2002-08-07 16:28:04 +02:00
|
|
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
|
|
|
|
<html>
|
|
|
|
|
|
<head>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
|
2002-09-16 19:02:45 +02:00
|
|
|
|
<meta http-equiv="Content-Type"
|
|
|
|
|
|
content="text/html; charset=windows-1252">
|
2003-03-18 16:16:33 +01:00
|
|
|
|
<title>Shoreline Firewall (Shorewall) 1.4</title>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-06-23 22:24:51 +02:00
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<base target="_self">
|
2002-08-07 16:28:04 +02:00
|
|
|
|
</head>
|
2002-09-16 19:02:45 +02:00
|
|
|
|
<body>
|
2003-07-22 00:06:18 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
<table cellpadding="0" cellspacing="4"
|
2002-09-16 19:02:45 +02:00
|
|
|
|
style="border-collapse: collapse;" width="100%" id="AutoNumber3"
|
2003-07-22 00:06:18 +02:00
|
|
|
|
bgcolor="#3366ff">
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<tbody>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<tr>
|
2003-07-22 00:06:18 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<td width="33%" height="90"
|
|
|
|
|
|
valign="middle" align="center"><a href="http://www.cityofshoreline.com">
|
|
|
|
|
|
</a>
|
|
|
|
|
|
<div align="center">
|
2003-07-22 00:06:18 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<img
|
|
|
|
|
|
src="images/Logo1.png" alt="(Shorewall Logo)" width="430" height="90"
|
|
|
|
|
|
align="middle">
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</td>
|
2003-07-22 00:06:18 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
</tr>
|
2003-07-22 00:06:18 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
</tbody>
|
2002-09-16 19:02:45 +02:00
|
|
|
|
</table>
|
2003-07-22 00:06:18 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
<div align="center">
|
2003-07-22 00:06:18 +02:00
|
|
|
|
<div align="center"> </div>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
<center>
|
2003-07-22 00:06:18 +02:00
|
|
|
|
<div align="center"> </div>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
2002-09-16 19:02:45 +02:00
|
|
|
|
<table border="0" cellpadding="0" cellspacing="0"
|
|
|
|
|
|
style="border-collapse: collapse;" width="100%" id="AutoNumber4">
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<tbody>
|
2003-07-22 00:06:18 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<tr>
|
2003-05-28 21:20:23 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<td width="90%">
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
<div align="center">
|
2003-05-21 01:21:38 +02:00
|
|
|
|
|
2003-05-28 21:20:23 +02:00
|
|
|
|
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
|
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
<div align="left">
|
|
|
|
|
|
<h2>What is it?</h2>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
2003-05-21 01:21:38 +02:00
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
|
|
|
|
|
|
|
2003-05-28 21:20:23 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
<p>The Shoreline Firewall, more commonly known as "Shorewall", is a
|
|
|
|
|
|
<a href="http://www.netfilter.org">Netfilter</a> (iptables) based firewall
|
|
|
|
|
|
that can be used on a dedicated firewall system, a multi-function
|
|
|
|
|
|
gateway/router/server or on a standalone GNU/Linux system.</p>
|
2003-07-22 00:06:18 +02:00
|
|
|
|
|
2003-07-23 16:25:05 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
|
2003-05-28 21:20:23 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
<p>This program is free software; you can redistribute it and/or modify
|
|
|
|
|
|
|
|
|
|
|
|
it under the terms of <a
|
|
|
|
|
|
href="http://www.gnu.org/licenses/gpl.html">Version 2 of the GNU
|
|
|
|
|
|
General Public License</a> as published by the Free Software
|
|
|
|
|
|
Foundation.<br>
|
|
|
|
|
|
|
|
|
|
|
|
<br>
|
|
|
|
|
|
|
|
|
|
|
|
This program is distributed
|
|
|
|
|
|
in the hope that it will be useful,
|
|
|
|
|
|
but WITHOUT ANY WARRANTY; without
|
|
|
|
|
|
even the implied warranty of MERCHANTABILITY
|
|
|
|
|
|
or FITNESS FOR A PARTICULAR PURPOSE.
