diff --git a/Shorewall-docs/seattlefirewall_index.htm b/Shorewall-docs/seattlefirewall_index.htm index 968f18c18..4f5278974 100644 --- a/Shorewall-docs/seattlefirewall_index.htm +++ b/Shorewall-docs/seattlefirewall_index.htm @@ -6,7 +6,7 @@ - + Shoreline Firewall (Shorewall) 1.4 @@ -15,24 +15,25 @@ - + - + - + - + - + + + + + + + + + + +
+ + @@ -41,16 +42,62 @@ - - +

Shorwall Logo - Shorewall 1.4 - "iptables - made easy"

+ Shorewall 1.4 - "iptables + made easy" + + + + + + + + + + + +
Shorewall 1.3 Site here
+ +
+ +
+ +
+ + + + +
+ +
+ + + + + + + + - - - - - - - - - - -
@@ -62,52 +109,6 @@ - - -
- -
- - - - -
- -
- - - - - - - - + - - + - - - + + +
- - - - - - - - - -

What is it?

@@ -120,11 +121,11 @@ - -

The Shoreline Firewall, more commonly known as "Shorewall", is a - Netfilter (iptables) based firewall - that can be used on a dedicated firewall system, a multi-function - gateway/router/server or on a standalone GNU/Linux system.

+ +

The Shoreline Firewall, more commonly known as "Shorewall", is +a Netfilter (iptables) based +firewall that can be used on a dedicated firewall system, a multi-function + gateway/router/server or on a standalone GNU/Linux system.

@@ -136,29 +137,29 @@ - -

This program is free software; you can redistribute it and/or modify - it under the terms - of Version -2 of the GNU General Public License as published by the Free Software - Foundation.
+ +

This program is free software; you can redistribute it and/or modify + it under the terms + of Version + 2 of the GNU General Public License as published by the Free Software + Foundation.
-
+
- This program is distributed - in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied - warranty of MERCHANTABILITY or FITNESS FOR A -PARTICULAR PURPOSE. See the GNU General Public License + This program is distributed + in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied + warranty of MERCHANTABILITY or FITNESS FOR A +PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
+
- You should have received -a copy of the GNU General Public License - along with this program; if not, write to the - Free Software Foundation, Inc., 675 Mass -Ave, Cambridge, MA 02139, USA

+ You should have received + a copy of the GNU General Public License + along with this program; if not, write to +the Free Software Foundation, Inc., 675 Mass + Ave, Cambridge, MA 02139, USA

@@ -170,7 +171,7 @@ Ave, Cambridge, MA 02139, USA

- +

Copyright 2001, 2002, 2003 Thomas M. Eastep

@@ -183,21 +184,21 @@ Ave, Cambridge, MA 02139, USA

- +

- Jacques Nilo and - Eric Wolzak have a LEAF (router/firewall/gateway - on a floppy, CD or compact flash) distribution called - Bering that features Shorewall-1.3.14 - and Kernel-2.4.20. You can find their work at: - http://leaf.sourceforge.net/devel/jnilo
-

- -

Congratulations to Jacques and Eric on the recent release of Bering -1.1!!!
-

+ Jacques Nilo and + Eric Wolzak have a LEAF (router/firewall/gateway + on a floppy, CD or compact flash) distribution called + Bering that features Shorewall-1.3.14 + and Kernel-2.4.20. You can find their work at: + http://leaf.sourceforge.net/devel/jnilo
+

+ +

Congratulations to Jacques and Eric on the recent release of +Bering 1.1!!!
+

@@ -207,9 +208,9 @@ Ave, Cambridge, MA 02139, USA

- -

This is a mirror of the main Shorewall web site at SourceForge (http://shorewall.sf.net)

+ +

This is a mirror of the main Shorewall web site at SourceForge +(http://shorewall.sf.net)

@@ -223,7 +224,8 @@ Ave, Cambridge, MA 02139, USA

- + +

News

@@ -236,7 +238,7 @@ Ave, Cambridge, MA 02139, USA

- +

@@ -246,114 +248,112 @@ Ave, Cambridge, MA 02139, USA

- +

3/14/2003 - Shorewall 1.4.0 (New) -

+

- +

- Shorewall 1.4 represents the next step in the evolution of Shorewall. - The main thrust of the initial release is simply to remove the cruft that - has accumulated in Shorewall over time.
- IMPORTANT: Shorewall 1.4.0 REQUIRES the iproute -package ('ip' utility).
-
- Function from 1.3 that has been omitted from this version include:
- + Shorewall 1.4 represents the next step in the evolution of Shorewall. + The main thrust of the initial release is simply to remove the cruft that + has accumulated in Shorewall over time.

