Shorwall Logo Shorewall 1.4 - "iptables made easy"

Shorewall 1.3 Site here

What is it?

The Shoreline Firewall, more commonly known as  "Shorewall", is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system.

This program is free software; you can redistribute it and/or modify it under the terms of Version 2 of the GNU General Public License as published by the Free Software Foundation.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA

Copyright 2001, 2002, 2003 Thomas M. Eastep

Jacques Nilo and Eric Wolzak have a LEAF (router/firewall/gateway on a floppy, CD or compact flash) distribution called Bering that features Shorewall-1.3.14 and Kernel-2.4.20. You can find their work at: http://leaf.sourceforge.net/devel/jnilo

Congratulations to Jacques and Eric on the recent release of Bering 1.1!!!

News

3/24/2003 - Shorewall 1.4.1 (New)  

This release follows up on 1.4.0. It corrects a problem introduced in 1.4.0 and removes additional warts.

Problems Corrected:

  1. When Shorewall 1.4.0 is run under the ash shell (such as on Bering/LEAF), it can attempt to add ECN disabling rules even if the /etc/shorewall/ecn file is empty. That problem has been corrected so that ECN disabling rules are only added if there are entries in /etc/shorewall/ecn.
New Features:
Note: In the list that follows, the term group refers to a particular network or subnetwork (which may be 0.0.0.0/0 or it may be a host address) accessed through a particular interface. Examples:
eth0:0.0.0.0/0
eth2:192.168.1.0/24
eth3:192.0.2.123
You can use the "shorewall check" command to see the groups associated with each of your zones.
  1. Beginning with Shorewall 1.4.1, if a zone Z comprises more than one group then if there is no explicit Z to Z policy and there are no rules governing traffic from Z to Z then Shorewall will permit all traffic between the groups in the zone.
  2. Beginning with Shorewall 1.4.1, Shorewall will never create rules to handle traffic from a group to itself.
  3. A NONE policy is introduced in 1.4.1. When a policy of NONE is specified from Z1 to Z2:
  • There may be no rules created that govern connections from Z1 to Z2.
  • Shorewall will not create any infrastructure to handle traffic from Z1 to Z2.
See the upgrade issues for a discussion of how these changes may affect your configuration.

More News

SourceForge Logo

This site is hosted by the generous folks at SourceForge.net

Donations

Shorewall is free but if you try it and find it useful, please consider making a donation to Starlight Children's Foundation. Thanks!

Updated 3/21/2003 - Tom Eastep