extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-24 11:41:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update the Notices page to reflect an earlier release date for 4.4

Browse Source
This commit is contained in:
Tom Eastep 2009-08-03 14:49:51 -07:00
parent dd5a73d678
commit 02b950dc9e
3 changed files with 183 additions and 187 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/shorewall
View File

@ -698,9 +698,7 @@ compile_command() {
export EXPORT export EXPORT
if [ x$file != x- ]; then [ "x$file" = x- ] || progress_message3 "Compiling..."
progress_message3 "Compiling..."
fi
compiler $debugging compile $file compiler $debugging compile $file
} }

4
Shorewall6/shorewall6
View File

@ -610,9 +610,7 @@ compile_command() {
export EXPORT export EXPORT
if [ x$file != x- ]; then [ "x$file" = x- ] || progress_message3 "Compiling..."
progress_message3 "Compiling..."
fi
compiler exec $debugging compile $file compiler exec $debugging compile $file
} }

362
web/Notices.html
View File

@ -1,181 +1,181 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html> <html>
<head> <head>
<meta http-equiv="CONTENT-TYPE" content="text/html; charset=UTF-8"> <meta http-equiv="CONTENT-TYPE" content="text/html; charset=UTF-8">
<title>Shorewall Notices</title> <title>Shorewall Notices</title>
<base target="_self"> <base target="_self">
<meta name="CREATED" content="20040920;15031500"> <meta name="CREATED" content="20040920;15031500">
<meta name="CHANGED" content="$Id$"> <meta name="CHANGED" content="$Id$">
</head> </head>
<body dir="ltr" lang="en-US"> <body dir="ltr" lang="en-US">
<hr style="width: 100%; height: 2px;"> <hr style="width: 100%; height: 2px;">
<table style="text-align: left; width: 100%;" border="0" cellpadding="2" <table style="text-align: left; width: 100%;" border="0" cellpadding="2"
cellspacing="0"> cellspacing="0">
<tbody> <tbody>
<tr style="font-weight: bold;"> <tr style="font-weight: bold;">
<td style="vertical-align: top;"><a href="#Shell-EOL">Attention <td style="vertical-align: top;"><a href="#Shell-EOL">Attention
Shorwall-shell Users</a><br> Shorwall-shell Users</a><br>
</td> </td>
<td style="vertical-align: top;"><a href="#Perl">Attention <td style="vertical-align: top;"><a href="#Perl">Attention
Shorewall-perl 4.2 Users</a><br> Shorewall-perl 4.2 Users</a><br>
</td> </td>
<td style="vertical-align: top;"><a href="#Notice">Attention <td style="vertical-align: top;"><a href="#Notice">Attention
Users of Shorewall's Multi-ISP Feature</a><br> Users of Shorewall's Multi-ISP Feature</a><br>
</td> </td>
</tr> </tr>
<tr> <tr>
<td style="vertical-align: top; font-weight: bold;"><a <td style="vertical-align: top; font-weight: bold;"><a
href="Notices.html#Notice1">Attention Users of BRIDGING=Yes</a></td> href="Notices.html#Notice1">Attention Users of BRIDGING=Yes</a></td>
<td style="vertical-align: top; font-weight: bold;"><a <td style="vertical-align: top; font-weight: bold;"><a
href="Notices.html#Kernel2.4">Attention Kernel 2.4 Users</a></td> href="Notices.html#Kernel2.4">Attention Kernel 2.4 Users</a></td>
<td style="vertical-align: top;"><br> <td style="vertical-align: top;"><br>
</td> </td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