|
|
|
|
|
|
See the GNU General Public License for more
|
|
|
|
|
|
details.<br>
|
2003-05-21 01:21:38 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<br>
|
2003-05-21 01:21:38 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
You should have received
|
|
|
|
|
|
a copy of the GNU General Public
|
|
|
|
|
|
License along with this program;
|
|
|
|
|
|
if not, write to the Free Software Foundation,
|
|
|
|
|
|
Inc., 675 Mass Ave, Cambridge, MA 02139,
|
|
|
|
|
|
USA</p>
|
2003-05-21 01:21:38 +02:00
|
|
|
|
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
|
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2003-03-18 16:16:33 +01:00
|
|
|
|
<p><a href="copyright.htm">Copyright 2001, 2002, 2003 Thomas M. Eastep</a></p>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2003-05-28 21:20:23 +02:00
|
|
|
|
|
2003-06-23 22:24:51 +02:00
|
|
|
|
|
2003-05-21 01:21:38 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
<h2>This is the Shorewall 1.4 Web Site</h2>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
The information on this site applies only to 1.4.x releases of
|
|
|
|
|
|
Shorewall. For older versions:<br>
|
2003-07-23 16:25:05 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
<ul>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<li>The 1.3 site is <a
|
2003-07-22 00:06:18 +02:00
|
|
|
|
href="http://www.shorewall.net/1.3" target="_top">here.</a></li>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<li>The 1.2 site is <a
|
|
|
|
|
|
href="http://shorewall.net/1.2/" target="_top">here</a>.<br>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
</ul>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
<h2>Getting Started with Shorewall</h2>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
New to Shorewall? Start by
|
|
|
|
|
|
selecting the <a href="shorewall_quickstart_guide.htm">QuickStart
|
|
|
|
|
|
Guide</a> that most closely match your environment
|
|
|
|
|
|
and follow the step by step instructions.<br>
|
2003-06-23 22:24:51 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
2003-07-23 16:25:05 +02:00
|
|
|
|
<h2>Looking for Information?</h2>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
The <a
|
|
|
|
|
|
href="shorewall_quickstart_guide.htm#Documentation">Documentation
|
|
|
|
|
|
Index</a> is a good place to start as is the Quick Search to your right.
|
|
|
|
|
|
|
|
|
|
|
|
|
2003-07-23 16:25:05 +02:00
|
|
|
|
<h2>Running Shorewall on Mandrake with a two-interface setup?</h2>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
If so, the documentation<b> </b>on
|
|
|
|
|
|
this site will not apply directly to your setup. If you want
|
|
|
|
|
|
to use the documentation that you find here, you will want to consider
|
|
|
|
|
|
uninstalling what you have and installing a setup that matches
|
|
|
|
|
|
the documentation on this site. See the <a
|
|
|
|
|
|
href="two-interface.htm">Two-interface QuickStart Guide</a> for
|
|
|
|
|
|
details.<br>
|
2003-07-23 16:25:05 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
2002-11-09 19:10:22 +01:00
|
|
|
|
<h2>News</h2>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
|
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
<p><b>8/5/2003 - Shorewall-1.4.6b</b><b> <img border="0"
|
2003-07-23 16:25:05 +02:00
|
|
|
|
src="images/new10.gif" width="28" height="12" alt="(New)">
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<br>
|
|
|
|
|
|
</b></p>
|
|
|
|
|
|
<b>Problems Corrected since version 1.4.6:</b><br>
|
|
|
|
|
|
|
2003-07-23 16:25:05 +02:00
|
|
|
|
<ol>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<li>Previously, if TC_ENABLED is set to yes in shorewall.conf then
