forked from extern/shorewall_code
More work on upgrade issues/instructions
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6735 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
c210b996c0
commit
0b2cdd5794
@ -2,6 +2,10 @@ Changes in 4.0.0 RC 1
|
|||||||
|
|
||||||
1) shorewall-perl RPM no longer installable under shorewall 3.4.
|
1) shorewall-perl RPM no longer installable under shorewall 3.4.
|
||||||
|
|
||||||
|
2) Fix limited broadcast and detectnets/routeback interfaces.
|
||||||
|
|
||||||
|
3) Use optimized 'split' for faster compilation.
|
||||||
|
|
||||||
Changes in 4.0.0 Beta 6
|
Changes in 4.0.0 Beta 6
|
||||||
|
|
||||||
1) First step to adding compiler debugging facility.
|
1) First step to adding compiler debugging facility.
|
||||||
|
@ -12,8 +12,9 @@ Shorewall 4.0.0 RC 1
|
|||||||
- Shorewall-shell ( the shell-based compiler )
|
- Shorewall-shell ( the shell-based compiler )
|
||||||
- Shorewall-perl (the Perl-based compiler )
|
- Shorewall-perl (the Perl-based compiler )
|
||||||
|
|
||||||
You must install Shorewall-common and at least one of the compiler
|
You must install Shorewall-common and at least one of the compiler
|
||||||
packages (you may install them both).
|
packages (you may install them both). See the Migration
|
||||||
|
Considerations below for further information.
|
||||||
|
|
||||||
3) The facilities for supporting bridge/firewalls under earlier
|
3) The facilities for supporting bridge/firewalls under earlier
|
||||||
releases are deprecated and their documentation is omitted from the
|
releases are deprecated and their documentation is omitted from the
|
||||||
@ -23,17 +24,30 @@ packages (you may install them both).
|
|||||||
|
|
||||||
Problems corrected in 4.0.0 Beta 7.
|
Problems corrected in 4.0.0 Beta 7.
|
||||||
|
|
||||||
None.
|
1) If 'routeback' and 'detectnets' were specified on an interface,
|
||||||
|
limited broadcasts (to 255.255.255.255) were dropped when forwarded
|
||||||
|
through the interface. This could cause broadcast-based
|
||||||
|
applications to fail when running through a bridge with
|
||||||
|
'detectnets'.
|
||||||
|
|
||||||
Other changes in Shorewall 4.0.0 RC 1.
|
Other changes in Shorewall 4.0.0 RC 1.
|
||||||
|
|
||||||
1) The shorewall-perl RPM may no longer be installed under Shorewall
|
1) The shorewall-perl RPM may no longer be installed under Shorewall
|
||||||
3.4. It requires shorewall_common.
|
3.4. It requires shorewall_common.
|
||||||
|
|
||||||
|
2) The compiler's CPU utilization has been reduced further.
|
||||||
|
|
||||||
Migration Considerations:
|
Migration Considerations:
|
||||||
|
|
||||||
1) You cannot simply upgrade your existing Shorewall package. You must
|
1) Beginning with Shorewall 4.0.0, there is no single 'shorewall'
|
||||||
also install one or both of the compilers.
|
package. Rather there are two compiler packages (shorewall-shell
|
||||||
|
and shorewall-perl) and a set of base files (shorewall-common)
|
||||||
|
required by either compiler package.
|
||||||
|
|
||||||
|
Although the names of the packages are changing, you can upgrade
|
||||||
|
without having to uninstall/reinstall.
|
||||||
|
|
||||||
|
To repeat: YOU DO NOT NEED TO UNINSTALL ANY EXISTING PACKAGE.
