Shorewall 1.3 - "iptables made easy"

What is it?

The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system.

This program is free software; you can redistribute it and/or modify it under the terms of Version 2 of the GNU General Public License as published by the Free Software Foundation.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA

Copyright 2001, 2002 Thomas M. Eastep

Jacques Nilo and Eric Wolzak have a LEAF distribution called Bering that features Shorewall-1.3.3 and Kernel-2.4.18. You can find their work at: http://leaf.sourceforge.net/devel/jnilo

News

9/30/2002 - Shorewall 1.3.9a 

9/30/2002 - TUNNELS Broken in 1.3.9!!! 

9/28/2002 - Shorewall 1.3.9 

In this version:

• DNS Names are now allowed in Shorewall config files (although I recommend against using them).
• The connection SOURCE may now be qualified by both interface and IP address in a Shorewall rule.
• Shorewall startup is now disabled after initial installation until the file /etc/shorewall/startup_disabled is removed. This avoids nasty surprises at reboot for users who install Shorewall but don't configure it.
• The 'functions' and 'version' files and the 'firewall' symbolic link have been moved from /var/lib/shorewall to /usr/lib/shorewall to appease the LFS police at Debian.
  

9/23/2002 - Full Shorewall Site/Mailing List Archive Search Capability Restored

1. Mailing List Archive Search was not available.
2. The Site Search index was incomplete
3. Only one page of matches was presented.

9/18/2002 - Debian 1.3.8 Packages Available 

Apt-get sources listed at http://security.dsi.unimi.it/~lorenzo/debian.html

9/16/2002 - Shorewall 1.3.8

In this version:

• A NEWNOTSYN option has been added to shorewall.conf. This option determines whether Shorewall accepts TCP packets which are not part of an established connection and that are not 'SYN' packets (SYN flag on and ACK flag off).
• The need for the 'multi' option to communicate between zones za and zb on the same interface is removed in the case where the chain 'za2zb' and/or 'zb2za' exists. 'za2zb' will exist if:
  • There is a policy for za to zb; or
  • There is at least one rule for za to zb.

• The /etc/shorewall/blacklist file now contains three columns. In addition to the SUBNET/ADDRESS column, there are optional PROTOCOL and PORT columns to block only certain applications from the blacklisted addresses.
  

9/11/2002 - Debian 1.3.7c Packages Available

Apt-get sources listed at http://security.dsi.unimi.it/~lorenzo/debian.html.

9/2/2002 - Shorewall 1.3.7c

This is a role up of a fix for "DNAT" rules where the source zone is $FW (fw).

8/26/2002 - Shorewall 1.3.7b

This is a role up of the "shorewall refresh" bug fix and the change which reverses the order of "dhcp" and "norfc1918" checking.

8/26/2002 - French FTP Mirror is Operational

ftp://france.shorewall.net/pub/mirrors/shorewall is now available.

8/25/2002 - Shorewall Mirror in France

Thanks to a Shorewall user in Paris, the Shorewall web site is now mirrored at http://france.shorewall.net.

More News

Donations