Shorewall 2.0.2d

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1373 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-05-28 17:24:32 +00:00 · 2004-05-28 17:24:32 +00:00 · 03153243eb
commit 03153243eb
parent 1baf2f468f
4 changed files with 294 additions and 219 deletions
--- a/Shorewall-Website/Shorewall_index_frame.htm
+++ b/Shorewall-Website/Shorewall_index_frame.htm
@ -38,7 +38,7 @@ Repository</a></li>
  <li> <a href="quotes.htm">Quotes from Users</a></li>
  <li><a href="useful_links.html">Useful Links</a></li>
  <li> <a href="shoreline.htm">About the Author</a></li>
-  <li> <a href="seattlefirewall_index.htm#Donations">Donations</a></li>
+  <li> <a href="shorewall_index.htm#Donations">Donations</a></li>
 </ul>
 <p><a href="copyright.htm"><font size="2">Copyright © 2001-2004 Thomas
 M. Eastep.</font></a><br>
--- a/Shorewall-Website/Shorewall_sfindex_frame.htm
+++ b/Shorewall-Website/Shorewall_sfindex_frame.htm
@ -18,49 +18,38 @@
    <tr>
      <td width="100%" bgcolor="#ffffff">
      <ul>
-        <li> <a href="seattlefirewall_index.htm">Home</a></li>
+        <li style="font-weight: bold;"><a href="index.htm" target="_top">Home</a></li>
-        <li> <a href="shorewall_features.htm">Features</a></li>
+        <li style="font-weight: bold;"><a href="download.htm">Download</a></li>
-        <li><a href="Shorewall_Doesnt.html">What it Cannot Do</a><br>
+        <li><a href="Install.htm"><span style="font-weight: bold;">Installation</span></a>
        </li>
-        <li> <a href="shorewall_prerequisites.htm">Requirements</a></li>
+        <li><b><a href="Documentation_Index.html">Documentation</a></b></li>
-        <li> <a href="download.htm">Download</a><br>
+        <li><a href="FAQ.htm"><span style="font-weight: bold;">FAQ</span>s</a>&nbsp;
-        </li>
+(<a href="http://wiki.rettc.com/wiki.phtml?title=Wiki_Shorewall_FAQ"
        <li> <a href="Install.htm">Installation/Upgrade/</a><br>
          <a href="Install.htm">Configuration</a><br>
        </li>
        <li> <a href="shorewall_quickstart_guide.htm">QuickStart
 Guides (HOWTOs)</a><br>
        </li>
        <li> <b><a href="Documentation_Index.html">Documentation</a></b></li>
        <li> <a href="FAQ.htm">FAQs</a>&nbsp; (<a
 href="http://wiki.rettc.com/wiki.phtml?title=Wiki_Shorewall_FAQ"
 target="_top">Wiki</a>)</li>
-        <li><a href="useful_links.html">Useful Links</a><br>
+        <li><a href="troubleshoot.htm"><span style="font-weight: bold;">Troubleshooting</span></a></li>
-        </li>
+        <li><a href="support.htm"><span style="font-weight: bold;">Support</span></a></li>
-        <li> <a href="troubleshoot.htm"><span
+      </ul>
- style="font-weight: bold;">Troubleshooting - </span>Things to try if
+      <ul>
-it doesn't
+        <li> <a href="shorewall_features.htm">Features</a></li>
-work</a></li>
+        <li><a href="Shorewall_Doesnt.html">What it
-        <li> <a href="errata.htm">Errata</a></li>
+Cannot Do</a> </li>
-        <li> <a href="upgrade_issues.htm">Upgrade Issues</a></li>
+        <li> <a href="shorewall_prerequisites.htm">Requirements</a></li>
-        <li> <a href="support.htm"><span style="font-weight: bold;">Support
+        <li><a href="http://lists.shorewall.net">Mailing
- </span>Getting help or Answers to Questions</a></li>
+Lists</a><a href="http://lists.shorewall.net"> </a> </li>
-        <li><a href="http://lists.shorewall.net">Mailing Lists</a><a
+        <li><a href="upgrade_issues.htm">Upgrade
- href="http://lists.shorewall.net"> </a><br>
+Issues</a></li>
-        </li>
+        <li><a href="errata.htm">Errata</a></li>