|
||||||
|
|
||||||
If you attempt to upgrade using the shorewall-common RPM, you get
|
If you attempt to upgrade using the shorewall-common RPM, you get
|
||||||
this result:
|
this result:
|
||||||
@ -45,12 +59,12 @@ Migration Considerations:
|
|||||||
|
|
||||||
You must either:
|
You must either:
|
||||||
|
|
||||||
rpm -U shorewall-shell-4.0.0.noarch.rpm \
|
rpm -Uvh shorewall-shell-4.0.0.noarch.rpm \
|
||||||
shorewall-common-4.0.0.noarch.rpm
|
shorewall-common-4.0.0.noarch.rpm
|
||||||
|
|
||||||
or
|
or
|
||||||
|
|
||||||
rpm -U shorewall-shell-4.0.0.noarch.rpm \
|
rpm -Uvh shorewall-shell-4.0.0.noarch.rpm \
|
||||||
shorewall-perl-4.0.0.noarch.rpm \
|
shorewall-perl-4.0.0.noarch.rpm \
|
||||||
shorewall-common-4.0.0.noarch.rpm
|
shorewall-common-4.0.0.noarch.rpm
|
||||||
|
|
||||||
@ -68,6 +82,33 @@ Migration Considerations:
|
|||||||
the tarball in the expected way; untar the package, and run the
|
the tarball in the expected way; untar the package, and run the
|
||||||
install.sh script.
|
install.sh script.
|
||||||
|
|
||||||
|
Example 1: You have 'shorewall' installed and you want to continue
|
||||||
|
to use the shorewall-shell compiler.
|
||||||
|
|
||||||
|
tar -jxf shorewall-common-4.0.0.tar.bz2
|
||||||
|
tar -jxf shorewall-shell-4.0.0.tar.bz2
|
||||||
|
|
||||||
|
cd shorewall-shell-4.0.0
|
||||||
|
./install.sh
|
||||||
|
cd ../shorewall-common-4.0.0
|
||||||
|
./install.sh
|
||||||
|
shorewall check
|
||||||
|
shorewall restart
|
||||||
|
|
||||||
|
Example 2: You have shorewall 3.4.4 and shorewall-perl 4.0.0-Beta7
|
||||||
|
installed and you want to upgrade to 4.0. You do not need the
|
||||||
|
shell-based compiler.
|
||||||
|
|
||||||
|
tar -jxf shorewall-common-4.0.0.tar.bz2
|
||||||
|
tar -jxf shorewall-perl-4.0.0.tar.bz2
|
||||||
|
|
||||||
|
cd shorewall-perl-4.0.0
|
||||||
|
./install.sh
|
||||||
|
cd ../shorewall-common-4.0.0
|
||||||
|
./install.sh
|
||||||
|
shorewall check
|
||||||
|
shorewall restart
|
||||||
|
|
||||||
2) The ROUTE_FILTER and LOG_MARTIANS options in shorewall.conf work
|
2) The ROUTE_FILTER and LOG_MARTIANS options in shorewall.conf work
|
||||||
slightly differently in Shorewall 4.0.0. In prior releases, leaving
|
slightly differently in Shorewall 4.0.0. In prior releases, leaving
|
||||||
these options empty was equivalent to setting them to 'No' which
|
these options empty was equivalent to setting them to 'No' which
|
||||||
|
@ -1661,7 +1661,7 @@ sub generate_matrix() {
|
|||||||
while ( my ($interface, $sourceref) = ( each %needbroadcast ) ) {
|
while ( my ($interface, $sourceref) = ( each %needbroadcast ) ) {
|
||||||
if ( get_interface_option( $interface, 'bridge' ) ) {
|
if ( get_interface_option( $interface, 'bridge' ) ) {
|
||||||
for my $source ( keys %$sourceref ) {
|
for my $source ( keys %$sourceref ) {
|
||||||
add_rule $filter_table->{forward_chain $interface} , "-o $interface ${source}-m addrtype --dst-type BROADCAST -j $chain3";
|
add_rule $filter_table->{forward_chain $interface} , "-o $interface ${source}-d 255.255.255.255 -j $chain3";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -360,10 +360,16 @@ Pin-Priority: 700</programlisting><emphasis role="bold"><emphasis>Then
|
|||||||
package, it probably won't work.</para>
|
package, it probably won't work.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>If you are upgrading from a 2.x or 3.x version to a 4.x version
|
||||||
|
or later, please see the <ulink url="upgrade_issues.htm">upgrade
|
||||||
|
issues</ulink> for specific instructions.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Upgrade the RPM</para>
|
<para>Upgrade the RPM</para>
|
||||||
|
|
||||||
<programlisting><command>rpm -Uvh <shorewall rpm file> <compiler rpm file> ...</command></programlisting>
