2002-08-13 22:45:21 +02:00
|
|
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
|
|
|
|
<html>
|
|
|
|
|
|
<head>
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-09-16 19:13:10 +02:00
|
|
|
|
<meta http-equiv="Content-Type"
|
|
|
|
|
|
content="text/html; charset=windows-1252">
|
2002-08-13 22:45:21 +02:00
|
|
|
|
<title>Shoreline Firewall (Shorewall) 1.3</title>
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
<base target="_self">
|
2002-08-13 22:45:21 +02:00
|
|
|
|
</head>
|
2002-09-16 19:13:10 +02:00
|
|
|
|
<body>
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-09-16 19:13:10 +02:00
|
|
|
|
<table border="0" cellpadding="0" cellspacing="4"
|
|
|
|
|
|
style="border-collapse: collapse;" width="100%" id="AutoNumber3"
|
|
|
|
|
|
bgcolor="#4b017c">
|
2002-11-24 21:08:19 +01:00
|
|
|
|
<tbody>
|
|
|
|
|
|
<tr>
|
|
|
|
|
|
<td
|
|
|
|
|
|
width="100%" height="90">
|
|
|
|
|
|
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
2002-09-16 19:13:10 +02:00
|
|
|
|
<h1 align="center"> <font size="4"><i> <a
|
2002-09-29 23:42:38 +02:00
|
|
|
|
href="http://www.cityofshoreline.com"> <img vspace="4" hspace="4"
|
|
|
|
|
|
alt="Shorwall Logo" height="70" width="85" align="left"
|
|
|
|
|
|
src="images/washington.jpg" border="0">
|
2002-11-24 21:08:19 +01:00
|
|
|
|
</a></i></font><font
|
2002-11-09 22:34:47 +01:00
|
|
|
|
color="#ffffff">Shorewall 1.3 - <font size="4">"<i>iptables
|
2002-11-24 21:08:19 +01:00
|
|
|
|
made easy"</i></font></font></h1>
|
|
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<div align="center"><a
|
|
|
|
|
|
href="http://shorewall.sf.net/1.2/index.html" target="_top"><font
|
2002-09-29 23:42:38 +02:00
|
|
|
|
color="#ffffff">Shorewall 1.2 Site here</font></a><br>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
</div>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
</td>
|
|
|
|
|
|
</tr>
|
|
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
</tbody>
|
2002-09-16 19:13:10 +02:00
|
|
|
|
</table>
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 22:34:47 +01:00
|
|
|
|
<div align="center">
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
<center>
|
2002-09-16 19:13:10 +02:00
|
|
|
|
<table border="0" cellpadding="0" cellspacing="0"
|
|
|
|
|
|
style="border-collapse: collapse;" width="100%" id="AutoNumber4">
|
2002-11-24 21:08:19 +01:00
|
|
|
|
<tbody>
|
|
|
|
|
|
<tr>
|
|
|
|
|
|
<td
|
|
|
|
|
|
width="90%">
|
2002-11-09 19:06:34 +01:00
|
|
|
|
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
2002-09-16 19:13:10 +02:00
|
|
|
|
<h2 align="left">What is it?</h2>
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 22:34:47 +01:00
|
|
|
|
<p>The Shoreline Firewall, more commonly known as "Shorewall", is a
|
|
|
|
|
|
<a href="http://www.netfilter.org">Netfilter</a> (iptables) based firewall
|
|
|
|
|
|
that can be used on a dedicated firewall system, a multi-function
|
|
|
|
|
|
gateway/router/server or on a standalone GNU/Linux system.</p>
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 22:34:47 +01:00
|
|
|
|
<p>This program is free software; you can redistribute it and/or modify
|
2002-11-24 21:08:19 +01:00
|
|
|
|
it under the terms of <a
|
2002-11-09 22:34:47 +01:00
|
|
|
|
href="http://www.gnu.org/licenses/gpl.html">Version 2 of the GNU General
|
|
|
|
|
|
Public License</a> as published by the Free Software Foundation.<br>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
<br>
|
|
|
|
|
|
This program
|
|
|
|
|
|
is distributed in the hope that it will be useful,
|
|
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty
|
|
|
|
|
|
of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
|
|
|
|
See the GNU General Public License for more details.<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
You should
|
|
|
|
|
|
have received a copy of the GNU General Public License
|
|
|
|
|
|
along with this program; if not, write to the Free Software
|
|
|
|
|
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
|
|
|
|
|
|
USA</p>
|
2002-11-09 19:06:34 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-08-13 22:45:21 +02:00
|
|
|
|
<p><a href="copyright.htm">Copyright 2001, 2002 Thomas M. Eastep</a></p>
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-09-29 23:42:38 +02:00
|
|
|
|
<p> <a href="http://leaf.sourceforge.net" target="_top"><img
|
2002-09-16 19:13:10 +02:00
|
|
|
|
border="0" src="images/leaflogo.gif" width="49" height="36">
|
2002-11-24 21:08:19 +01:00
|
|
|
|
</a>Jacques
|
|
|
|
|
|
Nilo and Eric Wolzak have a LEAF (router/firewall/gateway
|
|
|
|
|
|
on a floppy, CD or compact flash) distribution called
|
|
|
|
|
|
<i>Bering</i> that features Shorewall-1.3.10 and Kernel-2.4.18.
