extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-08 14:01:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

More web updates

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8750 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-10-06 00:12:26 +00:00
parent a5e771c1d8
commit 30a6728e82
2 changed files with 34 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
docs/support.xml
View File

@ -18,7 +18,7 @@
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate> <pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
<copyright> <copyright>
<year>2001-2007</year> <year>2001-2008</year>
<holder>Thomas M. Eastep</holder> <holder>Thomas M. Eastep</holder>
</copyright> </copyright>
@ -42,9 +42,9 @@
</articleinfo> </articleinfo>
<caution> <caution>
<para><emphasis role="bold">This article applies to Shorewall 3.0 and <para><emphasis role="bold">This article applies to Shorewall 4.0 and
later. If you are running a version of Shorewall earlier than Shorewall later. If you are running a version of Shorewall earlier than Shorewall
3.0.0 then please see the documentation for that 4.0.0 then please see the documentation for that
release.</emphasis></para> release.</emphasis></para>
</caution> </caution>
@ -56,12 +56,11 @@
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>The three currently-supported Shorewall <ulink <para>The two currently-supported Shorewall <ulink
url="ReleaseModel.html">major releases</ulink> are 3.2, 3.4 and url="ReleaseModel.html">major releases</ulink> are 4.0 and 4.2.</para>
4.0.</para>
<note> <note>
<para>Shorewall versions earlier than 3.2.0 are no longer supported; <para>Shorewall versions earlier than 4.0.0 are no longer supported;
we will try to help but I will personally not spend time reading we will try to help but I will personally not spend time reading
earlier code to try to help you solve a problem and I will not earlier code to try to help you solve a problem and I will not
release a patch to correct any defect found.</para> release a patch to correct any defect found.</para>
@ -149,13 +148,12 @@
Shorewall-perl, there is no need to compress the file — it will be Shorewall-perl, there is no need to compress the file — it will be
very short).</para> very short).</para>
<para>If you are running Shorewall version 3.2.0 or later and <para>If compilation succeeds but the compiled program fails, then
compilation succeeds but the compiled program fails, then please please include the compiled program with your report. The compiled
include the compiled program with your report. The compiled program program will be named <filename>/var/lib/shorewall/.start</filename>
will be named <filename>/var/lib/shorewall/.start</filename> if the if the command is <command>shorewall start</command> and it will be
command is <command>shorewall start</command> and it will be named named <filename>/var/lib/shorewall/.restart</filename> if the
<filename>/var/lib/shorewall/.restart</filename> if the command is command is <command>shorewall restart</command>.</para>
<command>shorewall restart</command>.</para>
<para>If you are running Shorewall-perl 4.0.5 or later, you may also <para>If you are running Shorewall-perl 4.0.5 or later, you may also
include the word <emphasis role="bold">debug</emphasis> as the first include the word <emphasis role="bold">debug</emphasis> as the first
@ -217,17 +215,10 @@
<para>If you are unsure if Shorewall is starting successfully or not <para>If you are unsure if Shorewall is starting successfully or not
then first note that if Shorewall starts successfully, the last then first note that if Shorewall starts successfully, the last
message produced by Shorewall 3.0 is "Shorewall Started" and the last message produced by Shorewall 3.0 is "Shorewall Started" and the last
message produced by Shorewall 3.2 in "done.":</para> message produced by Shorewall is "done.":</para>
<blockquote> <blockquote>
<para>Shorewall 3.0:</para> <para></para>
<programlisting>
Activating Rules...
<emphasis role="bold">Shorewall Started</emphasis>
gateway:~#</programlisting>
<para>Shorewall 3.2:</para>
<programlisting> <programlisting>
Activating Rules... Activating Rules...
@ -249,7 +240,7 @@ gateway:~#</programlisting>
similar to this:</para> similar to this:</para>
<blockquote> <blockquote>
<programlisting>Shorewall-3.0.6 Status at gateway - Thu Mar 30 14:07:29 PDT 2006 <programlisting>Shorewall-4.0.6 Status at gateway - Thu Mar 30 14:07:29 PDT 2008
Shorewall is running Shorewall is running
State:Started (Thu Mar 30 14:07:29 PDT 2006)</programlisting> State:Started (Thu Mar 30 14:07:29 PDT 2006)</programlisting>
@ -259,7 +250,7 @@ State:Started (Thu Mar 30 14:07:29 PDT 2006)</programlisting>
similar to this:</para> similar to this:</para>
<blockquote> <blockquote>
<programlisting>Shorewall-3.0.6 Status at gateway - Thu Mar 30 14:08:11 PDT 2006 <programlisting>Shorewall-4.0.6 Status at gateway - Thu Mar 30 14:08:11 PDT 2008
Shorewall is stopped Shorewall is stopped
State:Stopped (Thu Mar 30 14:08:11 PDT 2006)</programlisting> State:Stopped (Thu Mar 30 14:08:11 PDT 2006)</programlisting>

