From 34101c0766cb480448f6276ea4290d8aec83d3ea Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 4 Jul 2007 00:18:10 +0000 Subject: [PATCH] Second cut at removing references to Documentation.htm git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6775 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/FAQ.xml | 30 +++++++++++++++--------------- docs/Introduction.xml | 8 ++++---- docs/MAC_Validation.xml | 2 +- docs/Macros.xml | 2 +- docs/NAT.xml | 2 +- docs/OPENVPN.xml | 2 +- docs/blacklisting_support_ru.xml | 2 +- docs/dhcp.xml | 12 ++++++------ docs/netmap.xml | 2 +- docs/shorewall_logging.xml | 10 +++++----- docs/shorewall_setup_guide.xml | 10 +++++----- docs/standalone.xml | 4 ++-- docs/standalone_ru.xml | 4 ++-- docs/three-interface_ru.xml | 4 ++-- docs/troubleshoot.xml | 4 ++-- docs/two-interface.xml | 4 ++-- docs/two-interface_ru.xml | 4 ++-- 17 files changed, 53 insertions(+), 53 deletions(-) diff --git a/docs/FAQ.xml b/docs/FAQ.xml index e4e83e131..7513e967f 100644 --- a/docs/FAQ.xml +++ b/docs/FAQ.xml @@ -855,7 +855,7 @@ to debug/develop the newnat interface. Answer: Add the routeback option to br0 in /etc/shorewall/interfaces. + url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces. For more information on this type of configuration, see the Shorewall Simple Bridge @@ -895,8 +895,8 @@ to debug/develop the newnat interface. messages. It always uses the LOG_KERN (kern) facility (see man openlog) and you get to choose the log level (again, see man syslog) in your policies and rules. The destination for + url="manpages/shorewall-policy.html">policies and rules. The destination for messages logged by syslog is controlled by /etc/syslog.conf (see man syslog.conf). When you have changed /etc/syslog.conf, be sure to @@ -1159,10 +1159,10 @@ DROP net fw udp 10619 You have a policy that specifies a log + url="manpages/shorewall-policy.html">policy that specifies a log level and this packet is being logged under that policy. If you intend to ACCEPT this traffic then you need a rule to that effect. + url="manpages/shorewall-rules.html">rule to that effect. Beginning with Shorewall 3.3.3, packets logged out of these chains may have a source and/or destination that is not in any @@ -1177,11 +1177,11 @@ DROP net fw udp 10619 Either you have a policy for policy for <zone1> to <zone2> that specifies a log level and this packet is being logged under that policy or this packet - matches a rule that + matches a rule that includes a log level. @@ -1207,7 +1207,7 @@ DROP net fw udp 10619 The packet is being logged under the maclist interface + url="manpages/shorewall-interfaces.html">interface option. @@ -1218,7 +1218,7 @@ DROP net fw udp 10619 The packet is being logged under the logunclean interface + url="manpages/shorewall-interfaces.html">interface option. @@ -1229,7 +1229,7 @@ DROP net fw udp 10619 The packet is being logged under the dropunclean interface option as + url="manpages/shorewall-interfaces.html">interface option as specified in the LOGUNCLEAN setting in /etc/shorewall/shorewall.conf @@ -1260,7 +1260,7 @@ DROP net fw udp 10619 interfaces are the same, then you probably need the routeback option on that interface in /etc/shorewall/interfaces + url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces or you need the routeback option in the relevant entry in The packet is being logged because it failed the checks implemented by the tcpflags - interface + interface option. @@ -1607,7 +1607,7 @@ Creating input Chains... connected through eth0 and the local zone is defined as all hosts connected through eth1. If you are running Shorewall 1.4.10 or later, you can consider setting the - detectnets interface option on your local interface (eth1 in the above example). That will cause Shorewall to restrict the local zone to only @@ -1878,7 +1878,7 @@ iptables: Invalid argument url="blacklisting_support.htm">blacklisting facility. Shorewall versions 2.0.0 and later filter these packets under