-        <li><a href="shorewall_mirrors.htm">Mirrors</a>
+        <li><a href="shorewall_mirrors.htm">Mirrors</a> </li>
          <ul>
          </ul>
        </li>
        <li> <a href="News.htm">News Archive</a></li>
        <li> <a
 href="http://cvs.shorewall.net/Shorewall_CVS_Access.html">CVS
 Repository</a></li>
        <li> <a href="quotes.htm">Quotes from Users</a></li>
-        <ul>
+        <li><a href="useful_links.html">Useful Links</a></li>
        </ul>
        <li> <a href="shoreline.htm">About the Author</a></li>
-        <li> <a href="seattlefirewall_index.htm#Donations">Donations</a></li>
+        <li> <a href="shorewall_index.htm#Donations">Donations</a></li>
      </ul>
      <ul>
      </ul>
      </td>
    </tr>
@ -71,9 +60,10 @@ Repository</a></li>
 </p>
 <h1 align="center"><b><a href="http://www.sf.net"><img align="left"
 alt="SourceForge Logo"
- src="http://sourceforge.net/sflogo.php?group_id=22587&amp;type=3"></a></b></h1>
+ src="http://sourceforge.net/sflogo.php?group_id=22587&amp;type=1" title=""
 style="border: 0px solid ; width: 88px; height: 31px;"></a></b></h1>
 <br>
-<b><b>This site is hosted by the generous folks at <a
+This site is hosted by the generous folks at <a
- href="http://www.sf.net">SourceForge.net</a></b></b>
+ href="http://www.sf.net">SourceForge.net</a>
 </body>
 </html>
--- a/Shorewall-Website/download.htm
+++ b/Shorewall-Website/download.htm
@ -22,7 +22,7 @@ Texts. A copy of the license is included in the section entitled “<span
 class="quote"><a href="GnuCopyright.htm" target="_self">GNU Free
 Documentation License</a></span>”.<br>
 </p>
-<p>2004-04-05<br>
+<p>2004-05-18<br>
 </p>
 <hr style="width: 100%; height: 2px;">
 <p><b>I strongly urge you to read and print a copy of the <a
@ -200,15 +200,11 @@ repository at cvs.shorewall.net</a> contains the latest snapshots of
 the each Shorewall component. There's no guarantee that what you find
 there will work at all.<br>
  </p>
-</blockquote>
+  <p align="left">The CVS repository also can be used to retreive the
-<p align="left"><b>Shapshots:<br>
+latest released versions. <a
-</b></p>
+ href="http://shorewall.net/pub/shorewall/contrib/makelrp.sh">Here is a
-<blockquote>
+shell script</a> that allows you to create a .lrp file from the current
-  <p align="left">Periodic snapshots from CVS may be found at <a
+contents of the CVS Lrp2/ project.<br>
 href="http://shorewall.net/pub/shorewall/Snapshots/">http://shorewall.net/pub/shorewall/Snapshots</a>
 (<a href="ftp://shorewall.net/pub/shorewall/Snapshots/" target="_top">FTP</a>).
 These snapshots have undergone initial testing and will have been
 installed and run at shorewall.net.<br>
  </p>
 </blockquote>
 </body>
--- a/Shorewall-Website/shorewall_index.htm
+++ b/Shorewall-Website/shorewall_index.htm
@ -8,44 +8,77 @@
 </head>
 <body>
 <div>
-<table border="0" cellpadding="0" cellspacing="0" id="AutoNumber4"
+<h1>Shorewall 2.0</h1>
- style="border-collapse: collapse; width: 100%; height: 100%;">
+<span style="font-weight: bold;">Tom Eastep</span><br>
-  <tbody>
+<br>
-    <tr>
+The information on this site
      <td width="90%">
      <h2>Introduction to Shorewall</h2>
      <h3>This is the Shorewall 2.0 Web Site</h3>
      <div style="margin-left: 40px;">The information on this site
 applies only to 2.0.x releases of
 Shorewall. For older versions:<br>
-      </div>
+<ul>
-      <ul>
+  <li>The 1.4 site is <a href="http://www.shorewall.net/1.4"
        <ul>
          <li>The 1.4 site is <a href="http://www.shorewall.net/1.4"
 target="_top">here.<br>
-            </a></li>
+    </a></li>
