extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-08 00:34:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Replace command reference with manpages

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6664 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-06-23 23:33:17 +00:00
parent 04b07b605a
commit 526f2e08ac
7 changed files with 199 additions and 1197 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
docs/Documentation_Index.xml
View File

@ -55,9 +55,9 @@
<tgroup align="left" cols="3">
<tbody>
<row>
<entry><ulink url="Kernel2.6.html">2.6 Kernel</ulink></entry>
<entry></entry>
<entry><ulink url="IPSEC.htm">IPSEC</ulink></entry>
<entry></entry>
<entry><ulink
url="shorewall_prerequisites.htm">Requirements</ulink></entry>
@ -201,8 +201,8 @@
</row>
<row>
<entry><ulink url="ErrorMessages.html">Error
Messages</ulink></entry>
<entry><ulink url="shorewall_extension_scripts.htm">Extension
Scripts</ulink> (User Exits)</entry>
<entry><ulink url="netmap.html">Network Mapping</ulink></entry>
@ -211,8 +211,8 @@
</row>
<row>
<entry><ulink url="shorewall_extension_scripts.htm">Extension
Scripts</ulink> (User Exits)</entry>
<entry><ulink
url="fallback.htm">Fallback/Uninstall</ulink></entry>
<entry><ulink url="NAT.htm">One-to-one NAT</ulink> (Static
NAT)</entry>
@ -223,8 +223,7 @@
</row>
<row>
<entry><ulink
url="fallback.htm">Fallback/Uninstall</ulink></entry>
<entry><ulink url="FAQ.htm">FAQs</ulink></entry>
<entry><ulink url="OPENVPN.html">OpenVPN</ulink></entry>
@ -233,7 +232,8 @@
</row>
<row>
<entry><ulink url="FAQ.htm">FAQs</ulink></entry>
<entry><ulink
url="shorewall_features.htm">Features</ulink></entry>
<entry><ulink url="starting_and_stopping_shorewall.htm">Operating
Shorewall</ulink></entry>
@ -242,8 +242,8 @@
</row>
<row>
<entry> <ulink
url="shorewall_features.htm">Features</ulink></entry>
<entry><ulink url="Multiple_Zones.html">Forwarding Traffic on the
Same Interface</ulink></entry>
<entry><ulink url="PacketMarking.html">Packet
Marking</ulink></entry>
@ -253,8 +253,7 @@
</row>
<row>
<entry><ulink url="Multiple_Zones.html">Forwarding Traffic on the
Same Interface</ulink></entry>
<entry><ulink url="FTP.html">FTP and Shorewall</ulink></entry>
<entry><ulink url="PacketHandling.html">Packet Processing in a
Shorewall-based Firewall</ulink></entry>
@ -263,7 +262,8 @@
</row>
<row>
<entry><ulink url="FTP.html">FTP and Shorewall</ulink></entry>
<entry><ulink url="support.htm">Getting help or answers to
questions</ulink></entry>
<entry><ulink url="ping.html">'Ping' Management</ulink></entry>
@ -272,8 +272,8 @@
</row>
<row>
<entry><ulink url="support.htm">Getting help or answers to
questions</ulink></entry>
<entry><ulink url="Install.htm">Installation/Upgrade</ulink>
(<ulink url="Install_fr.html">Français</ulink>)</entry>
<entry><ulink url="ports.htm">Port Information</ulink></entry>
@ -282,8 +282,7 @@
</row>
<row>
<entry><ulink url="Install.htm">Installation/Upgrade</ulink>
(<ulink url="Install_fr.html">Français</ulink>)</entry>
<entry><ulink url="IPP2P.html">IPP2P</ulink></entry>
<entry><ulink url="PortKnocking.html">Port Knocking and Other Uses
of the 'Recent Match'</ulink></entry>
@ -293,7 +292,7 @@
</row>
<row>
<entry><ulink url="IPP2P.html">IPP2P</ulink></entry>
<entry></entry>
<entry><ulink url="PPTP.htm">PPTP</ulink></entry>

