Shorewall Download
2020-09-13
Contents
- Package Information
- Distribution-specific Download Sites
- Standard Download Sites
- Finding Updates that Correct Known Problems
Package Information
Before trying to install, we strongly urge you to read and print a copy of the Shorewall QuickStart Guide for the configuration that most closely matches your own.
The documentation in both XML and HTML formats is available for download from the Download Sites listed below.
NOTICE: There are four current Shorewall Release Series:
- The STABLE release series is 5.2. Choose this release if you value stability and good documentation.
- The prior STABLE release series is 5.1. We release updates to this series to correct problems but usually don't make enhancements to it.
- The old prior STABLE release series is 5.0. We release updates to this series to correct problems but usually don't make enhancements to it.
- The Development release is generally a 5.2.x Beta; see the Home Page. Chose this release if you want to help shake out the next Shorewall stable release. The Developement release is found in the 'development/5.2' directory on the download sites.
For additional information, see this article about the Shorewall Release Model.
In Shorewall version 4.5.*, the common Shell libraries were segregated into a separate Shorewall-core package. With Shorewall 4.5 onward, there are six packages:
- Shorewall-core --
Required to install Shorewall, Shorewall6, Shorewall-lite or
Shorewall6-lite.
- Shorewall -- Together with Shorewall-core, includes everything needed to create an IPv4 firewall.
- Shorewall6 -- Requires the Shorewall package and adds the capability to create an IPv6 firewall.
- Shorewall-lite -- a light-weight Shorewall version that will run compiled firewall scripts generated on a system with Shorewall installed.
- Shorewall6-lite -- a light-weight Shorewall6 version that will run compiled firewall scripts generated on a system with Shorewall6 installed.
- Shorewall-init -- an
add-on to any of the above packages that allows the firewall
state to be altered in reaction to interfaces coming up and
going down. Where Upstart
is not being used, this package can also be configured to place
the firewall in a safe state prior to bringing up the network
interfaces.
In Shorewall version 4.4.*, the Shorewall-common, Shorewall-shell and Shorewall-perl packages are discontinued and replaced with a single Shorewall package which combines the functions of Shorewall-common and Shorewall-perl. The shell-based compiler is retired. With Shorewall 4.4, there are five packages:
- Shorewall -- Includes everything needed to create an IPv4 firewall.
- Shorewall6 -- Requires the Shorewall package and adds the capability to create an IPv6 firewall.
- Shorewall-lite -- a light-weight Shorewall version that will run compiled firewall scripts generated on a system with Shorewall installed.
- Shorewall6-lite -- a light-weight Shorewall6 version that will run compiled firewall scripts generated on a system with Shorewall6 installed.
- Shorewall-init -- an add-on to any of the above packages that allows the firewall state to be altered in reaction to interfaces coming up and going down. Where Upstart is not being used, this package can also be configured to place the firewall in a safe state prior to bringing up the network interfaces.
In Shorewall version 4.2.*, there are six packages:
- Shorewall-shell -- the legacy Shorewall configuration compiler written in Bourne Shell. Not recommended for new installations.
- Shorewall-perl -- an implementation of the Shorewall configuration compiler written in the Perl programming language. This compiler is much faster than Shorewall-shell and produces a firewall script that runs faster. It is the preferred compiler for new Shorewall installations.
- Shorewall-common -- A base package required by both Shorewall-shell and Shorewall-perl.
- Shorewall-lite -- a light-weight Shorewall version that will run compiled firewall scripts generated on a system with one of the compiler packages installed.
- Shorewall6 -- Provides /sbin/shorewall6 for controlling an IPv6 firewall. Requires Shorewall-common and Shorewall-perl, 4.2.4 or later.
- Shorewall6-lite -- a light-weight Shorewall6 version that will run compiled firewall scripts generated on a system with Shorewall6 installed.
To summarize:
- If you are installing Shorewall 4.4 or later:
- On at least one system in your network, you must install the Shorewall package. If you need IPv6 firewalls then you must also install the Shorewall6 package.
- If you have a single firewall, then that system should be your firewall system.
- If you have more than one firewall, you may wish to install Shorewall (and possibly Shorewall6) on a single administrative system and install Shorewall-lite and/or Shorewall6-lite on the firewalls. Doing so will allow for centralized administration and configuration of the firewalls.
- If you are installing Shorewall 4.2 or earlier:
- On at least one system in your network, you must install one or both of the compilers (Shorewall-shell and/or Shorewall-perl; Shorewall-perl is highly recommended), the Shorewall-common package and possibly the Shorewall6 package.
- If you only have a single firewall, then that system should be your firewall system.
- If you have more than one firewall, you may wish to install one or both of the compilers on a single administrative system and install Shorewall-lite and/or Shorewall6-lite on the firewalls. Doing so will allow for centralized administration and configuration of the firewalls.
- When RPM is used to install Shorewall, the compiler (shorewall-shell and/or shorewall-perl) and shorewall-common must be installed in a single execution of the rpm utility.
Here are the installation instructions.
Distribution-specific Download Sites
Once you've printed the appropriate QuickStart Guide, download the appropriate Packages:
If you want to install using a tarball (no compilation required) then use the Standard Sites.
If you run Debian and would like a .deb package, Shorewall is included in the Debian Stable Branch, the Debian Testing Branch and the Debian Unstable Branch.
Additionally, packages for the current Debian stable release are available from the package maintainer's personal page. Those packages are almost always more up-to-date than the ones in the Debian Stable Branch.
- Simon Matter provides RPMs tailored for Redhat and Fedora. You can download them from his site.
- jMCg provides a package for Arch Linux. You can download it from the Arch Linux site
-
If you run LEAF/Bering or one if it's derivatives, you can download a .lrp file from the Leaf site.
From the LEAF Bering-uClibc Team:
We try to provide the latest stable version shortly after release, but we also want to do some internal tests before making it available. So we may be behind sometimes. But better be sure that the new version is running on LEAF, than being too fast...
I know it's not obvious for newbies where to find the lrp on our pages.
Shorewall packages are on the packages page:
They are also available from the Git repository:
http://leaf.git.sourceforge.net/git/gitweb.cgi?p=leaf/packages;a=summary
- Shorewall packages for Slackware are available at http://slackbuilds.org/result/?search=shorewall&sv=.
You will probably also want to download the HTML version of the documentation for easy reference.
Standard Download Sites
Use the sites below to download the tarball, the documentation and the standard RPM for SUSE (Beginning with Shorewall 5.0.10, the RPMs assume that systemd is used).
Packages are GPG signed and checksummed, please verify the integrity of the files using our public key https://shorewall.org/shorewall.gpg.key
Note that each of the tarballs are available in both tgz and tar.bz2 compression format.
| SERVER LOCATION | DOMAIN | HTTPS | RSYNC |
|---|---|---|---|
| Helsinki, Finland | Shorewall.org | Browse | Rsync |
| Bratislava, Slovakia | Slovakia.shorewall.org | Browse | |
| Czech republic | Shorewall.cz | Browse | |
| Germany | De.shorewall.org | Browse |
