diff --git a/Shorewall-Website/Shorewall_index_frame.htm b/Shorewall-Website/Shorewall_index_frame.htm index d6e56107e..3bd6be2f7 100644 --- a/Shorewall-Website/Shorewall_index_frame.htm +++ b/Shorewall-Website/Shorewall_index_frame.htm @@ -10,6 +10,8 @@ link="#0000ee" alink="#0000ee" vlink="#551a8b"> Home
+Introduction
Download

color="#ffffff">
+ color="#ffffff">Please report errors  on this site +to the Webmaster.

diff --git a/Shorewall-Website/Shorewall_sfindex_frame.htm b/Shorewall-Website/Shorewall_sfindex_frame.htm index 2db6c1a8d..f78ab1fab 100644 --- a/Shorewall-Website/Shorewall_sfindex_frame.htm +++ b/Shorewall-Website/Shorewall_sfindex_frame.htm @@ -10,60 +10,83 @@ - - - - - - - -
- - -
    -
-
-

Copyright 2001-2004 Thomas M. Eastep.
+ +Home
+Introduction
+Download
+Installation
+Documentation
+FAQs  +(Wiki)
+Troubleshooting
+Support +
+Features
+What +it +Cannot Do
+Requirements
+Mailing +Lists
+Upgrade +Issues
+Errata
+Mirrors
+News +Archive
+CVS +Repository
+Quotes +from Users
+Useful +Links
+About +the Author
+Donations +

+

Copyright 2001-2004 Thomas M. Eastep.

SourceForge Logo


-This site is hosted by the generous folks at SourceForge.net +Please report errors on +this site +to the Webmaster.
diff --git a/Shorewall-Website/download.htm b/Shorewall-Website/download.htm index a1ee33e7d..f42d134f3 100644 --- a/Shorewall-Website/download.htm +++ b/Shorewall-Website/download.htm @@ -22,7 +22,7 @@ Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”.

-

2004-06-15
+

2004-07-06

I strongly urge you to read and print a copy of the me know so that I can mention them here. See the Installation Instructions if you have problems installing the RPM. -

  • If you are running LRP, download the .lrp file.
    +
  • If you are running LEAF Bering or Bering uClibc, download the +.lrp file
    +
    + Note: Beginning with the +2.1 Development release, the .lrp file is named shorewall-lrp-version.tgz (e.g., +shorewall-lrp-2.1.0.tgz). Simply rename this file to shorwall.lrp when +you move it to your LEAF system.
    +
  • If you run Debian and would like a .deb package, Shorewall is included in both the ”.

    -

    2004-07-02
    +

    2004-07-29

    Table of Contents

    @@ -51,9 +51,15 @@ Shorewall
    two-interface setup?
    License
    -News
    +    News
     -
    Shorewall 2.0.3c
    +
    Shorewall 2.0.7
    +Shorewall 2.0.6
    +Shorewall 2.0.5
    +Shorewall 2.0.4
    +New Release +Model
    +Shorewall 2.0.3c
    Shorewall 2.0.3b
    Shorewall 2.0.3a
    Shorewall @@ -152,8 +158,280 @@ Documentation License".

