forked from extern/shorewall_code
More work on upgrade issues/instructions
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6735 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
c210b996c0
commit
0b2cdd5794
@ -2,6 +2,10 @@ Changes in 4.0.0 RC 1
|
||||
|
||||
1) shorewall-perl RPM no longer installable under shorewall 3.4.
|
||||
|
||||
2) Fix limited broadcast and detectnets/routeback interfaces.
|
||||
|
||||
3) Use optimized 'split' for faster compilation.
|
||||
|
||||
Changes in 4.0.0 Beta 6
|
||||
|
||||
1) First step to adding compiler debugging facility.
|
||||
|
@ -12,8 +12,9 @@ Shorewall 4.0.0 RC 1
|
||||
- Shorewall-shell ( the shell-based compiler )
|
||||
- Shorewall-perl (the Perl-based compiler )
|
||||
|
||||
You must install Shorewall-common and at least one of the compiler
|
||||
packages (you may install them both).
|
||||
You must install Shorewall-common and at least one of the compiler
|
||||
packages (you may install them both). See the Migration
|
||||
Considerations below for further information.
|
||||
|
||||
3) The facilities for supporting bridge/firewalls under earlier
|
||||
releases are deprecated and their documentation is omitted from the
|
||||
@ -23,17 +24,30 @@ packages (you may install them both).
|
||||
|
||||
Problems corrected in 4.0.0 Beta 7.
|
||||
|
||||
None.
|
||||
1) If 'routeback' and 'detectnets' were specified on an interface,
|
||||
limited broadcasts (to 255.255.255.255) were dropped when forwarded
|
||||
through the interface. This could cause broadcast-based
|
||||
applications to fail when running through a bridge with
|
||||
'detectnets'.
|
||||
|
||||
Other changes in Shorewall 4.0.0 RC 1.
|
||||
|
||||
1) The shorewall-perl RPM may no longer be installed under Shorewall
|
||||
3.4. It requires shorewall_common.
|
||||
|
||||
2) The compiler's CPU utilization has been reduced further.
|
||||
|
||||
Migration Considerations:
|
||||
|
||||
1) You cannot simply upgrade your existing Shorewall package. You must
|
||||
also install one or both of the compilers.
|
||||
1) Beginning with Shorewall 4.0.0, there is no single 'shorewall'
|
||||
package. Rather there are two compiler packages (shorewall-shell
|
||||
and shorewall-perl) and a set of base files (shorewall-common)
|
||||
required by either compiler package.
|
||||
|
||||
Although the names of the packages are changing, you can upgrade
|
||||
without having to uninstall/reinstall.
|
||||
|
||||
To repeat: YOU DO NOT NEED TO UNINSTALL ANY EXISTING PACKAGE.
|
||||
|
||||
If you attempt to upgrade using the shorewall-common RPM, you get
|
||||
this result:
|
||||
@ -45,12 +59,12 @@ Migration Considerations:
|
||||
|
||||
You must either:
|
||||
|
||||
rpm -U shorewall-shell-4.0.0.noarch.rpm \
|
||||
rpm -Uvh shorewall-shell-4.0.0.noarch.rpm \
|
||||
shorewall-common-4.0.0.noarch.rpm
|
||||
|
||||
or
|
||||
|
||||
rpm -U shorewall-shell-4.0.0.noarch.rpm \
|
||||
rpm -Uvh shorewall-shell-4.0.0.noarch.rpm \
|
||||
shorewall-perl-4.0.0.noarch.rpm \
|
||||
shorewall-common-4.0.0.noarch.rpm
|
||||
|
||||
@ -68,6 +82,33 @@ Migration Considerations:
|
||||
the tarball in the expected way; untar the package, and run the
|
||||
install.sh script.
|
||||
|
||||
Example 1: You have 'shorewall' installed and you want to continue
|
||||
to use the shorewall-shell compiler.
|
||||
|
||||
tar -jxf shorewall-common-4.0.0.tar.bz2
|
||||
tar -jxf shorewall-shell-4.0.0.tar.bz2
|
||||
|
||||
cd shorewall-shell-4.0.0
|
||||
./install.sh
|
||||
cd ../shorewall-common-4.0.0
|
||||
./install.sh
|
||||
shorewall check
|
||||
shorewall restart
|
||||
|
||||
Example 2: You have shorewall 3.4.4 and shorewall-perl 4.0.0-Beta7
|
||||
installed and you want to upgrade to 4.0. You do not need the
|
||||
shell-based compiler.
