mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-02 19:49:08 +01:00
More Doc updates
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1956 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
97d46d35de
commit
426f6b0f4a
@ -1751,7 +1751,7 @@ alias ipt_pkttype off</programlisting>
|
|||||||
<listitem>
|
<listitem>
|
||||||
<para>Netfilter/iptables doesn't fully support IPSEC in the 2.6
|
<para>Netfilter/iptables doesn't fully support IPSEC in the 2.6
|
||||||
Kernels -- kernel and iptables patches are available and the details
|
Kernels -- kernel and iptables patches are available and the details
|
||||||
may be found at the <ulink url="IPSEC-2.6.htm">Shorewall IPSEC-2.6
|
may be found at the <ulink url="IPSEC-2.6.html">Shorewall IPSEC-2.6
|
||||||
page</ulink>.</para>
|
page</ulink>.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
|
|||||||
@ -536,6 +536,9 @@ sainfo <emphasis role="bold">anonymous</emphasis>
|
|||||||
spdflush;</programlisting>
|
spdflush;</programlisting>
|
||||||
</blockquote>
|
</blockquote>
|
||||||
|
|
||||||
|
<para>If system A is running kernel 2.6.10 or later then it must also be
|
||||||
|
running ipsec-tools (racoon) 0.5rc1 or later.</para>
|
||||||
|
|
||||||
<para>On the mobile system (system B), it is not possible to create a
|
<para>On the mobile system (system B), it is not possible to create a
|
||||||
static IPSEC configuration because the IP address of the laptop's
|
static IPSEC configuration because the IP address of the laptop's
|
||||||
internet connection isn't static. I have created an 'ipsecvpn' script
|
internet connection isn't static. I have created an 'ipsecvpn' script
|
||||||
|
|||||||
@ -15,10 +15,10 @@
|
|||||||
</author>
|
</author>
|
||||||
</authorgroup>
|
</authorgroup>
|
||||||
|
|
||||||
<pubdate>2004-12-16</pubdate>
|
<pubdate>2005-02-11</pubdate>
|
||||||
|
|
||||||
<copyright>
|
<copyright>
|
||||||
<year>2001-2004</year>
|
<year>2001-2005</year>
|
||||||
|
|
||||||
<holder>Thomas M. Eastep</holder>
|
<holder>Thomas M. Eastep</holder>
|
||||||
</copyright>
|
</copyright>
|
||||||
@ -127,7 +127,7 @@
|
|||||||
|
|
||||||
<graphic align="center" fileref="images/proxyarp1.png" />
|
<graphic align="center" fileref="images/proxyarp1.png" />
|
||||||
|
|
||||||
<para>It the diagram above, <filename class="devicefile">eth1</filename>
|
<para>In the diagram above, <filename class="devicefile">eth1</filename>
|
||||||
has been given the address 130.252.100.17, the same as
|
has been given the address 130.252.100.17, the same as
|
||||||
<filename>eth0</filename>. Note though that the VLSM is 32 so there is no
|
<filename>eth0</filename>. Note though that the VLSM is 32 so there is no
|
||||||
network associated with this address. This is the approach <ulink
|
network associated with this address. This is the approach <ulink
|
||||||
|
|||||||
@ -13,7 +13,7 @@
|
|||||||
</author>
|
</author>
|
||||||
</authorgroup>
|
</authorgroup>
|
||||||
|
|
||||||
<pubdate>2005-02-01</pubdate>
|
<pubdate>2005-02-11</pubdate>
|
||||||
|
|
||||||
<copyright>
|
<copyright>
|
||||||
<year>2001-2005</year>
|
<year>2001-2005</year>
|
||||||
@ -112,6 +112,22 @@
|
|||||||
<section>
|
<section>
|
||||||
<title>Problems in Version 2.0</title>
|
<title>Problems in Version 2.0</title>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>Shorewall 2.0.15-2.0.16</title>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>If the "rejNotSyn" action is invoked, an error occurs at
|
||||||
|
startup.</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
<para>Corrected in <ulink
|
||||||
|
url="http://shorewall.net/pub/shorewall/errata/2.0.16/firewall">this
|
||||||
|
firewall script</ulink> which may be installed in
|
||||||
|
/usr/share/shorewall/firewall as described above.</para>
|
||||||
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>Shorewall 2.0.12</title>
|
<title>Shorewall 2.0.12</title>
|
||||||
|
|
||||||
|
|||||||
@ -15,10 +15,10 @@
|
|||||||
</author>
|
</author>
|
||||||
</authorgroup>
|
</authorgroup>
|
||||||
|
|
||||||
<pubdate>2004-09-12</pubdate>
|
<pubdate>2005-02-12</pubdate>
|
||||||
|
|
||||||
<copyright>
|
<copyright>
|
||||||
<year>2002-2004</year>
|
<year>2002-2005</year>
|
||||||
|
|
||||||
<holder>Thomas M. Eastep</holder>
|
<holder>Thomas M. Eastep</holder>
|
||||||
</copyright>
|
</copyright>
|
||||||
@ -603,13 +603,8 @@ fw net ACCEPT</programlisting>
|
|||||||
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
|
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
|
||||||
|
|
||||||
<para>If you are using the Debian package, please check your
|
<para>If you are using the Debian package, please check your
|
||||||
<filename>shorewall.conf</filename> file to ensure that the following are
|
<filename>shorewall.conf</filename> file to ensure that the following is
|
||||||
set correctly; if they are not, change them appropriately: <itemizedlist>