|
|
|
|
|
|
You can find their work at: <a
|
|
|
|
|
|
href="http://leaf.sourceforge.net/devel/jnilo"> http://leaf.sourceforge.net/devel/jnilo<br>
|
|
|
|
|
|
</a></p>
|
|
|
|
|
|
|
|
|
|
|
|
<p><b>Congratulations to Jacques and Eric on the recent release of Bering
|
|
|
|
|
|
1.0 Final!!! </b><br>
|
|
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
<h2>This is a mirror of the main Shorewall web site at SourceForge (<a
|
|
|
|
|
|
href="http://shorewall.sf.net" target="_top">http://shorewall.sf.net</a>)</h2>
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
<h2>News</h2>
|
|
|
|
|
|
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
<h2></h2>
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<p><b>11/24/2002 - Shorewall 1.3.11</b><b> </b><b><img border="0"
|
2002-11-09 22:34:47 +01:00
|
|
|
|
src="images/new10.gif" width="28" height="12" alt="(New)">
|
2002-11-24 21:08:19 +01:00
|
|
|
|
</b></p>
|
|
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
<p>In this version:</p>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
<li>A 'tcpflags' option has been added to entries in <a
|
|
|
|
|
|
href="file:///home/teastep/Shorewall-docs/Documentation.htm#Interfaces">/etc/shorewall/interfaces</a>.
|
|
|
|
|
|
This option causes Shorewall to make a set of sanity check on TCP packet
|
|
|
|
|
|
header flags.</li>
|
|
|
|
|
|
<li>It is now allowed to use 'all' in the SOURCE or DEST column in
|
|
|
|
|
|
a <a href="file:///home/teastep/Shorewall-docs/Documentation.htm#Rules">rule</a>.
|
|
|
|
|
|
When used, 'all' must appear by itself (in may not be qualified) and it does
|
|
|
|
|
|
not enable intra-zone traffic. For example, the rule <br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
<20> <20> ACCEPT loc all tcp 80<br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
does not enable http traffic from 'loc' to 'loc'.</li>
|
|
|
|
|
|
<li>Shorewall's use of the 'echo' command is now compatible with
|
|
|
|
|
|
bash clones such as ash and dash.</li>
|
|
|
|
|
|
<li>fw->fw policies now generate a startup error. fw->fw rules
|
|
|
|
|
|
generate a warning and are ignored</li>
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
|
|
|
|
<p><b>11/14/2002 - Shorewall Documentation in PDF Format</b><b>
|
|
|
|
|
|
</b></p>
|
|
|
|
|
|
|
|
|
|
|
|
<p>Juraj Ontkanin has produced a PDF containing the Shorewall 1.3.10
|
|
|
|
|
|
documenation. the PDF may be downloaded from</p>
|
2002-11-09 22:34:47 +01:00
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
<p><EFBFBD><EFBFBD><EFBFBD> <a
|
|
|
|
|
|
href="ftp://slovakia.shorewall.net/mirror/shorewall/pdf/" target="_top">ftp://slovakia.shorewall.net/mirror/shorewall/pdf/</a><br>
|
|
|
|
|
|
<20><><EFBFBD> <a href="http://slovakia.shorewall.net/pub/shorewall/pdf/">http://slovakia.shorewall.net/pub/shorewall/pdf/</a><br>
|
|
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
<p><b>11/09/2002 - Shorewall is Back at SourceForge</b><b>
|
|
|
|
|
|
</b></p>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<p>The main Shorewall web site is now back at SourceForge at <a
|
|
|
|
|
|
href="http://shorewall.sf.net" target="_top">http://shorewall.sf.net</a>.<br>
|
|
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<p><b>11/09/2002 - Shorewall 1.3.10</b><b>
|
|
|
|
|
|
</b></p>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<p>In this version:</p>
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
<ul>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
<li>You may now <a href="IPSEC.htm#Dynamic">define the
|
|
|
|
|
|
contents of a zone dynamically</a> with the <a
|
2002-11-09 22:34:47 +01:00
|
|
|
|
href="starting_and_stopping_shorewall.htm">"shorewall add" and "shorewall
|
2002-11-24 21:08:19 +01:00
|
|
|
|
delete" commands</a>. These commands are expected to be used primarily
|
|
|
|
|
|
within <a href="http://www.xs4all.nl/%7Efreeswan/">FreeS/Wan</a>
|
|
|
|
|
|
updown scripts.</li>
|
|
|
|
|
|
<li>Shorewall can now do<a
|
|
|
|
|
|
href="MAC_Validation.html"> MAC verification</a> on ethernet segments.
