<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <meta http-equiv="CONTENT-TYPE" content="text/html; charset=UTF-8"> <title>Download</title> <meta name="CREATED" content="20060304;10324500"> <meta name="CHANGEDBY" content="Tom Eastep"> <meta name="CHANGED" content="20060310;20345500"> <meta http-equiv="Content-Language" content="en-us"> </head> <body dir="ltr" lang="en-US"> <h1 align="left">Shorewall Download</h1> <p><b>Tom Eastep<br> <br> </b>Copyright © 2001-2008 Thomas M. Eastep</p> <p>Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled “<a href="GnuCopyright.htm" target="_self">GNU Free Documentation License</a>”.</p> <p>2008-11-20 </p> <hr> <h2>Table of Contents</h2> <p><b><a href="#Which">Package Information</a><br> <a href="#Updates">Finding Updates that Correct Known Problems</a><br> <a href="#Sites">Download Sites</a><br> <a href="#SVN">SVN</a></b></p> <hr> <h2><a name="Which"></a>Package Information</h2> <p><b>Before trying to install, I strongly urge you to read and print a copy of the <a href="shorewall_quickstart_guide.htm">Shorewall QuickStart Guide</a> for the configuration that most closely matches your own.</b> </p> <p>The documentation in both XML and HTML formats is available for download from the Download Sites listed in the table below.</p> <p><font color="#ff0000"><b>NOTICE: There are two current Shorewall Release Series:</b></font></p> <ul> <li> <p style="margin-bottom: 0in;">The STABLE release series is 4.2. Choose this release if you value stability and good documentation.</p> </li> <li> <p>The DEVELOPMENT release series is the 4.3 release candidates (found in the 'development' directory). Choose this release if you are <strong>very experienced</strong> <strong>user</strong> and you are willing to help test the code and report bugs. <strong>THIS VERSION IS EXPERIMENTAL AND IS NOT SUPPORTED.</strong> </p> </li> </ul> <p>For additional information, see this article about the <a href="ReleaseModel.html">Shorewall Release Model</a>. </p> <p>Beginning with Shorewall version 4.0.0 RC1, there are four related packages:</p> <ul> <li>Shorewall-shell -- the legacy Shorewall configuration compiler written in Bourne Shell.</li> <li>Shorewall-perl -- an implementation of the Shorewall configuration compiler written in the Perl programming language. This compiler is much faster than Shorewall-shell and produces a firewall script that runs faster. It is the preferred compiler for new Shorewall installations.</li> <li>Shorewall-common -- A base package required by both Shorewall-shell and Shorewall-perl.</li> <li>Shorewall Lite -- a light-weight Shorewall version that will run compiled firewall scripts generated on a system with one of the compiler packages installed.</li> </ul> To summarize: <ul> <li>On at least one system in your network, you must install one or both of the compilers (Shorewall-shell and/or Shorewall-perl) and the Shorewall-common package.</li> <li>If you only have a single firewall, then that system should be your firewall system.</li> <li>If you have more than one firewall, you may wish to install one or both of the compilers on a single <em>administrative</em> system and install Shorewall-lite on the firewalls. Doing so will allow for centralized administration and configuration of the firewalls.</li> </ul> <p>When RPM is used to install Shorewall, the compiler (shorewall-shell and/or shorewall-perl) and shorewall-common must be installed in a single execution of the rpm utility.<br> </p> <p>Here are the <a href="Install.htm">installation instructions</a>.</p> <p><span style="font-weight: bold;">You probably don't want to install both a Shorewall compiler and Shorewall Lite on the same system. See the <a href="CompiledPrograms.html#Lite">Shorewall Lite Documentation</a> for details.