From 8180f45382530a809b7a71289cfb1db41d0d2e76 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 14 Sep 2009 08:29:49 -0700 Subject: [PATCH] Add footnotes for non-Debian users --- docs/LennyToSqueeze.xml | 45 ++++++++++++++++++++++++++++++++--------- 1 file changed, 35 insertions(+), 10 deletions(-) diff --git a/docs/LennyToSqueeze.xml b/docs/LennyToSqueeze.xml index cc98129e5..402209338 100644 --- a/docs/LennyToSqueeze.xml +++ b/docs/LennyToSqueeze.xml @@ -47,7 +47,8 @@ Although this article is targeted specifically at Lenny -> Squeeze upgrades, it should be useful to any Shorewall-shell user - upgrading to Shorewall 4.4.x. + upgrading to Shorewall 4.4.x. Footnotes are used to flag areas where + non-Debian users may experience different results. @@ -55,7 +56,12 @@ Packaging Differences The first key difference between Shorewall 4.0 and Shorewall 4.4 is - in the packaging. In Lenny, there are six Shorewall packages: + in the packaging + Most distributions use a similar packaging structure. Note, + however, that the 'shorewall' package in Simon Mater's RPMs for + RedHat/Fedora/CentOS is like the Debian shorewall-common + package. + . In Lenny, there are six Shorewall packages: @@ -151,9 +157,17 @@ Squeeze does not include the shell-based configuration compiler. As a consequence, unless you are already using Shorewall-perl on Lenny, an upgrade from Lenny to Squeeze will mean that you will be switching from - the old shell-based compiler to the new Perl-based compiler. While the two - compilers are highly compatible, there are some differences. Those - differences are detailed in the following sections. + the old shell-based compiler to the new Perl-based compiler + Note that Perl is a required package on Debian. If you are + running an embedded distribution which does not include Perl and it is + not feasible to install Perl on your firewall, then you should + consider installing Shorewall on another system in your network (may + be a Windows system running + Cygwin) and installing Shorewall-lite on your + firewall. + . While the two compilers are highly compatible, there are + some differences. Those differences are detailed in the following + sections.
@@ -206,10 +220,17 @@ by Shorewall 4.4.x You should not be receiving this error if you are upgrading - from Lenny since BRIDGING=Yes did not work in that release. If you - have a bridge configuration where you want to control connections - through the bridge, you will want to visit http://www.shorewall.net/bridge-Shorewall-perl.html. + from Lenny since BRIDGING=Yes did not work in that + release + If you are upgrading from a release using a kernel + earlier than 2.6.20, then BRIDGING=Yes did work correctly with + Shorewall-shell. + . If you have a bridge configuration where you want + to control connections through the bridge, you will want to visit + http://www.shorewall.net/bridge-Shorewall-perl.html + Kernel 2.6.20 or later is required. + . @@ -450,7 +471,11 @@ ipsec2 ipv4 The BROADCAST column is essentially unused in Squeeze. If it contains anything except 'detect' or '-', then you will receive this - warning: + warning + Users whose kernel and/or iptables do not include Address Type + Match Support can continue to list broadcast addresses in this + column; no warning will be issued. + :
WARNING: Shorewall no longer uses