-          <li>The 1.3 site is <a href="http://www.shorewall.net/1.3"
+  <li>The 1.3 site is <a href="http://www.shorewall.net/1.3"
 target="_top">here.</a></li>
-          <li>The 1.2 site is <a href="http://shorewall.net/1.2/"
+  <li>The 1.2 site is <a href="http://shorewall.net/1.2/" target="_top">here</a>.</li>
- target="_top">here</a>.</li>
+</ul>
-        </ul>
+Copyright © 2001-2004 Thomas M. Eastep<br>
-      </ul>
+<div>
-      <h3>Glossary</h3>
+<div class="legalnotice">
-      <ul>
+<p>Permission is granted to copy, distribute and/or modify this
-        <li><a href="http://www.netfilter.org" target="_top">Netfilter</a>
+document under the terms of the GNU Free Documentation License, Version
 1.2 or any later version published by the Free Software Foundation;
 with no Invariant Sections, with no Front-Cover, and with no Back-Cover
 Texts. A copy of the license is included in the section entitled “<span
 class="quote"><a
 href="file:///vfat/Ursa/Shorewall/Shorewall-Website/GnuCopyright.htm"
 target="_self">GNU Free
 Documentation License</a></span>”.</p>
 </div>
 </div>
 <div>
 <p class="pubdate">2004-05-28<br>
 </p>
 <hr style="width: 100%; height: 2px;"></div>
 <h3>Table of Contents</h3>
 <div style="margin-left: 40px;"><a href="#Intro">Introduction to
 Shorewall</a><br>
 <div style="margin-left: 40px;"><a href="#Glossary">Glossary</a><br>
 <a href="#WhatIs">What is Shorewall?</a><br>
 <a href="#GettingStarted">Getting Started with Shorewall</a><br>
 <a href="#Info">Looking for Information?</a><br>
 <a href="#Mandrake">Running Shorewall on Mandrake® with a
 two-interface setup?</a><br>
 <a href="#License">License</a><br>
 </div>
 <a href="#News">News</a><br>
 <div style="margin-left: 40px;"><a href="#2_0_2d">Shorewall 2.0.2d</a><br>
 <a href="#2_0_2c">Shorewall 2.0.2c</a><br>
 <a href="#2_0_2b">Shorewall 2.0.2b</a><br>
 <a href="#2_0_2a">Shorewall 2.0.2a</a><br>
 <a href="#2_0_2">Shorewall 2.0.2</a><br>
 <a href="#LinuxFest">Presentation at LinuxFest NW</a><br>
 </div>
 <a href="#Leaf">Leaf</a><br>
 <a href="#Donations">Donations</a><br>
 </div>
 <h2><a name="Intro"></a>Introduction to Shorewall</h2>
 <h3><a name="Glossary"></a>Glossary</h3>
 <ul>
  <li><a href="http://www.netfilter.org" target="_top">Netfilter</a>
 - the
 packet filter facility built into the 2.4 and later Linux kernels.</li>
-        <li>ipchains - the packet filter facility built into the 2.2
+  <li>ipchains - the packet filter facility built into the 2.2
 Linux kernels. Also the name of the utility program used to configure
 and control that facility. Netfilter can be used in ipchains
 compatibility mode.</li>
-        <li>iptables - the utility program used to configure and
+  <li>iptables - the utility program used to configure and
 control Netfilter. The term 'iptables' is often used to refer to the
 combination of iptables+Netfilter (with Netfilter not in ipchains
 compatibility mode).</li>
-      </ul>
+</ul>
-      <h3>What is Shorewall?</h3>
+<h3><a name="WhatIs"></a>What is Shorewall?</h3>
-      <div style="margin-left: 40px;">The Shoreline Firewall, more
+<div style="margin-left: 40px;">The Shoreline Firewall, more
 commonly known as "Shorewall", is
 a high-level tool for configuring Netfilter. You describe your
 firewall/gateway requirements using entries in a set of configuration
@ -59,223 +92,273 @@ and can thus take advantage of Netfilter's <a
 target="_top">connection
 state tracking
 capabilities</a>.<br>
-      <br>
+<br>
 Shorewall is <span style="text-decoration: underline;">not</span> a
 daemon. Once Shorewall has configured Netfilter, it's job is complete.
