From 58adc158b2fc496cc413724f92f37f6427fbde5c Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 14 Jan 2009 22:45:31 +0000 Subject: [PATCH] A number of web updates git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9283 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/Shorewall_Doesnt.xml | 12 ++-- docs/upgrade_issues.xml | 108 ++++++++++++++++++++++++++++- web/Banner.html | 17 ++++- web/Documentation.html | 125 +++++++++++++++++++++------------- web/Shorewall_index_frame.htm | 11 +-- web/download.htm | 111 +++++++++++++++++------------- web/shorewall_index.htm | 13 +--- 7 files changed, 275 insertions(+), 122 deletions(-) diff --git a/docs/Shorewall_Doesnt.xml b/docs/Shorewall_Doesnt.xml index a8c4e59c6..b3f6c64f1 100644 --- a/docs/Shorewall_Doesnt.xml +++ b/docs/Shorewall_Doesnt.xml @@ -16,9 +16,7 @@ - 2003- - - 2005 + 2003-2009 Thomas M Eastep @@ -96,10 +94,10 @@ Shorewall generally does not contain any support for Netfilter - Patch-O-Matic-ng - features or any other features that require kernel patching -- - Shorewall only supports features from released kernels except in - unusual cases. + xtables-addons + features -- Shorewall only supports features from released kernels + except in unusual cases. diff --git a/docs/upgrade_issues.xml b/docs/upgrade_issues.xml index f282fd136..eec372ceb 100644 --- a/docs/upgrade_issues.xml +++ b/docs/upgrade_issues.xml @@ -27,6 +27,8 @@ 2007 + 2008 + Thomas M. Eastep @@ -69,6 +71,109 @@ command to see the groups associated with each of your zones. +
+ Versions >= 4.2.0 + + + + Previously, when HIGH_ROUTE_MARKS=Yes, Shorewall allowed + non-zero mark values < 256 to be assigned in the OUTPUT chain. This + has been changed so that only high mark values may be assigned there. + Packet marking rules for traffic shaping of packets originating on the + firewall must be coded in the POSTROUTING table. + + + + Previously, Shorewall did not range-check the value of the + VERBOSITY option in shorewall.conf. Beginning with Shorewall 4.2: a) A + VERBOSITY setting outside the range -1 through 2 is rejected. b) After + the -v and -q options are applied, the resulting value is adjusted to + fall within the range -1 through 2. + + + + Specifying a destination zone in a NAT-only rule now generates a + warning and the destination zone is ignored. NAT-only rules + are: + NONAT + + REDIRECT- + + DNAT- + + + + + The default value for LOG_MARTIANS has been changed. Previously, + the defaults were: Shorewall-perl - 'Off' Shorewall-shell - 'No' The + new default values are: + + + + Shorewall-perl + + + 'On. + + + + + Shorewall-shell + + + 'Yes' + + + + + Shorewall-perl users may: + + + + Accept the new default -- martians will be logged from all + interfaces with route filtering except those with log_martians=0 + in /etc/shorewall/interfaces. + + + + Explicitly set LOG_MARTIANS=Off to maintain compatibility + with prior versions of Shorewall. + + + + Shorewall-shell users may: + + + + Accept the new default -- martians will be logged from all + interfaces with the route filtering enabled. + + + + Explicitly set LOG_MARTIONS=No to maintain compatibility + with prior versions of Shorewall. + + + + + + The value of IMPLICIT_CONTINUE in shorewall.conf (and samples) + has been changed from Yes to No. + + + + The 'norfc1918' option is deprecated. Use explicit rules + instead. Note that there is a new 'Rfc1918' macro that acts on + addresses reserved by RFC 1918. + + + + DYNAMIC_ZONES=Yes is no longer supported by Shorewall-perl. Use + ipset-based zones instead. + + +
+
Versions >= 4.0.0-Beta7 @@ -596,7 +701,8 @@ all all REJECT:MyReject info The shorewall.conf file included in this release sets IPSECFILE=zones so that new users are expected to use the new zone file format. + url="manpages/shorewall-zones.html">new zone file + format. diff --git a/web/Banner.html b/web/Banner.html index 30647cca6..9f1802ef4 100644 --- a/web/Banner.html +++ b/web/Banner.html @@ -18,6 +18,17 @@
(Shorewall Logo)
+ +
+ +
+ +                               +
+ +
+ +
@@ -31,9 +42,9 @@ Google + style="border: 0px solid ; width: 100px; height: 41px;" align="middle"> + diff --git a/web/Documentation.html b/web/Documentation.html index 1af207669..00f5facdb 100644 --- a/web/Documentation.html +++ b/web/Documentation.html @@ -21,56 +21,87 @@ license is included in the section entitled “GNU Free Documentation License”.

