extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-13 13:16:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Web site updates

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2804 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-10-05 18:11:56 +00:00
parent a66d94d609
commit 692dc5bda4
1 changed files with 200 additions and 274 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

474
Shorewall-Website/shorewall_index.htm
View File

@ -1,277 +1,203 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html> <html>
<head> <head>
<meta name="generator" content= <meta name="generator"
"HTML Tidy for Linux (vers 1st April 2002), see www.w3.org"> content="HTML Tidy for Linux (vers 1st April 2002), see www.w3.org">
<meta http-equiv="CONTENT-TYPE" content= <meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8">
"text/html; charset=utf-8"> <title>Shoreline Firewall (Shorewall) 2.0</title>
<base target="_self">
<title>Shoreline Firewall (Shorewall) 2.0</title> <meta name="GENERATOR" content="OpenOffice.org 1.1.1 (Linux)">
<base target="_self"> <meta name="CREATED" content="20040920;15031500">
<meta name="GENERATOR" content="OpenOffice.org 1.1.1 (Linux)"> <meta name="CHANGED" content="20040920;15183300">
<meta name="CREATED" content="20040920;15031500"> </head>
<meta name="CHANGED" content="20040920;15183300"> <body dir="ltr" lang="en-US">
</head> <h1>Shorewall 2.x</h1>
<h2><a href="News.htm#20050717"><font color="#ff0000">Security
<body dir="ltr" lang="en-US"> vulnerability in Shorewall 2.x</font></a></h2>
<h1>Shorewall 2.x</h1> <hr style="width: 100%; height: 2px;">
<p>The information on this site applies only to 2.x releases of
<h2><a href="News.htm#20050717"><font color="#ff0000">Security Shorewall. For older versions:</p>
vulnerability in Shorewall 2.x</font></a></h2> <ul>
<hr style="width: 100%; height: 2px;"> <li>
<p style="margin-bottom: 0in;">The 1.4 site is <a
<p>The information on this site applies only to 2.x releases of href="http://www.shorewall.net/1.4" target="_top">here.</a></p>
Shorewall. For older versions:</p> </li>
<li>
<ul> <p style="margin-bottom: 0in;">The 1.3 site is <a
<li> href="http://www.shorewall.net/1.3" target="_top">here.</a></p>
<p style="margin-bottom: 0in;">The 1.4 site is <a href= </li>
"http://www.shorewall.net/1.4" target="_top">here.</a></p> <li>
</li> <p>The 1.2 site is <a href="http://shorewall.net/1.2/"
target="_top">here</a>.</p>
<li> </li>
<p style="margin-bottom: 0in;">The 1.3 site is <a href= </ul>
"http://www.shorewall.net/1.3" target="_top">here.</a></p> <p>The current 2.4 Stable Release is 2.4.4 -- Here are the <a
</li> href="http://shorewall.net/pub/shorewall/2.4/shorewall-2.4.4/releasenotes.txt">
release notes</a> and here are the <a
<li> href="http://shorewall.net/pub/shorewall/2.4/shorewall-2.4.4/known_problems.txt">
<p>The 1.2 site is <a href="http://shorewall.net/1.2/" known problems</a> and <a
target="_top">here</a>.</p> href="http://shorewall.net/pub/shorewall/2.4/shorewall-2.4.4/errata/">
</li> updates</a>.<br>
</ul> <br>
The current 2.5 Development Release is 2.5.6 -- Here are the <a
<p>The current 2.4 Stable Release is 2.4.4 -- Here are the <a href="http://shorewall.net/pub/shorewall/2.5/shorewall-2.5.6/releasenotes.txt">
href= release notes</a> and the preliminary documentation is <a
"http://shorewall.net/pub/shorewall/2.4/shorewall-2.4.4/releasenotes.txt"> href="http://www1.shorewall.net/3.0/">here</a>.<br>
release notes</a> and here are the <a href= <br>
"http://shorewall.net/pub/shorewall/2.4/shorewall-2.4.4/known_problems.txt"> Copyright © 2001-2005 Thomas M. Eastep</p>
known problems</a> and <a href= <p>Permission is granted to copy, distribute and/or modify this
