Changes for 1.3.8

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@242 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-05-31 23:15:48 +02:00 · 2002-09-16 17:13:10 +00:00 · 2002-09-16 17:13:10 +00:00 · 329bddd120
commit 329bddd120
parent 4eecdd21fe
25 changed files with 7106 additions and 6131 deletions
--- a/Shorewall-docs/Documentation.htm
+++ b/Shorewall-docs/Documentation.htm
--- a/Shorewall-docs/FAQ.htm
+++ b/Shorewall-docs/FAQ.htm
@ -533,7 +533,9 @@ problem are:</p>
 over my console making it unusable!</h4>
  <p align="left"><b>Answer: </b>&quot;man dmesg&quot; -- add a suitable 'dmesg' command to your startup 
-  scripts or place it in /etc/shorewall/start.</p>
+  scripts or place it in /etc/shorewall/start. Under RedHat, the max log level 
  that is sent to the console is specified in /etc/sysconfig/init in the 
  LOGLEVEL variable.</p>
  <h4 align="left"><a name="faq17"></a>17. Why can't Shorewall detect my 
  interfaces properly?</h4>
@ -566,7 +568,7 @@ over my console making it unusable!</h4>
  zone is defined as all hosts connected through eth1.</div>
 <p align="left"><font size="2">Last updated 
-8/15/2002 - <a href="support.htm">Tom
+8/24/2002 - <a href="support.htm">Tom
 Eastep</a></font></p>
 <p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font> 
--- a/Shorewall-docs/IPIP.htm
+++ b/Shorewall-docs/IPIP.htm
@ -42,7 +42,25 @@ parameter to the type of tunnel that you want to create.</p>
 <blockquote>
 <p align="left">tunnel_type=gre</p>
 </blockquote>
-<p align="left">On system A, the 10.0.0.0/8 will comprise the <b>gw</b> zone. In
+<p align="left">On each firewall, you will need to declare a zone to represent 
 the remote subnet. We'll assume that this zone is called 'vpn' and declare it in 
 /etc/shorewall/zones on both systems as follows.</p>
 <blockquote>
    <table border="2" cellpadding="2" style="border-collapse: collapse">
               <tr>
              <td><strong>ZONE</strong></td>
              <td><strong>DISPLAY</strong></td>
              <td><strong>COMMENTS</strong></td>
          </tr>
          <tr>
              <td>vpn</td>
              <td>VPN</td>
              <td>Remote Subnet</td>
          </tr>
    </table>
 </blockquote>
 <p align="left">On system A, the 10.0.0.0/8 will comprise the <b>vpn</b> zone. In
 /etc/shorewall/interfaces:</p>
 <blockquote>
  <table border="2" cellpadding="2" style="border-collapse: collapse">
@ -53,7 +71,7 @@ parameter to the type of tunnel that you want to create.</p>
      <td><b>OPTIONS</b></td>
    </tr>
    <tr>
-      <td>gw</td>
+      <td>vpn</td>
      <td>tosysb</td>
      <td>10.255.255.255</td>
      <td>&nbsp;</td>
@ -88,7 +106,7 @@ encapsulation protocol (4) will be accepted to/from the remote gateway.</p>
  gateway=134.28.54.2<br>
  subnet=10.0.0.0/8</p>
 </blockquote>
-<p>Similarly, On system B the 192.168.1.0/24 subnet will comprise the <b>gw</b>
+<p>Similarly, On system B the 192.168.1.0/24 subnet will comprise the <b>vpn</b>
 zone. In /etc/shorewall/interfaces:</p>
 <blockquote>
  <table border="2" cellpadding="2" style="border-collapse: collapse">
@ -99,7 +117,7 @@ zone. In /etc/shorewall/interfaces:</p>
      <td><b>OPTIONS</b></td>
    </tr>
    <tr>
-      <td>gw</td>
+      <td>vpn</td>
      <td>tosysa</td>
      <td>192.168.1.255</td>
      <td>&nbsp;</td>
@ -135,7 +153,7 @@ zone. In /etc/shorewall/interfaces:</p>
 <p>You can rename the modified tunnel scripts if you like; be sure that they are
 secured so that root can execute them.  </p>
-      <p align="Left"> You will need to allow traffic between the &quot;gw&quot; zone and 
+      <p align="Left"> You will need to allow traffic between the &quot;vpn&quot; zone and 
      the &quot;loc&quot; zone on both systems -- if you simply want to admit all traffic 
      in both directions, you can use the policy file:</p>
@ -150,13 +168,13 @@ secured so that root can execute them.  </p>
          </tr>
          <tr>
              <td>loc</td>
-              <td>gw</td>
+              <td>vpn</td>
              <td>ACCEPT</td>
          <td>&nbsp;</td>
          </tr>
          <tr>
-              <td>gw</td>
+              <td>vpn</td>
              <td>loc</td>
              <td>ACCEPT</td>
          <td>&nbsp;</td>
@ -168,7 +186,7 @@ secured so that root can execute them.  </p>
 run the modified tunnel script with the &quot;start&quot; argument on each
 system. The systems in the two masqueraded subnetworks can now talk to each
 other</p>
-<p><font size="2">Updated 5/18/2002 - <a href="support.htm">Tom
+<p><font size="2">Updated 8/22/2002 - <a href="support.htm">Tom
 Eastep</a> </font></p>
 <p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font> 
 © <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></p>
--- a/Shorewall-docs/Install.htm
+++ b/Shorewall-docs/Install.htm
@ -11,11 +11,14 @@
 <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
-    <h1 align="center"><font color="#FFFFFF">Shorewall Installation</font></h1>
+    <h1 align="center"><font color="#FFFFFF">Shorewall Installation and Upgrade</font></h1>
    </td>
  </tr>
 </table>
 <p align="center"><b>Before upgrading, be sure to review the
 <a href="upgrade_issues.htm">Upgrade Issues</a></b></p>
 <p><font size="4"><b><a href="#Install_RPM">Install using RPM</a><br>
 <a href="#Install_Tarball">Install
 using tarball</a><br>
@ -163,7 +166,7 @@ QuickStart Guides</a> contain all of the information you need.</p>
        the firewall system.</li>
  <li>/etc/shorewall/blacklist - lists blacklisted IP/subnet/MAC addresses.</li>
 </ul>
-<p><font size="2">Updated 8/7/2002 - <a href="support.htm">Tom
+<p><font size="2">Updated 9/13/2002 - <a href="support.htm">Tom
 Eastep</a> </font></p>
 <p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font> 
 © <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></p>
--- a/Shorewall-docs/News.htm
+++ b/Shorewall-docs/News.htm
--- a/Shorewall-docs/Shorewall_index_frame.htm
+++ b/Shorewall-docs/Shorewall_index_frame.htm
@ -44,7 +44,9 @@
      <li>
 <a href="troubleshoot.htm">Troubleshooting</a></li>
      <li>
-<a href="errata.htm">Errata/Upgrade Issues</a></li>
+<a href="errata.htm">Errata</a></li>
      <li>
 <a href="upgrade_issues.htm">Upgrade Issues</a></li>
      <li>
 <a href="support.htm">Support</a></li>
      <li>
@ -55,6 +57,7 @@
        <li><a target="_top" href="http://shorewall.infohiiway.com">Texas, USA</a></li>
        <li><a target="_top" href="http://germany.shorewall.net">Germany</a></li>
        <li><a target="_top" href="http://shorewall.correofuego.com.ar">Argentina</a></li>
        <li><a target="_top" href="http://france.shorewall.net">France</a></li>
      </ul>
      </li>
    </ul>
--- a/Shorewall-docs/blacklisting_support.htm
+++ b/Shorewall-docs/blacklisting_support.htm
@ -1,67 +1,95 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
 <head>
-<meta http-equiv="Content-Language" content="en-us">
+ 
-<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
+  <meta http-equiv="Content-Language" content="en-us">
-<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
+ 
-<meta name="ProgId" content="FrontPage.Editor.Document">
+  <meta http-equiv="Content-Type"
-<title>Blacklisting Support</title>
+ content="text/html; charset=windows-1252">
  <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
  <meta name="ProgId" content="FrontPage.Editor.Document">
  <title>Blacklisting Support</title>
 </head>
  <body>
-<body>
+<table border="0" cellpadding="0" cellspacing="0"
-
+ style="border-collapse: collapse;" bordercolor="#111111" width="100%"
-<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+ id="AutoNumber1" bgcolor="#400169" height="90">
   <tbody>
    <tr>
     <td width="100%">     
-    <h1 align="center"><font color="#FFFFFF">Blacklisting Support</font></h1>
+      <h1 align="center"><font color="#ffffff">Blacklisting Support</font></h1>
     </td>
   </tr>
  </tbody>
 </table>
 <p>Shorewall supports two different forms of blacklisting; static and dynamic.</p>
 <h2>Static Blacklisting</h2>
-<p>Shorewall
+ 
-static blacklisting support has the following configuration parameters:</p>
+<p>Shorewall static blacklisting support has the following configuration
 parameters:</p>
 <ul>
-  <li>You specify whether you want packets from blacklisted hosts dropped or
+   <li>You specify whether you want packets from blacklisted hosts dropped
-    rejected using the <a href="Documentation.htm#BLDisposition">BLACKLIST_DISPOSITION</a>
+or     rejected using the <a href="Documentation.htm#BLDisposition">BLACKLIST_DISPOSITION</a> 
    setting in /etc/shorewall/shorewall.conf</li>
-  <li>You specify whether you want packets from blacklisted hosts logged and at
+   <li>You specify whether you want packets from blacklisted hosts logged
-    what syslog level using the <a href="Documentation.htm#BLLoglevel">BLACKLIST_LOGLEVEL</a>
+and at     what syslog level using the <a
-    setting in /etc/shorewall/shorewall.conf</li>
+ href="Documentation.htm#BLLoglevel">BLACKLIST_LOGLEVEL</a>     setting in
-  <li>You list the IP addresses/subnets that you wish to blacklist in <a href="Documentation.htm#Blacklist">/etc/shorewall/blacklist</a></li>
+/etc/shorewall/shorewall.conf</li>
-  <li>You specify the interfaces whose incoming packets you want checked against
+   <li>You list the IP addresses/subnets that you wish to blacklist in <a
-    the blacklist using the &quot;<a href="Documentation.htm#BLInterface">blacklist</a>&quot;
+ href="Documentation.htm#Blacklist">/etc/shorewall/blacklist.</a> Beginning
-    option in /etc/shorewall/interfaces.</li>
+with Shorewall version 1.3.8, you may also specify PROTOCOL and Port numbers/Service
-  <li>The black list is refreshed from /etc/shorewall/blacklist by the &quot;<a href="Documentation.htm#Starting">shorewall
+names in the blacklist file.<br>
-    refresh</a>&quot; command.</li>
+  </li>
   <li>You specify the interfaces whose incoming packets you want checked
 against     the blacklist using the "<a
 href="Documentation.htm#Interfaces">blacklist</a>"     option in /etc/shorewall/interfaces.</li>
   <li>The black list is refreshed from /etc/shorewall/blacklist by the "<a
 href="Documentation.htm#Starting">shorewall     refresh</a>" command.</li>
 </ul>
 <h2>Dynamic Blacklisting</h2>
 <p>Dynamic blacklisting support was added in version 1.3.2. Dynamic blacklisting
-doesn't use any configuration parameters but is rather controlled using 
+ doesn't use any configuration parameters but is rather controlled using
-/sbin/shorewall commands:</p>
+ /sbin/shorewall commands:</p>
 <ul>
-  <li>deny <i>&lt;ip address list&gt; </i>- causes packets from the listed IP 
+   <li>deny <i>&lt;ip address list&gt; </i>- causes packets from the listed
-  addresses to be silently dropped by the firewall.</li>
+IP    addresses to be silently dropped by the firewall.</li>
-  <li>reject <i>&lt;ip address list&gt; </i>- causes packets from the listed IP 
+   <li>reject <i>&lt;ip address list&gt; </i>- causes packets from the listed
-  addresses to be rejected by the firewall.</li>
+IP    addresses to be rejected by the firewall.</li>
-  <li>allow <i>&lt;ip address list&gt; </i>- re-enables receipt of packets from hosts 
+   <li>allow <i>&lt;ip address list&gt; </i>- re-enables receipt of packets
-  previously blacklisted by a <i>deny</i> or <i>reject</i> command.</li>
+from hosts    previously blacklisted by a <i>deny</i> or <i>reject</i> command.</li>
-  <li>save - save the dynamic blacklisting configuration so that it will be 
+   <li>save - save the dynamic blacklisting configuration so that it will
-  automatically restored the next time that the firewall is restarted.</li>
+be    automatically restored the next time that the firewall is restarted.</li>
   <li>show dynamic - displays the dynamic blacklisting configuration.</li>
 </ul>
 <p>Example 1:</p>
 <pre>     shorewall deny 192.0.2.124 192.0.2.125</pre>
-<p>&nbsp;&nbsp;&nbsp; Drops packets from hosts 192.0.2.124 and 192.0.2.125</p>
+ 
 <p>    Drops packets from hosts 192.0.2.124 and 192.0.2.125</p>
 <p>Example 2:</p>
 <pre>     shorewall allow 192.0.2.125</pre>
-<p>&nbsp;&nbsp;&nbsp; Reenables access from 192.0.2.125.</p>
+ 
-<p><font size="2">Last updated 6/16/2002 - <a href="support.htm">Tom
+<p>    Reenables access from 192.0.2.125.</p>
-Eastep</a></font></p>
+ 
 <p><font size="2">Last updated 9/16/2002 - <a href="support.htm">Tom Eastep</a></font></p>
 <p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font>
-© <font size="2">2002 Thomas M. Eastep.</font></a></font></p>
+ © <font size="2">2002 Thomas M. Eastep.</font></a></font></p>
-
+  <br>
 </body>
 </html>
--- a/Shorewall-docs/download.htm
+++ b/Shorewall-docs/download.htm
@ -1,75 +1,95 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
 <head>
-<meta http-equiv="Content-Language" content="en-us">
+ 
-<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
+  <meta http-equiv="Content-Language" content="en-us">
-<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
+ 
-<meta name="ProgId" content="FrontPage.Editor.Document">
+  <meta http-equiv="Content-Type"
-<title>Download</title>
+ content="text/html; charset=windows-1252">
  <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
  <meta name="ProgId" content="FrontPage.Editor.Document">
  <title>Download</title>
 </head>
  <body>
-<body>
+<table border="0" cellpadding="0" cellspacing="0"
-
+ style="border-collapse: collapse;" bordercolor="#111111" width="100%"
-<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+ id="AutoNumber1" bgcolor="#400169" height="90">
   <tbody>
    <tr>
     <td width="100%">     
-    <h1 align="center"><font color="#FFFFFF">Shorewall Download</font></h1>
+      <h1 align="center"><font color="#ffffff">Shorewall Download</font></h1>
     </td>
   </tr>
  </tbody>
 </table>
-      <p><b>I strongly urge you to read and print a copy of the
+<p><b>I strongly urge you to read and print a copy of the       <a
-      <a href="shorewall_quickstart_guide.htm">Shorewall QuickStart Guide</a> 
+ href="shorewall_quickstart_guide.htm">Shorewall QuickStart Guide</a>   
    for the configuration that most closely matches your own.</b></p>
-      <p>Once you've done that, download <u>     one</u> of the modules:</p>
+<p>Once you've done that, download <u>     one</u> of the modules:</p>
 <ul>
-  <li>If you run a <b>RedHat</b>, <b>SuSE, Mandrake</b>, <b>             Linux PPC</b> or
+   <li>If you run a <b>RedHat</b>, <b>SuSE, Mandrake</b>, <b>           
-    <b> TurboLinux</b> distribution
+ Linux PPC</b> or     <b> TurboLinux</b> distribution     with a 2.4 kernel,
-    with a 2.4 kernel, you can use the  RPM version (note: the      
+you can use the  RPM version (note: the             RPM should also work
-      RPM should also work with other distributions that             store
+with other distributions that             store init scripts in /etc/init.d
-init scripts in /etc/init.d and that             include chkconfig or insserv).