<hr><span style="font-weight: bold;">2009-04-18<br> <hr><span style="font-weight: bold;">2009-08-03<br>
</span> </span>
<h2><a name="Shell-EOL"></a>End-of-life for Shorewall-shell in <h2><a name="Shell-EOL"></a>End-of-life for Shorewall-shell in
Shorewall 4.4<br> Shorewall 4.4<br>
</h2> </h2>
The Shorewall 4.4 release in late 2009 will not include The Shorewall 4.4 release in the fall of 2009 will not include
Shorewall-shell. Because Shorewall 4.0 is included in Debian Lenny, the Shorewall-shell. Because Shorewall 4.0 is included in Debian Lenny, the
4.0 release of Shorewall-shell will continue to be supported until 4.0 release of Shorewall-shell will continue to be supported until
Debian Squeeze is released. The 4.2 release of Shorewall-shell will Debian Squeeze is released. The 4.2 release of Shorewall-shell will
continue to be supported until Shorewall 4.6 is released in 2010.<br> continue to be supported until Shorewall 4.6 is released in 2010.<br>
<br> <br>
Shorewall-shell users are encouraged to<a href="Shorewall-perl.html"> Shorewall-shell users are encouraged to<a href="Shorewall-perl.html">
migrate to Shorewall-perl</a> at the earliest opportunity. Users who migrate to Shorewall-perl</a> at the earliest opportunity. Users who
run Shorewall-shell on an embedded system that is too small to support run Shorewall-shell on an embedded system that is too small to support
Perl should consider switching to <a href="CompiledPrograms.html#Lite">Shorewall-lite</a> Perl should consider switching to <a href="CompiledPrograms.html#Lite">Shorewall-lite</a>
with Shorewall-perl installed on an administrative system (may be a with Shorewall-perl installed on an administrative system (may be a
Windows[tm] system running <a href="http://www.cygwin.com">Cygwin</a>[tm]).<br> Windows[tm] system running <a href="http://www.cygwin.com">Cygwin</a>[tm]).<br>
<h2><span style="font-weight: bold;"><a name="Perl"></a>Attention <h2><span style="font-weight: bold;"><a name="Perl"></a>Attention
Shorewall-perl 4.2 Users</span></h2> Shorewall-perl 4.2 Users</span></h2>
<h3>Shorewall-perl 4.2.8</h3> <h3>Shorewall-perl 4.2.8</h3>
Shorewall-perl 4.2.8 was dead on arrival. The compiler did not rename Shorewall-perl 4.2.8 was dead on arrival. The compiler did not rename
the generated script file with the result that it was removed when the the generated script file with the result that it was removed when the
compiler terminated. This lead to:<br> compiler terminated. This lead to:<br>
<ol> <ol>
<li>It was not possible to start Shorewall or Shorewall6 for the <li>It was not possible to start Shorewall or Shorewall6 for the
first time after installing 4.2.8</li> first time after installing 4.2.8</li>
<li>Changes to the configuration were apparently ignored.</li> <li>Changes to the configuration were apparently ignored.</li>
</ol> </ol>
This problem was corrected in Shorewall-perl-4.2.8.1.<br> This problem was corrected in Shorewall-perl-4.2.8.1.<br>
<h3>Shorewall-perl 4.2.6 and Earlier<br> <h3>Shorewall-perl 4.2.6 and Earlier<br>
</h3> </h3>
On February 28, Klemens Rutz reported a problem that affects all<span On February 28, Klemens Rutz reported a problem that affects all<span
