extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-22 07:33:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

More documentation changes for Lite

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4082 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-06-13 00:07:00 +00:00
parent 90ad8341ba
commit 467e62de62
8 changed files with 181 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
docs/Accounting.xml
View File

@ -15,10 +15,10 @@
</author>
</authorgroup>
<pubdate>2005-11-02</pubdate>
<pubdate>2006-06-12</pubdate>
<copyright>
<year>2003-2005</year>
<year>2003-2002</year>
<holder>Thomas M. Eastep</holder>
</copyright>
@ -44,9 +44,9 @@
<para>Shorewall accounting rules are described in the file
/etc/shorewall/accounting. By default, the accounting rules are placed in a
chain called <quote>accounting</quote> and can thus be displayed using
<quote>shorewall show accounting</quote>. All traffic passing into, out of
or through the firewall traverses the accounting chain including traffic
that will later be rejected by interface options such as
<quote>shorewall[-lite] show accounting</quote>. All traffic passing into,
out of or through the firewall traverses the accounting chain including
traffic that will later be rejected by interface options such as
<quote>tcpflags</quote> and <quote>maclist</quote>. If your kernel doesn't
support the connection tracking match extension (Kernel 2.4.21) then some
traffic rejected under <quote>norfc1918</quote> will not traverse the
@ -184,8 +184,9 @@
web:COUNT - eth1 eth0 tcp - 443
DONE web</programlisting>
<para>Now <quote>shorewall show web</quote> will give you a breakdown of
your web traffic:</para>
<para>Now <quote>shorewall show web</quote> (or "shorewall-lite show web"
for Shorewall Lite users) will give you a breakdown of your web
traffic:</para>
<programlisting> [root@gateway shorewall]# shorewall show web
Shorewall-1.4.6-20030821 Chain web at gateway.shorewall.net - Wed Aug 20 09:48:56 PDT 2003
@ -212,8 +213,9 @@
COUNT web eth0 eth1
COUNT web eth1 eth0</programlisting>
<para>Now <quote>shorewall show web</quote> simply gives you a breakdown by
input and output:</para>
<para>Now <quote>shorewall show web</quote> (or "shorewall-lite show web"
for Shorewall Lite users) simply gives you a breakdown by input and
output:</para>
<programlisting> [root@gateway shorewall]# shorewall show accounting web
Shorewall-1.4.6-20030821 Chains accounting web at gateway.shorewall.net - Wed Aug 20 10:27:21 PDT 2003

32
docs/CompiledPrograms.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2006-06-10</pubdate>
<pubdate>2006-06-12</pubdate>
<copyright>
<year>2006</year>
@ -39,15 +39,9 @@
<para>Beginning with Shorewall version 3.1, Shorewall has the capability
to compile a Shorewall configuration and produce a runnable firewall
program script. The script is a complete program which can be placed in
the /etc/init.d/ directory on a system without Shorewall installed and can
serve as the firewall creation script for that system.</para>
<para>Compiled programs can also be created to instantiate special
configurations during parts of the day; for example, to disallow web
browsing between the hours of 9pm and 7AM. The program can be run as a
cron job at 9PM and another program run at 6AM to restore normal
operation.</para>
program script. The script is a complete program which can be placed on a
system with <emphasis>Shorewall Lite</emphasis> installed and can serve as
the firewall creation script for that system.</para>
<section>
<title>Restrictions</title>
@ -197,7 +191,7 @@
<para>The firewall systems do <emphasis role="bold">NOT</emphasis>
need to have the full Shorewall product installed but rather only
the Shorewall Lite product. Shorewall and Shorewall LIte may be
installed on the same system.</para>
installed on the same system but that isn't encouraged.</para>
</note>
</listitem>
@ -225,6 +219,15 @@
directory appropriately. It's a good idea to include the IP
address of the administrative system in the
<filename>routestopped</filename> file.</para>
<para>It is important to understand that with Shorewall Lite, the
firewall's configuration directory on the administrative system
acts as <filename class="directory">/etc/shorewall</filename> for
that firewall. So when the Shorewall documentation gives
instructions for placing entries in files in the firewall's
<filename class="directory">/etc/shorewall</filename>, when using
Shorewall Lite you make those changes in the firewall's
configuration directory on the administrative system.</para>
</listitem>
<listitem>
@ -348,15 +351,12 @@
<programlisting><command>shorewall stop</command></programlisting>
<para><emphasis role="bold">We strongly recommend that you uninstall
<para><emphasis role="bold">We recommend that you uninstall
Shorewall at this point.</emphasis></para>
</listitem>
<listitem>
<para>Install Shorewall Lite on the firewall system; <emphasis
role="bold">If you did not uninstall Shorewall in the previous step,
then you must switch <filename>/sbin/shorewall</filename> to
Shorewall Lite as described above.</emphasis></para>
<para>Install Shorewall Lite on the firewall system.</para>
</listitem>
<listitem>

