holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Web site updates for 4.2.0

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8748 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-10-05 21:45:05 +00:00
parent 9536dbea1d
commit a5e771c1d8
15 changed files with 64 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/GnuCopyright.xml
View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN" <!DOCTYPE appendix PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"> "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<appendix id="gfdl"> <appendix id="gfdl">
<title>GNU Free Documentation License</title> <title>GNU Free Documentation License</title>

10
docs/Macros.xml
View File

@ -111,7 +111,7 @@ PARAM - - tcp 135,139,445
when you invoke the macro. The SMB macro shown above is parameterized when you invoke the macro. The SMB macro shown above is parameterized
(note PARAM in the TARGET column).</para> (note PARAM in the TARGET column).</para>
<para><emphasis role="bold">Shorewall versions prior to 4.1:</emphasis> <para><emphasis role="bold">Shorewall versions prior to 4.2.0:</emphasis>
When invoking a parameterized macro, you follow the name of the macro with When invoking a parameterized macro, you follow the name of the macro with
a slash ("/") and the action that you want to substitute for PARAM.</para> a slash ("/") and the action that you want to substitute for PARAM.</para>
@ -133,7 +133,7 @@ ACCEPT loc fw udp 1024: 137
ACCEPT loc fw tcp 135,139,445</programlisting> ACCEPT loc fw tcp 135,139,445</programlisting>
</blockquote> </blockquote>
<para><emphasis role="bold">Shorewall versions 4.1 and later:</emphasis> <para><emphasis role="bold">Shorewall versions 4.2.0 and later:</emphasis>
When invoking a parameterized macro, you follow the name of the macro with When invoking a parameterized macro, you follow the name of the macro with
the action that you want to substitute for PARAM enclosed in parentheses. the action that you want to substitute for PARAM enclosed in parentheses.
The older syntax described above is still supported but is The older syntax described above is still supported but is
@ -186,7 +186,7 @@ PARAM - loc tcp 25</programlisting>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S) <programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
SMTP/DNAT:info net 192.168.1.5</programlisting> SMTP/DNAT:info net 192.168.1.5</programlisting>
<para>/etc/shorewall/rules (Shorewall 4.1 and later):</para> <para>/etc/shorewall/rules (Shorewall 4.2.0 and later):</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S) <programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
SMTP(DNAT):info net 192.168.1.5</programlisting> SMTP(DNAT):info net 192.168.1.5</programlisting>
@ -211,7 +211,7 @@ PARAM - 192.168.1.5 tcp 25</programlisting>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S) <programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
SMTP/DNAT:info net loc</programlisting> SMTP/DNAT:info net loc</programlisting>
<para>/etc/shorewall/rules (Shorewall 4.1 and later)</para> <para>/etc/shorewall/rules (Shorewall 4.2.0 and later)</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S) <programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
SMTP(DNAT):info net loc</programlisting> SMTP(DNAT):info net loc</programlisting>
@ -251,7 +251,7 @@ PARAM DEST SOURCE tcp 135,139,445
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S) <programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
SMBBI/ACCEPT loc fw</programlisting> SMBBI/ACCEPT loc fw</programlisting>
<para>/etc/shorewall/rules (Shorewall 4.1 and later):</para> <para>/etc/shorewall/rules (Shorewall 4.2.0 and later):</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S) <programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
SMBBI(ACCEPT) loc fw</programlisting> SMBBI(ACCEPT) loc fw</programlisting>

4
docs/Manpages.xml
View File

@ -5,7 +5,7 @@
<!--$Id: template.xml 5908 2007-04-12 23:04:36Z teastep $--> <!--$Id: template.xml 5908 2007-04-12 23:04:36Z teastep $-->
<articleinfo> <articleinfo>
<title>Shorewall 4.0 Manpages</title> <title>Shorewall 4.2 Manpages</title>
<authorgroup> <authorgroup>
<author> <author>
@ -20,6 +20,8 @@
<copyright> <copyright>
<year>2007</year> <year>2007</year>
<year>2008</year>
<holder>Thomas M. Eastep</holder> <holder>Thomas M. Eastep</holder>
</copyright> </copyright>

