From 02b950dc9e91cdc1babc8e6082414f4f06d47349 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 3 Aug 2009 14:49:51 -0700 Subject: [PATCH] Update the Notices page to reflect an earlier release date for 4.4 --- Shorewall/shorewall | 4 +- Shorewall6/shorewall6 | 4 +- web/Notices.html | 362 +++++++++++++++++++++--------------------- 3 files changed, 183 insertions(+), 187 deletions(-) diff --git a/Shorewall/shorewall b/Shorewall/shorewall index f4fdcdf1d..58f3967ed 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -698,9 +698,7 @@ compile_command() { export EXPORT - if [ x$file != x- ]; then - progress_message3 "Compiling..." - fi + [ "x$file" = x- ] || progress_message3 "Compiling..." compiler $debugging compile $file } diff --git a/Shorewall6/shorewall6 b/Shorewall6/shorewall6 index d3ebddd8e..5c8e4b2e3 100755 --- a/Shorewall6/shorewall6 +++ b/Shorewall6/shorewall6 @@ -610,9 +610,7 @@ compile_command() { export EXPORT - if [ x$file != x- ]; then - progress_message3 "Compiling..." - fi + [ "x$file" = x- ] || progress_message3 "Compiling..." compiler exec $debugging compile $file } diff --git a/web/Notices.html b/web/Notices.html index 15bb3c58d..f8d290385 100644 --- a/web/Notices.html +++ b/web/Notices.html @@ -1,181 +1,181 @@ - - - - - Shorewall Notices - - - - - -
- - - - - - - - - - - - - -
Attention -Shorwall-shell Users
- 		Attention -Shorewall-perl 4.2 Users
- 		Attention -Users of Shorewall's Multi-ISP Feature
-
Attention Users of BRIDGING=YesAttention Kernel 2.4 Users
-
-
2009-04-18
- -

End-of-life for Shorewall-shell in -Shorewall 4.4
-

-The Shorewall 4.4 release in late 2009 will not include -Shorewall-shell. Because Shorewall 4.0 is included in Debian Lenny, the -4.0 release of Shorewall-shell will continue to be supported until -Debian Squeeze is released. The 4.2 release of Shorewall-shell will -continue to be supported until Shorewall 4.6 is released in 2010.
-
-Shorewall-shell users are encouraged to -migrate to Shorewall-perl at the earliest opportunity. Users who -run Shorewall-shell on an embedded system that is too small to support -Perl should consider switching to Shorewall-lite -with Shorewall-perl installed on an administrative system (may be a -Windows[tm] system running Cygwin[tm]).
-

Attention -Shorewall-perl 4.2 Users

-

Shorewall-perl 4.2.8

-Shorewall-perl 4.2.8 was dead on arrival. The compiler did not rename -the generated script file with the result that it was removed when the -compiler terminated. This lead to:
-
    -
  1. It was not possible to start Shorewall or Shorewall6 for the -first time after installing 4.2.8
    2. -
  2. Changes to the configuration were apparently ignored.
    3. -
-This problem was corrected in Shorewall-perl-4.2.8.1.
-

Shorewall-perl 4.2.6 and Earlier
-

-On February 28, Klemens Rutz reported a problem that affects all -Shorewall-perl 4.2 versions prior to 4.2.6.1.
-
-The problem:
-
    -
  1. Only occurs when there are multiple non-firewall zones.
    2. -
  2. Results in the following interface options not being applied to -forwarded traffic.
    3. -
-
blacklist
-dhcp
-maclist (when MACLIST_TABLE=filter)
-norfc1918
-nosmurfs
-tcpflags
-
-
-User are encouraged to either:
- -
http://www.shorewall.net/pub/shorewall/4.2/forward.patch
-ftp://ftp.shorewall.net/pub/shorewall/4.2/forward.patch
-
-
To apply the patch, execute this -command:
-
-
-
 patch /usr/share/shorewall-perl/Shorewall/Rules.pm < forward.patch
-
-
The patch may apply with fuzz and/or an -offset, depending on your particular version.
-

Attention Users of Shorewall's Multi-ISP -Feature

-

A bug in Shorewall versions 3.2.0-3.2.10, 3.4.0-3.4.6 and -Shorewall-shell -4.0.0-4.0.2 prevents proper handling of PREROUTING marks when -HIGH_ROUTE_MARKS=No and the track option is -specified. -Patches are available to correct this problem:

-

Shorewall version 3.2.0-3.2.10, 3.4.0-3.4.3: http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.10/errata/patches/Shorewall/patch-3.2.10-2.diff