|
|
|
|
|
|
Shorewall would fail to start with the error "ERROR: <20>Traffic Control
|
|
|
|
|
|
requires Mangle"; that problem has been corrected.</li>
|
|
|
|
|
|
<li>Corrected handling of MAC addresses in the SOURCE column of the
|
|
|
|
|
|
tcrules file. Previously, these addresses resulted in an invalid iptables
|
|
|
|
|
|
command.</li>
|
|
|
|
|
|
<li>The "shorewall stop" command is now disabled when /etc/shorewall/startup_disabled
|
|
|
|
|
|
exists. This prevents people from shooting themselves in the foot prior to
|
|
|
|
|
|
having configured Shorewall.</li>
|
|
|
|
|
|
<li>A change introduced in version 1.4.6 caused error messages during
|
|
|
|
|
|
"shorewall [re]start" when ADD_IP_ALIASES=Yes and ip addresses were being
|
|
|
|
|
|
added to a PPP interface; the addresses were successfully added in spite
|
|
|
|
|
|
of the messages.<br>
|
|
|
|
|
|
<EFBFBD><EFBFBD> <br>
|
|
|
|
|
|
The firewall script has been modified to eliminate the error messages.<br>
|
|
|
|
|
|
</li>
|
2003-07-23 16:25:05 +02:00
|
|
|
|
</ol>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<p><b>7/31/2003 - Snapshot 1.4.6_20030731</b><b> </b></p>
|
|
|
|
|
|
|
|
|
|
|
|
<blockquote>
|
|
|
|
|
|
<p><a href="http://shorewall.net/pub/shorewall/Snapshots/">http://shorewall.net/pub/shorewall/Snapshots/</a><br>
|
|
|
|
|
|
<a href="ftp://shorewall.net/pub/shorewall/Snapshots/"
|
|
|
|
|
|
target="_top">ftp://shorewall.net/pub/shorewall/Snapshots/</a></p>
|
|
|
|
|
|
</blockquote>
|
|
|
|
|
|
<b>Problems Corrected since version 1.4.6</b><br>
|
|
|
|
|
|
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<ol>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<li>Corrected problem in 1.4.6 where the MANGLE_ENABLED variable
|
|
|
|
|
|
was being tested before it was set.</li>
|
|
|
|
|
|
<li>Corrected handling of MAC addresses in the SOURCE column of
|
|
|
|
|
|
the tcrules file. Previously, these addresses resulted in an invalid iptables
|
|
|
|
|
|
command.<br>
|
2003-07-23 16:25:05 +02:00
|
|
|
|
</li>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
</ol>
|
|
|
|
|
|
<b>Migration Issues:</b><br>
|
|
|
|
|
|
|
|
|
|
|
|
<ol>
|
|
|
|
|
|
<li>Once you have installed this version of Shorewall, you must
|
|
|
|
|
|
restart Shorewall before you may use the 'drop', 'reject', 'allow' or 'save'
|
|
|
|
|
|
commands.</li>
|
|
|
|
|
|
<li>To maintain strict compatibility with previous versions, current
|
|
|
|
|
|
uses of "shorewall drop" and "shorewall reject" should be replaced with "shorewall
|
|
|
|
|
|
dropall" and "shorewall rejectall" </li>
|
|
|
|
|
|
|
|
|
|
|
|
</ol>
|
|
|
|
|
|
<b>New Features:</b><br>
|
|
|
|
|
|
|
|
|
|
|
|
<ol>
|
|
|
|
|
|
<li>Shorewall now creates a dynamic blacklisting chain for each
|
|
|
|
|
|
interface defined in /etc/shorewall/interfaces. The 'drop' and 'reject'
|
|
|
|
|
|
commands use the routing table to determine which of these chains is to
|
|
|
|
|
|
be used for blacklisting the specified IP address(es).<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
Two new commands ('dropall' and 'rejectall') have been introduced that
|
|
|
|
|
|
do what 'drop' and 'reject' used to do; namely, when an address is blacklisted
|
|
|
|
|
|
using these new commands, it will be blacklisted on all of your firewall's
|
|
|
|
|
|
interfaces.</li>
|
|
|
|
|
|
<li>Thanks to Steve Herber, the 'help' command can now give command-specific
|
|
|
|
|
|
help (e.g., shorewall help <command>).</li>
|
|
|
|
|
|
<li>A new option "ADMINISABSENTMINDED" has been added to /etc/shorewall/shorewall.conf.