+and that             include chkconfig or insserv). If you find that it works
-If you find that it works in other cases, let <a href="mailto:teastep@shorewall.net">
+in other cases, let <a href="mailto:teastep@shorewall.net">     me</a>  
-    me</a>
+             know so that I can mention them here. See the   <a
-               know so that I can mention them here. See the
+ href="Install.htm">Installation Instructions</a> if you have problems  
  <a href="Install.htm">Installation Instructions</a> if you have problems 
 installing the RPM.</li>
-  <li>If you are running LRP, download the .lrp file (you might also want to
+   <li>If you are running LRP, download the .lrp file (you might also want
-    download the .tgz so you will have a copy of the documentation).</li>
+to     download the .tgz so you will have a copy of the documentation).</li>
   <li>If you run <a href="http://www.debian.org"><b>Debian</b></a> and would 
-    like a .deb package, Shorewall is in both the
+    like a .deb package, Shorewall is in both the    <a
-   <a href="http://packages.debian.org/testing/net/shorewall.html">Debian 
+ href="http://packages.debian.org/testing/net/shorewall.html">Debian    
-   Testing Branch</a> and the
+Testing Branch</a> and the    <a
-   <a href="http://packages.debian.org/unstable/net/shorewall.html">Debian 
+ href="http://packages.debian.org/unstable/net/shorewall.html">Debian   
 Unstable Branch</a>.</li>
   <li>Otherwise, download the <i>shorewall</i>             module (.tgz)</li>
 </ul>
-<p>The documentation in HTML format is included in the .tgz and .rpm files and 
+ 
-there is an documentation .deb that also contains the documentation.</p>
+<p>The documentation in HTML format is included in the .tgz and .rpm files
-      <p>Please verify the version that you have 
+and  there is an documentation .deb that also contains the documentation.</p>
-      downloaded -- during the release of a new version of Shorewall, the links 
+       
-      below may  point to a newer or an older version than is shown below.</p>
+<p>Please verify the version that you have        downloaded -- during the
 release of a new version of Shorewall, the links        below may  point
 to a newer or an older version than is shown below.</p>
 <ul>
-  <li>RPM - &quot;rpm -qip LATEST.rpm&quot;</li>
+   <li>RPM - "rpm -qip LATEST.rpm"</li>
-  <li>TARBALL - &quot;tar -ztf LATEST.tgz&quot; (the directory 
+   <li>TARBALL - "tar -ztf LATEST.tgz" (the directory    name will contain
-  name will contain the version)</li>
+the version)</li>
-  <li>LRP - &quot;mkdir Shorewall.lrp; cd Shorewall.lrp; tar 
+   <li>LRP - "mkdir Shorewall.lrp; cd Shorewall.lrp; tar    -zxf &lt;downloaded
-  -zxf &lt;downloaded .lrp&gt;; cat var/lib/lrpkg/shorwall.version&quot; </li>
+.lrp&gt;; cat var/lib/lrpkg/shorwall.version" </li>
 </ul>
-      <p><font face="Arial">Once you have verified the 
+       
-      version, check the </font><font color="#ff0000" face="Arial"> <a href="errata.htm"> errata</a></font><font face="Arial">
+<p><font face="Arial">Once you have verified the        version, check the
-         to see if there are updates that apply to the version that you have 
+</font><font color="#ff0000" face="Arial"> <a href="errata.htm"> errata</a></font><font
-     downloaded.</font></p>
+ face="Arial">          to see if there are updates that apply to the version
-<p><font color="#FF0000" face="Arial"><b>WARNING - YOU CAN <u>NOT</u> SIMPLY INSTALL THE RPM 
+that you have       downloaded.</font></p>
-AND ISSUE A &quot;shorewall start&quot; COMMAND. SOME CONFIGURATION IS REQUIRED BEFORE THE 
+ 
-FIREWALL WILL START. IF YOU ISSUE A &quot;start&quot; COMMAND AND THE FIREWALL FAILS TO 
+<p><font color="#ff0000" face="Arial"><b>WARNING - YOU CAN <u>NOT</u> SIMPLY
-START, YOUR SYSTEM WILL NO LONGER ACCEPT ANY NETWORK TRAFFIC. IF THIS HAPPENS, 
+INSTALL THE RPM  AND ISSUE A "shorewall start" COMMAND. SOME CONFIGURATION
-ISSUE A &quot;shorewall clear&quot; COMMAND TO RESTORE NETWORK CONNECTIVITY.</b></font></p>
+IS REQUIRED BEFORE THE  FIREWALL WILL START. IF YOU ISSUE A "start" COMMAND
-<p>Download Latest Version (<b>1.3.7</b>): <b>Remember that updates to the mirrors 
+AND THE FIREWALL FAILS TO  START, YOUR SYSTEM WILL NO LONGER ACCEPT ANY NETWORK
-occur 1-12 hours after an update to the primary site.</b></p>
+TRAFFIC. IF THIS HAPPENS,  ISSUE A "shorewall clear" COMMAND TO RESTORE NETWORK
 CONNECTIVITY.</b></font></p>
 <p>Download Latest Version (<b>1.3.8</b>): <b>Remember that updates to the
 mirrors  occur 1-12 hours after an update to the primary site.</b></p>
 <blockquote>   
-  <table border="2" cellspacing="3" cellpadding="3" style="border-collapse: collapse">
+  <table border="2" cellspacing="3" cellpadding="3"
 style="border-collapse: collapse;">
     <tbody>
      <tr>
       <td><b>SERVER LOCATION</b></td>
       <td><b>DOMAIN</b></td>
@ -79,86 +99,132 @@ occur 1-12 hours after an update to the primary site.</b></p>
     <tr>
       <td>Washington State, USA</td>
       <td>Shorewall.net</td>
-      <td><a href="http://www.shorewall.net/pub/shorewall/LATEST.rpm">Download .rpm</a><br>
+       <td><a href="http://www.shorewall.net/pub/shorewall/LATEST.rpm">Download
 .rpm</a><br>
         <a href="http://www.shorewall.net/pub/shorewall/LATEST.tgz">Download 
-        .tgz</a>&nbsp;<br>
+        .tgz</a> <br>
         <a href="http://www.shorewall.net/pub/shorewall/LATEST.lrp">Download 
        .lrp</a></td>
-      <td><a href="ftp://ftp.shorewall.net/pub/shorewall/LATEST.rpm" target="_blank">
+       <td><a href="ftp://ftp.shorewall.net/pub/shorewall/LATEST.rpm"
-      Download .rpm</a>&nbsp;<br>
+ target="_blank">       Download .rpm</a> <br>
-        <a href="ftp://ftp.shorewall.net/pub/shorewall/LATEST.tgz" target="_blank">Download
+         <a href="ftp://ftp.shorewall.net/pub/shorewall/LATEST.tgz"
-        .tgz</a>&nbsp;<br>
+ target="_blank">Download         .tgz</a> <br>
-        <a href="ftp://ftp.shorewall.net/pub/shorewall/LATEST.lrp" target="_blank">Download
+         <a href="ftp://ftp.shorewall.net/pub/shorewall/LATEST.lrp"
-        .lrp</a></td>
+ target="_blank">Download         .lrp</a></td>
     </tr>
     <tr>
       <td>Slovak Republic</td>
       <td>Shorewall.net</td>
-      <td><a href="http://slovakia.shorewall.net/pub/shorewall/LATEST.rpm">Download .rpm</a><br>
+       <td><a
-        <a href="http://slovakia.shorewall.net/pub/shorewall/LATEST.tgz">Download
+ href="http://slovakia.shorewall.net/pub/shorewall/LATEST.rpm">Download .rpm</a><br>
-        .tgz</a>&nbsp;<br>
+         <a
-        <a href="http://slovakia.shorewall.net/pub/shorewall/LATEST.lrp">Download
+ href="http://slovakia.shorewall.net/pub/shorewall/LATEST.tgz">Download 
       .tgz</a> <br>
         <a
 href="http://slovakia.shorewall.net/pub/shorewall/LATEST.lrp">Download 
       .lrp</a></td>
-      <td>
+       <td>       <a target="_blank"
-      <a target="_blank" href="ftp://slovakia.shorewall.net/mirror/shorewall/LATEST.rpm">Download .rpm</a>&nbsp;&nbsp;<br>
+ href="ftp://slovakia.shorewall.net/mirror/shorewall/LATEST.rpm">Download
-        <a target="_blank" href="ftp://slovakia.shorewall.net/mirror/shorewall/LATEST.tgz">Download
+.rpm</a>  <br>
-        .tgz</a>&nbsp;<br>
+         <a target="_blank"
-        <a target="_blank" href="ftp://slovakia.shorewall.net/mirror/shorewall/LATEST.lrp">Download
+ href="ftp://slovakia.shorewall.net/mirror/shorewall/LATEST.tgz">Download 
        .tgz</a> <br>
         <a target="_blank"
 href="ftp://slovakia.shorewall.net/mirror/shorewall/LATEST.lrp">Download 
        .rpm</a></td>
     </tr>
     <tr>
       <td>Texas, USA</td>
       <td>Infohiiway.com</td>
-      <td><a href="http://shorewall.infohiiway.com/pub/shorewall/LATEST.rpm">Download .rpm</a><br>
+       <td><a
-        <a href="http://shorewall.infohiiway.com/pub/shorewall/LATEST.tgz">Download
+ href="http://shorewall.infohiiway.com/pub/shorewall/LATEST.rpm">Download
-        .tgz</a>&nbsp;<br>
+.rpm</a><br>
-        <a href="http://shorewall.infohiiway.com/pub/shorewall/LATEST.lrp">Download
+         <a
 href="http://shorewall.infohiiway.com/pub/shorewall/LATEST.tgz">Download 
        .tgz</a> <br>
         <a
 href="http://shorewall.infohiiway.com/pub/shorewall/LATEST.lrp">Download 
        .lrp</a></td>
-      <td>
+       <td>       <a target="_blank"
-      <a target="_blank" href="ftp://ftp.infohiiway.com/pub/shorewall/LATEST.rpm">Download .rpm</a>&nbsp;&nbsp;<br>
+ href="ftp://ftp.infohiiway.com/pub/shorewall/LATEST.rpm">Download .rpm</a>  <br>
-        <a target="_blank" href="ftp://ftp.infohiiway.com/pub/shorewall/LATEST.tgz">Download
+         <a target="_blank"
-        .tgz</a>&nbsp;<br>
+ href="ftp://ftp.infohiiway.com/pub/shorewall/LATEST.tgz">Download      
-        <a target="_blank" href="ftp://ftp.infohiiway.com/pub/shorewall/LATEST.lrp">Download
+  .tgz</a> <br>
-        .rpm</a></td>
+         <a target="_blank"
 href="ftp://ftp.infohiiway.com/pub/shorewall/LATEST.lrp">       Download
 .lrp</a></td>
     </tr>
     <tr>
       <td>Hamburg, Germany</td>
       <td>Shorewall.net</td>
-      <td><a href="http://germany.shorewall.net/pub/shorewall/LATEST.rpm">
+       <td><a
-      Download .rpm</a><br>
+ href="http://germany.shorewall.net/pub/shorewall/LATEST.rpm">       Download
 .rpm</a><br>
       <a href="http://germany.shorewall.net/pub/shorewall/LATEST.tgz">Download
       .tgz</a><br>
       <a href="http://germany.shorewall.net/pub/shorewall/LATEST.lrp">Download
       .lrp</a></td>
-      <td>
+       <td>       <a target="_blank"
-      <a target="_blank" href="ftp://germany.shorewall.net/pub/shorewall/LATEST.rpm">
+ href="ftp://germany.shorewall.net/pub/shorewall/LATEST.rpm">       Download
-      Download .rpm</a>&nbsp;&nbsp;<br>
+.rpm</a>  <br>
-        <a target="_blank" href="ftp://germany.shorewall.net/pub/shorewall/LATEST.tgz">Download
+         <a target="_blank"
-        .tgz</a>&nbsp;<br>
+ href="ftp://germany.shorewall.net/pub/shorewall/LATEST.tgz">Download   
-        <a target="_blank" href="ftp://germany.shorewall.net/pub/shorewall/LATEST.lrp">Download
+     .tgz</a> <br>
         <a target="_blank"
 href="ftp://germany.shorewall.net/pub/shorewall/LATEST.lrp">Download   
     .lrp</a></td>
     </tr>
     <tr>
       <td>Martinez (Zona Norte - GBA), Argentina</td>
       <td>Correofuego.com.ar</td>
-      <td>
+       <td>       <a target="_blank"
-      <a target="_blank" href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.rpm">Download .rpm</a>&nbsp;&nbsp;<br>
+ href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.rpm">Download
-        <a target="_blank" href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.tgz">Download
+.rpm</a>  <br>
-        .tgz</a>&nbsp;<br>
+         <a target="_blank"
-        <a target="_blank" href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.lrp">
+ href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.tgz">Download 
        .tgz</a> <br>
         <a target="_blank"
 href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.lrp"> 
      Download .lrp</a></td>
-      <td>
+       <td>       <a target="_blank"
-      <a target="_blank" href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.rpm">Download .rpm</a>&nbsp;&nbsp;<br>
+ href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.rpm">Download
-        <a target="_blank" href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.tgz">Download
+.rpm</a>  <br>
-        .tgz</a>&nbsp;<br>
+         <a target="_blank"
-        <a target="_blank" href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.lrp">
+ href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.tgz">Download 
        .tgz</a> <br>
         <a target="_blank"
 href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.lrp"> 
      Download .lrp</a></td>
     </tr>
     <tr>
       <td>Paris, France</td>
       <td>Shorewall.net</td>
       <td><a href="http://france.shorewall.net/pub/LATEST.rpm">Download
 .rpm</a><br>
         <a href="http://france.shorewall.net/pub/LATEST.tgz">Download  
      .tgz</a> <br>
         <a href="http://france.shorewall.net/pub/LATEST.lrp">Download  
      .lrp</a></td>
       <td>       <a target="_blank"
 href="ftp://france.shorewall.net/pub/mirrors/shorewall/LATEST.rpm">Download
 .rpm</a>  <br>
         <a target="_blank"
 href="ftp://france.shorewall.net/pub/mirrors/shorewall/LATEST.tgz">Download 
        .tgz</a> <br>
         <a target="_blank"
 href="ftp://france.shorewall.net/pub/mirrors/shorewall/LATEST.lrp">Download
 .lrp</a></td>
     </tr>
    </tbody>
  </table>
-</blockquote>
+ </blockquote>
 <p>Browse Download Sites:</p>
 <blockquote>   
-  <table border="2" cellpadding="2" style="border-collapse: collapse">
+  <table border="2" cellpadding="2" style="border-collapse: collapse;">
     <tbody>
      <tr>
       <td><b>SERVER LOCATION</b></td>
       <td><b>DOMAIN</b></td>
@ -169,34 +235,45 @@ occur 1-12 hours after an update to the primary site.</b></p>
       <td>Washington State, USA</td>
       <td>Shorewall.net</td>
       <td><a href="http://www.shorewall.net/pub/shorewall/">Browse</a></td>
-      <td><a href="ftp://ftp.shorewall.net/pub/shorewall/" target="_blank">Browse</a></td>
+       <td><a href="ftp://ftp.shorewall.net/pub/shorewall/"
 target="_blank">Browse</a></td>
     </tr>
     <tr>
       <td>Slovak Republic</td>
       <td>Shorewall.net</td>
       <td><a href="http://slovakia.shorewall.net/pub/shorewall/">Browse</a></td>
-      <td>
+       <td>       <a target="_blank"
-      <a target="_blank" href="ftp://slovakia.shorewall.net/mirror/shorewall/">Browse</a></td>
+ href="ftp://slovakia.shorewall.net/mirror/shorewall/">Browse</a></td>
     </tr>
     <tr>
       <td>Texas, USA</td>
       <td>Infohiiway.com</td>
       <td><a href="http://shorewall.infohiiway.com/pub/shorewall">Browse</a></td>
-      <td><a target="_blank" href="ftp://ftp.infohiiway.com/pub/shorewall/">Browse</a></td>
+       <td><a target="_blank"
 href="ftp://ftp.infohiiway.com/pub/shorewall/">Browse</a></td>
     </tr>
     <tr>
       <td>Hamburg, Germany</td>
       <td>Shorewall.net</td>
       <td><a href="http://germany.shorewall.net/pub/shorewall/">Browse</a></td>
-      <td><a target="_blank" href="ftp://germany.shorewall.net/pub/shorewall">Browse</a></td>
+       <td><a target="_blank"
 href="ftp://germany.shorewall.net/pub/shorewall">Browse</a></td>
     </tr>
     <tr>
       <td>Martinez (Zona Norte - GBA), Argentina</td>
       <td>Correofuego.com.ar</td>
-      <td><a href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall">Browse</a></td>
+       <td><a
-      <td>
+ href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall">Browse</a></td>
-      <a target="_blank" href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall">
+       <td>       <a target="_blank"
-      Browse</a></td>
