shorewall_code/STABLE/documentation/seattlefirewall_index.htm
2002-09-02 19:56:07 +00:00

199 lines
10 KiB
HTML

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Shoreline Firewall (Shorewall) 1.3</title>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<base target="_self">
<meta name="Microsoft Theme" content="none">
</head>
<body>
<table border="0" cellpadding="0" cellspacing="4" style="border-collapse: collapse" width="100%" id="AutoNumber3" bgcolor="#4B017C">
<tr>
<td width="100%">
<h1 align="center"> <font size="4"><i>
<a href="http://www.cityofshoreline.com">
<img border="0" src="images/washington.jpg" align="right" width="100" height="82"><img border="0" src="images/washington.jpg" align="left" width="100" height="82"></a></i></font><font color="#FFFFFF">Shorewall 1.3 - <font size="4">&quot;<i>iptables made easy&quot;</i></font></font></h1>
</td>
</tr>
</table>
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber4">
<tr>
<td width="90%">
<h2 align="Left">What is it?</h2>
<p>The Shoreline Firewall, more commonly known as &quot;Shorewall&quot;,&nbsp; is a
<a href="http://www.netfilter.org">Netfilter</a> (iptables) based firewall
that can be used on a dedicated firewall system, a multi-function
gateway/router/server or on a standalone GNU/Linux system.</p>
<p>This program is free software; you can redistribute it and/or modify it
under the terms of <a href="http://www.gnu.org/licenses/gpl.html">Version
2 of the GNU General Public License</a> as published by the Free Software
Foundation.<br>
<br>
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.<br>
<br>
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software Foundation,
Inc., 675 Mass Ave, Cambridge, MA 02139, USA</p>
<p><a href="copyright.htm">Copyright 2001, 2002 Thomas M. Eastep</a></p>
<p>&nbsp;<a href="http://leaf.sourceforge.net" target="_top"><img border="0" src="images/leaflogo.gif" width="49" height="36"></a>Jacques
Nilo and Eric Wolzak have a LEAF distribution called <i>Bering</i> that
features Shorewall-1.3.3 and Kernel-2.4.18. You can find their work at:
<a href="http://leaf.sourceforge.net/devel/jnilo">
http://leaf.sourceforge.net/devel/jnilo</a></p>
<h2>News</h2>
<p><b>9/2/2002 - Shorewall 1.3.7c
<img border="0" src="images/new10.gif" width="28" height="12"> </b></p>
<p>This is a role up of a fix for &quot;DNAT&quot; rules where the source zone is $FW
(fw).</p>
<p><b>8/31/2002 - I'm not available
<img border="0" src="images/new10.gif" width="28" height="12"> </b></p>
<p>I'm currently on vacation&nbsp; -- please respect my need for a couple of
weeks free of Shorewall problem reports.</p>
<p>-Tom</p>
<p><b>8/26/2002 - Shorewall 1.3.7b</b></p>
<p>This is a role up of the &quot;shorewall refresh&quot; bug fix and the change which
reverses the order of &quot;dhcp&quot; and &quot;norfc1918&quot; checking.</p>
<p><b>8/26/2002 - French FTP Mirror is Operational</b></p>
<p><a target="_blank" href="ftp://france.shorewall.net/pub/mirrors/shorewall">ftp://france.shorewall.net/pub/mirrors/shorewall</a> is now available.</p>
<p><b>8/25/2002 - Shorewall Mirror in France </b></p>
<p>Thanks to a Shorewall user in Paris, the Shorewall web site is now mirrored
at <a target="_top" href="http://france.shorewall.net">http://france.shorewall.net</a>.</p>
<p><b>8/25/2002 - Shorewall 1.3.7a Debian Packages Available</b></p>
<p>Lorenzo Martignoni reports that the packages for version 1.3.7a are available at <a href="http://security.dsi.unimi.it/~lorenzo/debian.html">http://security.dsi.unimi.it/~lorenzo/debian.html</a>.</p>
<p><b>8/22/2002 - Shorewall 1.3.7 Wins a Brown Paper Bag Award for its Author
-- Shorewall 1.3.7a released
<img border="0" src="images/j0233056.gif" width="50" height="80" align="middle"></b></p>
<p>1.3.7a corrects problems occurring in rules file processing when starting Shorewall
1.3.7.</p>
<p><b>8/22/2002 - Shorewall 1.3.7 Released</b></p>
<p>Features in this release include:</p>
<ul>
<li>The 'icmp.def' file is now empty! The rules in that file were
required in ipchains firewalls but are not required in Shorewall. Users
who have ALLOWRELATED=No in <a href="Documentation.htm#Conf">
shorewall.conf</a> should see the <a href="errata.htm#Upgrade">Upgrade
Issues</a>.</li>
<li>A 'FORWARDPING' option has been added to
<a href="Documentation.htm#Conf">shorewall.conf</a>. The effect of
setting this variable to Yes is the same as the effect of adding an
ACCEPT rule for ICMP echo-request in
<a href="shorewall_extension_scripts.htm">/etc/shorewall/icmpdef</a>.
