From b2045fdc0bdaf6824a1238da5ef1f584f3a1d203 Mon Sep 17 00:00:00 2001 From: teastep Date: Sun, 7 Dec 2008 18:13:16 +0000 Subject: [PATCH] Save IPv6 State git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8934 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- .../COPYING | 0 .../README.txt | 0 .../Shorewall/Accounting.pm | 0 .../Shorewall/Actions.pm | 0 .../Shorewall/Chains.pm | 2 +- .../Shorewall/Compiler.pm | 0 .../Shorewall/Config.pm | 0 .../Shorewall/IPAddrs.pm | 0 .../Shorewall/Nat.pm | 0 .../Shorewall/Policy.pm | 0 .../Shorewall/Proc.pm | 0 .../Shorewall/Providers.pm | 0 .../Shorewall/Proxyarp.pm | 0 .../Shorewall/Rules.pm | 0 .../Shorewall/Tc.pm | 0 .../Shorewall/Tunnels.pm | 0 .../Shorewall/Zones.pm | 0 .../compiler.pl | 0 .../install.sh | 0 .../prog.footer | 0 .../prog.functions | 0 .../prog.header | 0 .../shorewall-perl.spec | 0 docs/ipsets.xml | 132 +++++++++++++----- web/News.htm | 7 +- web/download.htm | 23 +-- web/shorewall_index.htm | 11 +- 27 files changed, 110 insertions(+), 65 deletions(-) rename {Shorewall-perl => Shorewall-perl-IPv6-Aborted}/COPYING (100%) rename {Shorewall-perl => Shorewall-perl-IPv6-Aborted}/README.txt (100%) rename {Shorewall-perl => Shorewall-perl-IPv6-Aborted}/Shorewall/Accounting.pm (100%) rename {Shorewall-perl => Shorewall-perl-IPv6-Aborted}/Shorewall/Actions.pm (100%) rename {Shorewall-perl => Shorewall-perl-IPv6-Aborted}/Shorewall/Chains.pm (99%) rename {Shorewall-perl => Shorewall-perl-IPv6-Aborted}/Shorewall/Compiler.pm (100%) rename {Shorewall-perl => Shorewall-perl-IPv6-Aborted}/Shorewall/Config.pm (100%) rename {Shorewall-perl => Shorewall-perl-IPv6-Aborted}/Shorewall/IPAddrs.pm (100%) rename {Shorewall-perl => Shorewall-perl-IPv6-Aborted}/Shorewall/Nat.pm (100%) rename {Shorewall-perl => Shorewall-perl-IPv6-Aborted}/Shorewall/Policy.pm (100%) rename {Shorewall-perl => Shorewall-perl-IPv6-Aborted}/Shorewall/Proc.pm (100%) rename {Shorewall-perl => Shorewall-perl-IPv6-Aborted}/Shorewall/Providers.pm (100%) rename {Shorewall-perl => Shorewall-perl-IPv6-Aborted}/Shorewall/Proxyarp.pm (100%) rename {Shorewall-perl => Shorewall-perl-IPv6-Aborted}/Shorewall/Rules.pm (100%) rename {Shorewall-perl => Shorewall-perl-IPv6-Aborted}/Shorewall/Tc.pm (100%) rename {Shorewall-perl => Shorewall-perl-IPv6-Aborted}/Shorewall/Tunnels.pm (100%) rename {Shorewall-perl => Shorewall-perl-IPv6-Aborted}/Shorewall/Zones.pm (100%) rename {Shorewall-perl => Shorewall-perl-IPv6-Aborted}/compiler.pl (100%) rename {Shorewall-perl => Shorewall-perl-IPv6-Aborted}/install.sh (100%) rename {Shorewall-perl => Shorewall-perl-IPv6-Aborted}/prog.footer (100%) rename {Shorewall-perl => Shorewall-perl-IPv6-Aborted}/prog.functions (100%) rename {Shorewall-perl => Shorewall-perl-IPv6-Aborted}/prog.header (100%) rename {Shorewall-perl => Shorewall-perl-IPv6-Aborted}/shorewall-perl.spec (100%) diff --git a/Shorewall-perl/COPYING b/Shorewall-perl-IPv6-Aborted/COPYING similarity index 100% rename from Shorewall-perl/COPYING rename to Shorewall-perl-IPv6-Aborted/COPYING diff --git a/Shorewall-perl/README.txt b/Shorewall-perl-IPv6-Aborted/README.txt similarity index 100% rename from Shorewall-perl/README.txt rename to Shorewall-perl-IPv6-Aborted/README.txt diff --git a/Shorewall-perl/Shorewall/Accounting.pm b/Shorewall-perl-IPv6-Aborted/Shorewall/Accounting.pm similarity index 100% rename from Shorewall-perl/Shorewall/Accounting.pm rename to Shorewall-perl-IPv6-Aborted/Shorewall/Accounting.pm diff --git a/Shorewall-perl/Shorewall/Actions.pm b/Shorewall-perl-IPv6-Aborted/Shorewall/Actions.pm