</span><br> </p> <p>Once you've printed the appropriate QuickStart Guide, download the appropriate modules:</p> <ul> <li> <p style="margin-bottom: 0in;">Simon Matter provides RPMs tailored for <b>Redhat</b> and <b>Fedora</b>. You can <a href="http://www.invoca.ch/pub/packages/shorewall/">download them from his site</a>.</p> </li> <li> <p style="margin-bottom: 0in;">Fabio Longarai provides a package for <b>OpenWRT</b> (Open firmware for Linksys® WRT54G). You can <a href="http://openwrt.homelinux.net/">download it from his site</a>. </p> <!-- Seems Unavailable <LI><P STYLE="margin-bottom: 0in">Marc Zonzon provides an old package for <B>OpenWRT</B> (Open firmware for Linksys® WRT54G). You can <A HREF="http://www.iut-lannion.fr/ZONZON/memos_index.php?part=Network&section=WRTMemo&subsec=shorewall">download it from his site</A>.</P> --> </li> <li> <p style="margin-bottom: 0in;">jMCg provides a package for <b>Arch Linux.</b> You can <a href="http://aur.archlinux.org/packages.php?do_Details=1&ID=1563&O=0&L=0&C=0&K=shorewall&SB=n&PP=25&do_MyPackages=0">download it from the Arch Linux site</a>. </p> </li> <li> <p style="margin-bottom: 0in;">If you run a <b>SUSE,</b> <b>Linux PPC</b>, <b>Trustix</b> or <b>TurboLinux</b> distribution with a 2.4 or 2.6 kernel, you can use the standard RPM version (note: the RPM should also work with other distributions that store init scripts in /etc/init.d and that include chkconfig or insserv). If you find that it works in other cases, let <a href="mailto:teastep@shorewall.net">me</a> know so that I can mention them here (Note: the standard RPM is known to work on Redhat, Fedora and Mandriva with issues ranging from trivial (Redhat and Fedora) to moderate (Mandriva)). See the <a href="Install.htm">Installation Instructions</a> if you have problems installing the RPM.</p> </li> <li> <p style="margin-bottom: 0in;">If you run <a href="http://www.debian.org/"><b>Debian</b></a> and would like a .deb package, Shorewall is included in both the <a href="http://packages.debian.org/testing/net/shorewall.html">Debian Testing Branch</a> and the <a href="http://packages.debian.org/unstable/net/shorewall.html">Debian Unstable Branch</a>. Additionally, packages for the current Debian stable release are available from the package maintainer's <a href="http://people.connexer.com/%7Eroberto/debian/">personal page</a>. </p> </li> <li> <p style="margin-bottom: 0in;">If you run <a href="http://leaf.sourceforge.net/">LEAF/Bering</a> or one if it's derivatives, you can download a .lrp file from the Leaf site.<br> <br> From the LEAF Bering-uClibc Team: We try to provide the latest stable version shortly after release, but we also want to do some internal tests before making it available. So we may be behind sometimes. But better be sure that the new version is running on LEAF, than being too fast...<br> <br> I know it's not obvious for newbies where to find the lrp on our pages.<br> <br> shorewall.lrp is part of the packages page:<br> <br> <a href="http://leaf.sourceforge.net/bering-uclibc/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=3&MMN_position=3:3">http://leaf.sourceforge.net/bering-uclibc/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=3&MMN_position=3:3</a><br> <br> which itself links to cvs:<br> <br> <a href="http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/bin/bering-uclibc/packages/shorwall.lrp?rev=HEAD&content-type=application/octet-stream">http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/bin/bering-uclibc/packages/shorwall.lrp?rev=HEAD&content-type=application/octet-stream</a></p> </li> <li> <p>Otherwise, download the <i>shorewall</i> module (.tgz) </p> </li> </ul> <p>You will probably also want to download the HTML version of the documentation for easy reference.