holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Shorewall 1.3.7c Changes

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@230 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2002-09-02 19:56:07 +00:00
parent 08eed6d0b4
commit 13892d9f46
14 changed files with 137 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
STABLE/documentation/Documentation.htm
View File

@ -92,6 +92,9 @@ establishes overall firewall policy.</li>
<a href="#ProxyArp">proxyarp</a></b> -- a parameter file in /etc/shorewall used to define <a href="#ProxyArp">
Proxy Arp</a>
.</li>
<li><b><a href="#rfc1918">rfc1918</a></b> -- a parameter file in
/etc/shorewall used to define the treatment of packets under the
<a href="#Interfaces">norfc1918 interface option</a>.</li>
<li><b><a href="#Routestopped">routestopped</a></b> -- a parameter file in
/etc/shorewall used to define those hosts that can access the firewall when
Shorewall is stopped.</li>
@ -2694,7 +2697,7 @@ by Shorewall, you must have <a href="#MangleEnabled">mangle support enabled</a
<p><font size="2">
Updated 8/22/2002 - <a href="support.htm">Tom
Updated 9/1/2002 - <a href="support.htm">Tom
Eastep</a>
</font></p>

17
STABLE/documentation/News.htm
View File

@ -17,6 +17,18 @@
</tr>
</table>
<p><b>9/2/2002 - Shorewall 1.3.7c</b></p>
<p>This is a role up of a fix for &quot;DNAT&quot; rules where the source zone is $FW
(fw).</p>
<p><b>8/31/2002 - I'm not available</b></p>
<p>I'm currently on vacation&nbsp; -- please respect my need for a couple of
weeks free of Shorewall problem reports.</p>
<p>-Tom</p>
<p><b>8/26/2002 - Shorewall 1.3.7b</b></p>
<p>This is a role up of the &quot;shorewall refresh&quot; bug fix and the change which
@ -24,8 +36,7 @@
<p><b>8/26/2002 - French FTP Mirror is Operational</b></p>
<p><a href="ftp://france.shorewall.net/pub/mirrors/shorewall">
ftp://france.shorewall.net/pub/mirrors/shorewall</a> is now available.</p>
<p><a target="_blank" href="ftp://france.shorewall.net/pub/mirrors/shorewall">ftp://france.shorewall.net/pub/mirrors/shorewall</a> is now available.</p>
<p><b>8/25/2002 - Shorewall Mirror in France</b></p>
@ -1049,7 +1060,7 @@ version:</p>
additional &quot;gw&quot; (gateway) zone for tunnels and it supports IPSEC
tunnels with end-points on the firewall. There is also a .lrp available now.</b></p>
<p><font size="2">Updated 8/26/2002 - <a href="support.htm">Tom
<p><font size="2">Updated 9/2/2002 - <a href="support.htm">Tom
Eastep</a> </font></p>
<p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">

2
STABLE/documentation/download.htm
View File

@ -66,7 +66,7 @@ AND ISSUE A &quot;shorewall start&quot; COMMAND. SOME CONFIGURATION IS REQUIRED
FIREWALL WILL START. IF YOU ISSUE A &quot;start&quot; COMMAND AND THE FIREWALL FAILS TO
START, YOUR SYSTEM WILL NO LONGER ACCEPT ANY NETWORK TRAFFIC. IF THIS HAPPENS,
ISSUE A &quot;shorewall clear&quot; COMMAND TO RESTORE NETWORK CONNECTIVITY.</b></font></p>
<p>Download Latest Version (<b>1.3.7b</b>): <b>Remember that updates to the mirrors
<p>Download Latest Version (<b>1.3.7c</b>): <b>Remember that updates to the mirrors
occur 1-12 hours after an update to the primary site.</b></p>
<blockquote>
<table border="2" cellspacing="3" cellpadding="3" style="border-collapse: collapse">

