Prior to 20:00 20 Sept 2001 GMT, the link under 1.1.13 pointed to a broken version of the firewall script. This has now been corrected. I apologize for any confusion this may have caused.
In the original .lrp, /etc/init.d/shorewall was not secured for execute access. I have replaced the incorrect .lrp (shorwall-1.1.18.lrp) with a corrected one (shorwall-1.1.18a.lrp).
In shorewall.conf, ADD_IP_ALIASES was incorrectly spelled IP_ADD_ALIASAES. There is a corrected version of the file here.
This problem is also corrected in version 1.1.18.
The ADD_IP_ALIASES variable added in 1.1.16 was incorrectly spelled IP_ADD_ALIASES in the firewall script. To correct this problem, install the corrected firewall script in the location pointed to by the symbolic link /etc/shorewall/firewall.
This problem is also corrected in version 1.1.17.
There are no corrections for these versions.
The firewall fails to start if a rule with the following format is given:
<disposition> z1:www.xxx.yyy.zzz z2 proto p1,p2,p3
To correct this problem, install this corrected firewall script in the location pointed to by the symbolic link /etc/shorewall/firewall.
The LRP version of Shorewall 1.1.12 has the incorrect /etc/shorewall/functions file. This incorrect file results in many error messages of the form:
separate_list: not found
The correct file may be obtained here . This problem is also corrected in version 1.1.13.
There are no known problems with this version.
If the following conditions were met:
A LAN segment attached to the firewall was served by a DHCP server running on the firewall.
There were entries in /etc/shorewall/hosts that referred to the interface to that LAN segment.
then up until now it has been necessary to include entries for 0.0.0.0 and 255.255.255.255 for that interface in /etc/shorewall/hosts. This version of the firewall script makes those additions unnecessary provided that you simply include "dhcp" in the options for the interface in /etc/shorewall/interfaces. Install the script into the location pointed to by the symbolic link /etc/shorewall/firewall.
This problem has also been corrected in version 1.1.11.
| The shorewall "hits" command lists extraneous service names in the final
report.
This version of the shorewall script
corrects this problem. |
| Under some circumstances, the "dhcp" option on an interface triggers
a bug in the firewall script that results in a "chain already exists"
error.
This version of the firewall script
corrects this problem. Install it into the location pointed to by
the symbolic link /etc/shorewall/firewall. This problem is also corrected in version 1.1.9. |
| If the /etc/shorewall/rules template from version 1.1.7 is used, a warning
message appears during firewall startup: Warning: Invalid Target - rule "@ icmp-unreachable packet." ignored This warning may be eliminated by replacing the "@" in column 1 of line 17 with "#" |
This problem is also corrected in version 1.1.8
Last updated 12/21/2001 - Tom Eastep