From bba2e84ae9804135c2b3191d6332443d197b734c Mon Sep 17 00:00:00 2001 From: teastep Date: Sat, 18 Nov 2006 17:55:42 +0000 Subject: [PATCH] Update web site for 3.2.6 git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4903 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- web/News.htm | 5 ++++- web/images/leaflogo.jpg | Bin 0 -> 4559 bytes web/shorewall_index.htm | 10 +++++----- 3 files changed, 9 insertions(+), 6 deletions(-) create mode 100644 web/images/leaflogo.jpg diff --git a/web/News.htm b/web/News.htm index f68f23aa1..3ee491771 100644 --- a/web/News.htm +++ b/web/News.htm @@ -20,11 +20,14 @@ Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”.

-

October 28, 2006
+

November 18, 2006

+2006-11-18 Shorewall 3.2.6
+ +
Problems Corrected in 3.2.6.

1)  When using a light-weight shell (e.g., ash) with multiple
providers, the /etc/iproute2/rt_tables database may become corrupted.

2)  A startup error occurred when the LENGTH or TOS column was
    non-empty in /etc/shorewall/tcrules.

3)  A startup error resulted when whitespace as included in LOGFORMAT.

4)  Previously, when conntrack match support was not available, the
    'norfc1918' option on an interface or host group was incorrectly
    filtering IPSEC traffic whose source IP address was reserved by RFC
    1918.

5)  If a DNAT or REDIRECT rule was used where the effective policy
    between the source and final destination zones is ACCEPT, the ACCEPT
    part of the rule was not generated. This was intended as an
    optimizaiton but it could lead to confusing results if there was a
    DROP or REJECT rule following.

    This optimization has been removed. You may always use DNAT- and
    REDIRECT- to suppress generation of the ACCEPT rule.

6)  Shorewall[-lite] previously would return an error exit status to a
    "start" command where Shorewall was already running. It not returns
    a "success" status.

7)  The install.sh scripst have been corrected to work properly when 
    used to create packages on Slackware and Arch Linux.

5)  A change in version 3.2.5 broke Mac Filtration in some
    cases. Result was:

      Setting up MAC Filtration -- Phase 1...
      iptables v1.3.6: policy match: invalid policy `--dir'
      Try `iptables -h' or 'iptables --help' for more information.
      ERROR: Command "/sbin/iptables -A eth1_fwd -s 0.0.0.0/0 -m state 
             --state NEW -m policy --pol --dir in -j eth1_mac" Failed

6)  At VERBOSITY 1 and higher, the 'shorewall add' and 'shorewall
    delete' commands generated a fractured message. The message
    contents depended in the setting of IPSECFILE as follows:

    IPSECFILE=ipsec

        ipsec...

    IPSECFILE=zones

        IPSEC...

    The messages have been corrected and are only produced at VERBOSITY
    2 and higher as follows:

    IPSECFILE=ipsec

        Processing /etc/shorewall/ipsec...

    IPSECFILE=zones

        Processing IPSEC...

7)  Previously, when <action>:none appeared in a rule, the name of the
    action chain created was preceded by "%" and might have a one- or
    two-digit number appended. If both <action> and <action>:none
    appeared, then two chains were created. This has been corrected
    such that <action> and <action>:none are treated identically.

8)  If SAVE_IPSETS=Yes in shorewall.conf, the "shorewall[-lite] save"
    command produced error messages as follows:

       Dynamic Rules Saved
       Currently-running Configuration Saved to /var/lib/shorewall/restore
       grep: /var/lib/shorewall/restore-base: No such file or directory
       grep: /var/lib/shorewall/restore-base: No such file or directory
       Current Ipset Contents Saved to
       /var/lib/shorewall/restore-ipsets

9)  If BRIDGING=No in shorewall.conf, then an attempt to define a zone
    using ipsets fails as follows:

    ERROR: BRIDGING=Yes is needed for this zone definition: z eth0:+iset

Other Changes in 3.2.6.

1)  The "shorewall [re]load" command now supports a "-c" option.

    Example:

        shorewall reload -c gateway

    When -c is given, Shorewall will capture the capabilities of the
    remote system to a file named "capabilities" in the export
    directory before compiling the configuration.

    If the file "capabilities" does not currently exist in the 
    export directory then "-c" is automatically assumed.

2)  If 0 (zero) is specified for the IN-BANDWIDTH in
    /etc/shorewall/tcdevices then no ingress qdisc will be created for
    the device.
2006-10-28 Shorewall 3.2.5
 
Problems Corrected in 3.2.5

1)  Entries such as the following in /etc/shorewall/masq generate a
    run-time error:

           eth0    eth1!192.168.1.12            206.124.146.176

    Omitting the exclusion (!192.168.1.12) avoids the error.

2)  Previously, the 'provider' portion of the packet mark was not being
    cleared after routing for traffic that originates on the firewall
    itself.

3)  In prior releases, it was not possible to mark an outgoing packet
    with a high mark (HIGH_ROUTE_MARKS=Yes) when the packet originated
    on the firewall itself.

4)  The detected capabilities were not displayed by 'shorewall dump'
    when the effective VERBOSITY was less than 2.

