Displaying 20 results from an estimated 10000 matches similar to: "Thoughts on Shorewall 2.0"
2003 Feb 21
0
Shorewall 1.4.0 Beta 1
The first 1.4.0 Beta is now available at:
http://www.shorewall.net/pub/shorewall/Beta
ftp://ftp.shorewall.net/pub/shorewall/Beta
Function from 1.3 that has been omitted from this version includes:
1) The MERGE_HOSTS variable in shorewall.conf is no longer
supported. Shorewall 1.4 behavior is the same as 1.3 with
MERGE_HOSTS=Yes.
2. Interface names of the form
2003 Feb 19
0
Proposed Shorewall 1.4.0 Content
Here is the proposed content -- I''m looking for a Beta to start in the
next week or so with release around the middle of next month. The main
focus of 1.4 will be to provide external behavior similar to the
upcoming 2.0 release.
Function from 1.3 that has been omitted from this version includes:
1) The MERGE_HOSTS variable in shorewall.conf is no longer
supported. Shorewall 1.4
2003 Mar 05
3
Shorewall 1.4.0 RC1
The first release candidate is now available at:
http://www.shorewall.net/pub/shorewall/Beta
ftp://ftp.shorewall.net/pub/shorewall/Beta
The only change between Beta 1 and RC1 is that the ''check'' command is back
in RC1.
Function from 1.3 that has been omitted from this version includes:
1) The MERGE_HOSTS variable in shorewall.conf is no longer
supported. Shorewall 1.4
2003 Feb 27
6
Shorewall 1.4.0 Beta 2
The second Beta is now available at:
http://www.shorewall.net/pub/shorewall/Beta
ftp://ftp.shorewall.net/pub/shorewall/Beta
Function from 1.3 that has been omitted from this version includes:
1) The ''check'' command is no longer supported.
2) The MERGE_HOSTS variable in shorewall.conf is no longer
supported. Shorewall 1.4 behavior is the same as 1.3 with
MERGE_HOSTS=Yes.
2003 Jan 25
0
Shorewall 1.3.14 Beta 1
Beta 1 is now available at:
http://www.shorewall.net/pub/shorewall/Beta
ftp://ftp.shorewall.net/pub/shorewall/Beta
Features include:
1) An OLD_PING_HANDLING option has been added to shorewall.conf. When
set to Yes, Shorewall ping handling is as it has always been (see
http://www.shorewall.net/ping.html).
When OLD_PING_HANDLING=No, icmp echo (ping) is handled via rules and
2003 Feb 04
11
About Shorewall 1.3.14
It is my plan that the upcoming release of Shorewall (1.3.14) will
definitely be the last of the 1.3.x releases and will very probably be the
last release of Shorewall 1.x.x.
I will continue to support Shorewall 1.3 but will be making no more
enhancements to it. I will be devoting my time to Shorewall 2.
If anyone is interested in taking over the development of Shorewall 1,
please let me
2005 Mar 15
2
New feature for Shorewall 2.2.3
The following is taken from the Release notes for 2.2.3 (which will be
released in a month or so).
2) There has been ongoing confusion about how the
/etc/shorewall/routestopped file works. People understand how it
works with the ''shorewall stop'' command but when they read that
''shorewall restart'' is logically equivalent to ''shorewall
2003 Feb 08
1
Shorewall 1.3.14
Shorewall 1.3.14 is now available. Thanks go to Francesca Smith for
helping with updating the sample configurations.
New in 1.3.14:
1) An OLD_PING_HANDLING option has been added to shorewall.conf. When
set to Yes, Shorewall ping handling is as it has always been (see
http://www.shorewall.net/ping.html).
When OLD_PING_HANDLING=No, icmp echo (ping) is handled via rules and
2005 Apr 07
4
Shorewall 2.2.3
http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.3
ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.3
Problems Corrected:
1) If a zone is defined in /etc/shorewall/hosts using
<interface>:!<network> in the HOSTS column then startup errors occur
on "shorewall [re]start".
