From 194d34951b3afa8051cdac950d800a902460d87b Mon Sep 17 00:00:00 2001 From: teastep Date: Fri, 16 Jan 2009 18:34:44 +0000 Subject: [PATCH] Update News to include Logo Competition Winner git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9290 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- web/News.htm | 12 ++++++++++-- web/Shorewall_index_frame.htm | 5 ++--- web/shorewall_index.htm | 3 ++- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/web/News.htm b/web/News.htm index f233294fc..847b62c72 100644 --- a/web/News.htm +++ b/web/News.htm @@ -10,7 +10,7 @@

Shorewall News and Announcements

-Copyright © 2001-2008 Thomas M. Eastep

+Copyright © 2001-2009 Thomas M. Eastep

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or @@ -24,9 +24,17 @@ license is included in the section entitled GNU Free Documentation License".

-

December 31, 2008
+

January 06, 2009

+

2009-01-06 Winner of the Shorewall Logo Design Competition +Announced

+The Shorewall developers are pleased to announce that after deliberating
+upon the matter, we have chosen Gareth Davies' #3 design.
+

See +http://trac.shorewall.net/wiki/LogoDesignCompetition for details.
+

2008-12-31 Shorewall 4.2.4

1) In 4.2.4, two new packages are included:

   a) Shorewall6 - analagous to Shorewall-common but handles IPv6
      rather than IPv4.

   b) Shorewall6-lite - analagous to Shorewall-lite but handles IPv6
      rather than IPv4.

   The packages store their configurations in /etc/shorewall6/ and
   /etc/shorewall6-lite/ respectively.  

   The fact that the packages are separate from their IPv4 counterparts
   means that you control IPv4 and IPv6 traffic separately (the same
   way that Netfilter does). Starting/Stopping the firewall for one
   address family has no effect on the other address family.

   For additional information, see
   http://www.shorewall.net/IPV6Support.html.

   Other features of Shorewall6 are:

   a) There is no NAT of any kind (most people see this as a giant step
      forward). When an ISP assigns you a public IPv6 address, you are
      actually assigned an IPv6 'prefix' which is like an IPv4
      subnet. A 64-bit prefix allows 4 billion squared individual hosts
      (the size of the current IPv4 address space squared).

   b) The default zone type is ipv6.

   c) The currently-supported interface options in Shorewall6 are:

        blacklist
        bridge
        dhcp
        nosmurfs (traps multicast and Subnet-router anycast addresses
        used as the packet source address).
        optional
        routeback
        sourceroute
        tcpflags

   Other features of Shorewall6 are:

   a) There is no NAT of any kind (most people see this as a giant step
      forward). When an ISP assigns you a public IPv6 address, you are
      actually assigned an IPv6 'prefix' which is like an IPv4
      subnet. A 64-bit prefix allows 4 billion squared individual hosts
      (the size of the current IPv4 address space squared).

   b) The default zone type is ipv6.

   c) The currently-supported interface options in Shorewall6 are:

        blacklist
        bridge
        dhcp
        nosmurfs (traps multicast and Subnet-router anycast addresses
        used as the packet source address).
        optional
        routeback
        sourceroute
        tcpflags
        mss
        forward (setting it to 0 makes the router behave like a host
                 on that interface rather than like a router).

   d)  The currently-supported host options in Shorewall6 are:

        blacklist
        routeback
        tcpflags

   e)  Traffic Shaping is disabled by default. The tcdevices and
       tcclasses files are address-family independent so
       to use the Shorewall builtin Traffic Shaper, TC_ENABLED=Internal
       should be specified in Shorewall or in Shorewall6 but not in
       both. In the configuration where the internal traffic shaper is
       not enabled, CLEAR_TC=No should be specified.

       tcfilters are not available in Shorewall6.

   f)  When both an interface and an address or address list need to
       be specified in a rule, the address or list must be enclosed in
       angle brackets. Example:

        #ACTION      SOURCE                                     DEST
        ACCEPT       net:eth0:<2001:19f0:feee::dead:beef:cafe>  dmz

       Note that this includes MAC addresses as well as IPv6 addresses.

       The HOSTS column in /etc/shorewall6/hosts also uses this
       convention:

           #ZONE      HOSTS                                     OPTIONS
           chat6      eth0:<2001:19f0:feee::dead:beef:cafe>

       Even when an interface is not specified, it is permitted to
       enclose addresses in <> to improve readability. Example:

           #ACTION      SOURCE          DEST
           ACCEPT       net:<2001:1::1> $FW

   g)  The options available in shorewall6.conf are a subset of those
       available in shorewall.conf.

   h)  The Socket6.pm Perl module is required if you include DNS names
       in your Shorewall6 configuration. Note that it is loaded the
       first time that a DNS name is encountered so if it is missing,
       you get a message similar to this one:

       ...
       Checking /etc/shorewall6/rules...
       Can't locate Socket6.pm in @INC (@INC contains: /root ...
       teastep@ursa:~/Configs/standalone6$
diff --git a/web/Shorewall_index_frame.htm b/web/Shorewall_index_frame.htm index 7377fccb8..d4a8b9473 100644 --- a/web/Shorewall_index_frame.htm +++ b/web/Shorewall_index_frame.htm @@ -47,8 +47,7 @@ Thomas M. Eastep

List Archive Search

-Shorweall Logo
+Shorweall Logo diff --git a/web/shorewall_index.htm b/web/shorewall_index.htm index 3135ce2bb..00e6ce77a 100644 --- a/web/shorewall_index.htm +++ b/web/shorewall_index.htm @@ -117,7 +117,8 @@ is the Site Search in the frame to the left.

For a high level description of Shorewall, see the Introduction to -Shorewall.
+Shorewall. To review Shorewall functionality, see the Features Page.

License

This program is free software; you can