Documentation changes for 1.3.8

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@240 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-06-24 03:31:24 +02:00 · 2002-09-16 17:02:45 +00:00 · 2002-09-16 17:02:45 +00:00 · 342db2dd44
commit 342db2dd44
parent da993d8c10
15 changed files with 6956 additions and 6220 deletions
--- a/STABLE/documentation/Documentation.htm
+++ b/STABLE/documentation/Documentation.htm
--- a/STABLE/documentation/Install.htm
+++ b/STABLE/documentation/Install.htm
@ -11,11 +11,14 @@
 <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
-    <h1 align="center"><font color="#FFFFFF">Shorewall Installation</font></h1>
+    <h1 align="center"><font color="#FFFFFF">Shorewall Installation and Upgrade</font></h1>
    </td>
  </tr>
 </table>
 <p align="center"><b>Before upgrading, be sure to review the
 <a href="upgrade_issues.htm">Upgrade Issues</a></b></p>
 <p><font size="4"><b><a href="#Install_RPM">Install using RPM</a><br>
 <a href="#Install_Tarball">Install
 using tarball</a><br>
@ -163,7 +166,7 @@ QuickStart Guides</a> contain all of the information you need.</p>
        the firewall system.</li>
  <li>/etc/shorewall/blacklist - lists blacklisted IP/subnet/MAC addresses.</li>
 </ul>
-<p><font size="2">Updated 8/7/2002 - <a href="support.htm">Tom
+<p><font size="2">Updated 9/13/2002 - <a href="support.htm">Tom
 Eastep</a> </font></p>
 <p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font> 
 © <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></p>
--- a/STABLE/documentation/News.htm
+++ b/STABLE/documentation/News.htm
--- a/STABLE/documentation/Shorewall_index_frame.htm
+++ b/STABLE/documentation/Shorewall_index_frame.htm
@ -44,7 +44,9 @@
      <li>
 <a href="troubleshoot.htm">Troubleshooting</a></li>
      <li>
-<a href="errata.htm">Errata/Upgrade Issues</a></li>
+<a href="errata.htm">Errata</a></li>
      <li>
 <a href="upgrade_issues.htm">Upgrade Issues</a></li>
      <li>
 <a href="support.htm">Support</a></li>
      <li>
--- a/STABLE/documentation/blacklisting_support.htm
+++ b/STABLE/documentation/blacklisting_support.htm
@ -1,67 +1,95 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
 <head>
  <meta http-equiv="Content-Language" content="en-us">
-<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
+ 
  <meta http-equiv="Content-Type"
 content="text/html; charset=windows-1252">
  <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
  <meta name="ProgId" content="FrontPage.Editor.Document">
  <title>Blacklisting Support</title>
 </head>
  <body>
-<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+<table border="0" cellpadding="0" cellspacing="0"
 style="border-collapse: collapse;" bordercolor="#111111" width="100%"
 id="AutoNumber1" bgcolor="#400169" height="90">
   <tbody>
    <tr>
     <td width="100%">     
-    <h1 align="center"><font color="#FFFFFF">Blacklisting Support</font></h1>
+      <h1 align="center"><font color="#ffffff">Blacklisting Support</font></h1>
     </td>
   </tr>
  </tbody>
 </table>
 <p>Shorewall supports two different forms of blacklisting; static and dynamic.</p>
 <h2>Static Blacklisting</h2>
-<p>Shorewall
+ 
-static blacklisting support has the following configuration parameters:</p>
+<p>Shorewall static blacklisting support has the following configuration
 parameters:</p>
 <ul>
-  <li>You specify whether you want packets from blacklisted hosts dropped or
+   <li>You specify whether you want packets from blacklisted hosts dropped
-    rejected using the <a href="Documentation.htm#BLDisposition">BLACKLIST_DISPOSITION</a>
+or     rejected using the <a href="Documentation.htm#BLDisposition">BLACKLIST_DISPOSITION</a> 
    setting in /etc/shorewall/shorewall.conf</li>
-  <li>You specify whether you want packets from blacklisted hosts logged and at
+   <li>You specify whether you want packets from blacklisted hosts logged
-    what syslog level using the <a href="Documentation.htm#BLLoglevel">BLACKLIST_LOGLEVEL</a>
+and at     what syslog level using the <a
-    setting in /etc/shorewall/shorewall.conf</li>
+ href="Documentation.htm#BLLoglevel">BLACKLIST_LOGLEVEL</a>     setting in
-  <li>You list the IP addresses/subnets that you wish to blacklist in <a href="Documentation.htm#Blacklist">/etc/shorewall/blacklist</a></li>
+/etc/shorewall/shorewall.conf</li>
-  <li>You specify the interfaces whose incoming packets you want checked against
+   <li>You list the IP addresses/subnets that you wish to blacklist in <a
-    the blacklist using the &quot;<a href="Documentation.htm#BLInterface">blacklist</a>&quot;
+ href="Documentation.htm#Blacklist">/etc/shorewall/blacklist.</a> Beginning
-    option in /etc/shorewall/interfaces.</li>
+with Shorewall version 1.3.8, you may also specify PROTOCOL and Port numbers/Service
-  <li>The black list is refreshed from /etc/shorewall/blacklist by the &quot;<a href="Documentation.htm#Starting">shorewall
+names in the blacklist file.<br>
-    refresh</a>&quot; command.</li>
+  </li>
   <li>You specify the interfaces whose incoming packets you want checked
 against     the blacklist using the "<a
 href="Documentation.htm#Interfaces">blacklist</a>"     option in /etc/shorewall/interfaces.</li>
   <li>The black list is refreshed from /etc/shorewall/blacklist by the "<a
 href="Documentation.htm#Starting">shorewall     refresh</a>" command.</li>
 </ul>
 <h2>Dynamic Blacklisting</h2>
 <p>Dynamic blacklisting support was added in version 1.3.2. Dynamic blacklisting
 doesn't use any configuration parameters but is rather controlled using
 /sbin/shorewall commands:</p>
 <ul>
-  <li>deny <i>&lt;ip address list&gt; </i>- causes packets from the listed IP 
+   <li>deny <i>&lt;ip address list&gt; </i>- causes packets from the listed
-  addresses to be silently dropped by the firewall.</li>
+IP    addresses to be silently dropped by the firewall.</li>
-  <li>reject <i>&lt;ip address list&gt; </i>- causes packets from the listed IP 
+   <li>reject <i>&lt;ip address list&gt; </i>- causes packets from the listed
-  addresses to be rejected by the firewall.</li>
+IP    addresses to be rejected by the firewall.</li>
-  <li>allow <i>&lt;ip address list&gt; </i>- re-enables receipt of packets from hosts 
+   <li>allow <i>&lt;ip address list&gt; </i>- re-enables receipt of packets
-  previously blacklisted by a <i>deny</i> or <i>reject</i> command.</li>
+from hosts    previously blacklisted by a <i>deny</i> or <i>reject</i> command.</li>
-  <li>save - save the dynamic blacklisting configuration so that it will be 
+   <li>save - save the dynamic blacklisting configuration so that it will
-  automatically restored the next time that the firewall is restarted.</li>
+be    automatically restored the next time that the firewall is restarted.</li>
   <li>show dynamic - displays the dynamic blacklisting configuration.</li>
 </ul>
 <p>Example 1:</p>
 <pre>     shorewall deny 192.0.2.124 192.0.2.125</pre>
-<p>&nbsp;&nbsp;&nbsp; Drops packets from hosts 192.0.2.124 and 192.0.2.125</p>
+ 
 <p>    Drops packets from hosts 192.0.2.124 and 192.0.2.125</p>
 <p>Example 2:</p>
 <pre>     shorewall allow 192.0.2.125</pre>
-<p>&nbsp;&nbsp;&nbsp; Reenables access from 192.0.2.125.</p>
+ 
-<p><font size="2">Last updated 6/16/2002 - <a href="support.htm">Tom
+<p>    Reenables access from 192.0.2.125.</p>
-Eastep</a></font></p>
+ 
 <p><font size="2">Last updated 9/16/2002 - <a href="support.htm">Tom Eastep</a></font></p>
 <p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font>
 © <font size="2">2002 Thomas M. Eastep.</font></a></font></p>
-
+  <br>
 </body>
 </html>
--- a/STABLE/documentation/download.htm
+++ b/STABLE/documentation/download.htm
@ -1,75 +1,95 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
 <head>
  <meta http-equiv="Content-Language" content="en-us">
-<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
+ 
  <meta http-equiv="Content-Type"
 content="text/html; charset=windows-1252">
  <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
  <meta name="ProgId" content="FrontPage.Editor.Document">
  <title>Download</title>
 </head>
  <body>
-<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+<table border="0" cellpadding="0" cellspacing="0"
 style="border-collapse: collapse;" bordercolor="#111111" width="100%"
 id="AutoNumber1" bgcolor="#400169" height="90">
   <tbody>
    <tr>
     <td width="100%">     
-    <h1 align="center"><font color="#FFFFFF">Shorewall Download</font></h1>
+      <h1 align="center"><font color="#ffffff">Shorewall Download</font></h1>
     </td>
   </tr>
  </tbody>
 </table>
-      <p><b>I strongly urge you to read and print a copy of the
+<p><b>I strongly urge you to read and print a copy of the       <a
-      <a href="shorewall_quickstart_guide.htm">Shorewall QuickStart Guide</a> 
+ href="shorewall_quickstart_guide.htm">Shorewall QuickStart Guide</a>   
    for the configuration that most closely matches your own.</b></p>
 <p>Once you've done that, download <u>     one</u> of the modules:</p>
 <ul>
-  <li>If you run a <b>RedHat</b>, <b>SuSE, Mandrake</b>, <b>             Linux PPC</b> or
+   <li>If you run a <b>RedHat</b>, <b>SuSE, Mandrake</b>, <b>           
-    <b> TurboLinux</b> distribution
+ Linux PPC</b> or     <b> TurboLinux</b> distribution     with a 2.4 kernel,
-    with a 2.4 kernel, you can use the  RPM version (note: the      
+you can use the  RPM version (note: the             RPM should also work
-      RPM should also work with other distributions that             store
+with other distributions that             store init scripts in /etc/init.d
-init scripts in /etc/init.d and that             include chkconfig or insserv).
