mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 06:38:53 +01:00
Shorewall 1.4.10
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1101 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
b222c76e33
commit
f201d06f6e
@ -18,9 +18,246 @@ Texts. A copy of the license is included in the section entitled “<span
|
||||
class="quote"><a href="GnuCopyright.htm" target="_self">GNU Free
|
||||
Documentation License</a></span>”.<br>
|
||||
</p>
|
||||
<p>2004-01-13<br>
|
||||
<p>2004-01-30<br>
|
||||
</p>
|
||||
<hr style="width: 100%; height: 2px;">
|
||||
<p><b>1/30/2004 - Shorewall 1.4.10</b></p>
|
||||
<p>Problems Corrected since version 1.4.9</p>
|
||||
<ol>
|
||||
<li>The column descriptions in the action.template file did not
|
||||
match the column headings. That has been corrected.</li>
|
||||
<li>The presence of IPV6 addresses on devices generated error
|
||||
messages during [re]start if ADD_IP_ALIASES=Yes or ADD_SNAT_ALIASES=Yes
|
||||
are specified in /etc/shorewall/shorewall.conf. These messages have
|
||||
been eliminated.</li>
|
||||
<li value="3">The CONTINUE action in /etc/shorewall/rules now
|
||||
works
|
||||
correctly. A couple of problems involving rate limiting have been
|
||||
corrected. These bug fixes courtesy of Steven Jan Springl.</li>
|
||||
<li>Shorewall now tried to avoid sending an ICMP response to
|
||||
broadcasts and smurfs.</li>
|
||||
<li>Specifying "-" or "all" in the PROTO column of an action no
|
||||
longer causes a startup error. </li>
|
||||
</ol>
|
||||
Migragion Issues:<br>
|
||||
<br>
|
||||
None.<br>
|
||||
<br>
|
||||
New Features:<br>
|
||||
<ol>
|
||||
<li>The INTERFACE column in the /etc/shorewall/masq file may
|
||||
now specify a destination list. <br>
|
||||
<br>
|
||||
Example:<br>
|
||||
<br>
|
||||
#INTERFACE
|
||||
SUBNET ADDRESS<br>
|
||||
eth0:192.0.2.3,192.0.2.16/28 eth1<br>
|
||||
<br>
|
||||
If the list begins with "!" then SNAT will occur only if the
|
||||
destination IP address is NOT included in the list.<br>
|
||||
<br>
|
||||
</li>
|
||||
<li>Output traffic control rules (those with the firewall as
|
||||
the
|
||||
source) may now be qualified by the effective userid and/or effective
|
||||
group id of the program generating the output. This feature is courtesy
|
||||
of Frédéric LESPEZ.<br>
|
||||
<br>
|
||||
A new USER column has been added to /etc/shorewall/tcrules. It may
|
||||
contain :<br>
|
||||
<br>
|
||||
[<user name or number>]:[<group
|
||||
name or number>]<br>
|
||||
<br>
|
||||
The colon is optionnal when specifying only a user.<br>
|
||||
<br>
|
||||
Examples : john: / john / :users /
|
||||
john:users<br>
|
||||
<br>
|
||||
</li>
|
||||
<li>A "detectnets" interface option has been added for entries
|
||||
in
|
||||
/etc/shorewall/interfaces. This option automatically taylors the
|
||||
definition of the zone named in the ZONE column to include just
|
||||
those
|
||||
hosts that have routes through the interface named in the INTERFACE
|
||||
column. The named interface must be UP when Shorewall is [re]started.<br>
|
||||
<br>
|
||||
WARNING: DO NOT SET THIS OPTION ON YOUR INTERNET INTERFACE!
