Update Config file basics doc for 3.0 - take 2

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2609 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-08-31 19:06:30 +00:00
parent 4a9a0467f7
commit 21de50ae40

View File

@ -320,9 +320,8 @@ smtp,www,pop3,imap #Services running on the firewall</programlisting>
problems then don't say that you were not forewarned.</para> problems then don't say that you were not forewarned.</para>
</caution> </caution>
<para>Beginning with Shorewall 1.3.9, Host addresses in Shorewall <para>Host addresses in Shorewall configuration files may be specified as
configuration files may be specified as either IP addresses or DNS either IP addresses or DNS Names.</para>
Names.</para>
<para>DNS names in iptables rules aren't nearly as useful as they first <para>DNS names in iptables rules aren't nearly as useful as they first
appear. When a DNS name appears in a rule, the iptables utility resolves appear. When a DNS name appears in a rule, the iptables utility resolves
@ -419,16 +418,6 @@ smtp,www,pop3,imap #Services running on the firewall</programlisting>
Shorewall.</para> Shorewall.</para>
</section> </section>
<section id="Compliment">
<title>Complementing an Address or Subnet</title>
<para>Where specifying an IP address, a subnet or an interface, you can
precede the item with <quote>!</quote> to specify the complement of the
item. For example, !192.168.1.4 means <quote>any host but
192.168.1.4</quote>. There must be no white space following the
<quote>!</quote>.</para>
</section>
<section id="Lists"> <section id="Lists">
<title>Comma-separated Lists</title> <title>Comma-separated Lists</title>
@ -454,6 +443,16 @@ smtp,www,pop3,imap #Services running on the firewall</programlisting>
</itemizedlist> </itemizedlist>
</section> </section>
<section id="Compliment">
<title>Complementing an Address or Subnet</title>
<para>Where specifying an IP address, a subnet or an interface, you can
precede the item with <quote>!</quote> to specify the complement of the
item. For example, !192.168.1.4 means <quote>any host but
192.168.1.4</quote>. There must be no white space following the
<quote>!</quote>.</para>
</section>
<section id="Exclusion"> <section id="Exclusion">
<title>Exclusion Lists</title> <title>Exclusion Lists</title>
@ -482,16 +481,16 @@ smtp,www,pop3,imap #Services running on the firewall</programlisting>
<section id="IPRanges"> <section id="IPRanges">
<title>IP Address Ranges</title> <title>IP Address Ranges</title>
<para>Beginning with Shorewall 2.2.0, if you kernel and iptables have <para>If you kernel and iptables have iprange match support, you may use
iprange match support, you may use IP address ranges in Shorewall IP address ranges in Shorewall configuration file entries; IP address
configuration file entries; IP address ranges have the syntax ranges have the syntax &lt;<emphasis>low IP
&lt;<emphasis>low IP address</emphasis>&gt;-&lt;<emphasis>high IP address</emphasis>&gt;-&lt;<emphasis>high IP address</emphasis>&gt;.
address</emphasis>&gt;. Example: 192.168.1.5-192.168.1.12.</para> Example: 192.168.1.5-192.168.1.12.</para>
<para>To see if your kernel and iptables have the required support, use <para>To see if your kernel and iptables have the required support, use
the <command>shorewall check</command> command:</para> the <command>shorewall show capabilities</command> command:</para>
<programlisting>&gt;~ <command>shorewall check</command> <programlisting>&gt;~ <command>shorewall show capabilities</command>
... ...
Shorewall has detected the following iptables/netfilter capabilities: Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available NAT: Available
@ -725,9 +724,7 @@ INT_IF=$(getcfg-interface bus-pci-0000:00:03.0)</programlisting>
<listitem> <listitem>
<para>specifying the separate directory in a <command>shorewall <para>specifying the separate directory in a <command>shorewall
start</command> or <command>shorewall restart</command> command (e.g., start</command> or <command>shorewall restart</command> command (e.g.,
<command>shorewall restart /etc/testconfig</command> using Shorewall <command>shorewall restart /etc/testconfig</command> )</para>
2.2.0 and later or <command>shorewall -c /etc/testconf
restart</command> using earlier versions )</para>
</listitem> </listitem>
</orderedlist> </orderedlist>