File: NEWS.Debian

package info (click to toggle)
shorewall 3.2.6-2
  • links: PTS
  • area: main
  • in suites: etch, etch-m68k
  • size: 1,508 kB
  • ctags: 288
  • sloc: sh: 12,774; makefile: 66
file content (129 lines) | stat: -rw-r--r-- 4,901 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
 
shorewall (3.2.4-1) unstable; urgency=low

  * This is a major release of Shorewall that introduces some changes in
    the configuration files. You have to check carefully your
    configuration before restarting your firewall to avoid failures and
    network blackout. The changes are listed in
    /usr/share/doc/shorewall/releasenotes.txt.gz
  
 -- Lorenzo Martignoni <martignlo@debian.org>  Sun, 15 Oct 2006 19:16:02 +0200

shorewall (3.0.4-1) unstable; urgency=low

  * The init script now performs "shorewall clear" instead of "shorewall
    stop" when invoked with argment "stop" in order to clear all the rules
    and set the default policy to ACCEPT. Previously, using the "stop"
    command, all rules were cleared but the default policy was set to
    DROP.
  
 -- Lorenzo Martignoni <martignlo@debian.org>  Fri,  6 Jan 2006 17:29:28 +0100

shorewall (3.0.1-1) unstable; urgency=low

  * This is a major release of Shorewall that introduces some changes in
    the configuration files. You have to check carefully your
    configuration before restarting your firewall to avoid failures and
    network blackout. The changes are listed in
    /usr/share/doc/shorewall/releasenotes.txt.gz
  
  * README.Debian has also been updated with information for the
    prevention of log messages flood on the system console.

 -- Lorenzo Martignoni <martignlo@debian.org>  Wed, 23 Nov 2005 22:01:56 +0100

shorewall (2.2.0-1) unstable; urgency=low

  * This is a major release of Shorewall that introduces some changes in
    the configuration files. You have to check carefully your
    configuration before restarting your firewall to avoid failures and
    network blackout. The changes are listed in
    /usr/share/doc/shorewall/releasenotes.txt.gz.
  
 -- Lorenzo Martignoni <lorenzo.martignoni@poste.it>  Fri, 11 Feb 2005 00:10:43 +0100

shorewall (2.0.12-1) unstable; urgency=low

  * The package contains a new script called update-bogons. It can be used
    to automatically update bogons blacklist. For more information please
    read /usr/share/doc/shorewall/README.Debian (point 3).

 -- Lorenzo Martignoni <lorenzo.martignoni@poste.it>  Sat,  4 Dec 2004 20:46:56 +0100

shorewall (2.0.0-5) unstable; urgency=low

  * The function of 'norfc1918' is now split between that option and a new
    'nobogons' option.
  
    The rfc1918 file released with Shorewall now contains entries for only
    those three address ranges reserved by RFC 1918. A 'nobogons'
    interface option has been added which handles bogon source addresses
    (those which are reserved by the IANA, those reserved for DHCP
    auto-configuration and the class C test-net reserved for testing and
    documentation examples). This will allow users to perform RFC 1918
    filtering without having to deal with out of date data from
    IANA. Those who are willing to update their
    /usr/share/shorewall/bogons file regularly can specify the 'nobogons'
    option in addition to 'norfc1918'.

    The level at which bogon packets are logged is specified in the new
    BOGON_LOG_LEVEL variable in shorewall.conf. If that option is not
    specified or is specified as empty (e.g, BOGON_LOG_LEVEL="") then
    bogon packets whose TARGET is 'logdrop' in /usr/share/shorewall/bogons
    are logged at the 'info' level.

  * Support for Bridging Firewalls has been added.

  * Support for NETMAP has been added. NETMAP allows NAT to be defined
    between two network:

	   a.b.c.1    -> x.y.z.1
	   a.b.c.2    -> x.y.z.2
	   a.b.c.3    -> x.y.z.3
	   ...	   

  * The /sbin/shorewall program now accepts a "-x" option to cause
    iptables to print out the actual packet and byte counts rather than
    abbreviated counts such as "13MB".

    Commands affected by this are:

	    shorewall -x show [ <chain>[ <chain> ...] ]
	    shorewall -x show tos|mangle
	    shorewall -x show nat
	    shorewall -x status
	    shorewall -x monitor [ <interval> ]

  * Shorewall now traps two common zone definition errors:

    - Including the firewall zone in a /etc/shorewall/hosts record.
    - Defining an interface for a zone in both /etc/shorewall/interfaces
      and /etc/shorewall/hosts.

    In the second case, the following will appear during "shorewall
    [re]start" or "shorewall check":

    Determining Hosts in Zones...
      ...
      Error: Invalid zone definition for zone <name of zone>
    Terminated

  * To support bridging, the following options have been added to entries
    in /etc/shorewall/hosts:

	   norfc1918
	   nobogons
	   blacklist
	   tcpflags
	   nosmurfs
	   newnotsyn

    With the exception of 'newnotsyn', these options are only useful when
    the entry refers to a bridge port.

    Example:
   
    #ZONE   HOST(S)	OPTIONS
    net	   br0:eth0	norfc1918,nobogons,blacklist,tcpflags,nosmurfs

 -- Lorenzo Martignoni <lorenzo.martignoni@poste.it>  Fri, 15 Oct 2004 15:41:01 +0200