19
web/News.htm
View File

@ -30,7 +30,24 @@ License</a></span>".
</p> </p>
<hr style="width: 100%; height: 2px;"> <hr style="width: 100%; height: 2px;">
<p><strong>2006-10-05 Shorewall 4.2.0</strong></p> <p><strong>2006-10-05 Shorewall 4.2.0</strong></p>
<pre><strong>Release Highlights.<br><br>1) Support is included for multiple internet providers through the same<br> ethernet interface.<br><br>2) Support for NFLOG has been added.<br><br>3) Enhanced operational logging.<br><br>4) The tarball installers now work under Cygwin.<br><br>5) Shorewall-perl now supports IFB devices which allow traffic shaping of<br> incoming traffic.<br><br>6) Shorewall-perl supports definition of u32 traffic classification<br> filters.<br></strong></pre> <pre><strong><span style="font-weight: normal;">Release Highlights.</span><br
style="font-weight: normal;"><br style="font-weight: normal;"><span
style="font-weight: normal;">1) Support is included for multiple internet providers through the same</span><br
style="font-weight: normal;"><span style="font-weight: normal;"> ethernet interface.</span><br
style="font-weight: normal;"><br style="font-weight: normal;"><span
style="font-weight: normal;">2) Support for NFLOG has been added.</span><br
style="font-weight: normal;"><br style="font-weight: normal;"><span
style="font-weight: normal;">3) Enhanced operational logging.</span><br
style="font-weight: normal;"><br style="font-weight: normal;"><span
style="font-weight: normal;">4) The tarball installers now work under Cygwin.</span><br
style="font-weight: normal;"><br style="font-weight: normal;"><span
style="font-weight: normal;">5) Shorewall-perl now supports IFB devices which allow traffic shaping of</span><br
style="font-weight: normal;"><span style="font-weight: normal;"> incoming traffic.</span><br
style="font-weight: normal;"><br style="font-weight: normal;"><span
style="font-weight: normal;">6) Shorewall-perl supports definition of u32 traffic classification</span><br
style="font-weight: normal;"><span style="font-weight: normal;"> filters.</span><br></strong></pre>
<p><strong></strong></p>
<hr style="width: 100%; height: 2px;">
<p><strong>2008-03-29 Shorewall 4.0.10</strong></p> <p><strong>2008-03-29 Shorewall 4.0.10</strong></p>
<p><strong></strong></p> <p><strong></strong></p>
<pre>Problems corrected in Shorewall-perl 4.0.10.<br><br>1)&nbsp; Shorewall-perl 4.0.9 erroneously reported an error message when a<br>&nbsp;&nbsp;&nbsp; bridge port was defined in /etc/shorewall/interfaces:<br><br>&nbsp;&nbsp;&nbsp;&nbsp; ERROR: Your iptables is not recent enough to support bridge ports<br><br>2)&nbsp; Under Shorewall-perl, if an empty action was invoked or was named<br>&nbsp;&nbsp;&nbsp; in one of the DEFAULT_xxx options in shorewall.conf, an<br>&nbsp;&nbsp;&nbsp; iptables-restore error occured.<br><br>3)&nbsp; If $ADMIN was empty, then the rule:<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ACCEPT loc:$ADMIN all<br><br>&nbsp;&nbsp;&nbsp;&nbsp; became<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ACCEPT loc&nbsp;&nbsp; net<br><br>&nbsp;&nbsp;&nbsp;&nbsp; It is now flagged as an error.<br><br>4)&nbsp; Previously, Shorewall-perl would reject an IP address range in the<br>&nbsp;&nbsp;&nbsp; ecn and routestopped files.<br><br>5)&nbsp; A POLICY of ":" in /etc/shorewall/policy would produce Perl<br>&nbsp;&nbsp;&nbsp; run-time errors.<br><br>6)&nbsp; An INTERFACE of ":" in /etc/shorewall/interfaces would produce Perl<br>&nbsp;&nbsp;&nbsp; run-time errors.<br><br>7)&nbsp; A MARK of ":" in /etc/shorewall/tcrules would produce Perl<br>&nbsp;&nbsp;&nbsp; run-time errors.<br><br>Problems corrected in Shorewall-shell 4.0.10.