"http://shorewall.net/pub/shorewall/2.4/shorewall-2.4.4/errata/"> document under the terms of the GNU Free Documentation License, Version
updates</a>.<br> 1.2 or any later version published by the Free Software Foundation;
<br> with no Invariant Sections, with no Front-Cover, and with no Back-Cover
The current 2.5 Development Release is 2.5.6 -- Here are the <a Texts. A copy of the license is included in the section entitled “<a
href= href="GnuCopyright.htm" target="_self">GNU Free Documentation License</a>”.</p>
"http://shorewall.net/pub/shorewall/2.5/shorewall-2.5.6/releasenotes.txt"> <p>2005-09-27</p>
release notes</a> and the preliminary documentation is <a href= <hr style="width: 100%; height: 2px;">
"http://www1.shorewall.net/3.0/index.html">here</a>.<br> <h3>Table of Contents</h3>
<br> <p style="margin-left: 0.42in; margin-bottom: 0in;"><a href="#Intro">Introduction
Copyright © 2001-2005 Thomas M. Eastep</p> to Shorewall</a></p>
<p style="margin-left: 0.83in; margin-bottom: 0in;"><a href="#Glossary">Glossary</a><br>
<p>Permission is granted to copy, distribute and/or modify this <a href="#WhatIs">What is Shorewall?</a><br>
document under the terms of the GNU Free Documentation License, <a href="#GettingStarted">Getting Started with Shorewall</a><br>
Version 1.2 or any later version published by the Free Software <a href="#Info">Looking for Information?</a><br>
Foundation; with no Invariant Sections, with no Front-Cover, <a href="#Mandrake">Running Shorewall on Mandrake® with a two-interface
and with no Back-Cover Texts. A copy of the license is included setup?</a><br>
in the section entitled “<a href="GnuCopyright.htm" target= <a href="#License">License</a><br>
"_self">GNU Free Documentation License</a>”.</p> </p>
<div style="margin-left: 40px;"> <br>
<p>2005-09-17</p> <a href="#Leaf">Leaf</a><br>
<hr style="width: 100%; height: 2px;"> <br>
<a href="#OpenWRT">OpenWRT</a><br>
<h3>Table of Contents</h3> </div>
<p style="margin-left: 40px;"><a href="#Donations">Donations</a></p>
<p style="margin-left: 0.42in; margin-bottom: 0in;"><a href= <h2><a name="Intro"></a>Introduction to Shorewall</h2>
"#Intro">Introduction to Shorewall</a></p> <h3><a name="Glossary"></a>Glossary</h3>
<ul>
<p style="margin-left: 0.83in; margin-bottom: 0in;"><a href= <li>
"#Glossary">Glossary</a><br> <p style="margin-bottom: 0in;"><a href="http://www.netfilter.org/"
<a href="#WhatIs">What is Shorewall?</a><br> target="_top">Netfilter</a> - the packet filter facility built into
<a href="#GettingStarted">Getting Started with the 2.4 and later Linux kernels.</p>
Shorewall</a><br> </li>
<a href="#Info">Looking for Information?</a><br> <li>
<a href="#Mandrake">Running Shorewall on Mandrake® with a <p style="margin-bottom: 0in;">ipchains - the packet filter
two-interface setup?</a><br> facility built into the 2.2 Linux kernels. Also the name of the utility
<a href="#License">License</a><br> program used to configure and control that facility. Netfilter can be
</p> used in ipchains compatibility mode.</p>
</li>
<div style="margin-left: 40px;"> <li>
<br> <p>iptables - the utility program used to configure and control
<a href="#Leaf">Leaf</a><br> Netfilter. The term 'iptables' is often used to refer to the
<br> combination of iptables+Netfilter (with Netfilter not in ipchains
<a href="#OpenWRT">OpenWRT</a><br> compatibility mode).</p>
</div> </li>
</ul>
<p style="margin-left: 40px;"><a href= <h3><a name="WhatIs"></a>What is Shorewall?</h3>
"#Donations">Donations</a></p> <p style="margin-left: 0.42in;">The Shoreline Firewall, more commonly
known as "Shorewall", is a high-level tool for configuring Netfilter.