|
set correctly; if it is not, change it appropriately: <itemizedlist>
|
||||||
<listitem>
|
|
||||||
<para><varname>NAT_ENABLED=Yes</varname> (Shorewall versions earlier
|
|
||||||
than 1.4.6)</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para><varname>IP_FORWARDING=On</varname></para>
|
<para><varname>IP_FORWARDING=On</varname></para>
|
||||||
</listitem>
|
</listitem>
|
||||||
@ -764,8 +759,8 @@ AllowDNS fw dmz:10.10.11.1 </programlisting></para>
|
|||||||
|
|
||||||
<para>In the rules shown above, <quote>AllowDNS</quote> is an example of a
|
<para>In the rules shown above, <quote>AllowDNS</quote> is an example of a
|
||||||
<emphasis>defined action</emphasis>. Shorewall includes a number of
|
<emphasis>defined action</emphasis>. Shorewall includes a number of
|
||||||
defined actions and <ulink url="Actions.html">you can add
|
defined actions and <ulink url="Actions.html">you can add your
|
||||||
your own</ulink>. To see the list of actions included with your version of
|
own</ulink>. To see the list of actions included with your version of
|
||||||
Shorewall, look in the file
|
Shorewall, look in the file
|
||||||
<filename>/usr/share/shorewall/actions.std</filename>. Those actions that
|
<filename>/usr/share/shorewall/actions.std</filename>. Those actions that
|
||||||
accept connection requests have names that begin with
|
accept connection requests have names that begin with
|
||||||
@ -975,4 +970,4 @@ ACCEPT net fw tcp 80 </programlisting><it
|
|||||||
Features</ulink> page -- it contains helpful tips about Shorewall features
|
Features</ulink> page -- it contains helpful tips about Shorewall features
|
||||||
than make administering your firewall easier.</para>
|
than make administering your firewall easier.</para>
|
||||||
</section>
|
</section>
|
||||||
</article>
|
</article>
|
||||||
@ -12,7 +12,7 @@
|
|||||||
<surname>Eastep</surname>
|
<surname>Eastep</surname>
|
||||||
</author>
|
</author>
|
||||||
|
|
||||||
<pubdate>2004-09-06</pubdate>
|
<pubdate>2005-02-02</pubdate>
|
||||||
|
|
||||||
<copyright>
|
<copyright>
|
||||||
<year>2002</year>
|
<year>2002</year>
|
||||||
@ -21,6 +21,8 @@
|
|||||||
|
|
||||||
<year>2004</year>
|
<year>2004</year>
|
||||||
|
|
||||||
|
<year>2005</year>
|
||||||
|
|
||||||
<holder>Thomas M. Eastep</holder>
|
<holder>Thomas M. Eastep</holder>
|
||||||
</copyright>
|
</copyright>
|
||||||
|
|
||||||
@ -578,14 +580,9 @@ fw net ACCEPT</programlisting> The above policy will:
|
|||||||
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
|
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
|
||||||
|
|
||||||
<para>If you are using the Debian package, please check your
|
<para>If you are using the Debian package, please check your
|
||||||
<filename>shorewall.conf</filename> file to ensure that the following are
|
<filename>shorewall.conf</filename> file to ensure that the following is
|
||||||
set correctly; if they are not, change them appropriately: <itemizedlist
|
set correctly; if it is not, change it appropriately: <itemizedlist
|
||||||
spacing="compact">
|
spacing="compact">
|
||||||
<listitem>
|
|
||||||
<para><varname>NAT_ENABLED=Yes</varname> (Shorewall versions earlier
|
|
||||||
than 1.4.6)</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para><varname>IP_FORWARDING=On</varname></para>
|
<para><varname>IP_FORWARDING=On</varname></para>
|
||||||
</listitem>
|
</listitem>
|
||||||
@ -727,8 +724,8 @@ AllowDNS fw net</programlisting>This rule allows
|
|||||||
|
|
||||||
<para>In the rule shown above, <quote>AllowDNS</quote> is an example of a
|
<para>In the rule shown above, <quote>AllowDNS</quote> is an example of a
|
||||||
<emphasis>defined action</emphasis>. Shorewall includes a number of
|
<emphasis>defined action</emphasis>. Shorewall includes a number of
|
||||||
defined actions and <ulink url="Actions.html">you can add
|
defined actions and <ulink url="Actions.html">you can add your
|
||||||
your own</ulink>. To see the list of actions included with your version of
|
own</ulink>. To see the list of actions included with your version of
|
||||||
Shorewall, look in the file
|
Shorewall, look in the file
|
||||||
<filename>/usr/share/shorewall/actions.std</filename>. Those actions that
|
<filename>/usr/share/shorewall/actions.std</filename>. Those actions that
|
||||||
accept connection requests have names that begin with
|
accept connection requests have names that begin with
|
||||||
@ -985,4 +982,4 @@ eth0 wlan0</programlisting>
|
|||||||
requires the rules listed in the <ulink url="samba.htm">Shorewall/Samba
|
requires the rules listed in the <ulink url="samba.htm">Shorewall/Samba
|
||||||
documentation</ulink>.</para>
|
documentation</ulink>.</para>
|
||||||
</section>
|
</section>
|
||||||
</article>
|
</article>
|
||||||
Loading…
Reference in New Issue
Block a user