10
STABLE/documentation/errata.htm
View File

@ -90,6 +90,14 @@ dos2unix</a></u>
<h2 align="Left"><a name="V1.3"></a>Problems in Version 1.3</h2>
<h3>Version 1.3.7b</h3>
<p>DNAT rules where the source zone is 'fw' ($FW)
result in an error message. Installing
<a href="http://www.shorewall.net/pub/shorewall/errata/1.3.7/firewall">
this corrected firewall script</a> in /var/lib/shorewall/firewall
as described above corrects this problem.</p>
<h3>Version 1.3.7a</h3>
<p>&quot;shorewall refresh&quot; is not creating the proper
@ -518,7 +526,7 @@ Aborted (core dumped)
as described above.</li>
</ul>
<p><font size="2">
Last updated 8/26/2002 -
Last updated 9/1/2002 -
<a href="support.htm">Tom Eastep</a></font> </p>
<p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font>

8
STABLE/documentation/hosts_file.htm
View File

@ -6,16 +6,16 @@
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>The Hosts File</title>
<meta name="Microsoft Theme" content="radial 011, default">
<meta name="Microsoft Theme" content="boldstri 011, default">
</head>
<body background="_themes/radial/radbkgnd.gif" bgcolor="#FFFFFF" text="#000000" link="#6666FF" vlink="#993333" alink="#66CCCC"><!--mstheme--><font face="arial, Arial, Helvetica">
<body>
<h1 align="center"><!--mstheme--><font face="times new roman, Times New Roman, Times" color="#666666">The Hosts File<!--mstheme--></font></h1>
<h1 align="center">The Hosts File</h1>
<p align="left">Since there seems to be a lot of confusion regarding the
/etc/shorewall/hosts file, I have created this page to try to clear the fog.</p>
<p align="left">&nbsp;</p>
<!--mstheme--></font></body>
</body>
</html>

