forked from extern/shorewall_code
Update the release file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5704 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
9fcba863fe
commit
c3dc47460e
@ -51,7 +51,7 @@ a) The Perl-based compiler requires the following capabilities in your
|
||||
|
||||
These capabilities are in current distributions.
|
||||
|
||||
The Bourne-shell compiler goes to great pain (in some cases) to
|
||||
b) The Bourne-shell compiler goes to great pain (in some cases) to
|
||||
break very long port lists ( > 15 where port ranges in lists count
|
||||
as two ports) into individual rules. I'm removing the ugliness
|
||||
required to do that (at least initially). The new compiler just
|
||||
@ -61,19 +61,19 @@ a) The Perl-based compiler requires the following capabilities in your
|
||||
port lists, I see no reason to duplicate those features in
|
||||
Shorewall.
|
||||
|
||||
b) BRIDGING=Yes is not supported. The kernel code necessary to
|
||||
c) BRIDGING=Yes is not supported. The kernel code necessary to
|
||||
support this option was removed in Linux kernel 2.6.20.
|
||||
|
||||
c) The BROADCAST column in the interfaces file is essentailly unused;
|
||||
d) The BROADCAST column in the interfaces file is essentailly unused;
|
||||
if you enter anything in this column but '-' or 'detect', you will
|
||||
receive a warning.
|
||||
|
||||
d) Because the compiler is now written in Perl, your compile-time
|
||||
e) Because the compiler is now written in Perl, your compile-time
|
||||
extension scripts from earlier versions will no longer work.
|
||||
|
||||
e) The 'refresh' command is now synonamous with 'restart'.
|
||||
f) The 'refresh' command is now synonamous with 'restart'.
|
||||
|
||||
f) Some run-time extension scripts are no longer supported because they
|
||||
g) Some run-time extension scripts are no longer supported because they
|
||||
make no sense (iptables-restore instantiates the new configuration
|
||||
atomically).
|
||||
|
||||
@ -83,7 +83,7 @@ f) Some run-time extension scripts are no longer supported because they
|
||||
refresh
|
||||
refreshed
|
||||
|
||||
g) The /etc/shorewall/tos file now has a format similar to the tcrules.
|
||||
h) The /etc/shorewall/tos file now has a format similar to the tcrules.
|
||||
|
||||
The SOURCE column may be one of the following:
|
||||
|
||||
@ -95,11 +95,13 @@ g) The /etc/shorewall/tos file now has a format similar to the tcrules.
|
||||
[all:]<address>[,...]
|
||||
[all:]<interface>[:<address>[,...]]
|
||||
|
||||
h) Currently, support for ipsets is untested. That will change with
|
||||
i) Currently, support for ipsets is untested. That will change with
|
||||
future releases but one thing is certain -- Shorewall is now out of the
|
||||
ipset load/reload business. If the Netfilter ruleset is never cleared,
|
||||
then there is no opportunity for Shorewall to load/reload your
|
||||
ipsets.
|
||||
ipset load/reload business. With scripts generated by the Perl-based
|
||||
Compiler, the Netfilter ruleset is never cleared. That means that
|
||||
there is no opportunity for Shorewall to load/reload your ipsets
|
||||
since that cannot be done while there are any current rules using
|
||||
your ipsets.
|
||||
|
||||
So:
|
||||
|
||||
@ -118,19 +120,15 @@ h) Currently, support for ipsets is untested. That will change with
|
||||
Installation
|
||||
------------
|
||||
|
||||
1) Unpack the tarball.
|
||||
Either
|
||||
|
||||
$ tar -jxf shorewall-pl-3.9.0-1.tar.bz2
|
||||
$ pwd
|
||||
/home/teastep/shorewall/
|
||||
$ ls
|
||||
shorewall-pl-3.9.0/
|
||||
$
|
||||
$ tar -jxf shorewall-pl-3.9.0.tar.bz2
|
||||
$ cd shorewall-pl-3.9.0
|
||||
$ ./install.sh
|
||||
|
||||
2) As root, create a symbolic link to the directory containing the unpacked
|
||||
files.
|
||||
or
|
||||
|
||||
$ ln -sf /home/teastep/shorewall/ /usr/share/shorewall-pl
|
||||
$ rpm -ivh shoreawll-pl-3.9.0-1.noarch.rpm
|
||||
|
||||
Using the New compiler
|
||||
----------------------
|
||||
@ -141,7 +139,10 @@ There is one change in Shorewall operation that is triggered when
|
||||
/usr/share/shorewall-pl exists and is either a directory or a symbolic
|
||||
link that points to a directory: Your params file will be processed
|
||||
with the shell's '-a' option set which will automatically export any
|
||||
variables that you set or create.
|
||||
variables that you set or create in that file. Since the params file is
|
||||
processed before shorewall.conf, using the -a option assures that the
|
||||
settings of your params variables are available to the new compiler
|
||||
should it be used.
|
||||
|
||||
To actually use the new compiler, add this to shorewall.conf:
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user