+ IMPORTANT: Shorewall 1.4.0 requires the iproute package + ('ip' utility).
+
+ Function from 1.3 that has been omitted from this version include:
+
    -
  1. The "check" command is no longer supported.
    -
    -
  2. -
  3. The MERGE_HOSTS variable in shorewall.conf is no longer supported. - Shorewall 1.4 behavior is the same as 1.3 with MERGE_HOSTS=Yes.
    -
    -
  4. -
  5. Interface names of the form <device>:<integer> +
  6. The MERGE_HOSTS variable in shorewall.conf is +no longer supported. Shorewall 1.4 behavior is the same as 1.3 with MERGE_HOSTS=Yes.
    +
    +
  7. +
  8. Interface names of the form <device>:<integer> in /etc/shorewall/interfaces now generate an error.
    -
    -
  9. -
  10. Shorewall 1.4 implements behavior consistent with OLD_PING_HANDLING=No. - OLD_PING_HANDLING=Yes will generate an error at startup as will specification +
    +
  11. +
  12. Shorewall 1.4 implements behavior consistent with OLD_PING_HANDLING=No. + OLD_PING_HANDLING=Yes will generate an error at startup as will specification of the 'noping' or 'filterping' interface options.
    -
    -
  13. -
  14. The 'routestopped' option in the /etc/shorewall/interfaces - and /etc/shorewall/hosts files is no longer supported and will generate +
    +
  15. +
  16. The 'routestopped' option in the /etc/shorewall/interfaces + and /etc/shorewall/hosts files is no longer supported and will generate an error at startup if specified.
    -
    -
  17. -
  18. The Shorewall 1.2 syntax for DNAT and REDIRECT rules is -no longer accepted.
    -
    -
  19. -
  20. The ALLOWRELATED variable in shorewall.conf is no longer +
    +
  21. +
  22. The Shorewall 1.2 syntax for DNAT and REDIRECT rules is + no longer accepted.
    +
    +
  23. +
  24. The ALLOWRELATED variable in shorewall.conf is no longer supported. Shorewall 1.4 behavior is the same as 1.3 with ALLOWRELATED=Yes.
    +
    +
  25. +
  26. The icmp.def file has been removed.

  27. -
  28. The icmp.def file has been removed.
    -
    -
  29. -
  30. The 'multi' interface option is no longer supported. -  Shorewall will generate rules for sending packets back out the same interface - that they arrived on in two cases:
  31. - +
  32. The 'multi' interface option is no longer supported. +  Shorewall will generate rules for sending packets back out the same interface + that they arrived on in two cases:
  33. +
- +
    -
  • There is an explicit policy for the source zone to -or from the destination zone. An explicit policy names both zones and does -not use the 'all' reserved word.
  • -
  • There are one or more rules for traffic for the source zone - to or from the destination zone including rules that use the 'all' reserved - word. Exception: if the source zone and destination zone are the same then - the rule must be explicit - it must name the zone in both the SOURCE and -DESTINATION columns.
    -
  • - +
  • There is an explicit policy for the source zone to +or from the destination zone. An explicit policy names both zones and does + not use the 'all' reserved word.
  • +
  • There are one or more rules for traffic for the source zone + to or from the destination zone including rules that use the 'all' reserved + word. Exception: if the source zone and destination zone are the same then + the rule must be explicit - it must name the zone in both the SOURCE and + DESTINATION columns.
    +
  • +
- +
    - +
- Changes for 1.4 include:
- + Changes for 1.4 include:
+
    -
  1. The /etc/shorewall/shorewall.conf file has been completely +
  2. The /etc/shorewall/shorewall.conf file has been completely reorganized into logical sections.
    -
    -
  3. -
  4. LOG is now a valid action for a rule (/etc/shorewall/rules).
    -
    -
  5. -
  6. The firewall script and version file are now installed +
    +
  7. +
  8. LOG is now a valid action for a rule (/etc/shorewall/rules).
    +
    +
  9. +
  10. The firewall script and version file are now installed in /usr/share/shorewall.
    -
    -
  11. -
  12. Late arriving DNS replies are now silently dropped in the - common chain by default.
    -
    -
  13. -
  14. In addition to behaving like OLD_PING_HANDLING=No, Shorewall - 1.4 no longer unconditionally accepts outbound ICMP packets. So if you -want to 'ping' from the firewall, you will need the appropriate rule or -policy.
    -
    -
  15. -
  16. 802.11b devices with names of the form wlan<n> +
    +
  17. +
  18. Late arriving DNS replies are now silently dropped in +the common chain by default.
    +
    +
  19. +
  20. In addition to behaving like OLD_PING_HANDLING=No, Shorewall + 1.4 no longer unconditionally accepts outbound ICMP packets. So if you want + to 'ping' from the firewall, you will need the appropriate rule or policy.
    +
    +
  21. +
  22. 802.11b devices with names of the form wlan<n> now support the 'maclist' option.
    -
  23. - + +
- + +
    - +
@@ -361,7 +361,8 @@ policy.
- + +

