-
-
-
-
-
-
-
-
-
-
-
-
What is it?
@@ -120,11 +121,11 @@
-
- The Shoreline Firewall, more commonly known as "Shorewall", is a
- Netfilter (iptables) based firewall
- that can be used on a dedicated firewall system, a multi-function
- gateway/router/server or on a standalone GNU/Linux system.
+
+ The Shoreline Firewall, more commonly known as "Shorewall", is
+a Netfilter (iptables) based
+firewall that can be used on a dedicated firewall system, a multi-function
+ gateway/router/server or on a standalone GNU/Linux system.
@@ -136,29 +137,29 @@
-
- This program is free software; you can redistribute it and/or modify
- it under the terms
- of Version
-2 of the GNU General Public License as published by the Free Software
- Foundation.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms
+ of Version
+ 2 of the GNU General Public License as published by the Free Software
+ Foundation.
-
+
- This program is distributed
- in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied
- warranty of MERCHANTABILITY or FITNESS FOR A
-PARTICULAR PURPOSE. See the GNU General Public License
+ This program is distributed
+ in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied
+ warranty of MERCHANTABILITY or FITNESS FOR A
+PARTICULAR PURPOSE. See the GNU General Public License
for more details.
-
+
- You should have received
-a copy of the GNU General Public License
- along with this program; if not, write to the
- Free Software Foundation, Inc., 675 Mass
-Ave, Cambridge, MA 02139, USA
+ You should have received
+ a copy of the GNU General Public License
+ along with this program; if not, write to
+the Free Software Foundation, Inc., 675 Mass
+ Ave, Cambridge, MA 02139, USA
@@ -170,7 +171,7 @@ Ave, Cambridge, MA 02139, USA
-
+
Copyright 2001, 2002, 2003 Thomas M. Eastep
@@ -183,21 +184,21 @@ Ave, Cambridge, MA 02139, USA
-
+
- Jacques Nilo and
- Eric Wolzak have a LEAF (router/firewall/gateway
- on a floppy, CD or compact flash) distribution called
- Bering that features Shorewall-1.3.14
- and Kernel-2.4.20. You can find their work at:
- http://leaf.sourceforge.net/devel/jnilo
-
-
- Congratulations to Jacques and Eric on the recent release of Bering
-1.1!!!
-
+ Jacques Nilo and
+ Eric Wolzak have a LEAF (router/firewall/gateway
+ on a floppy, CD or compact flash) distribution called
+ Bering that features Shorewall-1.3.14
+ and Kernel-2.4.20. You can find their work at:
+ http://leaf.sourceforge.net/devel/jnilo
+
+
+ Congratulations to Jacques and Eric on the recent release of
+Bering 1.1!!!
+
@@ -207,9 +208,9 @@ Ave, Cambridge, MA 02139, USA
-
- This is a mirror of the main Shorewall web site at SourceForge (http://shorewall.sf.net)
+
+ This is a mirror of the main Shorewall web site at SourceForge
+(http://shorewall.sf.net)
@@ -223,7 +224,8 @@ Ave, Cambridge, MA 02139, USA
-
+
+
News
@@ -236,7 +238,7 @@ Ave, Cambridge, MA 02139, USA
-
+
@@ -246,114 +248,112 @@ Ave, Cambridge, MA 02139, USA
-
+
3/14/2003 - Shorewall 1.4.0 
-
+
-
+
- Shorewall 1.4 represents the next step in the evolution of Shorewall.
- The main thrust of the initial release is simply to remove the cruft that
- has accumulated in Shorewall over time.
- IMPORTANT: Shorewall 1.4.0 REQUIRES the iproute
-package ('ip' utility).
-
- Function from 1.3 that has been omitted from this version include:
-
+ Shorewall 1.4 represents the next step in the evolution of Shorewall.
+ The main thrust of the initial release is simply to remove the cruft that
+ has accumulated in Shorewall over time.
+
+ IMPORTANT: Shorewall 1.4.0 requires the iproute package
+ ('ip' utility).
+
+ Function from 1.3 that has been omitted from this version include:
+
- - The "check" command is no longer supported.
-
-
- - The MERGE_HOSTS variable in shorewall.conf is no longer supported.
- Shorewall 1.4 behavior is the same as 1.3 with MERGE_HOSTS=Yes.