38
docs/ReleaseModel.xml
View File

@ -26,6 +26,8 @@
<year>2007</year> <year>2007</year>
<year>2008</year>
<holder>Thomas M. Eastep</holder> <holder>Thomas M. Eastep</holder>
</copyright> </copyright>
@ -134,39 +136,7 @@
</listitem> </listitem>
</orderedlist> </orderedlist>
<para>We are currently waiving the two major release rule and are <para>The currently-supported major releases are and 4.0.x. and
supporting three major releases — the currently-supported major releases 4.2.x.</para>
are 3.2.x, 3.4.x and 4.0.x.</para>
</section>
<section id="Old">
<title>Old Release Model</title>
<para>This release model described above was adopted on 2004-07-03 and
modified 2004-07-21. Prior to 2004-07-03, a different release model was
followed. Highlights of that model were:</para>
<orderedlist>
<listitem>
<para>Releases were numbered in a manner similar to the current
release model.</para>
</listitem>
<listitem>
<para>Major new functionality was added in minor releases of the
current major release. There was no concept of Stable vs Development
major releases.</para>
</listitem>
<listitem>
<para>Bug fix only releases were always against the last minor release
of a major release and had identifications of the form
<emphasis>x.y.zX</emphasis> (e.g., 2.0.3c) where
<emphasis>X</emphasis>=1,b,c,... . Consequently, if a user required a
bug fix but was not running the last minor release of the associated
major release then it might be necessary to accept major new
functionality along with the bug fix.</para>
</listitem>
</orderedlist>
</section> </section>
</article> </article>

14
docs/Shorewall-4.xml
View File

@ -306,15 +306,23 @@
</row> </row>
<row> <row>
<entry valign="middle">Shorewall-common 4.0.9-4.0.12</entry> <entry valign="middle">Shorewall-common 4.0.9-4.0.14</entry>
<entry>Shorewall-shell 4.0.5 - 4.0.12</entry> <entry>Shorewall-shell 4.0.5 - 4.0.14</entry>
<entry>Shorewall-perl 4.0.5 - 4.0.12<footnote> <entry>Shorewall-perl 4.0.5 - 4.0.14<footnote>
<para>Shorewall-perl 4.0.6 and later require Shorewall-lite <para>Shorewall-perl 4.0.6 and later require Shorewall-lite
4.0.6 or later</para> 4.0.6 or later</para>
</footnote></entry> </footnote></entry>
</row> </row>
<row>
<entry valign="middle">Shorewall-common 4.2.0</entry>
<entry>Shorewall-shell 4.2.0</entry>
<entry>Shorewall-perl 4.2.0</entry>
</row>
</tbody> </tbody>
</tgroup> </tgroup>
</informaltable> </informaltable>

20
docs/Shorewall-perl.xml
View File

@ -157,10 +157,10 @@
<para>With the shell-based compiler, extension scripts were copied <para>With the shell-based compiler, extension scripts were copied
into the compiled script and executed at run-time. In many cases, into the compiled script and executed at run-time. In many cases,
this approach doesn't work with Shorewall Perl because (almost) the this approach doesn't work with Shorewall Perl because (almost) the
entire rule set is built by the compiler. As a result, Shorewall-perl entire rule set is built by the compiler. As a result,
runs some extension scripts at compile-time rather than at run-time. Shorewall-perl runs some extension scripts at compile-time rather
Because the compiler is written in Perl, your extension scripts from than at run-time. Because the compiler is written in Perl, your
earlier versions will no longer work.</para> extension scripts from earlier versions will no longer work.</para>
<para>The following table summarizes when the various extension <para>The following table summarizes when the various extension
scripts are run:<informaltable frame="all"> scripts are run:<informaltable frame="all">
@ -381,8 +381,8 @@ insert_rule $filter_table-&gt;{OUTPUT}, 1, "-p udp --sport 1701 -j ACCEPT";
<listitem> <listitem>
<para>Your ipsets must be loaded before Shorewall starts. You <para>Your ipsets must be loaded before Shorewall starts. You
are free to try to do that with the following code in are free to try to do that with the following code in
<filename>/etc/shorewall/start (it works for me; your mileage may <filename>/etc/shorewall/start (it works for me; your mileage
vary)</filename>:</para> may vary)</filename>:</para>
<programlisting>if [ "$COMMAND" = start ]; then <programlisting>if [ "$COMMAND" = start ]; then
ipset -U :all: :all: ipset -U :all: :all:
@ -437,8 +437,8 @@ fi</programlisting>
</listitem> </listitem>
<listitem> <listitem>
<para>DELAYBLACKLISTLOAD=Yes is not supported. The entire rule set is <para>DELAYBLACKLISTLOAD=Yes is not supported. The entire rule set
atomically loaded with one execution of is atomically loaded with one execution of
<command>iptables-restore</command>.</para> <command>iptables-restore</command>.</para>
</listitem> </listitem>
@ -689,7 +689,7 @@ ACCEPT loc:eth0:192.168.1.3,eth0:192.168.1.5 $fw tcp 22</programlisting>
role="bold">--log</emphasis>=&lt;logfile&gt;</member> role="bold">--log</emphasis>=&lt;logfile&gt;</member>
</simplelist></para> </simplelist></para>
<para>Added in Shorewall 4.1. If given, compiler will log to this file <para>Added in Shorewall 4.2. If given, compiler will log to this file
provider that --log_verbosity is &gt; -1.<simplelist> provider that --log_verbosity is &gt; -1.<simplelist>
<member><emphasis <member><emphasis
role="bold">--log_verbosity</emphasis>=-1|0|1|2</member> role="bold">--log_verbosity</emphasis>=-1|0|1|2</member>
@ -792,7 +792,7 @@ set +a
</section> </section>
<section> <section>
<title>Shorewall 4.1 and Later</title> <title>Shorewall 4.2 and Later</title>
<para>To avoid a proliferation of parameters to <para>To avoid a proliferation of parameters to
Shorewall::Compiler::compile(), that function has been changed to use Shorewall::Compiler::compile(), that function has been changed to use