similarity index 100% rename from Shorewall-perl/Shorewall/Actions.pm rename to Shorewall-perl-IPv6-Aborted/Shorewall/Actions.pm diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl-IPv6-Aborted/Shorewall/Chains.pm similarity index 99% rename from Shorewall-perl/Shorewall/Chains.pm rename to Shorewall-perl-IPv6-Aborted/Shorewall/Chains.pm index 151dd6679..36f603f0f 100644 --- a/Shorewall-perl/Shorewall/Chains.pm +++ b/Shorewall-perl-IPv6-Aborted/Shorewall/Chains.pm @@ -2325,7 +2325,7 @@ sub expand_rule( $$$$$$$$$$$ ) if ( $origdest ) { if ( $origdest eq '-' || ! $capabilities{CONNTRACK_MATCH} ) { $origdest = ''; - if ( $capabilities{NEW_CONNTRACK_MATCH} && defined $oport && $oport ne '' ) { + if ( $capabilities{NEW_CONNTRACK_MATCH} && defined $oport && $oport ne '' && $oport ne '-' ) { $rule .= "-m conntrack --ctorigdstport $oport "; } } elsif ( $origdest =~ /^detect:(.*)$/ ) { diff --git a/Shorewall-perl/Shorewall/Compiler.pm b/Shorewall-perl-IPv6-Aborted/Shorewall/Compiler.pm similarity index 100% rename from Shorewall-perl/Shorewall/Compiler.pm rename to Shorewall-perl-IPv6-Aborted/Shorewall/Compiler.pm diff --git a/Shorewall-perl/Shorewall/Config.pm b/Shorewall-perl-IPv6-Aborted/Shorewall/Config.pm similarity index 100% rename from Shorewall-perl/Shorewall/Config.pm rename to Shorewall-perl-IPv6-Aborted/Shorewall/Config.pm diff --git a/Shorewall-perl/Shorewall/IPAddrs.pm b/Shorewall-perl-IPv6-Aborted/Shorewall/IPAddrs.pm similarity index 100% rename from Shorewall-perl/Shorewall/IPAddrs.pm rename to Shorewall-perl-IPv6-Aborted/Shorewall/IPAddrs.pm diff --git a/Shorewall-perl/Shorewall/Nat.pm b/Shorewall-perl-IPv6-Aborted/Shorewall/Nat.pm similarity index 100% rename from Shorewall-perl/Shorewall/Nat.pm rename to Shorewall-perl-IPv6-Aborted/Shorewall/Nat.pm diff --git a/Shorewall-perl/Shorewall/Policy.pm b/Shorewall-perl-IPv6-Aborted/Shorewall/Policy.pm similarity index 100% rename from Shorewall-perl/Shorewall/Policy.pm rename to Shorewall-perl-IPv6-Aborted/Shorewall/Policy.pm diff --git a/Shorewall-perl/Shorewall/Proc.pm b/Shorewall-perl-IPv6-Aborted/Shorewall/Proc.pm similarity index 100% rename from Shorewall-perl/Shorewall/Proc.pm rename to Shorewall-perl-IPv6-Aborted/Shorewall/Proc.pm diff --git a/Shorewall-perl/Shorewall/Providers.pm b/Shorewall-perl-IPv6-Aborted/Shorewall/Providers.pm similarity index 100% rename from Shorewall-perl/Shorewall/Providers.pm rename to Shorewall-perl-IPv6-Aborted/Shorewall/Providers.pm diff --git a/Shorewall-perl/Shorewall/Proxyarp.pm b/Shorewall-perl-IPv6-Aborted/Shorewall/Proxyarp.pm similarity index 100% rename from Shorewall-perl/Shorewall/Proxyarp.pm rename to Shorewall-perl-IPv6-Aborted/Shorewall/Proxyarp.pm diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl-IPv6-Aborted/Shorewall/Rules.pm similarity index 100% rename from Shorewall-perl/Shorewall/Rules.pm rename to Shorewall-perl-IPv6-Aborted/Shorewall/Rules.pm diff --git a/Shorewall-perl/Shorewall/Tc.pm b/Shorewall-perl-IPv6-Aborted/Shorewall/Tc.pm similarity index 100% rename from Shorewall-perl/Shorewall/Tc.pm rename to Shorewall-perl-IPv6-Aborted/Shorewall/Tc.pm diff --git a/Shorewall-perl/Shorewall/Tunnels.pm b/Shorewall-perl-IPv6-Aborted/Shorewall/Tunnels.pm similarity index 100% rename from Shorewall-perl/Shorewall/Tunnels.pm rename to Shorewall-perl-IPv6-Aborted/Shorewall/Tunnels.pm diff --git a/Shorewall-perl/Shorewall/Zones.pm b/Shorewall-perl-IPv6-Aborted/Shorewall/Zones.pm similarity index 100% rename from Shorewall-perl/Shorewall/Zones.pm rename to