Shorewall 1.4.10

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1101 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-Website/News.htm

@@ -18,9 +18,246 @@ Texts. A copy of the license is included in the section entitled “<span
  class="quote"><a href="GnuCopyright.htm" target="_self">GNU Free
 Documentation License</a></span>”.<br>
 </p>
-<p>2004-01-13<br>
+<p>2004-01-30<br>
 </p>
 <hr style="width: 100%; height: 2px;">
+<p><b>1/30/2004 - Shorewall 1.4.10</b></p>
+<p>Problems Corrected since version 1.4.9</p>
+<ol>
+  <li>The column descriptions in the action.template file did not
+match the column headings. That has been corrected.</li>
+  <li>The presence of IPV6 addresses on devices generated error
+messages during [re]start if ADD_IP_ALIASES=Yes or ADD_SNAT_ALIASES=Yes
+are specified in /etc/shorewall/shorewall.conf. These messages have
+been eliminated.</li>
+  <li value="3">The CONTINUE action in /etc/shorewall/rules now
+works
+correctly. A couple of problems involving rate limiting have been
+corrected. These bug fixes courtesy of Steven Jan Springl.</li>
+  <li>Shorewall now tried to avoid sending an ICMP response to
+broadcasts and smurfs.</li>
+  <li>Specifying "-" or "all" in the PROTO column of an action no
+longer causes a startup error. </li>
+</ol>
+Migragion Issues:<br>
+<br>
+&nbsp;&nbsp;&nbsp; None.<br>
+<br>
+New Features:<br>
+<ol>
+  <li>The INTERFACE column in the /etc/shorewall/masq file may
+now specify a destination list. <br>
+    <br>
+Example:<br>
+    <br>
+&nbsp;&nbsp;&nbsp; #INTERFACE&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
+&nbsp;&nbsp;&nbsp; SUBNET&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; ADDRESS<br>
+&nbsp;&nbsp;&nbsp; eth0:192.0.2.3,192.0.2.16/28&nbsp;&nbsp;&nbsp; eth1<br>
+    <br>
+If the list begins with "!" then SNAT will occur only if the
+destination IP address is NOT included in the list.<br>
+    <br>
+  </li>
+  <li>Output traffic control rules (those with the firewall as
+the
+source) may now be qualified by the effective userid and/or effective
+group id of the program generating the output. This feature is courtesy
+of&nbsp; Frédéric LESPEZ.<br>
+    <br>
+A new USER column has been added to /etc/shorewall/tcrules. It may
+contain :<br>
+    <br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [&lt;user name or number&gt;]:[&lt;group
+name or number&gt;]<br>
+    <br>
+The colon is optionnal when specifying only a user.<br>
+    <br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Examples : john: / john / :users /
+john:users<br>
+    <br>
+  </li>
+  <li>A "detectnets" interface option has been added for entries
+in
+/etc/shorewall/interfaces. This option automatically taylors the
+definition of the zone named in the ZONE column to include just&nbsp;
+those
+hosts that have routes through the interface named in the INTERFACE
+column. The named interface must be UP when Shorewall is [re]started.<br>
+    <br>
+&nbsp;WARNING: DO NOT SET THIS OPTION ON YOUR INTERNET INTERFACE!
