Shorewall - "iptables made easy"

 

What is it?

Shorewall is an iptables based firewall that can be used on a dedicated firewall system, a multi-function masquerade gateway/server or on a standalone Linux system. 

This program is free software; you can redistribute it and/or modify it under the terms of Version 2 of the GNU General Public License as published by the Free Software Foundation.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA

Copyright 2001,2002 Thomas M. Eastep < teastep@shorewall.net >
All rights reserved.

News

3/11/2002 - Shorewall 1.2.9 Released

In this version:

bulletFiltering by MAC address has been added. MAC addresses may be used as the source address in:
bulletFiltering rules (/etc/shorewall/rules)
bulletTraffic Control Classification Rules (/etc/shorewall/tcrules)
bulletTOS Rules (/etc/shorewall/tos)
bulletBlacklist (/etc/shorewall/blacklist)
bulletSeveral bugs have been fixed

3/1/2002 - 1.2.8 Debian Package is Available

See http://security.dsi.unimi.it/~lorenzo/debian.html

2/25/2002 - New Two-interface Sample

I've enhanced the two interface sample to allow access from the firewall to servers in the local zone - http://www.shorewall.net/pub/shorewall/LATEST.samples/two-interfaces.tgz

2/23/2002 - Shorewall 1.2.8 Released

Do to a serious problem with 1.2.7, I am releasing 1.2.8. It corrects problems associated with the lock file used to prevent multiple state-changing operations from occuring simultaneously. My apologies for any inconvenience my carelessness may have caused.

2/22/2002 - Shorewall 1.2.7 Released

In this version:

bulletUPnP probes (UDP destination port 1900) are now silently dropped in the common chain
bulletRFC 1918 checking in the mangle table has been streamlined to no longer require packet marking. RFC 1918 checking in the filter table has been changed to require half as many rules as previously.
bulletA 'shorewall check' command has been added that does a cursory validation of the zones, interfaces, hosts, rules and policy files.

More News

Updated 3/10/2002 - Tom Eastep

SourceForge Logo