-

2009-01-02
+

2009-01-14

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Document
+ 		Shorewall 3.x
+ 		Shorewall 4.0
+ 		Shorewall 4.2
+ 		Description
+
Alphabetical +Index
+ 		IndexIndexIndexIndex to over 70 articles with +topics ranging from Accounting to Xen
FAQs
+ 		FAQsFAQs FAQs Answers to the most commonly +asked +questions
IPv4 +Man pages
+ 		-
+ 		ManpagesManpages
+ 		Online version of the Shorewall +and Shorewall-lite man pages
IPv6 +Man Pages
+ 		-
+ 		-
+ 		Manpages
+ 		Online version of the Shorewall6 +and Shorewall6-lite man pages
+
+ diff --git a/web/Shorewall_index_frame.htm b/web/Shorewall_index_frame.htm index fda4425ec..a1e8a90c8 100644 --- a/web/Shorewall_index_frame.htm +++ b/web/Shorewall_index_frame.htm @@ -8,7 +8,8 @@ -

Home
+

Home
+Important Notices
Download
Documentation
Support
@@ -19,16 +20,16 @@ to Contribute
Trac Wiki
Other Links
-

+

Copyright© 2001-2009
Thomas M. Eastep

Shorweall Logo
+ src="images/gareth-davies-logo3_88x31.png" align="middle">

-

Please report errors 
+Please report errors
on this site to the Webmaster

+ href="mailto:webmaster@shorewall.net?subject=Website%20Comments">the Webmaster diff --git a/web/download.htm b/web/download.htm index 60d998af9..d5b115ef8 100644 --- a/web/download.htm +++ b/web/download.htm @@ -12,7 +12,7 @@

Shorewall Download

Tom Eastep

-Copyright ©  2001-2008 Thomas M. Eastep

+Copyright ©  2001-2009 Thomas M. Eastep

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or @@ -23,13 +23,14 @@ Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”.

-

2008-12-29

+

2009-01-14

Table of Contents

Package Information
-Finding Updates that Correct Known Problems
Download Sites
-SVN

+Finding Updates +that Correct Known Problems
+SVN

Package Information

Before trying to install, I strongly urge you to read and print a @@ -39,7 +40,7 @@ Guide for the configuration that most closely matches your own.

The documentation in both XML and HTML formats is available for download -from the Download Sites listed in the table below.

+from the Download Sites listed in the table below.

NOTICE: There are two current Shorewall Release Series:

@@ -62,27 +63,34 @@ AND IS NOT SUPPORTED.

Beginning with Shorewall version 4.0.0 RC1, there are four related packages:

    -
  • Shorewall-shell -- the legacy Shorewall configuration compiler -written in Bourne Shell.
    • -
  • Shorewall-perl -- an implementation of the Shorewall +
  • Shorewall-shell -- the +legacy Shorewall configuration compiler +written in Bourne Shell. Not recommended for new installations.
    +
    • +
  • Shorewall-perl -- an +implementation of the Shorewall configuration compiler written in the Perl programming language. This compiler is much faster than Shorewall-shell and produces a firewall script that runs faster. It is the preferred compiler for new Shorewall installations.
    • -
  • Shorewall-common -- A base package required by both +
  • Shorewall-common -- A +base package required by both Shorewall-shell and Shorewall-perl.
    • -
  • Shorewall Lite -- a light-weight Shorewall version that will run +
  • Shorewall Lite -- a +light-weight Shorewall version that will run compiled firewall scripts generated on a system with one of the compiler packages installed.
Beginning with Shorewall version 4.2.4, there are two additional packages that provide IPv6 support:
    -
  • Shorewall6 -- Provides /sbin/shorewall6 for controlling an IPv6 +
  • Shorewall6 -- Provides +/sbin/shorewall6 for controlling an IPv6 firewall. Requires Shorewall-common and Shorewall-perl,  4.2.4 or later.
    • -
  • Shorewall6-lite -- a light-weight Shorewall6 version that will +
  • Shorewall6-lite -- a +light-weight Shorewall6 version that will run compiled firewall scripts generated on a system with Shorewall6 installed.
    • @@ -154,9 +162,9 @@ installing the RPM.

    If you run Debian and would like a .deb package, Shorewall is included in both the Debian + href="http://packages.debian.org/testing/net/">Debian Testing Branch and the Debian + href="http://packages.debian.org/unstable/net/">Debian Unstable Branch. Additionally, packages for the current Debian stable release are available from the package maintainer's personal page. @@ -164,7 +172,8 @@ stable release are available from the package maintainer's

  • If you run LEAF/Bering or one if it's + style="font-weight: bold;" href="http://leaf.sourceforge.net/">LEAF/Bering +or one if it's derivatives, you can download a .lrp file from the Leaf site.