+&nbsp;&nbsp; </li>
+</ol>
+<p><b>1/27/2004 - Shorewall 1.4.10 RC3</b></p>
+<p><a href="http://shorewall.net/pub/shorewall/Beta">http://shorewall.net/pub/shorewall/Beta</a><br>
+<a href="ftp://shorewall.net/pub/shorewall/Beta" target="_top">ftp://shorewall.net/pub/shorewall/Beta</a><br>
+</p>
+<p>Problems Corrected since version 1.4.9</p>
+<ol>
+  <li>The column descriptions in the action.template file did not
+match the column headings. That has been corrected.</li>
+  <li>The presence of IPV6 addresses on devices generated error
+messages during [re]start if ADD_IP_ALIASES=Yes or ADD_SNAT_ALIASES=Yes
+are specified in /etc/shorewall/shorewall.conf. These messages have
+been eliminated.</li>
+  <li value="3">The CONTINUE action in /etc/shorewall/rules now works
+correctly. A couple of problems involving rate limiting have been
+corrected. These bug fixes courtesy of Steven Jan Springl.</li>
+  <li>Shorewall now tried to avoid sending an ICMP response to
+broadcasts and smurfs.<br>
+  </li>
+</ol>
+Migragion Issues:<br>
+<br>
+&nbsp;&nbsp;&nbsp; None.<br>
+<br>
+New Features:<br>
+<ol>
+  <li>The INTERFACE column in the /etc/shorewall/masq file may
+now specify a destination list. <br>
+    <br>
+Example:<br>
+    <br>
+&nbsp;&nbsp;&nbsp; #INTERFACE&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
+&nbsp;&nbsp;&nbsp; SUBNET&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; ADDRESS<br>
+&nbsp;&nbsp;&nbsp; eth0:192.0.2.3,192.0.2.16/28&nbsp;&nbsp;&nbsp; eth1<br>
+    <br>
+If the list begins with "!" then SNAT will occur only if the
+destination IP address is NOT included in the list.<br>
+    <br>
+  </li>
+  <li>Output traffic control rules (those with the firewall as
+the
+source) may now be qualified by the effective userid and/or effective
+group id of the program generating the output. This feature is courtesy
+of&nbsp; Frédéric LESPEZ.<br>
+    <br>
+A new USER column has been added to /etc/shorewall/tcrules. It may
+contain :<br>
+    <br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [&lt;user name or number&gt;]:[&lt;group
+name or number&gt;]<br>
+    <br>
+The colon is optionnal when specifying only a user.<br>
+    <br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Examples : john: / john / :users /
+john:users<br>
+    <br>
+  </li>
+  <li>A "detectnets" interface option has been added for entries
+in
+/etc/shorewall/interfaces. This option automatically taylors the
+definition of the zone named in the ZONE column to include just&nbsp;
+those
+hosts that have routes through the interface named in the INTERFACE
+column. The named interface must be UP when Shorewall is [re]started.<br>
+    <br>
+&nbsp;WARNING: DO NOT SET THIS OPTION ON YOUR INTERNET INTERFACE!
+&nbsp;&nbsp; </li>
+</ol>
+<p><b>1/24/2004 - Shorewall 1.4.10 RC2</b><b>&nbsp;</b></p>
+<p><a href="http://shorewall.net/pub/shorewall/Beta">http://shorewall.net/pub/shorewall/Beta</a><br>
+<a href="ftp://shorewall.net/pub/shorewall/Beta" target="_top">ftp://shorewall.net/pub/shorewall/Beta</a><br>
+</p>
+<p>Problems Corrected since version 1.4.9</p>
+<ol>
+  <li>The column descriptions in the action.template file did not
+match the column headings. That has been corrected.</li>
+  <li>The presence of IPV6 addresses on devices generated error
+messages during [re]start if ADD_IP_ALIASES=Yes or ADD_SNAT_ALIASES=Yes
+are specified in /etc/shorewall/shorewall.conf. These messages have
+been eliminated.</li>
+</ol>
+Migragion Issues:<br>
+<br>
+&nbsp;&nbsp;&nbsp; None.<br>
+<br>
+New Features:<br>
+<ol>
+  <li>The INTERFACE column in the /etc/shorewall/masq file may
+now specify a destination list. <br>
+    <br>
+Example:<br>
+    <br>
+&nbsp;&nbsp;&nbsp; #INTERFACE&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
+&nbsp;&nbsp;&nbsp; SUBNET&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; ADDRESS<br>
+&nbsp;&nbsp;&nbsp; eth0:192.0.2.3,192.0.2.16/28&nbsp;&nbsp;&nbsp; eth1<br>
+    <br>
+If the list begins with "!" then SNAT will occur only if the
+destination IP address is NOT included in the list.<br>
+    <br>
+  </li>
