Remove 'check' command

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@472 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-01-15 10:08:43 +01:00 · 2003-02-25 19:24:41 +00:00 · 2003-02-25 19:24:41 +00:00 · 15607eeb96
commit 15607eeb96
parent 27318e6785
9 changed files with 6116 additions and 6081 deletions
--- a/Shorewall-docs/Documentation.htm
+++ b/Shorewall-docs/Documentation.htm
--- a/Shorewall-docs/Install.htm
+++ b/Shorewall-docs/Install.htm
@ -51,16 +51,16 @@
      <li>Install the RPM (rpm -ivh &lt;shorewall rpm&gt;).<br>
      <br>
      <b>Note: </b>Some SuSE users have encountered a problem whereby rpm 
-reports  a    conflict with kernel &lt;= 2.2 even though a 2.4 kernel is
+reports  a    conflict with kernel &lt;= 2.2 even though a 2.4 kernel is installed.
-installed.  If this    happens, simply use the --nodeps option to rpm (rpm
+ If this    happens, simply use the --nodeps option to rpm (rpm -ivh --nodeps
-ivh --nodeps  &lt;shorewall    rpm&gt;).</li>
+ &lt;shorewall    rpm&gt;).</li>
      <li>Edit the <a href="#Config_Files"> configuration files</a> to match 
 your configuration. <font color="#ff0000"><b>WARNING - YOU CAN <u>NOT</u> 
 SIMPLY INSTALL THE RPM  AND ISSUE A "shorewall start" COMMAND. SOME CONFIGURATION 
 IS REQUIRED BEFORE THE  FIREWALL WILL START. IF YOU ISSUE A "start" COMMAND 
- AND THE FIREWALL FAILS TO  START, YOUR SYSTEM WILL NO LONGER ACCEPT ANY
+ AND THE FIREWALL FAILS TO  START, YOUR SYSTEM WILL NO LONGER ACCEPT ANY NETWORK
-NETWORK  TRAFFIC. IF THIS HAPPENS,  ISSUE A "shorewall clear" COMMAND TO
+ TRAFFIC. IF THIS HAPPENS,  ISSUE A "shorewall clear" COMMAND TO RESTORE
-RESTORE NETWORK  CONNECTIVITY.</b></font></li>
+NETWORK  CONNECTIVITY.</b></font></li>
      <li>Start the firewall by typing "shorewall start"</li>
 </ul>
@ -99,23 +99,23 @@ directory&gt;</li>
 disk, simply replace the "shorwall.lrp" file on the image with the file that 
 you downloaded. See the <a href="two-interface.htm">two-interface QuickStart 
 Guide</a> for information about further steps required.</p>
 <p><a name="Upgrade_RPM"></a>If you already have the Shorewall RPM installed 
 and are upgrading to a new version:</p>
-<p>If you are upgrading from a 1.2 version of Shorewall to a 1.3 version
+<p>If you are upgrading from a 1.2 version of Shorewall to a 1.4 version
-and you  have entries in the /etc/shorewall/hosts file then please check
+or and you  have entries in the /etc/shorewall/hosts file then please check 
 your  /etc/shorewall/interfaces file to be sure that it contains an entry 
-for each  interface mentioned in the hosts file. Also, there are certain
+for each  interface mentioned in the hosts file. Also, there are certain 1.2
-1.2 rule forms  that are no longer supported under 1.3 (you must use the
+rule forms  that are no longer supported under 1.4 (you must use the new
-new 1.3 syntax). See <a href="errata.htm#Upgrade">the upgrade issues </a>for
+1.4 syntax). See <a href="errata.htm#Upgrade">the upgrade issues </a>for details.</p>
 details. You can check your rules and  host file for 1.3 compatibility using
 the "shorewall check" command after  installing the latest version of 1.3.</p>
 <ul>
-     <li>Upgrade the RPM (rpm -Uvh &lt;shorewall rpm file&gt;) <b>Note: </b>If
+      <li>Upgrade the RPM (rpm -Uvh &lt;shorewall rpm file&gt;) <b>Note:
- you     are installing version 1.2.0 and have one of the 1.2.0 Beta RPMs
+    </b>If  you     are installing version 1.2.0 and have one of the 1.2.0
-installed,     you must use the "--oldpackage" option to rpm (e.g., "rpm
+Beta RPMs installed,     you must use the "--oldpackage" option to rpm (e.g.,
-    -Uvh --oldpackage shorewall-1.2-0.noarch.rpm").             
+"rpm     -Uvh --oldpackage shorewall-1.2-0.noarch.rpm").                
