Web site updates for 4.2.0

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8748 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-10-05 21:45:05 +00:00
parent 9536dbea1d
commit a5e771c1d8
15 changed files with 64 additions and 112 deletions

View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
<!DOCTYPE appendix PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<appendix id="gfdl">
<title>GNU Free Documentation License</title>

View File

@ -111,7 +111,7 @@ PARAM - - tcp 135,139,445
when you invoke the macro. The SMB macro shown above is parameterized
(note PARAM in the TARGET column).</para>
<para><emphasis role="bold">Shorewall versions prior to 4.1:</emphasis>
<para><emphasis role="bold">Shorewall versions prior to 4.2.0:</emphasis>
When invoking a parameterized macro, you follow the name of the macro with
a slash ("/") and the action that you want to substitute for PARAM.</para>
@ -133,7 +133,7 @@ ACCEPT loc fw udp 1024: 137
ACCEPT loc fw tcp 135,139,445</programlisting>
</blockquote>
<para><emphasis role="bold">Shorewall versions 4.1 and later:</emphasis>
<para><emphasis role="bold">Shorewall versions 4.2.0 and later:</emphasis>
When invoking a parameterized macro, you follow the name of the macro with
the action that you want to substitute for PARAM enclosed in parentheses.
The older syntax described above is still supported but is
@ -186,7 +186,7 @@ PARAM - loc tcp 25</programlisting>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
SMTP/DNAT:info net 192.168.1.5</programlisting>
<para>/etc/shorewall/rules (Shorewall 4.1 and later):</para>
<para>/etc/shorewall/rules (Shorewall 4.2.0 and later):</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
SMTP(DNAT):info net 192.168.1.5</programlisting>
@ -211,7 +211,7 @@ PARAM - 192.168.1.5 tcp 25</programlisting>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
SMTP/DNAT:info net loc</programlisting>
<para>/etc/shorewall/rules (Shorewall 4.1 and later)</para>
<para>/etc/shorewall/rules (Shorewall 4.2.0 and later)</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
SMTP(DNAT):info net loc</programlisting>
@ -251,7 +251,7 @@ PARAM DEST SOURCE tcp 135,139,445
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
SMBBI/ACCEPT loc fw</programlisting>
<para>/etc/shorewall/rules (Shorewall 4.1 and later):</para>
<para>/etc/shorewall/rules (Shorewall 4.2.0 and later):</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
SMBBI(ACCEPT) loc fw</programlisting>

View File

@ -5,7 +5,7 @@
<!--$Id: template.xml 5908 2007-04-12 23:04:36Z teastep $-->
<articleinfo>
<title>Shorewall 4.0 Manpages</title>
<title>Shorewall 4.2 Manpages</title>
<authorgroup>
<author>
@ -20,6 +20,8 @@
<copyright>
<year>2007</year>
<year>2008</year>
<holder>Thomas M. Eastep</holder>
</copyright>

View File

@ -26,6 +26,8 @@
<year>2007</year>
<year>2008</year>
<holder>Thomas M. Eastep</holder>
</copyright>
@ -134,39 +136,7 @@
</listitem>
</orderedlist>
<para>We are currently waiving the two major release rule and are
supporting three major releases — the currently-supported major releases
are 3.2.x, 3.4.x and 4.0.x.</para>
</section>
<section id="Old">
<title>Old Release Model</title>
<para>This release model described above was adopted on 2004-07-03 and
modified 2004-07-21. Prior to 2004-07-03, a different release model was
followed. Highlights of that model were:</para>
<orderedlist>
<listitem>
<para>Releases were numbered in a manner similar to the current
release model.</para>
</listitem>
<listitem>
<para>Major new functionality was added in minor releases of the
current major release. There was no concept of Stable vs Development
major releases.</para>
</listitem>
<listitem>
<para>Bug fix only releases were always against the last minor release
of a major release and had identifications of the form
<emphasis>x.y.zX</emphasis> (e.g., 2.0.3c) where
<emphasis>X</emphasis>=1,b,c,... . Consequently, if a user required a
bug fix but was not running the last minor release of the associated
major release then it might be necessary to accept major new
functionality along with the bug fix.</para>
</listitem>
</orderedlist>
<para>The currently-supported major releases are and 4.0.x. and
4.2.x.</para>
</section>
</article>

