extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-05 13:08:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

minor updates for v3.0

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2659 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
judas_iscariote 2005-09-11 22:54:52 +00:00
parent c205e70b1f
commit 5f1af929b1
1 changed files with 20 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
Shorewall-docs2/troubleshoot.xml
View File

@ -13,7 +13,7 @@
<surname>Eastep</surname> <surname>Eastep</surname>
</author> </author>
<pubdate>2005-03-22</pubdate> <pubdate>2005-09-11</pubdate>
<copyright> <copyright>
<year>2001-2005</year> <year>2001-2005</year>
@ -42,7 +42,7 @@
<title>Check the FAQs.</title> <title>Check the FAQs.</title>
<para>Check the <ulink url="FAQ.htm">FAQs</ulink> for solutions to over <para>Check the <ulink url="FAQ.htm">FAQs</ulink> for solutions to over
30 common problems.</para> 50 common problems.</para>
</section> </section>
<section> <section>
@ -199,14 +199,14 @@ iptables: No chain/target/match by that name
<listitem> <listitem>
<para>Multiple interfaces connected to the same HUB or Switch. Given <para>Multiple interfaces connected to the same HUB or Switch. Given
the way that the Linux kernel respond to ARP <quote>who-has</quote> the way that the Linux kernel respond to ARP <quote>who-has</quote>
requests, this type of setup does NOT work the way that you expect it requests, this type of setup <emphasis role="bold">does NOT work the
to. If you are running Shorewall version 1.4.7 or later, you can test way that you expect it to</emphasis>. You can test using this kind of
using this kind of configuration if you specify the <emphasis configuration if you specify the <emphasis
role="bold">arp_filter</emphasis> option in <filename><ulink role="bold">arp_filter</emphasis> option in <filename><ulink
url="Documentation.htm#Interfaces">/etc/shorewall/interfaces</ulink></filename> url="Documentation.htm#Interfaces">/etc/shorewall/interfaces</ulink></filename>
for all interfaces connected to the common hub/switch. Using such a for all interfaces connected to the common hub/switch. <emphasis
setup with a production firewall is strongly recommended role="bold">Using such a setup with a production firewall is strongly
against.</para> recommended against</emphasis>.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</section> </section>
@ -326,7 +326,7 @@ ACCEPT dmz loc udp 53</programlisting>
<programlisting>#ACTION SOURCE DEST PROTO DEST <programlisting>#ACTION SOURCE DEST PROTO DEST
# PORT(S) # PORT(S)
AllowPing <emphasis>&lt;source zone&gt;</emphasis>&nbsp;&nbsp; <emphasis>&lt;destination zone&gt;</emphasis></programlisting> Ping/ACCEPT <emphasis>&lt;source zone&gt;</emphasis>&nbsp;&nbsp; <emphasis>&lt;destination zone&gt;</emphasis></programlisting>
<para>The ramifications of this can be subtle. For example, if you <para>The ramifications of this can be subtle. For example, if you
have the following in <filename><ulink have the following in <filename><ulink
@ -348,7 +348,7 @@ AllowPing <emphasis>&lt;source zone&gt;</emphasis>&nbsp;&nbsp; <emphasis>&lt;des
<programlisting>#ACTION SOURCE DEST PROTO DEST <programlisting>#ACTION SOURCE DEST PROTO DEST
# PORT(S) # PORT(S)
DropPing net all</programlisting> Ping/DROP net all</programlisting>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</section> </section>
@ -441,6 +441,16 @@ DropPing net all</programlisting>
<title>Revision History</title> <title>Revision History</title>
<para><revhistory> <para><revhistory>
<revision>
<revnumber>2.0</revnumber>
<date>2005-09-11</date>
<authorinitials>CR</authorinitials>
<revremark>Updated for Shorewall 3.0</revremark>
</revision>
<revision> <revision>
<revnumber>1.9</revnumber> <revnumber>1.9</revnumber>