|
||||
|
||||
tar -jxf shorewall-common-4.0.0.tar.bz2
|
||||
tar -jxf shorewall-perl-4.0.0.tar.bz2
|
||||
|
||||
cd shorewall-perl-4.0.0
|
||||
./install.sh
|
||||
cd ../shorewall-common-4.0.0
|
||||
./install.sh
|
||||
shorewall check
|
||||
shorewall restart
|
||||
|
||||
2) The ROUTE_FILTER and LOG_MARTIANS options in shorewall.conf work
|
||||
slightly differently in Shorewall 4.0.0. In prior releases, leaving
|
||||
these options empty was equivalent to setting them to 'No' which
|
||||
|
@ -1661,7 +1661,7 @@ sub generate_matrix() {
|
||||
while ( my ($interface, $sourceref) = ( each %needbroadcast ) ) {
|
||||
if ( get_interface_option( $interface, 'bridge' ) ) {
|
||||
for my $source ( keys %$sourceref ) {
|
||||
add_rule $filter_table->{forward_chain $interface} , "-o $interface ${source}-m addrtype --dst-type BROADCAST -j $chain3";
|
||||
add_rule $filter_table->{forward_chain $interface} , "-o $interface ${source}-d 255.255.255.255 -j $chain3";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -360,10 +360,16 @@ Pin-Priority: 700</programlisting><emphasis role="bold"><emphasis>Then
|
||||
package, it probably won't work.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>If you are upgrading from a 2.x or 3.x version to a 4.x version
|
||||
or later, please see the <ulink url="upgrade_issues.htm">upgrade
|
||||
issues</ulink> for specific instructions.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Upgrade the RPM</para>
|
||||
|
||||
<programlisting><command>rpm -Uvh <shorewall rpm file> <compiler rpm file> ...</command></programlisting>
|
||||
<programlisting><command>rpm -Uvh <shorewall-common rpm file> <compiler rpm file> ...</command></programlisting>
|
||||
|
||||
<note>
|
||||
<para>Some <trademark>SUSE</trademark> users have encountered a
|
||||
@ -371,7 +377,7 @@ Pin-Priority: 700</programlisting><emphasis role="bold"><emphasis>Then
|
||||
though a 2.4 kernel is installed. If this happens, simply use the
|
||||
--nodeps option to rpm.</para>
|
||||
|
||||
<programlisting><command>rpm -Uvh --nodeps <shorewall rpm> <compiler rpm> ...</command></programlisting>
|
||||
<programlisting><command>rpm -Uvh --nodeps <shorewall-common rpm> <compiler rpm> ...</command></programlisting>
|
||||
</note>
|
||||
|
||||
<note>
|
||||
@ -407,6 +413,12 @@ Pin-Priority: 700</programlisting><emphasis role="bold"><emphasis>Then
|
||||
<section id="Upgrade_Tarball">
|
||||
<title>Upgrade using tarball</title>
|
||||
|
||||
<para><important>
|
||||
<para>If you are upgrading from a 2.x or 3.x version to a 4.x version
|
||||
or later, please see the <ulink url="upgrade_issues.htm">upgrade
|
||||
issues</ulink> for specific instructions.</para>
|
||||
</important></para>
|
||||
|
||||
<para>If you already have Shorewall installed and are upgrading to a new
|
||||
version using the tarball:</para>
|
||||
|
||||
|
@ -70,54 +70,60 @@
|
||||
</section>
|
||||
|
||||
<section id="V4.0.0">
|
||||
<title>Versions >= 4.0.0-Beta1</title>
|
||||
<title>Versions >= 4.0.0-Beta7</title>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>This is the first Shorewall release that fully integrates the
|
||||
new Shorewall-perl compiler. You are now offered a choice as to which
|
||||
compiler(s) you install. In Shorewall 4.0.0, there are the following
|
||||
packages:<itemizedlist>
|
||||
<listitem>
|
||||
<para>Shorewall-common ( common files )</para>
|
||||
</listitem>
|
||||
<para>Beginning with Shorewall 4.0.0, there is no single 'shorewall'
|
||||
package. Rather there are two compiler packages (shorewall-shell and
|
||||
shorewall-perl) and a set of base files (shorewall-common) required by
|
||||
either compiler package.</para>
|
||||
|
||||
<listitem>
|
||||
<para>Shorewall-shell ( the shell-based compiler )</para>
|
||||
</listitem>
|
||||
<para>Although the names of the packages are changing, you can upgrade
|
||||
without having to uninstall/reinstall.</para>
|
||||
|
||||
<listitem>
|
||||
<para>Shorewall-perl (the Perl-based compiler )</para>
|
||||
</listitem>
|
||||