 After that, there is no Shorewall code running although the <a
 href="starting_and_stopping_shorewall.htm">/sbin/shorewall
 program can be used at any time to monitor the Netfilter firewall</a>.<br>
-      </div>
+</div>
-      <h3>Getting Started with Shorewall</h3>
+<h3><a name="GettingStarted"></a>Getting Started with Shorewall</h3>
-      <div style="margin-left: 40px;">New to Shorewall? Start by
+<div style="margin-left: 40px;">New to Shorewall? Start by
 selecting the <a href="shorewall_quickstart_guide.htm">QuickStart Guide</a>
 that most
-closely match your environment and follow the step by step instructions.<br>
+closely matches your environment and follow the step by step
-      </div>
+instructions.<br>
-      <h3>Looking for Information?</h3>
+</div>
-      <div style="margin-left: 40px;">The <a
+<h3><a name="Info"></a>Looking for Information?</h3>
- href="Documentation_Index.html">Documentation
+<div style="margin-left: 40px;">The <a href="Documentation_Index.html">Documentation
 Index</a> is a good place to start as is the Quick Search in the frame
 above. </div>
-      <h3>Running Shorewall on Mandrake® with a two-interface setup?</h3>
+<h3><a name="Mandrake"></a>Running Shorewall on Mandrake® with a
-      <div style="margin-left: 40px;">If so, the documentation on this
+two-interface setup?</h3>
 <div style="margin-left: 40px;">If so, the documentation on this
 site will not apply directly
 to your setup. If you want to use the documentation that you find here,
 you will want to consider uninstalling what you have and installing a
 setup that matches the documentation on this site. See the <a
 href="two-interface.htm">Two-interface QuickStart Guide</a> for
 details.<br>
-      <br>
+<br>
-      <span style="font-weight: bold;">Update: </span>I've been
+<span style="font-weight: bold;">Update: </span>I've been
 informed by Mandrake Development that this problem has been corrected
 in Mandrake 10.0 Final (the problem still exists in the 10.0 Community
 release).<br>
-      </div>
+</div>
-      <h3>License</h3>
+<h3><a name="License"></a>License</h3>
-      <div style="margin-left: 40px;">This program is free software;
+<div style="margin-left: 40px;">This program is free software;
 you can redistribute it and/or modify it
 under the terms of <a href="http://www.gnu.org/licenses/gpl.html">Version
 2 of the GNU General Public License</a> as published by the Free
 Software Foundation.<br>
-      </div>
+</div>
-      <p style="margin-left: 40px;">This program is distributed in the
+<p style="margin-left: 40px;">This program is distributed in the
 hope that it will be
 useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 General Public License for more detail.</p>
-      <div style="margin-left: 40px;"> </div>
+<div style="margin-left: 40px;"> </div>
-      <p style="margin-left: 40px;">You should have received a copy of
+<p style="margin-left: 40px;">You should have received a copy of
 the GNU General Public
 License along with this program; if not, write to the Free Software
 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA</p>
-      <div style="margin-left: 40px;">Permission is granted to copy,
+<div style="margin-left: 40px;">Permission is granted to copy,
 distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.2 or
 any later version published by the Free Software Foundation; with no
 Invariant Sections, with no Front-Cover, and with no Back-Cover Texts.
 A copy of the license is included in the section entitled <a>"GNU Free
 Documentation License"</a>. </div>
-      <p>Copyright © 2001-2004 Thomas M. Eastep </p>
+<p> </p>
-      <hr style="width: 100%; height: 2px;">
+<hr style="width: 100%; height: 2px;">
-      <h2>News</h2>
+<h2><a name="News"></a>News</h2>
-      <p><b>5/13/2004 - Shorewall 2.0.2</b><b> </b><b> <img
+<p><b><a name="2_0_2d"></a>5/28/2004 - Shorewall 2.0.2d<br>
- alt="(New)" src="images/new10.gif"
+</b><br>
- style="border: 0px solid ; width: 28px; height: 12px;" title=""></b></p>
+One problem corrected:<br>
-      <p>Problems Corrected since 2.0.1<br>
+</p>
-      </p>
+<ol>
-      <ol>
+  <li>Shorewall was checking capabilities before loading kernel
-        <li>The /etc/init.d/shorewall script installed on Debian by
+modules. Consequently, if kernel module autoloading was disabled, the
 capabilities were mis-detected.<br>
  </li>
 </ol>
 <p><b><a name="2_0_2c"></a>5/21/2004 - Shorewall 2.0.2c</b></p>
 One problem corrected:<br>
 <ol>
  <li>&nbsp;DNAT rules with a dynamic source zone don't work
 properly. When used, these rules cause the rule to be checked against