+and that             include chkconfig or insserv). If you find that it works
-If you find that it works in other cases, let <a href="mailto:teastep@shorewall.net">
+in other cases, let <a href="mailto:teastep@shorewall.net">     me</a>  
-    me</a>
+             know so that I can mention them here. See the   <a
-               know so that I can mention them here. See the
+ href="Install.htm">Installation Instructions</a> if you have problems  
  <a href="Install.htm">Installation Instructions</a> if you have problems 
 installing the RPM.</li>
-  <li>If you are running LRP, download the .lrp file (you might also want to
+   <li>If you are running LRP, download the .lrp file (you might also want
-    download the .tgz so you will have a copy of the documentation).</li>
+to     download the .tgz so you will have a copy of the documentation).</li>
   <li>If you run <a href="http://www.debian.org"><b>Debian</b></a> and would 
-    like a .deb package, Shorewall is in both the
+    like a .deb package, Shorewall is in both the    <a
-   <a href="http://packages.debian.org/testing/net/shorewall.html">Debian 
+ href="http://packages.debian.org/testing/net/shorewall.html">Debian    
-   Testing Branch</a> and the
+Testing Branch</a> and the    <a
-   <a href="http://packages.debian.org/unstable/net/shorewall.html">Debian 
+ href="http://packages.debian.org/unstable/net/shorewall.html">Debian   
 Unstable Branch</a>.</li>
   <li>Otherwise, download the <i>shorewall</i>             module (.tgz)</li>
 </ul>
-<p>The documentation in HTML format is included in the .tgz and .rpm files and 
+ 
-there is an documentation .deb that also contains the documentation.</p>
+<p>The documentation in HTML format is included in the .tgz and .rpm files
-      <p>Please verify the version that you have 
+and  there is an documentation .deb that also contains the documentation.</p>
-      downloaded -- during the release of a new version of Shorewall, the links 
+       
-      below may  point to a newer or an older version than is shown below.</p>
+<p>Please verify the version that you have        downloaded -- during the
 release of a new version of Shorewall, the links        below may  point
 to a newer or an older version than is shown below.</p>
 <ul>
-  <li>RPM - &quot;rpm -qip LATEST.rpm&quot;</li>
+   <li>RPM - "rpm -qip LATEST.rpm"</li>
-  <li>TARBALL - &quot;tar -ztf LATEST.tgz&quot; (the directory 
+   <li>TARBALL - "tar -ztf LATEST.tgz" (the directory    name will contain
-  name will contain the version)</li>
+the version)</li>
-  <li>LRP - &quot;mkdir Shorewall.lrp; cd Shorewall.lrp; tar 
+   <li>LRP - "mkdir Shorewall.lrp; cd Shorewall.lrp; tar    -zxf &lt;downloaded
-  -zxf &lt;downloaded .lrp&gt;; cat var/lib/lrpkg/shorwall.version&quot; </li>
+.lrp&gt;; cat var/lib/lrpkg/shorwall.version" </li>
 </ul>
-      <p><font face="Arial">Once you have verified the 
+       
-      version, check the </font><font color="#ff0000" face="Arial"> <a href="errata.htm"> errata</a></font><font face="Arial">
+<p><font face="Arial">Once you have verified the        version, check the
-         to see if there are updates that apply to the version that you have 
+</font><font color="#ff0000" face="Arial"> <a href="errata.htm"> errata</a></font><font
-     downloaded.</font></p>
+ face="Arial">          to see if there are updates that apply to the version
-<p><font color="#FF0000" face="Arial"><b>WARNING - YOU CAN <u>NOT</u> SIMPLY INSTALL THE RPM 
+that you have       downloaded.</font></p>
-AND ISSUE A &quot;shorewall start&quot; COMMAND. SOME CONFIGURATION IS REQUIRED BEFORE THE 
+ 
-FIREWALL WILL START. IF YOU ISSUE A &quot;start&quot; COMMAND AND THE FIREWALL FAILS TO 
+<p><font color="#ff0000" face="Arial"><b>WARNING - YOU CAN <u>NOT</u> SIMPLY
-START, YOUR SYSTEM WILL NO LONGER ACCEPT ANY NETWORK TRAFFIC. IF THIS HAPPENS, 
+INSTALL THE RPM  AND ISSUE A "shorewall start" COMMAND. SOME CONFIGURATION
-ISSUE A &quot;shorewall clear&quot; COMMAND TO RESTORE NETWORK CONNECTIVITY.</b></font></p>
+IS REQUIRED BEFORE THE  FIREWALL WILL START. IF YOU ISSUE A "start" COMMAND
-<p>Download Latest Version (<b>1.3.7c</b>): <b>Remember that updates to the mirrors 
+AND THE FIREWALL FAILS TO  START, YOUR SYSTEM WILL NO LONGER ACCEPT ANY NETWORK
-occur 1-12 hours after an update to the primary site.</b></p>
+TRAFFIC. IF THIS HAPPENS,  ISSUE A "shorewall clear" COMMAND TO RESTORE NETWORK
 CONNECTIVITY.</b></font></p>
 <p>Download Latest Version (<b>1.3.8</b>): <b>Remember that updates to the
 mirrors  occur 1-12 hours after an update to the primary site.</b></p>
 <blockquote>   
-  <table border="2" cellspacing="3" cellpadding="3" style="border-collapse: collapse">
+  <table border="2" cellspacing="3" cellpadding="3"
 style="border-collapse: collapse;">
     <tbody>
      <tr>
       <td><b>SERVER LOCATION</b></td>
       <td><b>DOMAIN</b></td>
@ -79,100 +99,132 @@ occur 1-12 hours after an update to the primary site.</b></p>
     <tr>
       <td>Washington State, USA</td>
       <td>Shorewall.net</td>
-      <td><a href="http://www.shorewall.net/pub/shorewall/LATEST.rpm">Download .rpm</a><br>
+       <td><a href="http://www.shorewall.net/pub/shorewall/LATEST.rpm">Download
 .rpm</a><br>
         <a href="http://www.shorewall.net/pub/shorewall/LATEST.tgz">Download 
-        .tgz</a>&nbsp;<br>
+        .tgz</a> <br>
         <a href="http://www.shorewall.net/pub/shorewall/LATEST.lrp">Download 
        .lrp</a></td>
-      <td><a href="ftp://ftp.shorewall.net/pub/shorewall/LATEST.rpm" target="_blank">
+       <td><a href="ftp://ftp.shorewall.net/pub/shorewall/LATEST.rpm"
-      Download .rpm</a>&nbsp;<br>
+ target="_blank">       Download .rpm</a> <br>
-        <a href="ftp://ftp.shorewall.net/pub/shorewall/LATEST.tgz" target="_blank">Download
+         <a href="ftp://ftp.shorewall.net/pub/shorewall/LATEST.tgz"
-        .tgz</a>&nbsp;<br>
+ target="_blank">Download         .tgz</a> <br>
-        <a href="ftp://ftp.shorewall.net/pub/shorewall/LATEST.lrp" target="_blank">Download
+         <a href="ftp://ftp.shorewall.net/pub/shorewall/LATEST.lrp"
-        .lrp</a></td>
+ target="_blank">Download         .lrp</a></td>
     </tr>
     <tr>
       <td>Slovak Republic</td>
       <td>Shorewall.net</td>
-      <td><a href="http://slovakia.shorewall.net/pub/shorewall/LATEST.rpm">Download .rpm</a><br>
+       <td><a
-        <a href="http://slovakia.shorewall.net/pub/shorewall/LATEST.tgz">Download
+ href="http://slovakia.shorewall.net/pub/shorewall/LATEST.rpm">Download .rpm</a><br>
-        .tgz</a>&nbsp;<br>
+         <a
-        <a href="http://slovakia.shorewall.net/pub/shorewall/LATEST.lrp">Download
+ href="http://slovakia.shorewall.net/pub/shorewall/LATEST.tgz">Download 
       .tgz</a> <br>
         <a
 href="http://slovakia.shorewall.net/pub/shorewall/LATEST.lrp">Download 
       .lrp</a></td>
-      <td>
+       <td>       <a target="_blank"
-      <a target="_blank" href="ftp://slovakia.shorewall.net/mirror/shorewall/LATEST.rpm">Download .rpm</a>&nbsp;&nbsp;<br>
+ href="ftp://slovakia.shorewall.net/mirror/shorewall/LATEST.rpm">Download
-        <a target="_blank" href="ftp://slovakia.shorewall.net/mirror/shorewall/LATEST.tgz">Download
+.rpm</a>  <br>
-        .tgz</a>&nbsp;<br>
+         <a target="_blank"
-        <a target="_blank" href="ftp://slovakia.shorewall.net/mirror/shorewall/LATEST.lrp">Download
+ href="ftp://slovakia.shorewall.net/mirror/shorewall/LATEST.tgz">Download 
        .tgz</a> <br>
         <a target="_blank"
 href="ftp://slovakia.shorewall.net/mirror/shorewall/LATEST.lrp">Download 
        .rpm</a></td>
     </tr>
     <tr>
       <td>Texas, USA</td>
       <td>Infohiiway.com</td>
-      <td><a href="http://shorewall.infohiiway.com/pub/shorewall/LATEST.rpm">Download .rpm</a><br>
+       <td><a
-        <a href="http://shorewall.infohiiway.com/pub/shorewall/LATEST.tgz">Download
+ href="http://shorewall.infohiiway.com/pub/shorewall/LATEST.rpm">Download
-        .tgz</a>&nbsp;<br>
+.rpm</a><br>
-        <a href="http://shorewall.infohiiway.com/pub/shorewall/LATEST.lrp">Download
+         <a
 href="http://shorewall.infohiiway.com/pub/shorewall/LATEST.tgz">Download 
        .tgz</a> <br>
         <a
 href="http://shorewall.infohiiway.com/pub/shorewall/LATEST.lrp">Download 
        .lrp</a></td>
       <td>       <a target="_blank"
 href="ftp://ftp.infohiiway.com/pub/shorewall/LATEST.rpm">Download .rpm</a>  <br>
         <a target="_blank"
 href="ftp://ftp.infohiiway.com/pub/shorewall/LATEST.tgz">Download      
  .tgz</a> <br>
         <a target="_blank"
 href="ftp://ftp.infohiiway.com/pub/shorewall/LATEST.lrp">       Download
 .lrp</a></td>
      <td>
      <a target="_blank" href="ftp://ftp.infohiiway.com/pub/shorewall/LATEST.rpm">Download .rpm</a>&nbsp;&nbsp;<br>
        <a target="_blank" href="ftp://ftp.infohiiway.com/pub/shorewall/LATEST.tgz">Download
        .tgz</a>&nbsp;<br>
        <a target="_blank" href="ftp://ftp.infohiiway.com/pub/shorewall/LATEST.lrp">
      Download .lrp</a></td>
     </tr>
     <tr>
       <td>Hamburg, Germany</td>
       <td>Shorewall.net</td>
-      <td><a href="http://germany.shorewall.net/pub/shorewall/LATEST.rpm">
+       <td><a
-      Download .rpm</a><br>
+ href="http://germany.shorewall.net/pub/shorewall/LATEST.rpm">       Download
 .rpm</a><br>
       <a href="http://germany.shorewall.net/pub/shorewall/LATEST.tgz">Download
       .tgz</a><br>
       <a href="http://germany.shorewall.net/pub/shorewall/LATEST.lrp">Download
       .lrp</a></td>
-      <td>
+       <td>       <a target="_blank"
-      <a target="_blank" href="ftp://germany.shorewall.net/pub/shorewall/LATEST.rpm">
+ href="ftp://germany.shorewall.net/pub/shorewall/LATEST.rpm">       Download
-      Download .rpm</a>&nbsp;&nbsp;<br>
+.rpm</a>  <br>
-        <a target="_blank" href="ftp://germany.shorewall.net/pub/shorewall/LATEST.tgz">Download
+         <a target="_blank"
-        .tgz</a>&nbsp;<br>
+ href="ftp://germany.shorewall.net/pub/shorewall/LATEST.tgz">Download   
-        <a target="_blank" href="ftp://germany.shorewall.net/pub/shorewall/LATEST.lrp">Download
+     .tgz</a> <br>
         <a target="_blank"
 href="ftp://germany.shorewall.net/pub/shorewall/LATEST.lrp">Download   
     .lrp</a></td>
     </tr>
     <tr>
       <td>Martinez (Zona Norte - GBA), Argentina</td>
       <td>Correofuego.com.ar</td>
-      <td>
+       <td>       <a target="_blank"
-      <a target="_blank" href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.rpm">Download .rpm</a>&nbsp;&nbsp;<br>
+ href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.rpm">Download
-        <a target="_blank" href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.tgz">Download
+.rpm</a>  <br>
-        .tgz</a>&nbsp;<br>
+         <a target="_blank"
-        <a target="_blank" href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.lrp">
+ href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.tgz">Download 
        .tgz</a> <br>
         <a target="_blank"
 href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.lrp"> 
      Download .lrp</a></td>
-      <td>
+       <td>       <a target="_blank"
-      <a target="_blank" href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.rpm">Download .rpm</a>&nbsp;&nbsp;<br>
+ href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.rpm">Download
-        <a target="_blank" href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.tgz">Download
+.rpm</a>  <br>
-        .tgz</a>&nbsp;<br>
+         <a target="_blank"
-        <a target="_blank" href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.lrp">
+ href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.tgz">Download 
        .tgz</a> <br>
         <a target="_blank"
 href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.lrp"> 
      Download .lrp</a></td>
     </tr>
     <tr>
       <td>Paris, France</td>
       <td>Shorewall.net</td>
-      <td><a href="http://france.shorewall.net/pub/LATEST.rpm">Download .rpm</a><br>
+       <td><a href="http://france.shorewall.net/pub/LATEST.rpm">Download
 .rpm</a><br>
         <a href="http://france.shorewall.net/pub/LATEST.tgz">Download  
-        .tgz</a>&nbsp;<br>
+      .tgz</a> <br>
         <a href="http://france.shorewall.net/pub/LATEST.lrp">Download  
      .lrp</a></td>
-      <td>
+       <td>       <a target="_blank"
-      <a target="_blank" href="ftp://france.shorewall.net/pub/mirrors/shorewall/LATEST.rpm">Download .rpm</a>&nbsp;&nbsp;<br>
+ href="ftp://france.shorewall.net/pub/mirrors/shorewall/LATEST.rpm">Download
-        <a target="_blank" href="ftp://france.shorewall.net/pub/mirrors/shorewall/LATEST.tgz">Download
+.rpm</a>  <br>
-        .tgz</a>&nbsp;<br>
+         <a target="_blank"
-        <a target="_blank" href="ftp://france.shorewall.net/pub/mirrors/shorewall/LATEST.lrp">Download .lrp</a></td>
+ href="ftp://france.shorewall.net/pub/mirrors/shorewall/LATEST.tgz">Download 
        .tgz</a> <br>
         <a target="_blank"
 href="ftp://france.shorewall.net/pub/mirrors/shorewall/LATEST.lrp">Download
 .lrp</a></td>
     </tr>
    </tbody>
  </table>
 </blockquote>
 <p>Browse Download Sites:</p>
 <blockquote>   
-  <table border="2" cellpadding="2" style="border-collapse: collapse">
+  <table border="2" cellpadding="2" style="border-collapse: collapse;">
     <tbody>
      <tr>
       <td><b>SERVER LOCATION</b></td>
       <td><b>DOMAIN</b></td>
@ -183,41 +235,45 @@ occur 1-12 hours after an update to the primary site.</b></p>
       <td>Washington State, USA</td>
       <td>Shorewall.net</td>
       <td><a href="http://www.shorewall.net/pub/shorewall/">Browse</a></td>
-      <td><a href="ftp://ftp.shorewall.net/pub/shorewall/" target="_blank">Browse</a></td>
+       <td><a href="ftp://ftp.shorewall.net/pub/shorewall/"
 target="_blank">Browse</a></td>