|
<programlisting><command>rpm -Uvh <shorewall-common rpm file> <compiler rpm file> ...</command></programlisting>
|
||||||
|
|
||||||
<note>
|
<note>
|
||||||
<para>Some <trademark>SUSE</trademark> users have encountered a
|
<para>Some <trademark>SUSE</trademark> users have encountered a
|
||||||
@ -371,7 +377,7 @@ Pin-Priority: 700</programlisting><emphasis role="bold"><emphasis>Then
|
|||||||
though a 2.4 kernel is installed. If this happens, simply use the
|
though a 2.4 kernel is installed. If this happens, simply use the
|
||||||
--nodeps option to rpm.</para>
|
--nodeps option to rpm.</para>
|
||||||
|
|
||||||
<programlisting><command>rpm -Uvh --nodeps <shorewall rpm> <compiler rpm> ...</command></programlisting>
|
<programlisting><command>rpm -Uvh --nodeps <shorewall-common rpm> <compiler rpm> ...</command></programlisting>
|
||||||
</note>
|
</note>
|
||||||
|
|
||||||
<note>
|
<note>
|
||||||
@ -407,6 +413,12 @@ Pin-Priority: 700</programlisting><emphasis role="bold"><emphasis>Then
|
|||||||
<section id="Upgrade_Tarball">
|
<section id="Upgrade_Tarball">
|
||||||
<title>Upgrade using tarball</title>
|
<title>Upgrade using tarball</title>
|
||||||
|
|
||||||
|
<para><important>
|
||||||
|
<para>If you are upgrading from a 2.x or 3.x version to a 4.x version
|
||||||
|
or later, please see the <ulink url="upgrade_issues.htm">upgrade
|
||||||
|
issues</ulink> for specific instructions.</para>
|
||||||
|
</important></para>
|
||||||
|
|
||||||
<para>If you already have Shorewall installed and are upgrading to a new
|
<para>If you already have Shorewall installed and are upgrading to a new
|
||||||
version using the tarball:</para>
|
version using the tarball:</para>
|
||||||
|
|
||||||
|
@ -70,54 +70,60 @@
|
|||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="V4.0.0">
|
<section id="V4.0.0">
|
||||||
<title>Versions >= 4.0.0-Beta1</title>
|
<title>Versions >= 4.0.0-Beta7</title>
|
||||||
|
|
||||||
<orderedlist>
|
<orderedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>This is the first Shorewall release that fully integrates the
|
<para>Beginning with Shorewall 4.0.0, there is no single 'shorewall'
|
||||||
new Shorewall-perl compiler. You are now offered a choice as to which
|
package. Rather there are two compiler packages (shorewall-shell and
|
||||||
compiler(s) you install. In Shorewall 4.0.0, there are the following
|
shorewall-perl) and a set of base files (shorewall-common) required by
|
||||||
packages:<itemizedlist>
|
either compiler package.</para>
|
||||||
<listitem>
|
|
||||||
<para>Shorewall-common ( common files )</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
<para>Although the names of the packages are changing, you can upgrade
|
||||||
<para>Shorewall-shell ( the shell-based compiler )</para>
|
without having to uninstall/reinstall.</para>
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
<para>To repeat: <emphasis role="bold">You do not need to uninstall
|
||||||
<para>Shorewall-perl (the Perl-based compiler )</para>
|
any existing package.</emphasis></para>
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
<para>If you attempt to upgrade using the shorewall-common RPM, you
|
||||||
<para>Shorewall-lite</para>
|
get this result:<programlisting>gateway:~ # <command>rpm -Uvh shorewall-common-4.0.0.noarch.rpm </command>
|
||||||
</listitem>
|
|
||||||
</itemizedlist>You must install Shorewall-common and at least one of
|
|
||||||
the compiler packages (you may install them both).</para>
|
|
||||||
|
|
||||||
<para>You cannot simply upgrade your existing Shorewall package. You
|
|
||||||
must upgrade Shorewall-common <emphasis role="bold">and</emphasis>
|
|
||||||
install one or both of the compilers.</para>