 ALL input,&nbsp; not just input from the designated zone.<br>
  </li>
 </ol>
 <p><b><a name="2_0_2b"></a>5/18/2004 - Shorewall 2.0.2b</b><b>&nbsp;</b></p>
 <p>Corrects two problems:</p>
 <ol>
  <li>Specifying a null common action in /etc/shorewall/actions
 (e.g., :REJECT) results in a startup error.<br>
    <br>
  </li>
  <li>If /var/lib/shorewall does not exist, shorewall start fails.<br>
  </li>
 </ol>
 <p><b><a name="2_0_2a"></a>5/15/2004 - Shorewall 2.0.2a</b><b> </b><br>
 </p>
 <p>Corrects two problems:<br>
 </p>
 <ol>
  <li>Temporary restore files were not being removed from
 /var/lib/shorewall. These files have names of the form
 'restore-nnnnn'.&nbsp;
 You can remove files that have accumulated with the command: <br>
    <br>
 &nbsp;&nbsp;&nbsp;&nbsp;rm -f /var/lib/shorewall/restore-[0-9]* <br>
    <br>
  </li>
  <li>The restore script did not load kernel modules. The result
 was that after a cold load, applications like FTP and IRC DCC didn't
 work. <br>
    <br>
 To correct: <br>
    <br>
 &nbsp;&nbsp;&nbsp;&nbsp;1) Install 2.0.2a <br>
 &nbsp;&nbsp;&nbsp;&nbsp;2) "shorewall restart" <br>
 &nbsp;&nbsp;&nbsp;&nbsp;3) "shorewall save" </li>
 </ol>
 <p><b><a name="2_0_2"></a>5/13/2004 - Shorewall 2.0.2</b><b>&nbsp;</b></p>
 <p>Problems Corrected since 2.0.1<br>
 </p>
 <ol>
  <li>The /etc/init.d/shorewall script installed on Debian by
 install.sh failed silently due to a missing file
 (/usr/share/shorewall/wait4ifup). That file is not part of the normal
 Shorewall distribution and is provided by the Debian maintainer.</li>
-        <li>A meaningless warning message out of the proxyarp file
+  <li>A meaningless warning message out of the proxyarp file
 processing has been eliminated.</li>
-        <li>The "shorewall delete" command now correctly removes all
+  <li>The "shorewall delete" command now correctly removes all
 dynamic rules pertaining to the host(s) being deleted. Thanks to Stefan
 Engel for this correction.</li>
-      </ol>
+</ol>
-Issues when migrating from Shorewall 2.0.0 to Shorewall 2.0.1:<br>
+Issues when migrating from Shorewall 2.0.1 to Shorewall 2.0.2:<br>
-      <ol>
+<ol>
-        <li>Extension Scripts -- In order for extension scripts to work
+  <li>Extension Scripts -- In order for extension scripts to work
 properly with the new iptables-save/restore integration (see New
 Feature 1 below), some change may be required to your extension
 scripts. If your extension scripts are executing commands other than
 iptables then those commands must also be written to the restore file
 (a temporary file in /var/lib/shorewall that is renamed
 /var/lib/shorewall/restore-base at the end of the operation).<br>
-          <br>
+    <br>
 The following functions should be of help:<br>
-          <br>
+    <br>
 A. save_command() -- saves the passed command to the restore file.<br>
-          <br>
+    <br>
 &nbsp;&nbsp;&nbsp; Example:<br>
-          <br>
+    <br>
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; save_command echo Operation
 Complete<br>
-          <br>
+    <br>
 &nbsp;&nbsp; That command would simply write "echo Operation Complete"
 to the restore file.<br>
-          <br>
+    <br>
 B. run_and_save_command() -- saves the passed command to the restore
 file then executes it. The return value is the exit status of the
 command.<br>
-          <br>
+    <br>
 &nbsp; &nbsp; Example:<br>
-          <br>
+    <br>
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; run_and_save_command "echo 1 &gt;
 /proc/sys/net/ipv4/icmp_echo_ignore_all"<br>
-          <br>
+    <br>
 &nbsp;&nbsp;&nbsp; Note that as in this example, when the command
 involves file redirection then the entire command must be enclosed in
 quotes. This applies to all of the functions described here.<br>
-          <br>
+    <br>
 C. ensure_and_save_command() -- runs the passed command. If the command
 fails, the firewall is restored to it's prior saved state and the
 operation is terminated. If the command succeeds, the command is
 written to the restore file.<br>
-          <br>
+    <br>
-        </li>
+  </li>
-        <li>Dynamic Zone support -- If you don't need to use the
+  <li>Dynamic Zone support -- If you don't need to use the
 "shorewall add" and "shorewall delete commands, you should set
 DYNAMIC_ZONES=No in /etc/shorewall/shorewall.conf.</li>
-      </ol>
+</ol>
 New Features:<br>
-      <ol>
+<ol>
-        <li>Shorewall has now been integrated with
+  <li>Shorewall has now been integrated with
 iptables-save/iptables-restore to provide very fast start and restart.
