In this version: 1) You may now define the contents of a zone dynamically with the "shorewall add" and "shorewall delete" commands. These commands are expected to be used primarily within FreeS/Wan updown scripts. 2) Shorewall can now do MAC verification on ethernet segments. You can specify the set of allowed MAC addresses on the segment and you can optionally tie each MAC address to an IP address. 3) PPTP Servers and Clients running on the firewall system may now be defined in the /etc/shorewall/tunnels file. 4) A new ''ipsecnat'' tunnel type is supported for use when the remote IPSEC endpoint is behind a NAT gateway. 5) The PATH used by Shorewall may now be specified in /etc/shorewall/shorewall.conf. 6) The main firewall script is now /usr/lib/shorewall/firewall. The script in /etc/init.d/shorewall is very small and uses /sbin/shorewall to do the real work. This change makes custom distributions such as for Debian and for Gentoo easier to manage since it is /etc/init.d/shorewall that tends to have distribution-dependent code. If you have installed the 1.3.10 Beta 1 RPM and are now upgrading to version 1.3.10, you will need to use the ''--force'' option: rpm -Uvh --force shorewall-1.3.10-1.noarch.rpm -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Tom Eastep schrieb:> > In this version: > > 1) You may now define the contents of a zone dynamically with the > "shorewall add" and "shorewall delete" commands. These commands > are expected to be used primarily within FreeS/Wan updown scripts. > > 2) Shorewall can now do MAC verification on ethernet segments. You can > specify the set of allowed MAC addresses on the segment and you can > optionally tie each MAC address to an IP address. > > 3) PPTP Servers and Clients running on the firewall system may now be > defined in the /etc/shorewall/tunnels file. > > 4) A new ''ipsecnat'' tunnel type is supported for use when the remote > IPSEC endpoint is behind a NAT gateway. > > 5) The PATH used by Shorewall may now be specified in > /etc/shorewall/shorewall.conf. > > 6) The main firewall script is now /usr/lib/shorewall/firewall. The > script in /etc/init.d/shorewall is very small and uses > /sbin/shorewall to do the real work. This change makes custom > distributions such as for Debian and for Gentoo easier to manage > since it is /etc/init.d/shorewall that tends to have > distribution-dependent code. > > If you have installed the 1.3.10 Beta 1 RPM and are now upgrading to > version 1.3.10, you will need to use the ''--force'' option: > > rpm -Uvh --force shorewall-1.3.10-1.noarch.rpmWell, the really correct way would be: rpm -Uvh --oldpackage shorewall-1.3.10-1.noarch.rpm -Simon> > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users
Paul Gear
2002-Nov-16 05:25 UTC
[Shorewall-devel] Re: [Shorewall-announce] Shorewall 1.3.10
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom Eastep wrote:> > > --On Sunday, November 10, 2002 06:51:31 AM +1000 Paul Gear > <paul@gear.dyndns.org> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Tom Eastep wrote: >> >>> ... >>> If you have installed the 1.3.10 Beta 1 RPM and are now upgrading to >>> version 1.3.10, you will need to use the ''--force'' option: >>> >>> rpm -Uvh --force shorewall-1.3.10-1.noarch.rpm >> >> >> >> If you up the build number to 2, we shouldn''t need to do that... >> > > Next time -- I''m not changing now.Tom (and others), I''ve done some testing and you could put the beta tag in the build number and it should do the trick. I just built a package called test-1.1-0beta1, and then upgraded it to test-1.1-1, and it worked fine. It also prevented me from downgrading when i didn''t use the - --oldpackage flag. If i were deciding on a numbering scheme for beta versions, i''d probably just call them 0.1, 0.2, 0.3, etc. in the build field, and document somewhere that build numbers starting with 0 are betas, but it looks like a number followed by text is acceptable as well. Strangely, i created a package called test-1.1-b1, and it was upgradable to test-1.1-1, but upgrading test-1.1-1 to test-1.1-b1 also worked without complaining. This is probably undesirable behaviour, and starting with a number seems advisable. Regards, Paul -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE91da90yv0OWRYqWwRAqiCAJ0YLutGkJTynOa2Ax/KY0hO2mwemACdECG7 a0b1BRvAK9ByiRghkqZH3HQ=ftvy -----END PGP SIGNATURE-----