+  <li>Output traffic control rules (those with the firewall as
+the source) may now be qualified by the effective userid and/or
+effective group id of the program generating the output. This feature
+is courtesy of&nbsp; Frédéric LESPEZ.<br>
+    <br>
+A new USER column has been added to /etc/shorewall/tcrules. It may
+contain :<br>
+    <br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [&lt;user name or number&gt;]:[&lt;group
+name or number&gt;]<br>
+    <br>
+The colon is optionnal when specifying only a user.<br>
+    <br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Examples : john: / john / :users /
+john:users<br>
+    <br>
+  </li>
+  <li>A "detectnets" interface option has been added for entries in
+/etc/shorewall/interfaces. This option automatically taylors the
+definition of the zone named in the ZONE column to include just&nbsp;
+those
+hosts that have routes through the interface named in the INTERFACE
+column. The named interface must be UP when Shorewall is [re]started.<br>
+    <br>
+&nbsp;WARNING: DO NOT SET THIS OPTION ON YOUR INTERNET INTERFACE! </li>
+</ol>
+<p><b>1/22/2004 - Shorewall 1.4.10 RC1</b><b>&nbsp;</b></p>
+<p>Problems Corrected since version 1.4.9</p>
+<ol>
+  <li>The column descriptions in the action.template file did not match
+the column headings. That has been corrected.</li>
+  <li>The presence of IPV6 addresses on devices generated error
+messages during [re]start if ADD_IP_ALIASES=Yes or ADD_SNAT_ALIASES=Yes
+are specified in /etc/shorewall/shorewall.conf. These messages have
+been eliminated.</li>
+</ol>
+Migragion Issues:<br>
+<br>
+&nbsp;&nbsp;&nbsp; None.<br>
+<br>
+New Features:<br>
+<ol>
+  <li>The INTERFACE column in the /etc/shorewall/masq file may now
+specify a destination list. <br>
+    <br>
+Example:<br>
+    <br>
+&nbsp;&nbsp;&nbsp; #INTERFACE&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
+&nbsp;&nbsp;&nbsp; SUBNET&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; ADDRESS<br>
+&nbsp;&nbsp;&nbsp; eth0:192.0.2.3,192.0.2.16/28&nbsp;&nbsp;&nbsp; eth1<br>
+    <br>
+If the list begins with "!" then SNAT will occur only if the
+destination IP address is NOT included in the list.<br>
+    <br>
+  </li>
+  <li>Output traffic control rules (those with the firewall as the
+source) may now be qualified by the effective userid and/or effective
+group id of the program generating the output. This feature is courtesy
+of&nbsp; Frédéric LESPEZ.<br>
+    <br>
+A new USER column has been added to /etc/shorewall/tcrules. It may
+contain :<br>
+    <br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [&lt;user name or number&gt;]:[&lt;group
+name or number&gt;]<br>
+    <br>
+The colon is optionnal when specifying only a user.<br>
+    <br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Examples : john: / john / :users /
+john:users&nbsp;&nbsp;&nbsp; <br>
+  </li>
+</ol>
 <p><b>1/13/2004 - Shorewall 1.4.9</b><b><br>
 </b></p>
 <p>Problems Corrected since version 1.4.8:<br>

Shorewall-Website/Shorewall_index_frame.htm

@@ -23,7 +23,10 @@
         <li> <a href="shorewall_quickstart_guide.htm">QuickStart
 Guides (HOWTOs)</a> </li>
         <li> <b><a href="Documentation_Index.html">Documentation</a></b></li>
-        <li> <a href="FAQ.htm">FAQs</a></li>
+        <li> <a href="FAQ.htm">FAQs</a>&nbsp; (<a
+ href="http://wiki.rettc.com/wiki.phtml?title=Wiki_Shorewall_FAQ"
+ target="_top">Wiki</a>)<br>
+        </li>
         <li><a href="useful_links.html">Useful Links</a> </li>
         <li> <a href="troubleshoot.htm">Things to try if it doesn't
 work</a></li>

Shorewall-Website/Shorewall_sfindex_frame.htm

@@ -32,7 +32,9 @@
 Guides (HOWTOs)</a><br>
         </li>
         <li> <b><a href="Documentation_Index.html">Documentation</a></b></li>
-        <li> <a href="FAQ.htm">FAQs</a></li>
+        <li> <a href="FAQ.htm">FAQs</a>&nbsp; (<a
+ href="http://wiki.rettc.com/wiki.phtml?title=Wiki_Shorewall_FAQ"
+ target="_top">Wiki</a>)</li>
         <li><a href="useful_links.html">Useful Links</a><br>
         </li>
         <li> <a href="troubleshoot.htm">Things to try if it doesn't

Shorewall-Website/mailing_list.htm