 The elements of this integration are as follows:<br>
-          <br>
+    <br>
 a) The 'shorewall save' command now saves the current configuration in
 addition to the current dynamic blacklist. If you have dynamic zones,
 you will want to issue 'shorewall save' when the zones are empty or the
 current contents of the zones will be restored by the 'shorewall
 restore' and 'shorewall -f start' commands.<br>
-          <br>
+    <br>
 b) The 'shorewall restore' command has been added. This command
 restores the configuration at the time of the last 'save'.<br>
-          <br>
+    <br>
 c) The -f (fast) option has been added to 'shorewall start'. When
 specified (e.g. 'shorewall -f start'), shorewall will perform a
 'shorewall restore' if there is a saved configuration. If there is no
 saved configuration, a normal 'shorewall start' is performed.<br>
-          <br>
+    <br>
 d) The /etc/init.d/shorewall script now translates the 'start' command
 into 'shorewall -f start' so that fast restart is possible.<br>
-          <br>
+    <br>
 e) When a state-changing command encounters an error and there is
 current saved configuration, that configuration will be restored
 (currently, the firewall is placed in the 'stopped' state).<br>
-          <br>
+    <br>
 f) If you have previously saved the running configuration and want
 Shorewall to discard it, use the 'shorewall forget' command. WARNING:
 iptables 1.2.9 is broken with respect to iptables-save; if your kernel
 has connection tracking match support, you must patch iptables 1.2.9
 with the iptables patch availale from the Shorewall errata page.<br>
-          <br>
+    <br>
-        </li>
+  </li>
-        <li>The previous implementation of dynamic zones was difficult
+  <li>The previous implementation of dynamic zones was difficult
 to maintain. I have changed the code to make dynamic zones optional
 under the control of the DYNAMIC_ZONES option in
 /etc/shorewall/shorewall.conf.<br>
-          <br>
+    <br>
-        </li>
+  </li>
-        <li>In earlier Shorewall 2.0 releases, Shorewall searches in
+  <li>In earlier Shorewall 2.0 releases, Shorewall searches in
 order the following directories for configuration files.<br>
-          <br>
+    <br>
 a) The directory specified in a 'try' command or specified using the -c
 option.<br>
 b) /etc/shorewall<br>
 c) /usr/share/shorewall<br>
-          <br>
+    <br>
 In this release, the CONFIG_PATH option is added to shorewall.conf.
 CONFIG_PATH contains a list of directory names separated by colons
 (":"). If not set or set to a null value (e.g., CONFIG_PATH="") then
 "CONFIG_PATH=/etc/shorewall:/usr/share/shorewall" is assumed. Now
 Shorewall searches for shorewall.conf according to the old rules and
 for other configuration files as follows:<br>
-          <br>
+    <br>
 a) The directory specified in a 'try' command or specified using the -c
 option.<br>
 b) Each directory in $CONFIG_PATH is searched in sequence.<br>
-          <br>
+    <br>
 In case it is not obvious, your CONFIG_PATH should include
 /usr/share/shorewall and your shorewall.conf file must be in the
 directory specified via -c or in a try command, in /etc/shorewall or in
 /usr/share/shorewall.<br>
-          <br>
+    <br>
 For distribution packagers, the default CONFIG_PATH is set in
 /usr/share/shorewall/configpath. You can customize this file to have a
 default that differs from mine.<br>
-          <br>
+    <br>
-        </li>
+  </li>
-        <li>Previously, in /etc/shorewall/nat a Yes (or yes) in the
+  <li>Previously, in /etc/shorewall/nat a Yes (or yes) in the
 LOCAL column would only take effect if the ALL INTERFACES column also
 contained Yes or yes. Now, the LOCAL columns contents are treated
 independently of the contents of the ALL INTERFACES column.<br>
-          <br>
+    <br>
-        </li>
+  </li>
-        <li>The folks at Mandrake have created yet another kernel
+  <li>The folks at Mandrake have created yet another kernel
 module naming convention (module names end in "ko.gz"). As a
 consequence, beginning with this release, if MODULE_SUFFIX isn't
