I am pleased to announce the availability of Shorewall 3.2.0 RC1 which
include "Shorewall Lite". Here are the Shorewall Lite release notes.
----------------------------------------------------------------------
Shorewall Lite is a companion product to Shorewall and is designed to
allow you to maintain all Shorewall configuration information on a
single system within your network.
a) You install the full Shorewall release on one system within your
network. You need not configure Shorewall there and you may totally
disable startup of Shorewall in your init scripts on that system. For
ease of reference, we call this system the ''administrative
system''.
b) On each system where you wish to run a Shorewall-generated firewall,
you install Shorewall Lite. For ease of reference, we will call these
systems the ''firewall systems''.
c) On the administrative system you create a separete ''configuration
directory'' for each firewall system. You copy the contents of
/usr/share/shorewall/configfiles into each configuration directory.
d) On each firewall system, at root you run:
/usr/share/shorewall/shorecap > capabilities
scp capabilities <admin system>:<this system''s config
dir>
e) On the administrative system, for each firewall system you:
1) modify the files in the corresponding configuration
directory appropriately.
2) (this may be done as a non-root user)
cd <configuration directory>
/sbin/shorewall compile -e . firewall
scp firewall root@<firewall system>:/usr/share/shorewall/
3) On the firewall system, ''shorewall start''.
----------------------------------------------------------------------
The 3.2.0 RC1 release notes are available at
http://www1.shorewall.net/pub/shorewall/development/3.2/shorewall-3.2.0-RC1/releasenotes.txt
The code is available at the normal Download sites in the
/pub/shorewall/development/3.2/shorewall-3.2.0-RC1/ directory.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
I like this! So do all the "firewall systems" need to be at least
version 3.2.0?
Matt Burleigh
Senior Systems Engineer
703-236-0800 ext 790
-----Original Message-----
From: shorewall-users-bounces@lists.sourceforge.net
[mailto:shorewall-users-bounces@lists.sourceforge.net] On Behalf Of Tom
Eastep
Sent: Tuesday, June 06, 2006 2:20 PM
To: Shorewall Announcements; Shorewall Users
Subject: [Shorewall-users] Shorewall 3.2.0 RC 1 with "Shorewall Lite"
I am pleased to announce the availability of Shorewall 3.2.0 RC1 which
include "Shorewall Lite". Here are the Shorewall Lite release notes.
----------------------------------------------------------------------
Shorewall Lite is a companion product to Shorewall and is designed to
allow you to maintain all Shorewall configuration information on a
single system within your network.
a) You install the full Shorewall release on one system within your
network. You need not configure Shorewall there and you may totally
disable startup of Shorewall in your init scripts on that system. For
ease of reference, we call this system the ''administrative
system''.
b) On each system where you wish to run a Shorewall-generated firewall,
you install Shorewall Lite. For ease of reference, we will call these
systems the ''firewall systems''.
c) On the administrative system you create a separete ''configuration
directory'' for each firewall system. You copy the contents of
/usr/share/shorewall/configfiles into each configuration directory.
d) On each firewall system, at root you run:
/usr/share/shorewall/shorecap > capabilities
scp capabilities <admin system>:<this system''s config
dir>
e) On the administrative system, for each firewall system you:
1) modify the files in the corresponding configuration
directory appropriately.
2) (this may be done as a non-root user)
cd <configuration directory>
/sbin/shorewall compile -e . firewall
scp firewall root@<firewall system>:/usr/share/shorewall/
3) On the firewall system, ''shorewall start''.
----------------------------------------------------------------------
The 3.2.0 RC1 release notes are available at
http://www1.shorewall.net/pub/shorewall/development/3.2/shorewall-3.2.0-
RC1/releasenotes.txt
The code is available at the normal Download sites in the
/pub/shorewall/development/3.2/shorewall-3.2.0-RC1/ directory.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Matt Burleigh wrote:> I like this! So do all the "firewall systems" need to be at least > version 3.2.0? >There is currently only one version of Shorewall Lite which is 3.2.0 RC1. So yes. Note that the firewall systems DO NOT HAVE THE FULL SHOREWALL PRODUCT INSTALLED -- they only have Shorewall Lite. In fact, Shorewall and Shorewall Lite may not be installed together. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Simon Matter
2006-Jun-07 11:49 UTC
Re: [Shorewall-announce] Shorewall 3.2.0 RC 1 with "Shorewall Lite"
> I am pleased to announce the availability of Shorewall 3.2.0 RC1 which > include "Shorewall Lite". Here are the Shorewall Lite release notes.While building updated rpms, I found this, and at least the last looks like a typo. Regards, Simon $ diff shorewall-lite-3.2.0-RC1/functions shorewall-3.2.0-RC1/functions 1463c1463 < run_iptables $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix "$prefix" ---> run_iptables $command $chain $@ $limit -j ULOG $LOGPARMS--ulog-prefix \"$prefix\" 1466c1466 < run_iptables $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix "$prefix" ---> run_iptables $command $chain $@ $limit -j LOG $LOGPARMS--log-level $level --log-prefix \"$prefix\" 1701c1701 < --->1726c1726 < else ---> else1764c1764 < save_command "[ \$${dev}_mtu -gt $quantum ] && quantum=\$${dev}_mtu || quantum=$quantum" ---> save_command "[ \$${dev}_mtu -gt $quantum ] &&quantum=\$${dev}_mtu || quantum=$quantum" 1916c1916 < ~*) ---> ~*|!~*)2137c2137 < if [ $(list_count $sourcess) -gt 1 ]; then ---> if [ $(list_count $sources) -gt 1 ]; then
Tom Eastep
2006-Jun-07 13:06 UTC
Re: [Shorewall-announce] Shorewall 3.2.0 RC 1 with "Shorewall Lite"
Hi Simon, Simon Matter wrote:> While building updated rpms, I found this, and at least the last looks > like a typo.Are you referring to this chunk?> 2137c2137 > < if [ $(list_count $sourcess) -gt 1 ]; then > --- >> if [ $(list_count $sources) -gt 1 ]; then-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Simon Matter
2006-Jun-07 13:21 UTC
Re: [Shorewall-announce] Shorewall 3.2.0 RC 1 with "Shorewall Lite"
> Hi Simon, > > Simon Matter wrote: > >> While building updated rpms, I found this, and at least the last looks >> like a typo. > > Are you referring to this chunk?Yes, but not only. I had the impression that also the other lines should look identical. Simon> >> 2137c2137 >> < if [ $(list_count $sourcess) -gt 1 ]; then >> --- >>> if [ $(list_count $sources) -gt 1 ]; then > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >
Tom Eastep
2006-Jun-07 13:44 UTC
Re: [Shorewall-announce] Shorewall 3.2.0 RC 1 with "Shorewall Lite"
Simon Matter wrote:>> Hi Simon, >> >> Simon Matter wrote: >> >>> While building updated rpms, I found this, and at least the last looks >>> like a typo. >> Are you referring to this chunk? > > Yes, but not only. I had the impression that also the other lines should > look identical. > > Simon > >>> 2137c2137 >>> < if [ $(list_count $sourcess) -gt 1 ]; then >>> --- >>>> if [ $(list_count $sources) -gt 1 ]; thenAh -- now I see what the problem is. In SVN, *there is no ''functions'' file in the Shorewall-lite directory (neither are there ''modules'' nor ''xmodules'' files). The ''makeshorewall'' script has been updated to copy those files from Shorewall to Shorewall-lite but I forgot to check in that change. It''s there now. Sorry for the confusion. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key