    <p>   <b>Note: </b>Some SuSE users have encountered a problem whereby 
 rpm reports a    conflict with kernel &lt;= 2.2 even though a 2.4 kernel 
 is installed. If this    happens, simply use the --nodeps option to rpm (rpm 
@ -123,24 +123,21 @@ is installed. If this    happens, simply use the --nodeps option to rpm (rpm
        </p>
     </li>
     <li>See if there are any incompatibilities between your configuration
-and the    new Shorewall version (type "shorewall check") and correct as necessary.</li>
+ and the    new Shorewall version and correct as necessary.</li>
      <li>Restart the firewall (shorewall restart).</li>
 </ul>
-<p><a name="Upgrade_Tarball"></a>If you already have Shorewall installed
+<p><a name="Upgrade_Tarball"></a>If you already have Shorewall installed and
-and are upgrading to a new version using the tarball:</p>
+are upgrading to a new version using the tarball:</p>
 <p>If you are upgrading from a 1.2 version of Shorewall to a 1.3 version
 and you  have entries in the /etc/shorewall/hosts file then please check
 your  /etc/shorewall/interfaces file to be sure that it contains an entry
 for each  interface mentioned in the hosts file.  Also, there are certain
 1.2 rule  forms that are no longer supported under 1.3 (you must use the
 new 1.3 syntax).  See <a href="errata.htm#Upgrade">the upgrade issues</a>
 for details. You can check your rules  and host file for 1.3 compatibility
 using the "shorewall check" command after  installing the latest version
 of 1.3.</p>
 <p>If you are upgrading from a 1.2 version of Shorewall to a 1.4 version and
 you  have entries in the /etc/shorewall/hosts file then please check your
 /etc/shorewall/interfaces file to be sure that it contains an entry for
 each  interface mentioned in the hosts file.  Also, there are certain 1.2
 rule  forms that are no longer supported under 1.4 (you must use the new
 1.4 syntax).  See <a href="errata.htm#Upgrade">the upgrade issues</a> for
 details. </p>
 <ul>
  <li>unpack the tarball (tar -zxf shorewall-x.y.z.tgz).</li>
      <li>cd to the shorewall directory (the version is encoded in the  
@ -159,57 +156,27 @@ or  /etc/init.d then type             "./install.sh"</li>
      <li>For other distributions, determine where your             distribution 
 installs init scripts and type             "./install.sh &lt;init script 
 directory&gt;</li>
-     <li>See if there are any incompatibilities between your configuration
+      <li>Check your configuration for incompatibility with 1.4 as described
- and the    new Shorewall version (type "shorewall check") and correct as
+above.<br>
-necessary.</li>
+  </li>
      <li>Restart the firewall by typing "shorewall restart"</li>
 </ul>
-         <a name="LRP_Upgrade"></a>If you already have a running Bering installation
+          <a name="LRP_Upgrade"></a>If you already have a running Bering
-and wish to upgrade to a later version of Shorewall:<br>
+installation and wish to upgrade to a later version of Shorewall:<br>
 <br>
     <b>UNDER CONSTRUCTION...</b><br>
 <h3><a name="Config_Files"></a>Configuring Shorewall</h3>
-<p>You will need to edit some or all of these configuration files to match
+<p>You will need to edit some or all of the configuration files to match 
- your  setup. In most cases, the <a
+your  setup. In most cases, the <a href="shorewall_quickstart_guide.htm">Shorewall
- href="shorewall_quickstart_guide.htm">Shorewall   QuickStart Guides</a>
+  QuickStart Guides</a> contain all of the information you need.</p>
 contain all of the information you need.</p>
 <ul>
     <li>/etc/shorewall/shorewall.conf - used to set several firewall   
     parameters.</li>
     <li>/etc/shorewall/params - use this file to set shell variables that
 you will     expand in other files.</li>
     <li>/etc/shorewall/zones - partition the firewall's view of the world 
        into <i>zones.</i></li>
     <li>/etc/shorewall/policy - establishes firewall high-level policy.</li>
     <li>/etc/shorewall/interfaces - describes the interfaces on the    
    firewall system.</li>
     <li>/etc/shorewall/hosts - allows defining zones in terms of individual 
         hosts and subnetworks.</li>
   <li>/etc/shorewall/maclist - verification of the MAC addresses of devices.<br>
   </li>
     <li>/etc/shorewall/masq - directs the firewall where to use many-to-one 
         (dynamic) NAT a.k.a. Masquerading.</li>
     <li>/etc/shorewall/modules - directs the firewall to load kernel modules.</li>
     <li>/etc/shorewall/rules - defines rules that are exceptions to the
        overall policies established in /etc/shorewall/policy.</li>
     <li>/etc/shorewall/nat - defines static NAT rules.</li>
     <li>/etc/shorewall/proxyarp - defines use of Proxy ARP.</li>
     <li>/etc/shorewall/routestopped (Shorewall 1.3.4 and later) - defines
 hosts    accessible when Shorewall is stopped.</li>
     <li>/etc/shorewall/tcrules - defines marking of packets for later use
 by     traffic control/shaping.</li>
     <li>/etc/shorewall/tos - defines rules for setting the TOS field in
 packet          headers.</li>
     <li>/etc/shorewall/tunnels - defines IPSEC tunnels with end-points on 
        the firewall system.</li>
     <li>/etc/shorewall/blacklist - lists blacklisted IP/subnet/MAC addresses.</li>
 </ul>
-     
+<p><font size="2">Updated 1/24/2003 - <a href="support.htm">Tom Eastep</a> 
 <p><font size="2">Updated 1/30/2003 - <a href="support.htm">Tom Eastep</a>
 </font></p>
 <p><a href="copyright.htm"><font size="2">Copyright</font>   © <font
@ -217,5 +184,6 @@ packet          headers.</li>
     <br>
   <br>
  <br>
 <br>
 </body>
 </html>
--- a/Shorewall-docs/News.htm
+++ b/Shorewall-docs/News.htm
--- a/Shorewall-docs/configuration_file_basics.htm
+++ b/Shorewall-docs/configuration_file_basics.htm
@ -52,9 +52,10 @@ high-level      policy.</li>
     on  the          firewall system.</li>
                          <li>/etc/shorewall/hosts - allows defining zones
 in  terms    of  individual           hosts and subnetworks.</li>
-                         <li>/etc/shorewall/masq - directs the firewall where 
+                          <li>/etc/shorewall/masq - directs the firewall
-  to  use   many-to-one            (dynamic) Network Address Translation (a.k.a.
+where    to  use   many-to-one            (dynamic) Network Address Translation
-   Masquerading)   and  Source          Network Address Translation (SNAT).</li>
+(a.k.a.    Masquerading)   and  Source          Network Address Translation
 (SNAT).</li>
                          <li>/etc/shorewall/modules - directs the firewall 
 to  load   kernel    modules.</li>
                          <li>/etc/shorewall/rules - defines rules that are 
@ -78,8 +79,10 @@ beginning   of a "shorewall start" or "shorewall restart".</li>
 completion  of a "shorewall start" or "shorewall restart"</li>
       <li>/etc/shorewall/stop - commands that you wish to execute at the 
 beginning   of a "shorewall stop".</li>
-      <li>/etc/shorewall/stopped - commands that you wish to execute at the 
+       <li>/etc/shorewall/stopped - commands that you wish to execute at
- completion of a "shorewall stop".<br>
+the   completion of a "shorewall stop".</li>
  <li>/etc/shorewall/ecn - disable Explicit Congestion Notification (ECN
 - RFC 3168) to remote hosts or networks.<br>
  </li>
 </ul>
@ -87,9 +90,9 @@ beginning   of a "shorewall stop".</li>
 <h2><a name="Comments"></a>Comments</h2>
 <p>You may place comments in configuration files by making the first non-whitespace
-              character a pound sign ("#"). You may also place comments at 
+               character a pound sign ("#"). You may also place comments
- the    end  of any line, again by       delimiting the comment from the rest
+at   the    end  of any line, again by       delimiting the comment from
- of   the line  with a pound sign.</p>
+the rest  of   the line  with a pound sign.</p>
 <p>Examples:</p>
@ -111,9 +114,9 @@ beginning   of a "shorewall stop".</li>
 <p align="left">     </p>
 <p align="left"><b>WARNING: I personally recommend strongly <u>against</u>
-        using DNS names in Shorewall configuration files. If you use DNS names
+         using DNS names in Shorewall configuration files. If you use DNS
-     and   you are called out of bed at 2:00AM because Shorewall won't start
+names      and   you are called out of bed at 2:00AM because Shorewall won't
-   as  a result  of DNS problems then don't say that you were not forewarned. 
