So, just a notification to everyone that version 1.1.7 of the tutorial will be
released tonight. I feel awkward for telling everyone that it should be available now,
now, now.... and now. I promised that the tutorial should be available in a new
version before christmas the first time, but I have had a ton of fixes, problems
etcetera to get around to, and not very much time to work with. So, now it should be
available in a few hours with a few modifications to the ChangeLog.
For those who are mirroring, the whole mirroring process has been totally changed by
now. Everything is now available in a special tarball that will be available from the
site. The cron script will automatically download this, set a few variables, unpack
the packet and extract the files to a temporary directory. After this, it will execute
a bash script available within the actual tutorial, which will take care of the rest
of the work (doing changes within the tutorial, move files from temporary dir to the
actual http directory and so on).
I have made it this way since the currently used script required tweaking from every
single version of the tutorial to the other, not a good thing. Hopefully this will
require much less work on your behalf.
As it is now though, the scripts are 100%, and I am aware of it. First of all, the
scripts require privileges to your http directories, temp directories and so on,
nothing special in other words. Also, the scripts are currently unable to actually do
the sed commands they are supposed to do, I am working on it, but it's taken such a
damn time anyways to work this out, so I will let it be there until the next version
of the tutorial. It will hopefully not screw things up too much for now (ie, everyone
downloads the scripts from the main site, even though they go to the mirror site).
The whole page has been restructured to include separate index.html files for each
project, which will make life easier for those mirroring only one or two of the
projects (ie, the iptables tutorial). I should have done this from the beginning, but
never got around to it until now. They look the same, work the same, etcetera, but
they are now freestanding. This page will be used for a few notes to the public on
what is happening, and what not to do etcetera.
As for linuxsecurity.com and netfilter mailing list people, I've asked the people
sending me mail with pure questions to contact you and the netfilter mailing list
first hand. If you find something that comes there due to an error in the tutorial
itself, contact me with the error/bug/disinformation/whatever and I will get onto it
ASAP.
These are the current release notes for the tutorial:
This version of the tutorial got out really really late, however I hope noone took
offence (even though I promised a few of you that I should have it released before
christmas). I have had a lot of problems, but I think most of them are ironed out by
now. One note for those reading the PDF version of the tutorial, there are some
problems with the double hyphens (ie, --) looks a little scrambled (they look like a
single hyphen) unless you look closer at them. I will have this fixed for the next
version, I hope. Thanks to Thomas Ockens for pointing this out to me, I will get onto
it (unless it requires some huge change or another).
For all of those that mails me and ask questions that are not strictly related to the
actual tutorial, I would like to ask you to stop mailing me and ask me to look through
your scripts and so on. If you have found a bug or error in the tutorial, or want to
contribute, you are more than welcome, however, I get between 20 and 70 mail per week
as it is now asking questions on everything from "how do I do this" to "why doesn't my
iptables setup let xxx through to xxx" or "Want to see me nude". Anything like this
will in the future be either sent to /dev/null, or forwarded to the netfilter mailing
list which you can reach at netfilter at lists.samba.org. For more information on
this, visit the netfilter official homepage. I will, of course, try to monitor the
mailing list as intensely as I can, and I am sure that the awfully nice people over
there will help me out by pointing out any mistakes I have done here if you find
shortcomings and point them out there. I also got a generous offer from the equally
nice people at linuxsecurity.com to do this screening if you send mail to their
mailing list at [EMAIL PROTECTED] Both are fairly large, and should
be able to help you much much better than I can.
Also of some interest for those who has read this tutorial previously, this tutorial
has been fairly re-organized. If anyone has some good suggestions on the new
structure, or if they think there would be another way to structure it to get a better
flow in it, I would gladly listen to them. If there is any other suggestions(broken
links, general problems, you name it), send a mail to me at the listed mail adress.
I would also like to congratulate myself in a sense(sometimes, I am a selfish bastard)
since this tutorial has now had over 1.2 million hits. Also, I would like to give a
huge thanks to Ericsson Radio Access for their generous contribution to this project.
Thanks to them, I now have a fully functional labb network.