49
docs/FAQ.xml
View File

@ -193,8 +193,8 @@ DNAT net loc:&lt;l<emphasis>ocal IP address</emphasis>&gt;[:&lt;<emphasis>
</listitem>
<listitem>
<para>As root type <quote> <command>shorewall show nat</command>
</quote></para>
<para>As root type <quote> <command>shorewall[-lite] show
nat</command> </quote></para>
</listitem>
<listitem>
@ -244,11 +244,11 @@ DNAT net loc:&lt;l<emphasis>ocal IP address</emphasis>&gt;[:&lt;<emphasis>
the connection is being dropped or rejected. If it is, then you
may have a zone definition problem such that the server is in a
different zone than what is specified in the DEST column. At a
root promt, type "<command>shorewall show zones</command>" then be
sure that in the DEST column you have specified the <emphasis
role="bold">first</emphasis> zone in the list that matches
OUT=&lt;dev&gt; and DEST= &lt;ip&gt;from the REJECT/DROP log
message.</para>
root promt, type "<command>shorewall[-lite] show zones</command>"
then be sure that in the DEST column you have specified the
<emphasis role="bold">first</emphasis> zone in the list that
matches OUT=&lt;dev&gt; and DEST= &lt;ip&gt;from the REJECT/DROP
log message.</para>
</listitem>
</itemizedlist>
</section>
@ -550,8 +550,9 @@ DNAT loc dmz:192.168.2.4 tcp 80 - $ETH0
<warning>
<para>With dynamic IP addresses, you probably don't want to use
<ulink url="starting_and_stopping_shorewall.htm"><command>shorewall
save</command> and <command>shorewall
<ulink
url="starting_and_stopping_shorewall.htm"><command>shorewall[-lite]
save</command> and <command>shorewall[-lite]
restore</command></ulink>.</para>
</warning>
</section>
@ -1063,8 +1064,8 @@ LOGBURST=""</programlisting>
<listitem>
<para>The packet has a source IP address that isn't in any of your
defined zones (<quote>shorewall check</quote> and look at the
printed zone definitions) or the chain is FORWARD and the
defined zones (<quote>shorewall[-lite] show zones</quote> and look
at the printed zone definitions) or the chain is FORWARD and the
destination IP isn't in any of your defined zones. If the chain is
FORWARD and the IN and OUT interfaces are the same, then you
probably need the <emphasis role="bold">routeback</emphasis>
@ -1083,8 +1084,8 @@ LOGBURST=""</programlisting>
<listitem>
<para>The packet has a destination IP address that isn't in any of
your defined zones("shorewall check" and look at the printed zone
definitions).</para>
your defined zones("shorewall show zones" and look at the printed
zone definitions).</para>
</listitem>
</varlistentry>
@ -1247,9 +1248,9 @@ LOGBURST=""</programlisting>
</section>
<section id="faq52">
<title>(FAQ 52) When I blacklist an IP address with "shorewall drop
www.xxx.yyy.zzz", why does my log still show REDIRECT and DNAT entries
from that address?</title>
<title>(FAQ 52) When I blacklist an IP address with "shorewall[-lite]
drop www.xxx.yyy.zzz", why does my log still show REDIRECT and DNAT
entries from that address?</title>
<para>I blacklisted the address 130.252.100.59 using <command>shorewall
drop 130.252.100.59</command> but I am still seeing these log
@ -1312,7 +1313,7 @@ LOGBURST=""</programlisting>
<title>Starting and Stopping</title>
<section id="faq7">
<title>(FAQ 7) When I stop Shorewall using <quote>shorewall
<title>(FAQ 7) When I stop Shorewall using <quote>shorewall[-lite]
stop</quote>, I can't connect to anything. Why doesn't that command
work?</title>
@ -1320,7 +1321,7 @@ LOGBURST=""</programlisting>
to place your firewall into a safe state whereby only those hosts listed
in <filename>/etc/shorewall/routestopped</filename>' are activated. If
you want to totally open up your firewall, you must use the <quote>
<command>shorewall clear</command> </quote> command.</para>
<command>shorewall[-lite] clear</command> </quote> command.</para>
</section>
<section id="faq8">
@ -1512,8 +1513,8 @@ Creating input Chains...
</section>
<section id="faq45">
<title>(FAQ 45) Why does "shorewall start fail" when trying to set up
SNAT/Masquerading?</title>
<title>(FAQ 45) Why does "shorewall[-lite] start" fail when trying to
set up SNAT/Masquerading?</title>
<para><command>shorewall start</command> produces the following
output:</para>
@ -1595,12 +1596,12 @@ iptables: Invalid argument
</section>
<section id="faq25">
<title>(FAQ 25) How to I tell which version of Shorewall I am
running?</title>
<title>(FAQ 25) How to I tell which version of Shorewall or Shorewall
Lite I am running?</title>
<para>At the shell prompt, type:</para>
<programlisting><command>/sbin/shorewall version</command> </programlisting>
<programlisting><command>/sbin/shorewall[-lite] version</command> </programlisting>
</section>
<section id="faq31">
@ -1988,7 +1989,7 @@ REJECT fw net:216.239.39.99 all</programlisting>Given that
support?</title>
<para><emphasis role="bold">Answer</emphasis>: Use the
<command>shorewall show capabilities</command> command at a root
<command>shorewall[-lite] show capabilities</command> command at a root
prompt.</para>
<programlisting>gateway:~# shorewall show capabilities