+ href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall">       Browse</a></td>
     </tr>
     <tr>
       <td>France</td>
       <td>Shorewall.net</td>
       <td><a
 href="http://france.shorewall.net/pub/shorewall/LATEST.lrp">Browse</a></td>
       <td>       <a target="_blank"
 href="ftp://france.shorewall.net/pub/mirrors/shorewall/">Browse</a></td>
     </tr>
     <tr>
       <td>California, USA (Incomplete)</td>
@ -204,24 +281,25 @@ occur 1-12 hours after an update to the primary site.</b></p>
       <td><a href="http://sourceforge.net/projects/shorewall">Browse</a></td>
       <td>N/A</td>
     </tr>
    </tbody>
  </table>
-</blockquote>
+ </blockquote>
 <p align="left">CVS:</p>
 <blockquote> 
-<p align="left">The
+  <p align="left">The <a target="_top"
-<a target="_top" href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">CVS 
+ href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">CVS  repository at
-repository at cvs.shorewall.net</a> contains the latest snapshots of the each 
+cvs.shorewall.net</a> contains the latest snapshots of the each  Shorewall
-Shorewall component. There's no guarantee that what you find there will work at 
+component. There's no guarantee that what you find there will work at  all.</p>
-all.</p>
+  </blockquote>
-</blockquote>
+<p align="left"><font size="2">Last Updated 9/2/2002 - <a
-<p align="left"><font size="2">Last Updated 8/22/2002 - <a href="support.htm">Tom
+ href="support.htm">Tom Eastep</a></font></p>
 Eastep</a></font></p>
 <p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font>
-© <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></p>
+ © <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></p>
-
+  <br>
 </body>
 </html>
--- a/Shorewall-docs/errata.htm
+++ b/Shorewall-docs/errata.htm
@ -63,17 +63,17 @@ dos2unix</a></u>
 </ol>
 <ul>
-   <li><b><a href="#Upgrade">Upgrade Issues</a></b></li>
+   <li><b><a href="upgrade_issues.htm">Upgrade Issues</a></b></li>
   <li>
-          <b><font color="#660066">
+          <b><a href="#V1.3">Problems in Version 1.3</a></b></li>
 <a href="errata_1.htm">Problems in Version 1.1</a></font></b></li>
   <li>
          <b><a href="errata_2.htm">Problems in Version 1.2</a></b></li>
   <li>
-          <b><a href="#V1.3">Problems in Version 1.3</a></b></li>
+          <b><font color="#660066">
 <a href="errata_1.htm">Problems in Version 1.1</a></font></b></li>
   <li>
          <b><font color="#660066"><a href="#iptables">
@ -88,113 +88,67 @@ dos2unix</a></u>
 </ul>
 <hr>
          <h2 align="Left"><a name="Upgrade"></a>Upgrade Issues</h2>
                              <h3>Version &gt;= 1.3.7</h3>
                              <p>Users specifying ALLOWRELATED=No in 
                              /etc/shorewall.conf will need to include the 
                              following rules in their /etc/shorewall/icmpdef 
                              file (creating this file if necessary):</p>
                              <pre>	run_iptables -A icmpdef -p ICMP --icmp-type echo-reply -j ACCEPT
 	run_iptables -A icmpdef -p ICMP --icmp-type source-quench -j ACCEPT
 	run_iptables -A icmpdef -p ICMP --icmp-type destination-unreachable -j ACCEPT
 	run_iptables -A icmpdef -p ICMP --icmp-type time-exceeded -j ACCEPT
 	run_iptables -A icmpdef -p ICMP --icmp-type parameter-problem -j ACCEPT</pre>
 <p>Users having an /etc/shorewall/icmpdef file may remove the &quot;. 
 /etc/shorewall/icmp.def&quot; command from that file since the icmp.def file is now 
 empty.</p>
 <h3><b><a name="Bering">Upgrading </a>Bering to 
                              Shorewall &gt;= 1.3.3</b></h3>
                              <p>To properly upgrade with Shorewall version 
                              1.3.3 and later:</p>
                              <ol>
                                <li>Be sure you have a backup -- you will need 
                                to transcribe any Shorewall configuration 
                                changes that you have made to the new 
                                configuration.</li>
                                <li>Replace the shorwall.lrp package provided on 
                                the Bering floppy with the later one. If you did 
                                not obtain the later version from Jacques's 
                                site, see additional instructions below.</li>
                                <li>Edit the /var/lib/lrpkg/root.exclude.list 
                                file and remove the /var/lib/shorewall entry if 
                                present. Then do not forget to backup root.lrp !</li>
 </ol>
 <p>The .lrp that I release isn't set up for a two-interface firewall like 
 Jacques's. You need to follow the <a href="two-interface.htm">instructions for 
 setting up a two-interface firewall</a> plus you also need to add the following 
 two Bering-specific rules to /etc/shorewall/rules:</p>
 <blockquote>
   <pre># Bering specific rules:
 # allow loc to fw udp/53 for dnscache to work
 # allow loc to fw tcp/80 for weblet to work
 #
 ACCEPT loc fw udp 53
 ACCEPT loc fw tcp 80</pre>
 </blockquote>
          <h3 align="Left">Version &gt;= 1.3.6</h3>
          <p align="Left">If you have a pair of firewall systems configured for 
          failover, you will need to modify your firewall setup slightly under 
          Shorewall versions &gt;= 1.3.6. </p>
          <ol>
            <li>
          <p align="Left">Create the file /etc/shorewall/newnotsyn and in it add 
          the following rule<br>
          <br>
          <font face="Courier">run_iptables -A newnotsyn -j RETURN # So that the 
          connection tracking table can be rebuilt<br>
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
          # from non-SYN packets after takeover.<br>
 &nbsp;</font></li>
 <li>
          <p align="Left">Create /etc/shorewall/common (if you don't already 
          have that file) and include the following:<br>
          <br>
          <font face="Courier">run_iptables -A common -p tcp --tcp-flags 
          ACK,FIN,RST ACK -j ACCEPT #Accept Acks to rebuild connection<br>
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
          #tracking table. <br>
          . /etc/shorewall/common.def</font></li>
 </ol>
          <h3 align="Left">Versions &gt;= 1.3.5</h3>
          <p align="Left">Some forms of pre-1.3.0 rules file syntax are no 
          longer supported. </p>
          <p align="Left">Example 1:</p>
          <div align="left">
            <pre>	ACCEPT    net    loc:192.168.1.12:22    tcp    11111    -    all</pre>
 </div>
          <p align="Left">Must be replaced with:</p>
          <div align="left">
            <pre>	DNAT	net	loc:192.168.1.12:22	tcp	11111</pre>
 </div>
 <div align="left">
   <p align="left">Example 2:</div>
 <div align="left">
   <pre>	ACCEPT	loc	fw::3128	tcp	80	-	all</pre>
 </div>
 <div align="left">
   <p align="left">Must be replaced with:</div>
 <div align="left">
   <pre>	REDIRECT	loc	3128	tcp	80</pre>
 </div>
          <h2 align="Left"><a name="V1.3"></a>Problems in Version 1.3</h2>
                              <h3>Version 1.3.7b</h3>
                              <p>DNAT rules where the source zone is 'fw' ($FW) 
                              result in an error message. Installing
                              <a href="http://www.shorewall.net/pub/shorewall/errata/1.3.7/firewall">
                              this corrected firewall script</a> in /var/lib/shorewall/firewall 
                              as described above corrects this problem.</p>
                              <h3>Version 1.3.7a</h3>
                              <p>&quot;shorewall refresh&quot; is not creating the proper 
                              rule for FORWARDPING=Yes. Consequently, after 
                              &quot;shorewall refresh&quot;, the firewall will not forward 
                              icmp echo-request (ping) packets. Installing
                              <a href="http://www.shorewall.net/pub/shorewall/errata/1.3.7/firewall">
                              this corrected firewall script</a> in /var/lib/shorewall/firewall 
                              as described above corrects this problem.</p>
                              <h3>Version &lt;= 1.3.7a</h3>
                              <p>If &quot;norfc1918&quot; and &quot;dhcp&quot; are both specified as 
                              options on a given interface then RFC 1918 
                              checking is occurring before DHCP checking. This 
                              means that if a DHCP client broadcasts using an 
                              RFC 1918 source address, then the firewall will 
                              reject the broadcast (usually logging it). This 
                              has two problems:</p>
                              <ol>
                                <li>If the firewall is running a DHCP server, 
                                the client won't be able to obtain an IP address 
                                lease from that server.</li>
                                <li>With this order of checking, the &quot;dhcp&quot; 
                                option cannot be used as a noise-reduction 
                                measure where there are both dynamic and static 
                                clients on a LAN segment.</li>
 </ol>
                              <p>
                              <a href="http://www.shorewall.net/pub/shorewall/errata/1.3.7/firewall">
                              This version of the 1.3.7a firewall script </a>
                              corrects the problem. It must be installed in /var/lib/shorewall 
                              as described above.</p>
                              <h3>Version 1.3.7</h3>
                              <p>Version 1.3.7 dead on arrival -- please use 
                              version 1.3.7a and check your version against 
                              these md5sums -- if there's a difference, please 
                              download again.</p>
                              <pre>	d2fffb7fb99bcc6cb047ea34db1df10 shorewall-1.3.7a.tgz
 	6a7fd284c8685b2b471a2f47b469fb94 shorewall-1.3.7a-1.noarch.rpm
 	3decd14296effcff16853106771f7035 shorwall-1.3.7a.lrp</pre>
 <p>In other words, type &quot;md5sum &lt;<i>whatever package you downloaded</i>&gt; and 
 compare the result with what you see above.</p>
 <p>I'm embarrassed to report that 1.2.7 was also DOA -- maybe I'll skip the .7 
 version in each sequence from now on.</p>
          <h3 align="Left">Version 1.3.6</h3>
          <ul>
@ -352,6 +306,13 @@ ACCEPT loc fw tcp 80</pre>
          <a href="http://www.shorewall.net/pub/shorewall/errata/1.3.0/NAT.htm">
          corrected version is here</a>.</li>
 </ul>
 <hr>
          <h2 align="Left"><a name="Upgrade"></a>Upgrade Issues</h2>
          <p align="Left">The upgrade issues have moved to
          <a href="upgrade_issues.htm">a separate page</a>.</p>
 <hr>
        <h3 align="Left"><a name="iptables"></a><font color="#660066">
@ -435,9 +396,9 @@ Aborted (core dumped)
                              installed, simply use the &quot;--nodeps&quot; option to 
                              rpm.</p>
-                              <p>Installing: rpm -ivh <i>&lt;shorewall rpm&gt;</i></p>
+                              <p>Installing: rpm -ivh --nodeps <i>&lt;shorewall rpm&gt;</i></p>
-                              <p>Upgrading: rpm -Uvh <i>&lt;shorewall rpm&gt;</i></p>
+                              <p>Upgrading: rpm -Uvh --nodeps <i>&lt;shorewall rpm&gt;</i></p>
                              <h3><a name="Multiport"></a><b>Problems with 
                              iptables version 1.2.7 and MULTIPORT=Yes</b></h3>
@ -445,7 +406,8 @@ Aborted (core dumped)
                              <p>The iptables 1.2.7 release of iptables has made 
                              an incompatible change to the syntax used to 
                              specify multiport match rules; as a consequence, 
-                              if you install iptables 1.2.7 you must</p>
+                              if you install iptables 1.2.7 you must be running 
                              Shorewall 1.3.7a or later or:</p>
                              <ul>
                                <li>set MULTIPORT=No in 
@ -457,7 +419,7 @@ Aborted (core dumped)
                                as described above.</li>
 </ul>
 <p><font size="2">
- Last updated 8/22/2002 -
+ Last updated 9/1/2002 -
                              <a href="support.htm">Tom Eastep</a></font> </p>
 <p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font> 
--- a/Shorewall-docs/gnu_mailman.htm
+++ b/Shorewall-docs/gnu_mailman.htm
@ -1,62 +1,76 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
 <head>
-<meta http-equiv="Content-Language" content="en-us">
+ 
-<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
+  <meta http-equiv="Content-Language" content="en-us">
-<meta name="ProgId" content="FrontPage.Editor.Document">
+ 
-<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
+  <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
-<title>GNU Mailman</title>
+ 
  <meta name="ProgId" content="FrontPage.Editor.Document">
  <meta http-equiv="Content-Type"
 content="text/html; charset=windows-1252">
  <title>GNU Mailman</title>
 </head>
  <body>
-<body>
+<table border="0" cellpadding="0" cellspacing="0"
-
+ style="border-collapse: collapse;" bordercolor="#111111" width="100%"
-<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+ id="AutoNumber1" bgcolor="#400169" height="90">
   <tbody>
    <tr>
     <td width="100%">     
-    <h1 align="center"><font color="#FFFFFF">GNU Mailman/Postfix
+      <h1 align="center"><font color="#ffffff">GNU Mailman/Postfix the Easy
-the Easy Way</font></h1>
+Way</font></h1>
     </td>
   </tr>
  </tbody>
 </table>
-<h1 align="center">&nbsp;</h1>
+<h1 align="center"> </h1>
 <h4>The following was posted on the Postfix mailing list on 5/4/2002 by Michael
-Tokarev as a suggested addition to the Postfix FAQ.</h4>
+ Tokarev as a suggested addition to the Postfix FAQ.</h4>
 <p>Q: Mailman does not work with Postfix, complaining about GID mismatch<br>
-<br>
+ <br>
-A: Mailman uses a setgid wrapper that is designed to be used in system-wide 
+ A: Mailman uses a setgid wrapper that is designed to be used in system-wide
-aliases file so that rest of mailman's mail handling processes will run with 
+ aliases file so that rest of mailman's mail handling processes will run
-proper uid/gid. Postfix has an ability to run a command specified in an alias as 
+with  proper uid/gid. Postfix has an ability to run a command specified in
-owner of that alias, thus mailman's wrapper is not needed here. The best method 
+an alias as  owner of that alias, thus mailman's wrapper is not needed here.