    From the LEAF Bering-uClibc Team: We try to provide the latest stable @@ -186,39 +195,13 @@ which itself links to cvs:
    href="http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/bin/bering-uclibc/packages/shorwall.lrp?rev=HEAD&content-type=application/octet-stream">http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/bin/bering-uclibc/packages/shorwall.lrp?rev=HEAD&content-type=application/octet-stream

  • -

    Otherwise, download the shorewall module (.tgz)

    +

    Otherwise, download the appropriate +tarballs (.tgz or tar.bz2)

You will probably also want to download the HTML version of the documentation for easy reference.

-

Finding Updates that Correct Known Problems

-

Beginning with Shorewall 4.0.6, updated packages that include fixes -to -known problems are made available.

-

Example:

-
- 
ftp> cd pub/shorewall/4.0/shorewall-4.0.6
250 OK. Current directory is /pub/shorewall/4.0/shorewall-4.0.6
ftp> ls
200 PORT command successful
150 Connecting to port 36018
drwxr-sr-x    4 1006     8            4096 Dec  1 08:16 .
drwxr-sr-x    9 1006     8            4096 Nov 23 08:22 ..
-rw-r--r--    1 1006     8             194 Nov 24 07:38 4.0.6-2.md5sums
-rw-r--r--    1 1006     8             218 Nov 24 07:38 4.0.6-2.sha1sums
-rw-r--r--    1 1006     8             841 Nov 26 13:26 4.0.6.md5sums
-rw-r--r--    1 1006     8             945 Nov 26 13:26 4.0.6.sha1sums
-rw-r--r--    1 1006     8             322 Nov 26 08:35 README.txt
drwxr-xr-x    4 1006     8            4096 Nov 23 17:16 errata
drwxr-xr-x    4 1006     8            4096 Nov 23 08:21 base
--rw-r--r--    1 1006     8            1570 Dec  1 08:16 known_problems.txt
--rw-r--r--    1 1006     8          148363 Nov 23 08:22 patch-4.0.6
--rw-r--r--    1 1006     8            5249 Nov 24 07:38 patch-4.0.6-2
-...
-
--rw-r--r--    1 1006     8          102295 Nov 24 07:38 shorewall-perl-4.0.6-2.noarch.rpm   <=========
-rw-r--r--    1 1006     8           99884 Nov 24 07:38 shorewall-perl-4.0.6-2.tar.bz2      <=========  
-rw-r--r--    1 1006     8             300 Nov 24 07:38 shorewall-perl-4.0.6-2.tar.bz2.asc  <=========
-rw-r--r--    1 1006     8          124814 Nov 24 07:38 shorewall-perl-4.0.6-2.tgz          <=========
-rw-r--r--    1 1006     8             300 Nov 24 07:38 shorewall-perl-4.0.6-2.tgz.asc      <=========
-rw-r--r--    1 1006     8           59124 Nov 23 08:22 shorewall-shell-4.0.6-1.noarch.rpm
-rw-r--r--    1 1006     8           76500 Nov 23 08:22 shorewall-shell-4.0.6.tar.bz2
-rw-r--r--    1 1006     8             300 Nov 23 08:22 shorewall-shell-4.0.6.tar.bz2.asc
-rw-r--r--    1 1006     8           95193 Nov 23 08:22 shorewall-shell-4.0.6.tgz
-rw-r--r--    1 1006     8             300 Nov 23 08:22 shorewall-shell-4.0.6.tgz.asc
drwxr-sr-x    2 1006     8            4096 Nov 26 08:33 superseded
-226-Options: -a -l 
-226 41 matches total
-ftp
-
-
-

The lines flagged with <====== show that the Shorewall-perl -package has been updated to include a bug fix (note the "-2" in the -version). The base tarballs for the release are found in the base -directory. The unified diff file name patch-4.0.6-2 -may be applied to the base (4.0.6) Shorewall-perl release to produce -4.0.6-2. The original Shorewall-perl packages may be found in the superseded -directory. Note that the fixes are still available in the errata -directory; the known_problems.txt file indicates -which problems are fixed in each updated package.

-

Download Sites

Use the sites below to download the tarball, the documentation and the standard RPM @@ -293,8 +276,7 @@ using our public key - Moscow, Russia (Temporarily -Offline)
+ Moscow, Russia
Shorewall.ru
@@ -383,6 +365,24 @@ site.
Leaf/Bering package is available at http://leaf.sourceforge.net/bering-uclibc/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=3&MMN_position=3:3

+

Finding Updates that Correct Known Problems

+

Beginning with Shorewall 4.0.6, updated packages that include fixes +to +known problems are made available.