4
docs/Install.xml
View File

@ -15,12 +15,12 @@
</author>
</authorgroup>
<pubdate>2005-11-23</pubdate>
<pubdate>2006-06-12</pubdate>
<copyright>
<year>2001-</year>
<year>2005</year>
<year>2006</year>
<holder>Thomas M. Eastep</holder>
</copyright>

8
docs/blacklisting_support.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2006-03-23</pubdate>
<pubdate>2006-06-12</pubdate>
<copyright>
<year>2002-2006</year>
@ -157,7 +157,7 @@ ipset -B Blacklist 206.124.146.177 -b SMTP</programlisting>
<title>Dynamic Blacklisting</title>
<para>Dynamic blacklisting doesn't use any configuration parameters but is
rather controlled using /sbin/shorewall commands:</para>
rather controlled using /sbin/shorewall[-lite] commands:</para>
<itemizedlist>
<listitem>
@ -219,7 +219,7 @@ ipset -B Blacklist 206.124.146.177 -b SMTP</programlisting>
<example>
<title>Ignore packets from a pair of systems</title>
<programlisting> <command>shorewall drop 192.0.2.124 192.0.2.125</command></programlisting>
<programlisting> <command>shorewall[-lite] drop 192.0.2.124 192.0.2.125</command></programlisting>
<para>Drops packets from hosts 192.0.2.124 and 192.0.2.125</para>
</example>
@ -227,7 +227,7 @@ ipset -B Blacklist 206.124.146.177 -b SMTP</programlisting>
<example>
<title>Re-enable packets from a system</title>
<programlisting> <command>shorewall allow 192.0.2.125</command></programlisting>
<programlisting> <command>shorewall[-lite] allow 192.0.2.125</command></programlisting>
<para>Re-enables traffic from 192.0.2.125.</para>
</example>

