mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-16 19:30:44 +01:00
Update website
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1847 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
441b71a0a0
commit
0f7c148b89
@ -31,9 +31,9 @@ to 2.x releases of Shorewall. For older versions:</p>
|
|||||||
<p>The current 2.0 Stable Release is 2.0.13 -- Here are the <a
|
<p>The current 2.0 Stable Release is 2.0.13 -- Here are the <a
|
||||||
href="http://shorewall.net/pub/shorewall/2.0/shorewall-2.0.13/releasenotes.txt">release
|
href="http://shorewall.net/pub/shorewall/2.0/shorewall-2.0.13/releasenotes.txt">release
|
||||||
notes</a>.<br>
|
notes</a>.<br>
|
||||||
The current Developement Release is 2.2.0 Beta 7 -- Here
|
The current Developement Release is 2.2.0 RC1 -- Here
|
||||||
are the <a
|
are the <a
|
||||||
href="http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta7/releasenotes.txt">release
|
href="http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC1/releasenotes.txt">release
|
||||||
notes</a>.<br>
|
notes</a>.<br>
|
||||||
<br>
|
<br>
|
||||||
Copyright © 2001-2004 Thomas M. Eastep</p>
|
Copyright © 2001-2004 Thomas M. Eastep</p>
|
||||||
@ -44,7 +44,7 @@ Foundation; with no Invariant Sections, with no Front-Cover, and with
|
|||||||
no Back-Cover Texts. A copy of the license is included in the section
|
no Back-Cover Texts. A copy of the license is included in the section
|
||||||
entitled “<a href="GnuCopyright.htm" target="_self">GNU
|
entitled “<a href="GnuCopyright.htm" target="_self">GNU
|
||||||
Free Documentation License</a>”.</p>
|
Free Documentation License</a>”.</p>
|
||||||
<p>2004-12-04</p>
|
<p>2004-12-11</p>
|
||||||
<hr>
|
<hr>
|
||||||
<h3>Table of Contents</h3>
|
<h3>Table of Contents</h3>
|
||||||
<p style="margin-left: 0.42in; margin-bottom: 0in;"><a href="#Intro">Introduction
|
<p style="margin-left: 0.42in; margin-bottom: 0in;"><a href="#Intro">Introduction
|
||||||
@ -59,8 +59,10 @@ Shorewall</a><br>
|
|||||||
Shorewall on Mandrake® with a two-interface setup?</a><br>
|
Shorewall on Mandrake® with a two-interface setup?</a><br>
|
||||||
<a href="#License">License</a></p>
|
<a href="#License">License</a></p>
|
||||||
<p style="margin-bottom: 0in; margin-left: 40px;"><a href="#2_0_10">News</a></p>
|
<p style="margin-bottom: 0in; margin-left: 40px;"><a href="#2_0_10">News</a></p>
|
||||||
<p style="margin-left: 0.83in; margin-bottom: 0in;"><a
|
<p style="margin-left: 0.83in; margin-bottom: 0in;"><a href="#2_2_0_RC1">Shorewall
|
||||||
href="#2_2_0_Beta7">Shorewall 2.2.0 Beta 7</a><br>
|
2.2.0 RC1</a><br>
|
||||||
|
<a href="#2_2_0_Beta8">Shorewall 2.2.0 Beta 8</a><br>
|
||||||
|
<a href="#2_2_0_Beta7">Shorewall 2.2.0 Beta 7</a><br>
|
||||||
<a href="#2_0_13">Shorewall
|
<a href="#2_0_13">Shorewall
|
||||||
2.0.13</a><br>
|
2.0.13</a><br>
|
||||||
<a href="#2_0_12">Shorewall
|
<a href="#2_0_12">Shorewall
|
||||||
@ -166,6 +168,90 @@ of the license is included in the section entitled "GNU Free
|
|||||||
Documentation License". </p>
|
Documentation License". </p>
|
||||||
<hr>
|
<hr>
|
||||||
<h2><a name="News"></a>News</h2>
|
<h2><a name="News"></a>News</h2>
|
||||||
|
<span style="font-weight: bold;"><a name="2_2_0_RC1"></a>12/19/2004 -
|
||||||
|
Shorewall 2.2.0 RC1<br>
|
||||||
|
<br>
|
||||||
|
</span>Problems Corrected:<br>
|
||||||
|
<ol>
|
||||||
|
<li>The syntax of the add and delete command has been clarified in
|
||||||
|
the help summary produced by /sbin/shorewall.</li>
|
||||||
|
</ol>
|
||||||
|
New Features:<br>
|
||||||
|
<ol>
|
||||||
|
<li>TCP OpenVPN tunnels are now supported using the 'openvpn' tunnel
|
||||||
|
type. OpenVPN entries in /etc/shorewall/tunnels have this format:<br>
|
||||||
|
<br>
|
||||||
|
openvpn[:{tcp|udp}][:<port>]
|
||||||
|
<zone> <gateway><br>
|
||||||
|
<br>
|
||||||
|
Examples:<br>
|
||||||
|
<pre> openvpn:tcp net 1.2.3.4 # TCP tunnel on port 5000<br> openvpn:3344 net 1.2.3.4 # UDP on port 3344<br> openvpn:tcp:4455 net 1.2.3.4 # TCP on port 4455</pre>
|
||||||
|
</li>
|
||||||
|
