mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-28 09:08:48 +01:00
7b8ddbea8e
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@323 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
406 lines
23 KiB
HTML
406 lines
23 KiB
HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||
<html>
|
||
<head>
|
||
|
||
|
||
|
||
<meta http-equiv="Content-Type"
|
||
content="text/html; charset=windows-1252">
|
||
<title>Shoreline Firewall (Shorewall) 1.3</title>
|
||
|
||
|
||
<base target="_self">
|
||
</head>
|
||
<body>
|
||
|
||
|
||
<table border="0" cellpadding="0" cellspacing="4"
|
||
style="border-collapse: collapse;" width="100%" id="AutoNumber3"
|
||
bgcolor="#4b017c">
|
||
<tbody>
|
||
<tr>
|
||
<td width="100%"
|
||
height="90">
|
||
|
||
|
||
|
||
|
||
<h1 align="center"> <font size="4"><i> <a
|
||
href="http://www.cityofshoreline.com"> <img vspace="4" hspace="4"
|
||
alt="Shorwall Logo" height="70" width="85" align="left"
|
||
src="images/washington.jpg" border="0">
|
||
</a></i></font><font
|
||
color="#ffffff">Shorewall 1.3 - <font size="4">"<i>iptables
|
||
made easy"</i></font></font></h1>
|
||
|
||
|
||
|
||
|
||
<div align="center"><a href="1.2" target="_top"><font
|
||
color="#ffffff">Shorewall 1.2 Site here</font></a><br>
|
||
</div>
|
||
<br>
|
||
</td>
|
||
</tr>
|
||
|
||
|
||
|
||
</tbody>
|
||
</table>
|
||
|
||
|
||
<div align="center">
|
||
<center>
|
||
<table border="0" cellpadding="0" cellspacing="0"
|
||
style="border-collapse: collapse;" width="100%" id="AutoNumber4">
|
||
<tbody>
|
||
<tr>
|
||
<td width="90%">
|
||
|
||
|
||
|
||
|
||
|
||
<h2 align="left">What is it?</h2>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<p>The Shoreline Firewall, more commonly known as "Shorewall", is a
|
||
<a href="http://www.netfilter.org">Netfilter</a> (iptables) based firewall
|
||
that can be used on a dedicated firewall system, a multi-function
|
||
gateway/router/server or on a standalone GNU/Linux system.</p>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<p>This program is free software; you can redistribute it and/or modify
|
||
it under the terms of <a
|
||
href="http://www.gnu.org/licenses/gpl.html">Version 2 of the GNU General
|
||
Public License</a> as published by the Free Software Foundation.<br>
|
||
<br>
|
||
This program is distributed
|
||
in the hope that it will be useful, but WITHOUT ANY
|
||
WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
|
||
Public License for more details.<br>
|
||
<br>
|
||
You should have received
|
||
a copy of the GNU General Public License along
|
||
with this program; if not, write to the Free Software Foundation,
|
||
Inc., 675 Mass Ave, Cambridge, MA 02139, USA</p>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<p><a href="copyright.htm">Copyright 2001, 2002 Thomas M. Eastep</a></p>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<p> <a href="http://leaf.sourceforge.net" target="_top"><img
|
||
border="0" src="images/leaflogo.gif" width="49" height="36">
|
||
</a>Jacques Nilo
|
||
and Eric Wolzak have a LEAF (router/firewall/gateway on a floppy,
|
||
CD or compact flash) distribution called <i>Bering</i> that
|
||
features Shorewall-1.3.9b and Kernel-2.4.18. You can find
|
||
their work at: <a
|
||
href="http://leaf.sourceforge.net/devel/jnilo"> http://leaf.sourceforge.net/devel/jnilo</a></p>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<h2>Thinking of Downloading this Site for Offline Browsing?</h2>
|
||
You may want to reconsider -- this site is <u><b>181 MB!!!</b></u>
|
||
and you will almost certainly be blacklisted before you download the
|
||
whole thing (my SDSL is only 384kbs so I'll have lots of time to catch
|
||
you). Besides, if you simply download the product and install it, you get
|
||
the essential parts of the site in a fraction of the time. And do you really
|
||
want to download:<br>
|
||
|
||
|
||
<ul>
|
||
<li>Both text and HTML versions of every post ever made on three
|
||
different mailing lists (67.5 MB)?</li>
|
||
<li>Every .rpm, .tgz and .lrp ever released for both Shorewall (92MB)?</li>