 specified in shorewall.conf, then the default value is "o gz ko o.gz
 ko.gz".<br>
-          <br>
+    <br>
-        </li>
+  </li>
-        <li>An updated bogons file is included in this release.<br>
+  <li>An updated bogons file is included in this release.<br>
-          <br>
+    <br>
-        </li>
+  </li>
-        <li>In /etc/shorewall/rules and in action files generated from
+  <li>In /etc/shorewall/rules and in action files generated from
 /usr/share/shorewall/action.template, rules that perform logging can
 specify an optional "log tag". A log tag is a string of alphanumeric
 characters and is specified by following the log level with ":" and the
 log tag.<br>
-          <br>
+    <br>
 Example:<br>
-          <br>
+    <br>
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ACCEPT:info:ftp
 net&nbsp;&nbsp;&nbsp;&nbsp; dmz&nbsp;&nbsp;&nbsp;&nbsp;
 tcp&nbsp;&nbsp;&nbsp;&nbsp; 21<br>
-          <br>
+    <br>
 The log tag is appended to the log prefix generated by the LOGPREFIX
 variable in /etc/shorewall/conf. If "ACCEPT:info" generates the log
 prefix "Shorewall:net2dmz:ACCEPT:" then "ACCEPT:info:ftp" will generate
@ -283,122 +366,128 @@ prefix "Shorewall:net2dmz:ACCEPT:" then "ACCEPT:info:ftp" will generate
 length of a log prefix supported by iptables is 29 characters; if a
 larger prefix is generated, Shorewall will issue a warning message and
 will truncate the prefix to 29 characters.<br>
-          <br>
+    <br>
-        </li>
+  </li>
-        <li>A new "-q" option has been added to /sbin/shorewall
+  <li>A new "-q" option has been added to /sbin/shorewall
 commands. It causes the start, restart, check and refresh commands to
 produce much less output so that warning messages are more visible
 (when testing this change, I discovered a bug where a bogus warning
 message was being generated).<br>
-          <br>
+    <br>
-        </li>
+  </li>
-        <li>Shorewall now uses 'modprobe' to load kernel modules if
+  <li>Shorewall now uses 'modprobe' to load kernel modules if
 that utility is available in the PATH; otherwise, 'insmod' is used.<br>
-          <br>
+    <br>
-        </li>
+  </li>
-        <li>It is now possible to restrict entries in the
+  <li>It is now possible to restrict entries in the
 /etc/shorewall/masq file to particular protocols and destination
 port(s). Two new columns (PROTO and PORT(S)) have been added to the
 file.<br>
-          <br>
+    <br>
 Example:<br>
-          <br>
+    <br>
 You want all outgoing SMTP traffic entering the firewall on eth1 to be
 sent from eth0 with source IP address 206.124.146.177. You want all
 other outgoing traffic from eth1 to be sent from eth0 with source IP
 address 206.124.146.176.<br>
-          <br>
+    <br>
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; eth0&nbsp;&nbsp;&nbsp;
 eth1&nbsp;&nbsp;&nbsp; 206.124.146.177 tcp&nbsp;&nbsp;&nbsp;&nbsp; 25<br>
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; eth0&nbsp;&nbsp;&nbsp;
 eth1&nbsp;&nbsp;&nbsp; 206.124.146.176<br>
-          <br>
+    <br>
 THE ORDER OF THE ABOVE TWO RULES IS SIGNIFICANT!!!!!<br>
-          <br>
+    <br>
 Assuming that 10.0.0.0/8 is the only host/network connected to eth1,
 the progress message at "shorewall start" would be:<br>
-          <br>
+    <br>
 &nbsp;&nbsp;&nbsp; Masqueraded Networks and Hosts:<br>
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; To 0.0.0.0/0 (tcp 25) from
 10.0.0.0/8 through eth0 using 206.124.146.177<br>
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; To 0.0.0.0/0 (all) from 10.0.0.0/8
 through eth0 using 206.124.146.176<br>
-          <br>
+    <br>
-        </li>
+  </li>
-        <li>Two new actions are available in the /etc/shorewall/rules
+  <li>Two new actions are available in the /etc/shorewall/rules
 file.<br>
-          <br>
+    <br>
 &nbsp;&nbsp;&nbsp; ACCEPT+&nbsp;&nbsp;&nbsp; -- Behaves like ACCEPT
 with the exception that it exempts matching connections from subsequent
 DNAT[-] and REDIRECT[-] rules.<br>
 &nbsp;&nbsp;&nbsp; NONAT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- Exempts
 matching connections from subsequent DNAT[-] and REDIRECT[-] rules.<br>