164
docs/FAQ.xml
View File

@ -78,24 +78,14 @@
Simply copy the files you need from that directory to <filename
class="directory">/etc/shorewall</filename> and modify the
copies.</para>
</section>
<section id="faq44">
<title>(FAQ 44) I can't install/upgrade the RPM — I keep getting the
message "error: failed dependencies:iproute is needed..."</title>
<section id="faq37a">
<title>(FAQ 37a) I just installed Shorewall on Debian and I can't find
the sample configurations.</title>
<para><emphasis role="bold">Answer</emphasis>: Read the <ulink
url="Install.htm">Installation Instructions</ulink>!</para>
</section>
<section id="faq50">
<title>(FAQ 50) When I install/upgrade I get multiple instance of the
message "warning: user teastep does not exist - using root"</title>
<para><emphasis role="bold">Answer:</emphasis> You may safely ignore
this warning message. It was caused by a minor packaging error that has
since been corrected. It makes no difference to Shorewall's
operation.</para>
<para><emphasis role="bold">Answer</emphasis>: The samples are
included in the shorewall-doc package.</para>
</section>
</section>
</section>
@ -107,9 +97,7 @@
address 192.168.1.5. I've looked everywhere and can't find how to do
it.</title>
<para><emphasis role="bold">Answer:</emphasis> The first example in the
<ulink url="Documentation.htm#Rules">rules file documentation</ulink>
shows how to do port forwarding under Shorewall. The format of a
<para><emphasis role="bold">Answer:</emphasis> The format of a
port-forwarding rule to a local system is as follows:</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT
@ -861,9 +849,9 @@ to debug/develop the newnat interface.</programlisting></para>
<para>This kernel change, while necessary, means that Shorewall zones
may no longer be defined in terms of bridge ports. See <ulink
url="NewBridge.html">the new bridging documentation</ulink> for
information about configuring a bridge/firewall under kernel 2.6.20 and
later.</para>
url="bridge-Shorewall-perl.html">the new bridging documentation</ulink>
for information about configuring a bridge/firewall under kernel 2.6.20
and later.</para>
</section>
</section>
@ -1618,98 +1606,8 @@ Creating input Chains...
<section id="faq34">
<title>(FAQ 34) How can I speed up Shorewall start (restart)?</title>
<para><emphasis role="bold">Answer</emphasis>:Using a light-weight shell
such as <command>ash</command> or <command>dash</command> can
dramatically decrease the time required to <emphasis
role="bold">start</emphasis> or <emphasis role="bold">restart</emphasis>
Shorewall. See the SHOREWALL_SHELL variable in <filename> <ulink
url="Documentation.htm#Conf">shorewall.conf</ulink> </filename>.</para>
<para>Use a fast terminal emulator -- in particular the KDE konsole
scrolls much faster than the Gnome terminal. Also use the '-q' option if
you are restarting remotely or from a slow terminal (or redirect the
output to a file as in <command>shorewall restart &gt;
/dev/null</command>).</para>
<para>Upgrade your hardware. Many people find that even a modest
increase in CPU and memory speed (e.g. from P3 with SDRAM to P4 with
DDR) helps dramatically. EM64T-capable CPUs (from either AMD or Intel)
exhibit quite acceptable restart speeds, even with a fairly complex
ruleset.</para>
<para>Shorewall also supports a fast start capability. To use this
capability:</para>
<orderedlist>
<listitem>
<para>With Shorewall in the <ulink
url="starting_and_stopping_shorewall.htm">started state</ulink>, run
<command>shorewall save</command>. This creates the script
<filename>/var/lib/shorewall/restore</filename>.</para>
</listitem>
<listitem>
<para>Use the <emphasis role="bold">-f </emphasis>option to the
start command (e.g., <command>shorewall -f start</command>). This
causes Shorewall to look for the
<filename>/var/lib/shorewall/restore</filename> script and if that
script exists, it is run. Running
<filename>/var/lib/shorewall/restore</filename> takes much less time
than a full <command>shorewall start</command>.</para>
</listitem>