-to invoke mailman's mail handling via aliases is to use separate alias file 
+The best method  to invoke mailman's mail handling via aliases is to use
-especially for mailman, and made it owned by mailman and group mailman. Like:<br>
+separate alias file  especially for mailman, and made it owned by mailman
-<br>
+and group mailman. Like:<br>
-alias_maps = hash:/etc/postfix/aliases, hash:/var/mailman/aliases<br>
+ <br>
-<br>
+ alias_maps = hash:/etc/postfix/aliases, hash:/var/mailman/aliases<br>
-Make sure that /var/mailman/aliases.db is owned by mailman user (this may be 
+ <br>
-done by executing postalias as mailman userid).<br>
+ Make sure that /var/mailman/aliases.db is owned by mailman user (this may
-<br>
+be  done by executing postalias as mailman userid).<br>
-Next, instead of using mailman-suggested aliases entries with wrapper, use the 
+ <br>
-following:<br>
+ Next, instead of using mailman-suggested aliases entries with wrapper, use
-<br>
+the  following:<br>
-instead of<br>
+ <br>
-mailinglist: /var/mailman/mail/wrapper post mailinglist<br>
+ instead of<br>
-mailinglist-admin: /var/mailman/mail/wrapper mailowner mailinglist<br>
+ mailinglist: /var/mailman/mail/wrapper post mailinglist<br>
-mailinglist-request: /var/mailman/mail/wrapper mailcmd mailinglist<br>
+ mailinglist-admin: /var/mailman/mail/wrapper mailowner mailinglist<br>
-...<br>
+ mailinglist-request: /var/mailman/mail/wrapper mailcmd mailinglist<br>
-<br>
+ ...<br>
-use<br>
+ <br>
-mailinglist: /var/mailman/scripts/post mailinglist<br>
+ use<br>
-mailinglist-admin: /var/mailman/scripts/mailowner mailinglist<br>
+ mailinglist: /var/mailman/scripts/post mailinglist<br>
-mailinglist-request: /var/mailman/scripts/mailcmd mailinglist<br>
+ mailinglist-admin: /var/mailman/scripts/mailowner mailinglist<br>
-...</p>
+ mailinglist-request: /var/mailman/scripts/mailcmd mailinglist<br>
-<h4>The Shorewall mailing lists are currently running Postfix 1.1.7 together 
+ ...</p>
 with the stock RedHat Mailman-2.0.8 RPM configured as shown above.</h4>
 <p align="left"><font size="2">Last updated 5/4/2002 - <a href="support.htm">Tom
 Eastep</a></font></p>
 <p align="left"><font face="Trebuchet MS"><a href="copyright.htm">
 <font size="2">Copyright</font> © <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></p>
 <h4>The Shorewall mailing lists are currently running Postfix 1.1.11 together
 with the stock RedHat Mailman-2.0.13 RPM configured as shown above.</h4>
 <p align="left"><font size="2">Last updated 9/14/2002 - <a
 href="support.htm">Tom Eastep</a></font></p>
 <p align="left"><font face="Trebuchet MS"><a href="copyright.htm"> <font
 size="2">Copyright</font> © <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></p>
  <br>
 </body>
 </html>
--- a/Shorewall-docs/mailing_list.htm
+++ b/Shorewall-docs/mailing_list.htm
@ -6,16 +6,18 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Shorewall Mailing Lists</title>
-<meta name="Microsoft Theme" content="boldstri 011">
+<meta name="Microsoft Theme" content="none">
 </head>
 <body>
-<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><a href="http://www.gnu.org/software/mailman/mailman.html">
 <img border="0" src="images/logo-sm.jpg" align="left" hspace="5" width="110" height="35"></a><a href="http://www.postfix.org/"><img src="images/small-picture.gif" align="right" border="0" width="115" height="45"></a><font color="#FFFFFF">Shorewall Mailing Lists</font></h1>
    <p align="right"><font color="#FFFFFF"><b>Powered by Postfix&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
    </b></font>
    </td>
  </tr>
 </table>
--- a/Shorewall-docs/mailing_list_problems.htm
+++ b/Shorewall-docs/mailing_list_problems.htm
@ -26,6 +26,7 @@ to at least one address in each of the following domains:</h2>
    <pre>2020ca - delivery to this domain has been disabled (cause unknown)
 excite.com - delivery to this domain has been disabled (cause unknown)
 epacificglobal.com - delivery to this domain has been disabled (no MX record for domain)
 familie-fleischhacker.de - (connection timed out)
 gmx.net - delivery to this domain has been disabled (cause unknown)
 hotmail.com - delivery to this domain has been disabled (Mailbox over quota)
 intercom.net - delivery to this domain has been disabled (cause unknown)
@ -33,6 +34,7 @@ initialcs.com - delivery to this domain has been disabled (cause unknown)
 intelligents.2y.net - delivery to this domain has been disabled (Name Service Problem -- Host not Found).
 khp-inc.com - delivery to this domain has been disabled (anti-virus problems)
 kieninger.de - delivery to this domain has been disabled (relaying to &lt;xxxxx@kieninger.de&gt; prohibited by administrator)
 littleblue.de - (connection timed out)
 opermail.net - delivery to this domain has been disabled (cause unknown)
 penquindevelopment.com - delivery to this domain has been disabled (connection timed out)
 scip-online.de - delivery to this domain has been disabled (cause unknown)
@ -42,7 +44,7 @@ yahoo.com - delivery to this domain has been disabled (Mailbox over quota)</pre>
  </div>
 </blockquote>
-<p align="left"><font size="2">Last updated 7/26/2002 19:39 GMT -
+<p align="left"><font size="2">Last updated 8/23/2002 17:16 GMT -
 <a href="support.htm">Tom
 Eastep</a></font></p>
--- a/Shorewall-docs/myfiles.htm
+++ b/Shorewall-docs/myfiles.htm
@ -2,296 +2,164 @@
 <html>
 <head>
-  <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
+  <meta http-equiv="Content-Type"
 content="text/html; charset=windows-1252">
  <title>My Shorewall Configuration</title>
  <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
  <meta name="ProgId" content="FrontPage.Editor.Document">
  <meta name="Microsoft Theme" content="none">
 </head>
  <body>
-      <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+       
 <table border="0" cellpadding="0" cellspacing="0"
 style="border-collapse: collapse;" width="100%" id="AutoNumber1"
 bgcolor="#400169" height="90">
         <tbody>
    <tr>
           <td width="100%">           
-          <h1 align="center"><font color="#FFFFFF">About My Network</font></h1>
+      <h1 align="center"><font color="#ffffff">About My Network</font></h1>
           </td>
         </tr>
      </table>
-                      <blockquote> </blockquote>
+  </tbody>
 </table>
-                        <h1>My Current Network </h1>
+<blockquote> </blockquote>
-                        <blockquote> 
+<h1>My Current Network </h1>
-                          <p>
+                           
-I have DSL service and have 5 static IP addresses (206.124.146.176-180).
+<blockquote>                            
-My DSL   "modem" (<a href="http://www.fujitsu.com">Fujitsu</a> Speedport) is connected to eth0. I have
+  <p> I have DSL service and have 5 static IP addresses (206.124.146.176-180). 
-a local network connected to eth2 (subnet 192.168.1.0/24)   and a DMZ connected
+My DSL   "modem" (<a href="http://www.fujitsu.com">Fujitsu</a> Speedport)
-to eth1 (192.168.2.0/24). </p>
+is connected to eth0. I have a local network connected to eth2 (subnet 192.168.1.0/24)
-                          <p>
+  and a DMZ connected to eth1 (192.168.2.0/24). </p>
-I use Static NAT for all internal systems (those connected to the switch) except my Wife's system (tarry) 
+                           
-and the Wireless Access Point (wap) which are  
+  <p> I use:<br>
-masqueraded through the primary gateway address (206.124.146.176).</p>
+  </p>
-                          <p>
+  <ul>
-The firewall runs on a 128MB PII/233 with RH7.2 and Kernel 2.4.19.</p>
+    <li>Static NAT for ursa (my XP System) - Internal address 192.168.1.5
-                          <p>
+and external address 206.124.146.178.</li>
-My personal GNU/Linux System (wookie) is 192.168.1.3 and my personal Windows XP system (ursa) 
+    <li>Proxy ARP for wookie (my Linux System). This system has two IP addresses:
-is 192.168.1.5. Wookie 
+192.168.1.3/24 and 206.124.146.179/24.</li>
-runs Samba and acts as the a WINS server.&nbsp; Wookie is in its own 'whitelist' zone 
+    <li>SNAT through the primary gateway address (206.124.146.176) for  my
-called 'me'.</p>
+Wife's system (tarry)  and the Wireless Access Point (wap)</li>
-                          <p>
+  </ul>
-My laptop (eastept1) is connected to eth3 using a cross-over cable. It runs its own <a href="http://www.sygate.com">
+                           
-Sygate</a> firewall software and is managed by Proxy ARP. It connects to the 
+  <p> The firewall runs on a 128MB PII/233 with RH7.2 and Kernel 2.4.19.</p>
-local network through the PopTop server running on my firewall. </p>
+                           
-                          <p>
+  <p> Wookie  runs Samba and acts as the a WINS server.  Wookie is in its
-The single system in the DMZ (address 206.124.146.177) runs postfix, Courier 
+own 'whitelist' zone  called 'me'.</p>
-IMAP (imaps and pop3), DNS, a Web server (Apache) and an FTP server
+                           
  <p> My laptop (eastept1) is connected to eth3 using a cross-over cable.
 It runs its own <a href="http://www.sygate.com"> Sygate</a> firewall software
 and is managed by Proxy ARP. It connects to the  local network through the
 PopTop server running on my firewall. </p>
  <p> The single system in the DMZ (address 206.124.146.177) runs postfix,
 Courier  IMAP (imaps and pop3), DNS, a Web server (Apache) and an FTP server 
 (Pure-ftpd). The system   also runs fetchmail to fetch our email from our 
 old and current ISPs. That server is managed through Proxy ARP.</p>
-                          <p>
+                           
-The firewall system itself runs a DHCP server that serves the local   network.</p>
+  <p> The firewall system itself runs a DHCP server that serves the local
-                          <p>
+  network.</p>
-All administration and publishing is done using ssh/scp.</p>
+                           
-                          <p>
+  <p> All administration and publishing is done using ssh/scp.</p>
-I run an SNMP server on my firewall to serve <a href="http://www.ee.ethz.ch/%7Eoetiker/webtools/mrtg/">
+                           
-MRTG</a> running in the DMZ.</p>
+  <p> I run an SNMP server on my firewall to serve <a
-                          <p align="center">
+ href="http://www.ee.ethz.ch/%7Eoetiker/webtools/mrtg/"> MRTG</a> running
-                          <img border="0" src="images/network.png" width="764" height="846"></p>
+in the DMZ.</p>
-                          <p>&nbsp;</p>
+                           
  <p align="center">                           <img border="0"
 src="images/network.png" width="764" height="846">
  </p>
  <p> </p>
  <p>The ethernet interface in the Server is configured                 
         with IP address 206.124.146.177, netmask                       
    255.255.255.0. The server's default gateway is                      
     206.124.146.254 (Router at my ISP. This is the same                
           default gateway used by the firewall itself). On the firewall, 
                          Shorewall automatically adds a host route to  
-                          206.124.146.177 through eth1 (192.168.2.1) because of
+                        206.124.146.177 through eth1 (192.168.2.1) because
-                          the entry in /etc/shorewall/proxyarp (see below).</p>
+of                           the entry in /etc/shorewall/proxyarp (see below).</p>
  <p>A similar setup is used on eth3 (192.168.3.1) which                
           interfaces to my laptop (206.124.146.180).</p>
                          <p><font color="#ff0000" size="5">
                          Note: My files  use features not available before 
                          Shorewall version 1.3.4.</font></p>
 </blockquote>
                          <h3>Shorewall.conf</h3>
  <pre>	SUBSYSLOCK=/var/lock/subsys/shorewall
 	STATEDIR=/var/state/shorewall
 	LOGRATE=
 	LOGBURST=
 	ADD_IP_ALIASES=&quot;Yes&quot;
 	CLAMPMSS=Yes
 	MULTIPORT=Yes</pre>
  <h3>Zones File:</h3>
  <pre><font face="Courier" size="2">	#ZONE 	DISPLAY 	COMMENTS
 	net	Internet	Internet
 	me	Eastep		My Workstation
 	loc	Local		Local networks
 	dmz	DMZ		Demilitarized zone
 	tx	Texas		Peer Network in Dallas Texas
 	#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE</font></pre>
  <h3>Interfaces File: </h3>
                            <blockquote> 
                              <p>
 This is set up so that I can start the firewall before bringing up my Ethernet 
 interfaces. </p>
  <p><font color="#ff0000" size="5">                           Note: My files
 use features not available before                            Shorewall version
 1.3.4.</font></p>
  </blockquote>
-  <pre><font face="Courier" size="2">	#ZONE    INTERFACE	BROADCAST 	OPTIONS
+<h3>Shorewall.conf</h3>
 	net	eth0 		206.124.146.255	routefilter,norfc1918,blacklist,filterping
 	loc	eth2 		192.168.1.255	dhcp
 	dmz	eth1 		206.124.146.255	-
 	net	eth3		206.124.146.255 norfc1918
 	-	texas 		-
 	loc	ppp+
 	#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</font></pre>
  <h3>Hosts File: </h3>
-  <pre><font face="Courier" size="2">	#ZONE 		HOST(S)			OPTIONS
+<pre>	SUBSYSLOCK=/var/lock/subsys/shorewall<br>	STATEDIR=/var/state/shorewall<br><br>	LOGRATE=<br>	LOGBURST=<br><br>	ADD_IP_ALIASES="Yes"<br><br>	CLAMPMSS=Yes<br><br>	MULTIPORT=Yes</pre>
 	me		eth2:192.168.1.3
 	tx 		texas:192.168.9.0/24
 	#LAST LINE -- ADD YOUR ENTRIES ABOVE -- DO NOT REMOVE</font></pre>
-                                <h3>Routestopped File:</h3>
+<h3>Zones File:</h3>
-  <pre><font face="Courier" size="2">	#INTERFACE	HOST(S)
+<pre><font face="Courier" size="2">	#ZONE 	DISPLAY 	COMMENTS<br>	net	Internet	Internet<br>	me	Eastep		My Workstation<br>	loc	Local		Local networks<br>	dmz	DMZ		Demilitarized zone<br>	tx	Texas		Peer Network in Dallas Texas<br>	#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE</font></pre>
 	eth1		206.124.146.177
 	eth2 		-
 	eth3 		206.124.146.180</font></pre>
  <h3>Common File: </h3>
  <pre><font size="2" face="Courier">	. /etc/shorewall/common.def
 	run_iptables -A common -p udp --sport 53 -mstate --state NEW -j DROP
 	run_iptables -A common -p tcp --dport 113 -j REJECT</font></pre>
-  <h3>Policy File:</h3>
+<h3>Interfaces File: </h3>
-  <pre><font size="2" face="Courier">
+<blockquote>                                
  <p> This is set up so that I can start the firewall before bringing up
 my Ethernet  interfaces. </p>
     </blockquote>
 <pre><font face="Courier" size="2">	#ZONE    INTERFACE	BROADCAST 	OPTIONS<br>	net	eth0 		206.124.146.255	routefilter,norfc1918,blacklist,filterping<br>	loc	eth2 		192.168.1.255	dhcp<br>	dmz	eth1 		206.124.146.255	-<br>	net	eth3		206.124.146.255 norfc1918<br>	-	texas 		-<br>	loc	ppp+<br>	#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</font></pre>
 <h3>Hosts File: </h3>
 <pre><font face="Courier" size="2">	#ZONE 		HOST(S)			OPTIONS<br>	me		eth2:192.168.1.3,eth2:206.124.146.179<br>	tx 		texas:192.168.9.0/24<br>	#LAST LINE -- ADD YOUR ENTRIES ABOVE -- DO NOT REMOVE</font></pre>
