extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-02 19:49:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update the Introduction

Browse Source
This commit is contained in:
Tom Eastep 2009-06-09 07:03:57 -07:00
parent 41687a10a3
commit 32cab2d7fc
1 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
docs/Introduction.xml
View File

@ -311,10 +311,22 @@ $FW net ACCEPT</programlisting> The above policies will:
</listitem> </listitem>
</itemizedlist></para> </itemizedlist></para>
<para>A word about Shorewall logging is in order. Shorewall does not have
direct control over where its messages are logged; that is determined by
the configuration of the logging daemon (syslog, rsyslog, syslog-ng,
ulogd, etc.). The LOGFILE setting in <ulink
url="manpages/shorewall.conf.html">/etc/shorewall/shorewall.conf</ulink>
tells Shorewall <emphasis>where to find the log</emphasis>; it doesn't
determine where messages are logged. See the <ulink
url="shorewall_logging.html">Shorewall logging article</ulink> for more
information.</para>
<para>To illustrate how rules provide exceptions to policies, suppose that <para>To illustrate how rules provide exceptions to policies, suppose that
you have the polices listed above but you want to be able to connect to you have the polices listed above but you want to be able to connect to
your firewall from the Internet using Secure Shell (SSH). Recall that SSH your firewall from the Internet using Secure Shell (SSH). Recall that SSH
connects uses TCP port 22.</para> connects uses TCP port 22. You would add the following rule to <ulink
url="manpages/shorewall-rules.html"><filename
class="directory">/etc/shorewall/</filename><filename>rules</filename>:</ulink></para>
<programlisting>#ACTION SOURCE DEST PROTO DEST <programlisting>#ACTION SOURCE DEST PROTO DEST
# PORT(S) # PORT(S)
@ -338,7 +350,7 @@ ACCEPT net $FW tcp 22</programlisting>
</listitem> </listitem>
<listitem> <listitem>
<para>To keep your <ulink url="shorewall_logging.html">firewall <para>Again, to keep your <ulink url="shorewall_logging.html">firewall
log</ulink> from filling up with useless noise, Shorewall provides log</ulink> from filling up with useless noise, Shorewall provides
<ulink url="Actions.html">common actions</ulink> that silently discard <ulink url="Actions.html">common actions</ulink> that silently discard
or reject such noise before it can be logged. As with everything in or reject such noise before it can be logged. As with everything in
@ -360,9 +372,15 @@ ACCEPT net $FW tcp 22</programlisting>
<para>The 'compiled' scripts are placed in the directory <filename <para>The 'compiled' scripts are placed in the directory <filename
class="directory">/var/lib/shorewall</filename> and are named to class="directory">/var/lib/shorewall</filename> and are named to
correspond to the command being executed. For example, the command correspond to the command being executed. For example, the command
"/sbin/shorewall start" will generate a script named <command>/sbin/shorewall start</command> will generate a script named
<filename>/var/lib/shorewall/.start</filename> and, if the compilation is <filename>/var/lib/shorewall/.start</filename> and, if the compilation is
error free, that script will then be executed.</para> error free, that script will then be executed. If the script executes
successfully, it then copies itself to
<filename>/var/lib/shorewall/firewall</filename>. When an
<command>/sbin/shorewall stop</command> or <command>/sbin/shorewall
clear</command> command is subsequently executed,
<filename>/var/lib/shorewall/firewall</filename> is run to perform the
requested operation.</para>
</section> </section>
<section id="Packages"> <section id="Packages">