|
||
<li>The Shorewall 1.2 site (16.2MB).<br>
|
||
</li>
|
||
</ul>
|
||
You get all that and more if you do a blind recurive copy of this
|
||
site. Happy downloading!<br>
|
||
|
||
|
||
<h2>News</h2>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<h2></h2>
|
||
|
||
|
||
|
||
<p><b>11/09/2002 - Shorewall is Back at SourceForge</b><b> </b><b><img
|
||
border="0" src="images/new10.gif" width="28" height="12" alt="(New)">
|
||
</b></p>
|
||
|
||
<p>The Shorewall 1.3 web site is now mirrored at SourceForge on <a
|
||
href="http://shorewall.sf.net" target="_top">http://shorewall.sf.net</a>.<br>
|
||
</p>
|
||
<p><b>11/09/2002 - Shorewall 1.3.10</b><b> </b><b><img border="0"
|
||
src="images/new10.gif" width="28" height="12" alt="(New)">
|
||
</b></p>
|
||
|
||
<p>In this version:</p>
|
||
|
||
<ul>
|
||
<li>You may now <a href="IPSEC.htm#Dynamic">define the contents
|
||
of a zone dynamically</a> with the <a
|
||
href="starting_and_stopping_shorewall.htm">"shorewall add" and "shorewall
|
||
delete" commands</a>. These commands are expected to be used primarily
|
||
within <a href="http://www.xs4all.nl/%7Efreeswan/">FreeS/Wan</a>
|
||
updown scripts.</li>
|
||
<li>Shorewall can now do<a href="MAC_Validation.html"> MAC verification</a>
|
||
on ethernet segments. You can specify the set of allowed MAC addresses
|
||
on the segment and you can optionally tie each MAC address to one or more
|
||
IP addresses.</li>
|
||
<li>PPTP Servers and Clients running on the firewall system may
|
||
now be defined in the<a href="PPTP.htm"> /etc/shorewall/tunnels</a> file.</li>
|
||
<li>A new 'ipsecnat' tunnel type is supported for use when the
|
||
<a href="IPSEC.htm">remote IPSEC endpoint is behind a NAT gateway</a>.</li>
|
||
<li>The PATH used by Shorewall may now be specified in <a
|
||
href="Documentation.htm#Conf">/etc/shorewall/shorewall.conf.</a></li>
|
||
<li>The main firewall script is now /usr/lib/shorewall/firewall.
|
||
The script in /etc/init.d/shorewall is very small and uses /sbin/shorewall
|
||
to do the real work. This change makes custom distributions such as for
|
||
Debian and for Gentoo easier to manage since it is /etc/init.d/shorewall
|
||
that tends to have distribution-dependent code.</li>
|
||
|
||
</ul>
|
||
If you have installed the 1.3.10 Beta 1 RPM and are now upgrading to version
|
||
1.3.10, you will need to use the '--force' option:<br>
|
||
|
||
<blockquote>
|
||
<pre>rpm -Uvh --force shorewall-1.3.10-1.noarch.rpm</pre>
|
||
</blockquote>
|
||
|
||
<p><b>10/24/2002 - Shorewall is now in Gentoo Linux</b><a
|
||
href="http://www.gentoo.org"><br>
|
||
</a></p>
|
||
Alexandru Hartmann reports that his Shorewall package is now a part
|
||
of <a href="http://www.gentoo.org">the Gentoo Linux distribution</a>.
|
||
Thanks Alex!<br>
|
||
|
||
<p><b>10/23/2002 - Shorewall 1.3.10 Beta 1</b><b> </b></p>
|
||
In this version:<br>
|
||
|
||
|
||
<ul>
|
||
<li>You may now <a href="IPSEC.htm#Dynamic">define the
|
||
contents of a zone dynamically</a> with the <a
|
||
href="starting_and_stopping_shorewall.htm">"shorewall add" and "shorewall
|
||
delete" commands</a>. These commands are expected to be used primarily
|
||
within <a href="http://www.xs4all.nl/%7Efreeswan/">FreeS/Wan</a>
|
||
updown scripts.</li>
|
||
<li>Shorewall can now do<a href="MAC_Validation.html">
|
||
MAC verification</a> on ethernet segments. You can specify the set of
|
||
allowed MAC addresses on the segment and you can optionally tie each MAC
|
||
address to one or more IP addresses.</li>
|
||
<li>PPTP Servers and Clients running on the firewall system
|
||
may now be defined in the<a href="PPTP.htm"> /etc/shorewall/tunnels</a>
|
||
file.</li>
|
||
<li>A new 'ipsecnat' tunnel type is supported for use
|
||
when the <a href="IPSEC.htm">remote IPSEC endpoint is behind
|
||
a NAT gateway</a>.</li>
|
||
<li>The PATH used by Shorewall may now be specified in
|
||
<a href="Documentation.htm#Conf">/etc/shorewall/shorewall.conf.</a></li>
|
||
<li>The main firewall script is now /usr/lib/shorewall/firewall.