 <h3>Routestopped File:</h3>
 <pre><font face="Courier" size="2">	#INTERFACE	HOST(S)<br>	eth1		206.124.146.177<br>	eth2 		-<br>	eth3 		206.124.146.180</font></pre>
 <h3>Common File: </h3>
 <pre><font size="2" face="Courier">	. /etc/shorewall/common.def<br>	run_iptables -A common -p udp --sport 53 -mstate --state NEW -j DROP<br>	run_iptables -A common -p tcp --dport 113 -j REJECT</font></pre>
 <h3>Policy File:</h3>
 <pre><font size="2" face="Courier">
 	#SOURCE	DEST	POLICY	LOG LEVEL	LIMIT:BURST
 	me	all	ACCEPT
 	tx	me	ACCEPT		#Give Texas access to my personal system
-	all	me	CONTINUE	#<font color="#FF0000">WARNING: You must be running Shorewall 1.3.1 or later for
+	all	me	CONTINUE	#<font
-					</font>#<font color="#FF0000">	  this policy to work as expected!!!</font>	
+ color="#ff0000">WARNING: You must be running Shorewall 1.3.1 or later for<br>					</font>#<font
-	loc 	loc 	ACCEPT
+ color="#ff0000">	  this policy to work as expected!!!</font>	<br>	loc 	loc 	ACCEPT<br>	loc 	net	ACCEPT<br>	$FW	loc	ACCEPT<br>	$FW	tx	ACCEPT<br>	loc	tx	ACCEPT<br>	loc	fw	REJECT<br>	net	net	ACCEPT<br>	net	all	DROP	info		10/sec:40<br>	all	all	REJECT	info<br>	#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOTE</font></pre>
 	loc 	net	ACCEPT
 	$FW	loc	ACCEPT
 	$FW	tx	ACCEPT
 	loc	tx	ACCEPT
 	loc	fw	REJECT
 	net	net	ACCEPT
 	net	all	DROP	info		10/sec:40
 	all	all	REJECT	info
 	#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOTE</font></pre>
  <h3>Masq File: </h3>
-                                      <blockquote> 
+<h3>Masq File: </h3>
-                                        <p>
+                                         
-Although most of our internal systems use static NAT, my wife's system 
+<blockquote>                                          
-(192.168.1.4) uses IP Masquerading (actually SNAT) as do visitors with laptops.</p>
+  <p> Although most of our internal systems use static NAT, my wife's system
 (192.168.1.4) uses IP Masquerading (actually SNAT) as do visitors with laptops.</p>
  </blockquote>
-  <pre><font size="2" face="Courier">	#INTERFACE 	SUBNET		ADDRESS
+<pre><font size="2" face="Courier">	#INTERFACE 	SUBNET		ADDRESS<br>	eth0 		192.168.1.0/24	206.124.146.176<br>	#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</font></pre>
 	eth0 		192.168.1.0/24	206.124.146.176
 	#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</font></pre>
  <h3>NAT File: </h3>
  <pre><font size="2" face="Courier">	#EXTERNAL	INTERFACE	INTERNAL	ALL	LOCAL
 	206.124.146.178 eth0 		192.168.1.5 	No 	No
 	206.124.146.179 eth0 		192.168.1.3 	No 	No
 	#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</font></pre>
-                                          <h3>Proxy ARP File:</h3>
+<h3>NAT File: </h3>
  <pre><font face="Courier" size="2">     	#ADDRESS	INTERFACE	EXTERNAL	HAVEROUTE
 	206.124.146.177 eth1 		eth0 		No
 	206.124.146.180	eth3		eth0		No
 	#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</font></pre>
-                                          <h3>Rules File (The shell variables 
+<pre><font size="2" face="Courier">	#EXTERNAL	INTERFACE	INTERNAL	ALL	LOCAL<br>	206.124.146.178 eth0 		192.168.1.5 	No 	No<br>	206.124.146.179 eth0 		192.168.1.3 	No 	No<br>	#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</font></pre>
 <h3>Proxy ARP File:</h3>
 <pre><font face="Courier" size="2">     	#ADDRESS	INTERFACE	EXTERNAL	HAVEROUTE<br>	206.124.146.177 eth1 		eth0 		No<br>	206.124.146.180	eth3		eth0		No<br>	#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</font></pre>
 <h3>Rules File (The shell variables                                     
      are set in /etc/shorewall/params):</h3>
-  <pre><font face="Courier" size="2">     	#ACTION		SOURCE 		DEST 			PROTO	DEST 	SOURCE  ORIGINAL
+<pre><font face="Courier" size="2">     	#ACTION		SOURCE 		DEST 			PROTO	DEST 	SOURCE  ORIGINAL<br>	#                       				PORT(S) PORT(S)	PORT(S)	DEST<br>	#<br>	# Local Network to Internet - Reject attempts by Trojans to call home<br>	#<br>	REJECT:info 	loc 		net 			tcp	6667<br>	#<br>	# Local Network to Firewall <br>	#<br>	ACCEPT		loc		fw 			tcp 	ssh<br>	ACCEPT		loc		fw			tcp	time<br>	#<br>	# Local Network to DMZ <br>	#<br>	ACCEPT 		loc 		dmz 			udp	domain<br>	ACCEPT		loc		dmz			tcp	smtp<br>	ACCEPT		loc		dmz			tcp	domain<br>	ACCEPT		loc		dmz			tcp	ssh<br>	ACCEPT		loc		dmz			tcp	auth<br>	ACCEPT		loc		dmz			tcp	imap<br>	ACCEPT		loc		dmz			tcp	https<br>	ACCEPT		loc		dmz			tcp	imaps<br>	ACCEPT		loc		dmz			tcp	cvspserver<br>	ACCEPT 		loc 		dmz 			tcp 	www<br>	ACCEPT		loc		dmz			tcp	ftp<br>	ACCEPT		loc		dmz			tcp	pop3<br>	ACCEPT		loc		dmz			icmp	echo-request<br>	#<br>	# Internet to DMZ <br>	#<br>	ACCEPT		net		dmz 			tcp	www<br>	ACCEPT		net		dmz			tcp	smtp<br>	ACCEPT		net		dmz			tcp	ftp<br>	ACCEPT		net		dmz			tcp	auth<br>	ACCEPT		net		dmz			tcp	https<br>	ACCEPT		net		dmz			tcp	imaps<br>	ACCEPT		net		dmz			tcp	domain<br>	ACCEPT		net		dmz			tcp	cvspserver<br>	ACCEPT		net		dmz			udp	domain<br>	ACCEPT		net		dmz			icmp	echo-request<br>	ACCEPT 		net:$MIRRORS	dmz			tcp	rsync<br>	#<br>	# Net to Me (ICQ chat and file transfers) <br>	#<br>	ACCEPT		net		me			tcp	4000:4100<br>	#<br>	# Net to Local <br>	#<br>	ACCEPT		net		loc			tcp	auth<br>	REJECT		net		loc			tcp	www<br>	#<br>	# DMZ to Internet<br>	#<br>	ACCEPT		dmz		net			icmp	echo-request<br>	ACCEPT		dmz		net			tcp	smtp<br>	ACCEPT		dmz		net			tcp	auth<br>	ACCEPT		dmz		net			tcp	domain<br>	ACCEPT		dmz		net			tcp	www<br>	ACCEPT		dmz		net			tcp	https<br>	ACCEPT		dmz		net			tcp	whois<br>	ACCEPT		dmz		net			tcp	echo<br>	ACCEPT		dmz		net			udp	domain<br>	ACCEPT		dmz 		net:$NTPSERVERS		udp	ntp<br>	ACCEPT 		dmz 		net:$POPSERVERS		tcp	pop3<br>	#<br>	# The following compensates for a bug, either in some FTP clients or in the<br>	# Netfilter connection tracking code that occasionally denies active mode<br>	# FTP clients<br>	#<br>	ACCEPT:info 	dmz 		net			tcp	1024:	20<br>	#<br>	# DMZ to Firewall -- snmp<br>	#<br>	ACCEPT 		dmz 		fw 			tcp	snmp<br>	ACCEPT		dmz		fw			udp	snmp<br>	#<br>	# DMZ to Local Network <br>	#<br>	ACCEPT 		dmz 		loc			tcp	smtp<br>	ACCEPT		dmz		loc			tcp	auth<br>	ACCEPT		dmz		loc			icmp	echo-request<br>	# Internet to Firewall<br>	#<br>	ACCEPT		net		fw			tcp	1723<br>	ACCEPT		net		fw			gre<br>	REJECT 		net		fw			tcp	www<br>	#<br>	# Firewall to Internet<br>	#<br>	ACCEPT 		fw 		net:$NTPSERVERS		udp	ntp<br>	ACCEPT		fw		net			udp	domain<br>	ACCEPT		fw		net			tcp	domain<br>	ACCEPT		fw		net			tcp	www<br>	ACCEPT		fw		net			tcp	https<br>	ACCEPT		fw		net			tcp	ssh<br>	ACCEPT		fw		net			tcp	whois<br>	ACCEPT		fw		net 			icmp	echo-request<br>	#<br>	# Firewall to DMZ<br>	#<br>	ACCEPT 		fw 		dmz 			tcp 	www<br>	ACCEPT 		fw 		dmz 			tcp 	ftp<br>	ACCEPT 		fw 		dmz 			tcp 	ssh<br>	ACCEPT 		fw 		dmz 			tcp 	smtp<br>	ACCEPT 		fw 		dmz 			udp 	domain<br>	#<br>	# Let Texas Ping<br>	#<br>	ACCEPT 		tx 		fw 			icmp 	echo-request<br>	ACCEPT		tx 		loc 			icmp 	echo-request<br><br>	#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</font></pre>
 	#                       				PORT(S) PORT(S)	PORT(S)	DEST
 	#
 	# Local Network to Internet - Reject attempts by Trojans to call home
 	#
 	REJECT:info 	loc 		net 			tcp	6667
 	#
 	# Local Network to Firewall 
 	#
 	ACCEPT		loc		fw 			tcp 	ssh
 	ACCEPT		loc		fw			tcp	time
 	#
 	# Local Network to DMZ 
 	#
 	ACCEPT 		loc 		dmz 			udp	domain
 	ACCEPT		loc		dmz			tcp	smtp
 	ACCEPT		loc		dmz			tcp	domain
 	ACCEPT		loc		dmz			tcp	ssh
 	ACCEPT		loc		dmz			tcp	auth
 	ACCEPT		loc		dmz			tcp	imap
 	ACCEPT		loc		dmz			tcp	https
 	ACCEPT		loc		dmz			tcp	imaps
 	ACCEPT		loc		dmz			tcp	cvspserver
 	ACCEPT 		loc 		dmz 			tcp 	www
 	ACCEPT		loc		dmz			tcp	ftp
 	ACCEPT		loc		dmz			tcp	pop3
 	ACCEPT		loc		dmz			icmp	echo-request
 	#
 	# Internet to DMZ 
 	#
 	ACCEPT		net		dmz 			tcp	www
 	ACCEPT		net		dmz			tcp	smtp
 	ACCEPT		net		dmz			tcp	ftp
 	ACCEPT		net		dmz			tcp	auth
 	ACCEPT		net		dmz			tcp	https
 	ACCEPT		net		dmz			tcp	imaps
 	ACCEPT		net		dmz			tcp	domain
 	ACCEPT		net		dmz			tcp	cvspserver
 	ACCEPT		net		dmz			udp	domain
 	ACCEPT		net		dmz			icmp	echo-request
 	ACCEPT 		net:$MIRRORS	dmz			tcp	rsync
 	#
 	# Net to Me (ICQ chat and file transfers) 
 	#
 	ACCEPT		net		me			tcp	4000:4100
 	#
 	# Net to Local 
 	#
 	ACCEPT		net		loc			tcp	auth
 	REJECT		net		loc			tcp	www
 	#
 	# DMZ to Internet
 	#
 	ACCEPT		dmz		net			icmp	echo-request
 	ACCEPT		dmz		net			tcp	smtp
 	ACCEPT		dmz		net			tcp	auth
 	ACCEPT		dmz		net			tcp	domain
 	ACCEPT		dmz		net			tcp	www
 	ACCEPT		dmz		net			tcp	https
 	ACCEPT		dmz		net			tcp	whois
 	ACCEPT		dmz		net			tcp	echo
 	ACCEPT		dmz		net			udp	domain
 	ACCEPT		dmz 		net:$NTPSERVERS		udp	ntp
 	ACCEPT 		dmz 		net:$POPSERVERS		tcp	pop3
 	#
 	# The following compensates for a bug, either in some FTP clients or in the
 	# Netfilter connection tracking code that occasionally denies active mode
 	# FTP clients
 	#
 	ACCEPT:info 	dmz 		net			tcp	1024:	20
 	#
 	# DMZ to Firewall -- snmp
 	#
 	ACCEPT 		dmz 		fw 			tcp	snmp
 	ACCEPT		dmz		fw			udp	snmp
 	#
 	# DMZ to Local Network 
 	#
 	ACCEPT 		dmz 		loc			tcp	smtp
 	ACCEPT		dmz		loc			tcp	auth
 	ACCEPT		dmz		loc			icmp	echo-request
 	# Internet to Firewall
 	#
 	ACCEPT		net		fw			tcp	1723
 	ACCEPT		net		fw			gre
 	REJECT 		net		fw			tcp	www
 	#
 	# Firewall to Internet
 	#
 	ACCEPT 		fw 		net:$NTPSERVERS		udp	ntp
 	ACCEPT		fw		net			udp	domain
 	ACCEPT		fw		net			tcp	domain
 	ACCEPT		fw		net			tcp	www
 	ACCEPT		fw		net			tcp	https
 	ACCEPT		fw		net			tcp	ssh
 	ACCEPT		fw		net			tcp	whois
 	ACCEPT		fw		net 			icmp	echo-request
 	#
 	# Firewall to DMZ
 	#
 	ACCEPT 		fw 		dmz 			tcp 	www
 	ACCEPT 		fw 		dmz 			tcp 	ftp
 	ACCEPT 		fw 		dmz 			tcp 	ssh
 	ACCEPT 		fw 		dmz 			tcp 	smtp
 	ACCEPT 		fw 		dmz 			udp 	domain
 	#
 	# Let Texas Ping
 	#
 	ACCEPT 		tx 		fw 			icmp 	echo-request
 	ACCEPT		tx 		loc 			icmp 	echo-request
-	#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</font></pre>
+<p><font size="2"> Last updated 9/14/2002  - </font><font size="2">     
                                            <p><font size="2">
 Last updated 8/9/2002
 - </font><font size="2">
                                       <a href="support.htm">Tom Eastep</a></font> 
  </p>
   <font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font>
-  © <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></body></html>
+   © <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font><br>
 </body>
 </html>
--- a/Shorewall-docs/seattlefirewall_index.htm
+++ b/Shorewall-docs/seattlefirewall_index.htm
@ -2,48 +2,59 @@
 <html>
 <head>
-  <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
+  <meta http-equiv="Content-Type"
 content="text/html; charset=windows-1252">
  <title>Shoreline Firewall (Shorewall) 1.3</title>
  <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
  <meta name="ProgId" content="FrontPage.Editor.Document">
                                             <base target="_self">   
  <meta name="Microsoft Theme" content="none">
 </head>
  <body>
-      <table border="0" cellpadding="0" cellspacing="4" style="border-collapse: collapse" width="100%" id="AutoNumber3" bgcolor="#4B017C">
+                                             
 <table border="0" cellpadding="0" cellspacing="4"
 style="border-collapse: collapse;" width="100%" id="AutoNumber3"
 bgcolor="#4b017c">
         <tbody>
    <tr>
           <td width="100%">           
-          <h1 align="center"> <font size="4"><i>
+      <h1 align="center"> <font size="4"><i>           <a
-          <a href="http://www.cityofshoreline.com">
+ href="http://www.cityofshoreline.com">       <img border="0"
-      <img border="0" src="images/washington.jpg" align="right" width="100" height="82"><img border="0" src="images/washington.jpg" align="left" width="100" height="82"></a></i></font><font color="#FFFFFF">Shorewall 1.3 - <font size="4">&quot;<i>iptables made easy&quot;</i></font></font></h1>
+ src="images/washington.jpg" align="right" width="100" height="82">
      <img border="0" src="images/washington.jpg" align="left"
 width="100" height="82">
      </a></i></font><font color="#ffffff">Shorewall 1.3 - <font
 size="4">"<i>iptables made easy"</i></font></font></h1>
           </td>
         </tr>
      </table>
-      <div align="center">
+  </tbody>
-        <center>
+</table>
-        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber4">
+                                              
 <div align="center">         
 <center>         
 <table border="0" cellpadding="0" cellspacing="0"
 style="border-collapse: collapse;" width="100%" id="AutoNumber4">
           <tbody>
    <tr>
             <td width="90%">                                           
-      <h2 align="Left">What is it?</h2>
+      <h2 align="left">What is it?</h2>
-      <p>The Shoreline Firewall, more commonly known as &quot;Shorewall&quot;,&nbsp; is a
+      <p>The Shoreline Firewall, more commonly known as "Shorewall",  is
-      <a href="http://www.netfilter.org">Netfilter</a> (iptables) based firewall 
+a       <a href="http://www.netfilter.org">Netfilter</a> (iptables) based
-      that can be used on a dedicated firewall system, a multi-function 
+firewall        that can be used on a dedicated firewall system, a multi-function
       gateway/router/server or on a standalone GNU/Linux system.</p>
-      <p>This program is free software; you can redistribute it and/or modify it 
+      <p>This program is free software; you can redistribute it and/or modify
-      under the terms of <a href="http://www.gnu.org/licenses/gpl.html">Version 
+it        under the terms of <a
-      2 of the GNU General Public License</a> as published by the Free Software 
+ href="http://www.gnu.org/licenses/gpl.html">Version        2 of the GNU
-      Foundation.<br>
+General Public License</a> as published by the Free Software        Foundation.<br>
          <br>
-          This program is distributed in the hope that it will be useful, but 
+           This program is distributed in the hope that it will be useful,
-      WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 
+but        WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
       or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
       for more details.<br>
          <br>
@ -53,109 +64,193 @@
      <p><a href="copyright.htm">Copyright 2001, 2002 Thomas M. Eastep</a></p>
-                      
+      <p> <a href="http://leaf.sourceforge.net" target="_top"><img
-      <p>&nbsp;<a href="http://leaf.sourceforge.net" target="_top"><img border="0" src="images/leaflogo.gif" width="49" height="36"></a>Jacques 
+ border="0" src="images/leaflogo.gif" width="49" height="36">
-      Nilo and Eric Wolzak have a LEAF distribution called <i>Bering</i> that 
+      </a>Jacques        Nilo and Eric Wolzak have a LEAF distribution called
-      features Shorewall-1.3.3 and Kernel-2.4.18. You can find their work at:
+      <i>Bering</i> that        features Shorewall-1.3.3 and Kernel-2.4.18.