     </tr>
     <tr>
       <td>Slovak Republic</td>
       <td>Shorewall.net</td>
       <td><a href="http://slovakia.shorewall.net/pub/shorewall/">Browse</a></td>
-      <td>
+       <td>       <a target="_blank"
-      <a target="_blank" href="ftp://slovakia.shorewall.net/mirror/shorewall/">Browse</a></td>
+ href="ftp://slovakia.shorewall.net/mirror/shorewall/">Browse</a></td>
     </tr>
     <tr>
       <td>Texas, USA</td>
       <td>Infohiiway.com</td>
       <td><a href="http://shorewall.infohiiway.com/pub/shorewall">Browse</a></td>
-      <td><a target="_blank" href="ftp://ftp.infohiiway.com/pub/shorewall/">Browse</a></td>
+       <td><a target="_blank"
 href="ftp://ftp.infohiiway.com/pub/shorewall/">Browse</a></td>
     </tr>
     <tr>
       <td>Hamburg, Germany</td>
       <td>Shorewall.net</td>
       <td><a href="http://germany.shorewall.net/pub/shorewall/">Browse</a></td>
-      <td><a target="_blank" href="ftp://germany.shorewall.net/pub/shorewall">Browse</a></td>
+       <td><a target="_blank"
 href="ftp://germany.shorewall.net/pub/shorewall">Browse</a></td>
     </tr>
     <tr>
       <td>Martinez (Zona Norte - GBA), Argentina</td>
       <td>Correofuego.com.ar</td>
-      <td><a href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall">Browse</a></td>
+       <td><a
-      <td>
+ href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall">Browse</a></td>
-      <a target="_blank" href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall">
+       <td>       <a target="_blank"
-      Browse</a></td>
+ href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall">       Browse</a></td>
     </tr>
     <tr>
       <td>France</td>
       <td>Shorewall.net</td>
-      <td><a href="http://france.shorewall.net/pub/shorewall/LATEST.lrp">Browse</a></td>
+       <td><a
-      <td>
+ href="http://france.shorewall.net/pub/shorewall/LATEST.lrp">Browse</a></td>
-      <a target="_blank" href="ftp://france.shorewall.net/pub/mirrors/shorewall/">Browse</a></td>
+       <td>       <a target="_blank"
 href="ftp://france.shorewall.net/pub/mirrors/shorewall/">Browse</a></td>
     </tr>
     <tr>
       <td>California, USA (Incomplete)</td>
@ -225,24 +281,25 @@ occur 1-12 hours after an update to the primary site.</b></p>
       <td><a href="http://sourceforge.net/projects/shorewall">Browse</a></td>
       <td>N/A</td>
     </tr>
    </tbody>
  </table>
 </blockquote>
 <p align="left">CVS:</p>
 <blockquote> 
-<p align="left">The
+  <p align="left">The <a target="_top"
-<a target="_top" href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">CVS 
+ href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">CVS  repository at
-repository at cvs.shorewall.net</a> contains the latest snapshots of the each 
+cvs.shorewall.net</a> contains the latest snapshots of the each  Shorewall
-Shorewall component. There's no guarantee that what you find there will work at 
+component. There's no guarantee that what you find there will work at  all.</p>
 all.</p>
  </blockquote>
-<p align="left"><font size="2">Last Updated 8/26/2002 - <a href="support.htm">Tom
+ 
-Eastep</a></font></p>
+<p align="left"><font size="2">Last Updated 9/2/2002 - <a
 href="support.htm">Tom Eastep</a></font></p>
 <p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font>
 © <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></p>
-
+  <br>
 </body>
 </html>
--- a/STABLE/documentation/errata.htm
+++ b/STABLE/documentation/errata.htm
@ -63,7 +63,7 @@ dos2unix</a></u>
 </ol>
 <ul>
-   <li><b><a href="#Upgrade">Upgrade Issues</a></b></li>
+   <li><b><a href="upgrade_issues.htm">Upgrade Issues</a></b></li>
   <li>
          <b><a href="#V1.3">Problems in Version 1.3</a></b></li>
@ -310,115 +310,8 @@ dos2unix</a></u>
          <h2 align="Left"><a name="Upgrade"></a>Upgrade Issues</h2>
-                              <h3>Version &gt;= 1.3.7</h3>
+          <p align="Left">The upgrade issues have moved to
-
+          <a href="upgrade_issues.htm">a separate page</a>.</p>
                              <p>Users specifying ALLOWRELATED=No in 
                              /etc/shorewall.conf will need to include the 
                              following rules in their /etc/shorewall/icmpdef 
                              file (creating this file if necessary):</p>
                              <pre>	run_iptables -A icmpdef -p ICMP --icmp-type echo-reply -j ACCEPT
 	run_iptables -A icmpdef -p ICMP --icmp-type source-quench -j ACCEPT
 	run_iptables -A icmpdef -p ICMP --icmp-type destination-unreachable -j ACCEPT
 	run_iptables -A icmpdef -p ICMP --icmp-type time-exceeded -j ACCEPT
 	run_iptables -A icmpdef -p ICMP --icmp-type parameter-problem -j ACCEPT</pre>
 <p>Users having an /etc/shorewall/icmpdef file may remove the &quot;. 
 /etc/shorewall/icmp.def&quot; command from that file since the icmp.def file is now 
 empty.</p>
 <h3><b><a name="Bering">Upgrading </a>Bering to 
                              Shorewall &gt;= 1.3.3</b></h3>
                              <p>To properly upgrade with Shorewall version 
                              1.3.3 and later:</p>
                              <ol>
                                <li>Be sure you have a backup -- you will need 
                                to transcribe any Shorewall configuration 
                                changes that you have made to the new 
                                configuration.</li>
                                <li>Replace the shorwall.lrp package provided on 
                                the Bering floppy with the later one. If you did 
                                not obtain the later version from Jacques's 
                                site, see additional instructions below.</li>
                                <li>Edit the /var/lib/lrpkg/root.exclude.list 
                                file and remove the /var/lib/shorewall entry if 
                                present. Then do not forget to backup root.lrp !</li>
 </ol>
 <p>The .lrp that I release isn't set up for a two-interface firewall like 
 Jacques's. You need to follow the <a href="two-interface.htm">instructions for 
 setting up a two-interface firewall</a> plus you also need to add the following 
 two Bering-specific rules to /etc/shorewall/rules:</p>
 <blockquote>
   <pre># Bering specific rules:
 # allow loc to fw udp/53 for dnscache to work
 # allow loc to fw tcp/80 for weblet to work
 #
 ACCEPT loc fw udp 53
 ACCEPT loc fw tcp 80</pre>
 </blockquote>
          <h3 align="Left">Version &gt;= 1.3.6</h3>
          <p align="Left">If you have a pair of firewall systems configured for 
          failover, you will need to modify your firewall setup slightly under 
          Shorewall versions &gt;= 1.3.6. </p>
          <ol>
            <li>
          <p align="Left">Create the file /etc/shorewall/newnotsyn and in it add 
          the following rule<br>
          <br>
          <font face="Courier">run_iptables -A newnotsyn -j RETURN # So that the 
          connection tracking table can be rebuilt<br>
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
          # from non-SYN packets after takeover.<br>
 &nbsp;</font></li>
 <li>
          <p align="Left">Create /etc/shorewall/common (if you don't already 
          have that file) and include the following:<br>
          <br>
          <font face="Courier">run_iptables -A common -p tcp --tcp-flags 
          ACK,FIN,RST ACK -j ACCEPT #Accept Acks to rebuild connection<br>
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
          #tracking table. <br>
          . /etc/shorewall/common.def</font></li>
 </ol>
          <h3 align="Left">Versions &gt;= 1.3.5</h3>
          <p align="Left">Some forms of pre-1.3.0 rules file syntax are no 
          longer supported. </p>
          <p align="Left">Example 1:</p>
          <div align="left">
            <pre>	ACCEPT    net    loc:192.168.1.12:22    tcp    11111    -    all</pre>
 </div>
          <p align="Left">Must be replaced with:</p>
          <div align="left">
            <pre>	DNAT	net	loc:192.168.1.12:22	tcp	11111</pre>
 </div>
 <div align="left">
   <p align="left">Example 2:</div>
 <div align="left">
   <pre>	ACCEPT	loc	fw::3128	tcp	80	-	all</pre>
 </div>
 <div align="left">
   <p align="left">Must be replaced with:</div>
 <div align="left">
   <pre>	REDIRECT	loc	3128	tcp	80</pre>
 </div>
          <h3 align="Left">Version &gt;= 1.3.2</h3>
          <p align="Left">The functions and versions files together with the 
          'firewall' symbolic link have moved from /etc/shorewall to /var/lib/shorewall. 
          If you have applications that access these files, those applications 
          should be modified accordingly.</p>
 <hr>
--- a/STABLE/documentation/gnu_mailman.htm
+++ b/STABLE/documentation/gnu_mailman.htm
@ -1,43 +1,55 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
 <head>
  <meta http-equiv="Content-Language" content="en-us">
  <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
  <meta name="ProgId" content="FrontPage.Editor.Document">
-<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
+ 
  <meta http-equiv="Content-Type"
 content="text/html; charset=windows-1252">
  <title>GNU Mailman</title>
 </head>
  <body>
-<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+<table border="0" cellpadding="0" cellspacing="0"
 style="border-collapse: collapse;" bordercolor="#111111" width="100%"
 id="AutoNumber1" bgcolor="#400169" height="90">
   <tbody>
    <tr>
     <td width="100%">     
-    <h1 align="center"><font color="#FFFFFF">GNU Mailman/Postfix
+      <h1 align="center"><font color="#ffffff">GNU Mailman/Postfix the Easy
-the Easy Way</font></h1>
+Way</font></h1>
     </td>
   </tr>
  </tbody>
 </table>
-<h1 align="center">&nbsp;</h1>
+<h1 align="center"> </h1>
 <h4>The following was posted on the Postfix mailing list on 5/4/2002 by Michael
 Tokarev as a suggested addition to the Postfix FAQ.</h4>
 <p>Q: Mailman does not work with Postfix, complaining about GID mismatch<br>
 <br>
 A: Mailman uses a setgid wrapper that is designed to be used in system-wide
-aliases file so that rest of mailman's mail handling processes will run with 
+ aliases file so that rest of mailman's mail handling processes will run
-proper uid/gid. Postfix has an ability to run a command specified in an alias as 
+with  proper uid/gid. Postfix has an ability to run a command specified in
-owner of that alias, thus mailman's wrapper is not needed here. The best method 
+an alias as  owner of that alias, thus mailman's wrapper is not needed here.
-to invoke mailman's mail handling via aliases is to use separate alias file 
+The best method  to invoke mailman's mail handling via aliases is to use
-especially for mailman, and made it owned by mailman and group mailman. Like:<br>
+separate alias file  especially for mailman, and made it owned by mailman
 and group mailman. Like:<br>
 <br>
 alias_maps = hash:/etc/postfix/aliases, hash:/var/mailman/aliases<br>
 <br>
-Make sure that /var/mailman/aliases.db is owned by mailman user (this may be 
+ Make sure that /var/mailman/aliases.db is owned by mailman user (this may
-done by executing postalias as mailman userid).<br>
+be  done by executing postalias as mailman userid).<br>
 <br>
-Next, instead of using mailman-suggested aliases entries with wrapper, use the 
+ Next, instead of using mailman-suggested aliases entries with wrapper, use
-following:<br>
+the  following:<br>
 <br>
 instead of<br>
 mailinglist: /var/mailman/mail/wrapper post mailinglist<br>
@ -50,13 +62,15 @@ mailinglist: /var/mailman/scripts/post mailinglist<br>
 mailinglist-admin: /var/mailman/scripts/mailowner mailinglist<br>
 mailinglist-request: /var/mailman/scripts/mailcmd mailinglist<br>
 ...</p>
 <h4>The Shorewall mailing lists are currently running Postfix 1.1.7 together 
 with the stock RedHat Mailman-2.0.8 RPM configured as shown above.</h4>
 <p align="left"><font size="2">Last updated 5/4/2002 - <a href="support.htm">Tom
 Eastep</a></font></p>
 <p align="left"><font face="Trebuchet MS"><a href="copyright.htm">
 <font size="2">Copyright</font> © <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></p>
 <h4>The Shorewall mailing lists are currently running Postfix 1.1.11 together
 with the stock RedHat Mailman-2.0.13 RPM configured as shown above.</h4>
 <p align="left"><font size="2">Last updated 9/14/2002 - <a
 href="support.htm">Tom Eastep</a></font></p>
 <p align="left"><font face="Trebuchet MS"><a href="copyright.htm"> <font
 size="2">Copyright</font> © <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></p>
  <br>
 </body>
 </html>
--- a/STABLE/documentation/myfiles.htm
+++ b/STABLE/documentation/myfiles.htm
@ -2,23 +2,29 @@
 <html>
 <head>
-  <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
+  <meta http-equiv="Content-Type"
 content="text/html; charset=windows-1252">
  <title>My Shorewall Configuration</title>
  <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
  <meta name="ProgId" content="FrontPage.Editor.Document">
  <meta name="Microsoft Theme" content="none">
 </head>
  <body>
-      <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+       
 <table border="0" cellpadding="0" cellspacing="0"
 style="border-collapse: collapse;" width="100%" id="AutoNumber1"
 bgcolor="#400169" height="90">
         <tbody>
    <tr>
           <td width="100%">           
-          <h1 align="center"><font color="#FFFFFF">About My Network</font></h1>
+      <h1 align="center"><font color="#ffffff">About My Network</font></h1>
           </td>
         </tr>
  </tbody>
 </table>
 <blockquote> </blockquote>
@ -26,110 +32,97 @@
 <h1>My Current Network </h1>
 <blockquote>                            
-                          <p>
+  <p> I have DSL service and have 5 static IP addresses (206.124.146.176-180). 