<para>To repeat: <emphasis role="bold">You do not need to uninstall
|
||||
any existing package.</emphasis></para>
|
||||
|
||||
<listitem>
|
||||
<para>Shorewall-lite</para>
|
||||
</listitem>
|
||||
</itemizedlist>You must install Shorewall-common and at least one of
|
||||
the compiler packages (you may install them both).</para>
|
||||
|
||||
<para>You cannot simply upgrade your existing Shorewall package. You
|
||||
must upgrade Shorewall-common <emphasis role="bold">and</emphasis>
|
||||
install one or both of the compilers.</para>
|
||||
|
||||
<para>If you attempt to upgrade using the common RPM, you get this
|
||||
result:<programlisting>gateway:~ # rpm -Uvh shorewall-common-4.0.0.noarch.rpm
|
||||
<para>If you attempt to upgrade using the shorewall-common RPM, you
|
||||
get this result:<programlisting>gateway:~ # <command>rpm -Uvh shorewall-common-4.0.0.noarch.rpm </command>
|
||||
error: Failed dependencies:
|
||||
shorewall_compiler is needed by shorewall-common-4.0.0-1.noarch
|
||||
gateway:~ #</programlisting> You must either:<programlisting>rpm -U shorewall-shell-4.0.0.noarch.rpm shorewall-common-4.0.0.noarch.rpm</programlisting>or<programlisting>rpm -U shorewall-shell-4.0.0.noarch.rpm shorewall-perl-4.0.0.noarch.rpm shorewall-common-4.0.0.noarch.rpm</programlisting>If
|
||||
you are upgrading using the tarball, you must install either
|
||||
shorewall-shell or shorewall-perl before you upgrade Shorewall using
|
||||
the Shorewall-common tarball. Otherwise, the install.sh script fails
|
||||
with:<simplelist>
|
||||
gateway:~ #</programlisting>You must either:<programlisting><command>rpm -Uvh shorewall-shell-4.0.0.noarch.rpm shorewall-common-4.0.0.noarch.rpm</command></programlisting>or<programlisting><command>rpm -Uvh shorewall-shell-4.0.0.noarch.rpm shorewall-perl-4.0.0.noarch.rpm shorewall-common-4.0.0.noarch.rpm</command></programlisting>If
|
||||
you don't want shorewall-shell, use the second command
|
||||
then<programlisting><command>rpm -e shorewall-shell</command></programlisting>If
|
||||
you are upgrading using the tarball, you must install shorewall-shell
|
||||
and/or shorewall-perl before you upgrade using shorewall-common.
|
||||
Otherwise, the install.sh script fails with:<simplelist>
|
||||
<member>ERROR: No Shorewall compiler is installed</member>
|
||||
</simplelist>The shorewall-shell and shorewall-perl packages are
|
||||
installed from the tarball in the expected way; untar the package, and
|
||||
run the install.sh script.</para>
|
||||
|
||||
<para>The RPMs are set up so that if you upgrade an existing Shorewall
|
||||
installation as part of a distribution upgrade and you have not
|
||||
already installed shorewall-perl, then you will end up with
|
||||
Shorewall-common and Shorewall-shell installed.</para>
|
||||
<para>Example 1: You have 'shorewall' installed and you want to
|
||||
continue to use the shorewall-shell compiler.<programlisting><command>tar -jxf shorewall-common-4.0.0.tar.bz2
|
||||
tar -jxf shorewall-shell-4.0.0.tar.bz2
|
||||
|
||||
cd shorewall-shell-4.0.0
|
||||
./install.sh
|
||||
cd ../shorewall-common-4.0.0
|
||||
./install.sh
|
||||
shorewall check
|
||||
shorewall restart</command></programlisting>Example 2: You have shorewall
|
||||
3.4.4 and shorewall-perl 4.0.0-Beta7 installed and you want to upgrade
|
||||
to 4.0. You do not need the shell-based compiler.<programlisting><command>tar -jxf shorewall-common-4.0.0.tar.bz2
|
||||
tar -jxf shorewall-perl-4.0.0.tar.bz2
|
||||
|
||||
cd shorewall-perl-4.0.0
|
||||
./install.sh
|
||||
cd ../shorewall-common-4.0.0
|
||||
./install.sh
|
||||
shorewall check
|
||||
shorewall restart</command></programlisting> The RPMs are set up so that if
|
||||
you upgrade an existing Shorewall installation as part of a
|
||||
distribution upgrade and you have not already installed
|
||||
shorewall-perl, then you will end up with Shorewall-common and
|
||||
Shorewall-shell installed.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
|
Loading…
Reference in New Issue
Block a user