View File

@ -306,15 +306,23 @@
</row>
<row>
<entry valign="middle">Shorewall-common 4.0.9-4.0.12</entry>
<entry valign="middle">Shorewall-common 4.0.9-4.0.14</entry>
<entry>Shorewall-shell 4.0.5 - 4.0.12</entry>
<entry>Shorewall-shell 4.0.5 - 4.0.14</entry>
<entry>Shorewall-perl 4.0.5 - 4.0.12<footnote>
<entry>Shorewall-perl 4.0.5 - 4.0.14<footnote>
<para>Shorewall-perl 4.0.6 and later require Shorewall-lite
4.0.6 or later</para>
</footnote></entry>
</row>
<row>
<entry valign="middle">Shorewall-common 4.2.0</entry>
<entry>Shorewall-shell 4.2.0</entry>
<entry>Shorewall-perl 4.2.0</entry>
</row>
</tbody>
</tgroup>
</informaltable>

View File

@ -157,10 +157,10 @@
<para>With the shell-based compiler, extension scripts were copied
into the compiled script and executed at run-time. In many cases,
this approach doesn't work with Shorewall Perl because (almost) the
entire rule set is built by the compiler. As a result, Shorewall-perl
runs some extension scripts at compile-time rather than at run-time.
Because the compiler is written in Perl, your extension scripts from
earlier versions will no longer work.</para>
entire rule set is built by the compiler. As a result,
Shorewall-perl runs some extension scripts at compile-time rather
than at run-time. Because the compiler is written in Perl, your
extension scripts from earlier versions will no longer work.</para>
<para>The following table summarizes when the various extension
scripts are run:<informaltable frame="all">
@ -381,8 +381,8 @@ insert_rule $filter_table-&gt;{OUTPUT}, 1, "-p udp --sport 1701 -j ACCEPT";
<listitem>
<para>Your ipsets must be loaded before Shorewall starts. You
are free to try to do that with the following code in
<filename>/etc/shorewall/start (it works for me; your mileage may
vary)</filename>:</para>
<filename>/etc/shorewall/start (it works for me; your mileage
may vary)</filename>:</para>
<programlisting>if [ "$COMMAND" = start ]; then
ipset -U :all: :all:
@ -437,8 +437,8 @@ fi</programlisting>
</listitem>
<listitem>
<para>DELAYBLACKLISTLOAD=Yes is not supported. The entire rule set is
atomically loaded with one execution of
<para>DELAYBLACKLISTLOAD=Yes is not supported. The entire rule set
is atomically loaded with one execution of
<command>iptables-restore</command>.</para>
</listitem>
@ -689,7 +689,7 @@ ACCEPT loc:eth0:192.168.1.3,eth0:192.168.1.5 $fw tcp 22</programlisting>
role="bold">--log</emphasis>=&lt;logfile&gt;</member>
</simplelist></para>
<para>Added in Shorewall 4.1. If given, compiler will log to this file
<para>Added in Shorewall 4.2. If given, compiler will log to this file
provider that --log_verbosity is &gt; -1.<simplelist>
<member><emphasis
role="bold">--log_verbosity</emphasis>=-1|0|1|2</member>
@ -792,7 +792,7 @@ set +a
</section>
<section>
<title>Shorewall 4.1 and Later</title>
<title>Shorewall 4.2 and Later</title>
<para>To avoid a proliferation of parameters to
Shorewall::Compiler::compile(), that function has been changed to use