@@ -13,7 +13,7 @@
 <h1>Shorewall Mailing Lists</h1>
 <span style="font-weight: bold;">Tom Eastep</span><br>
 <br>
-Copyright © 2001-2003 Thomas M. Eastep<br>
+Copyright © 2001-2004 Thomas M. Eastep<br>
 <br>
 <div>
 <div class="legalnotice">
@@ -27,49 +27,22 @@ Documentation License</a></span>
 </div>
 </div>
 <div>
-<p class="pubdate">2003-12-30<br>
+<p class="pubdate">2004-01-28<br>
 </p>
 <hr style="width: 100%; height: 2px;"></div>
-<h2>Acknowlegments</h2>
+<h2>Note</h2>
-The Shorewall Mailing Lists use the following software:<br>
-<ul>
-  <li><a href="http://www.centralcommand.com">Vexira Mail Armour</a></li>
-  <li><a href="http://www.gnu.org/software/mailman/mailman.html">GNU
-Mailman</a></li>
-  <li><a href="http://razor.sourceforge.net/">Vipul's Razor</a></li>
-  <li><a href="http://www.spamassassin.org">SpamAssassin</a></li>
-  <li><a href="http://www.postfix.org">Postfix</a><br>
-  </li>
-</ul>
-<h2>Note<br>
-</h2>
 <big><span style="color: rgb(255, 0, 0);"><span
  style="font-weight: bold;">If you are reporting a problem or asking a
 question, you are at the wrong place -- please see the <a
  href="http://shorewall.net/support.htm">Shorewall Support Guide</a>.</span></span></big><br>
-<br>
+<h2>Mailing Lists are Moderated for Non-Member Posts</h2>
-If you experience problems with any of these lists,
+Given the
-please let <a href="mailto:postmaster@shorewall.net">me</a>
+recent problems associated with the MyDoom virus (and the more annoying
-know
+problem of clueless mail admins who configure their AV software to spam
-<h2 align="left">Not able to Post Mail to shorewall.net?</h2>
+innocent bystanders during a virus storm), the Shorewall lists are now
-<p align="left">You can report such problems by sending mail to
+moderated for non-member posts. It is also a good idea to mention that
-tmeastep at
+you are a non-member so that people will include you in the CC list
-hotmail dot com.</p>
+when replying.
-<h2>A Word about the SPAM Filters at Shorewall.net&nbsp;<a
- href="http://osirusoft.com/"> </a></h2>
-<p>Please note that the mail server at shorewall.net checks
-incoming mail:<br>
-</p>
-<ol>
-  <li>against <a href="http://spamassassin.org">Spamassassin</a>
-(including <a href="http://razor.sourceforge.net/">Vipul's Razor</a>).<br>
-  </li>
-  <li>to ensure that the sender address is
-fully qualified.</li>
-  <li>to verify that the sender's domain has an A or MX record in DNS.</li>
-  <li>to ensure that the host name in the HELO/EHLO command is a valid
-fully-qualified DNS name.</li>
-</ol>
 <h2>Please post in plain text</h2>
 A growing number of MTAs serving list subscribers are rejecting all
 HTML traffic. At least one MTA has gone so far as to blacklist
@@ -125,7 +98,8 @@ Search: <input type="text" size="30" name="words" value=""> <input
 </form>
 <h2 align="left"><font color="#ff0000">Please do not try to download
 the entire
-Archive -- it is 164MB (and growing daily) and my slow DSL line simply
+HTML Archive -- it is 212MB (and growing daily) and my slow DSL line
+simply
 won't
 stand the traffic. If I catch you, you will be blacklisted.<br>
 </font></h2>
@@ -238,6 +212,40 @@ password, there is another button that will cause your password
 to be emailed to you.</p>
   </li>
 </ul>
+<h2>A Word about the SPAM Filters at Shorewall.net&nbsp;<a
+ href="http://osirusoft.com/"> </a></h2>
+<p>Please note that the mail server at shorewall.net checks
+incoming mail:<br>
+</p>
+<ol>
+  <li>against <a href="http://spamassassin.org">Spamassassin</a>
+(including <a href="http://razor.sourceforge.net/">Vipul's Razor</a>).<br>
+  </li>
+  <li>to ensure that the sender address is
+fully qualified.</li>
+  <li>to verify that the sender's domain has an A or MX record in DNS.</li>
+  <li>to ensure that the host name in the HELO/EHLO command is a valid
+fully-qualified DNS name.</li>
+</ol>
+<h2>
+If you experience problems with any of these lists,
+please let <a href="mailto:postmaster@shorewall.net">me</a>
+know
+</h2>
+<h2 align="left">Not able to Post Mail to shorewall.net?</h2>
+<p align="left">You can report such problems by sending mail to
