From: Tom E. <te...@sh...> - 2003-07-07 14:15:18
|
Changes since Beta 1: Problems Corrected: 1. Corrected a problem in Beta 1 where DNS names containing a "-" were mis-handled when they appeared in the DEST column of a rule. New Features: 1. The limit of 256 addresses for an address range has been removed. Shorewall now decomposes the range into an optimal set of network/host addresses (see also the 'iprange' command below). 2. An 'ipcalc' command has been added to /sbin/shorewall. ipcalc [ <address> <netmask> | <address>/<vlsm> ] Examples: [root@wookie root]# shorewall ipcalc 192.168.1.0/24 CIDR=192.168.1.0/24 NETMASK=255.255.255.0 NETWORK=192.168.1.0 BROADCAST=192.168.1.255 [root@wookie root]# [root@wookie root]# shorewall ipcalc 192.168.1.0 255.255.255.0 CIDR=192.168.1.0/24 NETMASK=255.255.255.0 NETWORK=192.168.1.0 BROADCAST=192.168.1.255 [root@wookie root]# Warning: If your shell only supports 32-bit signed arithmatic (ash or dash), then the ipcalc command produces incorrect information for IP addresses 128.0.0.0-1 and for /1 networks. Bash should produce correct information for all valid IP addresses. 3) An 'iprange' command has been added to /sbin/shorewall. iprange <address>-<address> This command decomposes a range of IP addressses into a list of network and host addresses. The command can be useful if you need to construct an efficient set of rules that accept connections from a range of network addresses. Note: If your shell only supports 32-bit signed arithmetic (ash or dash) then the range may not span 128.0.0.0. Example: [root@gateway root]# shorewall iprange 192.168.1.4-192.168.12.9 192.168.1.4/30 192.168.1.8/29 192.168.1.16/28 192.168.1.32/27 192.168.1.64/26 192.168.1.128/25 192.168.2.0/23 192.168.4.0/22 192.168.8.0/22 192.168.12.0/29 192.168.12.8/31 [root@gateway root]# 4) A list of host/net addresses is now allowed in an entry in /etc/shorewall/hosts. Example: foo eth1:192.168.1.0/24,192.168.2.0/24 -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ te...@sh... |