View File

@ -193,7 +193,7 @@
<para><filename>/etc/shorewall/tcdevices</filename>,
<filename>/etc/shorewall/tcclasses</filename>,
<filename>/etc/shorewall/tcfilters</filename> (tcfilters added in
Shorewall 4.1.6) - Define traffic shaping.</para>
Shorewall 4.2.0) - Define traffic shaping.</para>
</listitem>
<listitem>
@ -299,7 +299,7 @@ ACCEPT net $FW tcp www #This is an end-of-line comment</progra
<listitem>
<para>Macro definition files (/etc/shorewall/macro.*) — Added in
Shorewall-perl 4.1. They are ignored by Shorewall-shell 4.1 and
Shorewall-perl 4.2.0. They are ignored by Shorewall-shell 4.1 and
later.</para>
</listitem>
</itemizedlist>
@ -589,8 +589,8 @@ use Shorewall::Config qw/shorewall/;</programlisting>
appear. When a DNS name appears in a rule, the iptables utility resolves
the name to one or more IP addresses and inserts those addresses into the
rule. So changes in the DNS-&gt;IP address relationship that occur after
the firewall has started have absolutely no effect on the firewall's
rule set.</para>
the firewall has started have absolutely no effect on the firewall's rule
set.</para>
<para>If your firewall rules include DNS names then:</para>

View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<article id="standalone">
<!--$Id$-->

View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<article id="usefull_links">
<!--$Id$-->

View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- $Id$ -->
<article id="two-interface">
<articleinfo>

View File

@ -125,7 +125,7 @@ case $1 in
shellrpm=shorewall-shell-${1%-*}-0${1#*-}.noarch.rpm
BASE=Yes
;;
4.0.*.*)
4.[02].*.*)
BASEVERSION=${1%.*}
PATCHNUM=${1##*.}
DEST="/srv/ftp/pub/shorewall/${BASEVERSION%.*}/shorewall-${BASEVERSION}"
@ -135,7 +135,7 @@ case $1 in
perlrpm=shorewall-perl-${BASEVERSION}-${PATCHNUM}.noarch.rpm
shellrpm=shorewall-shell-${BASEVERSION}-${PATCHNUM}.noarch.rpm
;;
4.0.*)
4.[02].*)
DEST="/srv/ftp/pub/shorewall/${1%.*}/shorewall-$1"
SHOREWALL=shorewall-common
rpm=shorewall-common-${1}-0base.noarch.rpm
@ -144,25 +144,6 @@ case $1 in
shellrpm=shorewall-shell-${1}-0base.noarch.rpm
BASE=Yes
;;
4.[12].*.*)
BASEVERSION=${1%.*}
PATCHNUM=${1##*.}
DEST="/srv/ftp/pub/shorewall/development/${BASEVERSION%.*}/shorewall-${BASEVERSION}"
SHOREWALL=shorewall-common
rpm=shorewall-common-${BASEVERSION}-${PATCHNUM}.noarch.rpm
literpm=shorewall-lite-${BASEVERSION}-${PATCHNUM}.noarch.rpm
perlrpm=shorewall-perl-${BASEVERSION}-${PATCHNUM}.noarch.rpm
shellrpm=shorewall-shell-${BASEVERSION}-${PATCHNUM}.noarch.rpm
;;
4.[12].*)
DEST="/srv/ftp/pub/shorewall/development/${1%.*}/shorewall-$1"
SHOREWALL=shorewall-common
rpm=shorewall-common-${1}-0base.noarch.rpm
literpm=shorewall-lite-${1}-0base.noarch.rpm
perlrpm=shorewall-perl-${1}-0base.noarch.rpm
shellrpm=shorewall-shell-${1}-0base.noarch.rpm
BASE=Yes
;;
3.*[13579].*)
DEST="/srv/ftp/pub/shorewall/development/${1%.*}/shorewall-$1"
rpm=shorewall-${1}-1.noarch.rpm

View File

@ -21,7 +21,7 @@ license is included in the section entitled “<span class="quote"><a
href="GnuCopyright.htm" target="_self">GNU Free Documentation
License</a></span>”.<br>
</p>
<p>2007-08-01<br>
<p>2008-10-05<br>
</p>
<hr style="width: 100%; height: 2px;"> <strong></strong>
<ul>
@ -50,7 +50,8 @@ Beginner HOWTOs <br>
released with Shorewall 3.4.0 and later <br>
<br>
<a href="/3.0/manpages/Manpages.html">Shorewall 3.x</a><br>
<a href="Manpages.html">Shorewall 4.x</a><br>
<a href="/4.0/Manpages.html">Shorewall 4.0</a><br>
<a href="Manpages.html">Shorewall 4.2</a><br>
<br>
</li>
<li><a href="shorewall_features.htm">Shorewall <span