8
docs/configuration_file_basics.xml
View File

@ -193,7 +193,7 @@
<para><filename>/etc/shorewall/tcdevices</filename>, <para><filename>/etc/shorewall/tcdevices</filename>,
<filename>/etc/shorewall/tcclasses</filename>, <filename>/etc/shorewall/tcclasses</filename>,
<filename>/etc/shorewall/tcfilters</filename> (tcfilters added in <filename>/etc/shorewall/tcfilters</filename> (tcfilters added in
Shorewall 4.1.6) - Define traffic shaping.</para> Shorewall 4.2.0) - Define traffic shaping.</para>
</listitem> </listitem>
<listitem> <listitem>
@ -299,7 +299,7 @@ ACCEPT net $FW tcp www #This is an end-of-line comment</progra
<listitem> <listitem>
<para>Macro definition files (/etc/shorewall/macro.*) — Added in <para>Macro definition files (/etc/shorewall/macro.*) — Added in
Shorewall-perl 4.1. They are ignored by Shorewall-shell 4.1 and Shorewall-perl 4.2.0. They are ignored by Shorewall-shell 4.1 and
later.</para> later.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
@ -589,8 +589,8 @@ use Shorewall::Config qw/shorewall/;</programlisting>
appear. When a DNS name appears in a rule, the iptables utility resolves appear. When a DNS name appears in a rule, the iptables utility resolves
the name to one or more IP addresses and inserts those addresses into the the name to one or more IP addresses and inserts those addresses into the
rule. So changes in the DNS-&gt;IP address relationship that occur after rule. So changes in the DNS-&gt;IP address relationship that occur after
the firewall has started have absolutely no effect on the firewall's the firewall has started have absolutely no effect on the firewall's rule
rule set.</para> set.</para>
<para>If your firewall rules include DNS names then:</para> <para>If your firewall rules include DNS names then:</para>

4
docs/standalone.xml
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<article id="standalone"> <article id="standalone">
<!--$Id$--> <!--$Id$-->

4
docs/troubleshoot.xml
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<article id="usefull_links"> <article id="usefull_links">
<!--$Id$--> <!--$Id$-->

4
docs/two-interface_ru.xml
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- $Id$ --> <!-- $Id$ -->
<article id="two-interface"> <article id="two-interface">
<articleinfo> <articleinfo>