|
|
|
|
|
|
You can specify the set of allowed MAC addresses on the segment and
|
|
|
|
|
|
you can optionally tie each MAC address to one or more IP addresses.</li>
|
|
|
|
|
|
<li>PPTP Servers and Clients running on the firewall
|
|
|
|
|
|
system may now be defined in the<a href="PPTP.htm"> /etc/shorewall/tunnels</a>
|
|
|
|
|
|
file.</li>
|
|
|
|
|
|
<li>A new 'ipsecnat' tunnel type is supported for use
|
|
|
|
|
|
when the <a href="IPSEC.htm">remote IPSEC endpoint is behind
|
|
|
|
|
|
a NAT gateway</a>.</li>
|
|
|
|
|
|
<li>The PATH used by Shorewall may now be specified in
|
|
|
|
|
|
<a href="Documentation.htm#Conf">/etc/shorewall/shorewall.conf.</a></li>
|
|
|
|
|
|
<li>The main firewall script is now /usr/lib/shorewall/firewall.
|
|
|
|
|
|
The script in /etc/init.d/shorewall is very small and uses /sbin/shorewall
|
|
|
|
|
|
to do the real work. This change makes custom distributions such as
|
|
|
|
|
|
for Debian and for Gentoo easier to manage since it is /etc/init.d/shorewall
|
|
|
|
|
|
that tends to have distribution-dependent code.</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
</ul>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
If you have installed the 1.3.10 Beta 1 RPM and are now upgrading
|
|
|
|
|
|
to version 1.3.10, you will need to use the '--force' option:<br>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<blockquote>
|
|
|
|
|
|
|
2002-11-09 22:34:47 +01:00
|
|
|
|
<pre>rpm -Uvh --force shorewall-1.3.10-1.noarch.rpm</pre>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
</blockquote>
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
<p><b>10/24/2002 - Shorewall is now in Gentoo Linux</b><a
|
|
|
|
|
|
href="http://www.gentoo.org"><br>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
</a></p>
|
|
|
|
|
|
Alexandru Hartmann reports that his Shorewall package
|
|
|
|
|
|
is now a part of <a href="http://www.gentoo.org">the Gentoo
|
|
|
|
|
|
Linux distribution</a>. Thanks Alex!<br>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
<p><b>10/23/2002 - Shorewall 1.3.10 Beta 1</b><b> </b></p>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
In this version:<br>
|
2002-11-09 22:34:47 +01:00
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-09-16 19:13:10 +02:00
|
|
|
|
<ul>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
<li>You may now <a href="IPSEC.htm#Dynamic">define
|
|
|
|
|
|
the contents of a zone dynamically</a> with the <a
|
2002-11-09 22:34:47 +01:00
|
|
|
|
href="starting_and_stopping_shorewall.htm">"shorewall add" and "shorewall
|
2002-11-24 21:08:19 +01:00
|
|
|
|
delete" commands</a>. These commands are expected to be used primarily
|
|
|
|
|
|
within <a href="http://www.xs4all.nl/%7Efreeswan/">FreeS/Wan</a>
|
|
|
|
|
|
updown scripts.</li>
|
|
|
|
|
|
<li>Shorewall can now do<a
|
|
|
|
|
|
href="MAC_Validation.html"> MAC verification</a> on ethernet segments.
