From 1618941d9e5fe8968761f9cc04dd897da5061d93 Mon Sep 17 00:00:00 2001 From: teastep Date: Fri, 9 Dec 2005 23:11:46 +0000 Subject: [PATCH] Add additional migration considerations for 2.0 users git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3141 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/changelog.txt | 2 + Shorewall/releasenotes.txt | 76 +++++++++++++++++++++++++++++++++++++- 2 files changed, 76 insertions(+), 2 deletions(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index c47b87fb1..86c5be0c0 100755 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -24,6 +24,8 @@ Changes in 3.0.3 12) Correct README.txt +13) Add upgrade considerations for 2.0 users to release notes. + Changes in 3.0.2 1) Typos in the Samples corrected. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 0c42dca99..7b5f370d0 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -61,7 +61,7 @@ New Features in 3.0.3 1) A "shorewall show macros" command has been added. This command displays a list of the standard macros along with a brief description of each. -2) The '-q' option now works with 'safe-start' and 'safe-restart'. +2) The '-q' option is now supported with 'safe-start' and 'safe-restart'. 3) The value "-" is now allowed in the ADDRESS/SUBNET column of /etc/shorewall/blacklist. That value is equivalent to specifying @@ -364,7 +364,79 @@ Migration Considerations for Users upgrade from Shorewall 2.2 or 2.4. /etc/shorewall/tcstart so if you set TC_ENABLED=Yes, then you must supply that script. -New Features in Shorewall 3.0.* +Additional Migration Considerations for Users upgrading from Shorewall 2.0. + +Note that these are in addition to the considerations listed above. + +1) Shorewall configuration files except shorewall.conf are now empty + (they contain only comments). If you wish to retain the defaults + in any of the following files, you should copy these files before + upgrading them then restore them after the upgrade: + + /etc/shorewall/zones + /etc/shorewall/policy + /etc/shorewall/tos + +2) If shorewall.conf is upgraded to the latest version, it needs to be + modified to set STARTUP_ENABLED=Yes + +3) 5) The ORIGINAL DEST column of the /etc/shorewall/rules file may no + longer contain a second (SNAT) address. You must use an entry in + /etc/shorewall/masq instead. + + Example from Shorewall FAQ #1: + + Prior to Shorewall 2.2: + + /etc/shorewall/interfaces + + loc eth1 detect routeback,... + + /etc/shorewall/rules + + DNAT loc loc:192.168.1.12 tcp 80 \ + - 130.252.100.69:192.168.1.254 + + Shorewall 2.2 and Later: + + /etc/shorewall/interfaces + + loc eth1 detect routeback,... + + /etc/shorewall/masq: + + eth1 eth1 192.168.1.254 tcp 80 + + + /etc/shorewall/rules: + + DNAT loc loc:192.168.1.12 tcp 80 \ + - 130.252.100.69 + +4) The 'logunclean' and 'dropunclean' options that were deprecated in + Shorewall 2.0 have now been removed completely. + +5) A new IPTABLES variable has been added to shorewall.conf. This + variable names the iptables executable that Shorewall will use. The + variable is set to "/sbin/iptables". If you use the new + shorewall.conf, you may need to change this setting to maintain + compabibility with your current setup (if you use your existing + shorewall.conf that does not set IPTABLES then you should + experience no change in behavior). + +6) The default port for OpenVPN tunnels has been changed from 5000 to + 1194 to reflect the recent IANA allocation of that port for + OpenVPN. + +7) If you are setting a shell variable using a statement similar to: + + ETH0_IP=`find_interface_address eth0` + + then you must change that statement to read as follows: + + ETH0_IP=`find_first_interface_address eth0` + +New Features in Shorewall 3.0.0 1) Error and warning messages are made easier to spot by using capitalization (e.g., ERROR: and WARNING:).