23
tools/build/upload
View File

@ -125,7 +125,7 @@ case $1 in
shellrpm=shorewall-shell-${1%-*}-0${1#*-}.noarch.rpm shellrpm=shorewall-shell-${1%-*}-0${1#*-}.noarch.rpm
BASE=Yes BASE=Yes
;; ;;
4.0.*.*) 4.[02].*.*)
BASEVERSION=${1%.*} BASEVERSION=${1%.*}
PATCHNUM=${1##*.} PATCHNUM=${1##*.}
DEST="/srv/ftp/pub/shorewall/${BASEVERSION%.*}/shorewall-${BASEVERSION}" DEST="/srv/ftp/pub/shorewall/${BASEVERSION%.*}/shorewall-${BASEVERSION}"
@ -135,7 +135,7 @@ case $1 in
perlrpm=shorewall-perl-${BASEVERSION}-${PATCHNUM}.noarch.rpm perlrpm=shorewall-perl-${BASEVERSION}-${PATCHNUM}.noarch.rpm
shellrpm=shorewall-shell-${BASEVERSION}-${PATCHNUM}.noarch.rpm shellrpm=shorewall-shell-${BASEVERSION}-${PATCHNUM}.noarch.rpm
;; ;;
4.0.*) 4.[02].*)
DEST="/srv/ftp/pub/shorewall/${1%.*}/shorewall-$1" DEST="/srv/ftp/pub/shorewall/${1%.*}/shorewall-$1"
SHOREWALL=shorewall-common SHOREWALL=shorewall-common
rpm=shorewall-common-${1}-0base.noarch.rpm rpm=shorewall-common-${1}-0base.noarch.rpm
@ -144,25 +144,6 @@ case $1 in
shellrpm=shorewall-shell-${1}-0base.noarch.rpm shellrpm=shorewall-shell-${1}-0base.noarch.rpm
BASE=Yes BASE=Yes
;; ;;
4.[12].*.*)
BASEVERSION=${1%.*}
PATCHNUM=${1##*.}
DEST="/srv/ftp/pub/shorewall/development/${BASEVERSION%.*}/shorewall-${BASEVERSION}"
SHOREWALL=shorewall-common
rpm=shorewall-common-${BASEVERSION}-${PATCHNUM}.noarch.rpm
literpm=shorewall-lite-${BASEVERSION}-${PATCHNUM}.noarch.rpm
perlrpm=shorewall-perl-${BASEVERSION}-${PATCHNUM}.noarch.rpm
shellrpm=shorewall-shell-${BASEVERSION}-${PATCHNUM}.noarch.rpm
;;
4.[12].*)
DEST="/srv/ftp/pub/shorewall/development/${1%.*}/shorewall-$1"
SHOREWALL=shorewall-common
rpm=shorewall-common-${1}-0base.noarch.rpm
literpm=shorewall-lite-${1}-0base.noarch.rpm
perlrpm=shorewall-perl-${1}-0base.noarch.rpm
shellrpm=shorewall-shell-${1}-0base.noarch.rpm
BASE=Yes
;;
3.*[13579].*) 3.*[13579].*)
DEST="/srv/ftp/pub/shorewall/development/${1%.*}/shorewall-$1" DEST="/srv/ftp/pub/shorewall/development/${1%.*}/shorewall-$1"
rpm=shorewall-${1}-1.noarch.rpm rpm=shorewall-${1}-1.noarch.rpm

5
web/Documentation.html
View File

@ -21,7 +21,7 @@ license is included in the section entitled “<span class="quote"><a
href="GnuCopyright.htm" target="_self">GNU Free Documentation href="GnuCopyright.htm" target="_self">GNU Free Documentation
License</a></span>”.<br> License</a></span>”.<br>
</p> </p>
<p>2007-08-01<br> <p>2008-10-05<br>
</p> </p>
<hr style="width: 100%; height: 2px;"> <strong></strong> <hr style="width: 100%; height: 2px;"> <strong></strong>
<ul> <ul>
@ -50,7 +50,8 @@ Beginner HOWTOs <br>
released with Shorewall 3.4.0 and later <br> released with Shorewall 3.4.0 and later <br>
<br> <br>
<a href="/3.0/manpages/Manpages.html">Shorewall 3.x</a><br> <a href="/3.0/manpages/Manpages.html">Shorewall 3.x</a><br>
<a href="Manpages.html">Shorewall 4.x</a><br> <a href="/4.0/Manpages.html">Shorewall 4.0</a><br>
<a href="Manpages.html">Shorewall 4.2</a><br>
<br> <br>
</li> </li>
<li><a href="shorewall_features.htm">Shorewall <span <li><a href="shorewall_features.htm">Shorewall <span