136
docs/starting_and_stopping_shorewall.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2006-06-04</pubdate>
<pubdate>2006-06-12</pubdate>
<copyright>
<year>2004</year>
@ -589,6 +589,13 @@
respectively. The default level of verbosity is determined by the
setting of the VERBOSITY option in
<filename>/etc/shorewall/shorewall.conf</filename>.</para>
<para>For Shorewall Lite, the general command form is:</para>
<para><command>shorewall-lite [ &lt;options&gt; ] &lt;command&gt; [
&lt;command options&gt; ] [ &lt;argument&gt; ... ]</command></para>
<para>where the options are the same as with Shorewall.</para>
</blockquote>
<para>Following in alphabetical order are the supported commands. Except
@ -773,7 +780,8 @@
<term>drop</term>
<listitem>
<para><command>shorewall drop &lt;address&gt; ...</command></para>
<para><command>shorewall[-lite] drop &lt;address&gt;
...</command></para>
<para>Causes packets from the specified
&lt;<emphasis>address</emphasis>&gt; to be ignored</para>
@ -784,7 +792,7 @@
<term>dump</term>
<listitem>
<para><command>shorewall [ -x ] dump</command></para>
<para><command>shorewall[-lite] [ -x ] dump</command></para>
<para>Produce a verbose report about the firewall.</para>
@ -797,7 +805,7 @@
<term>forget</term>
<listitem>
<para><command>shorewall forget [ &lt;filename&gt;
<para><command>shorewall[-lite] forget [ &lt;filename&gt;
]</command></para>
<para>Deletes<filename>
@ -813,8 +821,8 @@
<term>help</term>
<listitem>
<para><command>shorewall help [&lt;command&gt; | host | address
]</command></para>
<para><command>shorewall[-lite] help [&lt;command&gt; | host |
address ]</command></para>
<para>Display helpful information about the shorewall
commands.</para>
@ -825,7 +833,7 @@
<term>hits</term>
<listitem>
<para><command>hits</command></para>
<para><command>shorewall[-lite] hits</command></para>
<para>Produces several reports about the Shorewall packet log
messages in the current log file specified by the LOGFILE option in
@ -838,8 +846,8 @@
<term>ipcalc</term>
<listitem>
<para><command>shorewall ipcalc { &lt;address&gt; &lt;mask&gt; |
&lt;address&gt;/&lt;vlsm&gt; }</command></para>
<para><command>shorewall[-lite] ipcalc { &lt;address&gt;
&lt;mask&gt; | &lt;address&gt;/&lt;vlsm&gt; }</command></para>
<para>Ipcalc displays the network address, broadcast address,
network in CIDR notation and netmask corresponding to the
@ -847,7 +855,8 @@
<para>Example:</para>
<para><command>ipcalc 192.168.1.0/24</command></para>
<para><command>shorewall[-lite] ipcalc
192.168.1.0/24</command></para>
</listitem>
</varlistentry>
@ -855,7 +864,7 @@
<term>iprange</term>
<listitem>
<para><command>shorewall iprange
<para><command>shorewall[-lite] iprange
&lt;address1&gt;-&lt;address2&gt;</command></para>
<para>Iprange decomposes the specified range of IP addresses into
@ -867,7 +876,7 @@
<term>logdrop</term>
<listitem>
<para><command>shorewall logdrop &lt;address&gt;
<para><command>shorewall[-lite] logdrop &lt;address&gt;
...</command></para>
<para>Causes packets from the specified
@ -879,7 +888,7 @@
<term>logwatch</term>
<listitem>
<para><command>shorewall logwatch [ -m ] [&lt;refresh
<para><command>shorewall[-lite] logwatch [ -m ] [&lt;refresh
interval&gt;]</command></para>
<para>Monitors the log file specified by theLOGFILE option in <ulink
@ -897,7 +906,7 @@
<term>logreject</term>
<listitem>
<para><command>shorewall logreject &lt;address&gt;
<para><command>shorewall[-lite] logreject &lt;address&gt;
...</command></para>
<para>Causes packets from the specified
@ -926,7 +935,8 @@
<term>reject</term>
<listitem>
<para><command>shorewall reject &lt;address&gt; ...</command></para>
<para><command>shorewall[-lite] reject &lt;address&gt;
...</command></para>
<para>Causes packets from the specified
&lt;<emphasis>address</emphasis>&gt;s to be rejected</para>
@ -937,7 +947,7 @@
<term>reset</term>
<listitem>
<para><command>shorewall reset</command></para>
<para><command>shorewall[-lite] reset</command></para>
<para>All the packet and byte counters in the firewall are
reset.</para>
@ -948,7 +958,7 @@
<term>restart</term>
<listitem>
<para><command>shorewall [ -q ] restart
<para><command>shorewall[-lite] [ -q ] restart
&lt;configuration-directory&gt;</command></para>
<para>Restart is similar to <command>shorewall stop</command>
@ -962,7 +972,7 @@
<term>restore</term>
<listitem>
<para><command>shorewall [ -q ] restore [ &lt;filename&gt;
<para><command>shorewall[-lite] [ -q ] restore [ &lt;filename&gt;
]</command></para>
<para>Restore Shorewall to a state saved using the
@ -1016,15 +1026,16 @@
<term>save</term>
<listitem>
<para><command>shorewall save [ &lt;filename&gt; ]</command></para>
<para><command>shorewall[-lite] save [ &lt;filename&gt;
]</command></para>
<para>The dynamic data is stored in /var/lib/shorewall/save. The
state of the firewall is stored in
<filename>/var/lib/shorewall/&lt;filename&gt;</filename> for use by
the <command>shorewall restore</command> and <command>shorewall -f
start</command> commands. If &lt;<emphasis>filename</emphasis>&gt;
is not given then the state is saved in the file specified by the
RESTOREFILE option in <ulink
the <command>shorewall[-lite] restore</command> and
<command>shorewall[-lite] -f start</command> commands. If
&lt;<emphasis>filename</emphasis>&gt; is not given then the state is
saved in the file specified by the RESTOREFILE option in <ulink
url="Documentation.htm#Conf">/etc/shorewall/shorewall.conf</ulink>.</para>
</listitem>