View File

@ -26,9 +26,11 @@ license is included in the section entitled <span
href="GnuCopyright.htm" target="_self">GNU Free Documentation
License</a></span>".
</p>
<p>March 29, 2008<br>
<p>October 05, 2008<br>
</p>
<hr style="width: 100%; height: 2px;">
<p><strong>2006-10-05 Shorewall 4.2.0</strong></p>
<pre><strong>Release Highlights.<br><br>1) Support is included for multiple internet providers through the same<br> ethernet interface.<br><br>2) Support for NFLOG has been added.<br><br>3) Enhanced operational logging.<br><br>4) The tarball installers now work under Cygwin.<br><br>5) Shorewall-perl now supports IFB devices which allow traffic shaping of<br> incoming traffic.<br><br>6) Shorewall-perl supports definition of u32 traffic classification<br> filters.<br></strong></pre>
<p><strong>2008-03-29 Shorewall 4.0.10</strong></p>
<p><strong></strong></p>
<pre>Problems corrected in Shorewall-perl 4.0.10.<br><br>1)&nbsp; Shorewall-perl 4.0.9 erroneously reported an error message when a<br>&nbsp;&nbsp;&nbsp; bridge port was defined in /etc/shorewall/interfaces:<br><br>&nbsp;&nbsp;&nbsp;&nbsp; ERROR: Your iptables is not recent enough to support bridge ports<br><br>2)&nbsp; Under Shorewall-perl, if an empty action was invoked or was named<br>&nbsp;&nbsp;&nbsp; in one of the DEFAULT_xxx options in shorewall.conf, an<br>&nbsp;&nbsp;&nbsp; iptables-restore error occured.<br><br>3)&nbsp; If $ADMIN was empty, then the rule:<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ACCEPT loc:$ADMIN all<br><br>&nbsp;&nbsp;&nbsp;&nbsp; became<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ACCEPT loc&nbsp;&nbsp; net<br><br>&nbsp;&nbsp;&nbsp;&nbsp; It is now flagged as an error.<br><br>4)&nbsp; Previously, Shorewall-perl would reject an IP address range in the<br>&nbsp;&nbsp;&nbsp; ecn and routestopped files.<br><br>5)&nbsp; A POLICY of ":" in /etc/shorewall/policy would produce Perl<br>&nbsp;&nbsp;&nbsp; run-time errors.<br><br>6)&nbsp; An INTERFACE of ":" in /etc/shorewall/interfaces would produce Perl<br>&nbsp;&nbsp;&nbsp; run-time errors.<br><br>7)&nbsp; A MARK of ":" in /etc/shorewall/tcrules would produce Perl<br>&nbsp;&nbsp;&nbsp; run-time errors.<br><br>Problems corrected in Shorewall-shell 4.0.10.<br><br>1)&nbsp; Specifying a value for ACCEPT_DEFAULT or QUEUE_DEFAULT resulted in<br>&nbsp;&nbsp;&nbsp; a fatal error at compile time.<br><br>Known Problems Remaining.<br><br>1)&nbsp; The 'refresh' command doesn't refresh the mangle table. So changes<br>&nbsp;&nbsp;&nbsp; made to /etc/shorewall/providers and/or /etc/shorewall/tcrules may<br>&nbsp;&nbsp;&nbsp; not be reflected in the running ruleset.<br><br>Other changes in 4.0.10.<br><br>1)&nbsp; The Sample configurations have been updated to set<br>&nbsp;&nbsp;&nbsp; LOG_MARTIANS=keep. In 4.2, this will be changed to<br>&nbsp;&nbsp;&nbsp; LOG_MARTIANS=Yes.<br><br>2)&nbsp; Shorewall-perl now generates a fatal error if a non-existant shell<br>&nbsp;&nbsp;&nbsp; variable is used in any configuration file (except<br>&nbsp;&nbsp;&nbsp; /etc/shorewall/params).<br><br>3)&nbsp; Shorewall-perl now supports an 'l2tp' tunnel type. It opens UDP<br>&nbsp;&nbsp;&nbsp; port 1701 in both directions and assumes that the source port will<br>&nbsp;&nbsp;&nbsp; also be 1701. Some implementations (particularly OS X) use a<br>&nbsp;&nbsp;&nbsp; different source port. In that case, you should use<br>&nbsp;&nbsp;&nbsp; 'generic:udp:1701' rather than 'l2tp'.<br></pre>