|
|
|
|
|
|
You can specify the set of allowed MAC addresses on the segment and
|
|
|
|
|
|
you can optionally tie each MAC address to one or more IP addresses.</li>
|
|
|
|
|
|
<li>PPTP Servers and Clients running on the
|
|
|
|
|
|
firewall system may now be defined in the<a href="PPTP.htm"> /etc/shorewall/tunnels</a>
|
|
|
|
|
|
file.</li>
|
|
|
|
|
|
<li>A new 'ipsecnat' tunnel type is supported
|
|
|
|
|
|
for use when the <a href="IPSEC.htm">remote IPSEC endpoint
|
|
|
|
|
|
is behind a NAT gateway</a>.</li>
|
|
|
|
|
|
<li>The PATH used by Shorewall may now be specified
|
|
|
|
|
|
in <a href="Documentation.htm#Conf">/etc/shorewall/shorewall.conf.</a></li>
|
|
|
|
|
|
<li>The main firewall script is now /usr/lib/shorewall/firewall.
|
|
|
|
|
|
The script in /etc/init.d/shorewall is very small and uses /sbin/shorewall
|
|
|
|
|
|
to do the real work. This change makes custom distributions such
|
|
|
|
|
|
as for Debian and for Gentoo easier to manage since it is /etc/init.d/shorewall
|
|
|
|
|
|
that tends to have distribution-dependent code.</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 22:34:47 +01:00
|
|
|
|
</ul>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
You may download the Beta from:<br>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
<ul>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
<li><a
|
2002-11-09 19:06:34 +01:00
|
|
|
|
href="http://www.shorewall.net/pub/shorewall/Beta">http://www.shorewall.net/pub/shorewall/Beta</a></li>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
<li><a
|
2002-11-09 19:06:34 +01:00
|
|
|
|
href="ftp://ftp.shorewall.net/pub/shorewall/Beta" target="_top">ftp://ftp.shorewall.net/pub/shorewall/Beta</a><br>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 22:34:47 +01:00
|
|
|
|
</ul>
|
|
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 22:34:47 +01:00
|
|
|
|
<p><b>10/10/2002 - <20>Debian 1.3.9b Packages Available<6C></b><b>
|
|
|
|
|
|
</b><br>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
</p>
|
|
|
|
|
|
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
<p>Apt-get sources listed at <a
|
|
|
|
|
|
href="http://security.dsi.unimi.it/%7Elorenzo/debian.html">http://security.dsi.unimi.it/~lorenzo/debian.html.</a></p>
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
<p><b>10/9/2002 - Shorewall 1.3.9b<EFBFBD></b><b><img border="0"
|
|
|
|
|
|
src="images/new10.gif" width="28" height="12" alt="(New)">
|
2002-11-24 21:08:19 +01:00
|
|
|
|
</b></p>
|
|
|
|
|
|
This release rolls up fixes to the installer
|
|
|
|
|
|
and to the firewall script.<br>
|
|
|
|
|
|
<b><br>
|
|
|
|
|
|
10/6/2002 - Shorewall.net now running on RH8.0
|
|
|
|
|
|
</b><b><img border="0" src="images/new10.gif" width="28"
|
|
|
|
|
|
height="12" alt="(New)">
|
|
|
|
|
|
</b><br>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
The firewall and server here at shorewall.net
|
|
|
|
|
|
are now running RedHat release 8.0.<br>
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 22:34:47 +01:00
|
|
|
|
<p><b>9/30/2002 - Shorewall 1.3.9a</b><b>
|
|
|
|
|
|
</b></p>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
Roles up the fix for broken tunnels.<br>
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 22:34:47 +01:00
|
|
|
|
<p><b>9/30/2002 - TUNNELS Broken in 1.3.9!!!</b><b>
|
|
|
|
|
|
</b></p>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
<img src="images/j0233056.gif"
|
2002-11-09 19:06:34 +01:00
|
|
|
|
alt="Brown Paper Bag" width="50" height="86" align="left">
|
2002-11-24 21:08:19 +01:00
|
|
|
|
There is an updated firewall script at
|
|
|
|
|
|
<a
|
2002-11-09 19:06:34 +01:00
|
|
|
|
href="ftp://www.shorewall.net/pub/shorewall/errata/1.3.9/firewall"
|
2002-11-09 22:34:47 +01:00
|
|
|
|
target="_top">ftp://www.shorewall.net/pub/shorewall/errata/1.3.9/firewall</a>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
-- copy that file to /usr/lib/shorewall/firewall.<br>
|
|
|
|
|
|
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
<p><b><br>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
</b></p>
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
<p><b><br>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