-  <a href="http://leaf.sourceforge.net/devel/jnilo">
+You can find their work at:   <a
-      http://leaf.sourceforge.net/devel/jnilo</a></p>
+ href="http://leaf.sourceforge.net/devel/jnilo">       http://leaf.sourceforge.net/devel/jnilo</a></p>
      <h2>News</h2>
- <p><b>8/22/2002 - Shorewall 1.3.7 Released 8/13/2002
+      <p><b>9/16/2002 - Shorewall 1.3.8 </b><b><img border="0"
- <img border="0" src="images/new10.gif" width="28" height="12"> </b></p>
+ src="file:///vfat/Shorewall/Shorewall-docs/images/new10.gif" width="28"
 height="12">
 </b></p>
      <p>In this version:<br>
 </p>
      <ul>
        <li>A NEWNOTSYN option has been added to shorewall.conf. This option
 determines whether Shorewall accepts TCP packets which are not part of an
 established connection and that are not 'SYN' packets (SYN flag on and ACK
 flag off).</li>
        <li>The need for the 'multi' option to communicate between zones
 za and zb on the same interface is removed in the case where the chain 'za2zb'
 and/or 'zb2za' exists. 'za2zb' will exist if:</li>
        <ul>
          <li>       
            <blockquote>There is a policy for za to zb; or</blockquote>
     </li>
          <li>       
            <blockquote>There is at least one rule for za to zb.</blockquote>
     </li>
        </ul>
      </ul>
      <ul>
        <li>The /etc/shorewall/blacklist file now contains three columns.
 In addition to the SUBNET/ADDRESS column, there are optional PROTOCOL and
 PORT columns to block only certain applications from the blacklisted addresses.<br>
   </li>
      </ul>
      <p><b>9/11/2002 - Debian 1.3.7c Packages Available </b></p>
      <p>Apt-get sources listed at <a
 href="http://security.dsi.unimi.it/%7Elorenzo/debian.html">http://security.dsi.unimi.it/~lorenzo/debian.html</a>.</p>
      <p><b>9/2/2002 - Shorewall 1.3.7c</b></p>
      <p>This is a role up of a fix for "DNAT" rules where the source zone
 is $FW   (fw).</p>
      <p><b>8/26/2002 - Shorewall 1.3.7b</b></p>
      <p>This is a role up of the "shorewall refresh" bug fix and the change
 which   reverses the order of "dhcp" and "norfc1918" checking.</p>
      <p><b>8/26/2002 - French FTP Mirror is Operational</b></p>
      <p><a target="_blank"
 href="ftp://france.shorewall.net/pub/mirrors/shorewall">ftp://france.shorewall.net/pub/mirrors/shorewall</a>
 is now available.</p>
      <p><b>8/25/2002 - Shorewall Mirror in France </b></p>
      <p>Thanks to a Shorewall user in Paris, the Shorewall web site is now
 mirrored   at <a target="_top" href="http://france.shorewall.net">http://france.shorewall.net</a>.</p>
      <p><b>8/25/2002 - Shorewall 1.3.7a Debian Packages Available</b></p>
      <p>Lorenzo Martignoni reports that the packages for version 1.3.7a
 are available at <a
 href="http://security.dsi.unimi.it/%7Elorenzo/debian.html">http://security.dsi.unimi.it/~lorenzo/debian.html</a>.</p>
      <p><b>8/22/2002 - Shorewall 1.3.7 Wins a Brown Paper Bag Award for
 its Author   -- Shorewall 1.3.7a released  <img border="0"
 src="images/j0233056.gif" width="50" height="80" align="middle">
      </b></p>
      <p>1.3.7a corrects problems occurring in  rules file processing when
 starting Shorewall   1.3.7.</p>
      <p><b>8/22/2002 - Shorewall 1.3.7 Released</b></p>
      <p>Features in this release include:</p>
      <ul>
         <li>The 'icmp.def' file is now empty! The rules in that file were
-        required in ipchains firewalls but are not required in Shorewall. Users 
+         required in ipchains firewalls but are not required in Shorewall.
-        who have ALLOWRELATED=No in <a href="Documentation.htm#Conf">
+Users          who have ALLOWRELATED=No in <a
-        shorewall.conf</a> should see the <a href="errata.htm#Upgrade">Upgrade 
+ href="Documentation.htm#Conf">         shorewall.conf</a> should see the
-        Issues</a>.</li>
+          <a href="errata.htm#Upgrade">Upgrade          Issues</a>.</li>
-        <li>A 'FORWARDPING' option has been added to
+         <li>A 'FORWARDPING' option has been added to         <a
-        <a href="Documentation.htm#Conf">shorewall.conf</a>. The effect of 
+ href="Documentation.htm#Conf">shorewall.conf</a>. The effect of        
 setting this variable to Yes is the same as the effect of adding an    
-        ACCEPT rule for ICMP echo-request in
+     ACCEPT rule for ICMP echo-request in         <a
-        <a href="shorewall_extension_scripts.htm">/etc/shorewall/icmpdef</a>. 
+ href="shorewall_extension_scripts.htm">/etc/shorewall/icmpdef</a>.     
    Users who have such a rule in icmpdef are encouraged to switch to   
      FORWARDPING=Yes.</li>
-        <li>The loopback CLASS A Network (127.0.0.0/8) has been added to the 
+         <li>The loopback CLASS A Network (127.0.0.0/8) has been added to
-        rfc1918 file.</li>
+the          rfc1918 file.</li>
         <li>Shorewall now works with iptables 1.2.7.</li>
         <li>The documentation and Web site no longer use FrontPage themes.</li>
      </ul>
- <p>I would like to thank John Distler for his valuable input regarding TCP SYN 
+      <p>I would like to thank John Distler for his valuable input regarding
- and ICMP treatment in Shorewall. That input has led to marked improvement in 
+TCP SYN   and ICMP treatment in Shorewall. That input has led to marked improvement
- Shorewall in the last two releases.</p>
+in   Shorewall in the last two releases.</p>
- <p><b>8/13/2002 - Documentation in the <a target="_top" href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">
+      <p><b>8/13/2002 - Documentation in the <a target="_top"
- CVS Repository</a></b></p>
+ href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">  CVS Repository</a></b></p>
- <p>The Shorewall-docs project now contains just the HTML and image files - the 
+      <p>The Shorewall-docs project now contains just the HTML and image
- Frontpage files have been removed.</p>
+files - the   Frontpage files have been removed.</p>
- <p><b>8/7/2002 - <i>STABLE</i></b> <b>branch added to <a target="_top" href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">
+      <p><b>8/7/2002 - <i>STABLE</i></b> <b>branch added to <a
- CVS Repository</a></b></p>
+ target="_top" href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">  CVS
 Repository</a></b></p>
- <p>This branch will only be updated after I release a new version of Shorewall 
+      <p>This branch will only be updated after I release a new version of
- so you can always update from this branch to get the latest stable tree.</p>
+Shorewall   so you can always update from this branch to get the latest stable
 tree.</p>
- <p><b>8/7/2002 - <a href="errata.htm#Upgrade">Upgrade Issues</a> section added 
+      <p><b>8/7/2002 - <a href="errata.htm#Upgrade">Upgrade Issues</a> section
- to the <a href="errata.htm">Errata Page</a></b></p>
+added   to the <a href="errata.htm">Errata Page</a></b></p>
- <p>Now there is one place to go to look for issues involved with upgrading to 
+      <p>Now there is one place to go to look for issues involved with upgrading
- recent versions of Shorewall.</p>
+to   recent versions of Shorewall.</p>
      <p><b>8/7/2002 - Shorewall 1.3.6</b></p>
      <p>This is primarily a bug-fix rollup with a couple of new features:</p>
      <ul>
-   <li>The latest <a href="shorewall_quickstart_guide.htm">QuickStart Guides </a>
+    <li>The latest <a href="shorewall_quickstart_guide.htm">QuickStart Guides
-   including the <a href="shorewall_setup_guide.htm">Shorewall Setup Guide.</a></li>
+          </a>    including the <a href="shorewall_setup_guide.htm">Shorewall
-   <li>Shorewall will now DROP TCP packets that are not part of or related to an 
+Setup Guide.</a></li>
-   existing connection and that are not SYN packets. These &quot;New not SYN&quot; packets 
+    <li>Shorewall will now DROP TCP packets that are not part of or related
-   may be optionally logged by setting the LOGNEWNOTSYN option in <a href="Documentation.htm#Conf">
+to an     existing connection and that are not SYN packets. These "New not
-   /etc/shorewall/shorewall.conf</a>.</li>
+SYN" packets     may be optionally logged by setting the LOGNEWNOTSYN option
-   <li>The processing of &quot;New not SYN&quot; packets may be extended by commands in 
+in <a href="Documentation.htm#Conf">    /etc/shorewall/shorewall.conf</a>.</li>
-   the new <a href="shorewall_extension_scripts.htm">newnotsyn extension script</a>.</li>
+    <li>The processing of "New not SYN" packets may be extended by commands
- </ul>
+in     the new <a href="shorewall_extension_scripts.htm">newnotsyn extension
 script</a>.</li>
      </ul>
      <p><a href="News.htm">More News</a></p>
      <h2><a name="Donations"></a>Donations</h2>
                                                </td>
-            <td width="88" bgcolor="#4B017C" valign="top" align="center"><a href="http://sourceforge.net" target="_top">
+             <td width="88" bgcolor="#4b017c" valign="top"
-            <img src="http://sourceforge.net/sflogo.php?group_id=22587" alt="SourceForge Logo" border="0" hspace="14" vspace="5" align="center"></a></td>
+ align="center">             <a href="http://sourceforge.net">M</a></td>
           </tr>
-        </table>
+         
  </tbody>
 </table>
         </center>
       </div>
- <table border="0" cellpadding="5" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber2" bgcolor="#4B017C">
+<table border="0" cellpadding="5" cellspacing="0"
 style="border-collapse: collapse;" width="100%" id="AutoNumber2"
 bgcolor="#4b017c">
    <tbody>
    <tr>
-     <td width="100%" style="margin-top: 1">
+      <td width="100%" style="margin-top: 1px;">      
-     <p align="center"><a href="http://www.starlight.org">
+      <p align="center"><a href="http://www.starlight.org">        <img
-       <img border="4" src="images/newlog.gif" width="57" height="100" align="left" hspace="10"><img border="4" src="images/newlog.gif" width="57" height="100" align="right" hspace="10"></a></p>
+ border="4" src="images/newlog.gif" width="57" height="100" align="left"
-     <p align="center"><font size="4" color="#FFFFFF">Shorewall is free but if 
+ hspace="10">
-     you try it and find it useful, please consider making a donation to
+      <img border="4" src="images/newlog.gif" width="57" height="100"
-      <a href="http://www.starlight.org"><font color="#FFFFFF">Starlight Children's Foundation.</font></a> Thanks!</font></td>
+ align="right" hspace="10">
      </a></p>
      <p align="center"><font size="4" color="#ffffff">Shorewall is free
 but if       you try it and find it useful, please consider making a donation
 to       <a href="http://www.starlight.org"><font color="#ffffff">Starlight
 Children's Foundation.</font></a> Thanks!</font></p>
      </td>
    </tr>
 </table>
-      <p><font size="2">Updated
+  </tbody>
-      8/22/2002 - <a href="support.htm">Tom Eastep</a>
+</table>
 <p><font size="2">Updated       9/16/2002 - <a href="support.htm">Tom Eastep</a> 
     </font>                                                            
        </p>
-                                  
+                                                            <br>
-                      
+</body>
- </body>
+</html>
  </html>
--- a/Shorewall-docs/shoreline.htm
+++ b/Shorewall-docs/shoreline.htm
@ -73,17 +73,20 @@ Washington</a>
  <ul>
    <li>1.2Gz Athlon, Windows XP Pro, 320MB RAM, 40GB &amp; 8GB IDE HDs and LNE100TX 
    (Tulip) NIC - My personal Windows system.</li>
-    <li>Celeron 1.4Gz, RH7.3, 256MB RAM, 60GB HD, LNE100TX(Tulip) NIC - My 
+    <li>Celeron 1.4Gz, RH7.3, 384MB RAM, 60GB HD, LNE100TX(Tulip) NIC - My 
-    personal Linux System which runs Samba configured as a WINS server.</li>
+    personal Linux System which runs Samba configured as a WINS server. This 
    system also has <a href="http://www.vmware.com/">VMware</a> installed and 
    can run both <a href="http://www.debian.org">Debian</a> and
    <a href="http://www.suse.com">SuSE</a> in virtual machines.</li>
    <li>K6-2/350, RH7.3, 384MB RAM, 8GB IDE HD, EEPRO100 NIC 
 - Mail (Postfix &amp; Courier-IMAP), HTTP (Apache), FTP (Pure_ftpd), DNS server 
    (Bind).</li>
-    <li>PII/233, RH7.3 with 2.4.19 kernel, 256MB MB RAM, 2GB SCSI HD - 3 
+    <li>PII/233, RH7.3 with 2.4.20-pre2 kernel, 256MB MB RAM, 2GB SCSI HD - 3 
    LNE100TX&nbsp; (Tulip) and 1 TLAN NICs&nbsp; - Firewall running Shorewall 1.3.6 and a DHCP  
  server.  Also  runs PoPToP for     road warrior access.</li>
    <li>Duron 750, Win ME, 192MB RAM, 20GB HD, RTL8139 NIC - My wife's     personal system.</li>
    <li>PII/400 Laptop, Win2k SP2, 224MB RAM, 12GB HD, onboard EEPRO100 and     EEPRO100
-in expansion base - My main work system.</li>
+in expansion base and LinkSys WAC11 - My main work system.</li>
  </ul>
  <p>For more about our network see <a href="myfiles.htm">my Shorewall
  Configuration</a>.</p>
--- a/Shorewall-docs/shorewall_features.htm
+++ b/Shorewall-docs/shorewall_features.htm
@ -50,7 +50,7 @@
  </li>
  <li><a href="blacklisting_support.htm"><b>Blacklisting</b></a> of individual
    IP addresses and subnetworks is supported.</li>
-  <li><a href="Documentation.htm#Starting"><b>Operational support</b></a>:
+  <li><b><a href="starting_and_stopping_shorewall.htm">Operational support</a></b>:
  <ul>
    <li>Commands to start, stop and clear the firewall</li>
    <li>Supports status             monitoring
--- a/Shorewall-docs/shorewall_firewall_structure.htm
+++ b/Shorewall-docs/shorewall_firewall_structure.htm
@ -43,7 +43,11 @@ from the internet and from the DMZ and in       some cases, from each other.</li
 network hosts.</p>
 <p>While zones are normally disjoint (no two zones have a host in common), 
 there are cases where nested or overlapping zone definitions are appropriate.</p>
- <p>Packets entering the firewall first pass through the <i>mangle </i>table's 
+ <p>For a general picture of how packets traverse a Netfilter firewall, see
 <a href="http://www.netfilter.org/documentation/tutorials/blueflux/iptables-tutorial.html#TRAVERSINGOFTABLES">
 http://www.netfilter.org/documentation/tutorials/blueflux/iptables-tutorial.html#TRAVERSINGOFTABLES.</a><br>
 <br>
 Packets entering the firewall first pass through the <i>mangle </i>table's 
