 3.2.0 RC 2
|
2006-06-03 17:16:21 +02:00
|
|
|
|
2006-06-08 23:49:34 +02:00
|
|
|
1) The treatment of IPTABLES and LOGFORMAT have been clarified with
|
|
|
|
respect to Shorewall Lite. If these options are set in the
|
|
|
|
shorewall.conf file used at compile time, then the generated
|
|
|
|
firewall script will use those values. /sbin/shorewall on the
|
|
|
|
firewall system will use the corresponding values from
|
|
|
|
/etc/shorewall/shorewall.conf on that system.
|
|
|
|
|
|
|
|
If the values are not given in shorewall.conf at compile time then
|
|
|
|
the values in /etc/shorewall/shorewall.conf on the firewall system
|
|
|
|
will be used by the generated firewall script.
|
|
|
|
|
|
|
|
To take advantage of this change, both the administrative system
|
|
|
|
and the firewall system(s) must be running RC2 or later.
|
2006-06-03 17:16:21 +02:00
|
|
|
|
2006-06-08 00:22:56 +02:00
|
|
|
Other changes in 3.2.0 RC 2
|
2006-06-03 17:16:21 +02:00
|
|
|
|
2006-06-09 02:45:44 +02:00
|
|
|
1) The shorecap program now gets it's version from the
|
2006-06-08 00:22:56 +02:00
|
|
|
/usr/share/shorewall/version file.
|
2006-06-03 17:16:21 +02:00
|
|
|
|
2006-06-09 02:45:44 +02:00
|
|
|
2) The output of "shorewall version" on Shorewall Lite systems now
|
|
|
|
includes " Lite" after the version number.
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
wireless:~ # shorewall version
|
|
|
|
3.2.0-RC1 Lite
|
|
|
|
wireless:~ #
|
|
|
|
|
2006-06-09 20:20:49 +02:00
|
|
|
3) It is now possible to have both shorewall and Shorewall Lite
|
|
|
|
installed on the same system if you use RPM. Regardless of whether
|
|
|
|
you use RPM or the installer, Shorewall Lite directory names have
|
|
|
|
been change from 'shorewall' to 'shorewall-lite':
|
|
|
|
|
|
|
|
/etc/shorewall -> /etc/shorewall-lite
|
|
|
|
/usr/share/shorewall -> /usr/share/shorewall-lite
|
|
|
|
/var/lib/shorewall -> /var/lib/shorewall-lite
|
|
|
|
|
|
|
|
If you use the RPMs, whichever package is installed first will
|
|
|
|
determine which package /sbin/shorewall invokes. /sbin/shorewall is
|
|
|
|
now a symbolic link created by 'rpm':
|
|
|
|
|
|
|
|
Shorewall: /sbin/shorewall points to /usr/share/shorewall/shorewall
|
|
|
|
Shorewall Lite:
|
|
|
|
/sbin/shorewall points to /usr/share/shorewall/shorewall-lite
|
|
|
|
|
|
|
|
You may use the 'ln -sf' command to change from one to the other:
|
|
|
|
|
|
|
|
To use 'Shorewall' rather than 'Shorewall Lite'
|
|
|
|
|
|
|
|
ln -sf /usr/share/shorewall/shorewall /sbin/shorewall
|
|
|
|
|
|
|
|
To use 'Shorewall Lite' rather than 'Shorewall'
|
|
|
|
|
|
|
|
ln -sf /usr/share/shorewall-lite/shorewall /sbin/shorewall
|
|
|
|
|
2006-06-03 17:16:21 +02:00
|
|
|
New Features:
|
|
|
|
|
|
|
|
Shorewall Lite is a companion product to Shorewall and is designed to
|
|
|
|
allow you to maintain all Shorewall configuration information on a
|
|
|
|
single system within your network.
|
|
|
|
|
|
|
|
a) You install the full Shorewall release on one system within your
|
|
|
|
network. You need not configure Shorewall there and you may totally
|
|
|
|
disable startup of Shorewall in your init scripts. For ease of
|
|
|
|
reference, we call this system the 'administrative system'.
|
|
|
|
|
|
|
|
b) On each system where you wish to run a Shorewall-generated firewall,
|
|
|
|
you install Shorewall Lite. For ease of reference, we will call these
|
|
|
|
systems the 'firewall systems'.
|
|
|
|
|
|
|
|
c) On the administrative system you create a separete 'configuration
|
|
|
|
directory' for each firewall system. You copy the contents of
|
|
|
|
/usr/share/shorewall/configfiles into each configuration directory.
|
|
|
|
|
|
|
|
d) On each firewall system, you run:
|
|
|
|
|
|
|
|
/usr/share/shorewall/shorecap > capabilities
|
2006-06-03 19:04:45 +02:00
|
|
|
scp capabilities <admin system>:<this system's config dir>
|
2006-06-03 17:16:21 +02:00
|
|
|
|
|
|
|
e) On the administrative system, for each firewall system you:
|
|
|
|
|
|
|
|
1) modify the files in the corresponding configuration
|
|
|
|
directory appropriately.
|
|
|
|
|
2006-06-03 19:04:45 +02:00
|
|
|
2) (this may be done as a non-root user)
|
2006-06-03 17:16:21 +02:00
|
|
|
|
|
|
|
cd <configuration directory>
|
2006-06-03 19:04:45 +02:00
|
|
|
/sbin/shorewall compile -e . firewall
|
|
|
|
scp firewall root@<firewall system>:/usr/share/shorewall/
|
2006-06-03 17:16:21 +02:00
|
|
|
|
|
|
|
3) On the firewall system, 'shorewall start'.
|
|
|
|
|