More work on upgrade issues/instructions

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6735 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-22 07:33:43 +01:00 · 2007-07-01 15:43:07 +00:00 · 2007-07-01 15:43:07 +00:00 · 0b2cdd5794
commit 0b2cdd5794
parent c210b996c0
5 changed files with 108 additions and 45 deletions
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@ -2,6 +2,10 @@ Changes in 4.0.0 RC 1

 1)  shorewall-perl RPM no longer installable under shorewall 3.4.

+2)  Fix limited broadcast and detectnets/routeback interfaces.
+
+3)  Use optimized 'split' for faster compilation.
+
 Changes in 4.0.0 Beta 6

 1)  First step to adding compiler debugging facility.
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@ -12,8 +12,9 @@ Shorewall 4.0.0 RC 1
   - Shorewall-shell ( the shell-based compiler )
   - Shorewall-perl (the Perl-based compiler )

-You must install Shorewall-common and at least one of the compiler
-packages (you may install them both).
+   You must install Shorewall-common and at least one of the compiler
+   packages (you may install them both). See the Migration
+   Considerations below for further information.

 3) The facilities for supporting bridge/firewalls under earlier
   releases are deprecated and their documentation is omitted from the
@ -23,17 +24,30 @@ packages (you may install them both).

 Problems corrected in 4.0.0 Beta 7.

-None.
+1)  If 'routeback' and 'detectnets' were specified on an interface,
+    limited broadcasts (to 255.255.255.255) were dropped when forwarded
+    through the interface. This could cause broadcast-based
+    applications to fail when running through a bridge with
+    'detectnets'.

 Other changes in Shorewall 4.0.0 RC 1.

 1)  The shorewall-perl RPM may no longer be installed under Shorewall
    3.4. It requires shorewall_common.

+2)  The compiler's CPU utilization has been reduced further.
+
 Migration Considerations:

-1)  You cannot simply upgrade your existing Shorewall package. You must
-    also install one or both of the compilers.
+1)  Beginning with Shorewall 4.0.0, there is no single 'shorewall'
+    package. Rather there are two compiler packages (shorewall-shell
+    and shorewall-perl) and a set of base files (shorewall-common)
+    required by either compiler package.
+
+    Although the names of the packages are changing, you can upgrade
+    without having to uninstall/reinstall.
+
+    To repeat: YOU DO NOT NEED TO UNINSTALL ANY EXISTING PACKAGE.

    If you attempt to upgrade using the shorewall-common RPM, you get
    this result:
@ -45,12 +59,12 @@ Migration Considerations:

    You must either:

-	rpm -U shorewall-shell-4.0.0.noarch.rpm \
+	rpm -Uvh shorewall-shell-4.0.0.noarch.rpm \
 	    shorewall-common-4.0.0.noarch.rpm

    or

-	rpm -U shorewall-shell-4.0.0.noarch.rpm \
+	rpm -Uvh shorewall-shell-4.0.0.noarch.rpm \
 	    shorewall-perl-4.0.0.noarch.rpm \
 	    shorewall-common-4.0.0.noarch.rpm

@ -68,6 +82,33 @@ Migration Considerations:
    the tarball in the expected way; untar the package, and run the
    install.sh script.