4
web/News.htm
View File

@ -26,9 +26,11 @@ license is included in the section entitled <span
href="GnuCopyright.htm" target="_self">GNU Free Documentation href="GnuCopyright.htm" target="_self">GNU Free Documentation
License</a></span>". License</a></span>".
</p> </p>
<p>March 29, 2008<br> <p>October 05, 2008<br>
</p> </p>
<hr style="width: 100%; height: 2px;"> <hr style="width: 100%; height: 2px;">
<p><strong>2006-10-05 Shorewall 4.2.0</strong></p>
<pre><strong>Release Highlights.<br><br>1) Support is included for multiple internet providers through the same<br> ethernet interface.<br><br>2) Support for NFLOG has been added.<br><br>3) Enhanced operational logging.<br><br>4) The tarball installers now work under Cygwin.<br><br>5) Shorewall-perl now supports IFB devices which allow traffic shaping of<br> incoming traffic.<br><br>6) Shorewall-perl supports definition of u32 traffic classification<br> filters.<br></strong></pre>
<p><strong>2008-03-29 Shorewall 4.0.10</strong></p> <p><strong>2008-03-29 Shorewall 4.0.10</strong></p>
<p><strong></strong></p> <p><strong></strong></p>
<pre>Problems corrected in Shorewall-perl 4.0.10.<br><br>1)&nbsp; Shorewall-perl 4.0.9 erroneously reported an error message when a<br>&nbsp;&nbsp;&nbsp; bridge port was defined in /etc/shorewall/interfaces:<br><br>&nbsp;&nbsp;&nbsp;&nbsp; ERROR: Your iptables is not recent enough to support bridge ports<br><br>2)&nbsp; Under Shorewall-perl, if an empty action was invoked or was named<br>&nbsp;&nbsp;&nbsp; in one of the DEFAULT_xxx options in shorewall.conf, an<br>&nbsp;&nbsp;&nbsp; iptables-restore error occured.<br><br>3)&nbsp; If $ADMIN was empty, then the rule:<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ACCEPT loc:$ADMIN all<br><br>&nbsp;&nbsp;&nbsp;&nbsp; became<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ACCEPT loc&nbsp;&nbsp; net<br><br>&nbsp;&nbsp;&nbsp;&nbsp; It is now flagged as an error.<br><br>4)&nbsp; Previously, Shorewall-perl would reject an IP address range in the<br>&nbsp;&nbsp;&nbsp; ecn and routestopped files.<br><br>5)&nbsp; A POLICY of ":" in /etc/shorewall/policy would produce Perl<br>&nbsp;&nbsp;&nbsp; run-time errors.<br><br>6)&nbsp; An INTERFACE of ":" in /etc/shorewall/interfaces would produce Perl<br>&nbsp;&nbsp;&nbsp; run-time errors.<br><br>7)&nbsp; A MARK of ":" in /etc/shorewall/tcrules would produce Perl<br>&nbsp;&nbsp;&nbsp; run-time errors.<br><br>Problems corrected in Shorewall-shell 4.0.10.<br><br>1)&nbsp; Specifying a value for ACCEPT_DEFAULT or QUEUE_DEFAULT resulted in<br>&nbsp;&nbsp;&nbsp; a fatal error at compile time.<br><br>Known Problems Remaining.<br><br>1)&nbsp; The 'refresh' command doesn't refresh the mangle table. So changes<br>&nbsp;&nbsp;&nbsp; made to /etc/shorewall/providers and/or /etc/shorewall/tcrules may<br>&nbsp;&nbsp;&nbsp; not be reflected in the running ruleset.<br><br>Other changes in 4.0.10.<br><br>1)&nbsp; The Sample configurations have been updated to set<br>&nbsp;&nbsp;&nbsp; LOG_MARTIANS=keep. In 4.2, this will be changed to<br>&nbsp;&nbsp;&nbsp; LOG_MARTIANS=Yes.