extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-20 05:11:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

FAQ update

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-08-25 08:10:26 -07:00
parent 7208464c68
commit 000c478ef7
1 changed files with 21 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
docs/FAQ.xml
View File

@ -1927,12 +1927,15 @@ Dec 15 16:47:30 heath-desktop last message repeated 2 times</programlisting>
stop</quote>, I can't connect to anything. Why doesn't that command stop</quote>, I can't connect to anything. Why doesn't that command
work?</title> work?</title>
<para><emphasis role="bold">Answer:</emphasis> The <quote> <para><emphasis role="bold">Answer:</emphasis> The
<command>stop</command> </quote> command is intended to place your <command>stop</command> command places the firewall in a safe state;
firewall into a safe state whereby only those hosts listed in connections that are allowed are governed by the setting of
<filename>/etc/shorewall/routestopped</filename> are allowed. If you ADMINISABSENTMINDED in <ulink
want to totally open up your firewall, you must use the <quote> url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5) and the
<command>shorewall[-lite] clear</command> </quote> command.</para> contents of <ulink
url="manpages/shorewall-routestopped.html">shorewall-routestopped</ulink>
(5). To totally open the firewall, use the <command>clear</command>
command.</para>
</section> </section>
<section id="faq9"> <section id="faq9">
@ -2009,7 +2012,8 @@ Creating input Chains...
<filename>/usr/share/shorewall[-lite]/modules</filename> to <filename>/usr/share/shorewall[-lite]/modules</filename> to
<filename>/etc/shorewall/modules </filename>and modify the copy to <filename>/etc/shorewall/modules </filename>and modify the copy to
include only the modules that you need. An alternative is to set include only the modules that you need. An alternative is to set
LOAD_HELPERS_ONLY=Yes in shorewall.conf.</para> LOAD_HELPERS_ONLY=Yes in <ulink
url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5).</para>
</section> </section>
<section id="faq68"> <section id="faq68">
@ -2656,6 +2660,10 @@ if [ $kernel -lt <emphasis role="bold">20624</emphasis> ]; then
status=2 status=2
else else
</programlisting> </programlisting>
<para>Update: The above logic is found in
<filename>/usr/share/shorewall/prog.footer</filename> in later
Shorewall releases.</para>
</section> </section>
</section> </section>
@ -2747,8 +2755,12 @@ else
behind the firewall, I get <quote>operation not permitted</quote>. How behind the firewall, I get <quote>operation not permitted</quote>. How
can I use nmap with Shorewall?"</title> can I use nmap with Shorewall?"</title>
<para><emphasis role="bold">Answer:</emphasis> Temporarily remove and <para><emphasis role="bold">Answer:</emphasis> Temporarily remove any
rejNotSyn, dropNotSyn and dropInvalid rules from <emphasis role="bold">rejNotSyn</emphasis>, <emphasis
role="bold">dropNotSyn</emphasis>, <emphasis
role="bold">dropInvalid</emphasis>, <emphasis
role="bold">NotSyn(...)</emphasis> and <emphasis
role="bold">Invalid(...)</emphasis> rules from
<filename>/etc/shorewall/rules</filename> and restart Shorewall.</para> <filename>/etc/shorewall/rules</filename> and restart Shorewall.</para>
</section> </section>