<li>A new 'ipsecvpn' script is included in the tarball and in the
|
||||||
|
RPM. The RPM installs the file in the Documentation directory
|
||||||
|
(/usr/share/doc/packages/shorewall-2.2.0-0RC1).<br>
|
||||||
|
<br>
|
||||||
|
This script is intended for use on Roadwarrior laptops for establishing
|
||||||
|
an IPSEC SA to/from remote networks. The script has some limitations:<br>
|
||||||
|
<br>
|
||||||
|
- Only one instance of the script may be used at a
|
||||||
|
time.<br>
|
||||||
|
- Only the first SPD accessed will be instantiated
|
||||||
|
at the remote gateway. So while the script creates SPDs to/from the
|
||||||
|
remote gateway and each network listed in the NETWORKS setting at the
|
||||||
|
front of the script, only one of these may be used at a time.<br>
|
||||||
|
</li>
|
||||||
|
</ol>
|
||||||
|
<span style="font-weight: bold;"><a name="2_2_0_Beta8"></a>12/11/2004 -
|
||||||
|
Shorewall 2.2.0 Beta 8<br>
|
||||||
|
<br>
|
||||||
|
</span>Problems Corrected:<br>
|
||||||
|
<ol>
|
||||||
|
<li>A typo in the /etc/shorewall/interfaces file has been corrected.</li>
|
||||||
|
<li>Previously, the "add" and "delete" commands were generating
|
||||||
|
incorrect policy matches when policy match support was available.</li>
|
||||||
|
</ol>
|
||||||
|
New Features:<br>
|
||||||
|
<ol>
|
||||||
|
<li>Recent 2.6 kernels include code that evaluates TCP packets based
|
||||||
|
on TCP Window analysis. This can cause packets that were previously
|
||||||
|
classified as NEW or ESTABLISHED to be classified as INVALID.<br>
|
||||||
|
<br>
|
||||||
|
The new kernel code can be disabled by including this command in your
|
||||||
|
/etc/shorewall/init file:<br>
|
||||||
|
<br>
|
||||||
|
echo 1 >
|
||||||
|
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal<br>
|
||||||
|
<br>
|
||||||
|
Additional kernel logging about INVALID TCP packets may be obtained by
|
||||||
|
adding this command to /etc/shorewall/init:<br>
|
||||||
|
<br>
|
||||||
|
echo 1 >
|
||||||
|
/proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid<br>
|
||||||
|
<br>
|
||||||
|
Traditionally, Shorewall has dropped INVALID TCP packets early. The new
|
||||||
|
DROPINVALID option allows INVALID packets to be passed through the
|
||||||
|
normal rules chains by setting DROPINVALID=No.<br>
|
||||||
|
<br>
|
||||||
|
If not specified or if specified as empty (e.g., DROPINVALID="") then
|
||||||
|
DROPINVALID=Yes is assumed.<br>
|
||||||
|
<br>
|
||||||
|
</li>
|
||||||
|
<li>The "shorewall add" and "shorewall delete" commands now accept a
|
||||||
|
list of hosts to add or delete.<br>
|
||||||
|
<br>
|
||||||
|
Examples:<br>
|
||||||
|
<br>
|
||||||
|
shorewall add eth1:1.2.3.4 eth1:2.3.4.5 z12<br>
|
||||||
|
shorewall delete eth1:1.2.3.4 eth1:2.3.4.5 z12<br>
|
||||||
|
<br>
|
||||||
|
The above commands may also be written:<br>
|
||||||
|
<br>
|
||||||
|
shorewall add eth1:1.2.3.4,2.3.4.5 z12<br>
|
||||||
|
shorewall delete eth1:1.2.3.4,2.3.4.5 z12<br>
|
||||||
|
<br>
|
||||||
|
</li>
|
||||||
|
</ol>
|
||||||
<span style="font-weight: bold;"><a name="2_2_0_Beta7"></a>12/04/2004 -
|
<span style="font-weight: bold;"><a name="2_2_0_Beta7"></a>12/04/2004 -
|
||||||
Shorewall 2.2.0 Beta 7<br>
|
Shorewall 2.2.0 Beta 7<br>
|
||||||
</span><br>
|
</span><br>
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
<meta name="generator" content="DocBook XSL Stylesheets V1.62.4">
|
<meta name="generator" content="DocBook XSL Stylesheets V1.62.4">
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
<div class="article" lang="en" xml:lang="en">
|
<div class="article" xml:lang="en" lang="en">
|
||||||
<div class="titlepage">
|
<div class="titlepage">
|
||||||
<div>
|
<div>
|
||||||
<div>
|
<div>
|
||||||
@ -73,8 +73,6 @@ Shorewall: <a
|
|||||||
</tr>
|
</tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
<script language="JavaScript1.1"
|
|
||||||
src="http://www.trendmicro.com/syndication/wtc/wtc_applet_js.asp"></script>
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</body>
|
</body>
|
||||||
|
Loading…
Reference in New Issue
Block a user