the nosmurfs interface option in /etc/shorewall/interfaces. + url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces. @@ -1888,7 +1888,7 @@ iptables: Invalid argument Answer: Yes, if the routefilter interface + url="manpages/shorewall-interfaces.html">routefilter interface option is selected. diff --git a/docs/Introduction.xml b/docs/Introduction.xml index 82bc69211..ff1aa177f 100644 --- a/docs/Introduction.xml +++ b/docs/Introduction.xml @@ -150,7 +150,7 @@ dmz ipv4 The simplest way to define the hosts in a zone is to associate the zone with a network interface using the /etc/shorewall/interfaces + url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces file. In the three-interface sample, the three zones are defined using that file as follows: @@ -165,7 +165,7 @@ dmz eth2 detect important to note that the composition of a zone is defined in terms of a combination of addresses and interfaces. When using the /etc/shorewall/interfaces + url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces file to define a zone, all addresses are included; when you want to define a zone that contains a limited subset of the IPv4 address space, you use the You express your default policy for connections from one zone to another zone in the /etc/shorewall/policy file. The basic choices for policy are: @@ -203,7 +203,7 @@ dmz eth2 detect You define exceptions to these default policies in the /etc/shorewall/rules file. diff --git a/docs/MAC_Validation.xml b/docs/MAC_Validation.xml index 9dfefa195..a7099a4cd 100644 --- a/docs/MAC_Validation.xml +++ b/docs/MAC_Validation.xml @@ -79,7 +79,7 @@ The maclist interface option in /etc/shorewall/interfaces. + url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces. When this option is specified, all new connection requests arriving on the interface are subject to MAC verification. diff --git a/docs/Macros.xml b/docs/Macros.xml index f52b0590b..f0f394150 100644 --- a/docs/Macros.xml +++ b/docs/Macros.xml @@ -53,7 +53,7 @@ Shorewall macros allow a symbolic name to be associated with a series of one or more iptables rules. The symbolic name may appear in the ACTION column of an /etc/shorewall/rules file + url="manpages/shorewall-rules.html">/etc/shorewall/rules file entry and in the TARGET column of an action in which case, the traffic matching that rules file entry will be passed to the series of iptables rules named by the macro. diff --git a/docs/NAT.xml b/docs/NAT.xml index 36ec604cb..49d4c9c0d 100644 --- a/docs/NAT.xml +++ b/docs/NAT.xml @@ -48,7 +48,7 @@ If all you want to do is forward ports to servers behind your firewall, you do NOT want to use one-to-one NAT. Port forwarding can be accomplished with simple entries in the rules file. + url="manpages/shorewall-rules.html">rules file. One-to-one NAT is a way to make systems behind a firewall and diff --git a/docs/OPENVPN.xml b/docs/OPENVPN.xml index 2fb0096fc..0459ac1db 100644 --- a/docs/OPENVPN.xml +++ b/docs/OPENVPN.xml @@ -426,7 +426,7 @@ verb 3 Specify the routeback option on the tun+ device in /etc/shorewall/interfaces. + url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces. diff --git a/docs/blacklisting_support_ru.xml b/docs/blacklisting_support_ru.xml index f4f946136..9b3cc7f76 100644 --- a/docs/blacklisting_support_ru.xml +++ b/docs/blacklisting_support_ru.xml @@ -98,7 +98,7 @@ Интерфейсы, для которых входящие пакеты проверяются на соответствие чёрному списку, задаются с помощью опции blacklist в файле /etc/shorewall/interfaces. + url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces. diff --git a/docs/dhcp.xml b/docs/dhcp.xml index 39c559c48..6b0797bb4 100644 --- a/docs/dhcp.xml +++ b/docs/dhcp.xml @@ -57,7 +57,7 @@ Specify the dhcp option on each interface to be served by your server in the /etc/shorewall/interfaces + url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces file. This will generate rules that will allow DHCP to and from your firewall system. @@ -84,7 +84,7 @@ Specify