-I have DSL service and have 5 static IP addresses (206.124.146.176-180).
+My DSL   "modem" (<a href="http://www.fujitsu.com">Fujitsu</a> Speedport)
-My DSL   "modem" (<a href="http://www.fujitsu.com">Fujitsu</a> Speedport) is connected to eth0. I have
+is connected to eth0. I have a local network connected to eth2 (subnet 192.168.1.0/24)
-a local network connected to eth2 (subnet 192.168.1.0/24)   and a DMZ connected
+  and a DMZ connected to eth1 (192.168.2.0/24). </p>
-to eth1 (192.168.2.0/24). </p>
+                           
-                          <p>
+  <p> I use:<br>
-I use Static NAT for all internal systems (those connected to the switch) except my Wife's system (tarry) 
+  </p>
-and the Wireless Access Point (wap) which are  
+  <ul>
-masqueraded through the primary gateway address (206.124.146.176).</p>
+    <li>Static NAT for ursa (my XP System) - Internal address 192.168.1.5
-                          <p>
+and external address 206.124.146.178.</li>
-The firewall runs on a 128MB PII/233 with RH7.2 and Kernel 2.4.19.</p>
+    <li>Proxy ARP for wookie (my Linux System). This system has two IP addresses:
-                          <p>
+192.168.1.3/24 and 206.124.146.179/24.</li>
-My personal GNU/Linux System (wookie) is 192.168.1.3 and my personal Windows XP system (ursa) 
+    <li>SNAT through the primary gateway address (206.124.146.176) for  my
-is 192.168.1.5. Wookie 
+Wife's system (tarry)  and the Wireless Access Point (wap)</li>
-runs Samba and acts as the a WINS server.&nbsp; Wookie is in its own 'whitelist' zone 
+  </ul>
-called 'me'.</p>
+                           
-                          <p>
+  <p> The firewall runs on a 128MB PII/233 with RH7.2 and Kernel 2.4.19.</p>
-My laptop (eastept1) is connected to eth3 using a cross-over cable. It runs its own <a href="http://www.sygate.com">
+                           
-Sygate</a> firewall software and is managed by Proxy ARP. It connects to the 
+  <p> Wookie  runs Samba and acts as the a WINS server.  Wookie is in its
-local network through the PopTop server running on my firewall. </p>
+own 'whitelist' zone  called 'me'.</p>
-                          <p>
+                           
-The single system in the DMZ (address 206.124.146.177) runs postfix, Courier 
+  <p> My laptop (eastept1) is connected to eth3 using a cross-over cable.
-IMAP (imaps and pop3), DNS, a Web server (Apache) and an FTP server
+It runs its own <a href="http://www.sygate.com"> Sygate</a> firewall software
 and is managed by Proxy ARP. It connects to the  local network through the
 PopTop server running on my firewall. </p>
  <p> The single system in the DMZ (address 206.124.146.177) runs postfix,
 Courier  IMAP (imaps and pop3), DNS, a Web server (Apache) and an FTP server 
 (Pure-ftpd). The system   also runs fetchmail to fetch our email from our 
 old and current ISPs. That server is managed through Proxy ARP.</p>
-                          <p>
+                           
-The firewall system itself runs a DHCP server that serves the local   network.</p>
+  <p> The firewall system itself runs a DHCP server that serves the local
-                          <p>
+  network.</p>
-All administration and publishing is done using ssh/scp.</p>
+                           
-                          <p>
+  <p> All administration and publishing is done using ssh/scp.</p>
-I run an SNMP server on my firewall to serve <a href="http://www.ee.ethz.ch/%7Eoetiker/webtools/mrtg/">
+                           
-MRTG</a> running in the DMZ.</p>
+  <p> I run an SNMP server on my firewall to serve <a
-                          <p align="center">
+ href="http://www.ee.ethz.ch/%7Eoetiker/webtools/mrtg/"> MRTG</a> running
-                          <img border="0" src="images/network.png" width="764" height="846"></p>
+in the DMZ.</p>
-                          <p>&nbsp;</p>
+                           
  <p align="center">                           <img border="0"
 src="images/network.png" width="764" height="846">
  </p>
  <p> </p>
  <p>The ethernet interface in the Server is configured                 
         with IP address 206.124.146.177, netmask                       
    255.255.255.0. The server's default gateway is                      
     206.124.146.254 (Router at my ISP. This is the same                
           default gateway used by the firewall itself). On the firewall, 
                          Shorewall automatically adds a host route to  
-                          206.124.146.177 through eth1 (192.168.2.1) because of
+                        206.124.146.177 through eth1 (192.168.2.1) because
-                          the entry in /etc/shorewall/proxyarp (see below).</p>
+of                           the entry in /etc/shorewall/proxyarp (see below).</p>
  <p>A similar setup is used on eth3 (192.168.3.1) which                
           interfaces to my laptop (206.124.146.180).</p>
-                          <p><font color="#ff0000" size="5">
+                           
-                          Note: My files  use features not available before 
+  <p><font color="#ff0000" size="5">                           Note: My files
-                          Shorewall version 1.3.4.</font></p>
+ use features not available before                            Shorewall version
 1.3.4.</font></p>
  </blockquote>
 <h3>Shorewall.conf</h3>
-  <pre>	SUBSYSLOCK=/var/lock/subsys/shorewall
+<pre>	SUBSYSLOCK=/var/lock/subsys/shorewall<br>	STATEDIR=/var/state/shorewall<br><br>	LOGRATE=<br>	LOGBURST=<br><br>	ADD_IP_ALIASES="Yes"<br><br>	CLAMPMSS=Yes<br><br>	MULTIPORT=Yes</pre>
 	STATEDIR=/var/state/shorewall
 	LOGRATE=
 	LOGBURST=
 	ADD_IP_ALIASES=&quot;Yes&quot;
 	CLAMPMSS=Yes
 	MULTIPORT=Yes</pre>
 <h3>Zones File:</h3>
-  <pre><font face="Courier" size="2">	#ZONE 	DISPLAY 	COMMENTS
+   
-	net	Internet	Internet
+<pre><font face="Courier" size="2">	#ZONE 	DISPLAY 	COMMENTS<br>	net	Internet	Internet<br>	me	Eastep		My Workstation<br>	loc	Local		Local networks<br>	dmz	DMZ		Demilitarized zone<br>	tx	Texas		Peer Network in Dallas Texas<br>	#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE</font></pre>
-	me	Eastep		My Workstation
+   
 	loc	Local		Local networks
 	dmz	DMZ		Demilitarized zone
 	tx	Texas		Peer Network in Dallas Texas
 	#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE</font></pre>
 <h3>Interfaces File: </h3>
 <blockquote>                                
-                              <p>
+  <p> This is set up so that I can start the firewall before bringing up
-This is set up so that I can start the firewall before bringing up my Ethernet 
+my Ethernet  interfaces. </p>
 interfaces. </p>
     </blockquote>
-  <pre><font face="Courier" size="2">	#ZONE    INTERFACE	BROADCAST 	OPTIONS
+<pre><font face="Courier" size="2">	#ZONE    INTERFACE	BROADCAST 	OPTIONS<br>	net	eth0 		206.124.146.255	routefilter,norfc1918,blacklist,filterping<br>	loc	eth2 		192.168.1.255	dhcp<br>	dmz	eth1 		206.124.146.255	-<br>	net	eth3		206.124.146.255 norfc1918<br>	-	texas 		-<br>	loc	ppp+<br>	#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</font></pre>
-	net	eth0 		206.124.146.255	routefilter,norfc1918,blacklist,filterping
+   
 	loc	eth2 		192.168.1.255	dhcp
 	dmz	eth1 		206.124.146.255	-
 	net	eth3		206.124.146.255 norfc1918
 	-	texas 		-
 	loc	ppp+
 	#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</font></pre>
 <h3>Hosts File: </h3>
-  <pre><font face="Courier" size="2">	#ZONE 		HOST(S)			OPTIONS
+<pre><font face="Courier" size="2">	#ZONE 		HOST(S)			OPTIONS<br>	me		eth2:192.168.1.3,eth2:206.124.146.179<br>	tx 		texas:192.168.9.0/24<br>	#LAST LINE -- ADD YOUR ENTRIES ABOVE -- DO NOT REMOVE</font></pre>
 	me		eth2:192.168.1.3
 	tx 		texas:192.168.9.0/24
 	#LAST LINE -- ADD YOUR ENTRIES ABOVE -- DO NOT REMOVE</font></pre>
 <h3>Routestopped File:</h3>
-  <pre><font face="Courier" size="2">	#INTERFACE	HOST(S)
+<pre><font face="Courier" size="2">	#INTERFACE	HOST(S)<br>	eth1		206.124.146.177<br>	eth2 		-<br>	eth3 		206.124.146.180</font></pre>
-	eth1		206.124.146.177
+   
 	eth2 		-
 	eth3 		206.124.146.180</font></pre>
 <h3>Common File: </h3>
-  <pre><font size="2" face="Courier">	. /etc/shorewall/common.def
+   
-	run_iptables -A common -p udp --sport 53 -mstate --state NEW -j DROP
+<pre><font size="2" face="Courier">	. /etc/shorewall/common.def<br>	run_iptables -A common -p udp --sport 53 -mstate --state NEW -j DROP<br>	run_iptables -A common -p tcp --dport 113 -j REJECT</font></pre>
 	run_iptables -A common -p tcp --dport 113 -j REJECT</font></pre>
 <h3>Policy File:</h3>
@ -137,161 +130,36 @@ interfaces. </p>
 	#SOURCE	DEST	POLICY	LOG LEVEL	LIMIT:BURST
 	me	all	ACCEPT
 	tx	me	ACCEPT		#Give Texas access to my personal system
-	all	me	CONTINUE	#<font color="#FF0000">WARNING: You must be running Shorewall 1.3.1 or later for
+	all	me	CONTINUE	#<font
-					</font>#<font color="#FF0000">	  this policy to work as expected!!!</font>	
+ color="#ff0000">WARNING: You must be running Shorewall 1.3.1 or later for<br>					</font>#<font
-	loc 	loc 	ACCEPT
+ color="#ff0000">	  this policy to work as expected!!!</font>	<br>	loc 	loc 	ACCEPT<br>	loc 	net	ACCEPT<br>	$FW	loc	ACCEPT<br>	$FW	tx	ACCEPT<br>	loc	tx	ACCEPT<br>	loc	fw	REJECT<br>	net	net	ACCEPT<br>	net	all	DROP	info		10/sec:40<br>	all	all	REJECT	info<br>	#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOTE</font></pre>
-	loc 	net	ACCEPT
+   
 	$FW	loc	ACCEPT
 	$FW	tx	ACCEPT
 	loc	tx	ACCEPT
 	loc	fw	REJECT
 	net	net	ACCEPT
 	net	all	DROP	info		10/sec:40
 	all	all	REJECT	info
 	#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOTE</font></pre>
 <h3>Masq File: </h3>
 <blockquote>                                          
-                                        <p>
+  <p> Although most of our internal systems use static NAT, my wife's system
 Although most of our internal systems use static NAT, my wife's system 
 (192.168.1.4) uses IP Masquerading (actually SNAT) as do visitors with laptops.</p>
  </blockquote>
-  <pre><font size="2" face="Courier">	#INTERFACE 	SUBNET		ADDRESS
+<pre><font size="2" face="Courier">	#INTERFACE 	SUBNET		ADDRESS<br>	eth0 		192.168.1.0/24	206.124.146.176<br>	#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</font></pre>
-	eth0 		192.168.1.0/24	206.124.146.176
+   
 	#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</font></pre>
 <h3>NAT File: </h3>
-  <pre><font size="2" face="Courier">	#EXTERNAL	INTERFACE	INTERNAL	ALL	LOCAL
+   
-	206.124.146.178 eth0 		192.168.1.5 	No 	No
+<pre><font size="2" face="Courier">	#EXTERNAL	INTERFACE	INTERNAL	ALL	LOCAL<br>	206.124.146.178 eth0 		192.168.1.5 	No 	No<br>	206.124.146.179 eth0 		192.168.1.3 	No 	No<br>	#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</font></pre>
 	206.124.146.179 eth0 		192.168.1.3 	No 	No
 	#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</font></pre>
 <h3>Proxy ARP File:</h3>
-  <pre><font face="Courier" size="2">     	#ADDRESS	INTERFACE	EXTERNAL	HAVEROUTE
+   
-	206.124.146.177 eth1 		eth0 		No
+<pre><font face="Courier" size="2">     	#ADDRESS	INTERFACE	EXTERNAL	HAVEROUTE<br>	206.124.146.177 eth1 		eth0 		No<br>	206.124.146.180	eth3		eth0		No<br>	#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</font></pre>
 	206.124.146.180	eth3		eth0		No
 	#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</font></pre>
