extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-03 03:59:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Document updates for IPv6 and Shorewall Lite

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-02-13 06:58:22 -08:00
parent f44becdee1
commit 394850e68e
2 changed files with 28 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
docs/IPv6Support.xml
View File

@ -400,15 +400,18 @@
<term>Specifying Addresses</term> <term>Specifying Addresses</term>
<listitem> <listitem>
<para>Shorewall follows the usual convention of distinguishing IPv6
address by enclosing them in square brackets ("[" and "]").</para>
<para>Anywhere that an address or address list follows a colon <para>Anywhere that an address or address list follows a colon
(":"), the address or list may be enclosed in angled brackets (":"), the address or list may be enclosed in square brackets to
("&lt;" and "&gt;") to improve readability.</para> improve readability.</para>
<para>Example (<filename>/etc/shorewall6/rules</filename>):</para> <para>Example (<filename>/etc/shorewall6/rules</filename>):</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST <programlisting>#ACTION SOURCE DEST PROTO DEST
# PORT(S) # PORT(S)
ACCEPT net $FW:&lt;2002:ce7c:92b4::3&gt; tcp 22</programlisting> ACCEPT net $FW:[2002:ce7c:92b4::3] tcp 22</programlisting>
<para>When the colon is preceeded by an interface name, <para>When the colon is preceeded by an interface name,
<emphasis>the angle brackets are required</emphasis>. This is true <emphasis>the angle brackets are required</emphasis>. This is true
@ -418,22 +421,28 @@ ACCEPT net $FW:&lt;2002:ce7c:92b4::3&gt; tcp
<programlisting>#ACTION SOURCE DEST PROTO DEST <programlisting>#ACTION SOURCE DEST PROTO DEST
# PORT(S) # PORT(S)
ACCEPT net:wlan0:&lt;2002:ce7c:92b4::3&gt; tcp 22</programlisting> ACCEPT net:wlan0:[2002:ce7c:92b4::3] tcp 22</programlisting>
<para>Beginning with Shorewall 4.4.6 and 4.5.4, square brackets ("[" <para>Prior to Shorewall 4.5.4, angled brackets ("&lt;" and "&gt;")
and "]") may also be used.</para> were used. While these are still accepted, their use is deprecated
in favor of square brackets.</para>
<para>Example (<filename>/etc/shorewall6/rules</filename>):</para> <para>Example (<filename>/etc/shorewall6/rules</filename>):</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST <programlisting>#ACTION SOURCE DEST PROTO DEST
# PORT(S) # PORT(S)
ACCEPT net:wlan0:[2002:ce7c:92b4::3] tcp 22</programlisting> ACCEPT net:wlan0:&lt;2002:ce7c:92b4::3&gt; tcp 22</programlisting>
<para>Prior to Shorewall 4.5.9, network addresses were required to <para>Prior to Shorewall 4.5.9, network addresses were required to
be enclosed in either angle brackets or square brackets (e.g. be enclosed in either angle brackets or square brackets (e.g.
[2001:470:b:787::/64]). Beginning with Shorewall 4.5.9, the more [2001:470:b:787::/64]). Beginning with Shorewall 4.5.9, the more
common representation that places the VLSM outside the brackets is common representation that places the VLSM outside the brackets is
also accepted (e.g., [2001:470:b:787::]/64).</para> accepted and preferred (e.g., [2001:470:b:787::]/64).</para>
<para>Beginning with Shorewall 4.5.14, the rules compiler translates
"&lt;" and "&gt;" to "[" and "]" respectively before parsing. So
square brackets may appear in error messages even when angled
brackets were used.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

16
docs/Shorewall-Lite.xml
View File

@ -149,20 +149,26 @@
</listitem> </listitem>
<listitem> <listitem>
<para>The <filename>/etc/shorewall/shorewall.conf</filename> file is <para>Prior to Shorewall 4.5.8, the
used to determine the VERBOSITY setting which determines how much <filename>/etc/shorewall/shorewall.conf</filename> file was used to
output the compiler generates. All other settings are taken from the determine the VERBOSITY setting which determines how much output the
compiler generates. All other settings were taken from the
<filename>shorewall.conf </filename>file in the remote systems <filename>shorewall.conf </filename>file in the remote systems
export directory.</para> export directory.</para>
<caution> <caution>
<para>If you want to be able to allow non-root users to manage <para>Prior to Shorewall 4.5.8, if you want to be able to allow
remote firewall systems, then the files non-root users to manage remote firewall systems, then the files
<filename>/etc/shorewall/params</filename> and <filename>/etc/shorewall/params</filename> and
<filename>/etc/shorewall/shorewall.conf</filename> must be <filename>/etc/shorewall/shorewall.conf</filename> must be
readable by all users on the administrative system. Not all readable by all users on the administrative system. Not all
packages secure the files that way and you may have to change the packages secure the files that way and you may have to change the
file permissions yourself.</para> file permissions yourself.</para>
<para>Prior to Shorewall 4.5.14,
<filename>/etc/shorewall/params</filename> must be readable by
non-root users or each export directory must have its own params
file.</para>
</caution> </caution>
</listitem> </listitem>