Shorwall Logo (Shorewall Logo)

Shorewall 1.4 "iptables made easy"

Shorewall 1.3 Site is here

What is it?

The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system.

This program is free software; you can redistribute it and/or modify it under the terms of Version 2 of the GNU General Public License as published by the Free Software Foundation.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA

Copyright 2001, 2002, 2003 Thomas M. Eastep

Jacques Nilo and Eric Wolzak have a LEAF (router/firewall/gateway on a floppy, CD or compact flash) distribution called Bering that features Shorewall-1.3.14 and Kernel-2.4.20. You can find their work at: http://leaf.sourceforge.net/devel/jnilo

Congratulations to Jacques and Eric on the recent release of Bering 1.1!!!

This is a mirror of the main Shorewall web site at SourceForge (http://shorewall.sf.net)

News

3/24/2003 - Shorewall 1.4.1 (New)

This release follows up on 1.4.0. It corrects a problem introduced in 1.4.0 and removes additional warts.

Problems Corrected:
  1. When Shorewall 1.4.0 is run under the ash shell (such as on Bering/LEAF), it can attempt to add ECN disabling rules even if the /etc/shorewall/ecn file is empty. That problem has been corrected so that ECN disabling rules are only added if there are entries in /etc/shorewall/ecn.
New Features:
Note: In the list that follows, the term group refers to a particular network or subnetwork (which may be 0.0.0.0/0 or it may be a host address) accessed through a particular interface. Examples:
eth0:0.0.0.0/0
eth2:192.168.1.0/24
eth3:192.0.2.123
You can use the "shorewall check" command to see the groups associated with each of your zones.
  1. Beginning with Shorewall 1.4.1, if a zone Z comprises more than one group then if there is no explicit Z to Z policy and there are no rules governing traffic from Z to Z then Shorewall will permit all traffic between the groups in the zone.
  2. Beginning with Shorewall 1.4.1, Shorewall will never create rules to handle traffic from a group to itself.
  3. A NONE policy is introduced in 1.4.1. When a policy of NONE is specified from Z1 to Z2:
  • There may be no rules created that govern connections from Z1 to Z2.
  • Shorewall will not create any infrastructure to handle traffic from Z1 to Z2.
See the upgrade issues for a discussion of how these changes may affect your configuration.

More News

Donations

Shorewall is free but if you try it and find it useful, please consider making a donation to Starlight Children's Foundation. Thanks!

Updated 3/21/2003 - Tom Eastep