Shorewall Errata for Version 1.1

To those of you who downloaded the 1.1.13 updated firewall script prior to Sept 20, 2001:

Prior to 20:00 20 Sept 2001 GMT, the link under 1.1.13 pointed to a broken version of the firewall script. This has now been corrected. I apologize for any confusion this may have caused.

Version 1.1.18

In the original .lrp, /etc/init.d/shorewall was not secured for execute access. I have replaced the incorrect .lrp (shorwall-1.1.18.lrp) with a corrected one (shorwall-1.1.18a.lrp).

Version 1.1.17

In shorewall.conf, ADD_IP_ALIASES was incorrectly spelled IP_ADD_ALIASAES. There is a corrected version of the file here.

This problem is also corrected in version 1.1.18.

Version 1.1.16

The ADD_IP_ALIASES variable added in 1.1.16 was incorrectly spelled IP_ADD_ALIASES in the firewall script. To correct this problem, install the corrected firewall script in the location pointed to by the symbolic link /etc/shorewall/firewall.

This problem is also corrected in version 1.1.17.

Version 1.1.14-1.1.15

There are no corrections for these versions.

Version 1.1.13

The firewall fails to start if a rule with the following format is given:

<disposition>    z1:www.xxx.yyy.zzz    z2    proto    p1,p2,p3

To correct this problem, install this corrected firewall script in the location pointed to by the symbolic link /etc/shorewall/firewall. 

Version 1.1.12

The LRP version of Shorewall 1.1.12 has the incorrect /etc/shorewall/functions file. This incorrect file results in many error messages of the form:

separate_list: not found

The correct file may be obtained here . This problem is also corrected in version 1.1.13.

Version 1.1.11

There are no known problems with this version.

Version 1.1.10

If the following conditions were met:

1. A LAN segment attached to the firewall was served by a DHCP server running on the firewall.

2. There were entries in /etc/shorewall/hosts that referred to the interface to that LAN segment.

then up until now it has been necessary to include entries for 0.0.0.0 and 255.255.255.255 for that interface in /etc/shorewall/hosts. This version of the firewall script makes those additions unnecessary provided that you simply include "dhcp" in the options for the interface in /etc/shorewall/interfaces. Install the script into the location pointed to by the symbolic link /etc/shorewall/firewall.

This problem has also been corrected in version 1.1.11.

Version 1.1.9

• The shorewall "hits" command lists extraneous service names in the final report. This version of the shorewall script corrects this problem.
  

Version 1.1.8

• Under some circumstances, the "dhcp" option on an interface triggers a bug in the firewall script that results in a "chain already exists" error. This version of the firewall script corrects this problem. Install it into the location pointed to by the symbolic link /etc/shorewall/firewall.
  
  This problem is also corrected in version 1.1.9.
  

Version 1.1.7

• If the /etc/shorewall/rules template from version 1.1.7 is used, a warning message appears during firewall startup:
  
      Warning: Invalid Target - rule "@ icmp-unreachable packet." ignored
  
  This warning may be eliminated by replacing the "@" in column 1 of line 17 with "#"

This problem is also corrected in version 1.1.8

Last updated 12/21/2001 - Tom Eastep

Copyright © 2001, 2002 Thomas M. Eastep.