<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
 
  <meta http-equiv="Content-Language" content="en-us">
 
  <meta http-equiv="Content-Type"
 content="text/html; charset=windows-1252">
 
  <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 
  <meta name="ProgId" content="FrontPage.Editor.Document">
  <title>Shorewall Errata for Version 1</title>
</head>
  <body>
  
<table border="0" cellpadding="0" cellspacing="0"
 style="border-collapse: collapse;" bordercolor="#111111" width="100%"
 id="AutoNumber1" bgcolor="#3366ff" height="90">
   <tbody>
    <tr>
     <td width="100%">     
      <h1 align="center"><font color="#ffffff">Shorewall Errata for Version
1.1</font></h1>
     </td>
   </tr>
 
  </tbody>
</table>
        
<h3 align="left"><font color="#660066"><u>To those of you who downloaded
the 1.1.13 updated firewall script prior to Sept 20, 2001:</u></font></h3>
        
<blockquote>          
  <p align="left">Prior to 20:00 20 Sept 2001 GMT, the link under 1.1.13
pointed to   a broken version of the firewall script. This has now been corrected.
I apologize for any confusion this may have caused.</p>
    </blockquote>
            
<h3 align="left">Version 1.1.18</h3>
   
<blockquote>            
  <p align="left">In the original .lrp, /etc/init.d/shorewall was not   
       secured for execute access. I have replaced the incorrect .lrp   
       (shorwall-1.1.18.lrp) with a corrected one (shorwall-1.1.18a.lrp).</p>
   </blockquote>
            
<h3 align="left"><font color="#660066">  Version 1.1.17</font></h3>
            
<blockquote>              
  <p align="left">In             shorewall.conf, ADD_IP_ALIASES was incorrectly
spelled             IP_ADD_ALIASAES. There is a corrected version of the
file <a
 href="ftp://ftp.shorewall.net/pub/shorewall/errata/1.1.17/shorewall.conf">here.</a></p>
              
  <p align="left">This             problem is also corrected in version 1.1.18.</p>
      </blockquote>
              
<h3 align="left"><font color="#660066">  Version 1.1.16</font></h3>
              
<blockquote>               
  <p align="left">  The ADD_IP_ALIASES variable added in 1.1.16 was incorrectly
  spelled IP_ADD_ALIASES in the firewall script. To correct this problem,
  install the <a
 href="ftp://ftp.shorewall.net/pub/shorewall/errata/1.1.16/firewall">  corrected
  firewall script</a>   in the location pointed to by the symbolic link 
 /etc/shorewall/firewall.</p>
                
  <p align="left">  This problem is also corrected in version 1.1.17.</p>
      </blockquote>
                
<h3 align="left"><font color="#660066">  Version 1.1.14-1.1.15</font></h3>
                
<blockquote>                 
  <p align="left">  There are no corrections for these versions.</p>
      </blockquote>
                  
<h3 align="left"><font color="#660066">  Version 1.1.13</font></h3>
                  
<blockquote>                   
  <p align="left">  The firewall fails to start if a rule with the following
  format is given:</p>
                    
  <p align="left">  &lt;disposition&gt;���   z1:www.xxx.yyy.zzz��� z2���
  proto��� p1,p2,p3</p>
                    
  <p align="left">  To correct this problem, install <a
 href="ftp://ftp.shorewall.net/pub/shorewall/errata/1.1.13/firewall">  this
  corrected firewall script</a>   in the location pointed to by the symbolic
link   /etc/shorewall/firewall.�</p>
      </blockquote>
                    
<h3 align="left"><font color="#660066">  Version 1.1.12</font></h3>
                    
<blockquote>                     
  <p align="left">  The LRP version of Shorewall 1.1.12 has the incorrect
  /etc/shorewall/functions file. This incorrect file results in many error
  messages of the form:</p>
                      
  <blockquote>                       
    <p align="left">  separate_list: not found</p>
                     </blockquote>
                        
  <p align="left"><a
 href="ftp://ftp.shorewall.net/pub/shorewall/errata/1.1.12/functions">  The
  correct file may be obtained here</a>  . This problem is also corrected
in version 1.1.13.</p>
      </blockquote>
                        
<h3 align="left"><font color="#660066">  Version 1.1.11</font></h3>
                        
<blockquote>                         
  <p align="left">  There are no known problems with this version.</p>
      </blockquote>
                          
<h3 align="left"><font color="#660066">  Version 1.1.10</font></h3>
                          
<blockquote>                           
  <p align="left">  If the following conditions were met:<br>
                           </p>
                            
  <ol>
                              <li>                               
      <p align="left">  A LAN segment attached to the firewall was served
by a         DHCP server running on the firewall.</p>
                              </li>
                              <li>                               
      <p align="left">  There were entries in /etc/shorewall/hosts that referred
        to the interface to that LAN segment.</p>
                              </li>
                            
  </ol>
                            
  <p align="left">  then up until now it has been necessary to include entries
    for 0.0.0.0 and 255.255.255.255 for that interface in /etc/shorewall/hosts.
  <a href="ftp://ftp.shorewall.net/pub/shorewall/errata/1.1.10/firewall"> 
 This     version of the firewall script</a>   makes those additions unnecessary
    provided that you simply include "dhcp" in the options for the     interface
in /etc/shorewall/interfaces. Install the script into     the location pointed
to by the symbolic link /etc/shorewall/firewall.</p>
                            
  <p align="left">  This problem has also been corrected in version 1.1.11.</p>
   </blockquote>
                            
<h3 align="left"><font color="#660066">  Version 1.1.9</font></h3>
  
<ul>
   <li>The shorewall "hits" command lists extraneous     service names in
the final report. <a
 href="ftp://ftp.shorewall.net/pub/shorewall/errata/1.1.9/shorewall">  This
    version of the shorewall script</a>   corrects this problem.<br>
     </li>
 
</ul>
                             
<h3 align="left">Version 1.1.8</h3>
  
<ul>
   <li>Under some circumstances, the "dhcp" option on an     interface triggers 
a bug in the firewall script that results in a     "chain already exists" 
error. <a
 href="ftp://ftp.shorewall.net/pub/shorewall/errata/1.1.8/firewall">  This
    version of the firewall script</a>    corrects this problem. Install
it into     the location pointed to by the symbolic link /etc/shorewall/firewall.<br>
                                 <br>
       This problem is also corrected in version 1.1.9.<br>
     </li>
 
</ul>
                             
<h3 align="left">Version 1.1.7</h3>
  
<ul>
   <li>If the /etc/shorewall/rules template from version 1.1.7 is     used,
a warning message appears during firewall startup:<br>
                                 <br>
       ��� Warning: Invalid Target - rule "@ icmp-unreachable     packet." 
ignored<br>
                                 <br>
       This warning may be eliminated by replacing the "@" in column 1 of 
    line 17 with "#"</li>
 
</ul>
                            
<blockquote>                             
  <p align="left">  This problem is also corrected in version 1.1.8</p>
                              </blockquote>
  
<p align="left"><font size="2">  Last updated 12/21/2001 - </font><font
 size="2">  <a href="support.htm">Tom Eastep</a></font> </p>
  
<p align="left"><a href="copyright.htm"> <font size="2">Copyright</font>
� <font size="2">2001, 2002 Thomas M. Eastep.</font></a></p>
  <br>
</body>
</html>