|
|
|
|
|
|
This option has a default value of "No" for existing users which causes Shorewall's
|
|
|
|
|
|
'stopped' state <20>to continue as it has been; namely, in the stopped state
|
|
|
|
|
|
only traffic to/from hosts listed in /etc/shorewall/routestopped is accepted.<br>
|
2003-07-23 16:25:05 +02:00
|
|
|
|
<br>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
With ADMINISABSENTMINDED=Yes (the default for new installs), in addition
|
|
|
|
|
|
to traffic to/from the hosts listed in /etc/shorewall/routestopped, Shorewall
|
|
|
|
|
|
will allow:<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
<20><> a) All traffic originating from the firewall itself; and<br>
|
|
|
|
|
|
<20><> b) All traffic that is part of or related to an already-existing connection.<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
<20>In particular, with ADMINISABSENTMINDED=Yes, a "shorewall stop" entered
|
|
|
|
|
|
through an ssh session will not kill the session.<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
<20>Note though that even with ADMINISABSENTMINDED=Yes, it is still possible
|
|
|
|
|
|
for people to shoot themselves in the foot.<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
<20>Example:<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
<20>/etc/shorewall/nat:<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
<20> <20> <20>206.124.146.178<EFBFBD><EFBFBD><EFBFBD> eth0:0<><30><EFBFBD> 192.168.1.5<EFBFBD><EFBFBD><EFBFBD> <br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
<20>/etc/shorewall/rules:<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
<20><> ACCEPT<50><54><EFBFBD> net<65><74><EFBFBD> loc:192.168.1.5<EFBFBD><EFBFBD><EFBFBD> tcp<63><70><EFBFBD> 22<br>
|
|
|
|
|
|
<20><> ACCEPT<50><54><EFBFBD> loc<6F><63><EFBFBD> fw<66><77><EFBFBD> <20><><EFBFBD> tcp<63><70><EFBFBD> 22<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
From a remote system, I ssh to 206.124.146.178 which establishes an SSH
|
|
|
|
|
|
connection with local system 192.168.1.5. I then create a second SSH connection
|
|
|
|
|
|
from that computer to the firewall and confidently type "shorewall stop".
|
|
|
|
|
|
As part of its stop processing, Shorewall removes eth0:0 which kills my SSH
|
|
|
|
|
|
connection to 192.168.1.5!!!<br>
|
2003-07-23 16:25:05 +02:00
|
|
|
|
</li>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
</ol>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
<p><b>7/22/2003 - Shorewall-1.4.6a</b><b><br>
|
|
|
|
|
|
</b></p>
|
|
|
|
|
|
<b>Problems Corrected:</b><br>
|
|
|
|
|
|
|
2003-05-28 21:20:23 +02:00
|
|
|
|
<ol>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<li>Previously, if TC_ENABLED is set to yes in shorewall.conf
|
|
|
|
|
|
then Shorewall would fail to start with the error "ERROR: <20>Traffic Control
|
|
|
|
|
|
requires Mangle"; that problem has been corrected.</li>
|
|
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
</ol>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
<p><b>7/20/2003 - Shorewall-1.4.6</b><b> </b><br>
|
|
|
|
|
|
</p>
|
2003-07-22 00:06:18 +02:00
|
|
|
|
|
|
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
<blockquote> </blockquote>
|
2003-07-23 16:25:05 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
<p><b>Problems Corrected:</b><br>
|
|
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<ol>
|
|
|
|
|
|
<li>A problem seen on RH7.3 systems where Shorewall
|
|
|
|
|
|
encountered start errors when started using the "service" mechanism
|
|
|
|
|
|
has been worked around.<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>Where a list of IP addresses appears in the
|
|
|
|
|
|
DEST column of a DNAT[-] rule, Shorewall incorrectly created multiple
|
|
|
|
|
|
DNAT rules in the nat table (one for each element in the list). Shorewall
|
|
|
|
|
|
now correctly creates a single DNAT rule with multiple "--to-destination"
|
|
|
|
|
|
