From d395e177a14d98722ad9441ff38885120b5509f6 Mon Sep 17 00:00:00 2001 From: teastep Date: Thu, 1 Dec 2005 21:11:23 +0000 Subject: [PATCH] Add upgrade warning to shorewall.conf git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3104 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/shorewall.conf | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/Shorewall/shorewall.conf b/Shorewall/shorewall.conf index 80024510d..f8bf785ea 100755 --- a/Shorewall/shorewall.conf +++ b/Shorewall/shorewall.conf @@ -7,6 +7,45 @@ # This file should be placed in /etc/shorewall # # (c) 1999,2000,2001,2002,2003,2004,2005 - Tom Eastep (teastep@shorewall.net) +# +# >>>>>>>>>>>>> NOTE TO USERS UPGRADING FROM 2.x <<<<<<<<<<<<<<<<<< +# +# Most problems associated with upgrades come from two causes: +# +# - The user didn't read and follow the migration considerations in the +# release notes. +# +# - The user mis-handled the /etc/shorewall/shorewall.conf file during +# upgrade. Shorewall is designed to allow the default behavior of +# the product to evolve over time. To make this possible, the design +# assumes that you will not replace your current shorewall.conf file +# during upgrades. If you feel absolutely compelled to have the latest +# comments and options in your shorewall.conf then you must proceed +# carefully. +# +# The new/changed options in shorewall 3.0 are listed below. If you don't +# want to convert to the new 3.0 format for /etc/shorewall/zones and you +# don't want to replace your current rules that use 2.x builtin actions, +# then if you plan to use the 3.0 shorewall.conf file then you must change +# it as follows: +# +# - SPECFILE +# +# The 3.0 shorewall.conf file has IPSECFILE=zones. You want to +# set it to IPSECFILE=ipsec. This will indicate that your +# /etc/shorewall/zones file is in the pre-3.0 format. +# +# - FW +# +# The 3.0 shorewall.conf file has FW undefined. If you have +# named your firewall zone something other than 'fw' then you +# must set FW accordingly. +# +# - MAPOLDACTIONS +# +# The 3.0 shorewall.conf file has MAPOLDACTIONS=No. You want to +# set it to MAPOLDACTIONS=Yes in order to permit rules that use +# the 2.x builtin actions such as AllowPing to continue to work. ############################################################################### # S T A R T U P E N A B L E D ###############################################################################