|
||
The script in /etc/init.d/shorewall is very small and uses /sbin/shorewall
|
||
to do the real work. This change makes custom distributions such as for
|
||
Debian and for Gentoo easier to manage since it is /etc/init.d/shorewall
|
||
that tends to have distribution-dependent code.</li>
|
||
|
||
|
||
</ul>
|
||
You may download the Beta from:<br>
|
||
|
||
|
||
<ul>
|
||
<li><a
|
||
href="http://www.shorewall.net/pub/shorewall/Beta">http://www.shorewall.net/pub/shorewall/Beta</a></li>
|
||
<li><a
|
||
href="ftp://ftp.shorewall.net/pub/shorewall/Beta" target="_top">ftp://ftp.shorewall.net/pub/shorewall/Beta</a><br>
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
|
||
<p><b>10/10/2002 - <20>Debian 1.3.9b Packages Available<6C></b><b>
|
||
</b><br>
|
||
</p>
|
||
|
||
|
||
|
||
<p>Apt-get sources listed at <a
|
||
href="http://security.dsi.unimi.it/%7Elorenzo/debian.html">http://security.dsi.unimi.it/~lorenzo/debian.html.</a></p>
|
||
|
||
|
||
<p><b>10/9/2002 - Shorewall 1.3.9b<EFBFBD></b><b><img border="0"
|
||
src="images/new10.gif" width="28" height="12" alt="(New)">
|
||
</b></p>
|
||
This release rolls up fixes to the installer and to the
|
||
firewall script.<br>
|
||
<b><br>
|
||
10/6/2002 - Shorewall.net now running on RH8.0 </b><b><img
|
||
border="0" src="images/new10.gif" width="28" height="12" alt="(New)">
|
||
</b><br>
|
||
<br>
|
||
The firewall and server here at shorewall.net are now
|
||
running RedHat release 8.0.<br>
|
||
|
||
|
||
|
||
<p><b>9/30/2002 - Shorewall 1.3.9a</b><b>
|
||
</b></p>
|
||
Roles up the fix for broken tunnels.<br>
|
||
|
||
|
||
|
||
<p><b>9/30/2002 - TUNNELS Broken in 1.3.9!!!</b><b>
|
||
</b></p>
|
||
<img src="images/j0233056.gif"
|
||
alt="Brown Paper Bag" width="50" height="86" align="left">
|
||
There is an updated firewall script at <a
|
||
href="ftp://www.shorewall.net/pub/shorewall/errata/1.3.9/firewall"
|
||
target="_top">ftp://www.shorewall.net/pub/shorewall/errata/1.3.9/firewall</a>
|
||
-- copy that file to /usr/lib/shorewall/firewall.<br>
|
||
|
||
|
||
|
||
<p><b><br>
|
||
</b></p>
|
||
|
||
|
||
|
||
<p><b><br>
|
||
</b></p>
|
||
|
||
|
||
|
||
<p><b><br>
|
||
9/28/2002 - Shorewall 1.3.9<EFBFBD></b><b>
|
||
</b></p>
|
||
|
||
|
||
|
||
|
||
<p>In this version:<br>
|
||
</p>
|
||
|
||
|
||
|
||
|
||
<ul>
|
||
<li><a
|
||
href="configuration_file_basics.htm#dnsnames">DNS Names</a> are now
|
||
allowed in Shorewall config files (although I recommend against
|
||
using them).</li>
|
||
<li>The connection SOURCE may now be
|
||
qualified by both interface and IP address in a <a
|
||
href="Documentation.htm#Rules">Shorewall rule</a>.</li>
|
||
<li>Shorewall startup is now disabled
|
||
after initial installation until the file /etc/shorewall/startup_disabled
|
||
is removed. This avoids nasty surprises at reboot for users who
|
||
install Shorewall but don't configure it.</li>
|
||
<li>The 'functions' and 'version' files
|
||
and the 'firewall' symbolic link have been moved from /var/lib/shorewall
|
||
to /usr/lib/shorewall to appease the LFS police at Debian.<br>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
</ul>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<p><a href="News.htm">More News</a></p>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<h2><a name="Donations"></a>Donations</h2>
|
||
|
||
</td>
|
||
<td width="88"
|
||
bgcolor="#4b017c" valign="top" align="center"> <a
|
||
href="http://sourceforge.net">M</a></td>
|
||
</tr>
|
||
|
||
|
||
|
||
</tbody>
|
||
</table>
|
||
</center>
|
||
</div>
|
||
|
||
|
||
<table border="0" cellpadding="5" cellspacing="0"
|
||
style="border-collapse: collapse;" width="100%" id="AutoNumber2"
|
||
bgcolor="#4b017c">
|
||
<tbody>
|
||
<tr>
|
||
<td width="100%"
|
||
style="margin-top: 1px;">
|
||
|
||
|
||
|
||
|
||
<p align="center"><a href="http://www.starlight.org"> <img
|
||
border="4" src="images/newlog.gif" width="57" height="100" align="left"
|
||
hspace="10">
|
||
<20> </a></p>
|
||
|
||
|
||
|
||
|
||
|
||
<p align="center"><font size="4" color="#ffffff">Shorewall is free but
|
||
if you try it and find it useful, please consider making a donation
|
||
to <a href="http://www.starlight.org"><font
|
||
color="#ffffff">Starlight Children's Foundation.</font></a> Thanks!</font></p>
|
||
</td>
|
||
</tr>
|
||
|
||
|
||
|
||
</tbody>
|
||
</table>
|
||
|
||
|
||
<p><font size="2">Updated 11/9/2002 - <a href="support.htm">Tom Eastep</a></font>
|
||
|
||
<br>
|
||
</p>
|
||
<br>
|
||
</body>
|
||
</html>
|