clauses.<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>Corrected a problem in Beta 1 where DNS names
|
|
|
|
|
|
containing a "-" were mis-handled when they appeared in the DEST
|
|
|
|
|
|
column of a rule.<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>A number of problems with rule parsing have been
|
|
|
|
|
|
corrected. Corrections involve the handling of "z1!z2" in the SOURCE
|
|
|
|
|
|
column as well as lists in the ORIGINAL DESTINATION column.<br>
|
2003-07-23 16:25:05 +02:00
|
|
|
|
<br>
|
|
|
|
|
|
</li>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<li>The message "Adding rules for DHCP" is now suppressed
|
|
|
|
|
|
if there are no DHCP rules to add.<br>
|
|
|
|
|
|
</li>
|
2003-07-22 00:06:18 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
2003-05-18 20:38:34 +02:00
|
|
|
|
</ol>
|
2003-07-22 00:06:18 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
<p><b>Migration Issues:</b><br>
|
2003-07-23 16:25:05 +02:00
|
|
|
|
</p>
|
2003-06-23 22:24:51 +02:00
|
|
|
|
|
2003-07-23 16:25:05 +02:00
|
|
|
|
|
2003-05-28 21:20:23 +02:00
|
|
|
|
<ol>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<li>In earlier versions, an undocumented feature
|
|
|
|
|
|
allowed entries in the host file as follows:<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
<20> <20> z<><7A><EFBFBD> eth1:192.168.1.0/24,eth2:192.168.2.0/24<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
This capability was never documented and has been removed
|
|
|
|
|
|
in 1.4.6 to allow entries of the following format:<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
<20> <20> z<><7A> eth1:192.168.1.0/24,192.168.2.0/24<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>The NAT_ENABLED, MANGLE_ENABLED and MULTIPORT
|
|
|
|
|
|
options have been removed from /etc/shorewall/shorewall.conf. These
|
|
|
|
|
|
capabilities are now automatically detected by Shorewall (see below).<br>
|
2003-07-23 16:25:05 +02:00
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
2003-05-28 21:20:23 +02:00
|
|
|
|
</ol>
|
|
|
|
|
|
|
2003-07-23 16:25:05 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<p><b>New Features:</b><br>
|
|
|
|
|
|
</p>
|
2003-07-22 00:06:18 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
2003-06-23 22:24:51 +02:00
|
|
|
|
<ol>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<li>A 'newnotsyn' interface option has been added.
|
|
|
|
|
|
This option may be specified in /etc/shorewall/interfaces and overrides
|
|
|
|
|
|
the setting NEWNOTSYN=No for packets arriving on the associated interface.<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>The means for specifying a range of IP addresses
|
|
|
|
|
|
in /etc/shorewall/masq to use for SNAT is now documented. ADD_SNAT_ALIASES=Yes
|
|
|
|
|
|
is enabled for address ranges.<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>Shorewall can now add IP addresses to subnets
|
|
|
|
|
|
other than the first one on an interface.<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>DNAT[-] rules may now be used to load balance
|
|
|
|
|
|
(round-robin) over a set of servers. Servers may be specified in
|
|
|
|
|
|
a range of addresses given as <first address>-<last address>.<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
Example:<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
<20> <20> DNAT net loc:192.168.10.2-192.168.10.5 tcp 80<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>The NAT_ENABLED, MANGLE_ENABLED and MULTIPORT
|
|
|
|
|
|
configuration options have been removed and have been replaced by
|
|
|
|
|
|
code that detects whether these capabilities are present in the current
|
|
|
|
|
|
kernel. The output of the start, restart and check commands have been
|
|
|
|
|
|
enhanced to report the outcome:<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
Shorewall has detected the following iptables/netfilter
|
|
|
|
|
|
capabilities:<br>
