Add some expectation-setting warnings to two of the documents

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3831 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-05-02 01:09:57 +00:00
parent 44a738842a
commit 49c0bdb2dc
2 changed files with 50 additions and 9 deletions

View File

@ -46,6 +46,25 @@
you</emphasis>.</para>
</warning>
<warning>
<para>Reading just Shorewall documentation is probably not going to give
you enough background to use this material. Shorewall may make iptables
easy but the Shorewall team simply can't be expected to spoon-feed Linux
policy routing to you (please remember that the user's manual for a
tractor doesn't teach you to grow corn). You will need to refer to at
least the following additional information: </para>
<simplelist>
<member>The LARTC HOWTO: <ulink
url="http://www.lartc.org">http://www.lartc.org</ulink></member>
<member>Output of <command>man ip</command></member>
<member>Output of <command>ip route help</command> and <command>ip rule
help</command></member>
</simplelist>
</warning>
<section>
<title>Multiple Internet Connection Support</title>
@ -565,13 +584,13 @@ eth1 eth2 130.252.99.27</programlisting>
successfully routed.</para>
<programlisting>gateway:~ # <command>ip rule ls</command>
0: from all lookup local
10001: from all fwmark 0x1 lookup Blarg
10002: from all fwmark 0x2 lookup Comcast
20000: from 206.124.146.176 lookup Blarg
20256: from 24.12.22.33 lookup Comcast
32766: from all lookup main
32767: from all lookup default
0: from all lookup local &lt;=== Local (to the firewall) IP addresses
10001: from all fwmark 0x1 lookup Blarg &lt;=== This and the next rule are generated by the
10002: from all fwmark 0x2 lookup Comcast 'MARK' values in /etc/shorewall/providers.
20000: from 206.124.146.176 lookup Blarg &lt;=== This and the next rule are generated unless
20256: from 24.12.22.33 lookup Comcast 'loose' is specified; based in the output of 'ip addr ls'
32766: from all lookup main &lt;=== This is the routing table shown by 'iproute -n'
32767: from all lookup default &lt;=== This table is empty
gateway:~ #</programlisting>
<para>In the above example, there are two providers: Blarg and Comcast
@ -597,7 +616,7 @@ gateway:~ #</programlisting>
</varlistentry>
<varlistentry>
<term>DEST(optional)</term>
<term>DEST (Optional)</term>
<listitem>
<para>An ip address (network or host) that matches the

View File

@ -55,6 +55,28 @@
you.</para>
</important>
<warning>
<para>Said another way, reading just Shorewall documentation is probably
not going to give you enough background to use this material. Shorewall
may make iptables easy but the Shorewall team simply can't be expected to
spoon-feed Linux traffic control to you (please remember that the user's
manual for a tractor doesn't teach you to grow corn).</para>
<para>You will need to refer to at least the following additional
information:</para>
<simplelist>
<member>The LARTC HOWTO: <ulink
url="http://www.lartc.org">http://www.lartc.org</ulink></member>
<member>The documents listed at <ulink
url="http://www.netfilter.org/documentation/index.html#documentation-howto">http://www.netfilter.org/documentation/index.html#documentation-howto</ulink>.
The tutorial by Oskar Andreasson is particularly good.</member>
<member>The output of <command>man iptables</command></member>
</simplelist>
</warning>
<section>
<title>Introduction</title>