+    Example 1: You have 'shorewall' installed and you want to continue
+    to use the shorewall-shell compiler.
+
+	tar -jxf shorewall-common-4.0.0.tar.bz2
+	tar -jxf shorewall-shell-4.0.0.tar.bz2
+
+	cd shorewall-shell-4.0.0
+	./install.sh
+	cd ../shorewall-common-4.0.0
+	./install.sh
+	shorewall check
+	shorewall restart
+
+    Example 2: You have shorewall 3.4.4 and shorewall-perl 4.0.0-Beta7
+    installed and you want to upgrade to 4.0. You do not need the
+    shell-based compiler.
+
+	tar -jxf shorewall-common-4.0.0.tar.bz2
+	tar -jxf shorewall-perl-4.0.0.tar.bz2
+
+	cd shorewall-perl-4.0.0
+	./install.sh
+	cd ../shorewall-common-4.0.0
+	./install.sh
+	shorewall check
+	shorewall restart
+
 2)  The ROUTE_FILTER and LOG_MARTIANS options in shorewall.conf work
    slightly differently in Shorewall 4.0.0. In prior releases, leaving
    these options empty was equivalent to setting them to 'No' which
--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@ -1661,7 +1661,7 @@ sub generate_matrix() {
 		    while ( my ($interface, $sourceref) = ( each %needbroadcast ) ) {
 			if ( get_interface_option( $interface, 'bridge' ) ) {
 			    for my $source ( keys %$sourceref ) {
-				add_rule $filter_table->{forward_chain $interface} , "-o $interface ${source}-m addrtype --dst-type BROADCAST -j $chain3";
+				add_rule $filter_table->{forward_chain $interface} , "-o $interface ${source}-d 255.255.255.255 -j $chain3";
 			    }
 			}
 		    }
--- a/docs/Install.xml
+++ b/docs/Install.xml
@ -360,10 +360,16 @@ Pin-Priority: 700</programlisting><emphasis role="bold"><emphasis>Then
        package, it probably won't work.</para>
      </listitem>

+      <listitem>
+        <para>If you are upgrading from a 2.x or 3.x version to a 4.x version
+        or later, please see the <ulink url="upgrade_issues.htm">upgrade
+        issues</ulink> for specific instructions.</para>
+      </listitem>
+
      <listitem>
        <para>Upgrade the RPM</para>

-        <programlisting><command>rpm -Uvh &lt;shorewall rpm file&gt; &lt;compiler rpm file&gt; ...</command></programlisting>
+        <programlisting><command>rpm -Uvh &lt;shorewall-common rpm file&gt; &lt;compiler rpm file&gt; ...</command></programlisting>

        <note>
          <para>Some <trademark>SUSE</trademark> users have encountered a
@ -371,7 +377,7 @@ Pin-Priority: 700</programlisting><emphasis role="bold"><emphasis>Then
          though a 2.4 kernel is installed. If this happens, simply use the
          --nodeps option to rpm.</para>

-          <programlisting><command>rpm -Uvh --nodeps &lt;shorewall rpm&gt; &lt;compiler rpm&gt; ...</command></programlisting>
+          <programlisting><command>rpm -Uvh --nodeps &lt;shorewall-common rpm&gt; &lt;compiler rpm&gt; ...</command></programlisting>
        </note>

        <note>
@ -407,6 +413,12 @@ Pin-Priority: 700</programlisting><emphasis role="bold"><emphasis>Then
  <section id="Upgrade_Tarball">
    <title>Upgrade using tarball</title>

+    <para><important>
+        <para>If you are upgrading from a 2.x or 3.x version to a 4.x version
+        or later, please see the <ulink url="upgrade_issues.htm">upgrade
+        issues</ulink> for specific instructions.</para>
+      </important></para>
+
    <para>If you already have Shorewall installed and are upgrading to a new
    version using the tarball:</para>

--- a/docs/upgrade_issues.xml
+++ b/docs/upgrade_issues.xml
@ -70,54 +70,60 @@
  </section>

  <section id="V4.0.0">
-    <title>Versions &gt;= 4.0.0-Beta1</title>
+    <title>Versions &gt;= 4.0.0-Beta7</title>

    <orderedlist>
      <listitem>
-        <para>This is the first Shorewall release that fully integrates the
-        new Shorewall-perl compiler. You are now offered a choice as to which
-        compiler(s) you install. In Shorewall 4.0.0, there are the following
-        packages:<itemizedlist>
-            <listitem>
-              <para>Shorewall-common ( common files )</para>
-            </listitem>
+        <para>Beginning with Shorewall 4.0.0, there is no single 'shorewall'
+        package. Rather there are two compiler packages (shorewall-shell and
+        shorewall-perl) and a set of base files (shorewall-common) required by
+        either compiler package.</para>

-            <listitem>
-              <para>Shorewall-shell ( the shell-based compiler )</para>
-            </listitem>
+        <para>Although the names of the packages are changing, you can upgrade
+        without having to uninstall/reinstall.</para>