Shorewall-perl-IPv6-Aborted/Shorewall/Zones.pm diff --git a/Shorewall-perl/compiler.pl b/Shorewall-perl-IPv6-Aborted/compiler.pl similarity index 100% rename from Shorewall-perl/compiler.pl rename to Shorewall-perl-IPv6-Aborted/compiler.pl diff --git a/Shorewall-perl/install.sh b/Shorewall-perl-IPv6-Aborted/install.sh similarity index 100% rename from Shorewall-perl/install.sh rename to Shorewall-perl-IPv6-Aborted/install.sh diff --git a/Shorewall-perl/prog.footer b/Shorewall-perl-IPv6-Aborted/prog.footer similarity index 100% rename from Shorewall-perl/prog.footer rename to Shorewall-perl-IPv6-Aborted/prog.footer diff --git a/Shorewall-perl/prog.functions b/Shorewall-perl-IPv6-Aborted/prog.functions similarity index 100% rename from Shorewall-perl/prog.functions rename to Shorewall-perl-IPv6-Aborted/prog.functions diff --git a/Shorewall-perl/prog.header b/Shorewall-perl-IPv6-Aborted/prog.header similarity index 100% rename from Shorewall-perl/prog.header rename to Shorewall-perl-IPv6-Aborted/prog.header diff --git a/Shorewall-perl/shorewall-perl.spec b/Shorewall-perl-IPv6-Aborted/shorewall-perl.spec similarity index 100% rename from Shorewall-perl/shorewall-perl.spec rename to Shorewall-perl-IPv6-Aborted/shorewall-perl.spec diff --git a/docs/ipsets.xml b/docs/ipsets.xml index 1f1c821e0..728ccd0f8 100644 --- a/docs/ipsets.xml +++ b/docs/ipsets.xml @@ -20,6 +20,8 @@ 2005 + 2008 + Thomas M. Eastep @@ -128,51 +130,109 @@ /etc/shorewall/rules#ACTION SOURCE DEST PROTO DEST PORT(S) ACCEPT +sshok $FW tcp 22 - Shorewall can automatically manage the contents of your ipsets for - you. If you specify SAVE_IPSETS=Yes in /etc/shorewall/shorewall.conf then - "shorewall save" will save the contents of your ipsets. The file where the - sets are saved is formed by taking the name where the Shorewall - configuration is stored and appending "-ipsets". So if you enter the - command "shorewall save standard" then Shorewall will save the file as - /var/lib/shorewall/standard-ipsets + If you are running Shorewall-shell: - Regardless of the setting of SAVE_IPSETS, the shorewall -f - start and shorewall restore commands will - restore the ipset contents corresponding to the Shorewall configuration - restored provided that the saved Shorewall configuration specified - exists. +
+ Shorewall can automatically manage the contents of your ipsets for + you. If you specify SAVE_IPSETS=Yes in /etc/shorewall/shorewall.conf + then "shorewall save" will save the contents of your ipsets. The file + where the sets are saved is formed by taking the name where the + Shorewall configuration is stored and appending "-ipsets". So if you + enter the command "shorewall save standard" then Shorewall will save the + file as /var/lib/shorewall/standard-ipsets - For example, shorewall restore standard would - restore the ipset contents from - /var/lib/shorewall/standard-ipsets provided that - /var/lib/shorewall/standard exists and is executable - and that /var/lib/shorewall/standard-ipsets exists - and is executable. + Regardless of the setting of SAVE_IPSETS, the shorewall + -f start and shorewall restore commands + will restore the ipset contents corresponding to the Shorewall + configuration restored provided that the saved Shorewall configuration + specified exists. - Also regardless of the setting of SAVE_IPSETS, the - shorewall forget command will purge the saved ipset - information (if any) associated with the saved shorewall configuration - being removed. + For example, shorewall restore standard would + restore the ipset contents