forked from extern/shorewall_code
f127babe5d
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4064 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
83 lines
2.8 KiB
Plaintext
83 lines
2.8 KiB
Plaintext
Shorewall Lite 3.2.0 RC 3
|
|
|
|
Problems Corrected in 3.2.0 RC 2
|
|
|
|
1) The /usr/share/shorewall-lite/configpath file has been corrected to
|
|
correctly refer to /usr/share/shorewall-lite/.
|
|
|
|
2) The /etc/shorewall-lite/Makefile has been corrected to refer to the
|
|
proper directories.
|
|
|
|
3) The /usr/share/shorewall-lite/shorecap program has been corrected
|
|
to refer to the proper directories and to correct a typo that
|
|
prevented the program for detecting any capabilities.
|
|
|
|
Other changes in 3.2.0 RC 3
|
|
|
|
None.
|
|
|
|
New Features:
|
|
|
|
Shorewall Lite is a companion product to Shorewall and is designed to
|
|
allow you to maintain all Shorewall configuration information on a
|
|
single system within your network.
|
|
|
|
a) You install the full Shorewall release on one system within your
|
|
network. You need not configure Shorewall there and you may totally
|
|
disable startup of Shorewall in your init scripts. For ease of
|
|
reference, we call this system the 'administrative system'.
|
|
|
|
b) On each system where you wish to run a Shorewall-generated firewall,
|
|
you install Shorewall Lite. For ease of reference, we will call these
|
|
systems the 'firewall systems'.
|
|
|
|
c) On the administrative system you create a separete 'configuration
|
|
directory' for each firewall system. You copy the contents of
|
|
/usr/share/shorewall/configfiles into each configuration directory.
|
|
|
|
d) On each firewall system, you run:
|
|
|
|
/usr/share/shorewall/shorecap > capabilities
|
|
scp capabilities <admin system>:<this system's config dir>
|
|
|
|
e) On the administrative system, for each firewall system you:
|
|
|
|
1) modify the files in the corresponding configuration
|
|
directory appropriately.
|
|
|
|
2) (this may be done as a non-root user)
|
|
|
|
cd <configuration directory>
|
|
/sbin/shorewall compile -e . firewall
|
|
scp firewall root@<firewall system>:/usr/share/shorewall/
|
|
|
|
3) On the firewall system, 'shorewall start'.
|
|
|
|
It is possible to have both shorewall and Shorewall Lite
|
|
installed on the same system if you use RPM. Regardless of whether
|
|
you use RPM or the installer, Shorewall Lite directory names have
|
|
been change from 'shorewall' to 'shorewall-lite':
|
|
|
|
/etc/shorewall -> /etc/shorewall-lite
|
|
/usr/share/shorewall -> /usr/share/shorewall-lite
|
|
/var/lib/shorewall -> /var/lib/shorewall-lite
|
|
|
|
If you use the RPMs, whichever package is installed first will
|
|
determine which package /sbin/shorewall invokes. /sbin/shorewall is
|
|
now a symbolic link created by 'rpm':
|
|
|
|
Shorewall: /sbin/shorewall points to /usr/share/shorewall/shorewall
|
|
Shorewall Lite:
|
|
/sbin/shorewall points to /usr/share/shorewall/shorewall-lite
|
|
|
|
You may use the 'ln -sf' command to change from one to the other:
|
|
|
|
To use 'Shorewall' rather than 'Shorewall Lite'
|
|
|
|
ln -sf /usr/share/shorewall/shorewall /sbin/shorewall
|
|
|
|
To use 'Shorewall Lite' rather than 'Shorewall'
|
|
|
|
ln -sf /usr/share/shorewall-lite/shorewall /sbin/shorewall
|
|
|