</b></p>
|
|
|
|
|
|
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
<p><b><br>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
9/28/2002 - Shorewall 1.3.9<EFBFBD></b><b>
|
|
|
|
|
|
</b></p>
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
<p>In this version:<br>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
</p>
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
<ul>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
<li><a
|
2002-11-09 22:34:47 +01:00
|
|
|
|
href="configuration_file_basics.htm#dnsnames">DNS Names</a> are now
|
2002-11-24 21:08:19 +01:00
|
|
|
|
allowed in Shorewall config files (although I recommend against
|
|
|
|
|
|
using them).</li>
|
|
|
|
|
|
<li>The connection SOURCE
|
|
|
|
|
|
may now be qualified by both interface and IP address in
|
|
|
|
|
|
a <a href="Documentation.htm#Rules">Shorewall rule</a>.</li>
|
|
|
|
|
|
<li>Shorewall startup is
|
|
|
|
|
|
now disabled after initial installation until the file
|
|
|
|
|
|
/etc/shorewall/startup_disabled is removed. This avoids nasty
|
|
|
|
|
|
surprises at reboot for users who install Shorewall but don't
|
|
|
|
|
|
configure it.</li>
|
|
|
|
|
|
<li>The 'functions' and 'version'
|
|
|
|
|
|
files and the 'firewall' symbolic link have been moved
|
|
|
|
|
|
from /var/lib/shorewall to /usr/lib/shorewall to appease
|
|
|
|
|
|
the LFS police at Debian.<br>
|
|
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
</ul>
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-08-13 22:45:21 +02:00
|
|
|
|
<p><a href="News.htm">More News</a></p>
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-08-13 22:45:21 +02:00
|
|
|
|
<h2><a name="Donations"></a>Donations</h2>
|
2002-11-09 19:06:34 +01:00
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
</td>
|
|
|
|
|
|
<td
|
|
|
|
|
|
width="88" bgcolor="#4b017c" valign="top" align="center"> <a
|
2002-09-29 23:42:38 +02:00
|
|
|
|
href="http://sourceforge.net">M</a></td>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
</tr>
|
|
|
|
|
|
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
</tbody>
|
2002-09-16 19:13:10 +02:00
|
|
|
|
</table>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
</center>
|
|
|
|
|
|
</div>
|
2002-11-09 19:06:34 +01:00
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
2002-09-16 19:13:10 +02:00
|
|
|
|
<table border="0" cellpadding="5" cellspacing="0"
|
|
|
|
|
|
style="border-collapse: collapse;" width="100%" id="AutoNumber2"
|
|
|
|
|
|
bgcolor="#4b017c">
|
2002-11-24 21:08:19 +01:00
|
|
|
|
<tbody>
|
|
|
|
|
|
<tr>
|
|
|
|
|
|
<td
|
|
|
|
|
|
width="100%" style="margin-top: 1px;">
|
2002-11-09 19:06:34 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-09-16 19:13:10 +02:00
|
|
|
|
<p align="center"><a href="http://www.starlight.org"> <img
|
|
|
|
|
|
border="4" src="images/newlog.gif" width="57" height="100" align="left"
|
|
|
|
|
|
hspace="10">
|
2002-11-24 21:08:19 +01:00
|
|
|
|
<20> </a></p>
|
2002-11-09 19:06:34 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-09-29 23:42:38 +02:00
|
|
|
|
|
2002-11-09 19:06:34 +01:00
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-09 22:34:47 +01:00
|
|
|
|
<p align="center"><font size="4" color="#ffffff">Shorewall is free but
|
|
|
|
|
|
if you try it and find it useful, please consider making a donation
|
2002-11-24 21:08:19 +01:00
|
|
|
|
to <a href="http://www.starlight.org"><font
|
2002-09-29 23:42:38 +02:00
|
|
|
|
color="#ffffff">Starlight Children's Foundation.</font></a> Thanks!</font></p>
|
2002-11-24 21:08:19 +01:00
|
|
|
|
</td>
|
|
|
|
|
|
</tr>
|
2002-11-09 19:06:34 +01:00
|
|
|
|
|
|
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
</tbody>
|
2002-09-16 19:13:10 +02:00
|
|
|
|
</table>
|
2002-11-09 19:06:34 +01:00
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
|
|
|
|
|
|
<p><font size="2">Updated 11/24/2002 - <a href="support.htm">Tom Eastep</a></font>
|
2002-11-09 22:34:47 +01:00
|
|
|
|
|
2002-11-24 21:08:19 +01:00
|
|
|
|
<br>
|
|
|
|
|
|
</p>
|
|
|
|
|
|
<br>
|
|
|
|
|
|
<br>
|
2002-11-09 22:34:47 +01:00
|
|
|
|
<br>
|
2002-09-16 19:13:10 +02:00
|
|
|
|
</body>
|
|
|
|
|
|
</html>
|