<br><br>2)&nbsp; Shorewall-perl now generates a fatal error if a non-existant shell<br>&nbsp;&nbsp;&nbsp; variable is used in any configuration file (except<br>&nbsp;&nbsp;&nbsp; /etc/shorewall/params).<br><br>3)&nbsp; Shorewall-perl now supports an 'l2tp' tunnel type. It opens UDP<br>&nbsp;&nbsp;&nbsp; port 1701 in both directions and assumes that the source port will<br>&nbsp;&nbsp;&nbsp; also be 1701. Some implementations (particularly OS X) use a<br>&nbsp;&nbsp;&nbsp; different source port. In that case, you should use<br>&nbsp;&nbsp;&nbsp; 'generic:udp:1701' rather than 'l2tp'.<br></pre> <pre>Problems corrected in Shorewall-perl 4.0.10.<br><br>1)&nbsp; Shorewall-perl 4.0.9 erroneously reported an error message when a<br>&nbsp;&nbsp;&nbsp; bridge port was defined in /etc/shorewall/interfaces:<br><br>&nbsp;&nbsp;&nbsp;&nbsp; ERROR: Your iptables is not recent enough to support bridge ports<br><br>2)&nbsp; Under Shorewall-perl, if an empty action was invoked or was named<br>&nbsp;&nbsp;&nbsp; in one of the DEFAULT_xxx options in shorewall.conf, an<br>&nbsp;&nbsp;&nbsp; iptables-restore error occured.<br><br>3)&nbsp; If $ADMIN was empty, then the rule:<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ACCEPT loc:$ADMIN all<br><br>&nbsp;&nbsp;&nbsp;&nbsp; became<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ACCEPT loc&nbsp;&nbsp; net<br><br>&nbsp;&nbsp;&nbsp;&nbsp; It is now flagged as an error.<br><br>4)&nbsp; Previously, Shorewall-perl would reject an IP address range in the<br>&nbsp;&nbsp;&nbsp; ecn and routestopped files.<br><br>5)&nbsp; A POLICY of ":" in /etc/shorewall/policy would produce Perl<br>&nbsp;&nbsp;&nbsp; run-time errors.<br><br>6)&nbsp; An INTERFACE of ":" in /etc/shorewall/interfaces would produce Perl<br>&nbsp;&nbsp;&nbsp; run-time errors.<br><br>7)&nbsp; A MARK of ":" in /etc/shorewall/tcrules would produce Perl<br>&nbsp;&nbsp;&nbsp; run-time errors.<br><br>Problems corrected in Shorewall-shell 4.0.10.<br><br>1)&nbsp; Specifying a value for ACCEPT_DEFAULT or QUEUE_DEFAULT resulted in<br>&nbsp;&nbsp;&nbsp; a fatal error at compile time.<br><br>Known Problems Remaining.<br><br>1)&nbsp; The 'refresh' command doesn't refresh the mangle table. So changes<br>&nbsp;&nbsp;&nbsp; made to /etc/shorewall/providers and/or /etc/shorewall/tcrules may<br>&nbsp;&nbsp;&nbsp; not be reflected in the running ruleset.<br><br>Other changes in 4.0.10.<br><br>1)&nbsp; The Sample configurations have been updated to set<br>&nbsp;&nbsp;&nbsp; LOG_MARTIANS=keep. In 4.2, this will be changed to<br>&nbsp;&nbsp;&nbsp; LOG_MARTIANS=Yes.<br><br>2)&nbsp; Shorewall-perl now generates a fatal error if a non-existant shell<br>&nbsp;&nbsp;&nbsp; variable is used in any configuration file (except<br>&nbsp;&nbsp;&nbsp; /etc/shorewall/params).<br><br>3)&nbsp; Shorewall-perl now supports an 'l2tp' tunnel type. It opens UDP<br>&nbsp;&nbsp;&nbsp; port 1701 in both directions and assumes that the source port will<br>&nbsp;&nbsp;&nbsp; also be 1701. Some implementations (particularly OS X) use a<br>&nbsp;&nbsp;&nbsp; different source port. In that case, you should use<br>&nbsp;&nbsp;&nbsp; 'generic:udp:1701' rather than 'l2tp'.<br></pre>

