diff --git a/Shorewall-lite/init.sh b/Shorewall-lite/init.sh
index aa1200f66..07e32bdf6 100755
--- a/Shorewall-lite/init.sh
+++ b/Shorewall-lite/init.sh
@@ -41,7 +41,7 @@ RCDLINKS="2,S41 3,S41 6,K41"
# description: Packet filtering firewall
### BEGIN INIT INFO
-# Provides: shorewall
+# Provides: shorewall-lite
# Required-Start: $network
# Required-Stop:
# Default-Start: 2 3 5
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 8e484b6d7..8d6fe296c 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -191,7 +191,7 @@ Migration Considerations:
If you wish to use the new file, then simply execute this command:
- cp -f /usr/share/shorewall/xmodules /etc/modules
+ cp -f /usr/share/shorewall/xmodules /etc/shorewall/modules
New Features:
diff --git a/docs/CompiledPrograms.xml b/docs/CompiledPrograms.xml
index c9b31dee7..ff9afc20c 100644
--- a/docs/CompiledPrograms.xml
+++ b/docs/CompiledPrograms.xml
@@ -195,9 +195,44 @@
The firewall systems do NOT
- have the full Shorewall product installed but rather only the
- Shorewall Lite product. Shorewall and Shorewall LIte may not be
- installed on the same system.
+ need to have the full Shorewall product installed but rather only
+ the Shorewall Lite product. Shorewall and Shorewall LIte may be
+ installed on the same system if you use RPM. Whichever package is
+ installed first will be the one invoked by /sbin/shorewall. When RPM is used,
+ /sbin/shorewall is a symbolic
+ link that points to the real shorewall script:
+
+
+
+ It points to
+ /usr/share/shorewall/shorewall is the full
+ Shorewall package is to be used.
+
+
+
+ It points to
+ /usr/share/shorewall-lite/shorewall if
+ Shorewall Lite is to be used.
+
+
+
+ You can switch between the two using the ln
+ -sf command:
+
+
+
+ To select Shorewall:
+
+ ln -sf /usr/share/shorewall/shorewall /sbin/shorewall
+
+
+
+ To select Shorewall Lite
+
+ ln -sf /usr/share/shorewall-lite/shorewall /sbin/shorewall
+
+
@@ -211,7 +246,7 @@
On each firewall system, you run:
- /usr/share/shorewall/shorecap > capabilities
+ /usr/share/shorewall-lite/shorecap > capabilities
scp capabilities <admin system>:<this system's config dir>
@@ -228,11 +263,9 @@
-
-
cd <configuration directory>
/sbin/shorewall compile -e . firewall
-scp firewall root@<firewall system>:/usr/share/shorewall/
+scp firewall root@<firewall system>:/usr/share/shorewall-lite/
@@ -240,15 +273,15 @@
On each firewall system:
- Modify /etc/shorewall/shorewall.conf as
- needed.
+ Modify /etc/shorewall-lite/shorewall.conf
+ as needed.
shorewall start
Shorewall Lite includes a very limited version of
- /etc/shorewall/shorewall.conf. It includes the
+ /etc/shorewall-lite/shorewall.conf. It includes the
following options which have the same meaning as in a full Shorewall
installation except as noted below:
@@ -260,20 +293,20 @@
LOGFORMAT — used by /sbin/shorewall for
finding 'Shorewall' log messages only. The format of the messages
- themselves is defined by the LOGFORMAT in shorewall.conf used when the
- firewall script was compiled on the administrative system. If
+ themselves is defined by the LOGFORMAT in the shorewall.conf used when
+ the firewall script was compiled on the administrative system. If
LOGFORMAT was not specified at compile time then the firewall script
will use the value from
- /etc/shorewall/shorewall.conf on the firewall
- system.
+ /etc/shorewall-lite/shorewall.conf on the
+ firewall system.
IPTABLES — determines the iptables binary to be used by
/sbin/shorewall. The compiled firewall script
will use the IPTABLES specified in shorewall.conf
- at compile-time on the administrative system; if IPTABLES was not
+ at compile time on the administrative system; if IPTABLES was not
specified at compile time then the IPTABLES value from
- /etc/shorewall/shorewall.conf on the firewall
- system will be used by the firewall script.
+ /etc/shorewall-lite/shorewall.conf on the
+ firewall system will be used by the firewall script.
PATH
@@ -323,22 +356,19 @@
- Uninstall Shorewall on the firewall system. I recommend
- totally removing /etc/shorewall, /usr/share/shorewall and /var/lib/shorewall after you have used
- the relevant package manager to remove Shorewall.
+ If you use the install.sh script then uninstall Shorewall on
+ the firewall system using uninstall.sh.
- Install Shorewall Lite on the firewall system.
+ Install Shorewall Lite on the firewall system. If you use RPM,
+ you will want to select Shorewall Lite as described above.
On the firewall system:
- /usr/share/shorewall/shorecap > capabilities
+ /usr/share/shorewall-lite/shorecap > capabilities
scp capabilities <admin system>:<this system's config dir>
@@ -351,14 +381,14 @@
cd <configuration directory>
/sbin/shorewall compile -e . firewall
-scp firewall root@<firewall system>:/usr/share/shorewall/
+scp firewall root@<firewall system>:/usr/share/shorewall-lite/
On the firewall system:
- Modify /etc/shorewall/shorewall.conf as
- needed.
+ Modify /etc/shorewall-lite/shorewall.conf
+ as needed.
shorewall restart