from + /var/lib/shorewall/standard-ipsets provided that + /var/lib/shorewall/standard exists and is + executable and that + /var/lib/shorewall/standard-ipsets exists and is + executable. - You can also associate ipset contents with Shorewall configuration - directories using the following command: + Also regardless of the setting of SAVE_IPSETS, the + shorewall forget command will purge the saved ipset + information (if any) associated with the saved shorewall configuration + being removed. - ipset -S > <config directory>/ipsets + You can also associate ipset contents with Shorewall configuration + directories using the following command: - Example: + ipset -S > <config directory>/ipsets - ipset -S > /etc/shorewall/ipsets + Example: - When you start or restart Shorewall (including using the - try command) from the configuration directory, your - ipsets will be configured from the saved ipsets file. Once again, this - behavior is independent of the setting of SAVE_IPSETS. + ipset -S > /etc/shorewall/ipsets - As mentioned above, ipsets are well suited for large blacklists. You - can maintain your blacklist using the 'ipset' utility without ever having - to restart or refresh Shorewall. If you use the SAVE_IPSETS=Yes feature - just be sure to "shorewall save" after altering the blacklist - ipset(s). + When you start or restart Shorewall (including using the + try command) from the configuration directory, your + ipsets will be configured from the saved ipsets file. Once again, this + behavior is independent of the setting of SAVE_IPSETS. + + As mentioned above, ipsets are well suited for large blacklists. + You can maintain your blacklist using the 'ipset' utility without ever + having to restart or refresh Shorewall. If you use the SAVE_IPSETS=Yes + feature just be sure to "shorewall save" after altering the blacklist + ipset(s). +
+ + If you are running Shorewall-perl: + +
+ Shorewall is now out of the ipset load/reload business. With + scripts generated by the Perl-based Compiler, the Netfilter rule set is + never cleared. That means that there is no opportunity for Shorewall to + load/reload your ipsets since that cannot be done while there are any + current rules using ipsets. + + So: + + + + Your ipsets must be loaded before Shorewall starts. You are + free to try to do that with the following code in + /etc/shorewall/init (it works for me; your mileage may + vary): + + if [ "$COMMAND" = start ]; then + ipset -U :all: :all: + ipset -U :all: :default: + ipset -F + ipset -X + ipset -R < /etc/shorewall/ipsets +fi + + The file /etc/shorewall/ipsets will + normally be produced using the ipset -S + command. + + The above will work most of the time but will fail in a + shorewall stop - shorewall + start sequence if you use ipsets in your routestopped file + (see below). + + + + Your ipsets may not be reloaded until Shorewall is stopped or + cleared. + + + + If you specify ipsets in your routestopped file then Shorewall + must be cleared in order to reload your ipsets. + + + + As a consequence, scripts generated by the Perl-based compiler + will ignore /etc/shorewall/ipsets and will issue a + warning if you set SAVE_IPSETS=Yes in + shorewall.conf. +
Example (Note -- this example is applicable to ipset versions up to and including 2.4. In 2.5, the binding feature of ipsets is scheduled for diff --git a/web/News.htm b/web/News.htm index 716392834..ca9d7b535 100644 --- a/web/News.htm +++ b/web/News.htm @@ -26,10 +26,13 @@ license is included in the section entitled GNU Free Documentation License".