the dhcp option for this interface in the /etc/shorewall/interfaces + url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces file. This will generate rules that will allow DHCP to and from your firewall system. @@ -93,7 +93,7 @@ If you know that the dynamic address is always going to be in the same subnet, you can specify the subnet address in the interface's entry in the /etc/shorewall/interfaces + url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces file. @@ -101,7 +101,7 @@ If you don't know the subnet address in advance, you should specify detect for the interface's subnet address in the /etc/shorewall/interfaces + url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces file and start Shorewall after the interface has started. @@ -130,7 +130,7 @@ Specify the dhcp option for the bridge interface in the /etc/shorewall/interfaces + url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces file. This will generate rules that will allow DHCP to and from your firewall system as well as through the bridge. @@ -143,7 +143,7 @@ Specify the "dhcp" option (in /etc/shorewall/interfaces) + url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces) on the interface facing the DHCP server and on the interfaces to be relayed. diff --git a/docs/netmap.xml b/docs/netmap.xml index 00bdf1222..39119f1af 100644 --- a/docs/netmap.xml +++ b/docs/netmap.xml @@ -124,7 +124,7 @@ A firewall interface. This interface must have been defined in /etc/shorewall/interfaces. + url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces. diff --git a/docs/shorewall_logging.xml b/docs/shorewall_logging.xml index e0f995e49..e88107b09 100644 --- a/docs/shorewall_logging.xml +++ b/docs/shorewall_logging.xml @@ -52,7 +52,7 @@ The packet is part of an established connecection. While the packet can be logged using LOG rules in the ESTABLISHED section of - /etc/shorewall/rules, + /etc/shorewall/rules, that is not recommended because of the large amount of information that may be logged. @@ -62,14 +62,14 @@ established connection (such as a data connection associated with an FTP control connection). These packets may be logged using LOG rules in the RELATED section of /etc/shorewall/rules. + url="manpages/shorewall-rules.html">/etc/shorewall/rules. The packet is rejected because of an option in /etc/shorewall/shorewall.conf or /etc/shorewall/interfaces. + url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces. These packets can be logged by setting the appropriate logging-related option in /etc/shorewall/shorewall.conf. @@ -77,7 +77,7 @@ The packet matches a rule in /etc/shorewall/rules. By + url="manpages/shorewall-rules.html">/etc/shorewall/rules. By including a syslog level (see below) in the ACTION column of a rule (e.g., ACCEPT:info net $FW tcp 22), the connection attempt will be logged at that @@ -87,7 +87,7 @@ The packet doesn't match a rule so it is handled by a policy defined in /etc/shorewall/policy. These + url="manpages/shorewall-policy.html">/etc/shorewall/policy. These may be logged by specifying a syslog level in the LOG LEVEL column of the policy's entry (e.g., loc net ACCEPT info). diff --git a/docs/shorewall_setup_guide.xml b/docs/shorewall_setup_guide.xml index 3eafaf70a..79104c03d 100644 --- a/docs/shorewall_setup_guide.xml +++ b/docs/shorewall_setup_guide.xml @@ -207,14 +207,14 @@ dmz ipv4 You express your default policy for connections from one zone to another zone in the /etc/shorewall/policy + url="manpages/shorewall-policy.html">/etc/shorewall/policy file. You define exceptions to those default policies in the /etc/shorewall/rules. + url="manpages/shorewall-rules.html">/etc/shorewall/rules. @@ -343,7 +343,7 @@ all all REJECT info The simplest way to define zones is to associate the zone name (previously defined in /etc/shorewall/zones) with a network interface. This is done in the /etc/shorewall/interfaces file. + url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces file. The firewall