<h2><a name="Intro"></a>Introduction to Shorewall</h2> You describe your firewall/gateway requirements using entries in a set
of configuration files. Shorewall reads those configuration files and
<h3><a name="Glossary"></a>Glossary</h3> with the help of the iptables utility, Shorewall configures Netfilter
to match your requirements. Shorewall can be used on a dedicated
<ul> firewall system, a multi-function gateway/router/server or on a
<li> standalone GNU/Linux system. Shorewall does not use Netfilter's
<p style="margin-bottom: 0in;"><a href= ipchains compatibility mode and can thus take advantage of Netfilter's <a
"http://www.netfilter.org/" target="_top">Netfilter</a> - href="http://www.cs.princeton.edu/%7Ejns/security/iptables/iptables_conntrack.html"
the packet filter facility built into the 2.4 and later target="_top">connection state tracking capabilities</a>.<br>
Linux kernels.</p> <br>
</li> Shorewall is <u>not</u> a daemon. Once Shorewall has configured
Netfilter, it's job is complete. After that, there is no Shorewall code
<li> running although the <a href="starting_and_stopping_shorewall.htm">/sbin/shorewall
<p style="margin-bottom: 0in;">ipchains - the packet filter program can be used at any time to monitor the Netfilter firewall</a>.<br>
facility built into the 2.2 Linux kernels. Also the name of </p>
the utility program used to configure and control that <p style="margin-left: 0.42in;">Shorewall is not the easiest to use of
facility. Netfilter can be used in ipchains compatibility the available iptables configuration tools but I believe that it is the
mode.</p> most flexible and powerful. So if you are looking for a simple
</li> point-and-click set-and-forget Linux firewall solution that requires a
minimum of networking knowledge, I would encourage you to check out the
<li> following alternatives:</p>
<p>iptables - the utility program used to configure and <ul style="margin-left: 40px;">
control Netfilter. The term 'iptables' is often used to <li><a href="http://www.m0n0.ch/wall">http://www.m0n0.ch/wall</a></li>
refer to the combination of iptables+Netfilter (with <li><a href="http://www.fs-security.com/">http://www.fs-security.com/</a><br>
Netfilter not in ipchains compatibility mode).</p> </li>
</li> </ul>
</ul> <p style="margin-left: 0.42in;">On the other hand, if you are looking
for a Linux firewall solution that can handle complex and fast changing
<h3><a name="WhatIs"></a>What is Shorewall?</h3> network environments then Shorewall is a logical choice.<br>
</p>
<p style="margin-left: 0.42in;">The Shoreline Firewall, more <h3><a name="GettingStarted"></a>Getting Started with Shorewall</h3>
commonly known as "Shorewall", is a high-level tool for <p style="margin-left: 0.42in;">New to Shorewall? Start by selecting
configuring Netfilter. You describe your firewall/gateway the <a href="shorewall_quickstart_guide.htm">QuickStart Guide</a> that
requirements using entries in a set of configuration files. most closely matches your environment and follow the step by step
Shorewall reads those configuration files and with the help of instructions.</p>
the iptables utility, Shorewall configures Netfilter to match <h3><a name="Info"></a>Looking for Information?</h3>
your requirements. Shorewall can be used on a dedicated <p style="margin-left: 0.42in;">The <a href="Documentation_Index.html">Documentation
firewall system, a multi-function gateway/router/server or on a Index</a> is a good place to start as is the Site Search in the frame
standalone GNU/Linux system. Shorewall does not use Netfilter's above.<br>
ipchains compatibility mode and can thus take advantage of </p>
Netfilter's <a href= <h3><a name="Mandrake"></a>Running Shorewall on Mandrake® with a
"http://www.cs.princeton.edu/%7Ejns/security/iptables/iptables_conntrack.html" two-interface setup?</h3>
target="_top">connection state tracking capabilities</a>.<br> <p style="margin-left: 0.42in;">If so, the documentation on this site
<br> will not apply directly to your setup. If you want to use the
Shorewall is <u>not</u> a daemon. Once Shorewall has configured documentation that you find here, you will want to consider
