mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-12 17:30:44 +01:00
13892d9f46
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@230 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
199 lines
10 KiB
HTML
199 lines
10 KiB
HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<html>
|
|
<head>
|
|
|
|
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
|
|
<title>Shoreline Firewall (Shorewall) 1.3</title>
|
|
|
|
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
|
|
|
|
<meta name="ProgId" content="FrontPage.Editor.Document">
|
|
|
|
|
|
<base target="_self">
|
|
<meta name="Microsoft Theme" content="none">
|
|
</head>
|
|
<body>
|
|
<table border="0" cellpadding="0" cellspacing="4" style="border-collapse: collapse" width="100%" id="AutoNumber3" bgcolor="#4B017C">
|
|
<tr>
|
|
<td width="100%">
|
|
<h1 align="center"> <font size="4"><i>
|
|
<a href="http://www.cityofshoreline.com">
|
|
<img border="0" src="images/washington.jpg" align="right" width="100" height="82"><img border="0" src="images/washington.jpg" align="left" width="100" height="82"></a></i></font><font color="#FFFFFF">Shorewall 1.3 - <font size="4">"<i>iptables made easy"</i></font></font></h1>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
|
|
<div align="center">
|
|
<center>
|
|
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber4">
|
|
<tr>
|
|
<td width="90%">
|
|
|
|
<h2 align="Left">What is it?</h2>
|
|
|
|
<p>The Shoreline Firewall, more commonly known as "Shorewall", is a
|
|
<a href="http://www.netfilter.org">Netfilter</a> (iptables) based firewall
|
|
that can be used on a dedicated firewall system, a multi-function
|
|
gateway/router/server or on a standalone GNU/Linux system.</p>
|
|
|
|
<p>This program is free software; you can redistribute it and/or modify it
|
|
under the terms of <a href="http://www.gnu.org/licenses/gpl.html">Version
|
|
2 of the GNU General Public License</a> as published by the Free Software
|
|
Foundation.<br>
|
|
<br>
|
|
This program is distributed in the hope that it will be useful, but
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
for more details.<br>
|
|
<br>
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software Foundation,
|
|
Inc., 675 Mass Ave, Cambridge, MA 02139, USA</p>
|
|
|
|
<p><a href="copyright.htm">Copyright 2001, 2002 Thomas M. Eastep</a></p>
|
|
|
|
|
|
<p> <a href="http://leaf.sourceforge.net" target="_top"><img border="0" src="images/leaflogo.gif" width="49" height="36"></a>Jacques
|
|
Nilo and Eric Wolzak have a LEAF distribution called <i>Bering</i> that
|
|
features Shorewall-1.3.3 and Kernel-2.4.18. You can find their work at:
|
|
<a href="http://leaf.sourceforge.net/devel/jnilo">
|
|
http://leaf.sourceforge.net/devel/jnilo</a></p>
|
|
|
|
|
|
<h2>News</h2>
|
|
|
|
<p><b>9/2/2002 - Shorewall 1.3.7c
|
|
<img border="0" src="images/new10.gif" width="28" height="12"> </b></p>
|
|
|
|
<p>This is a role up of a fix for "DNAT" rules where the source zone is $FW
|
|
(fw).</p>
|
|
|
|
<p><b>8/31/2002 - I'm not available
|
|
<img border="0" src="images/new10.gif" width="28" height="12"> </b></p>
|
|
|
|
<p>I'm currently on vacation -- please respect my need for a couple of
|
|
weeks free of Shorewall problem reports.</p>
|
|
|
|
<p>-Tom</p>
|
|
|
|
<p><b>8/26/2002 - Shorewall 1.3.7b</b></p>
|
|
|
|
<p>This is a role up of the "shorewall refresh" bug fix and the change which
|
|
reverses the order of "dhcp" and "norfc1918" checking.</p>
|
|
|
|
<p><b>8/26/2002 - French FTP Mirror is Operational</b></p>
|
|
|
|
<p><a target="_blank" href="ftp://france.shorewall.net/pub/mirrors/shorewall">ftp://france.shorewall.net/pub/mirrors/shorewall</a> is now available.</p>
|
|
|
|
<p><b>8/25/2002 - Shorewall Mirror in France </b></p>
|
|
|
|
<p>Thanks to a Shorewall user in Paris, the Shorewall web site is now mirrored
|
|
at <a target="_top" href="http://france.shorewall.net">http://france.shorewall.net</a>.</p>
|
|
|
|
<p><b>8/25/2002 - Shorewall 1.3.7a Debian Packages Available</b></p>
|
|
|
|
<p>Lorenzo Martignoni reports that the packages for version 1.3.7a are available at <a href="http://security.dsi.unimi.it/~lorenzo/debian.html">http://security.dsi.unimi.it/~lorenzo/debian.html</a>.</p>
|
|
|
|
<p><b>8/22/2002 - Shorewall 1.3.7 Wins a Brown Paper Bag Award for its Author
|
|
-- Shorewall 1.3.7a released
|
|
<img border="0" src="images/j0233056.gif" width="50" height="80" align="middle"></b></p>
|
|
|
|
<p>1.3.7a corrects problems occurring in rules file processing when starting Shorewall
|
|
1.3.7.</p>
|
|
|
|
<p><b>8/22/2002 - Shorewall 1.3.7 Released</b></p>
|
|
|
|
<p>Features in this release include:</p>
|
|
|
|
<ul>
|
|
<li>The 'icmp.def' file is now empty! The rules in that file were
|
|
required in ipchains firewalls but are not required in Shorewall. Users
|
|
who have ALLOWRELATED=No in <a href="Documentation.htm#Conf">
|
|
shorewall.conf</a> should see the <a href="errata.htm#Upgrade">Upgrade
|
|
Issues</a>.</li>
|
|
<li>A 'FORWARDPING' option has been added to
|
|
<a href="Documentation.htm#Conf">shorewall.conf</a>. The effect of
|
|
setting this variable to Yes is the same as the effect of adding an
|
|
ACCEPT rule for ICMP echo-request in
|
|
<a href="shorewall_extension_scripts.htm">/etc/shorewall/icmpdef</a>.