 <h3>Rules File (The shell variables                                     
      are set in /etc/shorewall/params):</h3>
-  <pre><font face="Courier" size="2">     	#ACTION		SOURCE 		DEST 			PROTO	DEST 	SOURCE  ORIGINAL
+<pre><font face="Courier" size="2">     	#ACTION		SOURCE 		DEST 			PROTO	DEST 	SOURCE  ORIGINAL<br>	#                       				PORT(S) PORT(S)	PORT(S)	DEST<br>	#<br>	# Local Network to Internet - Reject attempts by Trojans to call home<br>	#<br>	REJECT:info 	loc 		net 			tcp	6667<br>	#<br>	# Local Network to Firewall <br>	#<br>	ACCEPT		loc		fw 			tcp 	ssh<br>	ACCEPT		loc		fw			tcp	time<br>	#<br>	# Local Network to DMZ <br>	#<br>	ACCEPT 		loc 		dmz 			udp	domain<br>	ACCEPT		loc		dmz			tcp	smtp<br>	ACCEPT		loc		dmz			tcp	domain<br>	ACCEPT		loc		dmz			tcp	ssh<br>	ACCEPT		loc		dmz			tcp	auth<br>	ACCEPT		loc		dmz			tcp	imap<br>	ACCEPT		loc		dmz			tcp	https<br>	ACCEPT		loc		dmz			tcp	imaps<br>	ACCEPT		loc		dmz			tcp	cvspserver<br>	ACCEPT 		loc 		dmz 			tcp 	www<br>	ACCEPT		loc		dmz			tcp	ftp<br>	ACCEPT		loc		dmz			tcp	pop3<br>	ACCEPT		loc		dmz			icmp	echo-request<br>	#<br>	# Internet to DMZ <br>	#<br>	ACCEPT		net		dmz 			tcp	www<br>	ACCEPT		net		dmz			tcp	smtp<br>	ACCEPT		net		dmz			tcp	ftp<br>	ACCEPT		net		dmz			tcp	auth<br>	ACCEPT		net		dmz			tcp	https<br>	ACCEPT		net		dmz			tcp	imaps<br>	ACCEPT		net		dmz			tcp	domain<br>	ACCEPT		net		dmz			tcp	cvspserver<br>	ACCEPT		net		dmz			udp	domain<br>	ACCEPT		net		dmz			icmp	echo-request<br>	ACCEPT 		net:$MIRRORS	dmz			tcp	rsync<br>	#<br>	# Net to Me (ICQ chat and file transfers) <br>	#<br>	ACCEPT		net		me			tcp	4000:4100<br>	#<br>	# Net to Local <br>	#<br>	ACCEPT		net		loc			tcp	auth<br>	REJECT		net		loc			tcp	www<br>	#<br>	# DMZ to Internet<br>	#<br>	ACCEPT		dmz		net			icmp	echo-request<br>	ACCEPT		dmz		net			tcp	smtp<br>	ACCEPT		dmz		net			tcp	auth<br>	ACCEPT		dmz		net			tcp	domain<br>	ACCEPT		dmz		net			tcp	www<br>	ACCEPT		dmz		net			tcp	https<br>	ACCEPT		dmz		net			tcp	whois<br>	ACCEPT		dmz		net			tcp	echo<br>	ACCEPT		dmz		net			udp	domain<br>	ACCEPT		dmz 		net:$NTPSERVERS		udp	ntp<br>	ACCEPT 		dmz 		net:$POPSERVERS		tcp	pop3<br>	#<br>	# The following compensates for a bug, either in some FTP clients or in the<br>	# Netfilter connection tracking code that occasionally denies active mode<br>	# FTP clients<br>	#<br>	ACCEPT:info 	dmz 		net			tcp	1024:	20<br>	#<br>	# DMZ to Firewall -- snmp<br>	#<br>	ACCEPT 		dmz 		fw 			tcp	snmp<br>	ACCEPT		dmz		fw			udp	snmp<br>	#<br>	# DMZ to Local Network <br>	#<br>	ACCEPT 		dmz 		loc			tcp	smtp<br>	ACCEPT		dmz		loc			tcp	auth<br>	ACCEPT		dmz		loc			icmp	echo-request<br>	# Internet to Firewall<br>	#<br>	ACCEPT		net		fw			tcp	1723<br>	ACCEPT		net		fw			gre<br>	REJECT 		net		fw			tcp	www<br>	#<br>	# Firewall to Internet<br>	#<br>	ACCEPT 		fw 		net:$NTPSERVERS		udp	ntp<br>	ACCEPT		fw		net			udp	domain<br>	ACCEPT		fw		net			tcp	domain<br>	ACCEPT		fw		net			tcp	www<br>	ACCEPT		fw		net			tcp	https<br>	ACCEPT		fw		net			tcp	ssh<br>	ACCEPT		fw		net			tcp	whois<br>	ACCEPT		fw		net 			icmp	echo-request<br>	#<br>	# Firewall to DMZ<br>	#<br>	ACCEPT 		fw 		dmz 			tcp 	www<br>	ACCEPT 		fw 		dmz 			tcp 	ftp<br>	ACCEPT 		fw 		dmz 			tcp 	ssh<br>	ACCEPT 		fw 		dmz 			tcp 	smtp<br>	ACCEPT 		fw 		dmz 			udp 	domain<br>	#<br>	# Let Texas Ping<br>	#<br>	ACCEPT 		tx 		fw 			icmp 	echo-request<br>	ACCEPT		tx 		loc 			icmp 	echo-request<br><br>	#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</font></pre>
 	#                       				PORT(S) PORT(S)	PORT(S)	DEST
 	#
 	# Local Network to Internet - Reject attempts by Trojans to call home
 	#
 	REJECT:info 	loc 		net 			tcp	6667
 	#
 	# Local Network to Firewall 
 	#
 	ACCEPT		loc		fw 			tcp 	ssh
 	ACCEPT		loc		fw			tcp	time
 	#
 	# Local Network to DMZ 
 	#
 	ACCEPT 		loc 		dmz 			udp	domain
 	ACCEPT		loc		dmz			tcp	smtp
 	ACCEPT		loc		dmz			tcp	domain
 	ACCEPT		loc		dmz			tcp	ssh
 	ACCEPT		loc		dmz			tcp	auth
 	ACCEPT		loc		dmz			tcp	imap
 	ACCEPT		loc		dmz			tcp	https
 	ACCEPT		loc		dmz			tcp	imaps
 	ACCEPT		loc		dmz			tcp	cvspserver
 	ACCEPT 		loc 		dmz 			tcp 	www
 	ACCEPT		loc		dmz			tcp	ftp
 	ACCEPT		loc		dmz			tcp	pop3
 	ACCEPT		loc		dmz			icmp	echo-request
 	#
 	# Internet to DMZ 
 	#
 	ACCEPT		net		dmz 			tcp	www
 	ACCEPT		net		dmz			tcp	smtp
 	ACCEPT		net		dmz			tcp	ftp
 	ACCEPT		net		dmz			tcp	auth
 	ACCEPT		net		dmz			tcp	https
 	ACCEPT		net		dmz			tcp	imaps
 	ACCEPT		net		dmz			tcp	domain
 	ACCEPT		net		dmz			tcp	cvspserver
 	ACCEPT		net		dmz			udp	domain
 	ACCEPT		net		dmz			icmp	echo-request
 	ACCEPT 		net:$MIRRORS	dmz			tcp	rsync
 	#
 	# Net to Me (ICQ chat and file transfers) 
 	#
 	ACCEPT		net		me			tcp	4000:4100
 	#
 	# Net to Local 
 	#
 	ACCEPT		net		loc			tcp	auth
 	REJECT		net		loc			tcp	www
 	#
 	# DMZ to Internet
 	#
 	ACCEPT		dmz		net			icmp	echo-request
 	ACCEPT		dmz		net			tcp	smtp
 	ACCEPT		dmz		net			tcp	auth
 	ACCEPT		dmz		net			tcp	domain
 	ACCEPT		dmz		net			tcp	www
 	ACCEPT		dmz		net			tcp	https
 	ACCEPT		dmz		net			tcp	whois
 	ACCEPT		dmz		net			tcp	echo
 	ACCEPT		dmz		net			udp	domain
 	ACCEPT		dmz 		net:$NTPSERVERS		udp	ntp
 	ACCEPT 		dmz 		net:$POPSERVERS		tcp	pop3
 	#
 	# The following compensates for a bug, either in some FTP clients or in the
 	# Netfilter connection tracking code that occasionally denies active mode
 	# FTP clients
 	#
 	ACCEPT:info 	dmz 		net			tcp	1024:	20
 	#
 	# DMZ to Firewall -- snmp
 	#
 	ACCEPT 		dmz 		fw 			tcp	snmp
 	ACCEPT		dmz		fw			udp	snmp
 	#
 	# DMZ to Local Network 
 	#
 	ACCEPT 		dmz 		loc			tcp	smtp
 	ACCEPT		dmz		loc			tcp	auth
 	ACCEPT		dmz		loc			icmp	echo-request
 	# Internet to Firewall
 	#
 	ACCEPT		net		fw			tcp	1723
 	ACCEPT		net		fw			gre
 	REJECT 		net		fw			tcp	www
 	#
 	# Firewall to Internet
 	#
 	ACCEPT 		fw 		net:$NTPSERVERS		udp	ntp
 	ACCEPT		fw		net			udp	domain
 	ACCEPT		fw		net			tcp	domain
 	ACCEPT		fw		net			tcp	www
 	ACCEPT		fw		net			tcp	https
 	ACCEPT		fw		net			tcp	ssh
 	ACCEPT		fw		net			tcp	whois
 	ACCEPT		fw		net 			icmp	echo-request
 	#
 	# Firewall to DMZ
 	#
 	ACCEPT 		fw 		dmz 			tcp 	www
 	ACCEPT 		fw 		dmz 			tcp 	ftp
 	ACCEPT 		fw 		dmz 			tcp 	ssh
 	ACCEPT 		fw 		dmz 			tcp 	smtp
 	ACCEPT 		fw 		dmz 			udp 	domain
 	#
 	# Let Texas Ping
 	#
 	ACCEPT 		tx 		fw 			icmp 	echo-request
 	ACCEPT		tx 		loc 			icmp 	echo-request
-	#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</font></pre>
+<p><font size="2"> Last updated 9/14/2002  - </font><font size="2">     
                                            <p><font size="2">
 Last updated 8/9/2002
 - </font><font size="2">
                                       <a href="support.htm">Tom Eastep</a></font> 
  </p>
   <font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font>
-  © <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></body></html>
+   © <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font><br>
 </body>
 </html>
--- a/STABLE/documentation/seattlefirewall_index.htm
+++ b/STABLE/documentation/seattlefirewall_index.htm
@ -2,48 +2,59 @@
 <html>
 <head>
-  <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
+  <meta http-equiv="Content-Type"
 content="text/html; charset=windows-1252">
  <title>Shoreline Firewall (Shorewall) 1.3</title>
  <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
  <meta name="ProgId" content="FrontPage.Editor.Document">
                                             <base target="_self">   
  <meta name="Microsoft Theme" content="none">
 </head>
  <body>
-      <table border="0" cellpadding="0" cellspacing="4" style="border-collapse: collapse" width="100%" id="AutoNumber3" bgcolor="#4B017C">
+                                             
 <table border="0" cellpadding="0" cellspacing="4"
 style="border-collapse: collapse;" width="100%" id="AutoNumber3"
 bgcolor="#4b017c">
         <tbody>
    <tr>
           <td width="100%">           
-          <h1 align="center"> <font size="4"><i>
+      <h1 align="center"> <font size="4"><i>           <a
-          <a href="http://www.cityofshoreline.com">
+ href="http://www.cityofshoreline.com">       <img border="0"
-      <img border="0" src="images/washington.jpg" align="right" width="100" height="82"><img border="0" src="images/washington.jpg" align="left" width="100" height="82"></a></i></font><font color="#FFFFFF">Shorewall 1.3 - <font size="4">&quot;<i>iptables made easy&quot;</i></font></font></h1>
+ src="images/washington.jpg" align="right" width="100" height="82">
      <img border="0" src="images/washington.jpg" align="left"
 width="100" height="82">
      </a></i></font><font color="#ffffff">Shorewall 1.3 - <font
 size="4">"<i>iptables made easy"</i></font></font></h1>
           </td>
         </tr>
  </tbody>
 </table>
 <div align="center">         
 <center>         
-        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber4">
+<table border="0" cellpadding="0" cellspacing="0"
 style="border-collapse: collapse;" width="100%" id="AutoNumber4">
           <tbody>
    <tr>
             <td width="90%">                                           
-      <h2 align="Left">What is it?</h2>
+      <h2 align="left">What is it?</h2>
-      <p>The Shoreline Firewall, more commonly known as &quot;Shorewall&quot;,&nbsp; is a
+      <p>The Shoreline Firewall, more commonly known as "Shorewall",  is
-      <a href="http://www.netfilter.org">Netfilter</a> (iptables) based firewall 
+a       <a href="http://www.netfilter.org">Netfilter</a> (iptables) based
-      that can be used on a dedicated firewall system, a multi-function 
+firewall        that can be used on a dedicated firewall system, a multi-function
       gateway/router/server or on a standalone GNU/Linux system.</p>
-      <p>This program is free software; you can redistribute it and/or modify it 
+      <p>This program is free software; you can redistribute it and/or modify
-      under the terms of <a href="http://www.gnu.org/licenses/gpl.html">Version 
+it        under the terms of <a
-      2 of the GNU General Public License</a> as published by the Free Software 
+ href="http://www.gnu.org/licenses/gpl.html">Version        2 of the GNU
-      Foundation.<br>
+General Public License</a> as published by the Free Software        Foundation.<br>
          <br>
-          This program is distributed in the hope that it will be useful, but 
+           This program is distributed in the hope that it will be useful,
-      WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 
+but        WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
       or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
       for more details.<br>
          <br>
@ -53,54 +64,87 @@
      <p><a href="copyright.htm">Copyright 2001, 2002 Thomas M. Eastep</a></p>
-                      
+      <p> <a href="http://leaf.sourceforge.net" target="_top"><img
-      <p>&nbsp;<a href="http://leaf.sourceforge.net" target="_top"><img border="0" src="images/leaflogo.gif" width="49" height="36"></a>Jacques 
+ border="0" src="images/leaflogo.gif" width="49" height="36">
-      Nilo and Eric Wolzak have a LEAF distribution called <i>Bering</i> that 
+      </a>Jacques        Nilo and Eric Wolzak have a LEAF distribution called
-      features Shorewall-1.3.3 and Kernel-2.4.18. You can find their work at:
+      <i>Bering</i> that        features Shorewall-1.3.3 and Kernel-2.4.18.