 PREROUTING chain (you can see the mangle table by typing &quot;shorewall show 
 mangle&quot;). If the packet entered through an interface that has the <b>norfc1918</b> 
 option, then the packet is sent down the <b>man1918</b>&nbsp; which will drop 
@ -55,10 +59,25 @@ from the internet and from the DMZ and in       some cases, from each other.</li
 control.</p>
 <p>Next, if the packet isn't part of an established connection, it passes 
 through the<i> nat</i> table's PREROUTING chain (you can see the nat table by 
- typing &quot;shorewall show nat&quot;). </p>
+ typing &quot;shorewall show nat&quot;). If you are doing both static nat and 
 port forwarding, the order in which chains are traversed is dependent on the 
 setting of NAT_BEFORE_RULES in shorewall.conf. If NAT_BEFORE_RULES is on then 
 packets will ender a chain called <i>interface_</i>in where <i>interface</i> is 
 the name of the interface on which the packet entered. Here it's destination IP 
 is compared to each of the <i>EXTERNAL</i> IP addresses from /etc/shorewall/nat 
 that correspond to this interface; if there is a match, DNAT is applied and the 
 packet header is modified to the IP in the <i>INTERNAL</i> column of the nat 
 file record. If the destination address doesn't match any of the rules in the
 <i>interface_</i>in chain then the packet enters a chain called <i>sourcezone</i>_dnat 
 where <i>sourcezone</i> is the source zone of the packet. There it is compared 
 for a match against each of the DNAT records in the rules file that specify <i>
 sourcezone </i>as the source zone. If a match is found, the destination IP 
 address (and possibly the destination port) is modified based on the rule 
 matched. If NAT_BEFORE_RULES is off, then the order of traversal of the <i>
 interface_</i>in and <i>sourcezone</i>_dnat is reversed.</p>
      <p>
- Traffic entering the 
+ Traffic is next sent to an<i> input </i>chain in the mail Netfilter table 
- firewall is sent to an<i> input </i>chain. If the traffic is destined for the 
+ (called 'filter'). If the traffic is destined for the 
 firewall itself, the name of the input chain is formed by appending &quot;_in&quot; to 
 the interface name. So traffic on eth0 destined for the firewall will enter a 
 chain called <i>eth0_in</i>. The input chain for traffic that will be routed to 
@ -151,6 +170,6 @@ its own separate connection from   the firewall to zone B.</p>
 zone and you are having problems connecting from a local client to an   internet 
 server, <font color="#ff6633"><b><u> adding a rule won't help</u></b></font>
    (see point 3 above).</p>
-<p><font size="2">Last modified 7/26/2002 - <a href="support.htm">Tom
+<p><font size="2">Last modified 8/22/2002 - <a href="support.htm">Tom
 Eastep</a></font><p><font face="Trebuchet MS"><a href="copyright.htm">
 <font size="2">Copyright</font> © <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></body></html>
--- a/Shorewall-docs/shorewall_mirrors.htm
+++ b/Shorewall-docs/shorewall_mirrors.htm
@ -36,6 +36,8 @@ It is mirrored at:</p>
  <li><a target="_top" href="http://germany.shorewall.net">
  http://germany.shorewall.net</a> (Hamburg, Germany)</li>
  <li><a target="_top" href="http://shorewall.correofuego.com.ar">http://shorewall.correofuego.com.ar</a> (Martinez (Zona Norte - GBA), Argentina)</li>
  <li><a target="_top" href="http://france.shorewall.net">http://france.shorewall.net</a> 
  (Paris, France)</li>
 </ul>
 <p align="left">The main Shorewall FTP Site is <a href="ftp://ftp.shorewall.net/pub/shorewall/" target="_blank">ftp://ftp.shorewall.net/pub/shorewall/</a>
 and is located in Washington State, USA.&nbsp;
@ -50,8 +52,11 @@ It is mirrored at:</p>
  ftp://germany.shorewall.net/pub/shorewall</a> (Hamburg, Germany)</li>
  <li>
  <a target="_blank" href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall">ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall</a> (Martinez (Zona Norte - GBA), Argentina)</li>
  <li>
  <a target="_blank" href="ftp://france.shorewall.net/pub/mirrors/shorewall">ftp://france.shorewall.net/pub/mirrors/shorewall</a> 
  (Paris, France)</li>
 </ul>
-<p align="left"><font size="2">Last Updated 7/16/2002 - <a href="support.htm">Tom
+<p align="left"><font size="2">Last Updated 8/26/2002 - <a href="support.htm">Tom
 Eastep</a></font></p>
 <p align="left"><font face="Trebuchet MS"><a href="copyright.htm">
--- a/Shorewall-docs/shorewall_prerequisites.htm
+++ b/Shorewall-docs/shorewall_prerequisites.htm
@ -18,7 +18,7 @@
  </tr>
 </table>
 <ul>
-  <li>A kernel that supports netfilter. I've tested with 2.4.2 - 2.4.19. <a href="kernel.htm">
+  <li>A kernel that supports netfilter. I've tested with 2.4.2 - 2.4.20-pre2. <a href="kernel.htm">
    Check here for kernel configuration       information.</a>
     If you are looking for a firewall for use with 2.2 kernels, <a href="http://www.shorewall.net/seawall">
    see       the Seattle Firewall site</a>
@ -43,7 +43,7 @@
  <li>The firewall monitoring display is greatly improved if you have awk 
     (gawk) installed.</li>
 </ul>
-<p align="left"><font size="2">Last updated 8/4/2002 - <a href="support.htm">Tom
+<p align="left"><font size="2">Last updated 8/24/2002 - <a href="support.htm">Tom
 Eastep</a></font></p>
 <p align="left"><font face="Trebuchet MS"><a href="copyright.htm">
--- a/Shorewall-docs/shorewall_quickstart_guide.htm
+++ b/Shorewall-docs/shorewall_quickstart_guide.htm
@ -1,88 +1,125 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
 <head>
-<meta http-equiv="Content-Language" content="en-us">
+ 
-<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
+  <meta http-equiv="Content-Language" content="en-us">
-<meta name="ProgId" content="FrontPage.Editor.Document">
+ 
-<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
+  <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
-<title>Shorewall QuickStart Guide</title>
+ 
-<meta name="Microsoft Theme" content="none">
+  <meta name="ProgId" content="FrontPage.Editor.Document">
  <meta http-equiv="Content-Type"
 content="text/html; charset=windows-1252">
  <title>Shorewall QuickStart Guide</title>
  <meta name="Microsoft Theme" content="none">
 </head>
  <body>
-<body>
+<table border="0" cellpadding="0" cellspacing="0"
-
+ style="border-collapse: collapse;" width="100%" id="AutoNumber1"
-<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+ bgcolor="#400169" height="90">
   <tbody>
    <tr>
     <td width="100%">     
-    <h1 align="center"><font color="#FFFFFF">Shorewall QuickStart Guides<br>
+      <h1 align="center"><font color="#ffffff">Shorewall QuickStart Guides<br>
-Version 3.0</font></h1>
+ Version 3.1</font></h1>
     </td>
   </tr>
  </tbody>
 </table>
-<p align="center">With thanks to Richard who reminded me once again that we must 
+<p align="center">With thanks to Richard who reminded me once again that
-all first walk before we can run.</p>
+we must  all first walk before we can run.</p>
 <h2>The Guides</h2>
-<p>These guides provide step-by-step instructions for configuring Shorewall in 
+ 
-common firewall setups.</p>
+<p>These guides provide step-by-step instructions for configuring Shorewall
-<p>The following guides are for firewalls with a single external IP address:</p>
+in  common firewall setups.</p>
 <p>The following guides are for users who have a single public IP address:</p>
 <ul>
   <li><a href="standalone.htm">Standalone</a> Linux System</li>
-  <li><a href="two-interface.htm">Two-interface</a> Linux System acting as a 
+   <li><a href="two-interface.htm">Two-interface</a> Linux System acting
-  firewall/router for a small local network</li>
+as a    firewall/router for a small local network</li>
-  <li><a href="three-interface.htm">Three-interface</a> Linux System acting as a 
+   <li><a href="three-interface.htm">Three-interface</a> Linux System acting
-  firewall/router for a small local network and a DMZ.</li>
+as a    firewall/router for a small local network and a DMZ.</li>
 </ul>
 <p>The above guides are designed to get your first firewall up and running
-quickly in the three most common Shorewall configurations.</p>
+ quickly in the three most common Shorewall configurations.</p>
 <p>The <a href="shorewall_setup_guide.htm">Shorewall Setup Guide</a> outlines
-the steps necessary to set up a firewall where there are multiple public IP 
+ the steps necessary to set up a firewall where there are multiple public
-addresses involved or if you want to learn more about Shorewall than is 
+IP  addresses involved or if you want to learn more about Shorewall than
-explained in the single-address guides above.</p>
+is  explained in the single-address guides above.</p>
 <ul>
   <li><a href="shorewall_setup_guide.htm#Introduction">1.0 Introduction</a></li>
   <li><a href="shorewall_setup_guide.htm#Concepts">2.0 Shorewall Concepts</a></li>
   <li><a href="shorewall_setup_guide.htm#Interfaces">3.0 Network Interfaces</a></li>
-  <li><a href="shorewall_setup_guide.htm#Addressing">4.0 Addressing, Subnets and Routing</a><ul>
+   <li><a href="shorewall_setup_guide.htm#Addressing">4.0 Addressing, Subnets
 and Routing</a>
    <ul>
     <li><a href="shorewall_setup_guide.htm#Addresses">4.1 IP Addresses</a></li>
     <li><a href="shorewall_setup_guide.htm#Subnets">4.2 Subnets</a></li>
     <li><a href="shorewall_setup_guide.htm#Routing">4.3 Routing</a></li>
     <li><a href="shorewall_setup_guide.htm#ARP">4.4 Address Resolution Protocol</a></li>
    </ul>
    <ul>
     <li><a href="shorewall_setup_guide.htm#RFC1918">4.5 RFC 1918</a></li>
    </ul>
   </li>
-  <li><a href="shorewall_setup_guide.htm#Options">5.0 Setting up your Network</a><ul>
+   <li><a href="shorewall_setup_guide.htm#Options">5.0 Setting up your Network</a>
-    <li><a href="shorewall_setup_guide.htm#Routed">5.1 Routed</a></li>
+    <ul>
-  </ul>
+     <li><a href="shorewall_setup_guide.htm#Routed">5.1 Routed</a></li>
    </ul>
    <ul>
     <li><a href="shorewall_setup_guide.htm#NonRouted">5.2 Non-routed</a>
        <ul>
    <li><a href="shorewall_setup_guide.htm#NonRouted">5.2 Non-routed</a><ul>
       <li><a href="shorewall_setup_guide.htm#SNAT">5.2.1 SNAT</a></li>
       <li><a href="shorewall_setup_guide.htm#DNAT">5.2.2 DNAT</a></li>
       <li><a href="shorewall_setup_guide.htm#ProxyARP">5.2.3 Proxy ARP</a></li>
       <li><a href="shorewall_setup_guide.htm#NAT">5.2.4 Static NAT</a></li>
        </ul>
     </li>
     <li><a href="shorewall_setup_guide.htm#Rules">5.3 Rules</a></li>
     <li><a href="shorewall_setup_guide.htm#OddsAndEnds">5.4 Odds and Ends</a></li>
    </ul>
   </li>
   <li><a href="shorewall_setup_guide.htm#DNS">6.0 DNS</a></li>
-  <li><a href="shorewall_setup_guide.htm#StartingAndStopping">7.0 Starting and 
+   <li><a href="shorewall_setup_guide.htm#StartingAndStopping">7.0 Starting
-  Stopping the Firewall</a></li>
+and    Stopping the Firewall</a></li>
 </ul>
 <h2><a name="Documentation"></a>Additional Documentation</h2>
-<p>The following documentation covers a variety of topics and supplements the 
+ 
-<a href="shorewall_quickstart_guide.htm">QuickStart Guides</a> described above.</p>
+<p>The following documentation covers a variety of topics and supplements
 the  <a href="shorewall_quickstart_guide.htm">QuickStart Guides</a> described
 above.</p>
 <ul>
-  <li><a href="blacklisting_support.htm">Blacklisting</a><ul>
+   <li><a href="blacklisting_support.htm">Blacklisting</a>
    <ul>
     <li>Static Blacklisting using /etc/shorewall/blacklist</li>
     <li>Dynamic Blacklisting using /sbin/shorewall</li>
    </ul>
   </li>
-  <li><a href="configuration_file_basics.htm">Common configuration file features</a><ul>
+   <li><a href="configuration_file_basics.htm">Common configuration file
 features</a>
    <ul>
     <li>Comments in configuration files</li>
     <li>Line Continuation</li>
     <li>Port Numbers/Service Names</li>
@ -91,11 +128,12 @@ explained in the single-address guides above.</p>
     <li>Complementing an IP address or Subnet</li>
     <li>Shorewall Configurations (making a test configuration)</li>
     <li>Using MAC Addresses in Shorewall</li>
    </ul>
   </li>
-  <li><a href="Documentation.htm">Configuration File Reference Manual</a><ul>
+   <li><a href="Documentation.htm">Configuration File Reference Manual</a>
-    <li>
+    <ul>
-  <a href="Documentation.htm#Variables">params</a></li>
+     <li>   <a href="Documentation.htm#Variables">params</a></li>
     <li><font color="#000099"><a href="Documentation.htm#Zones">zones</a></font></li>
     <li><font color="#000099"><a href="Documentation.htm#Interfaces">interfaces</a></font></li>
     <li><font color="#000099"><a href="Documentation.htm#Hosts">hosts</a></font></li>
@ -113,38 +151,52 @@ explained in the single-address guides above.</p>
     <li><a href="Documentation.htm#Blacklist">blacklist</a></li>
     <li><a href="Documentation.htm#rfc1918">rfc1918</a></li>
     <li><a href="Documentation.htm#Routestopped">routestopped</a></li>
    </ul>
   </li>
   <li><a href="dhcp.htm">DHCP</a></li>
-  <li><font color="#000099"><a href="shorewall_extension_scripts.htm">Extension Scripts</a></font> 
+   <li><font color="#000099"><a href="shorewall_extension_scripts.htm">Extension
-  (How to extend Shorewall without modifying Shorewall code)</li>
+Scripts</a></font>    (How to extend Shorewall without modifying Shorewall
 code)</li>
   <li><a href="fallback.htm">Fallback/Uninstall</a></li>
   <li><a href="shorewall_firewall_structure.htm">Firewall Structure</a></li>
   <li><font color="#000099"><a href="kernel.htm">Kernel Configuration</a></font></li>
-  <li><a href="myfiles.htm">My
+   <li><a href="myfiles.htm">My  Configuration Files</a> (How I personally
- Configuration Files</a> (How I personally use Shorewall)</li>
+use Shorewall)</li>
-  <li><a href="ports.htm">Port Information</a><ul>
+   <li><a href="ports.htm">Port Information</a>
    <ul>
     <li>Which applications use which ports</li>
     <li>Ports used by Trojans</li>
    </ul>
   </li>
   <li><a href="ProxyARP.htm">Proxy ARP</a></li>
   <li><a href="samba.htm">Samba</a></li>
-  <li><font color="#000099"><a href="starting_and_stopping_shorewall.htm">Starting/stopping the Firewall</a></font></li>
+   <li><font color="#000099"><a
 href="starting_and_stopping_shorewall.htm">Starting/stopping the Firewall</a></font></li>