2) Previously, if "shorewall status" was run on a system whose kernel
lacked
2002 Aug 26
0
"shorewall refresh" bug in Shorewall 1.3.7a
"shorewall refresh" is not handling FORWARDPING=Yes properly in 1.3.7a. After
a refresh, the configuration is the same as it would be with FORWARDPING=No.
There''s a corrected firewall script available from
http://www.shorewall.net/errata.htm.
Sorry for the inconvenience...
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ:
2002 Aug 22
0
Shorewall 1.3.7
This is a bug-fix roleup together with changes to the way ICMP is handled=
=2E
1) The ''icmp.def'' file is now empty! The rules in that file were
required in ipchains firewalls but are not required in Shorewall.
Users who have ALLOWRELATED=3DNo in shorewall.conf should see the
Upgrade Issues.
2) A ''FORWARDPING'' option has been added to shorewall.conf.
2004 Sep 16
0
Shorewall-2.1.9
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.9
ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.9
Problems Corrected:
1) IP ranges in the routestopped and tunnels files now work.
2) Rules where an IP range appears in both the source and destination
~ now work correctly.
3) With complex proxy arp configurations involving two or
2002 Dec 19
0
Another Little Patch
--==========1943392778==========
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Here''s another little patch that corrects a couple of silly mistakes.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://shorewall.sf.net
Washington USA \ teastep@shorewall.net
--==========1943392778==========
2003 Jun 17
0
Shorewall 1.4.5
This has been sitting around for a while so I''ve decided to release it.
Problems Corrected:
1) The command "shorewall debug try <directory>" now correctly traces
the attempt.
2) The INCLUDE directive now works properly in the zones file;
previously, INCLUDE in that file was ignored.
3) /etc/shorewall/routestopped records with an empty second column are no
2003 Mar 11
0
Shorewall 1.3.14a
This is a roll up of the following fixes:
* There is an updated rfc1918 file that reflects the resent allocation
of 222.0.0.0/8 and 223.0.0.0/8.
* The documentation for the routestopped file claimed that a
comma-separated list could appear in the second column while the code only
supported a single host or network address.
* Log messages produced by ''logunclean'',
2002 Jul 16
1
Shorewall 1.3.4
Shorewall 1.3.4 is available:
1. A new /etc/shorewall/routestopped file has been added. This file is
intended to eventually replace the routestopped option in the
/etc/shorewall/interface and /etc/ shorewall/hosts files. This new
file makes remote firewall administration easier by allowing any IP
or subnet to be enabled while Shorewall is stopped.
2. An /etc/shorewall/stopped
2002 May 14
3
[Shorewall-users] Redirect loc::80 to fw::3128 not work (fwd)
I''m beginning to believe that the use of the last column in the rules file
to designate redirection/forwarding is too subtle for many users. For 1.3,
I think I''ll do something like the following:
Current rule:
ACCEPT net loc:192.168.1.3 tcp 80 - all
New rule:
FORWARD net loc:192.168.1.3 tcp 80
Current rule:
ACCEPT net fw::3128 tcp 80 - all
New rule:
REDIRECT net
2003 Jul 31
0
Snapshot 1.4.6_20030731
http://shorewall.net/pub/shorewall/Snapshots
ftp://shorewall.net/pub/shorewall/Snapshots
Problems Corrected since version 1.4.6:
1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was
being tested before it was set.
2) Corrected handling of MAC addresses in the SOURCE column of the
tcrules file. Previously, these addresses resulted in an invalid
iptables command.
2002 Jun 17
0
Another 1.3.x Bug
Another bug with similar symptoms to the last one has been found by Renato
Tirol.
The bug fixed by the earlier errata update affects the following options:
dhcp
dropunclean
logunclean
norfc1918
routefilter
multi
filterping
noping
The bug reported by Renato and fixed in the current errata update affects:
routestopped
The new update is available at:
2002 Jul 25
5
Shorewall 1.3.5
This will be the last Shorewall release for a while as I''m going to be
focusing on Documentation.
In this release:
1. Empty and invalid source and destination qualifiers are now detected
in the rules file. It is a good idea to use the ''shorewall check''
command before you issue a ''shorewall restart'' command be be sure
that you don''t