</varlistentry>
@ -1033,40 +1044,52 @@
<term>show</term>
<listitem>
<para><command>shorewall [ -x ] show [ &lt;chain&gt; [ &lt;chain&gt;
...] |classifiers|connections|log|nat|tc|tos]</command></para>
<para><command>shorewall [ -x ] show actions (Not supported by
Shorewall Lite)</command> — produces a list of actions available on
the system.</para>
<para><command>shorewall [ -x ] show &lt;chain&gt; [ &lt;chain&gt;
... ] </command> - produce a verbose report about the Netfilter
chain(s). (<command>iptables -L chain -n -v</command>)</para>
<para><command>shorewall[-lite] [ -x ] show [ &lt;chain&gt; [
&lt;chain&gt; ...]
|classifiers|connections|log|nat|tc|tos]</command></para>
<para><command>shorewall [ -x ] show mangle</command> - produce a
verbose report about the mangle table. (<command>iptables -t mangle
-L -n -v</command>)</para>
<para><command>shorewall [ -x ] show nat</command> - produce a
verbose report about the nat table. (<command>iptables -t nat -L -n
<para><command>shorewall[-lite] [ -x ] show &lt;chain&gt; [
&lt;chain&gt; ... ] </command> - produce a verbose report about the
Netfilter chain(s). (<command>iptables -L chain -n
-v</command>)</para>
<para><command>shorewall show [- m ] log</command> - display the
last 20 packet log entries. The '-m' option is available in
<para><command>shorewall[-lite] [ -x ] show mangle</command> -
produce a verbose report about the mangle table. (<command>iptables
-t mangle -L -n -v</command>)</para>
<para><command>shorewall[-lite] [ -x ] show nat</command> - produce
a verbose report about the nat table. (<command>iptables -t nat -L
-n -v</command>)</para>
<para><command>shorewall[-lite] show [- m ] log</command> - display
the last 20 packet log entries. The '-m' option is available in
Shorewall version 3.2.0 Beta5 and later and causes the MAC address
of each packet source to be displayed if that information is
available.</para>
<para><command>shorewall show capabilities</command> - Displays your
kernel/iptables capabilities</para>
<para><command>shorewall[-lite] show capabilities</command> -
Displays your kernel/iptables capabilities</para>
<para><command>shorewall show connections</command> - displays the
IP connections currently being tracked by the firewall.</para>
<para><command>shorewall[-lite] show connections</command> -
displays the IP connections currently being tracked by the
firewall.</para>
<para><command>shorewall show classifiers</command> - displays
information about the traffic control/shaping classifiers.</para>
<para><command>shorewall[-lite] show classifiers</command> -
displays information about the traffic control/shaping
classifiers.</para>
<para><command>shorewall show tc</command> - displays information
about the traffic control/shaping configuration.</para>
<para><command>shorewall [ -x ] show macros (Not supported by
Shorewall Lite)</command> — produces a list of macros available on
the system.</para>
<para><command>shorewall show zones</command> — Displays the
<para><command>shorewall[-lite] show tc</command> - displays
information about the traffic control/shaping configuration.</para>
<para><command>shorewall[-lite] show zones</command> — Displays the
composition of each zone.</para>
<para>When -x is given, that option is also passed to iptables to
@ -1078,7 +1101,7 @@
<term>start</term>
<listitem>
<para><command>shorewall [ -q ] [ -f ] start [
<para><command>shorewall[-lite] [ -q ] [ -f ] start [
&lt;configuration-directory&gt; ]</command></para>
<para>Start shorewall. Existing connections through shorewall
@ -1096,7 +1119,7 @@
<term>stop</term>
<listitem>
<para><command>shorewall stop</command></para>
<para><command>shorewall[-lite] stop</command></para>
<para>Stops the firewall. All existing connections, except those
listed in <filename><ulink
@ -1114,7 +1137,7 @@
<term>status</term>
<listitem>
<para><command>shorewall status</command></para>
<para><command>shorewall[-lite] status</command></para>
<para>Produce a short report about the firewall's status and state
relative to <link linkend="State">the diagram below</link>.</para>
@ -1146,7 +1169,7 @@
<term>version</term>
<listitem>
<para><command>shorewall version</command></para>
<para><command>shorewall[-lite] version</command></para>
<para>Show the current shorewall version</para>
</listitem>
@ -1161,13 +1184,6 @@
<para><graphic align="center" fileref="images/State_Diagram.png" /></para>
<para>You will note that mose of the commands that result in state
transitions use the word <quote>firewall</quote> rather than
<quote>shorewall</quote>. That is because the actual transitions are done
by <command>/usr/share/shorewall/firewall</command>;
<command>/sbin/shorewall</command> runs <quote>firewall</quote> according
to the following table:</para>
<informaltable>
<tgroup cols="3">
<thead>
@ -1268,11 +1284,11 @@
</informaltable>
<para>The only time that a program other than
<command>/usr/share/shorewall/firewall</command> performs a state
transition itself is when it executes the <command>shorewall
<command>/usr/share/shorewall[-lite[/firewall</command> performs a state
transition itself is when it executes the <command>shorewall[-lite]
restore</command> command is executed. In that case, the
<command>/var/lib/shorewall/restore</command> program sets the state to
"Started".</para>
<command>/var/lib/shorewall[-lite]/restore</command> program sets the
state to "Started".</para>
<section>
<title>Notes for Shorewall 3.2.0 and Later</title>