+start    as  a result  of DNS problems then don't say that you were not forewarned.
    <br>
                  </b></p>
@ -124,12 +127,12 @@ beginning   of a "shorewall stop".</li>
        configuration files may be specified as either IP addresses or DNS 
   Names.<br>
                  <br>
-                DNS names in iptables rules  aren't nearly as useful as they
+                 DNS names in iptables rules  aren't nearly as useful as
-  first    appear.    When a DNS name appears in a rule,  the iptables utility
+they   first    appear.    When a DNS name appears in a rule,  the iptables
-  resolves    the name    to one or more IP addresses and inserts  those
+utility   resolves    the name    to one or more IP addresses and inserts
-addresses   into    the rule.  So  changes in the DNS-&gt;IP address relationship
+ those addresses   into    the rule.  So  changes in the DNS-&gt;IP address
- that   occur   after the firewall    has started have absolutely no effect
+relationship  that   occur   after the firewall    has started have absolutely
-on the    firewall's   ruleset.    </p>
+no effect on the    firewall's   ruleset.    </p>
 <p align="left">     If your firewall rules include DNS names then:</p>
@ -145,8 +148,8 @@ before    starting     your DNS server then your firewall won't start.<br>
                  </li>
                   <li>Factors totally outside your control (your ISP's router
   is      down   for example), can prevent your firewall from starting.</li>
-                 <li>You must bring up your network interfaces prior to starting
+                  <li>You must bring up your network interfaces prior to
-    your   firewall.<br>
+starting     your   firewall.<br>
                  </li>
 </ul>
@ -180,15 +183,15 @@ before    starting     your DNS server then your firewall won't start.<br>
                   <li>In the /etc/shorewall/nat file.</li>
 </ul>
-                 These restrictions are not imposed by Shorewall simply for 
+                  These restrictions are not imposed by Shorewall simply
- your inconvenience but are rather limitations of iptables.<br>
+for   your inconvenience but are rather limitations of iptables.<br>
 <h2><a name="Compliment"></a>Complementing an Address or Subnet</h2>
 <p>Where specifying an IP address, a subnet or an interface, you can     
  precede the item with "!" to specify the complement of the item. For  
-      example, !192.168.1.4 means "any host but 192.168.1.4". There must
+     example, !192.168.1.4 means "any host but 192.168.1.4". There must be
-be no white space following the "!".</p>
+no white space following the "!".</p>
 <h2><a name="Lists"></a>Comma-separated Lists</h2>
@ -268,8 +271,8 @@ the high port number, a value of 65535 is assumed.<br>
 <h2><a name="MAC"></a>Using MAC Addresses</h2>
 <p>Media Access Control (MAC)        addresses can be used to specify packet 
-        source in several of the        configuration files. To use this
+        source in several of the        configuration files. To use this feature,
-feature,         your kernel must have MAC        Address Match support (CONFIG_IP_NF_MATCH_MAC)
+        your kernel must have MAC        Address Match support (CONFIG_IP_NF_MATCH_MAC) 
        included.</p>
 <p>MAC addresses are 48 bits wide and each Ethernet Controller has a     
@ -292,11 +295,11 @@ a  series    of  6  hex numbers        separated by colons. Example:<br>
       (1582.8     Mb)<br>
                       Interrupt:11 Base address:0x1800<br>
                        <br>
-                       Because Shorewall uses colons as a separator for address 
+                        Because Shorewall uses colons as a separator for
-   fields,     Shorewall requires        MAC addresses to be written in another 
+address     fields,     Shorewall requires        MAC addresses to be written
-   way. In   Shorewall, MAC addresses        begin with a tilde ("~") and 
+in another     way. In   Shorewall, MAC addresses        begin with a tilde
-consist   of 6  hex numbers separated by        hyphens. In Shorewall, the 
+("~") and  consist   of 6  hex numbers separated by        hyphens. In Shorewall,
-MAC address    in  the example above would be        written "~02-00-08-E3-FA-55".<br>
+the  MAC address    in  the example above would be        written "~02-00-08-E3-FA-55".<br>
             </p>
 <p><b>Note: </b>It is not necessary to use the special Shorewall notation 
@ -310,27 +313,27 @@ MAC address    in  the example above would be        written "~02-00-08-E3-FA-55
 and    restart</a>       commands allow you to specify an alternate configuration 
    directory and    Shorewall will use the files in the alternate directory 
   rather than the  corresponding  files in /etc/shorewall. The alternate 
-directory    need not contain a complete  configuration; those files not
+directory    need not contain a complete  configuration; those files not in
-in the alternate    directory  will be read from  /etc/shorewall.</p>
+the alternate    directory  will be read from  /etc/shorewall.</p>
 <p>  This facility permits you to easily create a test or temporary configuration 
         by:</p>
 <ol>
-                         <li>  copying the files that need modification from
+                          <li>  copying the files that need modification
-  /etc/shorewall       to a separate      directory;</li>
+from   /etc/shorewall       to a separate      directory;</li>
                          <li>  modify those files in the separate directory; 
  and</li>
                          <li>  specifying the separate directory in a shorewall
-   start    or  shorewall     restart command (e.g., <i><b>shorewall -c /etc/testconfig
+    start    or  shorewall     restart command (e.g., <i><b>shorewall -c
-       restart</b></i>  ).</li>
+/etc/testconfig        restart</b></i>  ).</li>
 </ol>
-<p><font size="2">   Updated 2/7/2003 - <a href="support.htm">Tom  Eastep</a> 
+<p><font size="2">   Updated 2/24/2003 - <a href="support.htm">Tom  Eastep</a>
            </font></p>
@ -343,5 +346,6 @@ in the alternate    directory  will be read from  /etc/shorewall.</p>
    <br>
   <br>
  <br>
 <br>
 </body>
 </html>
--- a/Shorewall-docs/mailing_list.htm
+++ b/Shorewall-docs/mailing_list.htm
@ -74,6 +74,10 @@
 </table>
 <h1>REPORTING A PROBLEM OR ASKING FOR HELP? If you haven't already, please
 read the <a href="http://www.shorewall.net/support.htm">Shorewall Support
 Guide</a>.<br>
 </h1>
 <p align="left">If you experience problems with any of these lists, please 
           let <a href="mailto:teastep@shorewall.net">me</a> know</p>
@ -109,24 +113,24 @@ record    in  DNS.</li>
   "for  continuous abuse" because it has been my policy to allow HTML in 
 list   posts!!<br>
            <br>
-           I think that blocking all HTML is a Draconian way to control spam
+            I think that blocking all HTML is a Draconian way to control
-   and   that the ultimate losers here are not the spammers but the list
+spam    and   that the ultimate losers here are not the spammers but the
-subscribers      whose MTAs are bouncing all shorewall.net mail. As one list
+list subscribers      whose MTAs are bouncing all shorewall.net mail. As
-subscriber   wrote  to me privately "These e-mail admin's need to get a <i>(explitive 
+one list subscriber   wrote  to me privately "These e-mail admin's need to
- deleted)</i>  life instead of trying to rid the planet of HTML based e-mail". 