<br><br>1)&nbsp; Specifying a value for ACCEPT_DEFAULT or QUEUE_DEFAULT resulted in<br>&nbsp;&nbsp;&nbsp; a fatal error at compile time.<br><br>Known Problems Remaining.<br><br>1)&nbsp; The 'refresh' command doesn't refresh the mangle table. So changes<br>&nbsp;&nbsp;&nbsp; made to /etc/shorewall/providers and/or /etc/shorewall/tcrules may<br>&nbsp;&nbsp;&nbsp; not be reflected in the running ruleset.<br><br>Other changes in 4.0.10.<br><br>1)&nbsp; The Sample configurations have been updated to set<br>&nbsp;&nbsp;&nbsp; LOG_MARTIANS=keep. In 4.2, this will be changed to<br>&nbsp;&nbsp;&nbsp; LOG_MARTIANS=Yes.<br><br>2)&nbsp; Shorewall-perl now generates a fatal error if a non-existant shell<br>&nbsp;&nbsp;&nbsp; variable is used in any configuration file (except<br>&nbsp;&nbsp;&nbsp; /etc/shorewall/params).<br><br>3)&nbsp; Shorewall-perl now supports an 'l2tp' tunnel type. It opens UDP<br>&nbsp;&nbsp;&nbsp; port 1701 in both directions and assumes that the source port will<br>&nbsp;&nbsp;&nbsp; also be 1701. Some implementations (particularly OS X) use a<br>&nbsp;&nbsp;&nbsp; different source port. In that case, you should use<br>&nbsp;&nbsp;&nbsp; 'generic:udp:1701' rather than 'l2tp'.<br></pre> <pre>Problems corrected in Shorewall-perl 4.0.10.<br><br>1)&nbsp; Shorewall-perl 4.0.9 erroneously reported an error message when a<br>&nbsp;&nbsp;&nbsp; bridge port was defined in /etc/shorewall/interfaces:<br><br>&nbsp;&nbsp;&nbsp;&nbsp; ERROR: Your iptables is not recent enough to support bridge ports<br><br>2)&nbsp; Under Shorewall-perl, if an empty action was invoked or was named<br>&nbsp;&nbsp;&nbsp; in one of the DEFAULT_xxx options in shorewall.conf, an<br>&nbsp;&nbsp;&nbsp; iptables-restore error occured.<br><br>3)&nbsp; If $ADMIN was empty, then the rule:<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ACCEPT loc:$ADMIN all<br><br>&nbsp;&nbsp;&nbsp;&nbsp; became<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ACCEPT loc&nbsp;&nbsp; net<br><br>&nbsp;&nbsp;&nbsp;&nbsp; It is now flagged as an error.<br><br>4)&nbsp; Previously, Shorewall-perl would reject an IP address range in the<br>&nbsp;&nbsp;&nbsp; ecn and routestopped files.<br><br>5)&nbsp; A POLICY of ":" in /etc/shorewall/policy would produce Perl<br>&nbsp;&nbsp;&nbsp; run-time errors.<br><br>6)&nbsp; An INTERFACE of ":" in /etc/shorewall/interfaces would produce Perl<br>&nbsp;&nbsp;&nbsp; run-time errors.<br><br>7)&nbsp; A MARK of ":" in /etc/shorewall/tcrules would produce Perl<br>&nbsp;&nbsp;&nbsp; run-time errors.<br><br>Problems corrected in Shorewall-shell 4.0.10.<br><br>1)&nbsp; Specifying a value for ACCEPT_DEFAULT or QUEUE_DEFAULT resulted in<br>&nbsp;&nbsp;&nbsp; a fatal error at compile time.<br><br>Known Problems Remaining.<br><br>1)&nbsp; The 'refresh' command doesn't refresh the mangle table. So changes<br>&nbsp;&nbsp;&nbsp; made to /etc/shorewall/providers and/or /etc/shorewall/tcrules may<br>&nbsp;&nbsp;&nbsp; not be reflected in the running ruleset.<br><br>Other changes in 4.0.10.<br><br>1)&nbsp; The Sample configurations have been updated to set<br>&nbsp;&nbsp;&nbsp; LOG_MARTIANS=keep. In 4.2, this will be changed to<br>&nbsp;&nbsp;&nbsp; LOG_MARTIANS=Yes.<br><br>2)&nbsp; Shorewall-perl now generates a fatal error if a non-existant shell<br>&nbsp;&nbsp;&nbsp; variable is used in any configuration file (except<br>&nbsp;&nbsp;&nbsp; /etc/shorewall/params).<br><br>3)&nbsp; Shorewall-perl now supports an 'l2tp' tunnel type. It opens UDP<br>&nbsp;&nbsp;&nbsp; port 1701 in both directions and assumes that the source port will<br>&nbsp;&nbsp;&nbsp; also be 1701. Some implementations (particularly OS X) use a<br>&nbsp;&nbsp;&nbsp; different source port. In that case, you should use<br>&nbsp;&nbsp;&nbsp; 'generic:udp:1701' rather than 'l2tp'.<br></pre>