+tmeastep at
+hotmail dot com.</p>
+<h2>Acknowlegments</h2>
+The Shorewall Mailing Lists use the following software:<br>
+<ul>
+  <li><a href="http://www.centralcommand.com">Vexira Mail Armour</a></li>
+  <li><a href="http://www.gnu.org/software/mailman/mailman.html">GNU
+Mailman</a></li>
+  <li><a href="http://razor.sourceforge.net/">Vipul's Razor</a></li>
+  <li><a href="http://www.spamassassin.org">SpamAssassin</a></li>
+  <li><a href="http://www.postfix.org">Postfix</a></li>
+</ul>
 <hr>
 <h2 align="left">Frustrated by having to Rebuild Mailman to use it with
 Postfix?</h2>

Shorewall-Website/seattlefirewall_index.htm

@@ -87,10 +87,82 @@ setup that matches the documentation on this site. See the <a
  href="two-interface.htm">Two-interface QuickStart Guide</a> for
 details.<br>
       <h2>News</h2>
-      <p><b>1/13/2004 - Shorewall 1.4.9 </b><b><img alt="(New)"
+      <p><b>1/30/2004 - Shorewall 1.4.10</b><b> <img alt="(New)"
  src="images/new10.gif"
- style="border: 0px solid ; width: 28px; height: 12px;" title=""></b><b>
+ style="border: 0px solid ; width: 28px; height: 12px;" title=""></b></p>
-      </b></p>
+      <p>Problems Corrected since version 1.4.9</p>
+      <ol>
+        <li>The column descriptions in the action.template file did not
+match the column headings. That has been corrected.</li>
+        <li>The presence of IPV6 addresses on devices generated error
+messages during [re]start if ADD_IP_ALIASES=Yes or ADD_SNAT_ALIASES=Yes
+are specified in /etc/shorewall/shorewall.conf. These messages have
+been eliminated.</li>
+        <li>The CONTINUE action in /etc/shorewall/rules now works
+correctly. A couple of problems involving rate limiting have been
+corrected. These bug fixes courtesy of Steven Jan Springl.</li>
+        <li>Shorewall now tried to avoid sending an ICMP response to
+broadcasts and smurfs.</li>
+        <li>Specifying "-" or "all" in the PROTO column of an action no
+longer causes a startup error. <br>
+          <br>
+        </li>
+      </ol>
+Migragion Issues:<br>
+      <br>
+&nbsp;&nbsp;&nbsp; None.<br>
+      <br>
+New Features:<br>
+      <ol>
+        <li>The INTERFACE column in the /etc/shorewall/masq file may
+now specify a destination list. <br>
+          <br>
+Example:<br>
+          <br>
+&nbsp;&nbsp;&nbsp; #INTERFACE&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
+&nbsp;&nbsp;&nbsp; SUBNET&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; ADDRESS<br>
+&nbsp;&nbsp;&nbsp; eth0:192.0.2.3,192.0.2.16/28&nbsp;&nbsp;&nbsp; eth1<br>
+          <br>
+If the list begins with "!" then SNAT will occur only if the
+destination IP address is NOT included in the list.<br>
+          <br>
+        </li>
+        <li>Output traffic control rules (those with the firewall as
+the source) may now be qualified by the effective userid and/or
+effective group id of the program generating the output. This feature
+is courtesy of&nbsp; Frédéric LESPEZ.<br>
+          <br>
+A new USER column has been added to /etc/shorewall/tcrules. It may
+contain :<br>
+          <br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [&lt;user name or number&gt;]:[&lt;group
+name or number&gt;]<br>
+          <br>
+The colon is optionnal when specifying only a user.<br>
+          <br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Examples : john: / john / :users /
+john:users<br>
+          <br>
+        </li>
+        <li>A "detectnets" interface option has been added for entries
+in /etc/shorewall/interfaces. This option automatically taylors the
+definition of the zone named in the ZONE column to include just&nbsp;
+those hosts that have routes through the interface named in the
+INTERFACE column. The named interface must be UP when Shorewall is
+[re]started.<br>
+          <br>
+&nbsp;WARNING: DO NOT SET THIS OPTION ON YOUR INTERNET INTERFACE! <br>
+        </li>
+      </ol>
+      <p><b>1/17/2004 - FAQ Wiki Available&nbsp;</b><b></b></p>
+      <p>It has been asserted that the use of CVS for maintaining the
+Shorewall documentation has been a barrier to community participation.