|
|
Users who have such a rule in icmpdef are encouraged to switch to
|
|
FORWARDPING=Yes.</li>
|
|
<li>The loopback CLASS A Network (127.0.0.0/8) has been added to the
|
|
rfc1918 file.</li>
|
|
<li>Shorewall now works with iptables 1.2.7.</li>
|
|
<li>The documentation and Web site no longer use FrontPage themes.</li>
|
|
</ul>
|
|
|
|
<p>I would like to thank John Distler for his valuable input regarding TCP SYN
|
|
and ICMP treatment in Shorewall. That input has led to marked improvement in
|
|
Shorewall in the last two releases.</p>
|
|
|
|
<p><b>8/13/2002 - Documentation in the <a target="_top" href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">
|
|
CVS Repository</a></b></p>
|
|
|
|
<p>The Shorewall-docs project now contains just the HTML and image files - the
|
|
Frontpage files have been removed.</p>
|
|
|
|
<p><b>8/7/2002 - <i>STABLE</i></b> <b>branch added to <a target="_top" href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">
|
|
CVS Repository</a></b></p>
|
|
|
|
<p>This branch will only be updated after I release a new version of Shorewall
|
|
so you can always update from this branch to get the latest stable tree.</p>
|
|
|
|
<p><b>8/7/2002 - <a href="errata.htm#Upgrade">Upgrade Issues</a> section added
|
|
to the <a href="errata.htm">Errata Page</a></b></p>
|
|
|
|
<p>Now there is one place to go to look for issues involved with upgrading to
|
|
recent versions of Shorewall.</p>
|
|
|
|
<p><b>8/7/2002 - Shorewall 1.3.6</b></p>
|
|
|
|
<p>This is primarily a bug-fix rollup with a couple of new features:</p>
|
|
|
|
<ul>
|
|
<li>The latest <a href="shorewall_quickstart_guide.htm">QuickStart Guides </a>
|
|
including the <a href="shorewall_setup_guide.htm">Shorewall Setup Guide.</a></li>
|
|
<li>Shorewall will now DROP TCP packets that are not part of or related to an
|
|
existing connection and that are not SYN packets. These "New not SYN" packets
|
|
may be optionally logged by setting the LOGNEWNOTSYN option in <a href="Documentation.htm#Conf">
|
|
/etc/shorewall/shorewall.conf</a>.</li>
|
|
<li>The processing of "New not SYN" packets may be extended by commands in
|
|
the new <a href="shorewall_extension_scripts.htm">newnotsyn extension script</a>.</li>
|
|
</ul>
|
|
|
|
|
|
<p><a href="News.htm">More News</a></p>
|
|
|
|
|
|
<h2><a name="Donations"></a>Donations</h2>
|
|
|
|
</td>
|
|
<td width="88" bgcolor="#4B017C" valign="top" align="center">
|
|
<a href="http://sourceforge.net">M</a></td>
|
|
</tr>
|
|
</table>
|
|
</center>
|
|
</div>
|
|
|
|
<table border="0" cellpadding="5" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber2" bgcolor="#4B017C">
|
|
<tr>
|
|
<td width="100%" style="margin-top: 1">
|
|
<p align="center"><a href="http://www.starlight.org">
|
|
<img border="4" src="images/newlog.gif" width="57" height="100" align="left" hspace="10"><img border="4" src="images/newlog.gif" width="57" height="100" align="right" hspace="10"></a></p>
|
|
<p align="center"><font size="4" color="#FFFFFF">Shorewall is free but if
|
|
you try it and find it useful, please consider making a donation to
|
|
<a href="http://www.starlight.org"><font color="#FFFFFF">Starlight Children's Foundation.</font></a> Thanks!</font></td>
|
|
</tr>
|
|
</table>
|
|
|
|
<p><font size="2">Updated
|
|
8/31/2002 - <a href="support.htm">Tom Eastep</a>
|
|
</font>
|
|
|
|
|
|
</p>
|
|
|
|
|
|
</body>
|
|
</html> |