diff --git a/docs/CompiledPrograms.xml b/docs/CompiledPrograms.xml index c8d684714..f3fdf9d04 100644 --- a/docs/CompiledPrograms.xml +++ b/docs/CompiledPrograms.xml @@ -180,11 +180,11 @@ disable startup of Shorewall in your init scripts. For ease of reference, we call this system the 'administrative system'. - The administrative system may be a Windows system running Cygwin or an Apple MacIntosh running OS X. - Install from a shell prompt using the - install.sh script. + The administrative system may be a GNU/Linux system, a Windows + system running Cygwin or + an Apple MacIntosh + running OS X. Install from a shell prompt using the install.sh script. @@ -241,8 +241,10 @@ modify the files in the corresponding export directory - appropriately. It's a good idea to include the IP address of the - administrative system in the just as you would if you were + configuring Shorewall on the firewall system itself). + It's a good idea to include the IP address of the administrative + system in the routestopped file. @@ -283,26 +285,29 @@ cd <export directory> -/sbin/shorewall load -c firewall +/sbin/shorewall load firewall The load command compiles a firewall script from the configuration files in the current working directory (using shorewall compile -e), copies that file to the remote system via scp and - starts Shorewall Lite on the remote system via ssh. The -c option - causes the capabilities of the remote system to be generated and - copied to a file named capabilities in the - export directory. See below. + starts Shorewall Lite on the remote system via ssh. Example (firewall's DNS name is 'gateway'): - /sbin/shorewall load -c gateway + /sbin/shorewall load gateway Although scp and ssh are used by default, you can use other utilities by setting RSH_COMMAND and RCP_COMMAND in /etc/shorewall/shorewall.conf. + + The first time that you issue a load + command, Shorewall will use ssh to run + /usr/share/shorewall-lite/shorecap on the + remote firewall to create a capabilities file in the firewall's + administrative direction. See below. @@ -456,7 +461,7 @@ clean: - You will normally not need to touch + You will normally never touch /etc/shorewall-lite/shorewall-lite.conf unless you run Debian or one of its derivatives (see above). @@ -559,11 +564,11 @@ clean:
Before editing: - CONFIG_PATH=/etc/shorewall:/usr/share/shorewall + CONFIG_PATH=/etc/shorewall:/usr/share/shorewall After editing: - CONFIG_PATH=/usr/share/shorewall/configfiles:/usr/share/shorewall + CONFIG_PATH=/usr/share/shorewall/configfiles:/usr/share/shorewall
Changing CONFIG_PATH will ensure that subsequent compilations @@ -596,14 +601,21 @@ clean:
cd <export directory> -/sbin/shorewall load -c <firewall system> +/sbin/shorewall load <firewall system> Example (firewall's DNS name is 'gateway'): - /sbin/shorewall load -c gateway + /sbin/shorewall load gateway
+ The first time that you issue a load + command, Shorewall will use ssh to run + /usr/share/shorewall-lite/shorecap on the + remote firewall to create a capabilities file in the firewall's + administrative direction. See below. + The load command compiles a firewall script from the configuration files in @@ -640,7 +652,8 @@ clean: scp capabilities <admin system>:<this system's config dir> Or simply use the -c option the next time that you use the - reload command. + reload command (e.g., shorewall reload + -c gateway).