+get a <i>(explitive   deleted)</i>  life instead of trying to rid the planet
- Nevertheless,  to allow subscribers to receive list posts as must as possible, 
+of HTML based e-mail".   Nevertheless,  to allow subscribers to receive list
- I have now  configured the list server at shorewall.net to strip all HTML 
+posts as must as possible,   I have now  configured the list server at shorewall.net
- from outgoing  posts. This means that HTML-only posts will be bounced by 
+to strip all HTML   from outgoing  posts. This means that HTML-only posts
-the list server.<br>
+will be bounced by  the list server.<br>
 <p align="left"> <b>Note: </b>The list server limits posts to 120kb.<br>
         </p>
 <h2>Other Mail Delivery Problems</h2>
-         If you find that you are missing an occasional list post, your e-mail
+          If you find that you are missing an occasional list post, your
-   admin  may be blocking mail whose <i>Received:</i> headers contain the
+e-mail    admin  may be blocking mail whose <i>Received:</i> headers contain
-names   of certain ISPs. Again, I believe that such policies hurt more than
+the names   of certain ISPs. Again, I believe that such policies hurt more
-they  help but I'm not prepared to go so far as to start stripping <i>Received:</i> 
+than they  help but I'm not prepared to go so far as to start stripping <i>Received:</i>
    headers to circumvent those policies.<br>
 <h2 align="left">Mailing Lists Archive Search</h2>
@ -165,9 +169,9 @@ they  help but I'm not prepared to go so far as to start stripping <i>Received:<
                      </form>
-<h2 align="left"><font color="#ff0000">Please do not try to download the
+<h2 align="left"><font color="#ff0000">Please do not try to download the entire
-entire Archive -- it is 75MB (and growing daily) and my slow DSL line simply
+Archive -- it is 75MB (and growing daily) and my slow DSL line simply won't
-won't stand the traffic. If I catch you, you will be blacklisted.<br>
+stand the traffic. If I catch you, you will be blacklisted.<br>
               </font></h2>
 <h2 align="left">Shorewall CA Certificate</h2>
@ -208,9 +212,9 @@ to  this list.</p>
 <p align="left">The list archives are at <a
 href="http://lists.shorewall.net/pipermail/shorewall-users/index.html">http://lists.shorewall.net/pipermail/shorewall-users</a>.</p>
-<p align="left">Note that prior to 1/1/2002, the mailing list was hosted at
+<p align="left">Note that prior to 1/1/2002, the mailing list was hosted
-<a href="http://sourceforge.net">Sourceforge</a>. The archives from that list
+at <a href="http://sourceforge.net">Sourceforge</a>. The archives from that
-may be found at <a
+list may be found at <a
 href="http://www.geocrawler.com/lists/3/Sourceforge/9327/0/">www.geocrawler.com/lists/3/Sourceforge/9327/0/</a>.</p>
 <h2 align="left">Shorewall Announce Mailing List</h2>
@ -262,8 +266,8 @@ may be found at <a
           the  Mailing Lists</h2>
 <p align="left">There seems to be near-universal confusion about unsubscribing
-           from Mailman-managed lists although Mailman 2.1 has attempted to
+            from Mailman-managed lists although Mailman 2.1 has attempted
-  make  this less confusing. To unsubscribe:</p>
+to   make  this less confusing. To unsubscribe:</p>
 <ul>
                         <li>                                           
@ -274,10 +278,10 @@ may be found at <a
                         <li>                                           
    <p align="left">Down at the bottom of that page is the following text:
-          " 	To <b>unsubscribe</b> from <i>&lt;list name&gt;</i>, get a password 
+           " 	To <b>unsubscribe</b> from <i>&lt;list name&gt;</i>, get a
-    reminder,         or change your subscription options enter your subscription
+password      reminder,         or change your subscription options enter
-             email address:". Enter your email  address   in the box and
+your subscription              email address:". Enter your email  address
-click      on the "<b>Unsubscribe</b> or edit options" button.</p>
+  in the box and click      on the "<b>Unsubscribe</b> or edit options" button.</p>
                         </li>
                         <li>                                           
@ -294,13 +298,14 @@ click      on the "<b>Unsubscribe</b> or edit options" button.</p>
 <p align="left"><a href="gnu_mailman.htm">Check out these instructions</a></p>
-<p align="left"><font size="2">Last updated 2/18/2003 - <a
+<p align="left"><font size="2">Last updated 2/24/2003 - <a
 href="http://www.shorewall.net/support.htm">Tom Eastep</a></font></p>
-<p align="left"><a href="copyright.htm"> <font size="2">Copyright</font>
+<p align="left"><a href="copyright.htm"> <font size="2">Copyright</font> ©
-© <font size="2">2001, 2002, 2003 Thomas M. Eastep.</font></a><br>
+<font size="2">2001, 2002, 2003 Thomas M. Eastep.</font></a><br>
   </p>
   <br>
  <br>
 <br>
 </body>
 </html>
--- a/Shorewall-docs/seattlefirewall_index.htm
+++ b/Shorewall-docs/seattlefirewall_index.htm
@ -15,8 +15,8 @@
-                                             <base target="_self">       
+                                                     <base
- 
+ target="_self">               
  <meta name="author" content="Tom Eastep">
 </head>
  <body>
@ -48,9 +48,10 @@
 alt="Shorwall Logo" height="70" width="85" align="left"
 src="images/washington.jpg" border="0">
-                                    </a></i></font><font color="#ffffff">Shorewall
+                                      </a></i></font><font
- 1.4     -               <font size="4">"<i>iptables                   made
+ color="#ffffff">Shorewall  1.4     -               <font size="4">"<i>iptables 
-   easy"</i></font></font></h1>
+                  made    easy"</i></font></font></h1>
@ -138,23 +139,23 @@
      <p>This program is free software; you can redistribute it and/or modify 
                                                 it        under the terms 
-of         <a href="http://www.gnu.org/licenses/gpl.html">Version        2