-
-
- - Interface names of the form <device>:<integer>
+
- The MERGE_HOSTS variable in shorewall.conf is
+no longer supported. Shorewall 1.4 behavior is the same as 1.3 with MERGE_HOSTS=Yes.
+
+
+ - Interface names of the form <device>:<integer>
in /etc/shorewall/interfaces now generate an error.
-
-
- - Shorewall 1.4 implements behavior consistent with OLD_PING_HANDLING=No.
- OLD_PING_HANDLING=Yes will generate an error at startup as will specification
+
+
+ - Shorewall 1.4 implements behavior consistent with OLD_PING_HANDLING=No.
+ OLD_PING_HANDLING=Yes will generate an error at startup as will specification
of the 'noping' or 'filterping' interface options.
-
-
- - The 'routestopped' option in the /etc/shorewall/interfaces
- and /etc/shorewall/hosts files is no longer supported and will generate
+
+
+ - The 'routestopped' option in the /etc/shorewall/interfaces
+ and /etc/shorewall/hosts files is no longer supported and will generate
an error at startup if specified.
-
-
- - The Shorewall 1.2 syntax for DNAT and REDIRECT rules is
-no longer accepted.
-
-
- - The ALLOWRELATED variable in shorewall.conf is no longer
+
+
+ - The Shorewall 1.2 syntax for DNAT and REDIRECT rules is
+ no longer accepted.
+
+
+ - The ALLOWRELATED variable in shorewall.conf is no longer
supported. Shorewall 1.4 behavior is the same as 1.3 with ALLOWRELATED=Yes.
+
+
+ - The icmp.def file has been removed.
- - The icmp.def file has been removed.
-
-
- - The 'multi' interface option is no longer supported.
- Shorewall will generate rules for sending packets back out the same interface
- that they arrived on in two cases:
-
+ - The 'multi' interface option is no longer supported.
+ Shorewall will generate rules for sending packets back out the same interface
+ that they arrived on in two cases:
+
-
+
- - There is an explicit policy for the source zone to
-or from the destination zone. An explicit policy names both zones and does
-not use the 'all' reserved word.
- - There are one or more rules for traffic for the source zone
- to or from the destination zone including rules that use the 'all' reserved
- word. Exception: if the source zone and destination zone are the same then
- the rule must be explicit - it must name the zone in both the SOURCE and
-DESTINATION columns.
-
-
+ - There is an explicit policy for the source zone to
+or from the destination zone. An explicit policy names both zones and does
+ not use the 'all' reserved word.
+ - There are one or more rules for traffic for the source zone
+ to or from the destination zone including rules that use the 'all' reserved
+ word. Exception: if the source zone and destination zone are the same then
+ the rule must be explicit - it must name the zone in both the SOURCE and
+ DESTINATION columns.
+
+
-
+
-
+
- Changes for 1.4 include:
-
+ Changes for 1.4 include:
+
- - The /etc/shorewall/shorewall.conf file has been completely
+
- The /etc/shorewall/shorewall.conf file has been completely
reorganized into logical sections.
-
-
- - LOG is now a valid action for a rule (/etc/shorewall/rules).
-
-
- - The firewall script and version file are now installed
+
+
+ - LOG is now a valid action for a rule (/etc/shorewall/rules).
+
+
+ - The firewall script and version file are now installed
in /usr/share/shorewall.
-
-
- - Late arriving DNS replies are now silently dropped in the
- common chain by default.
-
-
- - In addition to behaving like OLD_PING_HANDLING=No, Shorewall
- 1.4 no longer unconditionally accepts outbound ICMP packets. So if you
-want to 'ping' from the firewall, you will need the appropriate rule or
-policy.
-
-
- - 802.11b devices with names of the form wlan<n>
+
+
+ - Late arriving DNS replies are now silently dropped in
+the common chain by default.
+
+
+ - In addition to behaving like OLD_PING_HANDLING=No, Shorewall
+ 1.4 no longer unconditionally accepts outbound ICMP packets. So if you want
+ to 'ping' from the firewall, you will need the appropriate rule or policy.
+
+
+ - 802.11b devices with names of the form wlan<n>
now support the 'maclist' option.
-
-
+
+
-
+
+
@@ -361,7 +361,8 @@ policy.
-
+
+
More News
@@ -374,44 +375,44 @@ policy.
-
+
Donations
- |
+
- M |
-
+
-
- 
- Shorewall 1.4 - "iptables
- made easy"
-