+To test this theory, Alex Martin <a
+ href="http://wiki.rettc.com/wiki.phtml?title=Wiki_Shorewall_FAQ">has
+created a Wiki</a> and with the help of Mike Noyes has populated the
+Wiki with the Shorewall FAQ. <br>
+      </p>
+      <p><b>1/13/2004 - Shorewall 1.4.9&nbsp;</b><b> </b></p>
       <p>Problems Corrected since version 1.4.8:</p>
       <ol>
         <li>There has been a low continuing level of confusion over the
@@ -189,22 +261,6 @@ system on his external network.<br>
           <br>
         </li>
       </ol>
-      <p><b>12/28/2003 - www.shorewall.net/ftp.shorewall.net Back
-On-line</b> <b><img alt="(New)" src="images/new10.gif"
- style="border: 0px solid ; width: 28px; height: 12px;" title=""> <br>
-      </b></p>
-      <p>Our high-capacity server has been restored to service --
-please let <a href="mailto:webmaster@shorewall.net">us</a> know if you
-find any problems.</p>
-      <p><b>12/03/2003 - Support Torch Passed</b></p>
-Effective today, I am reducing my participation in the day-to-day
-support of Shorewall. As part of this shift to community-based
-Shorewall support a new <a
- href="https://lists.shorewall.net/mailman/listinfo/shorewall-newbies">Shorewall
-Newbies mailing list</a> has been established to field questions and
-problems from new users. I will not monitor that list personally. I
-will continue my active development of Shorewall and will be available
-via the development list to handle development issues -- Tom.
       <p><a href="News.htm">More News</a></p>
       <p><a href="http://leaf.sourceforge.net" target="_top"><img
  alt="(Leaf Logo)"
@@ -231,10 +287,14 @@ Children's Foundation</a>. Thanks!</big><br>
       <a href="http://www.starlight.org"></a></p>
       </td>
     </tr>
+    <tr>
+      <td style="vertical-align: top;"><br>
+      </td>
+    </tr>
   </tbody>
 </table>
 </div>
-<p><font size="2">Updated 01/13/2004 - <a href="support.htm">Tom Eastep</a></font><br>
+<p><font size="2">Updated 01/30/2004 - <a href="support.htm">Tom Eastep</a></font><br>
 </p>
 </body>
 </html>

Shorewall-Website/sourceforge_index.htm

@@ -92,9 +92,82 @@ and installing a setup that matches the documentation on this site.
 See the <a href="two-interface.htm">Two-interface QuickStart
 Guide</a> for details.
       <h2><b>News</b></h2>
-      <p><b>1/13/2004 - Shorewall 1.4.9</b> <b><img
+      <p><b>1/30/2004 - Shorewall 1.4.10</b><b> <img alt="(New)"
- style="border: 0px solid ; width: 28px; height: 12px;"
+ src="images/new10.gif"
- src="images/new10.gif" alt="(New)" title=""><br>
+ style="border: 0px solid ; width: 28px; height: 12px;" title=""></b></p>
+      <p>Problems Corrected since version 1.4.9</p>
+      <ol>
+        <li>The column descriptions in the action.template file did not
+match the column headings. That has been corrected.</li>
+        <li>The presence of IPV6 addresses on devices generated error
+messages during [re]start if ADD_IP_ALIASES=Yes or ADD_SNAT_ALIASES=Yes
+are specified in /etc/shorewall/shorewall.conf. These messages have
+been eliminated.</li>
+        <li value="3">The CONTINUE action in /etc/shorewall/rules now
+works
+correctly. A couple of problems involving rate limiting have been
+corrected. These bug fixes courtesy of Steven Jan Springl.</li>
+        <li>Shorewall now tried to avoid sending an ICMP response to
+broadcasts and smurfs.</li>
+        <li>Specifying "-" or "all" in the PROTO column of an action no
+longer causes a startup error. </li>
+      </ol>
+Migragion Issues:<br>
+      <br>
+&nbsp;&nbsp;&nbsp; None.<br>
+      <br>
+New Features:<br>
+      <ol>
+        <li>The INTERFACE column in the /etc/shorewall/masq file may
+now specify a destination list. <br>
+          <br>
+Example:<br>
+          <br>