More News

@@ -374,44 +375,44 @@ policy.
- +

Donations

-
M
-
+
-
+ - + - + - + - + +

Shorewall is free +but if you try it and find it useful, please consider making a donation + to Starlight +Children's Foundation. Thanks!

- + + + - - + +
+ @@ -420,12 +421,13 @@ policy.
- + +

-  

+  

@@ -436,35 +438,33 @@ policy.
- -

Shorewall is free but -if you try it and find it useful, please consider making a donation - to Starlight Children's -Foundation. Thanks!

-
- -

Updated 2/18/2003 - Tom Eastep - -
-

-
-
-
+ +

Updated 2/28/2003 - Tom Eastep + +
+

diff --git a/Shorewall-docs/sourceforge_index.htm b/Shorewall-docs/sourceforge_index.htm index aa2eb2ce9..2ffeb52db 100644 --- a/Shorewall-docs/sourceforge_index.htm +++ b/Shorewall-docs/sourceforge_index.htm @@ -6,7 +6,8 @@ - + + Shoreline Firewall (Shorewall) 1.4 @@ -16,24 +17,24 @@ - + - + - + - + - - + + - - + +
+ @@ -43,15 +44,15 @@ - +

Shorwall Logo - Shorewall 1.4 - "iptables - made easy"Shorewall 1.4 - "iptables + made easy"

@@ -63,35 +64,35 @@ - +
Shorewall 1.3 Site here
-
- -
- -
- + +
+ +
+ - + - + - + - + - + - - + +
+ @@ -102,7 +103,7 @@ - +

What is it?

@@ -116,12 +117,12 @@ - -

The Shoreline Firewall, more commonly known as  "Shorewall", is - a Netfilter (iptables) - based firewall that can be used on a dedicated firewall system, - a multi-function gateway/router/server or on a standalone -GNU/Linux system.

+ +

The Shoreline Firewall, more commonly known as  "Shorewall", is + a Netfilter (iptables) + based firewall that can be used on a dedicated firewall system, + a multi-function gateway/router/server or on a standalone GNU/Linux + system.

@@ -134,28 +135,29 @@ GNU/Linux system.

-

This program is free software; you can redistribute it and/or modify - it under the terms - of Version - 2 of the GNU General Public License as published by the Free Software + +

This program is free software; you can redistribute it and/or modify + it under the terms + of Version + 2 of the GNU General Public License as published by the Free Software Foundation.
-
+
- This program is distributed - in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied - warranty of MERCHANTABILITY or FITNESS FOR -A PARTICULAR PURPOSE. See the GNU General Public License - for more details.
+ This program is distributed + in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied + warranty of MERCHANTABILITY or FITNESS FOR A + PARTICULAR PURPOSE. See the GNU General Public License + for more details.
-
+
- You should have received - a copy of the GNU General Public License - along with this program; if not, write to - the Free Software Foundation, Inc., 675 Mass - Ave, Cambridge, MA 02139, USA