|
||||
</li>
|
||||
</ol>
|
||||
<p><b>1/27/2004 - Shorewall 1.4.10 RC3</b></p>
|
||||
<p><a href="http://shorewall.net/pub/shorewall/Beta">http://shorewall.net/pub/shorewall/Beta</a><br>
|
||||
<a href="ftp://shorewall.net/pub/shorewall/Beta" target="_top">ftp://shorewall.net/pub/shorewall/Beta</a><br>
|
||||
</p>
|
||||
<p>Problems Corrected since version 1.4.9</p>
|
||||
<ol>
|
||||
<li>The column descriptions in the action.template file did not
|
||||
match the column headings. That has been corrected.</li>
|
||||
<li>The presence of IPV6 addresses on devices generated error
|
||||
messages during [re]start if ADD_IP_ALIASES=Yes or ADD_SNAT_ALIASES=Yes
|
||||
are specified in /etc/shorewall/shorewall.conf. These messages have
|
||||
been eliminated.</li>
|
||||
<li value="3">The CONTINUE action in /etc/shorewall/rules now works
|
||||
correctly. A couple of problems involving rate limiting have been
|
||||
corrected. These bug fixes courtesy of Steven Jan Springl.</li>
|
||||
<li>Shorewall now tried to avoid sending an ICMP response to
|
||||
broadcasts and smurfs.<br>
|
||||
</li>
|
||||
</ol>
|
||||
Migragion Issues:<br>
|
||||
<br>
|
||||
None.<br>
|
||||
<br>
|
||||
New Features:<br>
|
||||
<ol>
|
||||
<li>The INTERFACE column in the /etc/shorewall/masq file may
|
||||
now specify a destination list. <br>
|
||||
<br>
|
||||
Example:<br>
|
||||
<br>
|
||||
#INTERFACE
|
||||
SUBNET ADDRESS<br>
|
||||
eth0:192.0.2.3,192.0.2.16/28 eth1<br>
|
||||
<br>
|
||||
If the list begins with "!" then SNAT will occur only if the
|
||||
destination IP address is NOT included in the list.<br>
|
||||
<br>
|
||||
</li>
|
||||
<li>Output traffic control rules (those with the firewall as
|
||||
the
|
||||
source) may now be qualified by the effective userid and/or effective
|
||||
group id of the program generating the output. This feature is courtesy
|
||||
of Frédéric LESPEZ.<br>
|
||||
<br>
|
||||
A new USER column has been added to /etc/shorewall/tcrules. It may
|
||||
contain :<br>
|
||||
<br>
|
||||
[<user name or number>]:[<group
|
||||
name or number>]<br>
|
||||
<br>
|
||||
The colon is optionnal when specifying only a user.<br>
|
||||
<br>
|
||||
Examples : john: / john / :users /
|
||||
john:users<br>
|
||||
<br>
|
||||
</li>
|
||||
<li>A "detectnets" interface option has been added for entries
|
||||
in
|
||||
/etc/shorewall/interfaces. This option automatically taylors the
|
||||
definition of the zone named in the ZONE column to include just
|
||||
those
|
||||
hosts that have routes through the interface named in the INTERFACE
|
||||
column. The named interface must be UP when Shorewall is [re]started.<br>
|
||||
<br>
|
||||
WARNING: DO NOT SET THIS OPTION ON YOUR INTERNET INTERFACE!
|
||||
</li>
|
||||
</ol>
|
||||
<p><b>1/24/2004 - Shorewall 1.4.10 RC2</b><b> </b></p>
|
||||
<p><a href="http://shorewall.net/pub/shorewall/Beta">http://shorewall.net/pub/shorewall/Beta</a><br>
|
||||
<a href="ftp://shorewall.net/pub/shorewall/Beta" target="_top">ftp://shorewall.net/pub/shorewall/Beta</a><br>
|
||||
</p>
|
||||
<p>Problems Corrected since version 1.4.9</p>
|
||||
<ol>
|
||||
<li>The column descriptions in the action.template file did not
|
||||
match the column headings. That has been corrected.</li>
|
||||
<li>The presence of IPV6 addresses on devices generated error
|
||||
messages during [re]start if ADD_IP_ALIASES=Yes or ADD_SNAT_ALIASES=Yes
|
||||
are specified in /etc/shorewall/shorewall.conf. These messages have
|
||||
been eliminated.</li>
|
||||
</ol>
|
||||
Migragion Issues:<br>
|
||||
<br>
|
||||
None.<br>
|
||||
<br>
|
||||
New Features:<br>
|
||||
<ol>