-            <listitem>
-              <para>Shorewall-perl (the Perl-based compiler )</para>
-            </listitem>
+        <para>To repeat: <emphasis role="bold">You do not need to uninstall
+        any existing package.</emphasis></para>

-            <listitem>
-              <para>Shorewall-lite</para>
-            </listitem>
-          </itemizedlist>You must install Shorewall-common and at least one of
-        the compiler packages (you may install them both).</para>
-
-        <para>You cannot simply upgrade your existing Shorewall package. You
-        must upgrade Shorewall-common <emphasis role="bold">and</emphasis>
-        install one or both of the compilers.</para>
-
-        <para>If you attempt to upgrade using the common RPM, you get this
-        result:<programlisting>gateway:~ # rpm -Uvh shorewall-common-4.0.0.noarch.rpm 
+        <para>If you attempt to upgrade using the shorewall-common RPM, you
+        get this result:<programlisting>gateway:~ # <command>rpm -Uvh shorewall-common-4.0.0.noarch.rpm </command>
 error: Failed dependencies:
 shorewall_compiler is needed by shorewall-common-4.0.0-1.noarch
-gateway:~ #</programlisting> You must either:<programlisting>rpm -U shorewall-shell-4.0.0.noarch.rpm shorewall-common-4.0.0.noarch.rpm</programlisting>or<programlisting>rpm -U shorewall-shell-4.0.0.noarch.rpm shorewall-perl-4.0.0.noarch.rpm shorewall-common-4.0.0.noarch.rpm</programlisting>If
-        you are upgrading using the tarball, you must install either
-        shorewall-shell or shorewall-perl before you upgrade Shorewall using
-        the Shorewall-common tarball. Otherwise, the install.sh script fails
-        with:<simplelist>
+gateway:~ #</programlisting>You must either:<programlisting><command>rpm -Uvh shorewall-shell-4.0.0.noarch.rpm shorewall-common-4.0.0.noarch.rpm</command></programlisting>or<programlisting><command>rpm -Uvh shorewall-shell-4.0.0.noarch.rpm shorewall-perl-4.0.0.noarch.rpm shorewall-common-4.0.0.noarch.rpm</command></programlisting>If
+        you don't want shorewall-shell, use the second command
+        then<programlisting><command>rpm -e shorewall-shell</command></programlisting>If
+        you are upgrading using the tarball, you must install shorewall-shell
+        and/or shorewall-perl before you upgrade using shorewall-common.
+        Otherwise, the install.sh script fails with:<simplelist>
            <member>ERROR: No Shorewall compiler is installed</member>
          </simplelist>The shorewall-shell and shorewall-perl packages are
        installed from the tarball in the expected way; untar the package, and
        run the install.sh script.</para>

-        <para>The RPMs are set up so that if you upgrade an existing Shorewall
-        installation as part of a distribution upgrade and you have not
-        already installed shorewall-perl, then you will end up with
-        Shorewall-common and Shorewall-shell installed.</para>
+        <para>Example 1: You have 'shorewall' installed and you want to
+        continue to use the shorewall-shell compiler.<programlisting><command>tar -jxf shorewall-common-4.0.0.tar.bz2
+tar -jxf shorewall-shell-4.0.0.tar.bz2
+
+cd shorewall-shell-4.0.0
+./install.sh
+cd ../shorewall-common-4.0.0
+./install.sh
+shorewall check
+shorewall restart</command></programlisting>Example 2: You have shorewall
+        3.4.4 and shorewall-perl 4.0.0-Beta7 installed and you want to upgrade
+        to 4.0. You do not need the shell-based compiler.<programlisting><command>tar -jxf shorewall-common-4.0.0.tar.bz2
+tar -jxf shorewall-perl-4.0.0.tar.bz2
+
+cd shorewall-perl-4.0.0
+./install.sh
+cd ../shorewall-common-4.0.0
+./install.sh
+shorewall check
+shorewall restart</command></programlisting> The RPMs are set up so that if
+        you upgrade an existing Shorewall installation as part of a
+        distribution upgrade and you have not already installed
+        shorewall-perl, then you will end up with Shorewall-common and
+        Shorewall-shell installed.</para>
      </listitem>

      <listitem>