Users who have such a rule in icmpdef are encouraged to switch to
FORWARDPING=Yes.</li>
<li>The loopback CLASS A Network (127.0.0.0/8) has been added to the
rfc1918 file.</li>
<li>Shorewall now works with iptables 1.2.7.</li>
<li>The documentation and Web site no longer use FrontPage themes.</li>
</ul>
<p>I would like to thank John Distler for his valuable input regarding TCP SYN
and ICMP treatment in Shorewall. That input has led to marked improvement in
Shorewall in the last two releases.</p>
<p><b>8/13/2002 - Documentation in the <a target="_top" href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">
CVS Repository</a></b></p>
<p>The Shorewall-docs project now contains just the HTML and image files - the
Frontpage files have been removed.</p>
<p><b>8/7/2002 - <i>STABLE</i></b> <b>branch added to <a target="_top" href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">
CVS Repository</a></b></p>
<p>This branch will only be updated after I release a new version of Shorewall
so you can always update from this branch to get the latest stable tree.</p>
<p><b>8/7/2002 - <a href="errata.htm#Upgrade">Upgrade Issues</a> section added
to the <a href="errata.htm">Errata Page</a></b></p>
<p>Now there is one place to go to look for issues involved with upgrading to
recent versions of Shorewall.</p>
<p><b>8/7/2002 - Shorewall 1.3.6</b></p>
<p>This is primarily a bug-fix rollup with a couple of new features:</p>
<ul>
<li>The latest <a href="shorewall_quickstart_guide.htm">QuickStart Guides </a>
including the <a href="shorewall_setup_guide.htm">Shorewall Setup Guide.</a></li>
<li>Shorewall will now DROP TCP packets that are not part of or related to an
existing connection and that are not SYN packets. These &quot;New not SYN&quot; packets
may be optionally logged by setting the LOGNEWNOTSYN option in <a href="Documentation.htm#Conf">
/etc/shorewall/shorewall.conf</a>.</li>
<li>The processing of &quot;New not SYN&quot; packets may be extended by commands in
the new <a href="shorewall_extension_scripts.htm">newnotsyn extension script</a>.</li>
</ul>
<p><a href="News.htm">More News</a></p>
<h2><a name="Donations"></a>Donations</h2>
</td>
<td width="88" bgcolor="#4B017C" valign="top" align="center">
<a href="http://sourceforge.net">M</a></td>
</tr>
</table>
</center>
</div>
<table border="0" cellpadding="5" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber2" bgcolor="#4B017C">
<tr>
<td width="100%" style="margin-top: 1">
<p align="center"><a href="http://www.starlight.org">
<img border="4" src="images/newlog.gif" width="57" height="100" align="left" hspace="10"><img border="4" src="images/newlog.gif" width="57" height="100" align="right" hspace="10"></a></p>
<p align="center"><font size="4" color="#FFFFFF">Shorewall is free but if
you try it and find it useful, please consider making a donation to
<a href="http://www.starlight.org"><font color="#FFFFFF">Starlight Children's Foundation.</font></a> Thanks!</font></td>
</tr>
</table>
<p><font size="2">Updated
8/31/2002 - <a href="support.htm">Tom Eastep</a>
</font>
</p>
</body>
</html>