+ You should have received + a copy of the GNU General Public License + along with this program; if not, write to + the Free Software Foundation, Inc., 675 + Mass Ave, Cambridge, MA 02139, USA

@@ -168,6 +170,7 @@ A PARTICULAR PURPOSE. See the GNU General Public License +

Copyright 2001, 2002, 2003 Thomas M. Eastep

@@ -181,25 +184,25 @@ A PARTICULAR PURPOSE. See the GNU General Public License - +

- Jacques Nilo - and Eric Wolzak have a LEAF (router/firewall/gateway - on a floppy, CD or compact flash) distribution - called Bering that features - Shorewall-1.3.14 and Kernel-2.4.20. You can find - their work at: Jacques Nilo + and Eric Wolzak have a LEAF (router/firewall/gateway + on a floppy, CD or compact flash) distribution + called Bering that features + Shorewall-1.3.14 and Kernel-2.4.20. You can find + their work at: http://leaf.sourceforge.net/devel/jnilo

- - + + - Congratulations to Jacques and Eric - on the recent release of Bering 1.1!!!
- + Congratulations to Jacques and +Eric on the recent release of Bering 1.1!!!
+

News

@@ -215,105 +218,105 @@ A PARTICULAR PURPOSE. See the GNU General Public License - +

3/14/2003 - Shorewall 1.4.0 (New) -

- Shorewall 1.4 represents the - next step in the evolution of Shorewall. The main thrust of the initial -release is simply to remove the cruft that has accumulated in Shorewall -over time.
- IMPORTANT: Shorewall 1.4.0 REQUIRES the iproute package -('ip' utility).
-
- Function from 1.3 that has been omitted from this version include:
- +

+ Shorewall 1.4 represents the + next step in the evolution of Shorewall. The main thrust of the initial +release is simply to remove the cruft that has accumulated in Shorewall over +time.
+
+ IMPORTANT: Shorewall 1.4.0 requires the iproute package + ('ip' utility).
+
+ Function from 1.3 that has been omitted from this version include:
+
    -
  1. The "check" command is no longer supported.
    -
    -
  2. -
  3. The MERGE_HOSTS variable in shorewall.conf is no longer supported. - Shorewall 1.4 behavior is the same as 1.3 with MERGE_HOSTS=Yes.
    -
    -
  4. -
  5. Interface names of the form <device>:<integer> - in /etc/shorewall/interfaces now generate an error.
    -
    -
  6. -
  7. Shorewall 1.4 implements behavior consistent with OLD_PING_HANDLING=No. - OLD_PING_HANDLING=Yes will generate an error at startup as will specification +
  8. The MERGE_HOSTS variable in shorewall.conf is +no longer supported. Shorewall 1.4 behavior is the same as 1.3 with MERGE_HOSTS=Yes.
    +
    +
  9. +
  10. Interface names of the form <device>:<integer> + in /etc/shorewall/interfaces now generate an error.
    +
    +
  11. +
  12. Shorewall 1.4 implements behavior consistent with OLD_PING_HANDLING=No. + OLD_PING_HANDLING=Yes will generate an error at startup as will specification of the 'noping' or 'filterping' interface options.
    -
    -
  13. -
  14. The 'routestopped' option in the /etc/shorewall/interfaces - and /etc/shorewall/hosts files is no longer supported and will generate -an error at startup if specified.
    -
    -
  15. -
  16. The Shorewall 1.2 syntax for DNAT and REDIRECT rules is +
    +
  17. +
  18. The 'routestopped' option in the /etc/shorewall/interfaces + and /etc/shorewall/hosts files is no longer supported and will generate + an error at startup if specified.
    +
    +
  19. +
  20. The Shorewall 1.2 syntax for DNAT and REDIRECT rules is no longer accepted.
    -
    -
  21. -
  22. The ALLOWRELATED variable in shorewall.conf is no longer -supported. Shorewall 1.4 behavior is the same as 1.3 with ALLOWRELATED=Yes.
    +
    +
  23. +
  24. The ALLOWRELATED variable in shorewall.conf is no longer + supported. Shorewall 1.4 behavior is the same as 1.3 with ALLOWRELATED=Yes.
    +
    +
  25. +
  26. The icmp.def file has been removed.