style="font-family: monospace;"><span style="font-family: sans-serif;"> style="font-family: monospace;"><span style="font-family: sans-serif;">
</span></span>Shorewall-perl 4.2 versions prior to 4.2.6.1.<br> </span></span>Shorewall-perl 4.2 versions prior to 4.2.6.1.<br>
<span style="font-family: monospace;"><br> <span style="font-family: monospace;"><br>
</span>The problem:<br> </span>The problem:<br>
<ol> <ol>
<li>Only occurs when there are multiple non-firewall zones.</li> <li>Only occurs when there are multiple non-firewall zones.</li>
<li>Results in the following interface options not being applied to <li>Results in the following interface options not being applied to
forwarded traffic.</li> forwarded traffic.</li>
</ol> </ol>
<div style="margin-left: 40px;">blacklist<br> <div style="margin-left: 40px;">blacklist<br>
dhcp<br> dhcp<br>
maclist (when MACLIST_TABLE=filter)<br> maclist (when MACLIST_TABLE=filter)<br>
norfc1918<br> norfc1918<br>
nosmurfs<br> nosmurfs<br>
tcpflags<br> tcpflags<br>
</div> </div>
<br> <br>
User are encouraged to either:<br> User are encouraged to either:<br>
<ul> <ul>
<li>Upgrade to Shorewall-perl-4.2.6.1 or later; or</li> <li>Upgrade to Shorewall-perl-4.2.6.1 or later; or</li>
<li>Apply the patch found at:</li> <li>Apply the patch found at:</li>
</ul> </ul>
<div style="margin-left: 40px;"><a class="moz-txt-link-freetext" <div style="margin-left: 40px;"><a class="moz-txt-link-freetext"
href="http://www.shorewall.net/pub/shorewall/4.2/forward.patch">http://www.shorewall.net/pub/shorewall/4.2/forward.patch</a><br> href="http://www.shorewall.net/pub/shorewall/4.2/forward.patch">http://www.shorewall.net/pub/shorewall/4.2/forward.patch</a><br>
<a class="moz-txt-link-freetext" <a class="moz-txt-link-freetext"
href="ftp://ftp.shorewall.net/pub/shorewall/4.2/forward.patch">ftp://ftp.shorewall.net/pub/shorewall/4.2/forward.patch</a></div> href="ftp://ftp.shorewall.net/pub/shorewall/4.2/forward.patch">ftp://ftp.shorewall.net/pub/shorewall/4.2/forward.patch</a></div>
<br> <br>
<div style="margin-left: 40px;">To apply the patch, execute this <div style="margin-left: 40px;">To apply the patch, execute this
command:<br> command:<br>
</div> </div>
<div style="margin-left: 80px;"> <div style="margin-left: 80px;">
<pre> patch /usr/share/shorewall-perl/Shorewall/Rules.pm &lt; forward.patch</pre> <pre> patch /usr/share/shorewall-perl/Shorewall/Rules.pm &lt; forward.patch</pre>
</div> </div>
<div style="margin-left: 40px;">The patch may apply with fuzz and/or an <div style="margin-left: 40px;">The patch may apply with fuzz and/or an
offset, depending on your particular version.</div> offset, depending on your particular version.</div>
<h2><a name="Notice">Attention Users of Shorewall's Multi-ISP <h2><a name="Notice">Attention Users of Shorewall's Multi-ISP
Feature</a></h2> Feature</a></h2>
<p>A bug in Shorewall versions 3.2.0-3.2.10, 3.4.0-3.4.6 and <p>A bug in Shorewall versions 3.2.0-3.2.10, 3.4.0-3.4.6 and
Shorewall-shell Shorewall-shell
4.0.0-4.0.2 prevents proper handling of PREROUTING marks when 4.0.0-4.0.2 prevents proper handling of PREROUTING marks when
HIGH_ROUTE_MARKS=No and the <strong>track</strong> option is HIGH_ROUTE_MARKS=No and the <strong>track</strong> option is
specified. specified.