116
STABLE/documentation/netfilter_overview.htm
View File

@ -6,15 +6,15 @@
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Netfilter Overview</title>
<meta name="Microsoft Theme" content="radial 011, default">
<meta name="Microsoft Theme" content="boldstri 011, default">
</head>
<body background="_themes/radial/radbkgnd.gif" bgcolor="#FFFFFF" text="#000000" link="#6666FF" vlink="#993333" alink="#66CCCC"><!--mstheme--><font face="arial, Arial, Helvetica">
<body>
<h1 align="center"><!--mstheme--><font face="times new roman, Times New Roman, Times" color="#666666">Netfilter Overview<!--mstheme--></font></h1>
<h1 align="center">Netfilter Overview</h1>
<div align="left">
<p align="left">&nbsp;</div>
<h2 align="left"><!--mstheme--><font face="times new roman, Times New Roman, Times" color="#666666">1.0 Tables<!--mstheme--></font></h2>
<h2 align="left">1.0 Tables</h2>
<p align="left"><i>Chains</i> of <i>rules </i>are organized into <i>Tables.</i>
Netfilter currently has three tables.</p>
@ -43,98 +43,98 @@ the table that follows. Packets flow through the chains in the order of that
table.</p>
<blockquote>
<!--mstheme--></font><table border="1" style="border-collapse: collapse" cellpadding="2" id="AutoNumber10" width="895" bordercolordark="#666666" bordercolorlight="#CCCCCC">
<table border="1" style="border-collapse: collapse" cellpadding="2" id="AutoNumber10" width="895">
<tr>
<td width="50"><!--mstheme--><font face="arial, Arial, Helvetica"><u><b>Ordinal</b></u><!--mstheme--></font></td>
<td width="51"><!--mstheme--><font face="arial, Arial, Helvetica"><u><b>Table</b></u><!--mstheme--></font></td>
<td width="112"><!--mstheme--><font face="arial, Arial, Helvetica"><u><b>Chain</b></u><!--mstheme--></font></td>
<td width="346"><!--mstheme--><font face="arial, Arial, Helvetica"><u><b>Shorewall Usage</b></u><!--mstheme--></font></td>
<td width="310"><!--mstheme--><font face="arial, Arial, Helvetica"><u><b>Comments</b></u><!--mstheme--></font></td>
<td width="50"><u><b>Ordinal</b></u></td>
<td width="51"><u><b>Table</b></u></td>
<td width="112"><u><b>Chain</b></u></td>
<td width="346"><u><b>Shorewall Usage</b></u></td>
<td width="310"><u><b>Comments</b></u></td>
</tr>
<tr>
<td width="50"><!--mstheme--><font face="arial, Arial, Helvetica">1<!--mstheme--></font></td>
<td width="51"><!--mstheme--><font face="arial, Arial, Helvetica">Mangle<!--mstheme--></font></td>
<td width="112"><!--mstheme--><font face="arial, Arial, Helvetica">PREROUTING<!--mstheme--></font></td>
<td width="346"><!--mstheme--><font face="arial, Arial, Helvetica">
<td width="50">1</td>
<td width="51">Mangle</td>
<td width="112">PREROUTING</td>
<td width="346">
<ol>
<li>RFC 1918 Destination Rejections</li>
<li>Marking Packets for Traffic Control</li>
<li>TOS</li>
</ol>
<!--mstheme--></font></td>
<td width="310"><!--mstheme--><font face="arial, Arial, Helvetica">&nbsp;<!--mstheme--></font></td>
</td>
<td width="310">&nbsp;</td>
</tr>
<tr>
<td width="50"><!--mstheme--><font face="arial, Arial, Helvetica">2<!--mstheme--></font></td>
<td width="51"><!--mstheme--><font face="arial, Arial, Helvetica">NAT<!--mstheme--></font></td>
<td width="112"><!--mstheme--><font face="arial, Arial, Helvetica">PREROUTING<!--mstheme--></font></td>
<td width="346"><!--mstheme--><font face="arial, Arial, Helvetica">
<td width="50">2</td>
<td width="51">NAT</td>
<td width="112">PREROUTING</td>
<td width="346">
<ol>
<li>DNAT Rules</li>
<li>Static NAT DNAT mapping</li>
</ol>
<!--mstheme--></font></td>
<td width="310"><!--mstheme--><font face="arial, Arial, Helvetica">Only connection requests go here -- packets that are part of or
</td>
<td width="310">Only connection requests go here -- packets that are part of or
related to an established connection use information from the connection
tracking table.<!--mstheme--></font></td>
tracking table.</td>
</tr>
<tr>
<td width="50"><!--mstheme--><font face="arial, Arial, Helvetica">3<!--mstheme--></font></td>
<td width="51"><!--mstheme--><font face="arial, Arial, Helvetica">Filter<!--mstheme--></font></td>
<td width="112"><!--mstheme--><font face="arial, Arial, Helvetica">INPUT<!--mstheme--></font></td>
<td width="346"><!--mstheme--><font face="arial, Arial, Helvetica"><i>&lt;zone&gt;</i>2<b>fw</b> filtering<!--mstheme--></font></td>
<td width="310"><!--mstheme--><font face="arial, Arial, Helvetica">&nbsp;<!--mstheme--></font></td>