  27. -
  28. The icmp.def file has been removed.
    -
    -
  29. -
  30. The 'multi' interface option is no longer supported. -  Shorewall will generate rules for sending packets back out the same interface +
  31. The 'multi' interface option is no longer supported. +  Shorewall will generate rules for sending packets back out the same interface that they arrived on in two cases:
  32. - +
- +
    -
  • There is an explicit policy for the source zone to or - from the destination zone. An explicit policy names both zones and does +
  • There is an explicit policy for the source zone to +or from the destination zone. An explicit policy names both zones and does not use the 'all' reserved word.
  • -
  • There are one or more rules for traffic for the source zone -to or from the destination zone including rules that use the 'all' reserved - word. Exception: if the source zone and destination zone are the same then - the rule must be explicit - it must name the zone in both the SOURCE and +
  • There are one or more rules for traffic for the source zone + to or from the destination zone including rules that use the 'all' reserved + word. Exception: if the source zone and destination zone are the same then + the rule must be explicit - it must name the zone in both the SOURCE and DESTINATION columns.
  • - +
- +
    - +
- Changes for 1.4 include:
- + Changes for 1.4 include:
+
    -
  1. The /etc/shorewall/shorewall.conf file has been completely - reorganized into logical sections.
    -
    -
  2. -
  3. LOG and CONTINUE are now a valid actions for a rule (/etc/shorewall/rules).
    -
    -
  4. -
  5. The firewall script and version file are now installed in - /usr/share/shorewall.
    -
    -
  6. -
  7. Late arriving DNS replies are now silently dropped in the +
  8. The /etc/shorewall/shorewall.conf file has been completely + reorganized into logical sections.
    +
    +
  9. +
  10. LOG and CONTINUE are now a valid actions for a rule (/etc/shorewall/rules).
    +
    +
  11. +
  12. The firewall script and version file are now installed +in /usr/share/shorewall.
    +
    +
  13. +
  14. Late arriving DNS replies are now silently dropped in the common chain by default.
    -
    -
  15. -
  16. In addition to behaving like OLD_PING_HANDLING=No, Shorewall - 1.4 no longer unconditionally accepts outbound ICMP packets. So if you want - to 'ping' from the firewall, you will need the appropriate rule or policy.
    -
    -
  17. -
  18. 802.11b devices with names of the form wlan<n> -now support the 'maclist' option.
    -
    -
  19. - +
    + +
  20. In addition to behaving like OLD_PING_HANDLING=No, Shorewall + 1.4 no longer unconditionally accepts outbound ICMP packets. So if you +want to 'ping' from the firewall, you will need the appropriate rule or +policy.
    +
    +
  21. +
  22. 802.11b devices with names of the form wlan<n> + now support the 'maclist' option.
    +
    +
  23. +
+

- + @@ -322,7 +325,7 @@ now support the 'maclist' option.
- +
    @@ -331,16 +334,16 @@ now support the 'maclist' option.
    - -
- - - - - - - + + + + + + + + +

More News

@@ -354,31 +357,33 @@ now support the 'maclist' option.
- +

- + +

SourceForge Logo -

+ - + +

- +

This site is hosted by the generous folks at SourceForge.net

@@ -386,45 +391,45 @@ now support the 'maclist' option.
- - + +

Donations

-

-
-
+
-
+ - + - + - + - + - + - - + +
+ @@ -434,12 +439,12 @@ now support the 'maclist' option.
- +

-

+

@@ -451,32 +456,32 @@ now support the 'maclist' option.
- -

Shorewall is free -but if you try it and find it useful, please consider making a donation + +

Shorewall is free but +if you try it and find it useful, please consider making a donation to Starlight -Children's Foundation. Thanks!

+ href="http://www.starlight.org">Starlight Children's +Foundation. Thanks!

-
- -

Updated 2/24/2003 - Tom Eastep - -
+ +

Updated 2/28/2003 - Tom Eastep + +