|
||||
<li>The INTERFACE column in the /etc/shorewall/masq file may
|
||||
now specify a destination list. <br>
|
||||
<br>
|
||||
Example:<br>
|
||||
<br>
|
||||
#INTERFACE
|
||||
SUBNET ADDRESS<br>
|
||||
eth0:192.0.2.3,192.0.2.16/28 eth1<br>
|
||||
<br>
|
||||
If the list begins with "!" then SNAT will occur only if the
|
||||
destination IP address is NOT included in the list.<br>
|
||||
<br>
|
||||
</li>
|
||||
<li>Output traffic control rules (those with the firewall as
|
||||
the source) may now be qualified by the effective userid and/or
|
||||
effective group id of the program generating the output. This feature
|
||||
is courtesy of Frédéric LESPEZ.<br>
|
||||
<br>
|
||||
A new USER column has been added to /etc/shorewall/tcrules. It may
|
||||
contain :<br>
|
||||
<br>
|
||||
[<user name or number>]:[<group
|
||||
name or number>]<br>
|
||||
<br>
|
||||
The colon is optionnal when specifying only a user.<br>
|
||||
<br>
|
||||
Examples : john: / john / :users /
|
||||
john:users<br>
|
||||
<br>
|
||||
</li>
|
||||
<li>A "detectnets" interface option has been added for entries in
|
||||
/etc/shorewall/interfaces. This option automatically taylors the
|
||||
definition of the zone named in the ZONE column to include just
|
||||
those
|
||||
hosts that have routes through the interface named in the INTERFACE
|
||||
column. The named interface must be UP when Shorewall is [re]started.<br>
|
||||
<br>
|
||||
WARNING: DO NOT SET THIS OPTION ON YOUR INTERNET INTERFACE! </li>
|
||||
</ol>
|
||||
<p><b>1/22/2004 - Shorewall 1.4.10 RC1</b><b> </b></p>
|
||||
<p>Problems Corrected since version 1.4.9</p>
|
||||
<ol>
|
||||
<li>The column descriptions in the action.template file did not match
|
||||
the column headings. That has been corrected.</li>
|
||||
<li>The presence of IPV6 addresses on devices generated error
|
||||
messages during [re]start if ADD_IP_ALIASES=Yes or ADD_SNAT_ALIASES=Yes
|
||||
are specified in /etc/shorewall/shorewall.conf. These messages have
|
||||
been eliminated.</li>
|
||||
</ol>
|
||||
Migragion Issues:<br>
|
||||
<br>
|
||||
None.<br>
|
||||
<br>
|
||||
New Features:<br>
|
||||
<ol>
|
||||
<li>The INTERFACE column in the /etc/shorewall/masq file may now
|
||||
specify a destination list. <br>
|
||||
<br>
|
||||
Example:<br>
|
||||
<br>
|
||||
#INTERFACE
|
||||
SUBNET ADDRESS<br>
|
||||
eth0:192.0.2.3,192.0.2.16/28 eth1<br>
|
||||
<br>
|
||||
If the list begins with "!" then SNAT will occur only if the
|
||||
destination IP address is NOT included in the list.<br>
|
||||
<br>
|
||||
</li>
|
||||
<li>Output traffic control rules (those with the firewall as the
|
||||
source) may now be qualified by the effective userid and/or effective
|
||||
group id of the program generating the output. This feature is courtesy
|
||||
of Frédéric LESPEZ.<br>
|
||||
<br>
|
||||
A new USER column has been added to /etc/shorewall/tcrules. It may
|
||||
contain :<br>
|
||||
<br>
|
||||
[<user name or number>]:[<group
|
||||
name or number>]<br>
|
||||
<br>
|
||||
The colon is optionnal when specifying only a user.<br>
|
||||
<br>
|
||||
Examples : john: / john / :users /
|
||||
john:users <br>
|
||||
</li>
|
||||
</ol>
|
||||
<p><b>1/13/2004 - Shorewall 1.4.9</b><b><br>
|
||||
</b></p>
|
||||
<p>Problems Corrected since version 1.4.8:<br>
|
||||
|
@ -23,7 +23,10 @@
|
||||
<li> <a href="shorewall_quickstart_guide.htm">QuickStart
|
||||
Guides (HOWTOs)</a> </li>
|
||||
<li> <b><a href="Documentation_Index.html">Documentation</a></b></li>
|
||||
<li> <a href="FAQ.htm">FAQs</a></li>
|
||||
<li> <a href="FAQ.htm">FAQs</a> (<a
|
||||
href="http://wiki.rettc.com/wiki.phtml?title=Wiki_Shorewall_FAQ"
|
||||
target="_top">Wiki</a>)<br>
|
||||
</li>
|
||||
<li><a href="useful_links.html">Useful Links</a> </li>
|
||||
<li> <a href="troubleshoot.htm">Things to try if it doesn't
|
||||
work</a></li>
|
||||
|
@ -32,7 +32,9 @@
|
||||
Guides (HOWTOs)</a><br>
|
||||
</li>
|
||||
<li> <b><a href="Documentation_Index.html">Documentation</a></b></li>
|
||||
<li> <a href="FAQ.htm">FAQs</a></li>
|
||||
<li> <a href="FAQ.htm">FAQs</a> (<a
|
||||
href="http://wiki.rettc.com/wiki.phtml?title=Wiki_Shorewall_FAQ"
|
||||
target="_top">Wiki</a>)</li>
|
||||
<li><a href="useful_links.html">Useful Links</a><br>
|
||||
</li>
|
||||
<li> <a href="troubleshoot.htm">Things to try if it doesn't
|
||||
|
@ -13,7 +13,7 @@
|
||||
<h1>Shorewall Mailing Lists</h1>
|
||||
<span style="font-weight: bold;">Tom Eastep</span><br>
|
||||
<br>
|
||||
Copyright © 2001-2003 Thomas M. Eastep<br>
|
||||
Copyright © 2001-2004 Thomas M. Eastep<br>
|
||||
<br>
|
||||
<div>
|
||||
<div class="legalnotice">
|
||||
@ -27,49 +27,22 @@ Documentation License</a></span>
|
||||
</div>
|
||||
</div>
|
||||
<div>
|
||||
<p class="pubdate">2003-12-30<br>
|
||||
<p class="pubdate">2004-01-28<br>
|
||||
</p>
|
||||
<hr style="width: 100%; height: 2px;"></div>
|
||||
<h2>Acknowlegments</h2>
|
||||
The Shorewall Mailing Lists use the following software:<br>
|
||||
<ul>
|
||||
<li><a href="http://www.centralcommand.com">Vexira Mail Armour</a></li>
|
||||
<li><a href="http://www.gnu.org/software/mailman/mailman.html">GNU
|
||||
Mailman</a></li>
|
||||
<li><a href="http://razor.sourceforge.net/">Vipul's Razor</a></li>
|
||||
<li><a href="http://www.spamassassin.org">SpamAssassin</a></li>
|
||||
<li><a href="http://www.postfix.org">Postfix</a><br>
|
||||
</li>
|
||||
</ul>
|
||||
<h2>Note<br>
|
||||
</h2>
|
||||
<h2>Note</h2>
|
||||
<big><span style="color: rgb(255, 0, 0);"><span
|
||||
style="font-weight: bold;">If you are reporting a problem or asking a
|
||||
question, you are at the wrong place -- please see the <a
|
||||
href="http://shorewall.net/support.htm">Shorewall Support Guide</a>.</span></span></big><br>
|
||||
<br>
|
||||
If you experience problems with any of these lists,
|
||||
please let <a href="mailto:postmaster@shorewall.net">me</a>
|
||||
know
|
||||
<h2 align="left">Not able to Post Mail to shorewall.net?</h2>
|
||||
<p align="left">You can report such problems by sending mail to
|
||||
tmeastep at
|
||||
hotmail dot com.</p>
|
||||
<h2>A Word about the SPAM Filters at Shorewall.net <a
|
||||
href="http://osirusoft.com/"> </a></h2>
|
||||
<p>Please note that the mail server at shorewall.net checks
|
||||
incoming mail:<br>
|
||||
</p>
|
||||
<ol>
|
||||
<li>against <a href="http://spamassassin.org">Spamassassin</a>
|
||||
(including <a href="http://razor.sourceforge.net/">Vipul's Razor</a>).<br>
|
||||
</li>
|
||||
<li>to ensure that the sender address is
|
||||
fully qualified.</li>
|
||||
<li>to verify that the sender's domain has an A or MX record in DNS.</li>
|
||||
<li>to ensure that the host name in the HELO/EHLO command is a valid
|
||||
fully-qualified DNS name.</li>
|
||||
</ol>
|
||||
<h2>Mailing Lists are Moderated for Non-Member Posts</h2>
|
||||
Given the
|
||||
recent problems associated with the MyDoom virus (and the more annoying
|
||||
problem of clueless mail admins who configure their AV software to spam
|
||||
innocent bystanders during a virus storm), the Shorewall lists are now
|
||||
moderated for non-member posts. It is also a good idea to mention that
|
||||
you are a non-member so that people will include you in the CC list
|
||||
when replying.
|
||||
<h2>Please post in plain text</h2>
|
||||
A growing number of MTAs serving list subscribers are rejecting all
|
||||
HTML traffic. At least one MTA has gone so far as to blacklist
|
||||
@ -125,7 +98,8 @@ Search: <input type="text" size="30" name="words" value=""> <input
|
||||
</form>
|
||||
<h2 align="left"><font color="#ff0000">Please do not try to download
|
||||
the entire
|
||||
Archive -- it is 164MB (and growing daily) and my slow DSL line simply
|
||||
HTML Archive -- it is 212MB (and growing daily) and my slow DSL line
|
||||
simply
|
||||
won't
|
||||
stand the traffic. If I catch you, you will be blacklisted.<br>
|
||||
</font></h2>
|
||||
@ -238,6 +212,40 @@ password, there is another button that will cause your password
|
||||
to be emailed to you.</p>
|
||||
</li>
|
||||
</ul>
|
||||
<h2>A Word about the SPAM Filters at Shorewall.net <a
|
||||
href="http://osirusoft.com/"> </a></h2>
|
||||
<p>Please note that the mail server at shorewall.net checks
|
||||
incoming mail:<br>
|
||||
</p>
|
||||
<ol>
|
||||
<li>against <a href="http://spamassassin.org">Spamassassin</a>
|
||||
(including <a href="http://razor.sourceforge.net/">Vipul's Razor</a>).<br>
|
||||
</li>
|
||||
<li>to ensure that the sender address is
|
||||
fully qualified.</li>
|
||||
<li>to verify that the sender's domain has an A or MX record in DNS.</li>
|
||||
<li>to ensure that the host name in the HELO/EHLO command is a valid
|
||||
fully-qualified DNS name.</li>
|
||||
</ol>
|
||||
<h2>
|
||||
If you experience problems with any of these lists,
|
||||
please let <a href="mailto:postmaster@shorewall.net">me</a>
|
||||
know
|
||||
</h2>
|
||||
<h2 align="left">Not able to Post Mail to shorewall.net?</h2>
|
||||
<p align="left">You can report such problems by sending mail to
|
||||
tmeastep at
|
||||
hotmail dot com.</p>
|
||||
<h2>Acknowlegments</h2>
|
||||
The Shorewall Mailing Lists use the following software:<br>
|
||||
<ul>
|
||||
<li><a href="http://www.centralcommand.com">Vexira Mail Armour</a></li>
|
||||
<li><a href="http://www.gnu.org/software/mailman/mailman.html">GNU
|
||||
Mailman</a></li>
|
||||
<li><a href="http://razor.sourceforge.net/">Vipul's Razor</a></li>
|
||||
<li><a href="http://www.spamassassin.org">SpamAssassin</a></li>
|
||||
<li><a href="http://www.postfix.org">Postfix</a></li>
|
||||
</ul>
|
||||
<hr>
|
||||
<h2 align="left">Frustrated by having to Rebuild Mailman to use it with
|
||||
Postfix?</h2>
|
||||
|
@ -87,10 +87,82 @@ setup that matches the documentation on this site. See the <a
|
||||
href="two-interface.htm">Two-interface QuickStart Guide</a> for
|
||||
details.<br>
|
||||
<h2>News</h2>
|
||||
<p><b>1/13/2004 - Shorewall 1.4.9 </b><b><img alt="(New)"
|
||||
<p><b>1/30/2004 - Shorewall 1.4.10</b><b> <img alt="(New)"
|
||||
src="images/new10.gif"
|
||||
style="border: 0px solid ; width: 28px; height: 12px;" title=""></b><b>
|
||||
</b></p>
|
||||
style="border: 0px solid ; width: 28px; height: 12px;" title=""></b></p>
|
||||
<p>Problems Corrected since version 1.4.9</p>
|
||||
<ol>
|
||||
<li>The column descriptions in the action.template file did not
|
||||
match the column headings. That has been corrected.</li>
|
||||
<li>The presence of IPV6 addresses on devices generated error
|
||||
messages during [re]start if ADD_IP_ALIASES=Yes or ADD_SNAT_ALIASES=Yes
|
||||
are specified in /etc/shorewall/shorewall.conf. These messages have
|
||||
been eliminated.</li>
|
||||
<li>The CONTINUE action in /etc/shorewall/rules now works
|
||||
correctly. A couple of problems involving rate limiting have been
|
||||
corrected. These bug fixes courtesy of Steven Jan Springl.</li>
|
||||
<li>Shorewall now tried to avoid sending an ICMP response to
|
||||
broadcasts and smurfs.</li>
|
||||
<li>Specifying "-" or "all" in the PROTO column of an action no
|
||||
longer causes a startup error. <br>
|
||||
<br>
|
||||
</li>
|
||||
</ol>
|
||||
Migragion Issues:<br>
|
||||
<br>
|
||||
None.<br>
|
||||
<br>
|
||||
New Features:<br>
|
||||
<ol>
|
||||
<li>The INTERFACE column in the /etc/shorewall/masq file may
|
||||
now specify a destination list. <br>
|
||||
<br>
|
||||
Example:<br>
|
||||
<br>
|
||||
#INTERFACE
|
||||
SUBNET ADDRESS<br>
|
||||
eth0:192.0.2.3,192.0.2.16/28 eth1<br>
|
||||
<br>
|
||||
If the list begins with "!" then SNAT will occur only if the
|
||||
destination IP address is NOT included in the list.<br>
|
||||
<br>
|
||||
</li>
|
||||
<li>Output traffic control rules (those with the firewall as
|
||||
the source) may now be qualified by the effective userid and/or
|
||||
effective group id of the program generating the output. This feature
|
||||
is courtesy of Frédéric LESPEZ.<br>
|
||||
<br>
|
||||
A new USER column has been added to /etc/shorewall/tcrules. It may
|
||||
contain :<br>
|
||||
<br>
|
||||
[<user name or number>]:[<group
|
||||
name or number>]<br>
|
||||
<br>
|
||||
The colon is optionnal when specifying only a user.<br>
|
||||
<br>
|
||||
Examples : john: / john / :users /
|
||||
john:users<br>
|
||||
<br>
|
||||
</li>
|
||||
<li>A "detectnets" interface option has been added for entries
|
||||
in /etc/shorewall/interfaces. This option automatically taylors the
|
||||
definition of the zone named in the ZONE column to include just
|
||||
those hosts that have routes through the interface named in the
|
||||
INTERFACE column. The named interface must be UP when Shorewall is
|
||||
[re]started.<br>
|
||||
<br>
|
||||
WARNING: DO NOT SET THIS OPTION ON YOUR INTERNET INTERFACE! <br>
|
||||
</li>
|
||||
</ol>
|
||||
<p><b>1/17/2004 - FAQ Wiki Available </b><b></b></p>
|
||||
<p>It has been asserted that the use of CVS for maintaining the
|
||||
Shorewall documentation has been a barrier to community participation.
|
||||
To test this theory, Alex Martin <a
|
||||
href="http://wiki.rettc.com/wiki.phtml?title=Wiki_Shorewall_FAQ">has
|
||||
created a Wiki</a> and with the help of Mike Noyes has populated the
|
||||
Wiki with the Shorewall FAQ. <br>
|
||||
</p>
|
||||
<p><b>1/13/2004 - Shorewall 1.4.9 </b><b> </b></p>
|
||||
<p>Problems Corrected since version 1.4.8:</p>
|
||||
<ol>
|
||||
<li>There has been a low continuing level of confusion over the
|
||||
@ -189,22 +261,6 @@ system on his external network.<br>
|
||||
<br>
|
||||
</li>
|
||||
</ol>
|
||||
<p><b>12/28/2003 - www.shorewall.net/ftp.shorewall.net Back
|
||||
On-line</b> <b><img alt="(New)" src="images/new10.gif"
|
||||
style="border: 0px solid ; width: 28px; height: 12px;" title=""> <br>
|
||||
</b></p>
|
||||
<p>Our high-capacity server has been restored to service --
|
||||
please let <a href="mailto:webmaster@shorewall.net">us</a> know if you
|
||||
find any problems.</p>
|
||||
<p><b>12/03/2003 - Support Torch Passed</b></p>
|
||||
Effective today, I am reducing my participation in the day-to-day
|
||||
support of Shorewall. As part of this shift to community-based
|
||||
Shorewall support a new <a
|
||||
href="https://lists.shorewall.net/mailman/listinfo/shorewall-newbies">Shorewall
|
||||
Newbies mailing list</a> has been established to field questions and
|
||||
problems from new users. I will not monitor that list personally. I
|
||||
will continue my active development of Shorewall and will be available
|
||||
via the development list to handle development issues -- Tom.
|
||||
<p><a href="News.htm">More News</a></p>
|
||||
<p><a href="http://leaf.sourceforge.net" target="_top"><img
|
||||
alt="(Leaf Logo)"
|
||||
@ -231,10 +287,14 @@ Children's Foundation</a>. Thanks!</big><br>
|
||||
<a href="http://www.starlight.org"></a></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td style="vertical-align: top;"><br>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
<p><font size="2">Updated 01/13/2004 - <a href="support.htm">Tom Eastep</a></font><br>
|
||||
<p><font size="2">Updated 01/30/2004 - <a href="support.htm">Tom Eastep</a></font><br>
|
||||
</p>
|
||||
</body>
|
||||
</html>
|
||||
|
@ -92,9 +92,82 @@ and installing a setup that matches the documentation on this site.
|
||||
See the <a href="two-interface.htm">Two-interface QuickStart
|
||||
Guide</a> for details.
|
||||
<h2><b>News</b></h2>
|
||||
<p><b>1/13/2004 - Shorewall 1.4.9</b> <b><img
|
||||
style="border: 0px solid ; width: 28px; height: 12px;"
|
||||
src="images/new10.gif" alt="(New)" title=""><br>
|
||||
<p><b>1/30/2004 - Shorewall 1.4.10</b><b> <img alt="(New)"
|
||||
src="images/new10.gif"
|
||||
style="border: 0px solid ; width: 28px; height: 12px;" title=""></b></p>
|
||||
<p>Problems Corrected since version 1.4.9</p>
|
||||
<ol>
|
||||
<li>The column descriptions in the action.template file did not
|
||||
match the column headings. That has been corrected.</li>
|
||||
<li>The presence of IPV6 addresses on devices generated error
|
||||
messages during [re]start if ADD_IP_ALIASES=Yes or ADD_SNAT_ALIASES=Yes
|
||||
are specified in /etc/shorewall/shorewall.conf. These messages have
|
||||
been eliminated.</li>
|
||||
<li value="3">The CONTINUE action in /etc/shorewall/rules now
|
||||
works
|
||||
correctly. A couple of problems involving rate limiting have been
|
||||
corrected. These bug fixes courtesy of Steven Jan Springl.</li>
|
||||
<li>Shorewall now tried to avoid sending an ICMP response to
|
||||
broadcasts and smurfs.</li>
|
||||
<li>Specifying "-" or "all" in the PROTO column of an action no
|
||||
longer causes a startup error. </li>
|
||||
</ol>
|
||||
Migragion Issues:<br>
|
||||
<br>
|
||||
None.<br>
|
||||
<br>
|
||||
New Features:<br>
|
||||
<ol>
|
||||
<li>The INTERFACE column in the /etc/shorewall/masq file may
|
||||
now specify a destination list. <br>
|
||||
<br>
|
||||
Example:<br>
|
||||
<br>
|
||||
#INTERFACE
|
||||
SUBNET ADDRESS<br>
|
||||
eth0:192.0.2.3,192.0.2.16/28 eth1<br>
|
||||
<br>
|
||||
If the list begins with "!" then SNAT will occur only if the
|
||||
destination IP address is NOT included in the list.<br>
|
||||
<br>
|
||||
</li>
|
||||
<li>Output traffic control rules (those with the firewall as
|
||||
the
|
||||
source) may now be qualified by the effective userid and/or effective
|
||||
group id of the program generating the output. This feature is courtesy
|
||||
of Frédéric LESPEZ.<br>
|
||||
<br>
|
||||
A new USER column has been added to /etc/shorewall/tcrules. It may
|
||||
contain :<br>
|
||||
<br>
|
||||
[<user name or number>]:[<group
|
||||
name or number>]<br>
|
||||
<br>
|
||||
The colon is optionnal when specifying only a user.<br>
|
||||
<br>
|
||||
Examples : john: / john / :users /
|
||||
john:users<br>
|
||||
<br>
|
||||
</li>
|
||||
<li>A "detectnets" interface option has been added for entries
|
||||
in
|
||||
/etc/shorewall/interfaces. This option automatically taylors the
|
||||
definition of the zone named in the ZONE column to include just
|
||||
those
|
||||
hosts that have routes through the interface named in the INTERFACE
|
||||
column. The named interface must be UP when Shorewall is [re]started.<br>
|
||||
<br>
|
||||
WARNING: DO NOT SET THIS OPTION ON YOUR INTERNET INTERFACE!
|
||||
</li>
|
||||
</ol>
|
||||
<p><b>1/17/2004 - FAQ Wiki Available </b><b></b></p>
|
||||
It has been asserted that the use of CVS for maintaining the
|
||||
Shorewall documentation has been a barrier to community participation.
|
||||
To test this theory, Alex Martin <a
|
||||
href="http://wiki.rettc.com/wiki.phtml?title=Wiki_Shorewall_FAQ">has
|
||||
created a Wiki</a> and with the help of Mike Noyes has populated the
|
||||
Wiki with the Shorewall FAQ.
|
||||
<p><b>1/13/2004 - Shorewall 1.4.9</b> <b><br>
|
||||
</b></p>
|
||||
<p>Problems Corrected since version 1.4.8:<br>
|
||||
</p>
|
||||
@ -201,25 +274,6 @@ packets with a null source address. Ad Koster reported a case where
|
||||
these were occuring frequently as a result of a broken system on his
|
||||
external network.</li>
|
||||
</ol>
|
||||
<p><b>12/28/2003 - www.shorewall.net/ftp.shorewall.net Back
|
||||
On-line</b> <b><img alt="(New)" src="images/new10.gif"
|
||||
style="border: 0px solid ; width: 28px; height: 12px;" title=""> <br>
|
||||
</b></p>
|
||||
<p>Our high-capacity server has been restored to service --
|
||||
please let <a href="mailto:webmaster@shorewall.net">us</a> know if you
|
||||
find any problems.</p>
|
||||
<p><b>12/03/2003 - Support Torch Passed</b> <b><img
|
||||
style="border: 0px solid ; width: 28px; height: 12px;"
|
||||
src="images/new10.gif" alt="(New)" title=""></b></p>
|
||||
Effective today, I am reducing my participation in the day-to-day
|
||||
support of Shorewall. As part of this shift to community-based
|
||||
Shorewall support a new <a
|
||||
href="https://lists.shorewall.net/mailman/listinfo/shorewall-newbies">Shorewall
|
||||
Newbies mailing list</a> has been established to field questions
|
||||
and problems from new users. I will not monitor that list
|
||||
personally. I will continue my active development of Shorewall and
|
||||
will be available via the development list to handle development
|
||||
issues -- Tom.
|
||||
<p><b><a href="News.htm">More News</a></b></p>
|
||||
<b></b>
|
||||
<h2><b></b></h2>
|
||||
@ -268,7 +322,7 @@ Children's Foundation.</font></a> Thanks!</font></font></p>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<p><font size="2">Updated 01/13/2004 - <a href="support.htm">Tom
|
||||
<p><font size="2">Updated 01/30/2004 - <a href="support.htm">Tom
|
||||
Eastep</a></font><br>
|
||||
</p>
|
||||
</body>
|
||||
|
Loading…
Reference in New Issue
Block a user