illustrated above has three network interfaces. Where Internet connectivity is through a cable or DSL Modem, the External Interface will be the Ethernet adapter that @@ -413,7 +413,7 @@ all all REJECT info The Shorewall default configuration does not define the contents of any zone. To define the above configuration using the /etc/shorewall/interfaces file, + url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces file, that file would might contain: #ZONE INTERFACE BROADCAST OPTIONS @@ -1407,7 +1407,7 @@ eth0 192.168.201.0/29 192.0.2.176 system Local 3. You could allow connections to the internet to her server by adding the following entry in /etc/shorewall/rules: + url="manpages/shorewall-rules.html">/etc/shorewall/rules: #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # PORT(S) PORT(S) DEST diff --git a/docs/standalone.xml b/docs/standalone.xml index ba38b42ee..fc8e20a13 100644 --- a/docs/standalone.xml +++ b/docs/standalone.xml @@ -244,13 +244,13 @@ net ipv4 You express your default policy for connections from one zone to another zone in the /etc/shorewall/policy + url="manpages/shorewall-policy.html">/etc/shorewall/policy file. You define exceptions to those default policies in the /etc/shorewall/rules + url="manpages/shorewall-rules.html">/etc/shorewall/rules file. diff --git a/docs/standalone_ru.xml b/docs/standalone_ru.xml index cbe2cd7b7..24b274c91 100644 --- a/docs/standalone_ru.xml +++ b/docs/standalone_ru.xml @@ -250,13 +250,13 @@ net ipv4 Вы отражаете Вашу политику по умолчанию для соединений из одной зоны в другую в файле/etc/shorewall/policy. + url="manpages/shorewall-policy.html">/etc/shorewall/policy. Вы определяете исключения из политики по умолчанию в файле /etc/shorewall/rules. + url="manpages/shorewall-rules.html">/etc/shorewall/rules. diff --git a/docs/three-interface_ru.xml b/docs/three-interface_ru.xml index c4374f9e6..876b47925 100644 --- a/docs/three-interface_ru.xml +++ b/docs/three-interface_ru.xml @@ -270,13 +270,13 @@ dmz ipv4 Вы отражаете Вашу политику по умолчанию для соединений из одной зоны в другую в файле/etc/shorewall/policy. + url="manpages/shorewall-policy.html">/etc/shorewall/policy. Вы определяете исключения из политики по умолчанию в файле /etc/shorewall/rules. + url="manpages/shorewall-rules.html">/etc/shorewall/rules. diff --git a/docs/troubleshoot.xml b/docs/troubleshoot.xml index bc2aab90f..d5b01fece 100644 --- a/docs/troubleshoot.xml +++ b/docs/troubleshoot.xml @@ -214,7 +214,7 @@ gateway:~/test # A look at /var/lib/shorewall/restore at line configuration if you specify the arp_filter option or the arp_ignore option in /etc/shorewall/interfaces + url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces for all interfaces connected to the common hub/switch. Using such a setup with a production firewall is strongly recommended against. @@ -467,7 +467,7 @@ Ping/DROP net all zone to or from the destination zone or you haven't set the routeback option for the interface in /etc/shorewall/interfaces. + url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces. diff --git a/docs/two-interface.xml b/docs/two-interface.xml index aa1147527..d733893ae 100644 --- a/docs/two-interface.xml +++ b/docs/two-interface.xml @@ -249,14 +249,14 @@ loc ipv4Zones are defined in the You express your default policy for connections from one zone to another zone in the /etc/shorewall/policy file. You define exceptions to those default policies in the /etc/shorewall/rules file. diff --git a/docs/two-interface_ru.xml b/docs/two-interface_ru.xml index 3d8cc208f..4aa521395 100644 --- a/docs/two-interface_ru.xml +++ b/docs/two-interface_ru.xml @@ -257,13 +257,13 @@ loc ipv4 Вы отражаете Вашу политику по умолчанию для соединений из одной зоны в другую в файле/etc/shorewall/policy. + url="manpages/shorewall-policy.html">/etc/shorewall/policy. Вы определяете исключения из политики по умолчанию в файле /etc/shorewall/rules. + url="manpages/shorewall-rules.html">/etc/shorewall/rules.