-  <a href="http://leaf.sourceforge.net/devel/jnilo">
+You can find their work at:   <a
-      http://leaf.sourceforge.net/devel/jnilo</a></p>
+ href="http://leaf.sourceforge.net/devel/jnilo">       http://leaf.sourceforge.net/devel/jnilo</a></p>
      <h2>News</h2>
- <p><b>9/2/2002 - Shorewall 1.3.7c
+      <p><b>9/16/2002 - Shorewall 1.3.8 </b><b><img border="0"
- <img border="0" src="images/new10.gif" width="28" height="12"> </b></p>
+ src="file:///vfat/Shorewall/Shorewall-docs/images/new10.gif" width="28"
 height="12">
 </b></p>
- <p>This is a role up of a fix for &quot;DNAT&quot; rules where the source zone is $FW 
+      <p>In this version:<br>
- (fw).</p>
+ </p>
- <p><b>8/31/2002 - I'm not available
+      <ul>
- <img border="0" src="images/new10.gif" width="28" height="12"> </b></p>
+        <li>A NEWNOTSYN option has been added to shorewall.conf. This option
 determines whether Shorewall accepts TCP packets which are not part of an
 established connection and that are not 'SYN' packets (SYN flag on and ACK
 flag off).</li>
        <li>The need for the 'multi' option to communicate between zones
 za and zb on the same interface is removed in the case where the chain 'za2zb'
 and/or 'zb2za' exists. 'za2zb' will exist if:</li>
        <ul>
          <li>       
            <blockquote>There is a policy for za to zb; or</blockquote>
     </li>
          <li>       
            <blockquote>There is at least one rule for za to zb.</blockquote>
     </li>
        </ul>
      </ul>
- <p>I'm currently on vacation&nbsp; -- please respect my need for a couple of 
+      <ul>
- weeks free of Shorewall problem reports.</p>
+        <li>The /etc/shorewall/blacklist file now contains three columns.
 In addition to the SUBNET/ADDRESS column, there are optional PROTOCOL and
 PORT columns to block only certain applications from the blacklisted addresses.<br>
   </li>
      </ul>
- <p>-Tom</p>
+      <p><b>9/11/2002 - Debian 1.3.7c Packages Available </b></p>
      <p>Apt-get sources listed at <a
 href="http://security.dsi.unimi.it/%7Elorenzo/debian.html">http://security.dsi.unimi.it/~lorenzo/debian.html</a>.</p>
      <p><b>9/2/2002 - Shorewall 1.3.7c</b></p>
      <p>This is a role up of a fix for "DNAT" rules where the source zone
 is $FW   (fw).</p>
      <p><b>8/26/2002 - Shorewall 1.3.7b</b></p>
- <p>This is a role up of the &quot;shorewall refresh&quot; bug fix and the change which 
+      <p>This is a role up of the "shorewall refresh" bug fix and the change
- reverses the order of &quot;dhcp&quot; and &quot;norfc1918&quot; checking.</p>
+which   reverses the order of "dhcp" and "norfc1918" checking.</p>
      <p><b>8/26/2002 - French FTP Mirror is Operational</b></p>
- <p><a target="_blank" href="ftp://france.shorewall.net/pub/mirrors/shorewall">ftp://france.shorewall.net/pub/mirrors/shorewall</a> is now available.</p>
+      <p><a target="_blank"
 href="ftp://france.shorewall.net/pub/mirrors/shorewall">ftp://france.shorewall.net/pub/mirrors/shorewall</a>
 is now available.</p>
      <p><b>8/25/2002 - Shorewall Mirror in France </b></p>
- <p>Thanks to a Shorewall user in Paris, the Shorewall web site is now mirrored 
+      <p>Thanks to a Shorewall user in Paris, the Shorewall web site is now
- at <a target="_top" href="http://france.shorewall.net">http://france.shorewall.net</a>.</p>
+mirrored   at <a target="_top" href="http://france.shorewall.net">http://france.shorewall.net</a>.</p>
      <p><b>8/25/2002 - Shorewall 1.3.7a Debian Packages Available</b></p>
- <p>Lorenzo Martignoni reports that the packages for version 1.3.7a  are available at <a href="http://security.dsi.unimi.it/~lorenzo/debian.html">http://security.dsi.unimi.it/~lorenzo/debian.html</a>.</p>
+      <p>Lorenzo Martignoni reports that the packages for version 1.3.7a
 are available at <a
 href="http://security.dsi.unimi.it/%7Elorenzo/debian.html">http://security.dsi.unimi.it/~lorenzo/debian.html</a>.</p>
- <p><b>8/22/2002 - Shorewall 1.3.7 Wins a Brown Paper Bag Award for its Author 
+      <p><b>8/22/2002 - Shorewall 1.3.7 Wins a Brown Paper Bag Award for
- -- Shorewall 1.3.7a released
+its Author   -- Shorewall 1.3.7a released  <img border="0"
- <img border="0" src="images/j0233056.gif" width="50" height="80" align="middle"></b></p>
+ src="images/j0233056.gif" width="50" height="80" align="middle">
      </b></p>
- <p>1.3.7a corrects problems occurring in  rules file processing when starting Shorewall 
+      <p>1.3.7a corrects problems occurring in  rules file processing when
- 1.3.7.</p>
+starting Shorewall   1.3.7.</p>
      <p><b>8/22/2002 - Shorewall 1.3.7 Released</b></p>
@ -108,92 +152,105 @@
      <ul>
         <li>The 'icmp.def' file is now empty! The rules in that file were
-        required in ipchains firewalls but are not required in Shorewall. Users 
+         required in ipchains firewalls but are not required in Shorewall.
-        who have ALLOWRELATED=No in <a href="Documentation.htm#Conf">
+Users          who have ALLOWRELATED=No in <a
-        shorewall.conf</a> should see the <a href="errata.htm#Upgrade">Upgrade 
+ href="Documentation.htm#Conf">         shorewall.conf</a> should see the
-        Issues</a>.</li>
+          <a href="errata.htm#Upgrade">Upgrade          Issues</a>.</li>
-        <li>A 'FORWARDPING' option has been added to
+         <li>A 'FORWARDPING' option has been added to         <a
-        <a href="Documentation.htm#Conf">shorewall.conf</a>. The effect of 
+ href="Documentation.htm#Conf">shorewall.conf</a>. The effect of        
 setting this variable to Yes is the same as the effect of adding an    
-        ACCEPT rule for ICMP echo-request in
+     ACCEPT rule for ICMP echo-request in         <a
-        <a href="shorewall_extension_scripts.htm">/etc/shorewall/icmpdef</a>. 
+ href="shorewall_extension_scripts.htm">/etc/shorewall/icmpdef</a>.     
