holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

More reinstatment of 'check'

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@479 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2003-02-28 16:00:26 +00:00
parent 4c2b1406de
commit 7e2be60d01
2 changed files with 403 additions and 398 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
Shorewall-docs/seattlefirewall_index.htm
View File

@ -108,6 +108,7 @@
<h2 align="left">What is it?</h2> <h2 align="left">What is it?</h2>
@ -121,9 +122,9 @@
<p>The Shoreline Firewall, more commonly known as "Shorewall", is a <p>The Shoreline Firewall, more commonly known as "Shorewall", is
<a href="http://www.netfilter.org">Netfilter</a> (iptables) based firewall a <a href="http://www.netfilter.org">Netfilter</a> (iptables) based
that can be used on a dedicated firewall system, a multi-function firewall that can be used on a dedicated firewall system, a multi-function
gateway/router/server or on a standalone GNU/Linux system.</p> gateway/router/server or on a standalone GNU/Linux system.</p>
@ -140,7 +141,7 @@
<p>This program is free software; you can redistribute it and/or modify <p>This program is free software; you can redistribute it and/or modify
it under the terms it under the terms
of <a href="http://www.gnu.org/licenses/gpl.html">Version of <a href="http://www.gnu.org/licenses/gpl.html">Version
2 of the GNU General Public License</a> as published by the Free Software 2 of the GNU General Public License</a> as published by the Free Software
Foundation.<br> Foundation.<br>
<br> <br>
@ -155,10 +156,10 @@ PARTICULAR PURPOSE. See the GNU General Public License
<br> <br>
You should have received You should have received
a copy of the GNU General Public License a copy of the GNU General Public License
along with this program; if not, write to the along with this program; if not, write to
Free Software Foundation, Inc., 675 Mass the Free Software Foundation, Inc., 675 Mass
Ave, Cambridge, MA 02139, USA</p> Ave, Cambridge, MA 02139, USA</p>
@ -195,8 +196,8 @@ Ave, Cambridge, MA 02139, USA</p>
<a href="http://leaf.sourceforge.net/devel/jnilo"> http://leaf.sourceforge.net/devel/jnilo<br> <a href="http://leaf.sourceforge.net/devel/jnilo"> http://leaf.sourceforge.net/devel/jnilo<br>
</a></p> </a></p>
<p><b>Congratulations to Jacques and Eric on the recent release of Bering <p><b>Congratulations to Jacques and Eric on the recent release of
1.1!!!</b><br> Bering 1.1!!!</b><br>
</p> </p>
@ -208,8 +209,9 @@ Ave, Cambridge, MA 02139, USA</p>
<h2>This is a mirror of the main Shorewall web site at SourceForge (<a <h2>This is a mirror of the main Shorewall web site at SourceForge
href="http://shorewall.sf.net" target="_top">http://shorewall.sf.net</a>)</h2> (<a href="http://shorewall.sf.net" target="_top">http://shorewall.sf.net</a>)</h2>
@ -255,18 +257,16 @@ Ave, Cambridge, MA 02139, USA</p>
<p></p> <p></p>
Shorewall 1.4 represents the next step in the evolution of Shorewall. Shorewall 1.4 represents the next step in the evolution of Shorewall.
The main thrust of the initial release is simply to remove the cruft that The main thrust of the initial release is simply to remove the cruft that
has accumulated in Shorewall over time. <br> has accumulated in Shorewall over time.<br>
<b>IMPORTANT: Shorewall 1.4.0 <u>REQUIRES</u></b> <b>the iproute  <br>
package ('ip' utility).</b><br> <b>IMPORTANT: Shorewall 1.4.0 requires</b> <b>the iproute package
('ip' utility).</b><br>
<br> <br>
Function from 1.3 that has been omitted from this version include:<br> Function from 1.3 that has been omitted from this version include:<br>
<ol> <ol>
<li>The "check" command is no longer supported.<br> <li>The MERGE_HOSTS variable in shorewall.conf is
<br> no longer supported. Shorewall 1.4 behavior is the same as 1.3 with MERGE_HOSTS=Yes.<br>
</li>
<li>The MERGE_HOSTS variable in shorewall.conf is no longer supported.