|
|
|
|
|
|
<20> <20>NAT: Available<br>
|
|
|
|
|
|
<20> <20>Packet Mangling: Available<br>
|
|
|
|
|
|
<20> <20>Multi-port Match: Available<br>
|
|
|
|
|
|
Verifying Configuration...<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>Support for the Connection Tracking Match Extension
|
|
|
|
|
|
has been added. This extension is available in recent kernel/iptables
|
|
|
|
|
|
releases and allows for rules which match against elements in netfilter's
|
|
|
|
|
|
connection tracking table. Shorewall automatically detects the availability
|
|
|
|
|
|
of this extension and reports its availability in the output of the
|
|
|
|
|
|
start, restart and check commands.<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
Shorewall has detected the following iptables/netfilter
|
|
|
|
|
|
capabilities:<br>
|
|
|
|
|
|
<20> <20>NAT: Available<br>
|
|
|
|
|
|
<20> <20>Packet Mangling: Available<br>
|
|
|
|
|
|
<20> <20>Multi-port Match: Available<br>
|
|
|
|
|
|
<20> <20>Connection Tracking Match: Available<br>
|
|
|
|
|
|
Verifying Configuration...<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
If this extension is available, the ruleset generated
|
|
|
|
|
|
by Shorewall is changed in the following ways:</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
<li>To handle 'norfc1918' filtering, Shorewall
|
|
|
|
|
|
will not create chains in the mangle table but will rather do all
|
|
|
|
|
|
'norfc1918' filtering in the filter table (rfc1918 chain).</li>
|
|
|
|
|
|
<li>Recall that Shorewall DNAT rules generate
|
|
|
|
|
|
two netfilter rules; one in the nat table and one in the filter
|
|
|
|
|
|
table. If the Connection Tracking Match Extension is available, the
|
|
|
|
|
|
rule in the filter table is extended to check that the original destination
|
|
|
|
|
|
address was the same as specified (or defaulted to) in the DNAT rule.<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
<li>The shell used to interpret the firewall script
|
|
|
|
|
|
(/usr/share/shorewall/firewall) may now be specified using the SHOREWALL_SHELL
|
|
|
|
|
|
parameter in shorewall.conf.<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>An 'ipcalc' command has been added to /sbin/shorewall.<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD> ipcalc [ <address> <netmask> | <address>/<vlsm>
|
|
|
|
|
|
]<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
Examples:<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD> [root@wookie root]# shorewall ipcalc 192.168.1.0/24<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> CIDR=192.168.1.0/24<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> NETMASK=255.255.255.0<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> NETWORK=192.168.1.0<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> BROADCAST=192.168.1.255<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD> [root@wookie root]#<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD> [root@wookie root]# shorewall ipcalc 192.168.1.0
|
|
|
|
|
|
255.255.255.0<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> CIDR=192.168.1.0/24<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> NETMASK=255.255.255.0<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> NETWORK=192.168.1.0<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> BROADCAST=192.168.1.255<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD> [root@wookie root]#<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
Warning:<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
If your shell only supports 32-bit signed arithmatic (ash
|
|
|
|
|
|
or dash), then the ipcalc command produces incorrect information for
|
|
|
|
|
|
IP addresses 128.0.0.0-1 and for /1 networks. Bash should produce correct
|
|
|
|
|
|
information for all valid IP addresses.<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>An 'iprange' command has been added to /sbin/shorewall.