+ of         <a href="http://www.gnu.org/licenses/gpl.html">Version       
-of  the GNU General Public License</a> as published by the Free Software 
+2 of  the GNU General Public License</a> as published by the Free Software 
       Foundation.<br>
                                          <br>
                                     This   program     is  distributed 
     in   the     hope     that     it   will     be  useful,    but    
-  WITHOUT    ANY      WARRANTY;      without      even the   implied    warranty
+    WITHOUT    ANY      WARRANTY;      without      even the   implied  
-      of MERCHANTABILITY                or  FITNESS    FOR   A PARTICULAR
+ warranty       of MERCHANTABILITY                or  FITNESS    FOR   A
-     PURPOSE.        See the    GNU General     Public  License         
+PARTICULAR       PURPOSE.        See the    GNU General     Public  License
          for   more details.<br>
                                          <br>
-                                   You   should    have   received     a
+                                     You   should    have   received    
- copy     of   the     GNU     General         Public      License      
+a   copy     of   the     GNU     General         Public      License   
         along     with    this   program;       if  not,    write  to  the
   Free Software           Foundation,              Inc.,  675     Mass 
 Ave,  Cambridge,   MA    02139,       USA</p>
@ -250,16 +251,20 @@ Ave,  Cambridge,   MA    02139,       USA</p>
 border="0" src="images/new10.gif" width="28" height="12" alt="(New)">
                        </b></p>
      <p></p>
      Shorewall 1.4 represents the next step in the evolution of Shorewall. 
 The  main thrust of the initial release is simply to remove the cruft that 
 has  accumulated in Shorewall over time. <br>
-      <b>IMPORTANT: Shorewall 1.4.0 <u>REQUIRES</u></b> <b>the iproute package
+        <b>IMPORTANT: Shorewall 1.4.0 <u>REQUIRES</u></b> <b>the iproute
-('ip' utility).</b><br>
+package  ('ip' utility).</b><br>
        <br>
  Function from 1.3 that has been omitted from this version include:<br>
      <ol>
              <li>The "check" command is no longer supported.<br>
          <br>
        </li>
        <li>The MERGE_HOSTS variable in shorewall.conf is no longer supported.
  Shorewall 1.4 behavior is the same as 1.3 with MERGE_HOSTS=Yes.<br>
                <br>
@ -278,8 +283,8 @@ Function from 1.3 that has been omitted from this version include:<br>
 an error  at startup if specified.<br>
                <br>
              </li>
-            <li>The Shorewall 1.2 syntax for DNAT and REDIRECT rules is no
+              <li>The Shorewall 1.2 syntax for DNAT and REDIRECT rules is 
- longer  accepted.<br>
+no  longer  accepted.<br>
                <br>
              </li>
              <li>The ALLOWRELATED variable in shorewall.conf is no longer
@ -296,14 +301,14 @@ that they arrived on in two cases:</li>
      </ol>
      <ul>
-         <li>There is an <u>explicit</u> policy for the source zone to or 
+           <li>There is an <u>explicit</u> policy for the source zone to
-from the destination zone. An explicit policy names both zones and does not 
+or  from the destination zone. An explicit policy names both zones and does 
-use the 'all' reserved word.</li>
+not  use the 'all' reserved word.</li>
           <li>There are one or more rules for traffic for the source zone
 to or from the destination zone including rules that use the 'all' reserved 
 word. Exception: if the source zone and destination zone are the same then 
-the rule must be explicit - it must name the zone in both the SOURCE and DESTINATION
+ the rule must be explicit - it must name the zone in both the SOURCE and 
-columns.<br>
+DESTINATION columns.<br>
      </li>
      </ul>
@ -321,8 +326,8 @@ columns.<br>
              <li>LOG is now a valid action for a rule (/etc/shorewall/rules).<br>
                <br>
              </li>
-            <li>The firewall script and version file are now installed in 
+              <li>The firewall script and version file are now installed
-/usr/share/shorewall.<br>
+in  /usr/share/shorewall.<br>
                <br>
              </li>
              <li>Late arriving DNS replies are now silently dropped in the 
@ -330,8 +335,9 @@ common  chain by default.<br>
                <br>
              </li>
              <li>In addition to behaving like OLD_PING_HANDLING=No, Shorewall
- 1.4 no longer unconditionally accepts outbound ICMP packets. So if you want
+  1.4 no longer unconditionally accepts outbound ICMP packets. So if you
-  to 'ping' from the firewall, you will need the appropriate rule or policy.<br>
+want    to 'ping' from the firewall, you will need the appropriate rule or
 policy.<br>
             <br>
           </li>
           <li>802.11b devices with names of the form wlan<i>&lt;n&gt;</i>
@ -347,6 +353,7 @@ now support the 'maclist' option.<br>
      </ul>
@ -457,5 +464,7 @@ Foundation.</font></a> Thanks!</font></p>
                                           <br>
   </p>
   <br>
  <br>
 <br>
 </body>
 </html>
--- a/Shorewall-docs/shoreline.htm
+++ b/Shorewall-docs/shoreline.htm
@ -47,8 +47,8 @@
                  <li>Burroughs Corporation (now <a
 href="http://www.unisys.com">Unisys</a>    ) 1969 - 1980</li>
                  <li><a href="http://www.tandem.com">Tandem Computers, Incorporated</a>
-       (now part of the <a href="http://www.hp.com">The New HP</a>) 1980 -
+        (now part of the <a href="http://www.hp.com">The New HP</a>) 1980
- present</li>
+-  present</li>
                  <li>Married 1969 - no children.</li>
 </ul>
@ -58,10 +58,10 @@
 <p>I became interested in Internet Security when I established a home office 
      in 1999 and had DSL service installed in our       home. I investigated 
-    ipchains  and developed the scripts which are now collectively known
+    ipchains  and developed the scripts which are now collectively known as
-as   <a href="http://seawall.sourceforge.net"> Seattle       Firewall</a>.