</p> <h2><a name="Updates"></a>Finding Updates that Correct Known Problems</h2> <p>Beginning with Shorewall 4.0.6, updated packages that include fixes to known problems are made available.</p> <p>Example:</p> <blockquote> <pre>ftp> cd pub/shorewall/4.0/shorewall-4.0.6<br>250 OK. Current directory is /pub/shorewall/4.0/shorewall-4.0.6<br>ftp> ls<br>200 PORT command successful<br>150 Connecting to port 36018<br>drwxr-sr-x 4 1006 8 4096 Dec 1 08:16 .<br>drwxr-sr-x 9 1006 8 4096 Nov 23 08:22 ..<br>-rw-r--r-- 1 1006 8 194 Nov 24 07:38 4.0.6-2.md5sums<br>-rw-r--r-- 1 1006 8 218 Nov 24 07:38 4.0.6-2.sha1sums<br>-rw-r--r-- 1 1006 8 841 Nov 26 13:26 4.0.6.md5sums<br>-rw-r--r-- 1 1006 8 945 Nov 26 13:26 4.0.6.sha1sums<br>-rw-r--r-- 1 1006 8 322 Nov 26 08:35 README.txt<br>drwxr-xr-x 4 1006 8 4096 Nov 23 17:16 errata<br>drwxr-xr-x 4 1006 8 4096 Nov 23 08:21 <strong>base</strong> -rw-r--r-- 1 1006 8 1570 Dec 1 08:16 known_problems.txt -rw-r--r-- 1 1006 8 148363 Nov 23 08:22 patch-4.0.6 -rw-r--r-- 1 1006 8 5249 Nov 24 07:38 <strong>patch-4.0.6-2</strong> ... -rw-r--r-- 1 1006 8 102295 Nov 24 07:38 shorewall-perl-4.0.6<strong>-2</strong>.noarch.rpm <=========<br>-rw-r--r-- 1 1006 8 99884 Nov 24 07:38 shorewall-perl-4.0.6<strong>-2</strong>.tar.bz2 <========= <br>-rw-r--r-- 1 1006 8 300 Nov 24 07:38 shorewall-perl-4.0.6<strong>-2</strong>.tar.bz2.asc <=========<br>-rw-r--r-- 1 1006 8 124814 Nov 24 07:38 shorewall-perl-4.0.6<strong>-2</strong>.tgz <=========<br>-rw-r--r-- 1 1006 8 300 Nov 24 07:38 shorewall-perl-4.0.6<strong>-2</strong>.tgz.asc <=========<br>-rw-r--r-- 1 1006 8 59124 Nov 23 08:22 shorewall-shell-4.0.6-1.noarch.rpm<br>-rw-r--r-- 1 1006 8 76500 Nov 23 08:22 shorewall-shell-4.0.6.tar.bz2<br>-rw-r--r-- 1 1006 8 300 Nov 23 08:22 shorewall-shell-4.0.6.tar.bz2.asc<br>-rw-r--r-- 1 1006 8 95193 Nov 23 08:22 shorewall-shell-4.0.6.tgz<br>-rw-r--r-- 1 1006 8 300 Nov 23 08:22 shorewall-shell-4.0.6.tgz.asc<br>drwxr-sr-x 2 1006 8 4096 Nov 26 08:33 <strong>superseded</strong> 226-Options: -a -l 226 41 matches total ftp</pre> </blockquote> <blockquote> <p>The lines flagged with <====== show that the Shorewall-perl package has been updated to include a bug fix (note the "-2" in the version). The base tarballs for the release are found in the <strong>base</strong> directory. The unified diff file name <strong>patch-4.0.6-2</strong> may be applied to the base (4.0.6) Shorewall-perl release to produce 4.0.6-2. The original Shorewall-perl packages may be found in the <strong>superseded</strong> directory. Note that the fixes are still available in the <strong>errata</strong> directory; the <strong>known_problems.txt</strong> file indicates which problems are fixed in each updated package.</p> </blockquote> <h2><a name="Sites"></a><b>Download Sites</b></h2> <p style="margin-left: 0.42in;">Use the sites below to download the <b>tarball</b>, the <b>documentation</b> and the <b>standard RPM</b> for (<b>SUSE</b>, <b>Power PPC</b>, <b>Trustix</b> and <b>TurboLinux</b>).