-

October 25, 2008
+

November 20, 2008

-

2006-10-25 Shorewall 4.2.1
+

2008-11-20 Shorewall 4.2.2

+

+
Problems corrected in Shorewall 4.2.2

1)  Shorewall-perl now insures that each line copied from a
    configuration file or user exit is terminated with a newline
    character.

2) When ipranges were used to define zones, Shorewall-perl could
   generate invalid iptables-restore input if 'Repeat Match' was not
   available. Repeat Match is not a true match -- it rather is a
   feature of recent iptables releases that allows a match to be
   repeated within a rule.

3)  With Shorewall-perl, if a destination port list had exactly 16
    ports, where a port-range counts as two ports, then Shorewall-perl
    would fail to split the rule into multiple rules and an
    iptables-restore error would result.

4)  The change to Shorewall-perl in 4.2.1 that promised iptables 1.4.1
    compatibility contained a typo that prevented it from working
    correctly.

5)  If a no-NAT rule (DNAT-, ACCEPT+, NONAT) included a destination IP
    address and no zone name in the DEST column, Shorewall-perl would
    reject the rule. If a zone name was specified, Shorewall-perl 
    would issue a Warning message.

6)  Previously, if Extended conntrack match support was available, a
    DNAT rule that specified a server port but no destination port 
    would generate invalid iptables-restore input.     

Other changes in Shorewall 4.2.2

1)  A macro supporting JAP (anonymization protocol) has been added.
    It can be used as any other macro (e.g., JAP/ACCEPT) in the rules
    file.

2)  A macro supporting DAAP (Digital Audio Access Protocol) has been added.
    It can be used as any other macro (e.g., DAAP/ACCEPT) in the rules
    file.

3)  A macro supporting DCC (Distributed Checksum Clearinghouse) has been
    added.  It can be used as any other macro (e.g., DCCP/ACCEPT) in the
    rules file.

4)  A macro supporting GNUnet (secure peer-to-peer networking) has been
    added.  It can be used as any other macro (e.g., GNUnet/ACCEPT) in the
    rules file.

5)  In 4.2.1, a single capability ("Extended conntrack match support")
    was used both to control the use of --ctorigport and to trigger use
    of the new syntax for inversion of --ctorigdst (e.g., "!
    --ctorigdst ..."). In 4.2.2, these are controlled by two separate
    capabilities. If you use a capabilities file when compiling your
    configuration, be sure to generate a new one after installing
    4.2.2.
+

2008-10-25 Shorewall 4.2.1

Problems corrected in Shorewall 4.2.1

1)  A description of the CONNBYTES column has been added to
    shorewall-tcrules(5).