+&nbsp;&nbsp;&nbsp; #INTERFACE&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
+&nbsp;&nbsp;&nbsp; SUBNET&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; ADDRESS<br>
+&nbsp;&nbsp;&nbsp; eth0:192.0.2.3,192.0.2.16/28&nbsp;&nbsp;&nbsp; eth1<br>
+          <br>
+If the list begins with "!" then SNAT will occur only if the
+destination IP address is NOT included in the list.<br>
+          <br>
+        </li>
+        <li>Output traffic control rules (those with the firewall as
+the
+source) may now be qualified by the effective userid and/or effective
+group id of the program generating the output. This feature is courtesy
+of&nbsp; Frédéric LESPEZ.<br>
+          <br>
+A new USER column has been added to /etc/shorewall/tcrules. It may
+contain :<br>
+          <br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [&lt;user name or number&gt;]:[&lt;group
+name or number&gt;]<br>
+          <br>
+The colon is optionnal when specifying only a user.<br>
+          <br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Examples : john: / john / :users /
+john:users<br>
+          <br>
+        </li>
+        <li>A "detectnets" interface option has been added for entries
+in
+/etc/shorewall/interfaces. This option automatically taylors the
+definition of the zone named in the ZONE column to include just&nbsp;
+those
+hosts that have routes through the interface named in the INTERFACE
+column. The named interface must be UP when Shorewall is [re]started.<br>
+          <br>
+&nbsp;WARNING: DO NOT SET THIS OPTION ON YOUR INTERNET INTERFACE!
+&nbsp;&nbsp; </li>
+      </ol>
+      <p><b>1/17/2004 - FAQ Wiki Available&nbsp;</b><b></b></p>
+It has been asserted that the use of CVS for maintaining the
+Shorewall documentation has been a barrier to community participation.
+To test this theory, Alex Martin <a
+ href="http://wiki.rettc.com/wiki.phtml?title=Wiki_Shorewall_FAQ">has
+created a Wiki</a> and with the help of Mike Noyes has populated the
+Wiki with the Shorewall FAQ.
+      <p><b>1/13/2004 - Shorewall 1.4.9</b> <b><br>
       </b></p>
       <p>Problems Corrected since version 1.4.8:<br>
       </p>
@@ -201,25 +274,6 @@ packets with a null source address. Ad Koster reported a case where
 these were occuring frequently as a result of a broken system on his
 external network.</li>
       </ol>
-      <p><b>12/28/2003 - www.shorewall.net/ftp.shorewall.net Back
-On-line</b> <b><img alt="(New)" src="images/new10.gif"
- style="border: 0px solid ; width: 28px; height: 12px;" title=""> <br>
-      </b></p>
-      <p>Our high-capacity server has been restored to service --
-please let <a href="mailto:webmaster@shorewall.net">us</a> know if you
-find any problems.</p>
-      <p><b>12/03/2003 - Support Torch Passed</b> <b><img
- style="border: 0px solid ; width: 28px; height: 12px;"
- src="images/new10.gif" alt="(New)" title=""></b></p>
-Effective today, I am reducing my participation in the day-to-day
-support of Shorewall. As part of this shift to community-based
-Shorewall support a new <a
- href="https://lists.shorewall.net/mailman/listinfo/shorewall-newbies">Shorewall
-Newbies mailing list</a> has been established to field questions
-and problems from new users. I will not monitor that list
-personally. I will continue my active development of Shorewall and
-will be available via the development list to handle development
-issues -- Tom.
       <p><b><a href="News.htm">More News</a></b></p>
       <b></b>
       <h2><b></b></h2>
@@ -268,7 +322,7 @@ Children's Foundation.</font></a> Thanks!</font></font></p>
     </tr>
   </tbody>
 </table>
-<p><font size="2">Updated 01/13/2004 - <a href="support.htm">Tom
+<p><font size="2">Updated 01/30/2004 - <a href="support.htm">Tom
 Eastep</a></font><br>
 </p>
 </body>