Shorewall 1.3 - "iptables made easy"

What is it?

The Shoreline Firewall, more commonly known as "Shorewall",  is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system.

This program is free software; you can redistribute it and/or modify it under the terms of Version 2 of the GNU General Public License as published by the Free Software Foundation.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA

Copyright 2001, 2002 Thomas M. Eastep

 Jacques Nilo and Eric Wolzak have a LEAF distribution called Bering that features Shorewall-1.3.3 and Kernel-2.4.18. You can find their work at: http://leaf.sourceforge.net/devel/jnilo

News

8/26/2002 - Shorewall 1.3.7b

This is a role up of the "shorewall refresh" bug fix and the change which reverses the order of "dhcp" and "norfc1918" checking.

8/26/2002 - French FTP Mirror is Operational

ftp://france.shorewall.net/pub/mirrors/shorewall is now available.

8/25/2002 - Shorewall Mirror in France

Thanks to a Shorewall user in Paris, the Shorewall web site is now mirrored at http://france.shorewall.net.

8/25/2002 - Shorewall 1.3.7a Debian Packages Available

Lorenzo Martignoni reports that the packages for version 1.3.7a are available at http://security.dsi.unimi.it/~lorenzo/debian.html.

8/22/2002 - Shorewall 1.3.7 Wins a Brown Paper Bag Award for its Author -- Shorewall 1.3.7a released

1.3.7a corrects problems occurring in rules file processing when starting Shorewall 1.3.7.

8/22/2002 - Shorewall 1.3.7 Released

Features in this release include:

• The 'icmp.def' file is now empty! The rules in that file were required in ipchains firewalls but are not required in Shorewall. Users who have ALLOWRELATED=No in shorewall.conf should see the Upgrade Issues.
• A 'FORWARDPING' option has been added to shorewall.conf. The effect of setting this variable to Yes is the same as the effect of adding an ACCEPT rule for ICMP echo-request in /etc/shorewall/icmpdef. Users who have such a rule in icmpdef are encouraged to switch to FORWARDPING=Yes.
• The loopback CLASS A Network (127.0.0.0/8) has been added to the rfc1918 file.
• Shorewall now works with iptables 1.2.7.
• The documentation and Web site no longer use FrontPage themes.

I would like to thank John Distler for his valuable input regarding TCP SYN and ICMP treatment in Shorewall. That input has led to marked improvement in Shorewall in the last two releases.

8/13/2002 - Documentation in the CVS Repository

The Shorewall-docs project now contains just the HTML and image files - the Frontpage files have been removed.

8/7/2002 - STABLE branch added to CVS Repository

This branch will only be updated after I release a new version of Shorewall so you can always update from this branch to get the latest stable tree.

8/7/2002 - Upgrade Issues section added to the Errata Page

Now there is one place to go to look for issues involved with upgrading to recent versions of Shorewall.

8/7/2002 - Shorewall 1.3.6

This is primarily a bug-fix rollup with a couple of new features:

• The latest QuickStart Guides including the Shorewall Setup Guide.
• Shorewall will now DROP TCP packets that are not part of or related to an existing connection and that are not SYN packets. These "New not SYN" packets may be optionally logged by setting the LOGNEWNOTSYN option in /etc/shorewall/shorewall.conf.
• The processing of "New not SYN" packets may be extended by commands in the new newnotsyn extension script.

More News

Donations