View File

@ -23,7 +23,7 @@ Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of
the
license is included in the section entitled “<a href="GnuCopyright.htm"
target="_self">GNU Free Documentation License</a>”.</p>
<p>2008-07-25 </p>
<p>2008-10-05 </p>
<hr>
<h2>Table of Contents</h2>
<p><b><a href="#Which">Package Information</a><br>
@ -45,11 +45,11 @@ Release
Series:</b></font></p>
<ul>
<li>
<p style="margin-bottom: 0in;">The STABLE release series is 4.0.
<p style="margin-bottom: 0in;">The STABLE release series is 4.2.
Choose this release if you value stability and good documentation.</p>
</li>
<li>
<p>The DEVELOPMENT release series is the 4.2 release candidates
<p>The DEVELOPMENT release series is the 4.3 release candidates
(found in the
'development' directory). Choose this release if you are <strong>very
experienced</strong> <strong>user</strong> and you are willing to help

View File

@ -22,7 +22,7 @@ the
license is included in the section entitled <span
style="text-decoration: underline;">"</span><a href="GnuCopyright.htm"
target="_self">GNU Free Documentation License</a>".</p>
<p>2008-09-27</p>
<p>2008-10-05</p>
<hr style="width: 100%; height: 2px;">
<h2>Table of Contents</h2>
<p style="margin-bottom: 0in; margin-left: 0.42in;"><a href="#Intro">Introduction
@ -121,17 +121,17 @@ Features page</a>.<br>
</p>
<h3><a name="Releases"></a>Current Shorewall Releases</h3>
<p style="margin-left: 40px;">The <span style="font-weight: bold;">current
Stable Release</span> version is 4.0.14<br>
Stable Release</span> version is 4.2.0<br>
</p>
<ul style="margin-left: 40px;">
<li>Here are the <a
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.14/releasenotes.txt">release
href="http://www1.shorewall.net/pub/shorewall/4.2/shorewall-4.2.0/releasenotes.txt">release
notes</a> <br>
</li>
<li>Here are the <a
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.14/known_problems.txt">known
href="http://www1.shorewall.net/pub/shorewall/4.2/shorewall-4.2.0/known_problems.txt">known
problems</a> and <a
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.14/errata/">updates</a>.
href="http://www1.shorewall.net/pub/shorewall/4.2/shorewall-4.2.0/errata/">updates</a>.
<p>Read more about the <a href="Shorewall-4.html">Release here</a>.<br>
</p>
</li>
@ -139,28 +139,16 @@ problems</a> and <a
<div style="margin-left: 40px;">
The <span style="font-weight: bold;">previous Stable Release</span>
version
is 3.4.8<br>
is 4.0.14<br>
<ul>
<li>Here are the <a
href="http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.8/releasenotes.txt">release
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.14/releasenotes.txt">release
notes</a> <br>
</li>
<li>Here are the <a
href="http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.8/known_problems.txt">known
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.14/known_problems.txt">known
problems</a> and <a
href="http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.8/errata/">updates</a>.</li>
</ul>
The <span style="font-weight: bold;">current Development Release</span>
is
4.2.0-RC4.
<ul>
<li>Here are the <a
href="http://www1.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.0-RC4/releasenotes.txt">release
notes</a> </li>
<li>Here are the <a
href="http://www1.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.0-RC4/known_problems.txt">known
problems</a> and <a
href="http://www1.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.0-RC4/errata/">updates</a>.</li>
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.14/errata/">updates</a>.</li>
</ul>
</div>
<div style="margin-left: 40px;">