<td width="50">3</td>
<td width="51">Filter</td>
<td width="112">INPUT</td>
<td width="346"><i>&lt;zone&gt;</i>2<b>fw</b> filtering</td>
<td width="310">&nbsp;</td>
</tr>
<tr>
<td width="50"><!--mstheme--><font face="arial, Arial, Helvetica">3<!--mstheme--></font></td>
<td width="51"><!--mstheme--><font face="arial, Arial, Helvetica">Filter<!--mstheme--></font></td>
<td width="112"><!--mstheme--><font face="arial, Arial, Helvetica">FORWARD<!--mstheme--></font></td>
<td width="346"><!--mstheme--><font face="arial, Arial, Helvetica"><i>&lt;zone&gt;</i>2<i>&lt;zone&gt;</i> filtering<!--mstheme--></font></td>
<td width="310"><!--mstheme--><font face="arial, Arial, Helvetica">&nbsp;<!--mstheme--></font></td>
<td width="50">3</td>
<td width="51">Filter</td>
<td width="112">FORWARD</td>
<td width="346"><i>&lt;zone&gt;</i>2<i>&lt;zone&gt;</i> filtering</td>
<td width="310">&nbsp;</td>
</tr>
<tr>
<td width="50"><!--mstheme--><font face="arial, Arial, Helvetica">3<!--mstheme--></font></td>
<td width="51"><!--mstheme--><font face="arial, Arial, Helvetica">Filter<!--mstheme--></font></td>
<td width="112"><!--mstheme--><font face="arial, Arial, Helvetica">OUTPUT<!--mstheme--></font></td>
<td width="346"><!--mstheme--><font face="arial, Arial, Helvetica"><b>fw</b>2<i>&lt;zone&gt;</i> filtering<!--mstheme--></font></td>
<td width="310"><!--mstheme--><font face="arial, Arial, Helvetica">&nbsp;<!--mstheme--></font></td>
<td width="50">3</td>
<td width="51">Filter</td>
<td width="112">OUTPUT</td>
<td width="346"><b>fw</b>2<i>&lt;zone&gt;</i> filtering</td>
<td width="310">&nbsp;</td>
</tr>
<tr>
<td width="50"><!--mstheme--><font face="arial, Arial, Helvetica">4<!--mstheme--></font></td>
<td width="51"><!--mstheme--><font face="arial, Arial, Helvetica">Mangle<!--mstheme--></font></td>
<td width="112"><!--mstheme--><font face="arial, Arial, Helvetica">POSTROUTING<!--mstheme--></font></td>
<td width="346"><!--mstheme--><font face="arial, Arial, Helvetica">TOS<!--mstheme--></font></td>
<td width="310"><!--mstheme--><font face="arial, Arial, Helvetica">&nbsp;<!--mstheme--></font></td>
<td width="50">4</td>
<td width="51">Mangle</td>
<td width="112">POSTROUTING</td>
<td width="346">TOS</td>
<td width="310">&nbsp;</td>
</tr>
<tr>
<td width="50"><!--mstheme--><font face="arial, Arial, Helvetica">5<!--mstheme--></font></td>
<td width="51"><!--mstheme--><font face="arial, Arial, Helvetica">NAT<!--mstheme--></font></td>
<td width="112"><!--mstheme--><font face="arial, Arial, Helvetica">OUTPUT<!--mstheme--></font></td>
<td width="346"><!--mstheme--><font face="arial, Arial, Helvetica">DNAT rules where the source zone is <b>fw</b><!--mstheme--></font></td>
<td width="310"><!--mstheme--><font face="arial, Arial, Helvetica">Only connection requests go here -- packets that are part of or
<td width="50">5</td>
<td width="51">NAT</td>
<td width="112">OUTPUT</td>
<td width="346">DNAT rules where the source zone is <b>fw</b></td>
<td width="310">Only connection requests go here -- packets that are part of or
related to an established connection use information from the connection
tracking table.<!--mstheme--></font></td>
tracking table.</td>
</tr>
<tr>
<td width="50"><!--mstheme--><font face="arial, Arial, Helvetica">5<!--mstheme--></font></td>
<td width="51"><!--mstheme--><font face="arial, Arial, Helvetica">NAT<!--mstheme--></font></td>
<td width="112"><!--mstheme--><font face="arial, Arial, Helvetica">POSTROUTING<!--mstheme--></font></td>
<td width="346"><!--mstheme--><font face="arial, Arial, Helvetica">
<td width="50">5</td>
<td width="51">NAT</td>
<td width="112">POSTROUTING</td>
<td width="346">
<ol>
<li>Masquerading (/etc/shoreawll/masq)</li>
<li>SNAT (/etc/shorewall/masq)</li>
<li>Static NAT SNAT Mapping</li>
</ol>
<!--mstheme--></font></td>
<td width="310"><!--mstheme--><font face="arial, Arial, Helvetica">Only connection requests go here -- packets that are part of or
</td>
<td width="310">Only connection requests go here -- packets that are part of or
related to an established connection use information from the connection
tracking table.<!--mstheme--></font></td>
tracking table.</td>
</tr>
</table><!--mstheme--><font face="arial, Arial, Helvetica">
</table>
</blockquote>
<p align="left">The connection tracking table can be displayed using the
&quot;shorewall show connections&quot; command.</p>
<!--mstheme--></font></body>
</body>
</html>