<listitem>
<para>The <filename>/etc/init.d/shorewall</filename> script that is
run at boot time uses the <emphasis role="bold">-f</emphasis>
option.</para>
</listitem>
<listitem>
<para>The <filename>/var/lib/shorewall/restore</filename> script can
be run any time to restore the firewall. The script may be run
directly or it may be run indirectly using the <command>shorewall
restore</command> command.</para>
</listitem>
</orderedlist>
<para>If you change your Shorewall configuration, you must execute a
<emphasis role="bold">shorewall start</emphasis> (without <emphasis
role="bold">-f</emphasis>) or <command>shorewall restart</command> prior
to doing another <command>shorewall save</command>. The
<command>shorewall save</command> command saves the currently running
configuration and not the one reflected in your updated configuration
files.</para>
<para>Likewise, if you change your Shorewall configuration then once you
are satisfied that it is working properly, you must do another
<command>shorewall save</command>. Otherwise at the next reboot, you
will revert to the old configuration stored in
<filename>/var/lib/shorewall/restore</filename>.</para>
<para>The time that new connections are blocked during shorewall restart
can be dramatically reduced by upgrading to Shorewall 3.2 or later. In
3.2 and later releases, <command>shorewall [re]start</command> proceeds
in two phases:</para>
<orderedlist>
<listitem>
<para>The current configuration is compiled to produce a shell
program tailored for your configuration.</para>
</listitem>
<listitem>
<para>If compilation is error-free, the compiled program is run to
[re]start your firewall.</para>
</listitem>
</orderedlist>
<para>Finally, if you are adventuresome, you can try <ulink
url="Shorewall-perl.html">Shorewall-perl</ulink>, the new Shorewall
compiler currently under development. It is very fast.</para>
<para>For additional information about Shorewall Scalability and
Performance, see <ulink url="ScalabilityAndPerformance.html">this
article</ulink>.</para>
<para><emphasis role="bold">Answer</emphasis>: Switch to using <ulink
url="Shorewall-perl.html">Shorewall-perl</ulink>.</para>
</section>
<section id="faq43">
@ -1905,6 +1803,16 @@ iptables: Invalid argument
type:</para>
<programlisting><command>/sbin/shorewall[-lite] version</command> </programlisting>
<section>
<title>(FAQ 25a) How do I tell whoch version of Shorewall-perl and
Shorewall-shell that I have intalled?</title>
<para><emphasis role="bold">Answer</emphasis>: At the shell prompt,
type:</para>
<programlisting><command>/sbin/shorewall version -a</command> </programlisting>
</section>
</section>
<section id="faq31">
@ -1971,30 +1879,6 @@ iptables: Invalid argument
</variablelist>
</section>
<section id="faq36">
<title>(FAQ 36) Does Shorewall Work with the 2.6 Linux Kernel?</title>
<para><emphasis role="bold">Answer</emphasis>: Shorewall works with the
2.6 Kernels with a couple of caveats:</para>
<itemizedlist>
<listitem>
<para>Netfilter/iptables doesn't fully support IPSEC in the 2.6
Kernels prior to 2.6.16 -- kernel and iptables patches are available
and the details may be found at the <ulink
url="IPSEC-2.6.html">Shorewall IPSEC-2.6 page</ulink>.</para>
</listitem>
<listitem>
<para>The 2.6 Kernels do not provide support for the logunclean and
dropunclean options in
<filename>/etc/shorewall/interfaces</filename>. Note that support
for those options was also removed from Shorewall in version
2.0.0.</para>
</listitem>
</itemizedlist>
</section>
<section id="faq64">
<title>(FAQ 64) How do I accomplish failover with Shorewall?</title>
@ -2333,8 +2217,8 @@ iptables: Invalid argument
<title>(FAQ 28) How do I use Shorewall as a Bridging Firewall?</title>
<para><emphasis role="bold">Answer</emphasis>: Shorewall Bridging
Firewall support is available — <ulink url="bridge.html">check here for
details</ulink>.</para>
Firewall support is available — <ulink
url="bridge-Shorewall-perl.html">check here for details</ulink>.</para>
</section>
<section id="faq39">