+  <a href="http://seawall.sourceforge.net"> Seattle       Firewall</a>. Expanding
-Expanding       on what I learned from Seattle Firewall, I then       designed
+      on what I learned from Seattle Firewall, I then       designed and
-and wrote      Shorewall. </p>
+wrote      Shorewall. </p>
 <p>I telework from our home in <a href="http://www.cityofshoreline.com">Shoreline, 
       Washington</a>  where I live with my wife Tarry. </p>
@ -74,22 +74,22 @@ and wrote      Shorewall. </p>
 Serves as a PPTP server for Road Warrior access. Dual boots <a
 href="http://www.mandrakelinux.com">Mandrake</a> 9.0.</li>
                  <li>Celeron 1.4Gz, RH8.0, 384MB RAM, 60GB HD, LNE100TX(Tulip) 
-   NIC   -  My      personal Linux System which runs Samba configured as
+   NIC   -  My      personal Linux System which runs Samba configured as a
-a  WINS  server.    This      system also has <a
+ WINS  server.    This      system also has <a
- href="http://www.vmware.com/">VMware</a>  installed    and      can run
+ href="http://www.vmware.com/">VMware</a>  installed    and      can run both
-both     <a href="http://www.debian.org">Debian  Woody</a> and         <a
+    <a href="http://www.debian.org">Debian  Woody</a> and         <a
 href="http://www.suse.com">SuSE 8.1</a> in virtual  machines.</li>
                  <li>K6-2/350, RH8.0, 384MB RAM, 8GB IDE HD, EEPRO100 NIC  
 - Email   (Postfix, Courier-IMAP and Mailman), HTTP (Apache), FTP (Pure_ftpd), 
 DNS  server        (Bind 9).</li>
-                 <li>PII/233, RH8.0, 256MB MB RAM, 2GB SCSI  HD - 3     
+                  <li>PII/233, RH8.0, Kernel 2.4.20, 256MB MB RAM, 2GB SCSI
-LNE100TX      (Tulip) and 1 TLAN NICs  - Firewall running Shorewall  1.4.0
+ HD - 3      LNE100TX      (Tulip) and 1 TLAN NICs  - Firewall running Shorewall
-Alpha 2  and a DHCP        server.</li>
+ 1.4.0 and a DHCP        server.</li>
-                 <li>Duron 750, Win ME, 192MB RAM, 20GB HD, RTL8139 NIC - 
+                  <li>Duron 750, Win ME, 192MB RAM, 20GB HD, RTL8139 NIC
-My  wife's        personal system.</li>
+-  My  wife's        personal system.</li>
                  <li>PII/400 Laptop, WinXP SP1, 224MB RAM, 12GB HD, onboard
- EEPRO100     and     EEPRO100 in expansion base and LinkSys WAC11 - My main 
+  EEPRO100     and     EEPRO100 in expansion base and LinkSys WAC11 - My
- work system.</li>
+main   work system.</li>
 </ul>
@ -114,12 +114,13 @@ My  wife's        personal system.</li>
 width="125" height="40" hspace="4">
               </font></p>
-<p><font size="2">Last updated 2/18/2003 - </font><font size="2">       <a
+<p><font size="2">Last updated 2/23/2003 - </font><font size="2">       <a
 href="support.htm">Tom Eastep</a></font>  </p>
                <font face="Trebuchet MS"><a href="copyright.htm"><font
 size="2">Copyright</font>       © <font size="2">2001, 2002, 2003 Thomas 
 M. Eastep.</font></a></font><br>
   <br>
  <br>
 <br>
 </body>
 </html>
--- a/Shorewall-docs/sourceforge_index.htm
+++ b/Shorewall-docs/sourceforge_index.htm
@ -15,8 +15,8 @@
-                                                                     <base
+                                                                        
- target="_self">         
+  <base target="_self">            
  <meta name="author" content="Tom Eastep">
 </head>
  <body>
@ -116,11 +116,12 @@
      <p>The Shoreline Firewall, more commonly known as  "Shorewall",  is
         a       <a href="http://www.netfilter.org">Netfilter</a> (iptables)
   based      firewall        that can be used on a dedicated firewall system,
-  a multi-function             gateway/router/server or on a standalone GNU/Linux 
+   a multi-function             gateway/router/server or on a standalone
-  system.</p>
+GNU/Linux    system.</p>
@ -144,8 +145,8 @@
                                          This   program     is  distributed
        in   the     hope     that     it   will     be  useful,    but 
       WITHOUT    ANY      WARRANTY;      without      even the   implied
-  warranty       of MERCHANTABILITY                or  FITNESS    FOR   A
+   warranty       of MERCHANTABILITY                or  FITNESS    FOR  
- PARTICULAR       PURPOSE.        See the    GNU General     Public  License
+A  PARTICULAR       PURPOSE.        See the    GNU General     Public  License 
            for   more details.<br>
                                               <br>
@ -153,8 +154,8 @@
                                          You   should    have   received 
    a   copy     of   the     GNU     General         Public      License
             along     with    this   program;       if  not,    write  to 
-  the    Free Software           Foundation,              Inc.,  675    
+  the    Free Software           Foundation,              Inc.,  675     Mass
-Mass   Ave,  Cambridge,   MA    02139,       USA</p>
+  Ave,  Cambridge,   MA    02139,       USA</p>
@ -219,15 +220,18 @@ on the recent release of Bering 1.1!!!</b><br>
 border="0" src="images/new10.gif" width="28" height="12" alt="(New)">
                       </b></p>
                                              Shorewall 1.4 represents the
-next  step in the evolution of Shorewall. The main thrust of the initial release
+ next  step in the evolution of Shorewall. The main thrust of the initial
- is simply to remove the cruft that has accumulated in Shorewall over time.