Other changes in 3.2.5

1)  For users whose kernel and iptables have Extended MARK Target
    support, it is now possible to logically AND or OR a value into the
    current packet mark by preceding the mark value (and optional mask)
    with an ampersand ("&") or vertical bar ("|") respectively.

    Example: To logically OR the value 4 into the mark value for
    packets from 192.168.1.1:

    #MARK   SOURCE
    |4      192.168.1.1

2)  A new macro (macro.RDP) has been added for Microsoft Remote
    Desktop. This macro was contributed by Tuomo Soini.

3)  A new 'maclog' extension file has been added. This file is
    processed just before logging based on the setting of
    MACLIST_LOG_LEVEL is done. When the script is copyied at compile
    time, the CHAIN variable will contain the name of the chain where
    rules should be inserted. Remember that if you have specified
    MACLIST_TABLE=mangle, then your run_iptables commands should
    include "-t mangle".

4)  Beginning with this release, Shorewall and Shorewall lite will
    share the same change log and release notes.
diff --git a/web/images/leaflogo.jpg b/web/images/leaflogo.jpg new file mode 100644 index 0000000000000000000000000000000000000000..1238bbba30d9d533359b316923234bc3e568f5ea GIT binary patch literal 4559 zcmb7`S5%X0u!es^uhJ0+B@lWMLKOk&lF&m!2~BCzr3wg2?;S!@5Jdt+q<2(A1(7P! zAt1dfh@glRbJ*uB-52}n%y;?DJm1W$S+j;XOf z{!9MnhyRT~mn4|Z$>(Tt@;~~yFB2&lGbD;t_QoEIoTix{xd04V|B*Ng(49lhMJC`X zFnOWbAeXC{M!*>n!t2d}xaFK3tOzD~{VGWArmx7L+;*?9{;%V-#jjiTVl%_uT2e3x zR3Rcm9n~`Ju1RgR#k0%G(B5?|$ziv%ktaXV>jp5dpZvkVUJd-Mdp+ z6E?KN8zhnl{K@6rU$VHzpnP{B@E+Q0<7SunWYoGrgMf>`eM^urCyT3tZU-^ovST0X zY?}eTU}?Qm89%hyIqAcHL866|I9Or+0CtN!sYaDxSfz!c7KtL`PH~7omHowDJ}1P9 ztU}^+{50c#ZEo_-(KO@+@>|))ew~Ua=VP%D(P_h&bKy5S3LD#4);WJTsf`a6ca_L| zsA6Mv6}QR2#lE*xt~e`#Ha#9|-g$eAk9Uxwd=k{?Vm4#`kcst}|Lyf?vthF6#=1J_ zH0>c65`>oXgbSYhw}U97I|X=Y86l`t%lLK@nFzu-m$AxfdMC29_RK)B;d^MUfbaZ7DRlh zBwQt4m{V|LTPfxhE~ITmZKI&c`d1h(7@r#oyRM%lCV>h@ZE1LPWlKu6Hz#=iZ10-E zPPvQu;7lv^(g%=eX@jqkvG{AwyGC&d3|EepJ~P|f;$fa6c-BdKKWekPi?b|MML`e< zuq&zJu@L42ft11{+3TU3$>ug}KiL#>Y~s{J3-A)CyAmYM*8DRzOr9x+zAFJE?m@1e zZk1|KDPwu=Oi~SULfms%rq#m-a>D*4`2w6U=EC=(Ns=$7eO8sKJX!E6$zEZ|5T`9K z`T$#)duEKFR({p^Z0gL2^SjVTiB-}#gD(fYyKU;Y}6cXD;Id>GH=oj3p-Ty z6w>eSTUgtqw}rl(+&-#GCj^H0zRQBm9j1tej#o4FPflXppC`YZvsm9=@EN#1FjLOL z7R=v9*wV%@x05$8=03~B7I*CQ#>;&w(5hKwYuRUxYnf6nV@&r8ZV2&yn@)#-QE^*) zJi4zR+bna(O~Ul%8LBJ?XEXQdtmVtavxrM*d*(L_i0+D!&rwE109rmz+PU&(&V;~M z)UrL3T>fP%wa1$}>Y_YqQ9F-o63d&mi&S5*<;lUM=)@CXJXuofrUV}`s*dp|b>fR4 zY;X%`JSLNq^G?lyc~mydno0sILM6u&I=!p7-O7?4XC|(@`4wWMXzlKfFdflHj0a=9 zZYvU=5o%5r8)r(3x)TaaBW#QzIO``p;a4|^z`zO)U72{la$#PDCVS;IS<7s8v5uIX z-ok;8vK4lpw&ap#u2F>?