NOTE: If you feel like mirroring this tutorial, please tell me about it so I can tell
people about your mirror. This way it is possible for me to get some of the traffic
off this server which may get heavily overloaded. Also note the cron script that will
help you to do automatic updates of the tutorial.
This is the ChangeLog entry for the last version of the tutorial:
1.1.7
* Fixed bad explanation of the --destination match. (Parimi Ravi
<[EMAIL PROTECTED]>)
* Fixed bad cut'n'paste from last version in the rc.firewall.txt file (Phil Schultz
<[EMAIL PROTECTED]>)
* Fixed bad explanation of ip_conntrack_* in "explanation of rc.firewall" chapter.
(Steven McClintoc <[EMAIL PROTECTED]>)
* Added explanation of ip_nat_* in "explanation of rc.firewall" chapter. (Phil Schultz
<[EMAIL PROTECTED]> and Steven McClintoc <[EMAIL PROTECTED]>)
* Added explanation of ip_nat_* in "Passive FTP but no DCC" appendix. (Phil Schultz
<[EMAIL PROTECTED]> and Steven McClintoc <[EMAIL PROTECTED]>)
* Clarified explanation of the MASQUERADE target in the "NAT table" section (Steven
McClintoc <[EMAIL PROTECTED]>)
* Added rule to accept DHCP requests in the rc.DHCP.firewall.txt script. (Bill Dossett
<[EMAIL PROTECTED]>)
* Rearranged the variables in the rc.DHCP.firewall.txt and added comments. (Bill
Dossett <[EMAIL PROTECTED]>)
* Added variables for DHCP servers. (Bill Dossett <[EMAIL PROTECTED]>)
* Added PPPOE_PMTU option to the rc.DHCP.firewall.txt and comments as well as rewrote
that rule.
* Organized the rc.DHCP.firewall.txt script in a better fashion.
* Organized the rc.firewall.txt script in the same fashion as rc.DHCP.firewall.txt.
* SGML'ized the GPL document (Should be sent off to FSF for verification).
* Inserted the SGML'ized GPL document instead of the ascii version.
* Fixed the History section (update forgotten previous version).
* Added new mirrors target to the Makefile. (Dave Wreski <[EMAIL PROTECTED]>)
* Started restructuring the tutorial, breaking it down into chapters and appendices.
* Finished the restructure after a christmas vacation. (2 january 2002)
* Finished the --mac-source match explanation.
* Fixed a better solution for mirroring (Dave Wreski <[EMAIL PROTECTED]>)
* Added explanations to the mark match.
* Added explanations to the limit match.
* Fixed tcp_packets chains in all scripts (Erik Sj�lund <[EMAIL PROTECTED]>)
* Fixed all script links in the tutorial.
* Fixed description of TTL target and MANGLE table in traversing_of_tables_and_chains.
(???)
* Fixed loaded modules a bit in rc.firewall.txt (Adam Mansbridge
<[EMAIL PROTECTED]>)
* Added new site to other resources (Vasoo Veerapen <[EMAIL PROTECTED]>)
* Fixed non-working local DNS's, possibly others, with 2 new rules in all scripts
(INPUT chain) ("Aladdin" <[EMAIL PROTECTED]>)
* Added better explanation of passive and active FTP in common problems and
questionmarks
* Fixed all scripts to do ip spoofing checks in bad_tcp_packets (Rusty Russell)
* Checked through everything in the rc.firewall.txt so it runs smoothly at least.
* Fixed a ton of error messages that came up in the process of completing this version
of the tutorial.
* Added Multiport match explanation in how a rule is built.
* Added Owner match explanation in how a rule is built.
* Added State match explanation in how a rule is built.
* Fixed paragraphs in the how a rule is built chapter.
* Added TOS match explanation in how a rule is built.
* Finished the Explicit matches section for now.
* Added generic explanation of targets/jumps section.
* Fixed a set of bugs in the Makefile.
* Fixed the change.sh script a bit, requires 3 variables to be known now.
If there is any problems in there that you see, contact me ASAP and I'll get onto it.
Have a nice day,
Oskar Andreasson
http://www.boingworld.com
http://people.unix-fu.org/andreasson/
mailto: [EMAIL PROTECTED]