Patches are available to correct this problem:</p> Patches are available to correct this problem:</p>
<p>Shorewall version 3.2.0-3.2.10, 3.4.0-3.4.3: <a <p>Shorewall version 3.2.0-3.2.10, 3.4.0-3.4.3: <a
href="http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.10/errata/patches/Shorewall/patch-3.2.10-2.diff">http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.10/errata/patches/Shorewall/patch-3.2.10-2.diff</a></p> href="http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.10/errata/patches/Shorewall/patch-3.2.10-2.diff">http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.10/errata/patches/Shorewall/patch-3.2.10-2.diff</a></p>
<p>Shorewall version 3.4.4-3.4.6: <a <p>Shorewall version 3.4.4-3.4.6: <a
href="http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.6/errata/patches/Shorewall/patch-3.4.6-1.diff">http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.66/errata/patches/Shorewall/patch-3.4.6-1.diff</a></p> href="http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.6/errata/patches/Shorewall/patch-3.4.6-1.diff">http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.66/errata/patches/Shorewall/patch-3.4.6-1.diff</a></p>
<p>Shorewall-shell version 4.0.0-4.0.2: <a <p>Shorewall-shell version 4.0.0-4.0.2: <a
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.2/errata/patches/Shorewall-shell/patch-shell-4.0.2-2.diff">http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.2/errata/patches/Shorewall-shell/patch-shell-4.0.2-2.diff</a></p> href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.2/errata/patches/Shorewall-shell/patch-shell-4.0.2-2.diff">http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.2/errata/patches/Shorewall-shell/patch-shell-4.0.2-2.diff</a></p>
<p>Note that a patch may succeed with an offset when applied to a <p>Note that a patch may succeed with an offset when applied to a
release release
other than the one for which it was specifically prepared. For example, other than the one for which it was specifically prepared. For example,
when when
the patch for 3.2.0-3.2.10, 3.4.0-3.4.3 (which was prepared for release the patch for 3.2.0-3.2.10, 3.4.0-3.4.3 (which was prepared for release
3.2.10) is applied to release 3.4.3, the following is the result:</p> 3.2.10) is applied to release 3.4.3, the following is the result:</p>
<pre>root@wookie:~# <strong>cd /usr/share/shorewall</strong> <pre>root@wookie:~# <strong>cd /usr/share/shorewall</strong>
root@wookie/usr/share/shorewall#: <strong>patch &lt; ~/shorewall/tags/3.2.10/Shorewall.updated/patch-3.2.10-2.diff</strong> <br>patching file compiler<br>Hunk #1 succeeded at 958 (offset -1669 lines).<br>root@wookie:/usr/share/shorewall#</pre> root@wookie/usr/share/shorewall#: <strong>patch &lt; ~/shorewall/tags/3.2.10/Shorewall.updated/patch-3.2.10-2.diff</strong> <br>patching file compiler<br>Hunk #1 succeeded at 958 (offset -1669 lines).<br>root@wookie:/usr/share/shorewall#</pre>
<h3>Update -- 7 November 2007</h3> <h3>Update -- 7 November 2007</h3>
<p>A second bug in Shorewall versions 3.2.0-3.2.11, 3.4.0-3.4.7 and <p>A second bug in Shorewall versions 3.2.0-3.2.11, 3.4.0-3.4.7 and
4.0.0-4.0.5 can cause improper handing of PREROUTING and OUTPUT marks 4.0.0-4.0.5 can cause improper handing of PREROUTING and OUTPUT marks
when when
HIGH_ROUTE_MARKS=Yes. Patches are also available to correct this HIGH_ROUTE_MARKS=Yes. Patches are also available to correct this
problem:</p> problem:</p>
<p>Shorewall version 3.2.3-3.2.11: <a <p>Shorewall version 3.2.3-3.2.11: <a
href="http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.11/errata/patches/Shorewall/patch-3.2.11-1.diff">http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.11/errata/patches/Shorewall/patch-3.2.11-1.diff</a></p> href="http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.11/errata/patches/Shorewall/patch-3.2.11-1.diff">http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.11/errata/patches/Shorewall/patch-3.2.11-1.diff</a></p>
<p>Shorewall version 3.4.0-3.4.7: <a <p>Shorewall version 3.4.0-3.4.7: <a
href="http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.7/errata/patches/Shorewall/patch-3.4.7-1.diff">http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.7/errata/patches/Shorewall/patch-3.4.7-1.diff</a></p> href="http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.7/errata/patches/Shorewall/patch-3.4.7-1.diff">http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.7/errata/patches/Shorewall/patch-3.4.7-1.diff</a></p>