{SP6yyJDO1gNKc`@C#oPYsFtFqrIlpGvkyME=rgxb|WE7G(tDn_u@8X!x1l zUhwx?4lu_(N6FKdlaAqdqnkwwrWu^Qm;?=)bUrPUpU#zO*Ll0iX6Ie(BJG~bpm;0H zgkQ4UN3GU1a#pZ2v#)gs9(YOlUmq}Sa55c8Lc?40o<_sD-u7EVt9lgcKeM;Uw2g(z z7gJo5E}?Z};PZvQsCLx;tsOB<@q zy!CXfo*lgIwiw?CXvt8on;>TqwyQ6wXl0Mxl_fEyJZsYy{Y@= z`y{9`sQCE9YLTLotODEB7+#&tOX&5svO2u_XgMl6mrcZ3$j;e|%4DjRhZW=8|3I`- z-+FWvXRwYchF*THQrp=@OJBcZT4iu~*brio#s07x#U_+zgG}jHV~sB3N!XZ~YP7I(Rf8nU zx6a6kxS3ayQ{MME-Qc6W5#O&nl4^DX9>WUT&(u)bZ9B{>Ql?$>J>RECO2;{A7Nxw`Ouo5vz`E`bfy%r; zr+~C_!rx835*NHK@L^zH)OD@8FipM1!pguxn&0Eoh9~{WRb`z3*^iZ+d1`mdU5&8T zsGAp~>+$-+i`Bwi(|hggohqS*xt0StjH@1}t(a_ZsFw}t zx7kHC9bIPZ-JE1ew&z2r+(p0@4LP8o^u>>l^z)KkOdh}4ouKM(0)!Sjz zi~0Pm#GwlVNoL^(755E1wYVGd6knZ$fCGJ5m>Walg;|QF3sqR#hdWnH3QZ1rY(G7~ zOoENy5S(I1#HCBaF6kq3U^PBoEUFO*;>C^&gopqxCy@17pLd#z^_qadbf8~wH0gYhe-l2N1kF9yksYCJXZ%z zdxY&-c!eHH;T6A8dI=~b8S)4-pC+?ubS5};GP&Avmu_!Zo)*14`r*4&*K+y(BlJp` ztg9AfW4CP9Sq<4Y(}g6$=iYE*{I3k5VO(YP{;YBQD7AQV+qCy9u=)gS z*DDHYh(LQkwVjKJNXoyYRcKP)$gGw9Xf!Yy zJ4*y^9W48?{XI9T_rupL^bF%*jbi@71J75hqLCs@j)EHE4Y8TynR9o6*Y2Tvs3 zxBtCIRuXUj8Gb3bvT`uTs%Rv)=9R-A5k-1?Z&y!5oP~>m%WnYe5uSKblDmBV8&8Ny-tk>kYn ztRC&!YLe+Sj=j{iay6-d%paqxN=?q#ou5Z(@fpMXhQ60q7wOksZ>|Bc9YAP_VXqm}t8HkJpY!E-Gd5U@XkFN80 zDB2Iow~7rtr?2*aOBleRfF{3hy`bk(9Gl18JSIp3*Ni4K@b+SuOdl1AyY16fy|P!b zVR*4kktAeCT*o)1+O-NtmzFXk^zk3&eKPHx$Zr>2HlKH;~tZ+%~oo=6+2;Ke@elC&MiT!f$17`9{T`?i^u zrMFaWA%Dnm7By`W1Q1Npvu?_#$ef)^Z72H3J_mh}erKN; zpO?(YBP3oyrR=CbJ?gUCXkJd4kQh7ZzR6Kf+!)@JK8i#RLhVhh#mpR=axMV3>B7(c z-PNJGT5{cYJ9u}mM0%=% z-Ij2FcpZZF_7`n6bqO4U83$(w7-a8{J=I@B`4e(^!0|m z=H0$(Wh6uQmm1OxI;p=X&Tj#-Ki`Buw=Xj5>JWtRe8(uS4=#tzn?9{SaHi|*AZLjF zQU!kBJ{c*6Ea5E??b58h7b_>^ob3I@=c;&7G)< z)fy)tm$y#gA!s3$?5MrqWJ%qw)>v+N-RW!WuiGz`>629FuFQbWp5&N>J*_c*G?bE8 zm>@1OzSeZP)7=>2V)wKIPO(}fwtk=2zX&y?5(8Nu#X+TJQp-dg61i$8e*0Gct@&op zVDAF;{>~lWd1qVxw%`V%PEW)5hd&JqFG#O@RWrSnljygtla5aE5)&y?{2k`^ia^?! zXSYTx-xpZaV%qwA20C~X_yLqpBJtUi6~rewDZd=!nly3+|E0{`tH%M#BC!=dR4_wmD@ z4jQc{siSX3M`(CLV*INP;w)dk8ZQbs{WBc2xi9+HZflRas^`0?P*g~=gwfK+B>=KP UT*8IWtUhy0TO|M-I1p$42WA0JbN~PV literal 0 HcmV?d00001 diff --git a/web/shorewall_index.htm b/web/shorewall_index.htm index f94de62f8..955d262a3 100644 --- a/web/shorewall_index.htm +++ b/web/shorewall_index.htm @@ -20,7 +20,7 @@ Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”.

-

2006-10-30

+

2006-11-18

Table of Contents

Introduction @@ -104,17 +104,17 @@ Features page.

Current Shorewall Versions

The current Stable Release version -is  3.2.5
+is  3.2.6

The previous Stable Release version is 3.0.9