    Users who have such a rule in icmpdef are encouraged to switch to   
      FORWARDPING=Yes.</li>
-        <li>The loopback CLASS A Network (127.0.0.0/8) has been added to the 
+         <li>The loopback CLASS A Network (127.0.0.0/8) has been added to
-        rfc1918 file.</li>
+the          rfc1918 file.</li>
         <li>Shorewall now works with iptables 1.2.7.</li>
         <li>The documentation and Web site no longer use FrontPage themes.</li>
      </ul>
- <p>I would like to thank John Distler for his valuable input regarding TCP SYN 
+      <p>I would like to thank John Distler for his valuable input regarding
- and ICMP treatment in Shorewall. That input has led to marked improvement in 
+TCP SYN   and ICMP treatment in Shorewall. That input has led to marked improvement
- Shorewall in the last two releases.</p>
+in   Shorewall in the last two releases.</p>
- <p><b>8/13/2002 - Documentation in the <a target="_top" href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">
+      <p><b>8/13/2002 - Documentation in the <a target="_top"
- CVS Repository</a></b></p>
+ href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">  CVS Repository</a></b></p>
- <p>The Shorewall-docs project now contains just the HTML and image files - the 
+      <p>The Shorewall-docs project now contains just the HTML and image
- Frontpage files have been removed.</p>
+files - the   Frontpage files have been removed.</p>
- <p><b>8/7/2002 - <i>STABLE</i></b> <b>branch added to <a target="_top" href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">
+      <p><b>8/7/2002 - <i>STABLE</i></b> <b>branch added to <a
- CVS Repository</a></b></p>
+ target="_top" href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">  CVS
 Repository</a></b></p>
- <p>This branch will only be updated after I release a new version of Shorewall 
+      <p>This branch will only be updated after I release a new version of
- so you can always update from this branch to get the latest stable tree.</p>
+Shorewall   so you can always update from this branch to get the latest stable
 tree.</p>
- <p><b>8/7/2002 - <a href="errata.htm#Upgrade">Upgrade Issues</a> section added 
+      <p><b>8/7/2002 - <a href="errata.htm#Upgrade">Upgrade Issues</a> section
- to the <a href="errata.htm">Errata Page</a></b></p>
+added   to the <a href="errata.htm">Errata Page</a></b></p>
- <p>Now there is one place to go to look for issues involved with upgrading to 
+      <p>Now there is one place to go to look for issues involved with upgrading
- recent versions of Shorewall.</p>
+to   recent versions of Shorewall.</p>
      <p><b>8/7/2002 - Shorewall 1.3.6</b></p>
      <p>This is primarily a bug-fix rollup with a couple of new features:</p>
      <ul>
-   <li>The latest <a href="shorewall_quickstart_guide.htm">QuickStart Guides </a>
+    <li>The latest <a href="shorewall_quickstart_guide.htm">QuickStart Guides
-   including the <a href="shorewall_setup_guide.htm">Shorewall Setup Guide.</a></li>
+          </a>    including the <a href="shorewall_setup_guide.htm">Shorewall
-   <li>Shorewall will now DROP TCP packets that are not part of or related to an 
+Setup Guide.</a></li>
-   existing connection and that are not SYN packets. These &quot;New not SYN&quot; packets 
+    <li>Shorewall will now DROP TCP packets that are not part of or related
-   may be optionally logged by setting the LOGNEWNOTSYN option in <a href="Documentation.htm#Conf">
+to an     existing connection and that are not SYN packets. These "New not
-   /etc/shorewall/shorewall.conf</a>.</li>
+SYN" packets     may be optionally logged by setting the LOGNEWNOTSYN option
-   <li>The processing of &quot;New not SYN&quot; packets may be extended by commands in 
+in <a href="Documentation.htm#Conf">    /etc/shorewall/shorewall.conf</a>.</li>
-   the new <a href="shorewall_extension_scripts.htm">newnotsyn extension script</a>.</li>
+    <li>The processing of "New not SYN" packets may be extended by commands
- </ul>
+in     the new <a href="shorewall_extension_scripts.htm">newnotsyn extension
 script</a>.</li>
      </ul>
      <p><a href="News.htm">More News</a></p>
      <h2><a name="Donations"></a>Donations</h2>
                                                </td>
-            <td width="88" bgcolor="#4B017C" valign="top" align="center">
+             <td width="88" bgcolor="#4b017c" valign="top"
-            <a href="http://sourceforge.net">M</a></td>
+ align="center">             <a href="http://sourceforge.net">M</a></td>
           </tr>
  </tbody>
 </table>
         </center>
       </div>
- <table border="0" cellpadding="5" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber2" bgcolor="#4B017C">
+<table border="0" cellpadding="5" cellspacing="0"
 style="border-collapse: collapse;" width="100%" id="AutoNumber2"
 bgcolor="#4b017c">
    <tbody>
    <tr>
-     <td width="100%" style="margin-top: 1">
+      <td width="100%" style="margin-top: 1px;">      
-     <p align="center"><a href="http://www.starlight.org">
+      <p align="center"><a href="http://www.starlight.org">        <img
-       <img border="4" src="images/newlog.gif" width="57" height="100" align="left" hspace="10"><img border="4" src="images/newlog.gif" width="57" height="100" align="right" hspace="10"></a></p>
+ border="4" src="images/newlog.gif" width="57" height="100" align="left"
-     <p align="center"><font size="4" color="#FFFFFF">Shorewall is free but if 
+ hspace="10">
-     you try it and find it useful, please consider making a donation to
+      <img border="4" src="images/newlog.gif" width="57" height="100"
-      <a href="http://www.starlight.org"><font color="#FFFFFF">Starlight Children's Foundation.</font></a> Thanks!</font></td>
+ align="right" hspace="10">
      </a></p>
      <p align="center"><font size="4" color="#ffffff">Shorewall is free
 but if       you try it and find it useful, please consider making a donation
 to       <a href="http://www.starlight.org"><font color="#ffffff">Starlight
 Children's Foundation.</font></a> Thanks!</font></p>
      </td>
    </tr>
  </tbody>
 </table>
-      <p><font size="2">Updated
+<p><font size="2">Updated       9/16/2002 - <a href="support.htm">Tom Eastep</a> 
      8/31/2002 - <a href="support.htm">Tom Eastep</a>
     </font>                                                            
        </p>
-                                  
+                                                            <br>
 </body>
 </html>
--- a/STABLE/documentation/shorewall_quickstart_guide.htm
+++ b/STABLE/documentation/shorewall_quickstart_guide.htm
@ -1,88 +1,125 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
 <head>
  <meta http-equiv="Content-Language" content="en-us">
  <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
  <meta name="ProgId" content="FrontPage.Editor.Document">
-<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
+ 
  <meta http-equiv="Content-Type"
 content="text/html; charset=windows-1252">
  <title>Shorewall QuickStart Guide</title>
  <meta name="Microsoft Theme" content="none">
 </head>
  <body>
-<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+<table border="0" cellpadding="0" cellspacing="0"
 style="border-collapse: collapse;" width="100%" id="AutoNumber1"
 bgcolor="#400169" height="90">
   <tbody>
    <tr>
     <td width="100%">     
-    <h1 align="center"><font color="#FFFFFF">Shorewall QuickStart Guides<br>
+      <h1 align="center"><font color="#ffffff">Shorewall QuickStart Guides<br>
-Version 3.0</font></h1>
+ Version 3.1</font></h1>
     </td>
   </tr>
  </tbody>
 </table>
-<p align="center">With thanks to Richard who reminded me once again that we must 
+<p align="center">With thanks to Richard who reminded me once again that
-all first walk before we can run.</p>
+we must  all first walk before we can run.</p>
 <h2>The Guides</h2>
-<p>These guides provide step-by-step instructions for configuring Shorewall in 
+ 
-common firewall setups.</p>
+<p>These guides provide step-by-step instructions for configuring Shorewall
-<p>The following guides are for firewalls with a single external IP address:</p>
+in  common firewall setups.</p>
 <p>The following guides are for users who have a single public IP address:</p>
 <ul>
   <li><a href="standalone.htm">Standalone</a> Linux System</li>
-  <li><a href="two-interface.htm">Two-interface</a> Linux System acting as a 
+   <li><a href="two-interface.htm">Two-interface</a> Linux System acting
-  firewall/router for a small local network</li>
+as a    firewall/router for a small local network</li>
-  <li><a href="three-interface.htm">Three-interface</a> Linux System acting as a 
+   <li><a href="three-interface.htm">Three-interface</a> Linux System acting
-  firewall/router for a small local network and a DMZ.</li>
+as a    firewall/router for a small local network and a DMZ.</li>
 </ul>
 <p>The above guides are designed to get your first firewall up and running
 quickly in the three most common Shorewall configurations.</p>
 <p>The <a href="shorewall_setup_guide.htm">Shorewall Setup Guide</a> outlines
-the steps necessary to set up a firewall where there are multiple public IP 
+ the steps necessary to set up a firewall where there are multiple public
-addresses involved or if you want to learn more about Shorewall than is 
+IP  addresses involved or if you want to learn more about Shorewall than
-explained in the single-address guides above.</p>
+is  explained in the single-address guides above.</p>
 <ul>
   <li><a href="shorewall_setup_guide.htm#Introduction">1.0 Introduction</a></li>
   <li><a href="shorewall_setup_guide.htm#Concepts">2.0 Shorewall Concepts</a></li>
   <li><a href="shorewall_setup_guide.htm#Interfaces">3.0 Network Interfaces</a></li>
-  <li><a href="shorewall_setup_guide.htm#Addressing">4.0 Addressing, Subnets and Routing</a><ul>
+   <li><a href="shorewall_setup_guide.htm#Addressing">4.0 Addressing, Subnets
 and Routing</a>
    <ul>
     <li><a href="shorewall_setup_guide.htm#Addresses">4.1 IP Addresses</a></li>
     <li><a href="shorewall_setup_guide.htm#Subnets">4.2 Subnets</a></li>
     <li><a href="shorewall_setup_guide.htm#Routing">4.3 Routing</a></li>
     <li><a href="shorewall_setup_guide.htm#ARP">4.4 Address Resolution Protocol</a></li>
    </ul>
    <ul>
     <li><a href="shorewall_setup_guide.htm#RFC1918">4.5 RFC 1918</a></li>
    </ul>
   </li>
-  <li><a href="shorewall_setup_guide.htm#Options">5.0 Setting up your Network</a><ul>
+   <li><a href="shorewall_setup_guide.htm#Options">5.0 Setting up your Network</a>
-    <li><a href="shorewall_setup_guide.htm#Routed">5.1 Routed</a></li>
+    <ul>
-  </ul>
+     <li><a href="shorewall_setup_guide.htm#Routed">5.1 Routed</a></li>
    </ul>
    <ul>
     <li><a href="shorewall_setup_guide.htm#NonRouted">5.2 Non-routed</a>
        <ul>
    <li><a href="shorewall_setup_guide.htm#NonRouted">5.2 Non-routed</a><ul>
       <li><a href="shorewall_setup_guide.htm#SNAT">5.2.1 SNAT</a></li>
       <li><a href="shorewall_setup_guide.htm#DNAT">5.2.2 DNAT</a></li>
       <li><a href="shorewall_setup_guide.htm#ProxyARP">5.2.3 Proxy ARP</a></li>
       <li><a href="shorewall_setup_guide.htm#NAT">5.2.4 Static NAT</a></li>
        </ul>
     </li>
     <li><a href="shorewall_setup_guide.htm#Rules">5.3 Rules</a></li>
     <li><a href="shorewall_setup_guide.htm#OddsAndEnds">5.4 Odds and Ends</a></li>
    </ul>
   </li>
   <li><a href="shorewall_setup_guide.htm#DNS">6.0 DNS</a></li>
-  <li><a href="shorewall_setup_guide.htm#StartingAndStopping">7.0 Starting and 
+   <li><a href="shorewall_setup_guide.htm#StartingAndStopping">7.0 Starting
-  Stopping the Firewall</a></li>
+and    Stopping the Firewall</a></li>
 </ul>
 <h2><a name="Documentation"></a>Additional Documentation</h2>
-<p>The following documentation covers a variety of topics and supplements the 
+ 
-<a href="shorewall_quickstart_guide.htm">QuickStart Guides</a> described above.</p>
+<p>The following documentation covers a variety of topics and supplements
 the  <a href="shorewall_quickstart_guide.htm">QuickStart Guides</a> described
 above.</p>
 <ul>
   <li><a href="blacklisting_support.htm">Blacklisting</a>
    <ul>
  <li><a href="blacklisting_support.htm">Blacklisting</a><ul>
     <li>Static Blacklisting using /etc/shorewall/blacklist</li>
     <li>Dynamic Blacklisting using /sbin/shorewall</li>
    </ul>
   </li>
-  <li><a href="configuration_file_basics.htm">Common configuration file features</a><ul>
+   <li><a href="configuration_file_basics.htm">Common configuration file
 features</a>
    <ul>
     <li>Comments in configuration files</li>
     <li>Line Continuation</li>
     <li>Port Numbers/Service Names</li>
@ -91,11 +128,12 @@ explained in the single-address guides above.</p>
     <li>Complementing an IP address or Subnet</li>
     <li>Shorewall Configurations (making a test configuration)</li>
     <li>Using MAC Addresses in Shorewall</li>
    </ul>
   </li>
-  <li><a href="Documentation.htm">Configuration File Reference Manual</a><ul>
+   <li><a href="Documentation.htm">Configuration File Reference Manual</a>
-    <li>
+    <ul>
-  <a href="Documentation.htm#Variables">params</a></li>
+     <li>   <a href="Documentation.htm#Variables">params</a></li>
     <li><font color="#000099"><a href="Documentation.htm#Zones">zones</a></font></li>
     <li><font color="#000099"><a href="Documentation.htm#Interfaces">interfaces</a></font></li>
     <li><font color="#000099"><a href="Documentation.htm#Hosts">hosts</a></font></li>
@ -113,43 +151,52 @@ explained in the single-address guides above.</p>
     <li><a href="Documentation.htm#Blacklist">blacklist</a></li>
     <li><a href="Documentation.htm#rfc1918">rfc1918</a></li>
     <li><a href="Documentation.htm#Routestopped">routestopped</a></li>
    </ul>
   </li>
   <li><a href="dhcp.htm">DHCP</a></li>
-  <li><font color="#000099"><a href="shorewall_extension_scripts.htm">Extension Scripts</a></font> 
+   <li><font color="#000099"><a href="shorewall_extension_scripts.htm">Extension
-  (How to extend Shorewall without modifying Shorewall code)</li>
+Scripts</a></font>    (How to extend Shorewall without modifying Shorewall