Netfilter, it's job is complete. After that, there is no uninstalling what you have and installing a setup that matches the
Shorewall code running although the <a href= documentation on this site. See the <a href="two-interface.htm">Two-interface
"starting_and_stopping_shorewall.htm">/sbin/shorewall program QuickStart Guide</a> for details.<br>
can be used at any time to monitor the Netfilter <br>
firewall</a>.<br> <b>Update:</b> I have been informed by Mandrake Development that this
</p> problem has been corrected in Mandrake 10.0 Final (the problem still
exists in the 10.0 Community release).</p>
<p style="margin-left: 0.42in;">Shorewall is not the easiest to <h3><a name="License"></a>License</h3>
use of the available iptables configuration tools but I believe <p style="margin-left: 0.42in;">This program is free software; you can
that it is the most flexible and powerful. So if you are redistribute it and/or modify it under the terms of <a
looking for a simple point-and-click set-and-forget Linux href="http://www.gnu.org/licenses/gpl.html">Version 2 of the GNU
firewall solution that requires a minimum of networking General Public License</a> as published by the Free Software Foundation.</p>
knowledge, I would encourage you to check out the following <p style="margin-left: 0.42in;">This program is distributed in the hope
alternatives:</p> that it will be useful, but WITHOUT ANY WARRANTY; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
<ul style="margin-left: 40px;"> PURPOSE. See the GNU General Public License for more detail.</p>
<li><a href= <p style="margin-left: 0.42in;">You should have received a copy of the
"http://www.m0n0.ch/wall">http://www.m0n0.ch/wall</a></li> GNU General Public License along with this program; if not, write to
the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
<li><a href= USA</p>
"http://www.fs-security.com/">http://www.fs-security.com/</a><br> <p style="margin-left: 0.42in;">Permission is granted to copy,
distribute and/or modify this document under the terms of the GNU Free
</li> Documentation License, Version 1.2 or any later version published by
</ul> the Free Software Foundation; with no Invariant Sections, with no
Front-Cover, and with no Back-Cover Texts. A copy of the license is
<p style="margin-left: 0.42in;">On the other hand, if you are included in the section entitled "GNU Free Documentation License".</p>
looking for a Linux firewall solution that can handle complex <hr>
and fast changing network environments then Shorewall is a <h2><a name="Leaf"></a>Leaf</h2>
logical choice.<br> <p><a href="http://leaf.sourceforge.net/" target="_top"><font
</p> color="#000000"><img src="images/leaflogo.gif" name="Graphic1"
alt="(Leaf Logo)" align="bottom" border="1" height="39" width="52"></font></a>
<h3><a name="GettingStarted"></a>Getting Started with LEAF is an open source project which provides a Firewall/router on a
Shorewall</h3> floppy, CD or CF. Several LEAF distributions including Bering and
Bering-uClibc use Shorewall as their Netfilter configuration tool.</p>
<p style="margin-left: 0.42in;">New to Shorewall? Start by <hr style="width: 100%; height: 2px;">
selecting the <a href= <h2><a name="OpenWRT"></a>OpenWRT</h2>
"shorewall_quickstart_guide.htm">QuickStart Guide</a> that most <a href="http://openwrt.org"><img alt="(OpenWRT Logo)"
closely matches your environment and follow the step by step src="images/openwrt.png"
instructions.</p> style="border: 0px solid ; width: 88px; height: 31px;" hspace="4"></a>OpenWRT
is a project which provides open source firmware for Linksys WRT54G
<h3><a name="Info"></a>Looking for Information?</h3> wireless routers. Two different Shorewall packages are available for
OpenWRT.<br>
<p style="margin-left: 0.42in;">The <a href= <hr>
"Documentation_Index.html">Documentation Index</a> is a good <h2><a name="Donations"></a>Donations</h2>
place to start as is the Site Search in the frame above.<br> <p align="left"><a href="http://www.alz.org/" target="_top"><font
</p> color="#000000"><img src="images/alz_logo2.gif" name="Graphic2"