6
web/download.htm
View File

@ -23,7 +23,7 @@ Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of
the the
license is included in the section entitled “<a href="GnuCopyright.htm" license is included in the section entitled “<a href="GnuCopyright.htm"
target="_self">GNU Free Documentation License</a>”.</p> target="_self">GNU Free Documentation License</a>”.</p>
<p>2008-07-25 </p> <p>2008-10-05 </p>
<hr> <hr>
<h2>Table of Contents</h2> <h2>Table of Contents</h2>
<p><b><a href="#Which">Package Information</a><br> <p><b><a href="#Which">Package Information</a><br>
@ -45,11 +45,11 @@ Release
Series:</b></font></p> Series:</b></font></p>
<ul> <ul>
<li> <li>
<p style="margin-bottom: 0in;">The STABLE release series is 4.0. <p style="margin-bottom: 0in;">The STABLE release series is 4.2.
Choose this release if you value stability and good documentation.</p> Choose this release if you value stability and good documentation.</p>
</li> </li>
<li> <li>
<p>The DEVELOPMENT release series is the 4.2 release candidates <p>The DEVELOPMENT release series is the 4.3 release candidates
(found in the (found in the
'development' directory). Choose this release if you are <strong>very 'development' directory). Choose this release if you are <strong>very
experienced</strong> <strong>user</strong> and you are willing to help experienced</strong> <strong>user</strong> and you are willing to help

30
web/shorewall_index.htm
View File

@ -22,7 +22,7 @@ the
license is included in the section entitled <span license is included in the section entitled <span
style="text-decoration: underline;">"</span><a href="GnuCopyright.htm" style="text-decoration: underline;">"</span><a href="GnuCopyright.htm"
target="_self">GNU Free Documentation License</a>".</p> target="_self">GNU Free Documentation License</a>".</p>
<p>2008-09-27</p> <p>2008-10-05</p>
<hr style="width: 100%; height: 2px;"> <hr style="width: 100%; height: 2px;">
<h2>Table of Contents</h2> <h2>Table of Contents</h2>
<p style="margin-bottom: 0in; margin-left: 0.42in;"><a href="#Intro">Introduction <p style="margin-bottom: 0in; margin-left: 0.42in;"><a href="#Intro">Introduction
@ -121,17 +121,17 @@ Features page</a>.<br>
</p> </p>
<h3><a name="Releases"></a>Current Shorewall Releases</h3> <h3><a name="Releases"></a>Current Shorewall Releases</h3>
<p style="margin-left: 40px;">The <span style="font-weight: bold;">current <p style="margin-left: 40px;">The <span style="font-weight: bold;">current
Stable Release</span> version is 4.0.14<br> Stable Release</span> version is 4.2.0<br>
</p> </p>
<ul style="margin-left: 40px;"> <ul style="margin-left: 40px;">
<li>Here are the <a <li>Here are the <a
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.14/releasenotes.txt">release href="http://www1.shorewall.net/pub/shorewall/4.2/shorewall-4.2.0/releasenotes.txt">release
notes</a> <br> notes</a> <br>
</li> </li>
<li>Here are the <a <li>Here are the <a
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.14/known_problems.txt">known href="http://www1.shorewall.net/pub/shorewall/4.2/shorewall-4.2.0/known_problems.txt">known
problems</a> and <a problems</a> and <a
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.14/errata/">updates</a>. href="http://www1.shorewall.net/pub/shorewall/4.2/shorewall-4.2.0/errata/">updates</a>.
<p>Read more about the <a href="Shorewall-4.html">Release here</a>.<br> <p>Read more about the <a href="Shorewall-4.html">Release here</a>.<br>
</p> </p>
</li> </li>
@ -139,28 +139,16 @@ problems</a> and <a
<div style="margin-left: 40px;"> <div style="margin-left: 40px;">
The <span style="font-weight: bold;">previous Stable Release</span> The <span style="font-weight: bold;">previous Stable Release</span>
version version
is 3.4.8<br> is 4.0.14<br>
<ul> <ul>
<li>Here are the <a <li>Here are the <a
href="http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.8/releasenotes.txt">release href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.14/releasenotes.txt">release
notes</a> <br> notes</a> <br>
</li> </li>
<li>Here are the <a <li>Here are the <a
href="http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.8/known_problems.txt">known href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.14/known_problems.txt">known
problems</a> and <a problems</a> and <a
href="http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.8/errata/">updates</a>.</li> href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.14/errata/">updates</a>.</li>
</ul>
The <span style="font-weight: bold;">current Development Release</span>
is
4.2.0-RC4.
<ul>
<li>Here are the <a
href="http://www1.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.0-RC4/releasenotes.txt">release
notes</a> </li>
<li>Here are the <a
href="http://www1.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.0-RC4/known_problems.txt">known
problems</a> and <a
href="http://www1.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.0-RC4/errata/">updates</a>.</li>
</ul> </ul>
</div> </div>
<div style="margin-left: 40px;"> <div style="margin-left: 40px;">