<p>Shorewall version 4.0.0-4.0.5: <a <p>Shorewall version 4.0.0-4.0.5: <a
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-shell/patch-shell-4.0.5-1.diff">http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-shell/patch-shell-4.0.5-1.diff</a> href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-shell/patch-shell-4.0.5-1.diff">http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-shell/patch-shell-4.0.5-1.diff</a>
and <a and <a
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-perl/patch-perl-4.0.5-4.diff">http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-perl/patch-perl-4.0.5-4.diff</a>.</p> href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-perl/patch-perl-4.0.5-4.diff">http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-perl/patch-perl-4.0.5-4.diff</a>.</p>
<hr> <hr>
<h2><a name="Notice1">Attention Users of BRIDGING=Yes</a></h2> <h2><a name="Notice1">Attention Users of BRIDGING=Yes</a></h2>
<p>In Linux Kernel version 2.6.20, the Netfilter team changed Physdev <p>In Linux Kernel version 2.6.20, the Netfilter team changed Physdev
Match Match
so that it is no longer capable of supporting BRIDGING=Yes. The so that it is no longer capable of supporting BRIDGING=Yes. The
solutions solutions
available to users are to either:</p> available to users are to either:</p>
<ol> <ol>
<li>Switch to using the technique described at <a <li>Switch to using the technique described at <a
href="http://www.shorewall.net/3.0/NewBridge.html">http://www.shorewall.net/3.0/NewBridge.html</a>; href="http://www.shorewall.net/3.0/NewBridge.html">http://www.shorewall.net/3.0/NewBridge.html</a>;
or<br> or<br>
</li> </li>
<li>Upgrade to Shorewall 4.0, migrate to using Shorewall-perl, and <li>Upgrade to Shorewall 4.0, migrate to using Shorewall-perl, and
follow the instructions at <a follow the instructions at <a
href="http://www1.shorewall.net/bridge-Shorewall-perl.html">http://www1.shorewall.net/bridge-Shorewall-perl.html.</a> href="http://www1.shorewall.net/bridge-Shorewall-perl.html">http://www1.shorewall.net/bridge-Shorewall-perl.html.</a>
</li> </li>
</ol> </ol>
<p>The first approach allows you to switch back and forth between <p>The first approach allows you to switch back and forth between
kernels kernels
older and newer than 2.6.20. The second approach is a better long-term older and newer than 2.6.20. The second approach is a better long-term
solution.</p> solution.</p>
<hr style="width: 100%; height: 2px;"> <hr style="width: 100%; height: 2px;">
<h2><a name="Kernel2.4"></a>Attention Users of Kernel 2.4</h2> <h2><a name="Kernel2.4"></a>Attention Users of Kernel 2.4</h2>
The Shorewall developers do not test Shorewall running on Kernel 2.4 The Shorewall developers do not test Shorewall running on Kernel 2.4
and we make no representation about the functionality of Shorewall on and we make no representation about the functionality of Shorewall on
that Kernel. Any failure of Shorewall on Kernel 2.4 will not be that Kernel. Any failure of Shorewall on Kernel 2.4 will not be
investigated by the Shorewall team.<br> investigated by the Shorewall team.<br>
<hr> <hr>
Copyright © 2001-2009 Thomas M. Eastep<br> Copyright © 2001-2009 Thomas M. Eastep<br>
<br> <br>
Permission is granted to copy, distribute and/or modify this Permission is granted to copy, distribute and/or modify this
document document
under the terms of the GNU Free Documentation License, Version 1.2 or under the terms of the GNU Free Documentation License, Version 1.2 or
any any
later version published by the Free Software Foundation; with no later version published by the Free Software Foundation; with no
Invariant Invariant
Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of
the the
license is included in the section entitled <span license is included in the section entitled <span
style="text-decoration: underline;">"</span><a href="GnuCopyright.htm" style="text-decoration: underline;">"</span><a href="GnuCopyright.htm"
target="_self">GNU Free Documentation License</a>". target="_self">GNU Free Documentation License</a>".
</body> </body>
</html> </html>