+release  is simply to remove the cruft that has accumulated in Shorewall
-       <br>
+over time.        <br>
       <b>IMPORTANT: Shorewall 1.4.0 <u>REQUIRES</u></b> <b>the iproute package 
 ('ip' utility).</b><br>
         <br>
      Function from 1.3 that has been omitted from this version include:<br>
      <ol>
             <li>The "check" command is no longer supported.<br>
          <br>
        </li>
        <li>The MERGE_HOSTS variable in shorewall.conf is no longer supported.
   Shorewall 1.4 behavior is the same as 1.3 with MERGE_HOSTS=Yes.<br>
          <br>
@ -246,8 +250,8 @@ next  step in the evolution of Shorewall. The main thrust of the initial release
 an error  at startup if specified.<br>
          <br>
        </li>
-            <li>The Shorewall 1.2 syntax for DNAT and REDIRECT rules is no
+             <li>The Shorewall 1.2 syntax for DNAT and REDIRECT rules is
- longer  accepted.<br>
+no  longer  accepted.<br>
          <br>
        </li>
             <li>The ALLOWRELATED variable in shorewall.conf is no longer 
@ -265,13 +269,13 @@ that they arrived on in two cases:</li>
      <ul>
          <li>There is an <u>explicit</u> policy for the source zone to or
-from the destination zone. An explicit policy names both zones and does not 
+ from the destination zone. An explicit policy names both zones and does
-use the 'all' reserved word.</li>
+not  use the 'all' reserved word.</li>
          <li>There are one or more rules for traffic for the source zone 
 to or from the destination zone including rules that use the 'all' reserved
 word. Exception: if the source zone and destination zone are the same then
-the rule must be explicit - it must name the zone in both the SOURCE and DESTINATION
+ the rule must be explicit - it must name the zone in both the SOURCE and
-columns.</li>
+DESTINATION columns.</li>
      </ul>
@ -383,6 +387,7 @@ now support the 'maclist' option.<br>
      <h2><a name="Donations"></a>Donations</h2>
@ -447,11 +452,11 @@ now support the 'maclist' option.<br>
-      <p align="center"><font size="4" color="#ffffff">Shorewall is free but
+      <p align="center"><font size="4" color="#ffffff">Shorewall is free
-if       you try it and find it useful, please consider making a donation 
+but if       you try it and find it useful, please consider making a donation
                                                    to       <a
- href="http://www.starlight.org"><font color="#ffffff">Starlight         Children's
+ href="http://www.starlight.org"><font color="#ffffff">Starlight        
-Foundation.</font></a> Thanks!</font></p>
+Children's Foundation.</font></a> Thanks!</font></p>
                                           </td>
@ -469,10 +474,9 @@ Foundation.</font></a> Thanks!</font></p>
-<p><font size="2">Updated 2/18/2003 - <a href="support.htm">Tom Eastep</a></font>
+<p><font size="2">Updated 2/24/2003 - <a href="support.htm">Tom Eastep</a></font> 
                                            <br>
 </p>
 <br>
 </body>
 </html>
--- a/Shorewall-docs/starting_and_stopping_shorewall.htm
+++ b/Shorewall-docs/starting_and_stopping_shorewall.htm
@ -41,13 +41,13 @@
 <p>   If you have a permanent internet connection such as DSL     or Cable,
-    I  recommend that you start the firewall     automatically at boot. Once
+     I  recommend that you start the firewall     automatically at boot.
-   you  have installed      "firewall" in your init.d directory, simply type
+Once     you  have installed      "firewall" in your init.d directory, simply
-       "chkconfig --add firewall". This will start the     firewall in run
+type         "chkconfig --add firewall". This will start the     firewall
- levels   2-5 and stop it in run levels 1 and 6.     If you want to configure
+in run   levels   2-5 and stop it in run levels 1 and 6.     If you want
- your  firewall differently from this     default, you can use the "--level"
+to configure   your  firewall differently from this     default, you can
- option  in     chkconfig (see "man chkconfig") or using your     favorite
+use the "--level"   option  in     chkconfig (see "man chkconfig") or using
- graphical  run-level editor.</p>
+your     favorite   graphical  run-level editor.</p>
@ -65,8 +65,8 @@
     Note: Users of the .deb package must edit /etc/default/shorewall and
 set    'startup=1'.<br>
            </li>
-          <li>If you use dialup, you may want to start the firewall     in
+            <li>If you use dialup, you may want to start the firewall   
- your   /etc/ppp/ip-up.local   script. I recommend just placing     "shorewall 
+ in  your   /etc/ppp/ip-up.local   script. I recommend just placing     "shorewall 
  restart"   in that script.</li>
 </ol>
@ -91,11 +91,14 @@ set    'startup=1'.<br>
              <li>shorewall clear - remove all rules and chains         
   installed    by Shoreline  Firewall</li>
              <li>shorewall refresh - refresh the rules involving the broadcast 
-          addresses  of firewall interfaces and the black and white lists.</li>
+           addresses  of firewall interfaces, <a
 href="blacklisting_support.htm">the black list</a>, <a
 href="traffic_shaping.htm">traffic control rules</a> and <a
 href="ECN.html">ECN control rules</a>.</li>
 </ul>
-    If you include the keyword <i>debug</i> as the first argument, then a 
+      If you include the keyword <i>debug</i> as the first argument, then 
-shell  trace of the command is produced as in:<br>
+a  shell  trace of the command is produced as in:<br>
 <pre>	<font color="#009900"><b>shorewall debug start 2&gt; /tmp/trace</b></font><br></pre>
@ -116,50 +119,45 @@ information in the file /tmp/trace<br>
 <ul>
              <li>shorewall status - produce a verbose report about the firewall
              (iptables -L -n -v)</li>
-            <li>shorewall show <i>chain</i> - produce a verbose report about
+              <li>shorewall show <i>chain</i> - produce a verbose report
-      <i>chain             </i>(iptables -L <i>chain</i> -n -v)</li>
+about        <i>chain             </i>(iptables -L <i>chain</i> -n -v)</li>
-            <li>shorewall show nat - produce a verbose report about the nat 
+              <li>shorewall show nat - produce a verbose report about the 
- table             (iptables -t nat -L -n -v)</li>
+nat   table             (iptables -t nat -L -n -v)</li>
-            <li>shorewall show tos - produce a verbose report about the mangle