Shorewall 1.4 behavior is the same as 1.3 with MERGE_HOSTS=Yes.<br>
<br> <br>
</li> </li>
<li>Interface names of the form &lt;device&gt;:&lt;integer&gt; <li>Interface names of the form &lt;device&gt;:&lt;integer&gt;
@ -284,7 +284,7 @@ package ('ip' utility).</b><br>
<br> <br>
</li> </li>
<li>The Shorewall 1.2 syntax for DNAT and REDIRECT rules is <li>The Shorewall 1.2 syntax for DNAT and REDIRECT rules is
no longer accepted.<br> no longer accepted.<br>
<br> <br>
</li> </li>
<li>The ALLOWRELATED variable in shorewall.conf is no longer <li>The ALLOWRELATED variable in shorewall.conf is no longer
@ -303,12 +303,12 @@ no longer accepted.<br>
<ul> <ul>
<li>There is an <u>explicit</u> policy for the source zone to <li>There is an <u>explicit</u> policy for the source zone to
or from the destination zone. An explicit policy names both zones and does or from the destination zone. An explicit policy names both zones and does
not use the 'all' reserved word.</li> not use the 'all' reserved word.</li>
<li>There are one or more rules for traffic for the source zone <li>There are one or more rules for traffic for the source zone
to or from the destination zone including rules that use the 'all' reserved to or from the destination zone including rules that use the 'all' reserved
word. Exception: if the source zone and destination zone are the same then word. Exception: if the source zone and destination zone are the same then
the rule must be explicit - it must name the zone in both the SOURCE and the rule must be explicit - it must name the zone in both the SOURCE and
DESTINATION columns.<br> DESTINATION columns.<br>
</li> </li>
</ul> </ul>
@ -330,14 +330,13 @@ DESTINATION columns.<br>
in /usr/share/shorewall.<br> in /usr/share/shorewall.<br>
<br> <br>
</li> </li>
<li>Late arriving DNS replies are now silently dropped in the <li>Late arriving DNS replies are now silently dropped in
common chain by default.<br> the common chain by default.<br>
<br> <br>
</li> </li>
<li>In addition to behaving like OLD_PING_HANDLING=No, Shorewall <li>In addition to behaving like OLD_PING_HANDLING=No, Shorewall
1.4 no longer unconditionally accepts outbound ICMP packets. So if you 1.4 no longer unconditionally accepts outbound ICMP packets. So if you want
want to 'ping' from the firewall, you will need the appropriate rule or to 'ping' from the firewall, you will need the appropriate rule or policy.<br>
policy.<br>
<br> <br>
</li> </li>
<li>802.11b devices with names of the form wlan<i>&lt;n&gt;</i> <li>802.11b devices with names of the form wlan<i>&lt;n&gt;</i>
@ -347,6 +346,7 @@ policy.<br>
</ol> </ol>
<ul> <ul>
@ -362,6 +362,7 @@ policy.<br>
<p><b></b><a href="News.htm">More News</a></p> <p><b></b><a href="News.htm">More News</a></p>
@ -421,6 +422,7 @@ policy.<br>
<p align="center"><a href="http://www.starlight.org"> <img <p align="center"><a href="http://www.starlight.org"> <img
border="4" src="images/newlog.gif" width="57" height="100" align="left" border="4" src="images/newlog.gif" width="57" height="100" align="left"
hspace="10"> hspace="10">
@ -437,11 +439,12 @@ policy.<br>
<p align="center"><font size="4" color="#ffffff">Shorewall is free but
if you try it and find it useful, please consider making a donation <p align="center"><font size="4" color="#ffffff">Shorewall is free
but if you try it and find it useful, please consider making a donation
to <a to <a
href="http://www.starlight.org"><font color="#ffffff">Starlight Children's href="http://www.starlight.org"><font color="#ffffff">Starlight
