Shorewall 1.2 Site is Here
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system.
This program is free software; you can redistribute it and/or modify
it under the terms of Version 2 of the GNU General Public License
as published by the Free Software Foundation.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software Foundation,
Inc., 675 Mass Ave, Cambridge, MA 02139, USA
Copyright 2001, 2002 Thomas M. Eastep
The Shorewall .tgz and .rpm files contain a copy of this site -- download Shorewall and you get a copy of the Shorewall portion of this site for the same low price (Free!).
8/7/2002 - Shorewall 1.3.6
This is primarily a bug-fix rollup with a couple of new features:
 | The latest QuickStart Guides including the Shorewall Setup Guide. |
| Shorewall will now DROP TCP packets that are not part of or related to an existing connection and that are not SYN packets. These "New not SYN" packets may be optionally logged by setting the LOGNEWNOTSYN option in /etc/shorewall/shorewall.conf. |
| The processing of "New not SYN" packets may be extended by command in the new newnotsyn extension script. |
7/30/2002 - Shorewall 1.3.5b Released
This interim release:
| Causes the firewall script to remove the lock file if it is killed. |
| Once again allows lists in the second column of the /etc/shorewall/hosts file. |
| Includes the latest QuickStart Guides. |
7/29/2002 - New Shorewall Setup Guide Available
The first draft of this guide is available at http://www.shorewall.net/shorewall_setup_guide.htm. The guide is intended for use by people who are setting up Shorewall to manage multiple public IP addresses and by people who want to learn more about Shorewall than is described in the single-address guides. Feedback on the new guide is welcome.
7/28/2002 - Shorewall 1.3.5 Debian Package Available
Lorenzo Martignoni reports that the packages are version 1.3.5a and are available at http://security.dsi.unimi.it/~lorenzo/debian.html.
7/27/2002 - Shorewall 1.3.5a Released
This interim release restores correct handling of REDIRECT rules.
7/26/2002 - Shorewall 1.3.5 Released
This will be the last Shorewall release for a while. I'm going to be focusing on rewriting a lot of the documentation.
In this version:
| Empty and invalid source and destination qualifiers are now detected in the rules file. It is a good idea to use the 'shorewall check' command before you issue a 'shorewall restart' command be be sure that you don't have any configuration problems that will prevent a successful restart. |
| Added MERGE_HOSTS variable in shorewall.conf to provide saner behavior of the /etc/shorewall/hosts file. |
| The time that the counters were last reset is now displayed in the heading of the 'status' and 'show' commands. |
| A proxyarp option has been added for entries in /etc/shorewall/interfaces. This option facilitates Proxy ARP sub-netting as described in the Proxy ARP subnetting mini-HOWTO (http://www.tldp.org/HOWTO/mini/Proxy-ARP-Subnet/). Specifying the proxyarp option for an interface causes Shorewall to set /proc/sys/net/ipv4/conf/<interface>/proxy_arp. |
| The Samples have been updated to reflect the new capabilities in this release. |
7/16/2002 - New Mirror in Argentina
Thanks to Arturo "Buanzo" Busleiman, there is now a Shorewall mirror in Argentina. Thanks Buanzo!!!
7/16/2002 - Shorewall 1.3.4 Released
In this version:
| A new /etc/shorewall/routestopped file has been added. This file is intended to eventually replace the routestopped option in the /etc/shorewall/interface and /etc/shorewall/hosts files. This new file makes remote firewall administration easier by allowing any IP or subnet to be enabled while Shorewall is stopped. |
| An /etc/shorewall/stopped extension script has been added. This script is invoked after Shorewall has stopped. |
| A DETECT_DNAT_ADDRS option has been added to /etc/shoreall/shorewall.conf. When this option is selected, DNAT rules only apply when the destination address is the external interface's primary IP address. |
| The QuickStart Guide has been broken into three guides and has been almost entirely rewritten. |
| The Samples have been updated to reflect the new capabilities in this release. |
7/8/2002 - Shorewall 1.3.3 Debian Package Available
Lorenzo Martignoni reports that the packages are available at http://security.dsi.unimi.it/~lorenzo/debian.html.
7/6/2002 - Shorewall 1.3.3 Released
In this version:
| Entries in /etc/shorewall/interface that use the wildcard character ("+") now have the "multi" option assumed. |
| The 'rfc1918' chain in the mangle table has been renamed 'man1918' to make log messages generated from that chain distinguishable from those generated by the 'rfc1918' chain in the filter table. |
| Interface names appearing in the hosts file are now validated against the interfaces file. |
| The TARGET column in the rfc1918 file is now checked for correctness. |
| The chain structure in the nat table has been changed to reduce the number of rules that a packet must traverse and to correct problems with NAT_BEFORE_RULES=No. |
| The 'hits' command has been enhanced. |
The
Shorewall Project uses facilities provided by SourceForge.
Jacques Nilo and Eric Wolzak have a LEAF distribution called Bering
that features Shorewall-1.3.3 and Kernel-2.4.18. You can find their work at:
http://leaf.sourceforge.net/devel/jnilo
Updated 7/29/2002 - Tom Eastep