<br> <br> Packages are GPG signed, please <b>verify the integrity of the files</b> using our public key <a href="https://lists.shorewall.net/shorewall.gpg.key">https://lists.shorewall.net/shorewall.gpg.key</a> </p> <dl> <dd> <table border="2" cellpadding="2" cellspacing="2"> <tbody> <tr> <td> <p><b>SERVER LOCATION</b></p> </td> <td> <p><b>DOMAIN</b></p> </td> <td> <p><b>HTTP</b></p> </td> <td> <p><b>FTP</b></p> </td> </tr> <tr> <td> <p>Slovak Republic</p> </td> <td> <p>Shorewall.net</p> </td> <td> <p><a href="http://slovakia.shorewall.net/pub/shorewall/">Browse</a></p> </td> <td> <p><a href="ftp://slovakia.shorewall.net/mirror/shorewall/" target="_blank">Browse</a></p> </td> </tr> <tr> <td> <p>Seattle, Washington, USA<span style="font-weight: bold;"></span><br> </p> </td> <td> <p>Shorewall.net</p> </td> <td> <p><a href="http://www.shorewall.net/pub/shorewall/">Browse</a></p> </td> <td> <p><a href="ftp://ftp.shorewall.net/pub/shorewall/" target="_blank">Browse</a></p> </td> </tr> <tr> <td> <p>Frankfurt/Main, Germany</p> </td> <td> <p>Shorewall.de</p> </td> <td> <p><a href="http://www.shorewall.de/pub/shorewall/">Browse</a></p> </td> <td> <p>N/A</p> </td> </tr> <tr> <td> <p>Shoreline, Wa, USA</p> </td> <td> <p>Shorewall.net</p> </td> <td> <p><a href="http://www1.shorewall.net/pub/shorewall/">Browse</a></p> </td> <td> <p><a href="ftp://ftp1.shorewall.net/pub/shorewall" target="_top">Browse</a></p> </td> </tr> <tr> <td> <p>Australia<br> </p> </td> <td> <p>Shorewall.com.au</p> </td> <td> <p><a href="http://www.shorewall.com.au/" target="_top">Browse</a></p> </td> <td> <p>N/A</p> </td> </tr> <tr valign="top"> <td> <p>Argentina</p> </td> <td> <p>Shorewall.net</p> </td> <td> <p><a href="http://argentina.shorewall.net/pub/shorewall/shorewall">Browse</a></p> </td> <td> <p>N/A<br> </p> </td> </tr> <tr> <td style="vertical-align: top;">Chicago, Illinois, USA (Incomplete)<br> </td> <td style="vertical-align: top;">Sourceforge.net<br> </td> <td style="vertical-align: top;"><a href="http://sourceforge.net/project/showfiles.php?group_id=22587">Browse</a></td> <td style="vertical-align: top;">N/A</td> </tr> </tbody> </table> </dd> </dl> <p style="margin-left: 0.42in;"><b>Redhat</b> and <b>Fedora</b> RPMS provided by Simon Matter: <a href="http://www.invoca.ch/pub/packages/shorewall/">http://www.invoca.ch/pub/packages/shorewall/</a><br> <br> <b>Mandriva</b> RPMS provided by Jack Coates: <a href="http://www.monkeynoodle.org/comp/net/shorewall/">http://www.monkeynoodle.org/comp/net/shorewall/</a><br> <br> <b>Slackware</b> packages created by JMedina. You can <a href="http://tuxjm.net/downloads/source/testing-10.2/">download them from his site</a>.<br> <br> <b>OpenWRT</b> package provided by Marc Zonzon: <a href="http://www.iut-lannion.fr/ZONZON/memos_index.php?part=Network&section=WRTMemo&subsec=shorewall">http://www.iut-lannion.fr/ZONZON/memos_index.php?part=Network&section=WRTMemo&subsec=shorewall</a><br> <br> <b>Leaf/Bering </b>package is available at <a href="http://leaf.sourceforge.net/bering-uclibc/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=3&MMN_position=3:3">http://leaf.sourceforge.net/bering-uclibc/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=3&MMN_position=3:3</a><br> </p> <h2><a name="SVN"></a><b>SVN</b></h2> <blockquote> The <a href="https://sourceforge.net/svn/?group_id=22587" target="_blank">SVN Repository at Sourceforge</a> is used as a safe-store for Shorewall releases.<br> <br> You should download and use the latest SVN version only <b>at your own risk</b> -- <strong>please do not attempt to install Shorewall from the SVN components; you will end up with an incomplete and non-working installation. </strong> <p>If you want to build your own packages from the SVN images, use the build script found in tools/build/buildshorewall.</p> <p>If you are looking for bug fixes for the current release, see <a href="#Updates">above.</a><br> <br> The following SVN projects are currently active:<br> </p> </blockquote> <ol> <li> <blockquote> <p><span style="font-weight: bold;">branches</span></p> <p>This project contains sub-projects for each of the stable releases.