-

Shorewall version 3.4.4-3.4.6: http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.66/errata/patches/Shorewall/patch-3.4.6-1.diff

-

Shorewall-shell version 4.0.0-4.0.2: http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.2/errata/patches/Shorewall-shell/patch-shell-4.0.2-2.diff

-

Note that a patch may succeed with an offset when applied to a -release -other than the one for which it was specifically prepared. For example, -when -the patch for 3.2.0-3.2.10, 3.4.0-3.4.3 (which was prepared for release -3.2.10) is applied to release 3.4.3, the following is the result:

-
root@wookie:~# cd /usr/share/shorewall
-root@wookie/usr/share/shorewall#: patch < ~/shorewall/tags/3.2.10/Shorewall.updated/patch-3.2.10-2.diff 
patching file compiler
Hunk #1 succeeded at 958 (offset -1669 lines).
root@wookie:/usr/share/shorewall#
-

Update -- 7 November 2007

-

A second bug in Shorewall versions 3.2.0-3.2.11, 3.4.0-3.4.7 and -4.0.0-4.0.5 can cause improper handing of PREROUTING and OUTPUT marks -when -HIGH_ROUTE_MARKS=Yes. Patches are also available to correct this -problem:

-

Shorewall version 3.2.3-3.2.11: http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.11/errata/patches/Shorewall/patch-3.2.11-1.diff

-

Shorewall version 3.4.0-3.4.7: http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.7/errata/patches/Shorewall/patch-3.4.7-1.diff

-

Shorewall version 4.0.0-4.0.5: http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-shell/patch-shell-4.0.5-1.diff -and http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-perl/patch-perl-4.0.5-4.diff.

-
-

Attention Users of BRIDGING=Yes

-

In Linux Kernel version 2.6.20, the Netfilter team changed Physdev -Match -so that it is no longer capable of supporting BRIDGING=Yes. The -solutions -available to users are to either:

-
    -
  1. Switch to using the technique described at http://www.shorewall.net/3.0/NewBridge.html; -or
    -
    2. -
  2. Upgrade to Shorewall 4.0, migrate to using Shorewall-perl, and -follow the instructions at http://www1.shorewall.net/bridge-Shorewall-perl.html. -
    3. -
-

The first approach allows you to switch back and forth between -kernels -older and newer than 2.6.20. The second approach is a better long-term -solution.

-
-

Attention Users of Kernel 2.4

-The Shorewall developers do not test Shorewall running on Kernel 2.4 -and we make no representation about the functionality of Shorewall on -that Kernel. Any failure of Shorewall on Kernel 2.4 will not be -investigated by the Shorewall team.
-
-Copyright © 2001-2009 Thomas M. Eastep
-
-Permission is granted to copy, distribute and/or modify this -document -under the terms of the GNU Free Documentation License, Version 1.2 or -any -later version published by the Free Software Foundation; with no -Invariant -Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of -the -license is included in the section entitled "GNU Free Documentation License". - - + + + + + Shorewall Notices + + + + + +
+ + + + + + + + + + + + + +
Attention +Shorwall-shell Users
+ 		Attention +Shorewall-perl 4.2 Users
+ 		Attention +Users of Shorewall's Multi-ISP Feature
+
Attention Users of BRIDGING=YesAttention Kernel 2.4 Users
+
+
2009-08-03
+ +

End-of-life for Shorewall-shell in +Shorewall 4.4
+

+The Shorewall 4.4 release in the fall of 2009 will not include +Shorewall-shell. Because Shorewall 4.0 is included in Debian Lenny, the +4.0 release of Shorewall-shell will continue to be supported until +Debian Squeeze is released. The 4.2 release of Shorewall-shell will +continue to be supported until Shorewall 4.6 is released in 2010.
+
+Shorewall-shell users are encouraged to +migrate to Shorewall-perl at the earliest opportunity. Users who +run Shorewall-shell on an embedded system that is too small to support +Perl should consider switching to Shorewall-lite +with Shorewall-perl installed on an administrative system (may be a +Windows[tm] system running Cygwin[tm]).
+

Attention +Shorewall-perl 4.2 Users

+

Shorewall-perl 4.2.8

+Shorewall-perl 4.2.8 was dead on arrival. The compiler did not rename +the generated script file with the result that it was removed when the +compiler terminated. This lead to:
+
    +
  1. It was not possible to start Shorewall or Shorewall6 for the +first time after installing 4.2.8
    2. +
  2. Changes to the configuration were apparently ignored.
    3. +
+This problem was corrected in Shorewall-perl-4.2.8.1.
+