Foundation.</font></a> Thanks!</font></p> Children's Foundation.</font></a> Thanks!</font></p>
</td> </td>
@ -459,12 +462,9 @@ Foundation.</font></a> Thanks!</font></p>
<p><font size="2">Updated 2/18/2003 - <a href="support.htm">Tom Eastep</a></font> <p><font size="2">Updated 2/28/2003 - <a href="support.htm">Tom Eastep</a></font>
<br> <br>
</p> </p>
<br>
<br>
<br>
</body> </body>
</html> </html>

69
Shorewall-docs/sourceforge_index.htm
View File

@ -7,6 +7,7 @@
<meta http-equiv="Content-Type" <meta http-equiv="Content-Type"
content="text/html; charset=windows-1252"> content="text/html; charset=windows-1252">
<title>Shoreline Firewall (Shorewall) 1.4</title> <title>Shoreline Firewall (Shorewall) 1.4</title>
@ -120,8 +121,9 @@
<p>The Shoreline Firewall, more commonly known as  "Shorewall", is <p>The Shoreline Firewall, more commonly known as  "Shorewall", is
a <a href="http://www.netfilter.org">Netfilter</a> (iptables) a <a href="http://www.netfilter.org">Netfilter</a> (iptables)
based firewall that can be used on a dedicated firewall system, based firewall that can be used on a dedicated firewall system,
a multi-function gateway/router/server or on a standalone a multi-function gateway/router/server or on a standalone GNU/Linux
GNU/Linux system.</p> system.</p>
@ -145,8 +147,8 @@ GNU/Linux system.</p>
This program is distributed This program is distributed
in the hope that it will be useful, but in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied WITHOUT ANY WARRANTY; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR warranty of MERCHANTABILITY or FITNESS FOR A
A PARTICULAR PURPOSE. See the GNU General Public License PARTICULAR PURPOSE. See the GNU General Public License
for more details.<br> for more details.<br>
<br> <br>
@ -154,8 +156,9 @@ A PARTICULAR PURPOSE. See the GNU General Public License
You should have received You should have received
a copy of the GNU General Public License a copy of the GNU General Public License
along with this program; if not, write to along with this program; if not, write to
the Free Software Foundation, Inc., 675 Mass the Free Software Foundation, Inc., 675
Ave, Cambridge, MA 02139, USA</p> Mass Ave, Cambridge, MA 02139, USA</p>
@ -197,8 +200,8 @@ A PARTICULAR PURPOSE. See the GNU General Public License
<b>Congratulations to Jacques and Eric <b>Congratulations to Jacques and
on the recent release of Bering 1.1!!!</b><br> Eric on the recent release of Bering 1.1!!!</b><br>
<h2>News</h2> <h2>News</h2>
@ -221,19 +224,17 @@ A PARTICULAR PURPOSE. See the GNU General Public License
</b></p> </b></p>
Shorewall 1.4 represents the Shorewall 1.4 represents the
next step in the evolution of Shorewall. The main thrust of the initial next step in the evolution of Shorewall. The main thrust of the initial
release is simply to remove the cruft that has accumulated in Shorewall release is simply to remove the cruft that has accumulated in Shorewall over
over time. <br> time. <br>
<b>IMPORTANT: Shorewall 1.4.0 <u>REQUIRES</u></b> <b>the iproute package <br>
('ip' utility).</b><br> <b>IMPORTANT: Shorewall 1.4.0 requires</b> <b>the iproute package
('ip' utility).</b><br>
<br> <br>
Function from 1.3 that has been omitted from this version include:<br> Function from 1.3 that has been omitted from this version include:<br>
<ol> <ol>
<li>The "check" command is no longer supported.<br> <li>The MERGE_HOSTS variable in shorewall.conf is
<br> no longer supported. Shorewall 1.4 behavior is the same as 1.3 with MERGE_HOSTS=Yes.<br>
</li>
<li>The MERGE_HOSTS variable in shorewall.conf is no longer supported.