</p> <p>The current <strong>stable</strong> version is branch named x.y where x.y is the major version. Example: 3.4. <br> </p> <p>You can download it using the following commands: <br> <br> <span style="font-weight: bold;">svn co https://shorewall.svn.sourceforge.net/svnroot/shorewall/branches/x.y/Shorewall</span></p> </blockquote> </li> <li> <blockquote> <b>Shorewall<br> <br> </b>This project contains the Shorewall code.<br> This project was renamed Shorewall-common in Shorewall 3.9.1.<br> </blockquote> </li> <li> <blockquote> <b>Shorewall-common<br> <br> </b>Beginning with Shorewall 3.9.1, this project contains the code common to any Shorewall configuration. It contains no compiler.<br> 'trunk' is the current development version.<br> <br> You can download it using the following commands: <br> <br> <span style="font-weight: bold;">svn co https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk/Shorewall-common</span><br> <span style="font-weight: bold;"></span></blockquote> </li> <li> <blockquote> <span style="font-weight: bold;">Shorewall-shell</span><br> <br> Beginning with Shorewall 3.9.1, this project contains the legacy compiler written in Bourne shell. The current development version is in 'trunk.<br> <br> You can download it using the following commands: <br> <br> <span style="font-weight: bold;">svn co https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk/Shorewall-shell</span></blockquote> </li> <li> <blockquote> <span style="font-weight: bold;">Shorewall-perl<br> <br> </span>Beginning with Shorewall 3.9.0, this project contains the new compiler written in Perl. The current development version is in 'trunk'.<br> <br> You can download it using the following commands: <br> <br> <span style="font-weight: bold;">svn co https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk/Shorewall-perl</span></blockquote> </li> <li> <blockquote> <span style="font-weight: bold;">manpages<br> </span><br> Beginning with Shorewall 3,4,0, this project contains the man pages for Shorewall. 'trunk' is the current development version.<br> <br> You can download it using the following commands: <br> <br> <span style="font-weight: bold;">svn co https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk/manpages</span></blockquote> </li> <li> <blockquote> <span style="font-weight: bold;">manpages-lite<br> </span><br> Beginning with Shorewall 3.4.0, this project contains the man pages for Shorewall Lite. 'trunk' is the current development version.<br> <br> You can download it using the following commands: <br> <br> <span style="font-weight: bold;">svn co https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk/manpages-lite</span></blockquote> </li> <li> <blockquote> <span style="font-weight: bold;">docs</span><br> <b><br> </b>This project contains the Shorewall documenation.<br> trunk is the current development version. <br> <br> <br> You can always get the current documentation in XML Docbook format using the following command: <br> <br> <span style="font-weight: bold;">svn co https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk/docs</span></blockquote> </li> <li> <blockquote> <b>web<br> <br> </b>The project contains the part of this Web site not included in the "docs" project. </blockquote> </li> <li> <blockquote> <b>tools<br> <br> </b>This project includes the tools used by the Shorewall developers to build Shorewall releases and to publish content to the web sites.</blockquote> </li> <li> <blockquote> <b>Samples<br> <br> </b>This project contains the sample configurations.</blockquote> </li> <li> <blockquote> <b>Shorewall-lite<br> <br> </b>This project contains Shorewall Lite -- introduced in Shorewall version 3.2.0 RC1.</blockquote> </li> </ol> </body> </html>