mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-21 23:23:13 +01:00
Add 2.6.16 Kernel configuration information
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4106 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
bbc0c27de0
commit
42b8335cba
BIN
docs/images/kernel-2.6.16-1.png
Normal file
BIN
docs/images/kernel-2.6.16-1.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 87 KiB |
BIN
docs/images/kernel-2.6.16-2.png
Normal file
BIN
docs/images/kernel-2.6.16-2.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 56 KiB |
@ -243,4 +243,23 @@ CONFIG_BRIDGE_NF_EBTABLES=m
|
||||
</programlisting>
|
||||
</blockquote>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Kernel 2.6.16 and Later Netfilter Options</title>
|
||||
|
||||
<para>Here's a screenshot of my modularized 2.6.16 Kernel config
|
||||
(Navigation: Networking → Networking Options → Network Packet Filtering
|
||||
(replaces ipchains) → Core Netfilter configuration):</para>
|
||||
|
||||
<graphic align="center" fileref="images/kernel-2.6.16-1.png" />
|
||||
|
||||
<para>Note that is is particularly important to select "Netfilter Xtables
|
||||
support (required for ip_tables).</para>
|
||||
|
||||
<para>Here's a screenshot of the IP Netfilter config (Navigation:
|
||||
Networking → Networking Options → Network Packet Filtering (replaces
|
||||
ipchains) → IP: Netfilter configuration):</para>
|
||||
|
||||
<graphic align="center" fileref="images/kernel-2.6.16-2.png" />
|
||||
</section>
|
||||
</article>
|
@ -672,7 +672,7 @@
|
||||
<term>clear</term>
|
||||
|
||||
<listitem>
|
||||
<para><command>shorewall clear</command></para>
|
||||
<para><command>shorewall[-lite] clear</command></para>
|
||||
|
||||
<para>Clear will remove all rules and chains installed by Shorewall.
|
||||
The firewall is then wide open and unprotected. Existing connections
|
||||
@ -792,7 +792,7 @@
|
||||
<term>dump</term>
|
||||
|
||||
<listitem>
|
||||
<para><command>shorewall[-lite] [ -x ] dump</command></para>
|
||||
<para><command>shorewall[-lite] dump</command></para>
|
||||
|
||||
<para>Produce a verbose report about the firewall.</para>
|
||||
|
||||
@ -919,7 +919,7 @@
|
||||
<term>refresh (Not supported by Shorewall Lite)</term>
|
||||
|
||||
<listitem>
|
||||
<para><command>shorewall [ -q ] refresh</command></para>
|
||||
<para><command>shorewall refresh</command></para>
|
||||
|
||||
<para>The rules involving the broadcast addresses of firewall
|
||||
interfaces, the black list and ECN control rules are recreated to
|
||||
@ -996,7 +996,7 @@
|
||||
<term>restart</term>
|
||||
|
||||
<listitem>
|
||||
<para><command>shorewall[-lite] [ -q ] restart
|
||||
<para><command>shorewall[-lite] restart
|
||||
<configuration-directory></command></para>
|
||||
|
||||
<para>Restart is similar to <command>shorewall stop</command>
|
||||
@ -1010,7 +1010,7 @@
|
||||
<term>restore</term>
|
||||
|
||||
<listitem>
|
||||
<para><command>shorewall[-lite] [ -q ] restore [ <filename>
|
||||
<para><command>shorewall[-lite] restore [ <filename>
|
||||
]</command></para>
|
||||
|
||||
<para>Restore Shorewall to a state saved using the
|
||||
@ -1030,7 +1030,7 @@
|
||||
<term>safe-restart (Not supported by Shorewall Lite)</term>
|
||||
|
||||
<listitem>
|
||||
<para><command>shorewall [ -q ] safe-restart [ <filename>
|
||||
<para><command>shorewall safe-restart [ <filename>
|
||||
]</command></para>
|
||||
|
||||
<para>Only allowed if Shorewall is running. The current
|
||||
@ -1049,7 +1049,7 @@
|
||||
<term>safe-start (Not supported by Shorewall Lite)</term>
|
||||
|
||||
<listitem>
|
||||
<para><command>shorewall [ -q ] safe-start [ <filename>
|
||||
<para><command>shorewall safe-start [ <filename>
|
||||
]</command></para>
|
||||
|
||||
<para>Shorewall is started normally. You will then be prompted
|
||||
@ -1082,27 +1082,25 @@
|
||||
<term>show</term>
|
||||
|
||||
<listitem>
|
||||
<para><command>shorewall [ -x ] show actions (Not supported by
|
||||
Shorewall Lite)</command> — produces a list of actions available on
|
||||
the system.</para>
|
||||
<para><command>shorewall show actions (Not supported by Shorewall
|
||||
Lite)</command> — produces a list of actions available on the
|
||||
system.</para>
|
||||
|
||||
<para><command>shorewall[-lite] [ -x ] show [ <chain> [
|
||||
<chain> ...]
|
||||
|classifiers|connections|log|nat|tc|tos]</command></para>
|
||||
<para><command>shorewall[-lite] show [ <chain> [ <chain>
|
||||
...] |classifiers|connections|log|nat|tc|tos]</command></para>
|
||||
|
||||
<para><command>shorewall[-lite] [ -x ] show <chain> [
|
||||
<chain> ... ] </command> - produce a verbose report about the
|
||||
Netfilter chain(s). (<command>iptables -L chain -n
|
||||
<para><command>shorewall[-lite] show <chain> [ <chain>
|
||||
... ] </command> - produce a verbose report about the Netfilter
|
||||
chain(s). (<command>iptables -L chain -n -v</command>)</para>
|
||||
|
||||
<para><command>shorewall[-lite] show mangle</command> - produce a
|
||||
verbose report about the mangle table. (<command>iptables -t mangle
|
||||
-L -n -v</command>)</para>
|
||||
|
||||
<para><command>shorewall[-lite] show nat</command> - produce a
|
||||
verbose report about the nat table. (<command>iptables -t nat -L -n
|
||||
-v</command>)</para>
|
||||
|
||||
<para><command>shorewall[-lite] [ -x ] show mangle</command> -
|
||||
produce a verbose report about the mangle table. (<command>iptables
|
||||
-t mangle -L -n -v</command>)</para>
|
||||
|
||||
<para><command>shorewall[-lite] [ -x ] show nat</command> - produce
|
||||
a verbose report about the nat table. (<command>iptables -t nat -L
|
||||
-n -v</command>)</para>
|
||||
|
||||
<para><command>shorewall[-lite] show [- m ] log</command> - display
|
||||
the last 20 packet log entries. The '-m' option is available in
|
||||
Shorewall version 3.2.0 Beta5 and later and causes the MAC address
|
||||
@ -1139,7 +1137,7 @@
|
||||
<term>start</term>
|
||||
|
||||
<listitem>
|
||||
<para><command>shorewall[-lite] [ -q ] [ -f ] start [
|
||||
<para><command>shorewall[-lite] [ -f ] start [
|
||||
<configuration-directory> ]</command></para>
|
||||
|
||||
<para>Start shorewall. Existing connections through shorewall
|
||||
|
Loading…
Reference in New Issue
Block a user