+              <li>shorewall show tos - produce a verbose report about the 
-   table          (iptables -t mangle -L -n -v)</li>
+mangle    table          (iptables -t mangle -L -n -v)</li>
              <li>shorewall show log - display the last 20 packet log entries.</li>
              <li>shorewall show connections - displays the IP connections
 currently     being     tracked by the firewall.</li>
              <li>shorewall                                             
                                       show                             
-                                                     tc     - displays information
+                                                       tc     - displays
-    about the traffic control/shaping configuration.</li>
+information      about the traffic control/shaping configuration.</li>
-            <li>shorewall monitor [ delay ] - Continuously display the firewall 
+              <li>shorewall monitor [ delay ] - Continuously display the
-             status, last 20 log entries and nat. When the log entry display
+firewall               status, last 20 log entries and nat. When the log
-              changes, an audible alarm is sounded.</li>
+entry display                changes, an audible alarm is sounded.</li>
              <li>shorewall hits - Produces several reports about the Shorewall 
   packet  log          messages in the current /var/log/messages file.</li>
-            <li>shorewall version -  Displays the installed     version number.</li>
+              <li>shorewall version -  Displays the installed     version 
-            <li>shorewall check -  Performs a <u>cursory</u> validation 
+number.</li>
   of  the  zones, interfaces, hosts, rules and policy files.    <font
 size="4" color="#ff6666"><b>The "check" command does not parse and     validate
  the   generated iptables commands so even though the "check" command  
  completes   successfully, the configuration may fail to start. See the
    recommended   way to make configuration changes described below. </b></font>
    </li>
              <li>shorewall try<i> configuration-directory</i> [<i> timeout</i> 
   ]  -  Restart shorewall using the     specified configuration and if an 
 error   occurs or if the<i> timeout </i>    option is given and the new configuration
    has been up for that many seconds     then shorewall is restarted using
  the  standard configuration.</li>
-            <li>shorewall deny, shorewall reject, shorewall accept and shorewall
+              <li>shorewall deny, shorewall reject, shorewall accept and
-    save     implement <a href="blacklisting_support.htm">dynamic blacklisting</a>.</li>
+shorewall      save     implement <a href="blacklisting_support.htm">dynamic
-            <li>shorewall logwatch (added in version 1.3.2) - Monitors the
+blacklisting</a>.</li>
-        <a href="#Conf">LOGFILE </a>and produces an audible alarm when new 
+              <li>shorewall logwatch (added in version 1.3.2) - Monitors
- Shorewall       messages are logged.</li>
+the          <a href="#Conf">LOGFILE </a>and produces an audible alarm when
 new   Shorewall       messages are logged.</li>
 </ul>
-      Finally, the "shorewall" program may be used to dynamically alter the 
+        Finally, the "shorewall" program may be used to dynamically alter 
- contents  of a zone.<br>
+the   contents  of a zone.<br>
 <ul>
-        <li>shorewall add <i>interface</i>[:<i>host]</i> <i>zone </i>- Adds 
+          <li>shorewall add <i>interface</i>[:<i>host]</i> <i>zone </i>-
- the  specified interface (and host if included) to the specified zone.</li>
+Adds   the  specified interface (and host if included) to the specified zone.</li>
          <li>shorewall delete <i>interface</i>[:<i>host]</i> <i>zone </i>- 
 Deletes   the specified interface (and host if included) from the specified 
 zone.</li>
@ -176,8 +174,8 @@ zone.</li>
        </blockquote>
-<p>  The <b>shorewall start</b>, <b>shorewall restart, shorewall check </b> and 
+<p>  The <b>shorewall start</b>, <b>shorewall restart, </b>and       <b>shorewall
-     <b>shorewall try </b>commands allow you to specify which <a
+try </b>commands allow you to specify which <a
 href="configuration_file_basics.htm#Configs">   Shorewall configuration</a> 
      to use:</p>
@ -185,7 +183,7 @@ zone.</li>
 <blockquote>                                                            
-  <p>  shorewall [ -c <i>configuration-directory</i> ] {start|restart|check}<br>
+  <p>  shorewall [ -c <i>configuration-directory</i> ] {start|restart}<br>
            shorewall try <i>configuration-directory</i></p>
            </blockquote>
@ -210,14 +208,12 @@ zone.</li>
                      <li><font color="#009900"><b>cd /etc/test</b></font></li>
-                    <li>&lt;copy any files that you need to change from /etc/shorewall
+                      <li>&lt;copy any files that you need to change from 
-    to . and change them here&gt;</li>
+/etc/shorewall     to . and change them here&gt;</li>
                    <li><font color="#009900"><b>shorewall -c . check</b></font></li>
-                    <li>&lt;correct any errors found by check and check again&gt;</li>
+                                            <li><font color="#009900"><b>/sbin/shorewall
-                                                                        
+try .</b></font></li>
                    <li><font color="#009900"><b>/sbin/shorewall try .</b></font></li>
 </ul>
@ -258,9 +254,9 @@ start,    the   "try" command will automatically start the old one for you.</p>
 <p>    <br>
      </p>
       You will note that the commands that result in state transitions use 
-the  word "firewall" rather than "shorewall". That is because the actual transitions
+ the  word "firewall" rather than "shorewall". That is because the actual 
- are done by /usr/lib/shorewall/firewall (/usr/share/shorewall/firewall on
+transitions  are done by /usr/lib/shorewall/firewall (/usr/share/shorewall/firewall 
- Debian); /sbin/shorewall runs 'firewall" according to the following table:<br>
+on  Debian); /sbin/shorewall runs 'firewall" according to the following table:<br>
     <br>
 <table cellpadding="2" cellspacing="2" border="1">
@ -332,5 +328,7 @@ the  word "firewall" rather than "shorewall". That is because the actual transit
     <br>
    <br>
   <br>
  <br>
 <br>
 </body>
 </html>