|
|
|
|
|
|
<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD> iprange <address>-<address><br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
This command decomposes a range of IP addressses into a
|
|
|
|
|
|
list of network and host addresses. The command can be useful if you
|
|
|
|
|
|
need to construct an efficient set of rules that accept connections from
|
|
|
|
|
|
a range of network addresses.<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
Note: If your shell only supports 32-bit signed arithmetic
|
|
|
|
|
|
(ash or dash) then the range may not span 128.0.0.0.<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
Example:<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD> [root@gateway root]# shorewall iprange 192.168.1.4-192.168.12.9<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD> 192.168.1.4/30<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD> 192.168.1.8/29<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD> 192.168.1.16/28<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD> 192.168.1.32/27<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD> 192.168.1.64/26<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD> 192.168.1.128/25<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD> 192.168.2.0/23<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD> 192.168.4.0/22<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD> 192.168.8.0/22<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD> 192.168.12.0/29<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD> 192.168.12.8/31<br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD> [root@gateway root]#<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>A list of host/net addresses is now allowed
|
|
|
|
|
|
in an entry in /etc/shorewall/hosts.<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
Example:<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
<20><><EFBFBD> foo<6F><6F><EFBFBD> eth1:192.168.1.0/24,192.168.2.0/24<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>The "shorewall check" command now includes the chain
|
|
|
|
|
|
name when printing the applicable policy for each pair of zones.<br>
|
|
|
|
|
|
<20><br>
|
|
|
|
|
|
<20><><EFBFBD> Example:<br>
|
|
|
|
|
|
<20><br>
|
|
|
|
|
|
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Policy for dmz to net is REJECT using chain all2all<br>
|
|
|
|
|
|
<20><br>
|
|
|
|
|
|
This means that the policy for connections from the dmz to the internet
|
|
|
|
|
|
is REJECT and the applicable entry in the /etc/shorewall/policy was the
|
|
|
|
|
|
all->all policy.<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
<li>Support for the 2.6 Kernel series has been added.<br>
|
|
|
|
|
|
</li>
|
2003-06-23 22:24:51 +02:00
|
|
|
|
|
2003-07-23 16:25:05 +02:00
|
|
|
|
|
2003-06-23 22:24:51 +02:00
|
|
|
|
</ol>
|
2003-05-28 21:20:23 +02:00
|
|
|
|
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-06-23 22:24:51 +02:00
|
|
|
|
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
<p><b></b></p>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
<ol>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-05-29 16:48:09 +02:00
|
|
|
|
|
2003-07-23 16:25:05 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
</ol>
|
2003-05-29 16:48:09 +02:00
|
|
|
|
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-07-23 16:25:05 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
<p><a href="News.htm">More News</a></p>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-05-28 21:20:23 +02:00
|
|
|
|
|
|
|
|
|
|
|
2003-06-23 22:24:51 +02:00
|
|
|
|
|
|
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
<p> <a href="http://leaf.sourceforge.net" target="_top"><img
|
|
|
|
|
|
border="0" src="images/leaflogo.gif" width="49" height="36"
|
|
|
|
|
|
alt="(Leaf Logo)">
|
2003-06-23 22:24:51 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
</a>Jacques Nilo and
|
|
|
|
|
|
Eric Wolzak have a LEAF (router/firewall/gateway
|
|
|
|
|
|
on a floppy, CD or compact flash)
|
|
|
|
|
|
distribution called <i>Bering</i>
|
|
|
|
|
|
that features Shorewall-1.4.2 and
|
|
|
|
|
|
Kernel-2.4.20. You can find their
|
|
|
|
|
|
work at: <a
|
|
|
|
|
|
href="http://leaf.sourceforge.net/devel/jnilo"> http://leaf.sourceforge.net/devel/jnilo<br>
|
2003-06-23 22:24:51 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
</a></p>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
|
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<b>Congratulations to Jacques
|
|
|
|
|
|
and Eric on the recent release of Bering 1.2!!! </b><br>
|
2003-05-28 21:20:23 +02:00
|
|
|