   <li><font color="#000099"><a href="NAT.htm">Static NAT</a></font></li>
   <li><a href="traffic_shaping.htm">Traffic Shaping/Control</a></li>
-  <li>Tunnels<ul>
+   <li>VPN
    <ul>
     <li><a href="IPSEC.htm">IPSEC</a></li>
     <li><a href="IPIP.htm">GRE and IPIP</a></li>
     <li><a href="PPTP.htm">PPTP</a></li>
     <li><a href="VPN.htm">IPSEC/PPTP</a> from a system behind your firewall
 to a      remote network.</li>
    </ul>
   </li>
   <li><a href="whitelisting_under_shorewall.htm">White List Creation</a></li>
 </ul>
-<p>If you use one of these guides and have a suggestion for improvement
+ 
-<a href="mailto:webmaster@shorewall.net">please let me know</a>.</p>
+<p>If you use one of these guides and have a suggestion for improvement <a
 href="mailto:webmaster@shorewall.net">please let me know</a>.</p>
 <p><font size="2">Last modified 9/16/2002 - <a
 href="file:///J:/Shorewall/Shorewall-docs/support.htm">Tom Eastep</a></font></p>
 <p><a href="copyright.htm"><font size="2">Copyright  2002 Thomas M. Eastep</font></a></p>
-
+  <br>
 </body>
 </html>
--- a/Shorewall-docs/support.htm
+++ b/Shorewall-docs/support.htm
@ -1,127 +1,147 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
 <head>
-<meta http-equiv="Content-Language" content="en-us">
+ 
-<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
+  <meta http-equiv="Content-Language" content="en-us">
-<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
+ 
-<meta name="ProgId" content="FrontPage.Editor.Document">
+  <meta http-equiv="Content-Type"
-<title>Support</title>
+ content="text/html; charset=windows-1252">
-<meta name="Microsoft Theme" content="none">
+ 
  <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
  <meta name="ProgId" content="FrontPage.Editor.Document">
  <title>Support</title>
  <meta name="Microsoft Theme" content="none">
 </head>
  <body>
-<body>
+<table border="0" cellpadding="0" cellspacing="0"
-
+ style="border-collapse: collapse;" width="100%" id="AutoNumber1"
-<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+ bgcolor="#400169" height="90">
   <tbody>
    <tr>
     <td width="100%">     
-    <h1 align="center"><font color="#FFFFFF">Shorewall Support</font></h1>
+      <h1 align="center"><font color="#ffffff">Shorewall Support</font></h1>
     </td>
   </tr>
  </tbody>
 </table>
-<h3 align="left">Before Reporting a Problem</h3>
+<h3 align="left"> <span style="font-weight: 400;"><i> "<font size="3">It
-<blockquote>
+is easier to post a problem than to use your own brain" </font>-- </i> <font
 size="2">Weitse Venema (creator of <a href="http://www.postfix.org">Postfix</a>)</font></span></h3>
 <p align="left"> <i>"Any sane computer with tell you how it works -- you
 just  have to ask it the right questions" </i>-- <font size="2">Tom Eastep</font></p>
 <blockquote> </blockquote>
 <p><span style="font-weight: 400;"><i>"It irks me when people believe that
 free software        comes at no cost. The cost is incredibly high."</i>
 - <font size="2">       Weitse Venema</font></span></p>
 <h3 align="left">Before Reporting a Problem</h3>
 <h3 align="left"> <span style="font-weight: 400"><i>
 &quot;It is easier to post a problem than to use your own brain&quot; -- </i>
 <font size="2">Weitse Venema (creator of Postfix)</font></span></h3>
 </blockquote>
 <p>There are a number of sources for problem solution information.</p>
 <ul>
-  <li>The <a href="troubleshoot.htm">Troubleshooting</a> Information contains a 
+   <li>The <a href="FAQ.htm">FAQ</a> has solutions to common problems.</li>
-  number of tips to help you solve common problems.</li>
+   <li>The <a href="troubleshoot.htm">Troubleshooting</a> Information contains
 a    number of tips to help you solve common problems.</li>
   <li>The <a href="errata.htm">   Errata</a> has links to download updated
   components.</li>
  <li>The <a href="FAQ.htm">FAQ</a> has solutions to common problems.</li>
   <li>The Mailing List Archives are a useful source of problem solving  
 information.</li>
 </ul>
 <blockquote> 
-<p>The archives from the  mailing List are at <a href="http://www.shorewall.net/pipermail/shorewall-users">http://www.shorewall.net/pipermail/shorewall-users</a>.</p>
+  <p>The archives from the  mailing List are at <a
 href="http://www.shorewall.net/pipermail/shorewall-users">http://www.shorewall.net/pipermail/shorewall-users</a>.</p>
  <h3>Search the  Mailing List Archives at Shorewall.net</h3>
-<form method="POST" action="http://www.shorewall.net/cgi-bin/htsearch">
+  <form method="post" action="http://www.shorewall.net/cgi-bin/htsearch"> 
-<p>
+    <p> <font size="-1"> Match: 
-<font size="-1">
+    <select name="method">
-Match: <select name="method">
+    <option value="and">All </option>
-<option value="and">All
+    <option value="or">Any </option>
-<option value="or">Any
+    <option value="boolean">Boolean </option>
-<option value="boolean">Boolean
+    </select>
-</select>
+ Format: 
-Format: <select name="format">
+    <select name="format">
-<option value="builtin-long">Long
+    <option value="builtin-long">Long </option>
-<option value="builtin-short">Short
+    <option value="builtin-short">Short </option>
-</select>
+    </select>
-Sort by: <select name="sort">
+ Sort by: 
-<option value="score">Score
+    <select name="sort">
-<option value="time">Time
+    <option value="score">Score </option>
-<option value="title">Title
+    <option value="time">Time </option>
-<option value="revscore">Reverse Score
+    <option value="title">Title </option>
-<option value="revtime">Reverse Time
+    <option value="revscore">Reverse Score </option>
-<option value="revtitle">Reverse Title
+    <option value="revtime">Reverse Time </option>
-</select>
+    <option value="revtitle">Reverse Title </option>
-</font>
+    </select>
-<input type="hidden" name="config" value="htdig">
+ </font> <input type="hidden" name="config" value="htdig"> <input
-<input type="hidden" name="restrict" value="[http://www.shorewall.net/pipermail/.*]">
+ type="hidden" name="restrict"
-<input type="hidden" name="exclude" value="">
+ value="[http://www.shorewall.net/pipermail/.*]"> <input type="hidden"
-<br>
+ name="exclude" value=""> <br>
-Search:
+ Search: <input type="text" size="30" name="words" value=""> <input
-<input type="text" size="30" name="words" value="">
+ type="submit" value="Search"> </p>
-<input type="submit" value="Search"> </p>
+ </form>
-</form>
+                                </blockquote>
-</blockquote>
+<h3 align="left">Problem Reporting Guidelines</h3>
      <h3 align="Left">Problem Reporting Guidelines</h3>
 <ul>
   <li>When reporting a problem, give as much information as you can. Reports 
-that say "I tried XYZ and it didn't work&quot; are not at all helpful.</li>
+that say "I tried XYZ and it didn't work" are not at all helpful.</li>
   <li>Please don't describe your environment and then ask us to send you 
-          custom configuration files. We're here to answer your questions but we
+          custom configuration files. We're here to answer your questions
-          can't do your job for you.</li>
+but we           can't do your job for you.</li>
-  <li>Do you see any "Shorewall" messages in     /var/log/messages when you exercise
+   <li>Do you see any "Shorewall" messages in     /var/log/messages when
-the function that is giving you problems?</li>
+you exercise the function that is giving you problems?</li>
-  <li>Have you looked at the packet flow with a tool like tcpdump     to try to
+   <li>Have you looked at the packet flow with a tool like tcpdump     to
-understand what is going on?</li>
+try to understand what is going on?</li>
-  <li>Have you tried using the diagnostic capabilities of the     application that
+   <li>Have you tried using the diagnostic capabilities of the     application
-isn't working? For example, if "ssh" isn't able     to connect, using the
+that isn't working? For example, if "ssh" isn't able     to connect, using
-"-v" option gives you a lot of valuable     diagnostic information.</li>
+the "-v" option gives you a lot of valuable     diagnostic information.</li>
-  <li>Please include any of the Shorewall configuration files (especially the 
+   <li>Please include any of the Shorewall configuration files (especially
-  /etc/shorewall/hosts file if you have modified that file) that you think are 
+the    /etc/shorewall/hosts file if you have modified that file) that you
-  relevant. If an error occurs when you try to &quot;shorewall start&quot;, include a 
+think are    relevant. If an error occurs when you try to "shorewall start",
-  trace (See the <a href="troubleshoot.htm">Troubleshooting</a> section for 
+include a    trace (See the <a href="troubleshoot.htm">Troubleshooting</a>
-  instructions).</li>
+section for    instructions).</li>
   <li>The list server limits posts to 120kb so don't post GIFs of your 
         network layout, etc to the Mailing List -- your post will be rejected.</li>
 </ul>
-<h3>Where to Send your Problem
+ 
-Report or to Ask for Help</h3>
+<h3>Where to Send your Problem Report or to Ask for Help</h3>
-<h4>If you run Shorewall under Bering -- <span style="font-weight: 400">please 
+ 
-post your question or problem to the
+<h4>If you run Shorewall under Bering -- <span style="font-weight: 400;">please
-<a href="mailto:leaf-user@lists.sourceforge.net">LEAF Users mailing list</a>.</span></h4>
+ post your question or problem to the <a
-<p>Otherwise, please post your question or problem to the
+ href="mailto:leaf-user@lists.sourceforge.net">LEAF Users mailing list</a>.</span></h4>
-<a href="mailto:shorewall-users@shorewall.net">Shorewall users mailing list</a>; 
+ 
-there are lots of folks there who are willing to help you. Your question/problem 
+<p>Otherwise, please post your question or problem to the <a
-description and their responses will be placed in the mailing list archives to 
+ href="mailto:shorewall-users@shorewall.net">Shorewall users mailing list</a>;
-help people who have a similar question or problem in the future.</p>
+ there are lots of folks there who are willing to help you. Your question/problem
-<blockquote>
+ description and their responses will be placed in the mailing list archives
-<h3><span style="font-weight: 400"><i>&quot;It irks me when people believe that free software 
+to  help people who have a similar question or problem in the future.</p>
-      comes at no cost. The cost is incredibly high.&quot;</i> - <font size="2">
+                                 
-      Weitse Venema</font></span></h3>
+<p>I don't look at problems sent to me directly but I try to spend some amount
-</blockquote>
+ of time each day responding to problems posted on the mailing list.</p>
-<p>I do not answer questions or work on problems sent to me personally but I try 
+                                
-to respond promptly to mailing list posts.&nbsp;&nbsp; <a href="mailto:teastep@shorewall.net">-Tom</a></p>
+<p align="center"><a href="mailto:teastep@shorewall.net">-Tom</a></p>
-<p>To Subscribe to the  mailing list go to <a href="http://www.shorewall.net/mailman/listinfo/shorewall-users">http://www.shorewall.net/mailman/listinfo/shorewall-users</a>
+                                
 <p>To Subscribe to the  mailing list go to <a
 href="http://www.shorewall.net/mailman/listinfo/shorewall-users">http://www.shorewall.net/mailman/listinfo/shorewall-users</a> 
    .</p>
-<p align="left"><font size="2">Last Updated 8/17/2002 - Tom
+<p align="left"><font size="2">Last Updated 9/14/2002 - Tom Eastep</font></p>
 Eastep</font></p>
 <p align="left"><font face="Trebuchet MS"><a href="copyright.htm">
 <font size="2">Copyright</font> © <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></p>
 <p align="left"><font face="Trebuchet MS"><a href="copyright.htm"> <font
 size="2">Copyright</font> © <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></p>
  <br>
 </body>
 </html>
--- a/Shorewall-docs/three-interface.htm
+++ b/Shorewall-docs/three-interface.htm
--- a/Shorewall-docs/traffic_shaping.htm
+++ b/Shorewall-docs/traffic_shaping.htm
@ -55,6 +55,9 @@ utilities.</p>
    normally not required as Shorewall's method of clearing qdisc and filter
    definitions is pretty general.</li>
 </ul>
 <h3 align="left">Kernel Configuration</h3>
 <p align="left">This screen shot show how I've configured QoS in my Kernel:</p>
 <p align="center"><img border="0" src="images/QoS.png" width="590" height="764"></p>
 <h3 align="left"><a name="tcrules"></a>/etc/shorewall/tcrules</h3>
 <p align="left">The fwmark classifier provides a convenient way to classify
 packets for traffic shaping. The /etc/shorewall/tcrules file provides a means
@ -200,7 +203,7 @@ use to others.</p>
  configuration</a> to get an idea of why I want these particular rules.<font face="Courier" size="2"><br>
  </font></p>
 </blockquote>
-<p><font size="2">Last Updated 6/18/2002 - <a href="support.htm">Tom
+<p><font size="2">Last Updated 8/24/2002 - <a href="support.htm">Tom
 Eastep</a></font></p>
 <p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font> 
--- a/Shorewall-docs/troubleshoot.htm
+++ b/Shorewall-docs/troubleshoot.htm
@ -126,6 +126,17 @@ policy</li>
      <h3 align="Left">Other Gotchas</h3>
  <ul>
    <li>Seeing rejected/dropped packets logged out of the INPUT or FORWARD 
    chains? This means that:<ol>
      <li>your zone definitions are screwed up and the host that is sending the 
      packets or the destination host isn't in any zone (using an
      <a href="Documentation.htm#Hosts">/etc/shorewall/hosts</a> file are you?); 
      or</li>
      <li>the source and destination hosts are both connected to the same 
      interface and that interface doesn't have the 'multi' option specified in
      <a href="Documentation.htm#Interfaces">/etc/shorewall/interfaces</a>.</li>
    </ol>
    </li>
    <li>Remember that Shorewall doesn't automatically allow ICMP     type 8 ("ping")
 requests to be sent between zones. If you want     pings to be allowed between
 zones, you need a rule of the form:<br>
@ -183,7 +194,7 @@ ADD_IP_ALIASES</a>
     </font>
-        <p><font size="2">Last updated 7/27/2002 -
+        <p><font size="2">Last updated 9/13/2002 -
 Tom Eastep</font>
 </p>
--- a/Shorewall-docs/two-interface.htm
+++ b/Shorewall-docs/two-interface.htm