Shorewall-perl 4.2.6 and Earlier
+

+On February 28, Klemens Rutz reported a problem that affects all +Shorewall-perl 4.2 versions prior to 4.2.6.1.
+
+The problem:
+
    +
  1. Only occurs when there are multiple non-firewall zones.
    2. +
  2. Results in the following interface options not being applied to +forwarded traffic.
    3. +
+
blacklist
+dhcp
+maclist (when MACLIST_TABLE=filter)
+norfc1918
+nosmurfs
+tcpflags
+
+
+User are encouraged to either:
+ +
http://www.shorewall.net/pub/shorewall/4.2/forward.patch
+ftp://ftp.shorewall.net/pub/shorewall/4.2/forward.patch
+
+
To apply the patch, execute this +command:
+
+
+
 patch /usr/share/shorewall-perl/Shorewall/Rules.pm < forward.patch
+
+
The patch may apply with fuzz and/or an +offset, depending on your particular version.
+

Attention Users of Shorewall's Multi-ISP +Feature

+

A bug in Shorewall versions 3.2.0-3.2.10, 3.4.0-3.4.6 and +Shorewall-shell +4.0.0-4.0.2 prevents proper handling of PREROUTING marks when +HIGH_ROUTE_MARKS=No and the track option is +specified. +Patches are available to correct this problem:

+

Shorewall version 3.2.0-3.2.10, 3.4.0-3.4.3: http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.10/errata/patches/Shorewall/patch-3.2.10-2.diff

+

Shorewall version 3.4.4-3.4.6: http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.66/errata/patches/Shorewall/patch-3.4.6-1.diff

+

Shorewall-shell version 4.0.0-4.0.2: http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.2/errata/patches/Shorewall-shell/patch-shell-4.0.2-2.diff

+

Note that a patch may succeed with an offset when applied to a +release +other than the one for which it was specifically prepared. For example, +when +the patch for 3.2.0-3.2.10, 3.4.0-3.4.3 (which was prepared for release +3.2.10) is applied to release 3.4.3, the following is the result:

+
root@wookie:~# cd /usr/share/shorewall
+root@wookie/usr/share/shorewall#: patch < ~/shorewall/tags/3.2.10/Shorewall.updated/patch-3.2.10-2.diff 
patching file compiler
Hunk #1 succeeded at 958 (offset -1669 lines).
root@wookie:/usr/share/shorewall#
+

Update -- 7 November 2007

+

A second bug in Shorewall versions 3.2.0-3.2.11, 3.4.0-3.4.7 and +4.0.0-4.0.5 can cause improper handing of PREROUTING and OUTPUT marks +when +HIGH_ROUTE_MARKS=Yes. Patches are also available to correct this +problem:

+

Shorewall version 3.2.3-3.2.11: http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.11/errata/patches/Shorewall/patch-3.2.11-1.diff

+

Shorewall version 3.4.0-3.4.7: http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.7/errata/patches/Shorewall/patch-3.4.7-1.diff

+

Shorewall version 4.0.0-4.0.5: http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-shell/patch-shell-4.0.5-1.diff +and http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-perl/patch-perl-4.0.5-4.diff.

+
+

Attention Users of BRIDGING=Yes

+

In Linux Kernel version 2.6.20, the Netfilter team changed Physdev +Match +so that it is no longer capable of supporting BRIDGING=Yes. The +solutions +available to users are to either:

+
    +
  1. Switch to using the technique described at http://www.shorewall.net/3.0/NewBridge.html; +or
    +
    2. +
  2. Upgrade to Shorewall 4.0, migrate to using Shorewall-perl, and +follow the instructions at http://www1.shorewall.net/bridge-Shorewall-perl.html. +
    3. +
+

The first approach allows you to switch back and forth between +kernels +older and newer than 2.6.20. The second approach is a better long-term +solution.

+
+

Attention Users of Kernel 2.4

+The Shorewall developers do not test Shorewall running on Kernel 2.4 +and we make no representation about the functionality of Shorewall on +that Kernel. Any failure of Shorewall on Kernel 2.4 will not be +investigated by the Shorewall team.
+
+Copyright © 2001-2009 Thomas M. Eastep
+
+Permission is granted to copy, distribute and/or modify this +document +under the terms of the GNU Free Documentation License, Version 1.2 or +any +later version published by the Free Software Foundation; with no +Invariant +Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of +the +license is included in the section entitled "GNU Free Documentation License". + +