alt="(Alzheimer's Association Logo)" align="right" border="1"
<h3><a name="Mandrake"></a>Running Shorewall on Mandrake® with height="63" width="303"></font></a><a href="http://www.starlight.org/"
a two-interface setup?</h3> target="_top"><font color="#000000"><img src="images/newlog.gif"
name="Graphic3" alt="(Starlight Foundation Logo)" align="right"
<p style="margin-left: 0.42in;">If so, the documentation on border="1" height="105" width="62"></font></a><font size="4">Shorewall
this site will not apply directly to your setup. If you want to is free but if you try it and find it useful, please consider making a
use the documentation that you find here, you will want to donation to the <a href="http://www.alz.org/" target="_top">Alzheimer's
consider uninstalling what you have and installing a setup that Association</a> or to the <a href="http://www.starlight.org/"
matches the documentation on this site. See the <a href= target="_top">Starlight Children's Foundation</a>.</font></p>
"two-interface.htm">Two-interface QuickStart Guide</a> for <p align="left"><font size="4">Thank You<br>
details.<br> </font></p>
<br> <p align="left"><br>
<b>Update:</b> I have been informed by Mandrake Development <br>
that this problem has been corrected in Mandrake 10.0 Final </p>
(the problem still exists in the 10.0 Community release).</p> </body>
<h3><a name="License"></a>License</h3>
<p style="margin-left: 0.42in;">This program is free software;
you can redistribute it and/or modify it under the terms of <a
href="http://www.gnu.org/licenses/gpl.html">Version 2 of the
GNU General Public License</a> as published by the Free
Software Foundation.</p>
<p style="margin-left: 0.42in;">This program is distributed in
the hope that it will be useful, but WITHOUT ANY WARRANTY;
without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more detail.</p>
<p style="margin-left: 0.42in;">You should have received a copy
of the GNU General Public License along with this program; if
not, write to the Free Software Foundation, Inc., 675 Mass Ave,
Cambridge, MA 02139, USA</p>
<p style="margin-left: 0.42in;">Permission is granted to copy,
distribute and/or modify this document under the terms of the
GNU Free Documentation License, Version 1.2 or any later
version published by the Free Software Foundation; with no
Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section
entitled "GNU Free Documentation License".</p>
<hr>
<h2><a name="Leaf"></a>Leaf</h2>
<p><a href="http://leaf.sourceforge.net/" target="_top"><font
color="#000000"><img src="images/leaflogo.gif" name="Graphic1"
alt="(Leaf Logo)" align="bottom" border="1" height="39" width=
"52"></font></a> LEAF is an open source project which provides
a Firewall/router on a floppy, CD or CF. Several LEAF
distributions including Bering and Bering-uClibc use Shorewall
as their Netfilter configuration tool.</p>
<hr style="width: 100%; height: 2px;">
<h2><a name="OpenWRT"></a>OpenWRT</h2>
<a href="http://openwrt.org"><img alt="(OpenWRT Logo)" src=
"images/openwrt.png" style=
"border: 0px solid ; width: 88px; height: 31px;" hspace=
"4"></a>OpenWRT is a project which provides open source
firmware for Linksys WRT54G wireless routers. Two different
Shorewall packages are available for OpenWRT.<br>
<hr>
<h2><a name="Donations"></a>Donations</h2>
<p align="left"><a href="http://www.alz.org/" target=
"_top"><font color="#000000"><img src="images/alz_logo2.gif"
name="Graphic2" alt="(Alzheimer's Association Logo)" align=
"right" border="1" height="63" width="303"></font></a><a href=
"http://www.starlight.org/" target="_top"><font color=
"#000000"><img src="images/newlog.gif" name="Graphic3" alt=
"(Starlight Foundation Logo)" align="right" border="1" height=
"105" width="62"></font></a><font size="4">Shorewall is free
but if you try it and find it useful, please consider making a
donation to the <a href="http://www.alz.org/" target=
"_top">Alzheimer's Association</a> or to the <a href=
"http://www.starlight.org/" target="_top">Starlight Children's
Foundation</a>.</font></p>
<p align="left"><font size="4">Thank You<br>
</font></p>
<p align="left"><br>
<br>
</p>
</body>
</html> </html>