2)  Previously, Shorewall-perl would accept zero as the <max> value in
    the CONNBYTES column of tcrules even when the <min> field was
    non-zero. A value of zero for <max> was equivalent to omitting
    <max>.

3)  iptables 1.4.1 discontinued support of syntax generated by
    shorewall in some cases. Shorewall now detects when the new syntax
    is required and uses it instead.

4)  The Shorewall-perl implementation of the LENGTH column in
    /etc/shorewall/tcrules was incomplete with the result that 
    all LENGTH rules matched. Thanks to Lennart Sorensen for the patch.

5)  The 'export' command no longer fails with the error:

    /sbin/shorewall: 1413: Syntax error: "(" unexpected (expecting "fi")

Other changes in Shorewall 4.2.1

1)  With the recent renewed interest in DOS attacks, it seems
    appropriate to have connection limiting support in Shorewall. To
    that end, a CONNLIMIT column has been added to both the policy and
    rules files.

    The content of these columns is of the format

        [!] <limit>[:<mask>]

    where

        <limit> is the limit on simultaneous TCP connections.

        <mask>  specifies the size of the network to which
                the limit applies and is specified as a
                CIDR mask length. The default value for
                <mask> is 32 which means that each remote
                IP address can have <limit> TCP connections
                active at once.

        !       Not allowed in the policy file. In the rules file, it
                causes connections to match when the number of
                current connections exceeds <limit>.
    
    When specified in the policy file, the limit is enforced on all
    connections that are subject to the given policy (just like
    LIMIT:BURST). The limit is checked on new connections before the
    connection is passed through the rules in the NEW section of the
    rules file.

    It is important to note that while the limit is only checked for
    those destinations specified in the DEST column, the number of
    current connections is calculated over all destinations and not
    just the destination specified in the DEST column.

    Use of this feature requires the connlimit match capability in your
    kernel and iptables. If you use a capabilities file when compiling
    your Shorewall configuration(s), then you need to regenerate the
    file using Shorewall or Shorewall-lite 4.2.1.

2)  Shorewall now supports time/date restrictions on entries in the 
    rules file via a new TIME column.

    The contents of this column is a series of one or more "time
    elements" separated by apersands ("&"). Possible time elements are:

    utc         Times are expressed in Greenwich Mean Time.
    localtz     Times are expressed in local civil time (default)
    timestart=hh:mm[:ss]
    timestop=hh:mm[:ss]   Start and stop time of day for rule
    weekdays=ddd[,ddd]... where ddd is Mon,Tue,Wed,Thu,Fri,Sat or
                          Sun
    monthdays=dd[,dd]...  where dd is an ordinal day of the month.
    datestart=yyyy[-mm[-dd[Thh[:mm[:ss]]]]]
    datestop=yyyy[-mm[-dd[Thh[:mm[:ss]]]]]
                          where       yyyy = Year
                                first mm   = Month
                                      dd   = Day
                                      hh   = Hour
                                  2nd mm   = Minute
                                      ss   = Second

    Examples:

    1)  utc&timestart=10:00&timestop=12:00

        Between 10am and 12 noon each day, GMT

    2)  datestart=2008-11-01T12:00

        Beginning November 1, 2008 at noon LCT.

    Use of this feature requires the time match capability in your
    kernel and iptables. If you use a capabilities file when compiling
    your Shorewall configuration(s), then you need to regenerate the
    file using Shorewall or Shorewall-lite 4.2.1.

2006-10-05 Shorewall 4.2.0

diff --git a/web/download.htm b/web/download.htm index 30b956168..1a92d5415 100644 --- a/web/download.htm +++ b/web/download.htm @@ -23,7 +23,7 @@ Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”.

-

2008-10-05

+

2008-11-20

Table of Contents

Package Information
@@ -179,28 +179,9 @@ which itself links to cvs:

You will probably also want to download the HTML version of the documentation for easy reference.