+

Example:

+
+ 
ftp> cd pub/shorewall/4.0/shorewall-4.0.6
250 OK. Current directory is /pub/shorewall/4.0/shorewall-4.0.6
ftp> ls
200 PORT command successful
150 Connecting to port 36018
drwxr-sr-x    4 1006     8            4096 Dec  1 08:16 .
drwxr-sr-x    9 1006     8            4096 Nov 23 08:22 ..
-rw-r--r--    1 1006     8             194 Nov 24 07:38 4.0.6-2.md5sums
-rw-r--r--    1 1006     8             218 Nov 24 07:38 4.0.6-2.sha1sums
-rw-r--r--    1 1006     8             841 Nov 26 13:26 4.0.6.md5sums
-rw-r--r--    1 1006     8             945 Nov 26 13:26 4.0.6.sha1sums
-rw-r--r--    1 1006     8             322 Nov 26 08:35 README.txt
drwxr-xr-x    4 1006     8            4096 Nov 23 08:21 base
-rw-r--r--    1 1006     8            1570 Dec  1 08:16 known_problems.txt
-rw-r--r--    1 1006     8          148363 Nov 23 08:22 patch-4.0.6
-rw-r--r--    1 1006     8            5249 Nov 24 07:38 patch-4.0.6-2
...

-rw-r--r--    1 1006     8          102295 Nov 24 07:38 shorewall-perl-4.0.6-2.noarch.rpm   <=========
-rw-r--r--    1 1006     8           99884 Nov 24 07:38 shorewall-perl-4.0.6-2.tar.bz2      <=========  
-rw-r--r--    1 1006     8             300 Nov 24 07:38 shorewall-perl-4.0.6-2.tar.bz2.asc  <=========
-rw-r--r--    1 1006     8          124814 Nov 24 07:38 shorewall-perl-4.0.6-2.tgz          <=========
-rw-r--r--    1 1006     8             300 Nov 24 07:38 shorewall-perl-4.0.6-2.tgz.asc      <=========
-rw-r--r--    1 1006     8           59124 Nov 23 08:22 shorewall-shell-4.0.6-1.noarch.rpm
-rw-r--r--    1 1006     8           76500 Nov 23 08:22 shorewall-shell-4.0.6.tar.bz2
-rw-r--r--    1 1006     8             300 Nov 23 08:22 shorewall-shell-4.0.6.tar.bz2.asc
-rw-r--r--    1 1006     8           95193 Nov 23 08:22 shorewall-shell-4.0.6.tgz
-rw-r--r--    1 1006     8             300 Nov 23 08:22 shorewall-shell-4.0.6.tgz.asc
drwxr-sr-x    2 1006     8            4096 Nov 26 08:33 superseded
226-Options: -a -l 
226 41 matches total
ftp
+
+
+

The lines flagged with <====== show that the Shorewall-perl +package has been updated to include a bug fix (note the "-2" in the +version). The base tarballs for the release are found in the base +directory. The unified diff file name patch-4.0.6-2 +may be applied to the base (4.0.6) Shorewall-perl release to produce +4.0.6-2. The original Shorewall-perl packages may be found in the superseded +directory. The known_problems.txt file indicates +which problems are fixed in each updated package.

+

SVN

The SVN Repository at Sourceforge is used as a @@ -516,7 +516,24 @@ web sites.
Shorewall-lite

This project contains Shorewall Lite -- introduced in -Shorewall version 3.2.0 RC1.
+Shorewall version 3.2.0 RC1.
+ + +
  • +
    Shorewall6
    +
    +     This project contains Shorewall6 -- introduced in Shorewall +version +4.2.4.
    +
    • +
  • +
    Shorewall6-lite
    +
    +     This project contains Shorewall6 Lite -- introduced in +Shorewall +version 4.2.4. +
    +
    • diff --git a/web/shorewall_index.htm b/web/shorewall_index.htm index 262e1228a..989160e12 100644 --- a/web/shorewall_index.htm +++ b/web/shorewall_index.htm @@ -22,7 +22,7 @@ license is included in the section entitled "GNU Free Documentation License".

    -

    The Shorewall Logo is by Gareth Davies of The Shorewall Logo is the work of Gareth Davies of Thusa and is licensed under the Creative Commons Attribution-Share Alike 2.5 South Africa License. To view a copy of @@ -44,17 +44,6 @@ Shorewall
    Glossary
    What is Shorewall?
    License

    -

    Important -Notice to -users of Shorewall Multi-ISP Feature -- UPDATED 7 -November 2007

    -

    Important -Notice -to users of BRIDGING=Yes
    -

    -

    Important -Notice -to users running Kernel 2.4

    Current Shorewall Releases

    The current