Shorewall 1.4 behavior is the same as 1.3 with MERGE_HOSTS=Yes.<br>
<br> <br>
</li> </li>
<li>Interface names of the form &lt;device&gt;:&lt;integer&gt; <li>Interface names of the form &lt;device&gt;:&lt;integer&gt;
@ -247,7 +248,7 @@ over time. <br>
</li> </li>
<li>The 'routestopped' option in the /etc/shorewall/interfaces <li>The 'routestopped' option in the /etc/shorewall/interfaces
and /etc/shorewall/hosts files is no longer supported and will generate and /etc/shorewall/hosts files is no longer supported and will generate
an error at startup if specified.<br> an error at startup if specified.<br>
<br> <br>
</li> </li>
<li>The Shorewall 1.2 syntax for DNAT and REDIRECT rules is <li>The Shorewall 1.2 syntax for DNAT and REDIRECT rules is
@ -255,7 +256,7 @@ no longer accepted.<br>
<br> <br>
</li> </li>
<li>The ALLOWRELATED variable in shorewall.conf is no longer <li>The ALLOWRELATED variable in shorewall.conf is no longer
supported. Shorewall 1.4 behavior is the same as 1.3 with ALLOWRELATED=Yes.<br> supported. Shorewall 1.4 behavior is the same as 1.3 with ALLOWRELATED=Yes.<br>
<br> <br>
</li> </li>
<li>The icmp.def file has been removed.<br> <li>The icmp.def file has been removed.<br>
@ -268,11 +269,11 @@ supported. Shorewall 1.4 behavior is the same as 1.3 with ALLOWRELATED=Yes.<br
</ol> </ol>
<ul> <ul>
<li>There is an <u>explicit</u> policy for the source zone to or <li>There is an <u>explicit</u> policy for the source zone to
from the destination zone. An explicit policy names both zones and does or from the destination zone. An explicit policy names both zones and does
not use the 'all' reserved word.</li> not use the 'all' reserved word.</li>
<li>There are one or more rules for traffic for the source zone <li>There are one or more rules for traffic for the source zone
to or from the destination zone including rules that use the 'all' reserved to or from the destination zone including rules that use the 'all' reserved
word. Exception: if the source zone and destination zone are the same then word. Exception: if the source zone and destination zone are the same then
the rule must be explicit - it must name the zone in both the SOURCE and the rule must be explicit - it must name the zone in both the SOURCE and
DESTINATION columns.</li> DESTINATION columns.</li>
@ -292,8 +293,8 @@ DESTINATION columns.</li>
<li>LOG and CONTINUE are now a valid actions for a rule (/etc/shorewall/rules).<br> <li>LOG and CONTINUE are now a valid actions for a rule (/etc/shorewall/rules).<br>
<br> <br>
</li> </li>
<li>The firewall script and version file are now installed in <li>The firewall script and version file are now installed
/usr/share/shorewall.<br> in /usr/share/shorewall.<br>
<br> <br>
</li> </li>
<li>Late arriving DNS replies are now silently dropped in the <li>Late arriving DNS replies are now silently dropped in the
@ -301,17 +302,19 @@ DESTINATION columns.</li>
<br> <br>
</li> </li>
<li>In addition to behaving like OLD_PING_HANDLING=No, Shorewall <li>In addition to behaving like OLD_PING_HANDLING=No, Shorewall
1.4 no longer unconditionally accepts outbound ICMP packets. So if you want 1.4 no longer unconditionally accepts outbound ICMP packets. So if you
to 'ping' from the firewall, you will need the appropriate rule or policy.<br> want to 'ping' from the firewall, you will need the appropriate rule or
policy.<br>
<br> <br>
</li> </li>
<li>802.11b devices with names of the form wlan<i>&lt;n&gt;</i> <li>802.11b devices with names of the form wlan<i>&lt;n&gt;</i>
now support the 'maclist' option.<br> now support the 'maclist' option.<br>
<br> <br>
</li> </li>
</ol> </ol>
<p></p> <p></p>
<b> </b> <b> </b>
@ -362,6 +365,7 @@ now support the 'maclist' option.<br>
<h1 align="center"><a href="http://www.sf.net"><img align="left" <h1 align="center"><a href="http://www.sf.net"><img align="left"
alt="SourceForge Logo" alt="SourceForge Logo"
src="http://sourceforge.net/sflogo.php?group_id=22587&amp;type=3"> src="http://sourceforge.net/sflogo.php?group_id=22587&amp;type=3">
@ -372,6 +376,7 @@ now support the 'maclist' option.<br>
<h4> </h4> <h4> </h4>
@ -452,11 +457,11 @@ now support the 'maclist' option.<br>
<p align="center"><font size="4" color="#ffffff">Shorewall is free <p align="center"><font size="4" color="#ffffff">Shorewall is free but
but if you try it and find it useful, please consider making a donation if you try it and find it useful, please consider making a donation
to <a to <a
href="http://www.starlight.org"><font color="#ffffff">Starlight href="http://www.starlight.org"><font color="#ffffff">Starlight Children's
Children's Foundation.</font></a> Thanks!</font></p> Foundation.</font></a> Thanks!</font></p>
</td> </td>
@ -474,7 +479,7 @@ Children's Foundation.</font></a> Thanks!</font></p>
<p><font size="2">Updated 2/24/2003 - <a href="support.htm">Tom Eastep</a></font> <p><font size="2">Updated 2/28/2003 - <a href="support.htm">Tom Eastep</a></font>
<br> <br>
</p> </p>