1067
docs/starting_and_stopping_shorewall.xml
View File

File diff suppressed because it is too large Load Diff

12
docs/support.xml
View File

@ -127,9 +127,9 @@
following.</para>
<blockquote>
<para>If your VERBOSITY setting in shorewall.conf is less than 2,
then try running with a higher verbosity level by using the "-vv"
option:</para>
<para>If your VERBOSITY setting in shorewall.conf is less than 2 and
you are running the Shorewall-shell compiler, then try running with
a higher verbosity level by using the "-vv" option:</para>
<blockquote>
<programlisting><command>shorewall -vv [re]start</command></programlisting>
@ -143,7 +143,9 @@
<programlisting><command>/sbin/shorewall trace start 2&gt; /tmp/trace</command></programlisting>
<para>Forward the <filename>/tmp/trace</filename> file as an
attachment compressed with gzip or bzip2.</para>
attachment compressed with gzip or bzip2 (If you are running
Shorewall-perl, there is no need to compress the file — it will be
very short).</para>
<para>If you are running Shorewall version 3.2.0 or later and
compilation succeeds but the compiled program fails, then please
@ -425,4 +427,4 @@ State:Stopped (Thu Mar 30 14:08:11 PDT 2006)</programlisting>
url="http://sourceforge.net/mail/?group_id=22587">http://sourceforge.net/mail/?group_id=22587</ulink>
.</para>
</section>
</article>
</article>

34
tools/build/buildshorewall
View File

@ -606,6 +606,40 @@ if [ -n "${BUILDXML}${BUILDHTML}" ]; then
do_or_die xsltproc --output $f --stringparam html.stylesheet html.css --stringparam ulink.target _self $GENTOC -param toc.section.depth 3 $STYLESHEET $file
done
progress_message "Exporting $MANPAGETAG from SVN..."
do_or_die "svn export --non-interactive --force ${SVN}/$MANPAGETAG manpages >> $LOGFILE 2>&1"
cd manpages
for f in *.xml; do
if [ $f != shorewall-template.xml ]; then
progress_message "Generating HTML from $f..."
do_or_die xsltproc --output ${f%.xml}.html --stringparam html.stylesheet html.css --stringparam ulink.target _self -param toc.section.depth 3 $STYLESHEET $f
fi
done
rm *.xml
cd ..
do_or_die mv manpages manpages.save
progress_message "Exporting $LITEMANPAGETAG from SVN..."
do_or_die "svn export --non-interactive --force ${SVN}/$LITEMANPAGETAG manpages >> $LOGFILE 2>&1"
cd manpages
for f in *.xml; do
if [ $f != shorewall-template.xml ]; then
progress_message "Generating HTML from $f..."
do_or_die xsltproc --output ${f%.xml}.html --stringparam html.stylesheet html.css --stringparam ulink.target _self -param toc.section.depth 3 $STYLESHEET $f
fi
done
rm *.xml
cd ..
do_or_die mv manpages/*.html manpages.save
do_or_die rm -rf manpages
do_or_die mv manpages.save manpages
progress_message "Copying images to $DIR/$HTMLDIR/images ..."
do_or_die cp -a shorewall-docs-xml-$VERSION/images/*.png $HTMLDIR/images