    News

    -7/02/2004 - +7/29/2004 - +Shorewall 2.0.7
    +
    +    Problems Corrected:
    +
      +
    1. The PKTTYPE option introduced in version 2.0.6 is now used when +generating rules to REJECT packets. Broadcast packets are silently +dropped rather than being rejected with an ICMP (which is a protocol +violation) and users whose kernels have broken packet type match +support are likely to see messages reporting this violation. Setting +PKTTYPE=No should cause these messages to cease.
      2. +
    2. Multiple interfaces with the 'blacklist' option no longer result +in an error message at startup.
      3. +
    3. The following has been added to /etc/shorewall/bogons:
      +
      +       0.0.0.0   RETURN
      +
      +This prevents the 'nobogons' option from logging DHCP 'DISCOVER' +broadcasts.
      +
      4. +
    +New Features:
    +
    +
      +
    1. To improve supportability, the "shorewall status" command now +includes IP and Route configuration information.
      +
      +   Example:
      +
      +    IP Configuration
      +
      +    1: lo: +<LOOPBACK,UP> mtu 16436 qdisc noqueue
      +       +link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
      +       +inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
      +       +inet6 ::1/128 scope host
      +    2: eth0: +<BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen +1000
      +       +link/ether 00:a0:c9:15:39:78 brd ff:ff:ff:ff:ff:ff
      +       +inet6 fe80::2a0:c9ff:fe15:3978/64 scope link
      +    3: eth1: +<BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen +1000
      +       +link/ether 00:a0:c9:a7:d7:bf brd ff:ff:ff:ff:ff:ff
      +       +inet6 fe80::2a0:c9ff:fea7:d7bf/64 scope link
      +    5: sit0@NONE: +<NOARP> mtu 1480 qdisc noop
      +       +link/sit 0.0.0.0 brd 0.0.0.0
      +    6: eth2: +<BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen +1000
      +       +link/ether 00:40:d0:07:3a:1b brd ff:ff:ff:ff:ff:ff
      +       +inet6 fe80::240:d0ff:fe07:3a1b/64 scope link
      +    7: br0: +<BROADCAST,MULTICAST,NOTRAILERS,UP> mtu 1500 qdisc noqueue
      +       +link/ether 00:40:d0:07:3a:1b brd ff:ff:ff:ff:ff:ff
      +       +inet 192.168.1.3/24 brd 192.168.1.255 scope global br0
      +       +inet6 fe80::240:d0ff:fe07:3a1b/64 scope link
      +
      +    Routing Rules
      +
      +    +0:      from all lookup local
      +    32765:  +from all fwmark       ca lookup www.out
      +    32766:  +from all lookup main
      +    32767:  +from all lookup default
      +
      +    Table local:
      +
      +    broadcast +192.168.1.0 dev br0  proto kernel  scope link  src +192.168.1.3
      +    broadcast +127.255.255.255 dev lo  proto kernel  scope link  src +127.0.0.1
      +    local +192.168.1.3 dev br0  proto kernel  scope host  src +192.168.1.3
      +    broadcast +192.168.1.255 dev br0  proto kernel  scope link  src +192.168.1.3
      +    broadcast +127.0.0.0 dev lo  proto kernel  scope link  src 127.0.0.1
      +    local 127.0.0.1 +dev lo  proto kernel  scope host  src 127.0.0.1
      +    local +127.0.0.0/8 dev lo  proto kernel  scope host  src +127.0.0.1
      +
      +    Table www.out:
      +
      +    default via +192.168.1.3 dev br0
      +
      +    Table main:
      +
      +    192.168.1.0/24 +dev br0  proto kernel  scope link  src 192.168.1.3
      +    default via +192.168.1.254 dev br0
      +
      +    Table default:
      +
      2. +
    +7/16/2004 - +Shorewall 2.0.6
    +
    +    Problems Corrected:
    +
      +
    • Some users have reported the packet type match option in +iptables/Netfilter failing to match certain broadcast packets. The +result is that the firewall log shows a lot of broadcast packets.
      +
      +Other users have complained of the following message when starting +Shorewall:
      +
      +            +modprobe: cant locate module ipt_pkttype
      +
      +Users experiencing either of these problems can use PKTTYPE=No in +shorewall.conf to cause Shorewall to use IP address filtering of +broadcasts rather than packet type.
      • +
    • The shorewall.conf and zones file are no longer given execute +permission by the installer script.
      • +
    • ICMP packets that are in the INVALID state are now dropped by the +Reject and Drop default actions. They do so using the new 'dropInvalid' +builtin action.
      +
      • +
    +7/10/2004 - +Shorewall 2.0.5
    +
    +Problems Corrected:
    +
      +
    • If DISABLE_IPV6=Yes in shorewall.conf then harmless error +messages referring to $RESTOREBASE are generated during shorewall stop.
      • +
    • An anachronistic comment concerning a mangle option has been +removed from shorewall.conf.
      +
      • +
    +7/06/2004 - +Shorewall 2.0.4
    +
    +Problems Corrected:
    +
      +
    • Rules with $FW as the source zone and that specify logging can +cause "shorewall start" to fail.
      +
      • +
    +7/03/2004 +- New Shorewall Release Model
    +
    +    Effective today, Shorewall is adopting a new release model which +takes ideas from the one used in the Linux Kernel and from the release +model for Postfix.
    +
      +
    1. Releases continue to have a three-level identification x.y.z (e.g., 2.0.3).
      +
      2. +
    2. The first two levels (x.y) +designate the Major Release Number +(e.g., 2.0)
      3. +
    3. The third level (z) +designates the Minor Release Number.
      4. +
    4. Even numbered major releases (e.g., 1.4, 2.0, 2.2, ...) are Stable Releases. No new features +are added to stable releases and new minor releases of a stable release +will only contain bug fixes. Installing a new minor release for the +major release that you are currently running involves no migration +issues (for example, if you are running 1.4.10 and I release 1.4.11, +your current configuration is 100% compatible with the new release).
      5. +
    5. Support is available through the Mailing List for the two most +recent Stable Releases.
      +
      6. +
    6. Odd numbered major releases (e.g., 2.1, 2.3, ...) are Development Releases. Development +releases are where new functionality is introduced. Documentation for +new features will be available but it may not be up to the standards of +the stable release documentation. Sites running Development Releases +should be prepared to play an active role in testing new features. Bug +fixes and problem resolution for the development release take a back +seat to support of the stable releases. Problem reports for the current +development release should be sent to the Shorewall +Development Mailing List.
      +
      7. +
    7. When the level of functionality of the current development +release is judged adaquate, the Beta period for a new Stable release +will begin. Beta releases have identifications of the form x.y.0-BetaN where x.y is the number of the next +Stable Release and N=1,2,3... +. Betas are expected to occur rougly once per year. Beta releases may +contain new functionality not present in the previous beta release +(e.g., 2.2.0-Beta4 may contain functionality not present in +2.2.0-Beta3). When I'm confident that the current Beta release is +stable, I will release the first Release +Candidate. Release candidates have identifications of the form x.y.0-RCn where x.y + is the number of the next Stable Release and n=1,2,3... +. Release candidates contain no new functionailty -- they only contain +bug fixes. When the stability of the current release candidate is +judged to be sufficient then that release candidate will be released as +the new stable release (e.g., 2.2.0). At that time, the new stable +release and the prior stable release are those that are supported.
      8. +
    8. What does it mean for a major release to be supported? It means that I will +answer questions about the release and that if a bug is found, I will +fix the bug and include the fix in the next minor release.
      9. +
    9. Between minor releases, bug fixes will continue to be made +available through the Errata page for each major release.
      +
      10. +
    +The immediate implications of this change are as follows:
    +
      +
    1. The functionality of the 2.0 major release is frozen at the level +of minor release 2.0.3.
      2. +
    2. The two major releases currently supported are 1.4 and 2.0.
      3. +
    3. I will be opening the 2.1 development release shortly with the +release of 2.1.0.
      4. +
    4. Bug-fix releases with identifications of the form x.y.zX where X=a,b,c,... (e.g., +2.0.3c) will not be seen in the future.
      +
      5. +
    +7/02/2004 - Shorewall 2.0.3c

    Problems Corrected:
    @@ -371,16 +649,16 @@ Netfilter configuration tool.
    -

    Donations -

    -

    +

    Donations

    (Alzheimer's Association Logo)

    + style="border: 0px solid ; width: 300px; height: 60px;" align="right">

    +

    +

    (Starlight Foundation Logo)

    + style="border: 0px solid ; width: 59px; height: 102px;" align="right">

    Shorewall is free but if you diff --git a/Shorewall-Website/useful_links.html b/Shorewall-Website/useful_links.html index 39254a9b0..784a42282 100755 --- a/Shorewall-Website/useful_links.html +++ b/Shorewall-Website/useful_links.html @@ -33,7 +33,7 @@ Documentation License”.

    -

    2004-07-02

    +

    2004-07-14

    @@ -48,6 +48,11 @@ Documentation License”.

    Linux Advanced Routing and Traffic Control Howto: http://ds9a.nl/lartc + + Traffic Shaping Howto: http://www.tldp.org/HOWTO/Traffic-Control-HOWTO/
    + + Iproute Downloads: ftp://ftp.inr.ac.ru/ip-routing