extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-17 11:51:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update the release file

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5704 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-03-26 20:46:38 +00:00
parent 9fcba863fe
commit c3dc47460e
1 changed files with 23 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
New/releasenotes.txt
View File

@ -51,7 +51,7 @@ a) The Perl-based compiler requires the following capabilities in your
These capabilities are in current distributions. These capabilities are in current distributions.
The Bourne-shell compiler goes to great pain (in some cases) to b) The Bourne-shell compiler goes to great pain (in some cases) to
break very long port lists ( > 15 where port ranges in lists count break very long port lists ( > 15 where port ranges in lists count
as two ports) into individual rules. I'm removing the ugliness as two ports) into individual rules. I'm removing the ugliness
required to do that (at least initially). The new compiler just required to do that (at least initially). The new compiler just
@ -61,19 +61,19 @@ a) The Perl-based compiler requires the following capabilities in your
port lists, I see no reason to duplicate those features in port lists, I see no reason to duplicate those features in
Shorewall. Shorewall.
b) BRIDGING=Yes is not supported. The kernel code necessary to c) BRIDGING=Yes is not supported. The kernel code necessary to
support this option was removed in Linux kernel 2.6.20. support this option was removed in Linux kernel 2.6.20.
c) The BROADCAST column in the interfaces file is essentailly unused; d) The BROADCAST column in the interfaces file is essentailly unused;
if you enter anything in this column but '-' or 'detect', you will if you enter anything in this column but '-' or 'detect', you will
receive a warning. receive a warning.
d) Because the compiler is now written in Perl, your compile-time e) Because the compiler is now written in Perl, your compile-time
extension scripts from earlier versions will no longer work. extension scripts from earlier versions will no longer work.
e) The 'refresh' command is now synonamous with 'restart'. f) The 'refresh' command is now synonamous with 'restart'.
f) Some run-time extension scripts are no longer supported because they g) Some run-time extension scripts are no longer supported because they
make no sense (iptables-restore instantiates the new configuration make no sense (iptables-restore instantiates the new configuration
atomically). atomically).
@ -83,7 +83,7 @@ f) Some run-time extension scripts are no longer supported because they
refresh refresh
refreshed refreshed
g) The /etc/shorewall/tos file now has a format similar to the tcrules. h) The /etc/shorewall/tos file now has a format similar to the tcrules.
The SOURCE column may be one of the following: The SOURCE column may be one of the following:
@ -95,11 +95,13 @@ g) The /etc/shorewall/tos file now has a format similar to the tcrules.
[all:]<address>[,...] [all:]<address>[,...]
[all:]<interface>[:<address>[,...]] [all:]<interface>[:<address>[,...]]
h) Currently, support for ipsets is untested. That will change with i) Currently, support for ipsets is untested. That will change with
future releases but one thing is certain -- Shorewall is now out of the future releases but one thing is certain -- Shorewall is now out of the
ipset load/reload business. If the Netfilter ruleset is never cleared, ipset load/reload business. With scripts generated by the Perl-based
then there is no opportunity for Shorewall to load/reload your Compiler, the Netfilter ruleset is never cleared. That means that
ipsets. there is no opportunity for Shorewall to load/reload your ipsets
since that cannot be done while there are any current rules using
your ipsets.
So: So:
@ -118,19 +120,15 @@ h) Currently, support for ipsets is untested. That will change with
Installation Installation
------------ ------------
1) Unpack the tarball. Either
$ tar -jxf shorewall-pl-3.9.0-1.tar.bz2 $ tar -jxf shorewall-pl-3.9.0.tar.bz2
$ pwd $ cd shorewall-pl-3.9.0
/home/teastep/shorewall/ $ ./install.sh
$ ls
shorewall-pl-3.9.0/
$
2) As root, create a symbolic link to the directory containing the unpacked or
files.
$ ln -sf /home/teastep/shorewall/ /usr/share/shorewall-pl $ rpm -ivh shoreawll-pl-3.9.0-1.noarch.rpm
Using the New compiler Using the New compiler
---------------------- ----------------------
@ -141,7 +139,10 @@ There is one change in Shorewall operation that is triggered when
/usr/share/shorewall-pl exists and is either a directory or a symbolic /usr/share/shorewall-pl exists and is either a directory or a symbolic
link that points to a directory: Your params file will be processed link that points to a directory: Your params file will be processed
with the shell's '-a' option set which will automatically export any with the shell's '-a' option set which will automatically export any
variables that you set or create. variables that you set or create in that file. Since the params file is
processed before shorewall.conf, using the -a option assures that the
settings of your params variables are available to the new compiler
should it be used.
To actually use the new compiler, add this to shorewall.conf: To actually use the new compiler, add this to shorewall.conf: