extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-22 23:53:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Shorewall 1.4.10

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1101 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-01-31 03:35:08 +00:00
parent b222c76e33
commit f201d06f6e
6 changed files with 449 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

239
Shorewall-Website/News.htm
View File

@ -18,9 +18,246 @@ Texts. A copy of the license is included in the section entitled “<span
class="quote"><a href="GnuCopyright.htm" target="_self">GNU Free
Documentation License</a></span>”.<br>
</p>
<p>2004-01-13<br>
<p>2004-01-30<br>
</p>
<hr style="width: 100%; height: 2px;">
<p><b>1/30/2004 - Shorewall 1.4.10</b></p>
<p>Problems Corrected since version 1.4.9</p>
<ol>
<li>The column descriptions in the action.template file did not
match the column headings. That has been corrected.</li>
<li>The presence of IPV6 addresses on devices generated error
messages during [re]start if ADD_IP_ALIASES=Yes or ADD_SNAT_ALIASES=Yes
are specified in /etc/shorewall/shorewall.conf. These messages have
been eliminated.</li>
<li value="3">The CONTINUE action in /etc/shorewall/rules now
works
correctly. A couple of problems involving rate limiting have been
corrected. These bug fixes courtesy of Steven Jan Springl.</li>
<li>Shorewall now tried to avoid sending an ICMP response to
broadcasts and smurfs.</li>
<li>Specifying "-" or "all" in the PROTO column of an action no
longer causes a startup error. </li>
</ol>
Migragion Issues:<br>
<br>
&nbsp;&nbsp;&nbsp; None.<br>
<br>
New Features:<br>
<ol>
<li>The INTERFACE column in the /etc/shorewall/masq file may
now specify a destination list. <br>
<br>
Example:<br>
<br>
&nbsp;&nbsp;&nbsp; #INTERFACE&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; SUBNET&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; ADDRESS<br>
&nbsp;&nbsp;&nbsp; eth0:192.0.2.3,192.0.2.16/28&nbsp;&nbsp;&nbsp; eth1<br>
<br>
If the list begins with "!" then SNAT will occur only if the
destination IP address is NOT included in the list.<br>
<br>
</li>
<li>Output traffic control rules (those with the firewall as
the
source) may now be qualified by the effective userid and/or effective
group id of the program generating the output. This feature is courtesy
of&nbsp; Frédéric LESPEZ.<br>
<br>
A new USER column has been added to /etc/shorewall/tcrules. It may
contain :<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [&lt;user name or number&gt;]:[&lt;group
name or number&gt;]<br>
<br>
The colon is optionnal when specifying only a user.<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Examples : john: / john / :users /
john:users<br>
<br>
</li>
<li>A "detectnets" interface option has been added for entries
in
/etc/shorewall/interfaces. This option automatically taylors the
definition of the zone named in the ZONE column to include just&nbsp;
those
hosts that have routes through the interface named in the INTERFACE
column. The named interface must be UP when Shorewall is [re]started.<br>
<br>
&nbsp;WARNING: DO NOT SET THIS OPTION ON YOUR INTERNET INTERFACE!
&nbsp;&nbsp; </li>
</ol>
<p><b>1/27/2004 - Shorewall 1.4.10 RC3</b></p>
<p><a href="http://shorewall.net/pub/shorewall/Beta">http://shorewall.net/pub/shorewall/Beta</a><br>
<a href="ftp://shorewall.net/pub/shorewall/Beta" target="_top">ftp://shorewall.net/pub/shorewall/Beta</a><br>
</p>
<p>Problems Corrected since version 1.4.9</p>
<ol>
<li>The column descriptions in the action.template file did not
match the column headings. That has been corrected.</li>
<li>The presence of IPV6 addresses on devices generated error
messages during [re]start if ADD_IP_ALIASES=Yes or ADD_SNAT_ALIASES=Yes
are specified in /etc/shorewall/shorewall.conf. These messages have
been eliminated.</li>
<li value="3">The CONTINUE action in /etc/shorewall/rules now works
correctly. A couple of problems involving rate limiting have been
corrected. These bug fixes courtesy of Steven Jan Springl.</li>
<li>Shorewall now tried to avoid sending an ICMP response to
broadcasts and smurfs.<br>
</li>
</ol>
Migragion Issues:<br>
<br>
&nbsp;&nbsp;&nbsp; None.<br>
<br>
New Features:<br>
<ol>
<li>The INTERFACE column in the /etc/shorewall/masq file may
now specify a destination list. <br>
<br>
Example:<br>
<br>
&nbsp;&nbsp;&nbsp; #INTERFACE&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; SUBNET&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; ADDRESS<br>
&nbsp;&nbsp;&nbsp; eth0:192.0.2.3,192.0.2.16/28&nbsp;&nbsp;&nbsp; eth1<br>
<br>
If the list begins with "!" then SNAT will occur only if the
destination IP address is NOT included in the list.<br>
<br>
</li>
<li>Output traffic control rules (those with the firewall as
the
source) may now be qualified by the effective userid and/or effective
group id of the program generating the output. This feature is courtesy
of&nbsp; Frédéric LESPEZ.<br>
<br>
A new USER column has been added to /etc/shorewall/tcrules. It may
contain :<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [&lt;user name or number&gt;]:[&lt;group
name or number&gt;]<br>
<br>
The colon is optionnal when specifying only a user.<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Examples : john: / john / :users /
john:users<br>
<br>
</li>
<li>A "detectnets" interface option has been added for entries
in
/etc/shorewall/interfaces. This option automatically taylors the
definition of the zone named in the ZONE column to include just&nbsp;
those
hosts that have routes through the interface named in the INTERFACE
column. The named interface must be UP when Shorewall is [re]started.<br>
<br>
&nbsp;WARNING: DO NOT SET THIS OPTION ON YOUR INTERNET INTERFACE!
&nbsp;&nbsp; </li>
</ol>
<p><b>1/24/2004 - Shorewall 1.4.10 RC2</b><b>&nbsp;</b></p>
<p><a href="http://shorewall.net/pub/shorewall/Beta">http://shorewall.net/pub/shorewall/Beta</a><br>
<a href="ftp://shorewall.net/pub/shorewall/Beta" target="_top">ftp://shorewall.net/pub/shorewall/Beta</a><br>
</p>
<p>Problems Corrected since version 1.4.9</p>
<ol>
<li>The column descriptions in the action.template file did not
match the column headings. That has been corrected.</li>
<li>The presence of IPV6 addresses on devices generated error
messages during [re]start if ADD_IP_ALIASES=Yes or ADD_SNAT_ALIASES=Yes
are specified in /etc/shorewall/shorewall.conf. These messages have
been eliminated.</li>
</ol>
Migragion Issues:<br>
<br>
&nbsp;&nbsp;&nbsp; None.<br>
<br>
New Features:<br>
<ol>
<li>The INTERFACE column in the /etc/shorewall/masq file may
now specify a destination list. <br>
<br>
Example:<br>
<br>
&nbsp;&nbsp;&nbsp; #INTERFACE&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; SUBNET&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; ADDRESS<br>
&nbsp;&nbsp;&nbsp; eth0:192.0.2.3,192.0.2.16/28&nbsp;&nbsp;&nbsp; eth1<br>
<br>
If the list begins with "!" then SNAT will occur only if the
destination IP address is NOT included in the list.<br>
<br>
</li>
<li>Output traffic control rules (those with the firewall as
the source) may now be qualified by the effective userid and/or
effective group id of the program generating the output. This feature
is courtesy of&nbsp; Frédéric LESPEZ.<br>
<br>
A new USER column has been added to /etc/shorewall/tcrules. It may
contain :<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [&lt;user name or number&gt;]:[&lt;group
name or number&gt;]<br>
<br>
The colon is optionnal when specifying only a user.<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Examples : john: / john / :users /
john:users<br>
<br>
</li>
<li>A "detectnets" interface option has been added for entries in
/etc/shorewall/interfaces. This option automatically taylors the
definition of the zone named in the ZONE column to include just&nbsp;
those
hosts that have routes through the interface named in the INTERFACE
column. The named interface must be UP when Shorewall is [re]started.<br>
<br>
&nbsp;WARNING: DO NOT SET THIS OPTION ON YOUR INTERNET INTERFACE! </li>
</ol>
<p><b>1/22/2004 - Shorewall 1.4.10 RC1</b><b>&nbsp;</b></p>
<p>Problems Corrected since version 1.4.9</p>
<ol>
<li>The column descriptions in the action.template file did not match
the column headings. That has been corrected.</li>
<li>The presence of IPV6 addresses on devices generated error
messages during [re]start if ADD_IP_ALIASES=Yes or ADD_SNAT_ALIASES=Yes
are specified in /etc/shorewall/shorewall.conf. These messages have
been eliminated.</li>
</ol>
Migragion Issues:<br>
<br>
&nbsp;&nbsp;&nbsp; None.<br>
<br>
New Features:<br>
<ol>
<li>The INTERFACE column in the /etc/shorewall/masq file may now
specify a destination list. <br>
<br>
Example:<br>
<br>
&nbsp;&nbsp;&nbsp; #INTERFACE&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; SUBNET&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; ADDRESS<br>
&nbsp;&nbsp;&nbsp; eth0:192.0.2.3,192.0.2.16/28&nbsp;&nbsp;&nbsp; eth1<br>
<br>
If the list begins with "!" then SNAT will occur only if the
destination IP address is NOT included in the list.<br>
<br>
</li>
<li>Output traffic control rules (those with the firewall as the
source) may now be qualified by the effective userid and/or effective
group id of the program generating the output. This feature is courtesy
of&nbsp; Frédéric LESPEZ.<br>
<br>
A new USER column has been added to /etc/shorewall/tcrules. It may
contain :<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [&lt;user name or number&gt;]:[&lt;group
name or number&gt;]<br>
<br>
The colon is optionnal when specifying only a user.<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Examples : john: / john / :users /
john:users&nbsp;&nbsp;&nbsp; <br>
</li>
</ol>
<p><b>1/13/2004 - Shorewall 1.4.9</b><b><br>
</b></p>
<p>Problems Corrected since version 1.4.8:<br>

5
Shorewall-Website/Shorewall_index_frame.htm
View File

@ -23,7 +23,10 @@
<li> <a href="shorewall_quickstart_guide.htm">QuickStart
Guides (HOWTOs)</a> </li>
<li> <b><a href="Documentation_Index.html">Documentation</a></b></li>
<li> <a href="FAQ.htm">FAQs</a></li>
<li> <a href="FAQ.htm">FAQs</a>&nbsp; (<a
href="http://wiki.rettc.com/wiki.phtml?title=Wiki_Shorewall_FAQ"
target="_top">Wiki</a>)<br>
</li>
<li><a href="useful_links.html">Useful Links</a> </li>
<li> <a href="troubleshoot.htm">Things to try if it doesn't
work</a></li>

4
Shorewall-Website/Shorewall_sfindex_frame.htm
View File

@ -32,7 +32,9 @@
Guides (HOWTOs)</a><br>
</li>
<li> <b><a href="Documentation_Index.html">Documentation</a></b></li>
<li> <a href="FAQ.htm">FAQs</a></li>
<li> <a href="FAQ.htm">FAQs</a>&nbsp; (<a
href="http://wiki.rettc.com/wiki.phtml?title=Wiki_Shorewall_FAQ"
target="_top">Wiki</a>)</li>
<li><a href="useful_links.html">Useful Links</a><br>
</li>
<li> <a href="troubleshoot.htm">Things to try if it doesn't

86
Shorewall-Website/mailing_list.htm
View File

@ -13,7 +13,7 @@
<h1>Shorewall Mailing Lists</h1>
<span style="font-weight: bold;">Tom Eastep</span><br>
<br>
Copyright © 2001-2003 Thomas M. Eastep<br>
Copyright © 2001-2004 Thomas M. Eastep<br>
<br>
<div>
<div class="legalnotice">
@ -27,49 +27,22 @@ Documentation License</a></span>
</div>
</div>
<div>
<p class="pubdate">2003-12-30<br>
<p class="pubdate">2004-01-28<br>
</p>
<hr style="width: 100%; height: 2px;"></div>
<h2>Acknowlegments</h2>
The Shorewall Mailing Lists use the following software:<br>
<ul>
<li><a href="http://www.centralcommand.com">Vexira Mail Armour</a></li>
<li><a href="http://www.gnu.org/software/mailman/mailman.html">GNU
Mailman</a></li>
<li><a href="http://razor.sourceforge.net/">Vipul's Razor</a></li>
<li><a href="http://www.spamassassin.org">SpamAssassin</a></li>
<li><a href="http://www.postfix.org">Postfix</a><br>
</li>
</ul>
<h2>Note<br>
</h2>
<h2>Note</h2>
<big><span style="color: rgb(255, 0, 0);"><span
style="font-weight: bold;">If you are reporting a problem or asking a
question, you are at the wrong place -- please see the <a
href="http://shorewall.net/support.htm">Shorewall Support Guide</a>.</span></span></big><br>
<br>
If you experience problems with any of these lists,
please let <a href="mailto:postmaster@shorewall.net">me</a>
know
<h2 align="left">Not able to Post Mail to shorewall.net?</h2>
<p align="left">You can report such problems by sending mail to
tmeastep at
hotmail dot com.</p>
<h2>A Word about the SPAM Filters at Shorewall.net&nbsp;<a
href="http://osirusoft.com/"> </a></h2>
<p>Please note that the mail server at shorewall.net checks
incoming mail:<br>
</p>
<ol>
<li>against <a href="http://spamassassin.org">Spamassassin</a>
(including <a href="http://razor.sourceforge.net/">Vipul's Razor</a>).<br>
</li>
<li>to ensure that the sender address is
fully qualified.</li>
<li>to verify that the sender's domain has an A or MX record in DNS.</li>
<li>to ensure that the host name in the HELO/EHLO command is a valid
fully-qualified DNS name.</li>
</ol>
<h2>Mailing Lists are Moderated for Non-Member Posts</h2>
Given the
recent problems associated with the MyDoom virus (and the more annoying
problem of clueless mail admins who configure their AV software to spam
innocent bystanders during a virus storm), the Shorewall lists are now
moderated for non-member posts. It is also a good idea to mention that
you are a non-member so that people will include you in the CC list
when replying.
<h2>Please post in plain text</h2>
A growing number of MTAs serving list subscribers are rejecting all
HTML traffic. At least one MTA has gone so far as to blacklist
@ -125,7 +98,8 @@ Search: <input type="text" size="30" name="words" value=""> <input
</form>
<h2 align="left"><font color="#ff0000">Please do not try to download
the entire
Archive -- it is 164MB (and growing daily) and my slow DSL line simply
HTML Archive -- it is 212MB (and growing daily) and my slow DSL line
simply
won't
stand the traffic. If I catch you, you will be blacklisted.<br>
</font></h2>
@ -238,6 +212,40 @@ password, there is another button that will cause your password
to be emailed to you.</p>
</li>
</ul>
<h2>A Word about the SPAM Filters at Shorewall.net&nbsp;<a
href="http://osirusoft.com/"> </a></h2>
<p>Please note that the mail server at shorewall.net checks
incoming mail:<br>
</p>
<ol>
<li>against <a href="http://spamassassin.org">Spamassassin</a>
(including <a href="http://razor.sourceforge.net/">Vipul's Razor</a>).<br>
</li>
<li>to ensure that the sender address is
fully qualified.</li>
<li>to verify that the sender's domain has an A or MX record in DNS.</li>
<li>to ensure that the host name in the HELO/EHLO command is a valid
fully-qualified DNS name.</li>
</ol>
<h2>
If you experience problems with any of these lists,
please let <a href="mailto:postmaster@shorewall.net">me</a>
know
</h2>
<h2 align="left">Not able to Post Mail to shorewall.net?</h2>
<p align="left">You can report such problems by sending mail to
tmeastep at
hotmail dot com.</p>
<h2>Acknowlegments</h2>
The Shorewall Mailing Lists use the following software:<br>
<ul>
<li><a href="http://www.centralcommand.com">Vexira Mail Armour</a></li>
<li><a href="http://www.gnu.org/software/mailman/mailman.html">GNU
Mailman</a></li>
<li><a href="http://razor.sourceforge.net/">Vipul's Razor</a></li>
<li><a href="http://www.spamassassin.org">SpamAssassin</a></li>
<li><a href="http://www.postfix.org">Postfix</a></li>
</ul>
<hr>
<h2 align="left">Frustrated by having to Rebuild Mailman to use it with
Postfix?</h2>

100
Shorewall-Website/seattlefirewall_index.htm
View File

@ -87,10 +87,82 @@ setup that matches the documentation on this site. See the <a
href="two-interface.htm">Two-interface QuickStart Guide</a> for
details.<br>
<h2>News</h2>
<p><b>1/13/2004 - Shorewall 1.4.9 </b><b><img alt="(New)"
<p><b>1/30/2004 - Shorewall 1.4.10</b><b> <img alt="(New)"
src="images/new10.gif"
style="border: 0px solid ; width: 28px; height: 12px;" title=""></b><b>
</b></p>
style="border: 0px solid ; width: 28px; height: 12px;" title=""></b></p>
<p>Problems Corrected since version 1.4.9</p>
<ol>
<li>The column descriptions in the action.template file did not
match the column headings. That has been corrected.</li>
<li>The presence of IPV6 addresses on devices generated error
messages during [re]start if ADD_IP_ALIASES=Yes or ADD_SNAT_ALIASES=Yes
are specified in /etc/shorewall/shorewall.conf. These messages have
been eliminated.</li>
<li>The CONTINUE action in /etc/shorewall/rules now works
correctly. A couple of problems involving rate limiting have been
corrected. These bug fixes courtesy of Steven Jan Springl.</li>
<li>Shorewall now tried to avoid sending an ICMP response to
broadcasts and smurfs.</li>
<li>Specifying "-" or "all" in the PROTO column of an action no
longer causes a startup error. <br>
<br>
</li>
</ol>
Migragion Issues:<br>
<br>
&nbsp;&nbsp;&nbsp; None.<br>
<br>
New Features:<br>
<ol>
<li>The INTERFACE column in the /etc/shorewall/masq file may
now specify a destination list. <br>
<br>
Example:<br>
<br>
&nbsp;&nbsp;&nbsp; #INTERFACE&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; SUBNET&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; ADDRESS<br>
&nbsp;&nbsp;&nbsp; eth0:192.0.2.3,192.0.2.16/28&nbsp;&nbsp;&nbsp; eth1<br>
<br>
If the list begins with "!" then SNAT will occur only if the
destination IP address is NOT included in the list.<br>
<br>
</li>
<li>Output traffic control rules (those with the firewall as
the source) may now be qualified by the effective userid and/or
effective group id of the program generating the output. This feature
is courtesy of&nbsp; Frédéric LESPEZ.<br>
<br>
A new USER column has been added to /etc/shorewall/tcrules. It may
contain :<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [&lt;user name or number&gt;]:[&lt;group
name or number&gt;]<br>
<br>
The colon is optionnal when specifying only a user.<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Examples : john: / john / :users /
john:users<br>
<br>
</li>
<li>A "detectnets" interface option has been added for entries
in /etc/shorewall/interfaces. This option automatically taylors the
definition of the zone named in the ZONE column to include just&nbsp;
those hosts that have routes through the interface named in the
INTERFACE column. The named interface must be UP when Shorewall is
[re]started.<br>
<br>
&nbsp;WARNING: DO NOT SET THIS OPTION ON YOUR INTERNET INTERFACE! <br>
</li>
</ol>
<p><b>1/17/2004 - FAQ Wiki Available&nbsp;</b><b></b></p>
<p>It has been asserted that the use of CVS for maintaining the
Shorewall documentation has been a barrier to community participation.
To test this theory, Alex Martin <a
href="http://wiki.rettc.com/wiki.phtml?title=Wiki_Shorewall_FAQ">has
created a Wiki</a> and with the help of Mike Noyes has populated the
Wiki with the Shorewall FAQ. <br>
</p>
<p><b>1/13/2004 - Shorewall 1.4.9&nbsp;</b><b> </b></p>
<p>Problems Corrected since version 1.4.8:</p>
<ol>
<li>There has been a low continuing level of confusion over the
@ -189,22 +261,6 @@ system on his external network.<br>
<br>
</li>
</ol>
<p><b>12/28/2003 - www.shorewall.net/ftp.shorewall.net Back
On-line</b> <b><img alt="(New)" src="images/new10.gif"
style="border: 0px solid ; width: 28px; height: 12px;" title=""> <br>
</b></p>
<p>Our high-capacity server has been restored to service --
please let <a href="mailto:webmaster@shorewall.net">us</a> know if you
find any problems.</p>
<p><b>12/03/2003 - Support Torch Passed</b></p>
Effective today, I am reducing my participation in the day-to-day
support of Shorewall. As part of this shift to community-based
Shorewall support a new <a
href="https://lists.shorewall.net/mailman/listinfo/shorewall-newbies">Shorewall
Newbies mailing list</a> has been established to field questions and
problems from new users. I will not monitor that list personally. I
will continue my active development of Shorewall and will be available
via the development list to handle development issues -- Tom.
<p><a href="News.htm">More News</a></p>
<p><a href="http://leaf.sourceforge.net" target="_top"><img
alt="(Leaf Logo)"
@ -231,10 +287,14 @@ Children's Foundation</a>. Thanks!</big><br>
<a href="http://www.starlight.org"></a></p>
</td>
</tr>
<tr>
<td style="vertical-align: top;"><br>
</td>
</tr>
</tbody>
</table>
</div>
<p><font size="2">Updated 01/13/2004 - <a href="support.htm">Tom Eastep</a></font><br>
<p><font size="2">Updated 01/30/2004 - <a href="support.htm">Tom Eastep</a></font><br>
</p>
</body>
</html>

100
Shorewall-Website/sourceforge_index.htm
View File

@ -92,9 +92,82 @@ and installing a setup that matches the documentation on this site.
See the <a href="two-interface.htm">Two-interface QuickStart
Guide</a> for details.
<h2><b>News</b></h2>
<p><b>1/13/2004 - Shorewall 1.4.9</b> <b><img
style="border: 0px solid ; width: 28px; height: 12px;"
src="images/new10.gif" alt="(New)" title=""><br>
<p><b>1/30/2004 - Shorewall 1.4.10</b><b> <img alt="(New)"
src="images/new10.gif"
style="border: 0px solid ; width: 28px; height: 12px;" title=""></b></p>
<p>Problems Corrected since version 1.4.9</p>
<ol>
<li>The column descriptions in the action.template file did not
match the column headings. That has been corrected.</li>
<li>The presence of IPV6 addresses on devices generated error
messages during [re]start if ADD_IP_ALIASES=Yes or ADD_SNAT_ALIASES=Yes
are specified in /etc/shorewall/shorewall.conf. These messages have
been eliminated.</li>
<li value="3">The CONTINUE action in /etc/shorewall/rules now
works
correctly. A couple of problems involving rate limiting have been
corrected. These bug fixes courtesy of Steven Jan Springl.</li>
<li>Shorewall now tried to avoid sending an ICMP response to
broadcasts and smurfs.</li>
<li>Specifying "-" or "all" in the PROTO column of an action no
longer causes a startup error. </li>
</ol>
Migragion Issues:<br>
<br>
&nbsp;&nbsp;&nbsp; None.<br>
<br>
New Features:<br>
<ol>
<li>The INTERFACE column in the /etc/shorewall/masq file may
now specify a destination list. <br>
<br>
Example:<br>
<br>
&nbsp;&nbsp;&nbsp; #INTERFACE&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp; SUBNET&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; ADDRESS<br>
&nbsp;&nbsp;&nbsp; eth0:192.0.2.3,192.0.2.16/28&nbsp;&nbsp;&nbsp; eth1<br>
<br>
If the list begins with "!" then SNAT will occur only if the
destination IP address is NOT included in the list.<br>
<br>
</li>
<li>Output traffic control rules (those with the firewall as
the
source) may now be qualified by the effective userid and/or effective
group id of the program generating the output. This feature is courtesy
of&nbsp; Frédéric LESPEZ.<br>
<br>
A new USER column has been added to /etc/shorewall/tcrules. It may
contain :<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [&lt;user name or number&gt;]:[&lt;group
name or number&gt;]<br>
<br>
The colon is optionnal when specifying only a user.<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Examples : john: / john / :users /
john:users<br>
<br>
</li>
<li>A "detectnets" interface option has been added for entries
in
/etc/shorewall/interfaces. This option automatically taylors the
definition of the zone named in the ZONE column to include just&nbsp;
those
hosts that have routes through the interface named in the INTERFACE
column. The named interface must be UP when Shorewall is [re]started.<br>
<br>
&nbsp;WARNING: DO NOT SET THIS OPTION ON YOUR INTERNET INTERFACE!
&nbsp;&nbsp; </li>
</ol>
<p><b>1/17/2004 - FAQ Wiki Available&nbsp;</b><b></b></p>
It has been asserted that the use of CVS for maintaining the
Shorewall documentation has been a barrier to community participation.
To test this theory, Alex Martin <a
href="http://wiki.rettc.com/wiki.phtml?title=Wiki_Shorewall_FAQ">has
created a Wiki</a> and with the help of Mike Noyes has populated the
Wiki with the Shorewall FAQ.
<p><b>1/13/2004 - Shorewall 1.4.9</b> <b><br>
</b></p>
<p>Problems Corrected since version 1.4.8:<br>
</p>
@ -201,25 +274,6 @@ packets with a null source address. Ad Koster reported a case where
these were occuring frequently as a result of a broken system on his
external network.</li>
</ol>
<p><b>12/28/2003 - www.shorewall.net/ftp.shorewall.net Back
On-line</b> <b><img alt="(New)" src="images/new10.gif"
style="border: 0px solid ; width: 28px; height: 12px;" title=""> <br>
</b></p>
<p>Our high-capacity server has been restored to service --
please let <a href="mailto:webmaster@shorewall.net">us</a> know if you
find any problems.</p>
<p><b>12/03/2003 - Support Torch Passed</b> <b><img
style="border: 0px solid ; width: 28px; height: 12px;"
src="images/new10.gif" alt="(New)" title=""></b></p>
Effective today, I am reducing my participation in the day-to-day
support of Shorewall. As part of this shift to community-based
Shorewall support a new <a
href="https://lists.shorewall.net/mailman/listinfo/shorewall-newbies">Shorewall
Newbies mailing list</a> has been established to field questions
and problems from new users. I will not monitor that list
personally. I will continue my active development of Shorewall and
will be available via the development list to handle development
issues -- Tom.
<p><b><a href="News.htm">More News</a></b></p>
<b></b>
<h2><b></b></h2>
@ -268,7 +322,7 @@ Children's Foundation.</font></a> Thanks!</font></font></p>
</tr>
</tbody>
</table>
<p><font size="2">Updated 01/13/2004 - <a href="support.htm">Tom
<p><font size="2">Updated 01/30/2004 - <a href="support.htm">Tom
Eastep</a></font><br>
</p>
</body>