Shoreline Firewall is an iptables-based firewall for Linux systems
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.
- Developed at security:netfilter
- Sources inherited from project openSUSE:Factory
-
2
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout home:seife:Factory/shorewall && cd $_ - Create Badge
Refresh
Refresh
Source Files
| Filename | Size | Changed |
|---|---|---|
| README.openSUSE | 0000000879 879 Bytes | |
| init-4.4.14.patch | 0000000966 966 Bytes | |
| install-4.4.14.patch | 0000000509 509 Bytes | |
| shorewall-4.4.22.rpmlintrc | 0000000682 682 Bytes | |
| shorewall-4.4.27.2.tar.bz2 | 0000444202 434 KB | |
| shorewall-docs-html-4.4.27.2.tar.bz2 | 0003792148 3.62 MB | |
| shorewall-init-4.4.21_init_sh.patch | 0000000656 656 Bytes | |
| shorewall-init-4.4.27.2.tar.bz2 | 0000072330 70.6 KB | |
| shorewall-lite-4.4.14.init.patch | 0000000629 629 Bytes | |
| shorewall-lite-4.4.27.2.tar.bz2 | 0000104722 102 KB | |
| shorewall.changes | 0000037299 36.4 KB | |
| shorewall.spec | 0000016722 16.3 KB | |
| shorewall6-4.4.27.2.tar.bz2 | 0000221259 216 KB | |
| shorewall6-init-4.4.14.patch | 0000000684 684 Bytes | |
| shorewall6-lite-4.4.14.init.patch | 0000000629 629 Bytes | |
| shorewall6-lite-4.4.27.2.tar.bz2 | 0000103307 101 KB |
Revision 16 (latest revision is 125)
Stephan Kulow (coolo)
accepted
request 100354
from
Togan Muftuoglu (toganm)
(revision 16)
- Update to 4.4.27.2. For more details see changelog.txt and
releasenotes.txt
* A long-standing problem with Shorewall's 'save' facility has
been discovered. The defect can cause rules to be dropped during
'save' so that they are not available to be reapplied during
'restore'. This can occur in 'safe-restart' when the prompt is
not acknowledged or when it is acknowledged with 'n'.
The problem can occur when:
a) There are IPSEC zones or hosts present; and
b) GOTO Target support is available in the kernel and
iptables.
Example of rule that will be dropped:
-A eth2_fwd -m policy --dir in --pol ipsec -g AAA_frwd
The defective code has been corrected so that rules are no
longer dropped.
- Update to 4.4.27.1. For more details see changelog.txt and
releasenotes.txt
* When optimization category 4 is used, unconditional jumps at
the end of chains are replaced with the rules in the target
chain. This can result in rulesets that are considerably larger
than necessary. Beginning with this release, replacement will
only occur if:
a) The jump is the only reference to the target chain; or
b) The target chain contains 3 or less rules.
* The feature introduced in 4.4.25 that allowed provider names in
the 'enable' and 'disable' commands was only implemented for
'enable'. It is now implemented for 'disable' as well.
* When detecting IPv6 global addresses through an interface,
Comments 0