Description of problem: currently available version is very out of date. Also, current RPM does not package the sample configurations, which should be packaged as part of the documentation (they are in the tarball) Version-Release number of selected component (if applicable): shorewall-2.4.6-1.fc4 How reproducible: every time Steps to Reproduce: 1. yum install shorewall 2. 3. Actual results: Expected results: Additional info:
Correct, I will be adding the sample configurations on the next update. The FC5 extras reporsitory has the latest 3.0.4 release, I have not upgraded the FC4 version because 3.0.x version is not a direct replacement for 2.4.x, configuration files format has been changed and others have been removed. The shorewall relase notes says that the old configuration is being supported only if the shorewall.conf is not udpated to the new format. This can be a problem if someone installed the 2.4.x RPM and never modified the shorewall.conf file, It will simply will be replaced with the 3.0.x version. What are you experiences upgrading to 3.0 without modifing 2.4.x files?
OK, understood. I have seen packages that move old config files out of the way when this happens, alerting the user to the fact (i.e. foo.cong -> foo.conf.rpmsave by postun), but that could be tricky here - people's firewall could break and they wouldn't notice. Not sure what the best plan of attack would be. Perhaps making a shorewall3 package available for FC4? I haven't tried upgrading to 3 keeping the 2.4 files. Rather I installed 2.4, and then began editing the files according to the 3.0 documentation, which obviously didn't work, and then I noticed the package was the older version. When I find some time I may try installing the FC5 package over the 2.4 package and see what breaks. Stands to reason it won't work tho.
After testing the upgrade from 2.4.x to 3.0.x on two diferent servers with diferent shorewall configurations, everything worked as spected using the backwards compatibility of shorewall, to use the new features, the configuration files will need to be updated