 code)</li>
   <li><a href="fallback.htm">Fallback/Uninstall</a></li>
   <li><a href="shorewall_firewall_structure.htm">Firewall Structure</a></li>
   <li><font color="#000099"><a href="kernel.htm">Kernel Configuration</a></font></li>
-  <li><a href="myfiles.htm">My
+   <li><a href="myfiles.htm">My  Configuration Files</a> (How I personally
- Configuration Files</a> (How I personally use Shorewall)</li>
+use Shorewall)</li>
-  <li><a href="ports.htm">Port Information</a><ul>
+   <li><a href="ports.htm">Port Information</a>
    <ul>
     <li>Which applications use which ports</li>
     <li>Ports used by Trojans</li>
    </ul>
   </li>
   <li><a href="ProxyARP.htm">Proxy ARP</a></li>
   <li><a href="samba.htm">Samba</a></li>
-  <li><font color="#000099"><a href="starting_and_stopping_shorewall.htm">Starting/stopping the Firewall</a></font></li>
+   <li><font color="#000099"><a
 href="starting_and_stopping_shorewall.htm">Starting/stopping the Firewall</a></font></li>
   <li><font color="#000099"><a href="NAT.htm">Static NAT</a></font></li>
   <li><a href="traffic_shaping.htm">Traffic Shaping/Control</a></li>
-  <li>VPN<ul>
+   <li>VPN
    <ul>
     <li><a href="IPSEC.htm">IPSEC</a></li>
     <li><a href="IPIP.htm">GRE and IPIP</a></li>
     <li><a href="PPTP.htm">PPTP</a></li>
-    <li><a href="VPN.htm">IPSEC/PPTP</a> from a system behind your firewall to a 
+     <li><a href="VPN.htm">IPSEC/PPTP</a> from a system behind your firewall
-    remote network.</li>
+to a      remote network.</li>
    </ul>
   </li>
   <li><a href="whitelisting_under_shorewall.htm">White List Creation</a></li>
 </ul>
-<p>If you use one of these guides and have a suggestion for improvement
+ 
-<a href="mailto:webmaster@shorewall.net">please let me know</a>.</p>
+<p>If you use one of these guides and have a suggestion for improvement <a
-<p><font size="2">Last modified 8/29/2002 -
+ href="mailto:webmaster@shorewall.net">please let me know</a>.</p>
-<a href="file:///J:/Shorewall/Shorewall-docs/support.htm">Tom Eastep</a></font></p>
+ 
 <p><font size="2">Last modified 9/16/2002 - <a
 href="file:///J:/Shorewall/Shorewall-docs/support.htm">Tom Eastep</a></font></p>
 <p><a href="copyright.htm"><font size="2">Copyright  2002 Thomas M. Eastep</font></a></p>
-
+  <br>
 </body>
 </html>
--- a/STABLE/documentation/support.htm
+++ b/STABLE/documentation/support.htm
@ -1,135 +1,147 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
 <head>
  <meta http-equiv="Content-Language" content="en-us">
-<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
+ 
  <meta http-equiv="Content-Type"
 content="text/html; charset=windows-1252">
  <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
  <meta name="ProgId" content="FrontPage.Editor.Document">
  <title>Support</title>
  <meta name="Microsoft Theme" content="none">
 </head>
  <body>
-<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+<table border="0" cellpadding="0" cellspacing="0"
 style="border-collapse: collapse;" width="100%" id="AutoNumber1"
 bgcolor="#400169" height="90">
   <tbody>
    <tr>
     <td width="100%">     
-    <h1 align="center"><font color="#FFFFFF">Shorewall Support</font></h1>
+      <h1 align="center"><font color="#ffffff">Shorewall Support</font></h1>
     </td>
   </tr>
  </tbody>
 </table>
-<h3 align="left"> <span style="font-weight: 400"><i>
+<h3 align="left"> <span style="font-weight: 400;"><i> "<font size="3">It
-&quot;<font size="3">It is easier to post a problem than to use your own brain&quot;
+is easier to post a problem than to use your own brain" </font>-- </i> <font
-</font>-- </i>
+ size="2">Weitse Venema (creator of <a href="http://www.postfix.org">Postfix</a>)</font></span></h3>
 <font size="2">Weitse Venema (creator of Postfix)</font></span></h3>
-<p align="left"> <i>&quot;Any sane computer with tell you how it works -- you just 
+<p align="left"> <i>"Any sane computer with tell you how it works -- you
-have to ask it the right questions&quot; </i>-- <font size="2">Tom Eastep</font></p>
+just  have to ask it the right questions" </i>-- <font size="2">Tom Eastep</font></p>
 <blockquote> </blockquote>
 <p><span style="font-weight: 400;"><i>"It irks me when people believe that
 free software        comes at no cost. The cost is incredibly high."</i>
 - <font size="2">       Weitse Venema</font></span></p>
 <h3 align="left">Before Reporting a Problem</h3>
 <p>There are a number of sources for problem solution information.</p>
 <ul>
   <li>The <a href="FAQ.htm">FAQ</a> has solutions to common problems.</li>
-  <li>The <a href="troubleshoot.htm">Troubleshooting</a> Information contains a 
+   <li>The <a href="troubleshoot.htm">Troubleshooting</a> Information contains
-  number of tips to help you solve common problems.</li>
+a    number of tips to help you solve common problems.</li>
   <li>The <a href="errata.htm">   Errata</a> has links to download updated
   components.</li>
   <li>The Mailing List Archives are a useful source of problem solving  
 information.</li>
 </ul>
 <blockquote> 
-<p>The archives from the  mailing List are at <a href="http://www.shorewall.net/pipermail/shorewall-users">http://www.shorewall.net/pipermail/shorewall-users</a>.</p>
+  <p>The archives from the  mailing List are at <a
 href="http://www.shorewall.net/pipermail/shorewall-users">http://www.shorewall.net/pipermail/shorewall-users</a>.</p>
  <h3>Search the  Mailing List Archives at Shorewall.net</h3>
-<form method="POST" action="http://www.shorewall.net/cgi-bin/htsearch">
+  <form method="post" action="http://www.shorewall.net/cgi-bin/htsearch"> 
-<p>
+    <p> <font size="-1"> Match: 
-<font size="-1">
+    <select name="method">
-Match: <select name="method">
+    <option value="and">All </option>
-<option value="and">All
+    <option value="or">Any </option>
-<option value="or">Any
+    <option value="boolean">Boolean </option>
 <option value="boolean">Boolean
    </select>
-Format: <select name="format">
+ Format: 
-<option value="builtin-long">Long
+    <select name="format">
-<option value="builtin-short">Short
+    <option value="builtin-long">Long </option>
    <option value="builtin-short">Short </option>
    </select>
-Sort by: <select name="sort">
+ Sort by: 
-<option value="score">Score
+    <select name="sort">
-<option value="time">Time
+    <option value="score">Score </option>
-<option value="title">Title
+    <option value="time">Time </option>
-<option value="revscore">Reverse Score
+    <option value="title">Title </option>
-<option value="revtime">Reverse Time
+    <option value="revscore">Reverse Score </option>
-<option value="revtitle">Reverse Title
+    <option value="revtime">Reverse Time </option>
    <option value="revtitle">Reverse Title </option>
    </select>
-</font>
+ </font> <input type="hidden" name="config" value="htdig"> <input
-<input type="hidden" name="config" value="htdig">
+ type="hidden" name="restrict"
-<input type="hidden" name="restrict" value="[http://www.shorewall.net/pipermail/.*]">
+ value="[http://www.shorewall.net/pipermail/.*]"> <input type="hidden"
-<input type="hidden" name="exclude" value="">
+ name="exclude" value=""> <br>
-<br>
+ Search: <input type="text" size="30" name="words" value=""> <input
-Search:
+ type="submit" value="Search"> </p>
 <input type="text" size="30" name="words" value="">
 <input type="submit" value="Search"> </p>
 </form>
                                </blockquote>
-      <h3 align="Left">Problem Reporting Guidelines</h3>
+<h3 align="left">Problem Reporting Guidelines</h3>
 <ul>
   <li>When reporting a problem, give as much information as you can. Reports 
-that say "I tried XYZ and it didn't work&quot; are not at all helpful.</li>
+that say "I tried XYZ and it didn't work" are not at all helpful.</li>
   <li>Please don't describe your environment and then ask us to send you 
-          custom configuration files. We're here to answer your questions but we
+          custom configuration files. We're here to answer your questions
-          can't do your job for you.</li>
+but we           can't do your job for you.</li>
-  <li>Do you see any "Shorewall" messages in     /var/log/messages when you exercise
+   <li>Do you see any "Shorewall" messages in     /var/log/messages when
-the function that is giving you problems?</li>
+you exercise the function that is giving you problems?</li>
-  <li>Have you looked at the packet flow with a tool like tcpdump     to try to
+   <li>Have you looked at the packet flow with a tool like tcpdump     to
-understand what is going on?</li>
+try to understand what is going on?</li>
-  <li>Have you tried using the diagnostic capabilities of the     application that
+   <li>Have you tried using the diagnostic capabilities of the     application
-isn't working? For example, if "ssh" isn't able     to connect, using the
+that isn't working? For example, if "ssh" isn't able     to connect, using
-"-v" option gives you a lot of valuable     diagnostic information.</li>
+the "-v" option gives you a lot of valuable     diagnostic information.</li>
-  <li>Please include any of the Shorewall configuration files (especially the 
+   <li>Please include any of the Shorewall configuration files (especially
-  /etc/shorewall/hosts file if you have modified that file) that you think are 
+the    /etc/shorewall/hosts file if you have modified that file) that you
-  relevant. If an error occurs when you try to &quot;shorewall start&quot;, include a 
+think are    relevant. If an error occurs when you try to "shorewall start",
-  trace (See the <a href="troubleshoot.htm">Troubleshooting</a> section for 
+include a    trace (See the <a href="troubleshoot.htm">Troubleshooting</a>
-  instructions).</li>
+section for    instructions).</li>
   <li>The list server limits posts to 120kb so don't post GIFs of your 
         network layout, etc to the Mailing List -- your post will be rejected.</li>
 </ul>
-<h3>Where to Send your Problem
+ 
-Report or to Ask for Help</h3>
+<h3>Where to Send your Problem Report or to Ask for Help</h3>
-<h4>If you run Shorewall under Bering -- <span style="font-weight: 400">please 
+ 
-post your question or problem to the
+<h4>If you run Shorewall under Bering -- <span style="font-weight: 400;">please
-<a href="mailto:leaf-user@lists.sourceforge.net">LEAF Users mailing list</a>.</span></h4>
+ post your question or problem to the <a
-<p>Otherwise, please post your question or problem to the
+ href="mailto:leaf-user@lists.sourceforge.net">LEAF Users mailing list</a>.</span></h4>
-<a href="mailto:shorewall-users@shorewall.net">Shorewall users mailing list</a>; 
+ 
 <p>Otherwise, please post your question or problem to the <a
 href="mailto:shorewall-users@shorewall.net">Shorewall users mailing list</a>;
 there are lots of folks there who are willing to help you. Your question/problem
-description and their responses will be placed in the mailing list archives to 
+ description and their responses will be placed in the mailing list archives
-help people who have a similar question or problem in the future.</p>
+to  help people who have a similar question or problem in the future.</p>
 <blockquote>
 <h3><span style="font-weight: 400"><i>&quot;It irks me when people believe that free software 
      comes at no cost. The cost is incredibly high.&quot;</i> - <font size="2">
      Weitse Venema</font></span></h3>
 </blockquote>
- <p><b>I'm not available</b></p>
+<p>I don't look at problems sent to me directly but I try to spend some amount
 of time each day responding to problems posted on the mailing list.</p>
- <p>I'm currently on vacation&nbsp; -- please respect my need for a couple of 
+<p align="center"><a href="mailto:teastep@shorewall.net">-Tom</a></p>
 weeks free of Shorewall problem reports.</p>
- <p>-Tom</p>
+<p>To Subscribe to the  mailing list go to <a
-                              
+ href="http://www.shorewall.net/mailman/listinfo/shorewall-users">http://www.shorewall.net/mailman/listinfo/shorewall-users</a> 
 <p>To Subscribe to the  mailing list go to <a href="http://www.shorewall.net/mailman/listinfo/shorewall-users">http://www.shorewall.net/mailman/listinfo/shorewall-users</a>
    .</p>
-<p align="left"><font size="2">Last Updated 9/1/2002 - Tom
+<p align="left"><font size="2">Last Updated 9/14/2002 - Tom Eastep</font></p>
 Eastep</font></p>
 <p align="left"><font face="Trebuchet MS"><a href="copyright.htm">
 <font size="2">Copyright</font> © <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></p>
 <p align="left"><font face="Trebuchet MS"><a href="copyright.htm"> <font
 size="2">Copyright</font> © <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></p>
  <br>
 </body>
 </html>
--- a/STABLE/documentation/three-interface.htm
+++ b/STABLE/documentation/three-interface.htm
--- a/STABLE/documentation/troubleshoot.htm
+++ b/STABLE/documentation/troubleshoot.htm
@ -127,9 +127,16 @@ policy</li>
  <ul>
    <li>Seeing rejected/dropped packets logged out of the INPUT or FORWARD 
-    chains? This means that your zone definitions are screwed up and the host 
+    chains? This means that:<ol>
-    that is sending the packets isn't in any zone (using a /etc/shorewall/hosts 
+      <li>your zone definitions are screwed up and the host that is sending the 
-    file are you?).</li>
+      packets or the destination host isn't in any zone (using an
      <a href="Documentation.htm#Hosts">/etc/shorewall/hosts</a> file are you?); 
      or</li>
      <li>the source and destination hosts are both connected to the same 
      interface and that interface doesn't have the 'multi' option specified in
      <a href="Documentation.htm#Interfaces">/etc/shorewall/interfaces</a>.</li>
    </ol>
    </li>
    <li>Remember that Shorewall doesn't automatically allow ICMP     type 8 ("ping")
 requests to be sent between zones. If you want     pings to be allowed between
 zones, you need a rule of the form:<br>
@ -187,7 +194,7 @@ ADD_IP_ALIASES</a>
     </font>
-        <p><font size="2">Last updated 8/29/2002 -
+        <p><font size="2">Last updated 9/13/2002 -
 Tom Eastep</font>
 </p>
--- a/STABLE/documentation/two-interface.htm
+++ b/STABLE/documentation/two-interface.htm