|
|
||||||
|
|
||||||
<para>If you attempt to upgrade using the common RPM, you get this
|
|
||||||
result:<programlisting>gateway:~ # rpm -Uvh shorewall-common-4.0.0.noarch.rpm
|
|
||||||
error: Failed dependencies:
|
error: Failed dependencies:
|
||||||
shorewall_compiler is needed by shorewall-common-4.0.0-1.noarch
|
shorewall_compiler is needed by shorewall-common-4.0.0-1.noarch
|
||||||
gateway:~ #</programlisting> You must either:<programlisting>rpm -U shorewall-shell-4.0.0.noarch.rpm shorewall-common-4.0.0.noarch.rpm</programlisting>or<programlisting>rpm -U shorewall-shell-4.0.0.noarch.rpm shorewall-perl-4.0.0.noarch.rpm shorewall-common-4.0.0.noarch.rpm</programlisting>If
|
gateway:~ #</programlisting>You must either:<programlisting><command>rpm -Uvh shorewall-shell-4.0.0.noarch.rpm shorewall-common-4.0.0.noarch.rpm</command></programlisting>or<programlisting><command>rpm -Uvh shorewall-shell-4.0.0.noarch.rpm shorewall-perl-4.0.0.noarch.rpm shorewall-common-4.0.0.noarch.rpm</command></programlisting>If
|
||||||
you are upgrading using the tarball, you must install either
|
you don't want shorewall-shell, use the second command
|
||||||
shorewall-shell or shorewall-perl before you upgrade Shorewall using
|
then<programlisting><command>rpm -e shorewall-shell</command></programlisting>If
|
||||||
the Shorewall-common tarball. Otherwise, the install.sh script fails
|
you are upgrading using the tarball, you must install shorewall-shell
|
||||||
with:<simplelist>
|
and/or shorewall-perl before you upgrade using shorewall-common.
|
||||||
|
Otherwise, the install.sh script fails with:<simplelist>
|
||||||
<member>ERROR: No Shorewall compiler is installed</member>
|
<member>ERROR: No Shorewall compiler is installed</member>
|
||||||
</simplelist>The shorewall-shell and shorewall-perl packages are
|
</simplelist>The shorewall-shell and shorewall-perl packages are
|
||||||
installed from the tarball in the expected way; untar the package, and
|
installed from the tarball in the expected way; untar the package, and
|
||||||
run the install.sh script.</para>
|
run the install.sh script.</para>
|
||||||
|
|
||||||
<para>The RPMs are set up so that if you upgrade an existing Shorewall
|
<para>Example 1: You have 'shorewall' installed and you want to
|
||||||
installation as part of a distribution upgrade and you have not
|
continue to use the shorewall-shell compiler.<programlisting><command>tar -jxf shorewall-common-4.0.0.tar.bz2
|
||||||
already installed shorewall-perl, then you will end up with
|
tar -jxf shorewall-shell-4.0.0.tar.bz2
|
||||||
Shorewall-common and Shorewall-shell installed.</para>
|
|
||||||
|
cd shorewall-shell-4.0.0
|
||||||
|
./install.sh
|
||||||
|
cd ../shorewall-common-4.0.0
|
||||||
|
./install.sh
|
||||||
|
shorewall check
|
||||||
|
shorewall restart</command></programlisting>Example 2: You have shorewall
|
||||||
|
3.4.4 and shorewall-perl 4.0.0-Beta7 installed and you want to upgrade
|
||||||
|
to 4.0. You do not need the shell-based compiler.<programlisting><command>tar -jxf shorewall-common-4.0.0.tar.bz2
|
||||||
|
tar -jxf shorewall-perl-4.0.0.tar.bz2
|
||||||
|
|
||||||
|
cd shorewall-perl-4.0.0
|
||||||
|
./install.sh
|
||||||
|
cd ../shorewall-common-4.0.0
|
||||||
|
./install.sh
|
||||||
|
shorewall check
|
||||||
|
shorewall restart</command></programlisting> The RPMs are set up so that if
|
||||||
|
you upgrade an existing Shorewall installation as part of a
|
||||||
|
distribution upgrade and you have not already installed
|
||||||
|
shorewall-perl, then you will end up with Shorewall-common and
|
||||||
|
Shorewall-shell installed.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
|
Loading…
Reference in New Issue
Block a user