Finding Updates that Correct Known Problems

-

Beginning with Shorewall 2.2.0, you will find a file named -known_problems.txt in the download directory. This file lists the known -problems with that version of Shorewall. If corrections are available, -they -will be listed in the known problems and you can download them from the -'errata' subdirectory.

-

Example:

-
- 
ftp> cd pub/shorewall/2.2/shorewall-2.2.0250 OK.
Current directory is /pub/shorewall/2.2/shorewall-2.2.0
ftp> ls
227 Entering Passive Mode (206,124,146,177,35,91)
150 Accepted data connection
drwxr-sr-x    3 0        0            4096 Feb  1 09:52 .
drwxr-sr-x    3 0        0            4096 Jan 28 14:28 ..
-rw-r--r--    1 0        0             500 Jan 28 14:27 2.2.0.md5sums
drwxr-sr-x    2 0        0            4096 Feb  1 09:51 errata             <=== (1)
-rw-r--r--    1 0        0             156 Feb  1 09:52 known_problems.txt <=== (2)
-rw-r--r--    1 0        0           16059 Jan 24 16:13 patch-2.2.0
-rwxr-xr-x    1 0        0           22963 Jan 24 16:10 releasenotes.txt
-rw-r--r--    1 0        0          100232 Jan 25 15:58 shorewall-2.2.0-1.noarch.rpm
-rw-r--r--    1 0        0          122161 Jan 25 15:58 shorewall-2.2.0.tgz
-rw-r--r--    1 0        0         2534077 Jan 28 13:29 shorewall-docs-html-2.2.0.tgz
-rw-r--r--    1 0        0         4481205 Jan 28 13:29 shorewall-docs-xml-2.2.0.tgz
-rw-r--r--    1 0        0           93905 Jan 25 15:58 shorewall-lrp-2.2.0.tgz
226-Options: -a -l
226 13 matches total
ftp>
-
-

(1) Directory containing updates. For Shorewall -versions -prior to 2.4.0, the updates/LRP directory contains those updates that -apply -to the LRP package.
-(2) List of known problems, workarounds and -updates.. -                          

Beginning with Shorewall 4.0.6, updated packages that include fixes to -known problems may also be made available.

+known problems are made available.

Example:

ftp> cd pub/shorewall/4.0/shorewall-4.0.6
250 OK. Current directory is /pub/shorewall/4.0/shorewall-4.0.6
ftp> ls
200 PORT command successful
150 Connecting to port 36018
drwxr-sr-x    4 1006     8            4096 Dec  1 08:16 .
drwxr-sr-x    9 1006     8            4096 Nov 23 08:22 ..
-rw-r--r--    1 1006     8             194 Nov 24 07:38 4.0.6-2.md5sums
-rw-r--r--    1 1006     8             218 Nov 24 07:38 4.0.6-2.sha1sums
-rw-r--r--    1 1006     8             841 Nov 26 13:26 4.0.6.md5sums
-rw-r--r--    1 1006     8             945 Nov 26 13:26 4.0.6.sha1sums
-rw-r--r--    1 1006     8             322 Nov 26 08:35 README.txt
drwxr-xr-x    4 1006     8            4096 Nov 23 17:16 errata
drwxr-xr-x    4 1006     8            4096 Nov 23 08:21 base
diff --git a/web/shorewall_index.htm b/web/shorewall_index.htm
index 6c9ac3c41..c5d89a227 100644
--- a/web/shorewall_index.htm
+++ b/web/shorewall_index.htm
@@ -22,11 +22,12 @@ the
 license is included in the section entitled "GNU Free Documentation License".

-
2008-11-19

+
2008-11-20

 

 
Check out
-the Shorewall Logo Design Competition!

+the Shorewall Logo Design Competition!

 

 
Table of Contents

 
Introduction
@@ -125,15 +126,15 @@ Features page.

 

 
Current Shorewall Releases

 
The current
-Stable Release version is 4.2.1

+Stable Release version is 4.2.2