2006-07-18 15:28:56 +02:00
|
|
|
Shorewall 3.3.0
|
2005-11-27 21:59:47 +01:00
|
|
|
|
2006-01-07 18:33:10 +01:00
|
|
|
Note to users upgrading from Shorewall 2.x or 3.0
|
2005-12-01 18:58:24 +01:00
|
|
|
|
|
|
|
|
Most problems associated with upgrades come from two causes:
|
|
|
|
|
|
|
|
|
|
- The user didn't read and follow the migration considerations in these
|
|
|
|
|
release notes.
|
|
|
|
|
|
|
|
|
|
- The user mis-handled the /etc/shorewall/shorewall.conf file during
|
|
|
|
|
upgrade. Shorewall is designed to allow the default behavior of
|
|
|
|
|
the product to evolve over time. To make this possible, the design
|
|
|
|
|
assumes that you will not replace your current shorewall.conf file
|
|
|
|
|
during upgrades. If you feel absolutely compelled to have the latest
|
|
|
|
|
comments and options in your shorewall.conf then you must proceed
|
|
|
|
|
carefully.
|
|
|
|
|
|
2005-12-10 00:49:54 +01:00
|
|
|
While you are at it, if you have a file named /etc/shorewall/rfc1918 then
|
|
|
|
|
please check that file. If it has addresses listed that are NOT in one of
|
2006-01-26 00:58:12 +01:00
|
|
|
these three ranges, then please rename the file to
|
|
|
|
|
/etc/shorewall/rfc1918.old.
|
2005-12-10 00:49:54 +01:00
|
|
|
|
|
|
|
|
10.0.0.0 - 10.255.255.255
|
|
|
|
|
172.16.0.0 - 172.31.255.255
|
|
|
|
|
192.168.0.0 - 192.168.255.255
|
|
|
|
|
|
2006-05-20 17:24:06 +02:00
|
|
|
If you have a file named /etc/shorewall/modules, please remove
|
|
|
|
|
it. The default modules file is now located in /usr/share/shorewall/
|
|
|
|
|
(see the "Migration Considerations" below).
|
|
|
|
|
|
2005-12-07 17:35:28 +01:00
|
|
|
Please see the "Migration Considerations" below for additional upgrade
|
|
|
|
|
information.
|
|
|
|
|
|
2006-07-18 15:28:56 +02:00
|
|
|
Problems Corrected in 3.3.0
|
2006-06-28 17:22:01 +02:00
|
|
|
|
2006-07-21 19:58:14 +02:00
|
|
|
None.
|
2006-07-19 15:09:51 +02:00
|
|
|
|
2006-07-18 15:28:56 +02:00
|
|
|
Other changes in 3.3.0
|
2006-01-26 00:58:12 +01:00
|
|
|
|
2006-07-18 15:28:56 +02:00
|
|
|
1) Support for dynamic zones (DYNAMIC_ZONES=Yes in shorewall.conf and
|
|
|
|
|
the /sbin/shorewall "add" and "delete" commands) has been
|
|
|
|
|
removed. Please use ipsets to implement dynamic zones as described
|
|
|
|
|
in http://www.shorewall.net/DynamicZones.html.
|
2006-02-02 00:43:12 +01:00
|
|
|
|
2006-08-09 22:27:43 +02:00
|
|
|
2) The 'try' command has been re-implemented. The command now does the
|
|
|
|
|
following:
|
|
|
|
|
|
|
|
|
|
- shorewall save
|
|
|
|
|
- shorewall restart <specified directory>
|
|
|
|
|
- if the restart is not successful, the configuration is
|
|
|
|
|
automatically restored
|
|
|
|
|
- otherwise, if a timeout is given then
|
|
|
|
|
- sleep for the number of seconds specified and
|
|
|
|
|
- shorewall restore
|
|
|
|
|
|
2006-07-17 01:06:18 +02:00
|
|
|
Migration Considerations:
|
2006-02-02 00:43:12 +01:00
|
|
|
|
2006-07-18 15:28:56 +02:00
|
|
|
1) Support for dynamic zones (DYNAMIC_ZONES=Yes in shorewall.conf and
|
|
|
|
|
the /sbin/shorewall "add" and "delete" commands) has been
|
|
|
|
|
removed. Please use ipsets to implement dynamic zones as described
|
|
|
|
|
in http://www.shorewall.net/DynamicZones.html.
|
2006-07-17 01:06:18 +02:00
|
|
|
|
|
|
|
|
New Features:
|
|
|
|
|
|
2006-07-18 15:28:56 +02:00
|
|
|
None.
|
