extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-22 06:10:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Document updates for IPv6 and Shorewall Lite

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-02-13 06:58:22 -08:00
parent f44becdee1
commit 394850e68e
2 changed files with 28 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
docs/IPv6Support.xml
View File

@ -400,15 +400,18 @@
<term>Specifying Addresses</term>
<listitem>
<para>Shorewall follows the usual convention of distinguishing IPv6
address by enclosing them in square brackets ("[" and "]").</para>
<para>Anywhere that an address or address list follows a colon
(":"), the address or list may be enclosed in angled brackets
("&lt;" and "&gt;") to improve readability.</para>
(":"), the address or list may be enclosed in square brackets to
improve readability.</para>
<para>Example (<filename>/etc/shorewall6/rules</filename>):</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST
# PORT(S)
ACCEPT net $FW:&lt;2002:ce7c:92b4::3&gt; tcp 22</programlisting>
ACCEPT net $FW:[2002:ce7c:92b4::3] tcp 22</programlisting>
<para>When the colon is preceeded by an interface name,
<emphasis>the angle brackets are required</emphasis>. This is true
@ -418,22 +421,28 @@ ACCEPT net $FW:&lt;2002:ce7c:92b4::3&gt; tcp
<programlisting>#ACTION SOURCE DEST PROTO DEST
# PORT(S)
ACCEPT net:wlan0:&lt;2002:ce7c:92b4::3&gt; tcp 22</programlisting>
ACCEPT net:wlan0:[2002:ce7c:92b4::3] tcp 22</programlisting>
<para>Beginning with Shorewall 4.4.6 and 4.5.4, square brackets ("["
and "]") may also be used.</para>
<para>Prior to Shorewall 4.5.4, angled brackets ("&lt;" and "&gt;")
were used. While these are still accepted, their use is deprecated
in favor of square brackets.</para>
<para>Example (<filename>/etc/shorewall6/rules</filename>):</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST
# PORT(S)
ACCEPT net:wlan0:[2002:ce7c:92b4::3] tcp 22</programlisting>
ACCEPT net:wlan0:&lt;2002:ce7c:92b4::3&gt; tcp 22</programlisting>
<para>Prior to Shorewall 4.5.9, network addresses were required to
be enclosed in either angle brackets or square brackets (e.g.
[2001:470:b:787::/64]). Beginning with Shorewall 4.5.9, the more
common representation that places the VLSM outside the brackets is
also accepted (e.g., [2001:470:b:787::]/64).</para>
accepted and preferred (e.g., [2001:470:b:787::]/64).</para>
<para>Beginning with Shorewall 4.5.14, the rules compiler translates
"&lt;" and "&gt;" to "[" and "]" respectively before parsing. So
square brackets may appear in error messages even when angled
brackets were used.</para>
</listitem>
</varlistentry>

16
docs/Shorewall-Lite.xml
View File

@ -149,20 +149,26 @@
</listitem>
<listitem>
<para>The <filename>/etc/shorewall/shorewall.conf</filename> file is
used to determine the VERBOSITY setting which determines how much
output the compiler generates. All other settings are taken from the
<para>Prior to Shorewall 4.5.8, the
<filename>/etc/shorewall/shorewall.conf</filename> file was used to
determine the VERBOSITY setting which determines how much output the
compiler generates. All other settings were taken from the
<filename>shorewall.conf </filename>file in the remote systems
export directory.</para>
<caution>
<para>If you want to be able to allow non-root users to manage
remote firewall systems, then the files
<para>Prior to Shorewall 4.5.8, if you want to be able to allow
non-root users to manage remote firewall systems, then the files
<filename>/etc/shorewall/params</filename> and
<filename>/etc/shorewall/shorewall.conf</filename> must be
readable by all users on the administrative system. Not all
packages secure the files that way and you may have to change the
file permissions yourself.</para>
<para>Prior to Shorewall 4.5.14,
<filename>/etc/shorewall/params</filename> must be readable by
non-root users or each export directory must have its own params
file.</para>
</caution>
</listitem>