From 1b2a068025a41f17f5cdd642fa30751df569db04 Mon Sep 17 00:00:00 2001 From: teastep Date: Thu, 19 May 2005 14:16:52 +0000 Subject: [PATCH] Update versions to 2.3.2 git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2137 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall2/fallback.sh | 2 +- Shorewall2/install.sh | 2 +- Shorewall2/releasenotes.txt | 126 ++++++++++++++++++------------------ Shorewall2/shorewall.spec | 4 +- Shorewall2/uninstall.sh | 2 +- 5 files changed, 70 insertions(+), 66 deletions(-) diff --git a/Shorewall2/fallback.sh b/Shorewall2/fallback.sh index fa01e0e0d..4a7ee1364 100755 --- a/Shorewall2/fallback.sh +++ b/Shorewall2/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=2.3.1 +VERSION=2.3.2 usage() # $1 = exit status { diff --git a/Shorewall2/install.sh b/Shorewall2/install.sh index 5ee41a25a..4df4a6d4a 100755 --- a/Shorewall2/install.sh +++ b/Shorewall2/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # -VERSION=2.3.1 +VERSION=2.3.2 usage() # $1 = exit status { diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt index 6e20b6c71..db87a7ef4 100755 --- a/Shorewall2/releasenotes.txt +++ b/Shorewall2/releasenotes.txt @@ -1,4 +1,4 @@ -Shorewall 2.3.3 +Shorewall 2.3.2 ----------------------------------------------------------------------- Problems corrected in version 2.3.2 @@ -7,9 +7,70 @@ None. ----------------------------------------------------------------------- New Features in version 2.3.2 -1) Shorewall 2.3.2 can now configure routing if your kernel and +1) Shorewall 2.3.2 includes support for multiple internet interfaces to + different ISPs. + + The file /etc/shorewall/providers may be used to define the + different providers. It can actually be used to define alternate + routing tables so uses like transparent proxy can use the file as + well. + + Columns are: + + NAME The provider name. + + NUMBER The provider number -- a number between 1 and 15 + + MARK A FWMARK value used in your + /etc/shorewall/tcrules file to direct packets to + this provider. + + DUPLICATE The name of an existing table to duplicate. May + be 'main' or the name of a previous provider. + + INTERFACE The name of the network interface to the + provider. Must be listed in + /etc/shorewall/interfaces. + + GATEWAY The IP address of the provider's gateway router. + + OPTIONS A comma-separated list selected from the + following: + + track If specified, connections FROM this interface are + to be tracked so that responses may be routed + back out this same interface. + + You want specify 'trask' if internet hosts will be + connecting to local servers through this + provider. + + Because of limitations in the 'ip' utility and + policy routing, you may not use the SAVE or + RESTORE tcrules options or use connection + marking on any traffic to or from this + interface. For traffic control purposes, you + must mark packets in the FORWARD chain (or + better yet, use the CLASSIFY target). + + balance The providers that have 'balance' specified will + get outbound traffic load-balanced among them. + + Example: You run squid in your DMZ on IP address + 192.168.2.99. Your DMZ interface is eth2 + + #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS + Squid 1 1 - eth2 192.168.2.99 - + + Use of this feature requires that your kernel and iptables + support CONNTRACK target and conntrack match as well as extended + MARK support. It does NOT require the ROUTE target extension. + +2) Shorewall 2.3.2 can now configure routing if your kernel and iptables support the ROUTE target extension. This extension is - available in Patch-O-Matic-ng. + available in Patch-O-Matic-ng. This feature is *EXPERIMENTAL* since + the Netfilter team have no intention of ever releasing the ROUTE + target extension to kernel.org. Routing is configured using the /etc/shorewall/routes file. Columns in the file are as follows: @@ -91,65 +152,6 @@ New Features in version 2.3.2 GATEWAY The gateway that the packet is to be forewarded through. -2) Shorewall 2.3.2 includes support for multiple internet interfaces to - different ISPs. - - The file /etc/shorewall/providers may be used to define the - different providers. It can actually be used to define alternate - routing tables so uses like transparent proxy can use the file as - well. - - Columns are: - - NAME The provider name. - - NUMBER The provider number -- a number between 1 and 15 - - MARK A FWMARK value used in your - /etc/shorewall/tcrules file to direct packets to - this provider. - - DUPLICATE The name of an existing table to duplicate. May - be 'main' or the name of a previous provider. - - INTERFACE The name of the network interface to the - provider. Must be listed in - /etc/shorewall/interfaces. - - GATEWAY The IP address of the provider's gateway router. - - OPTIONS A comma-separated list selected from the - following: - - track If specified, connections FROM this interface are - to be tracked so that responses may be routed - back out this same interface. - - You want specify 'trask' if internet hosts will be - connecting to local servers through this - provider. - - Because of limitations in the 'ip' utility and - policy routing, you may not use the SAVE or - RESTORE tcrules options or use connection - marking on any traffic to or from this - interface. For traffic control purposes, you - must mark packets in the FORWARD chain (or - better yet, use the CLASSIFY target). - - balance The providers that have 'balance' specified will - get outbound traffic load-balanced among them. - - Example: You run squid in your DMZ on IP address - 192.168.2.99. Your DMZ interface is eth2 - - #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS - Squid 1 1 - eth2 192.168.2.99 - - - Use of this feature requires that your kernel and iptables - support CONNTRACK target and conntrack match as well as extended - MARK support. It does NOT require the ROUTE target extension. - ----------------------------------------------------------------------- Problems corrected in version 2.3.1 diff --git a/Shorewall2/shorewall.spec b/Shorewall2/shorewall.spec index ebc57636c..46fe3e563 100644 --- a/Shorewall2/shorewall.spec +++ b/Shorewall2/shorewall.spec @@ -1,5 +1,5 @@ %define name shorewall -%define version 2.3.1 +%define version 2.3.2 %define release 1 %define prefix /usr @@ -140,6 +140,8 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn %changelog +* Thu May 19 2005 Tom Eastep tom@shorewall.net +- Updated to 2.3.2-1 * Sun May 15 2005 Tom Eastep tom@shorewall.net - Updated to 2.3.1-1 * Mon Apr 11 2005 Tom Eastep tom@shorewall.net diff --git a/Shorewall2/uninstall.sh b/Shorewall2/uninstall.sh index 6d9a150d6..8d4503a45 100755 --- a/Shorewall2/uninstall.sh +++ b/Shorewall2/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Seattle Firewall -VERSION=2.3.1 +VERSION=2.3.2 usage() # $1 = exit status {