|
|
2003-06-23 22:24:51 +02:00
|
|
|
|
|
2003-05-28 21:20:23 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
<h2><a name="Donations"></a>Donations</h2>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
</td>
|
|
|
|
|
|
|
|
|
|
|
|
<td width="88"
|
|
|
|
|
|
bgcolor="#3366ff" valign="top" align="center">
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
<form method="post"
|
2003-08-05 20:38:21 +02:00
|
|
|
|
action="http://lists.shorewall.net/cgi-bin/htsearch">
|
|
|
|
|
|
<strong><br>
|
|
|
|
|
|
|
|
|
|
|
|
<font color="#ffffff"><b>Note: </b></font></strong><font
|
2003-07-22 00:06:18 +02:00
|
|
|
|
color="#ffffff">Search is unavailable Daily 0200-0330 GMT.</font><br>
|
2003-05-28 21:20:23 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<strong></strong>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
|
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
<p><font color="#ffffff"><strong>Quick Search</strong></font><br>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<font face="Arial" size="-1"> <input
|
|
|
|
|
|
type="text" name="words" size="15"></font><font size="-1"> </font>
|
|
|
|
|
|
<font face="Arial" size="-1"> <input type="hidden"
|
|
|
|
|
|
name="format" value="long"> <input type="hidden" name="method"
|
|
|
|
|
|
value="and"> <input type="hidden" name="config" value="htdig"> <input
|
|
|
|
|
|
type="submit" value="Search"></font> </p>
|
2003-06-23 22:24:51 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<font face="Arial"> <input type="hidden"
|
|
|
|
|
|
name="exclude" value="[http://lists.shorewall.net/pipermail/*]"> </font>
|
|
|
|
|
|
</form>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-06-23 22:24:51 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<p><font color="#ffffff"><b><a
|
|
|
|
|
|
href="http://lists.shorewall.net/htdig/search.html"><font
|
|
|
|
|
|
color="#ffffff">Extended Search</font></a></b></font></p>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<br>
|
|
|
|
|
|
</td>
|
|
|
|
|
|
|
|
|
|
|
|
</tr>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
|
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
</tbody>
|
2002-12-28 16:38:03 +01:00
|
|
|
|
</table>
|
2003-05-28 21:20:23 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
</center>
|
2003-05-29 16:48:09 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
</div>
|
2003-07-22 00:06:18 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
2002-09-16 19:02:45 +02:00
|
|
|
|
<table border="0" cellpadding="5" cellspacing="0"
|
|
|
|
|
|
style="border-collapse: collapse;" width="100%" id="AutoNumber2"
|
2003-07-22 00:06:18 +02:00
|
|
|
|
bgcolor="#3366ff">
|
|
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<tbody>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<tr>
|
2003-06-23 22:24:51 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<td width="100%"
|
|
|
|
|
|
style="margin-top: 1px;" valign="middle">
|
2003-05-28 21:20:23 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
|
2002-09-16 19:02:45 +02:00
|
|
|
|
<p align="center"><a href="http://www.starlight.org"> <img
|
|
|
|
|
|
border="4" src="images/newlog.gif" width="57" height="100" align="left"
|
2003-06-23 22:24:51 +02:00
|
|
|
|
hspace="10" alt="(Starlight Logo)">
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
</a></p>
|
|
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
|
2003-05-28 21:20:23 +02:00
|
|
|
|
|
|
|
|
|
|
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-07-22 00:06:18 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
2003-06-23 22:24:51 +02:00
|
|
|
|
<p align="center"><font size="4" color="#ffffff"><br>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<font size="+2"> Shorewall is free but if
|
|
|
|
|
|
you try it and find it useful, please consider making a donation
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
to <a href="http://www.starlight.org"><font
|
|
|
|
|
|
color="#ffffff">Starlight Children's Foundation.</font></a>
|
|
|
|
|
|
Thanks!</font></font></p>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
</td>
|
2003-05-28 21:20:23 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
</tr>
|
2003-07-22 00:06:18 +02:00
|
|
|
|
|
|
|
|
|
|
|
2003-07-23 16:25:05 +02:00
|
|
|
|
|
2003-08-05 20:38:21 +02:00
|
|
|
|
|
|
|
|
|
|
</tbody>
|
|
|
|
|
|
</table>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<p><font size="2">Updated 8/5/2003 - <a href="support.htm">Tom Eastep</a></font>
|
|
|
|
|
|
|
|
|
|
|
|
<br>
|
2003-07-23 16:25:05 +02:00
|
|
|
|
</p>
|
|
|
|
|
|
<br>
|
2002-09-16 19:02:45 +02:00
|
|
|
|
</body>
|
|
|
|
|
|
</html>
|