0
tools/build/publish-4.0-manpage → tools/build/publish-manpage-4.0
View File

82
web/Documentation.html
View File

@ -1,64 +1,76 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="generator"
content="HTML Tidy for Linux (vers 1st April 2002), see www.w3.org">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Shorewall Documentation</title>
</head>
<body>
<h1 style="text-align: left;">Shorewall 3.x Documentation<br>
</h1>
<span style="font-weight: bold;">Tom Eastep<br>
<br>
</span>Copyright © 2005-2007 Thomas M. Eastep<br>
<p>Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation;
with no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled “<span
class="quote"><a href="GnuCopyright.htm" target="_self">GNU Free
Documentation License</a></span>”.<br>
<p>Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.2 or any
later version published by the Free Software Foundation; with no Invariant
Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the
license is included in the section entitled “<span class="quote"><a
href="GnuCopyright.htm" target="_self">GNU Free Documentation
License</a></span>”.<br>
</p>
<p>2007-03-06<br>
<p>2007-06-23<br>
</p>
<hr style="width: 100%; height: 2px;"> <br>
<hr style="width: 100%; height: 2px;">
<br>
<ul>
<li><a href="Documentation_Index.html">Alphabetical <span
style="font-weight: bold;">Index</span> of all
Articles</a> <a href="http://gomix.homelinux.net/gomix/shorewall/">(En
Español)</a> -- Over 70 articles with topics ranging from Accounting to
Xen<br>
style="font-weight: bold;">Index</span> of all Articles</a> <a
href="http://gomix.homelinux.net/gomix/shorewall/">(En Español)</a> --
Over 70 articles with topics ranging from Accounting to Xen<br>
</li>
<li><a href="FAQ.htm"><span style="font-weight: bold;">FAQ</span>s</a>
-- Answers to the most commonly asked questions.<br>
<li><a href="FAQ.htm"><span style="font-weight: bold;">FAQ</span>s</a> --
Answers to the most commonly asked questions.<br>
</li>
<li><a href="GettingStarted.html"><span style="font-weight: bold;"></span>Getting
Started</a> -- Introductory Articles and Beginner HOWTOs</li>
<li>PPPPPPPS ( or, Paul's Principles for Practical Provision of
Packet Processing with Shorewall ) <a
href="http://linuxman.wikispaces.com/PPPPPPS">http://linuxman.wikispaces.com/PPPPPPS</a>
-- Some very useful tips for dealing with Shorewall from Paul Gear<br>
<li><a href="GettingStarted.html"><span
style="font-weight: bold;"></span>Getting Started</a> -- Introductory
Articles and Beginner HOWTOs</li>
<li>PPPPPPPS ( or, Paul's Principles for Practical Provision of Packet
Processing with Shorewall ) <a
href="http://linuxman.wikispaces.com/PPPPPPS">http://linuxman.wikispaces.com/PPPPPPS</a>
-- Some very useful tips for dealing with Shorewall from Paul Gear<br>
</li>
<li><a href="manpages/Manpages.html">Shorewall 3.4 <span
style="font-weight: bold;">Manpages</span></a> -- Online version of
the manpages released with Shorewall 3.4.0 and later<br>
style="font-weight: bold;">Manpages</span></a> -- Online version of the
manpages released with Shorewall 3.4.0 and later<br>
</li>
<li><a href="shorewall_features.htm">Shorewall <span
style="font-weight: bold;">Features</span></a> -- What it can do<br>
style="font-weight: bold;">Features</span></a> -- What it can do<br>
</li>
<li><a href="Shorewall_Doesnt.html"><span style="font-weight: bold;">Limitations</span></a>
-- Some things that it cannot do<br>
<li><a href="Shorewall_Doesnt.html"><span
style="font-weight: bold;">Limitations</span></a> -- Some things that it
cannot do<br>
</li>
<li><a href="troubleshoot.htm"><span style="font-weight: bold;">Troubleshooting</span>
Guide</a> -- Look here when "it doesn't work"<br>
<li><a href="troubleshoot.htm"><span
style="font-weight: bold;">Troubleshooting</span> Guide</a> -- Look here
when "it doesn't work"<br>
</li>
<li><a href="upgrade_issues.htm"><span style="font-weight: bold;">Upgrade</span>&nbsp;Issues</a>
-- avoid problems when upgrading your Shorewall installation</li>
<li><a href="upgrade_issues.htm"><span
style="font-weight: bold;">Upgrade</span> Issues</a> -- avoid problems
when upgrading your Shorewall installation</li>
</ul>
<br>
<div style="margin-left: 40px;"><a href="2.0/">Shorewall 2.x
Documentation</a><br>
<div style="margin-left: 40px;">
<a href="2.0/">Shorewall 2.x Documentation</a>
<p><a href="4.0/index.html">Shorewall 4.0 Documentation</a> (under
construction)</p>
</div>
<br>
</body>