33
STABLE/documentation/seattlefirewall_index.htm
View File

@ -63,26 +63,35 @@
<h2>News</h2>
<p><b>8/26/2002 - Shorewall 1.3.7b
<p><b>9/2/2002 - Shorewall 1.3.7c
<img border="0" src="images/new10.gif" width="28" height="12"> </b></p>
<p>This is a role up of a fix for &quot;DNAT&quot; rules where the source zone is $FW
(fw).</p>
<p><b>8/31/2002 - I'm not available
<img border="0" src="images/new10.gif" width="28" height="12"> </b></p>
<p>I'm currently on vacation&nbsp; -- please respect my need for a couple of
weeks free of Shorewall problem reports.</p>
<p>-Tom</p>
<p><b>8/26/2002 - Shorewall 1.3.7b</b></p>
<p>This is a role up of the &quot;shorewall refresh&quot; bug fix and the change which
reverses the order of &quot;dhcp&quot; and &quot;norfc1918&quot; checking.</p>
<p><b>8/26/2002 - French FTP Mirror is Operational
<img border="0" src="images/new10.gif" width="28" height="12"> </b></p>
<p><b>8/26/2002 - French FTP Mirror is Operational</b></p>
<p><a href="ftp://france.shorewall.net/pub/mirrors/shorewall">
ftp://france.shorewall.net/pub/mirrors/shorewall</a> is now available.</p>
<p><a target="_blank" href="ftp://france.shorewall.net/pub/mirrors/shorewall">ftp://france.shorewall.net/pub/mirrors/shorewall</a> is now available.</p>
<p><b>8/25/2002 - Shorewall Mirror in France
<img border="0" src="images/new10.gif" width="28" height="12"> </b></p>
<p><b>8/25/2002 - Shorewall Mirror in France </b></p>
<p>Thanks to a Shorewall user in Paris, the Shorewall web site is now mirrored
at <a target="_top" href="http://france.shorewall.net">http://france.shorewall.net</a>.</p>
<p><b>8/25/2002 - Shorewall 1.3.7a Debian Packages Available
<img border="0" src="images/new10.gif" width="28" height="12"> </b></p>
<p><b>8/25/2002 - Shorewall 1.3.7a Debian Packages Available</b></p>
<p>Lorenzo Martignoni reports that the packages for version 1.3.7a are available at <a href="http://security.dsi.unimi.it/~lorenzo/debian.html">http://security.dsi.unimi.it/~lorenzo/debian.html</a>.</p>
@ -160,8 +169,8 @@
<h2><a name="Donations"></a>Donations</h2>
</td>
<td width="88" bgcolor="#4B017C" valign="top" align="center"><a href="http://sourceforge.net" target="_top">
<img src="http://sourceforge.net/sflogo.php?group_id=22587" alt="SourceForge Logo" border="0" hspace="14" vspace="5" align="center"></a></td>
<td width="88" bgcolor="#4B017C" valign="top" align="center">
<a href="http://sourceforge.net">M</a></td>
</tr>
</table>
</center>
@ -179,7 +188,7 @@
</table>
<p><font size="2">Updated
8/26/2002 - <a href="support.htm">Tom Eastep</a>
8/31/2002 - <a href="support.htm">Tom Eastep</a>
</font>

