From 6196532a29f8bf20a82afcad9ddfebd47a913617 Mon Sep 17 00:00:00 2001 From: teastep Date: Fri, 19 Dec 2008 16:20:24 +0000 Subject: [PATCH] More documentation git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9132 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/IPv6Support.xml | 76 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 70 insertions(+), 6 deletions(-) diff --git a/docs/IPv6Support.xml b/docs/IPv6Support.xml index 9a479ad87..7a635171d 100644 --- a/docs/IPv6Support.xml +++ b/docs/IPv6Support.xml @@ -38,7 +38,7 @@ Overview Beginning with Shorewall 4.2.4, support for firewalling IPv6 is - included. + included as part of Shorewall.
Prerequisites @@ -73,9 +73,10 @@ Shorewall6. This package provides /sbin/shorewall6 which is the IPv6 equivalent - of /sbin/shorewall which only handles IPv4. - Shorewall6 depends on both Shorewall-common and on Shorewall-perl. - The Shorewall6 configuration is stored in /sbin/shorewall. + /sbin/shorewall6 only handles IPv4. Shorewall6 + depends on both Shorewall-common and on Shorewall-perl. The + Shorewall6 configuration is stored in /etc/shorewall6. @@ -174,8 +175,8 @@
Shorewall6 Differences from Shorewall - Configuring Shorewall6 is very similar to configuring Shorewall with - some notable exceptions: + Configuring and operating Shorewall6 is very similar to configuring + Shorewall with some notable exceptions: @@ -398,6 +399,31 @@ ACCEPT net:wlan0:<2002:ce7c:92b4::3> tcp + + Stopped State + + + When Shorewall6 or Shorewall6 Lite is in the stopped state, + the following traffic is still allowed. + + + + Traffic with a multicast destination IP address + (ff00::/8). + + + + Traffic with a link local source address + (ff800::/8) + + + + Traffic with a link local destination address. + + + + + Multi-ISP @@ -410,6 +436,44 @@ ACCEPT net:wlan0:<2002:ce7c:92b4::3> tcp supported. + + + /sbin/shorewall6 and /sbin/shorewall6-lite Commands + + + Several commands supported by + /sbin/shorewall and + /sbin/shorewall-lite are not supported by + /sbin/shorewall6 and + /sbin/shorewall6-lite: + + + + hits + + + + ipcalc + + + + iprange + + + + + + + Macros + + + The Shorewall6 package depends on Shorewall-common for + application macros. Only certain address-family specific macros such + as macro.AllowICMPs are included in Shorewall6. As a consequence, + /usr/share/shorewall/ is included in the default Shorewall6 + CONFIG_PATH. + +