46
docs/upgrade_issues.xml
View File

@ -191,6 +191,52 @@
</listitem>
</orderedlist>
</listitem>
<listitem>
<para> Beginning with this release, the way in which packet marking in
the PREROUTING chain interracts with the 'track' option in
/etc/shorewall/providers has changed in two ways:</para>
<orderedlist numeration="loweralpha">
<listitem>
<para>Packets arriving on a tracked interface are now passed to
the PREROUTING marking chain so that they may be marked with a
mark other than the 'track' mark (the connection still retains the
'track' mark).</para>
</listitem>
<listitem>
<para>When HIGH_ROUTE_MARKS=Yes, you can still clear the mark on
packets in the PREROUTING chain (i.e., you can specify a mark
value of zero).</para>
</listitem>
</orderedlist>
</listitem>
<listitem>
<para> Kernel version 2.6.16 introduces 'xtables', a new common packet
filtering and connection tracking facility that supports both IPv4 and
IPv6. Because a different set of kernel modules must be loaded for
xtables, Shorewall now includes two 'modules' files:</para>
<orderedlist numeration="loweralpha">
<listitem>
<para><filename>/usr/share/shorewall/modules</filename> -- the
former <filename>/etc/shorewall/modules</filename></para>
</listitem>
<listitem>
<para>/usr/share/shorewall/xmodules -- a new file that support
xtables.</para>
</listitem>
</orderedlist>
<para>If you wish to use the new file, then simply execute this
command:</para>
<para><command>cp -f /usr/share/shorewall/xmodules
/etc/shorewall/modules</command></para>
</listitem>
</orderedlist>
</section>

2
tools/build/makeshorewall
View File

@ -59,7 +59,7 @@ DIR=$PWD
#
# location and options for GnuPG
#
GPG="/usr/bin/gpg -ab --batch --comment 'To verify this, you can download our public key at https://lists.shorewall.net/shorewall.gpg.key'"
GPG="/usr/bin/gpg -ab --no-use-agent --comment 'To verify this, you can download our public key at https://lists.shorewall.net/shorewall.gpg.key'"
################################################################################
# V A R I A B L E S
################################################################################