7
STABLE/documentation/shorewall_quickstart_guide.htm
View File

@ -133,16 +133,21 @@ explained in the single-address guides above.</p>
<li><font color="#000099"><a href="starting_and_stopping_shorewall.htm">Starting/stopping the Firewall</a></font></li>
<li><font color="#000099"><a href="NAT.htm">Static NAT</a></font></li>
<li><a href="traffic_shaping.htm">Traffic Shaping/Control</a></li>
<li>Tunnels<ul>
<li>VPN<ul>
<li><a href="IPSEC.htm">IPSEC</a></li>
<li><a href="IPIP.htm">GRE and IPIP</a></li>
<li><a href="PPTP.htm">PPTP</a></li>
<li><a href="VPN.htm">IPSEC/PPTP</a> from a system behind your firewall to a
remote network.</li>
</ul>
</li>
<li><a href="whitelisting_under_shorewall.htm">White List Creation</a></li>
</ul>
<p>If you use one of these guides and have a suggestion for improvement
<a href="mailto:webmaster@shorewall.net">please let me know</a>.</p>
<p><font size="2">Last modified 8/29/2002 -
<a href="file:///J:/Shorewall/Shorewall-docs/support.htm">Tom Eastep</a></font></p>
<p><a href="copyright.htm"><font size="2">Copyright 2002 Thomas M. Eastep</font></a></p>
</body>

12
STABLE/documentation/support.htm
View File

@ -113,12 +113,18 @@ help people who have a similar question or problem in the future.</p>
comes at no cost. The cost is incredibly high.&quot;</i> - <font size="2">
Weitse Venema</font></span></h3>
</blockquote>
<p>I do not answer questions or work on problems sent to me personally but I try
to respond promptly to mailing list posts.&nbsp;&nbsp; <a href="mailto:teastep@shorewall.net">-Tom</a></p>
<p><b>I'm not available</b></p>
<p>I'm currently on vacation&nbsp; -- please respect my need for a couple of
weeks free of Shorewall problem reports.</p>
<p>-Tom</p>
<p>To Subscribe to the mailing list go to <a href="http://www.shorewall.net/mailman/listinfo/shorewall-users">http://www.shorewall.net/mailman/listinfo/shorewall-users</a>
.</p>
<p align="left"><font size="2">Last Updated 8/24`/2002 - Tom
<p align="left"><font size="2">Last Updated 9/1/2002 - Tom
Eastep</font></p>
<p align="left"><font face="Trebuchet MS"><a href="copyright.htm">

6
STABLE/documentation/troubleshoot.htm
View File

@ -126,6 +126,10 @@ policy</li>
<h3 align="Left">Other Gotchas</h3>
<ul>
<li>Seeing rejected/dropped packets logged out of the INPUT or FORWARD
chains? This means that your zone definitions are screwed up and the host
that is sending the packets isn't in any zone (using a /etc/shorewall/hosts
file are you?).</li>
<li>Remember that Shorewall doesn't automatically allow ICMP type 8 ("ping")
requests to be sent between zones. If you want pings to be allowed between
zones, you need a rule of the form:<br>
@ -183,7 +187,7 @@ ADD_IP_ALIASES</a>
</font>
<p><font size="2">Last updated 7/27/2002 -
<p><font size="2">Last updated 8/29/2002 -
Tom Eastep</font>
</p>

2
STABLE/fallback.sh
View File

@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall.
VERSION=1.3.7b
VERSION=1.3.7c
usage() # $1 = exit status
{

2
STABLE/install.sh
View File

@ -54,7 +54,7 @@
# /etc/rc.d/rc.local file is modified to start the firewall.
#
VERSION=1.3.7b
VERSION=1.3.7c
usage() # $1 = exit status
{

4
STABLE/shorewall.spec
View File

@ -1,5 +1,5 @@
%define name shorewall
%define version 1.3.7b
%define version 1.3.7c
%define release 1
%define prefix /usr
@ -76,6 +76,8 @@ if [ $1 = 0 ]; then if [ -x /sbin/insserv ]; then /sbin/insserv -r /etc/init.d/s
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
%changelog
* Mon Sep 02 2002 Tom Eastep <tom@shorewall.net>
- Changed version to 1.3.7c
* Mon Aug 26 2002 Tom Eastep <tom@shorewall.net>
- Changed version to 1.3.7b
* Thu Aug 22 2002 Tom Eastep <tom@shorewall.net>

2
STABLE/uninstall.sh
View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Seattle Firewall
VERSION=1.3.7b
VERSION=1.3.7c
usage() # $1 = exit status
{