-          <br>
+    <br>
-        </li>
+  </li>
-        <li>A new extension script 'initdone' has been added. This
+  <li>A new extension script 'initdone' has been added. This
 script is invoked at the same point as the 'common' script was
 previously and is useful for users who mis-used that script under
 Shorewall 1.x (the script was intended for adding rules to the 'common'
 chain but many users treated it as a script for adding rules before
 Shorewall's).<br>
-          <br>
+    <br>
-        </li>
+  </li>
-        <li>Installing/Upgrading Shorewall on Slackware has been
+  <li>Installing/Upgrading Shorewall on Slackware has been
 improved. Slackware users must use the tarball and must modify settings
 in the install.sh script before running it as follows:<br>
-          <br>
+    <br>
 &nbsp;&nbsp;&nbsp; DEST="/etc/rc.d"<br>
 &nbsp;&nbsp;&nbsp; INIT="rc.firewall"<br>
-          <br>
+    <br>
 Thanks to Alex Wilms for helping with this change.<br>
-        </li>
+  </li>
-      </ol>
+</ol>
-      <p><b>4/17/2004 - Presentation at LinuxFest NW</b><b><br>
+<p><b><a name="LinuxFest"></a>4/17/2004 - Presentation at
-      </b></p>
+LinuxFest NW</b><b><br>
-      <p>Today I gave a presentation at LinuxFest NW in Bellingham. The
+</b></p>
 <p>Today I gave a presentation at LinuxFest NW in Bellingham. The
 presentation was entitled "<a
 href="http://lists.shorewall.net/Shorewall_and_the_Enterprise.htm"
 target="_blank">Shorewall
 and the Enterprise</a>" and described the history of Shorewall and gave
 an overview of its features.<br>
-      </p>
+</p>
-      <ol>
+<ol>
-      </ol>
+</ol>
-      <p><a href="News.htm">More News</a></p>
+<p><a href="News.htm">More News</a></p>
-      <hr style="width: 100%; height: 2px;">
+<hr style="width: 100%; height: 2px;">
-      <p><a href="http://leaf.sourceforge.net" target="_top"><img
+<h2><a name="Leaf"></a>Leaf<br>
 </h2>
 <p><a href="http://leaf.sourceforge.net" target="_top"><img
 alt="(Leaf Logo)"
 style="border: 0px solid ; height: 36px; width: 49px;"
 src="images/leaflogo.gif" title=""></a> LEAF is an open source project
 which provides a Firewall/router on a floppy, CD or CF. Several LEAF
-distributions including Bering and Bering-uCLib use Shorewall as their
+distributions including Bering and Bering-uClibc use Shorewall as their
 Netfilter configuration tool.<br>
-      </p>
+</p>
-      <div>
+<div>
-      <div style="text-align: center;"> </div>
+<div style="text-align: center;"> </div>
-      </div>
+</div>
-      <hr style="width: 100%; height: 2px;">
+<hr style="width: 100%; height: 2px;">
-      <h2><a name="Donations"></a>Donations<br>
+<h2><a name="Donations"></a>Donations
-      </h2>
+</h2>
-      <p style="text-align: left;"> <big><a href="http://www.alz.org"
+<p style="text-align: left;"> </p>
 <p style="text-align: left;"><big><a href="http://www.alz.org"
 target="_top"><img src="images/alz_logo2.gif" title=""
 alt="(Alzheimer's Association Logo)"
- style="border: 0px solid ; width: 300px; height: 60px;" align="left"></a>Shorewall
+ style="border: 0px solid ; width: 300px; height: 60px;" align="left"></a></big></p>
 <h2><big><a href="http://www.starlight.org" target="_top"><img
 src="images/newlog.gif" title="" alt="(Starlight Foundation Logo)"
 style="border: 0px solid ; width: 59px; height: 102px;" align="left"></a></big></h2>
 <p style="text-align: left;"><big>Shorewall
 is free but
 if you
 try it and find it useful,
 please consider making a donation to the <a href="http://www.alz.org/"
- target="_top">Alzheimer's Association</a>. Thanks!</big> </p>
+ target="_top">Alzheimer's Association</a> or to the <a
-      </td>
+ href="http://www.starlight.org" target="_top">Starlight Children's
-    </tr>
+Foundation</a>.<br>
-    <tr>
+</big></p>
-      <td style="vertical-align: top;"> <br>
+<p style="text-align: left;"><big>Thanks<br>
-      </td>
+<br>
-    </tr>
+</big></p>
-  </tbody>
+<p style="text-align: left;"><big><br>
-</table>
+</big> </p>
 </div>
 <p><font size="2">Updated 05/10/2004 - <a href="support.htm">Tom Eastep</a></font><br>
 </p>
 </body>
 </html>