Updates to docs

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1595 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-01-18 03:29:12 +01:00 · 2004-09-04 18:57:53 +00:00 · 2004-09-04 18:57:53 +00:00 · 676d0bebe8
commit 676d0bebe8
parent 346d125bb8
9 changed files with 994 additions and 5667 deletions
--- a/Shorewall-docs2/FAQ.xml
+++ b/Shorewall-docs2/FAQ.xml
@ -17,7 +17,7 @@
      </author>
    </authorgroup>
-    <pubdate>2004-08-19</pubdate>
+    <pubdate>2004-08-31</pubdate>
    <copyright>
      <year>2001-2004</year>
@ -98,7 +98,7 @@ DNAT       net      loc:192.168.1.5  udp      7777</programlisting>
 #                                                                            PORT    DEST.
 DNAT    net    loc:&lt;l<emphasis>ocal IP address</emphasis>&gt;[:&lt;<emphasis>local port</emphasis>&gt;]  &lt;<emphasis>protocol</emphasis>&gt;  &lt;<emphasis>port #</emphasis>&gt;   -       &lt;<emphasis>external IP</emphasis>&gt;</programlisting>
-      <para>Finally, if you need to forward a range of ports, in the PORT
+      <para>Finally, if you need to forward a range of ports, in the DEST PORT
      column specify the range as
      <emphasis>&lt;low-port&gt;:&lt;high-port&gt;</emphasis>.</para>
@ -212,8 +212,8 @@ DNAT    net    loc:&lt;l<emphasis>ocal IP address</emphasis>&gt;[:&lt;<emphasis>
        <para>In /<filename>etc/shorewall/rules</filename>:</para>
-        <programlisting>#ACTION    SOURCE   DEST              PROTO    DEST PORT
+        <programlisting>#ACTION    SOURCE   DEST                PROTO    DEST PORT
-DNAT       net      loc:192.168.3:22  tcp      1022</programlisting>
+DNAT       net      loc:192.168.1.3:22  tcp      1022</programlisting>
      </section>
    </section>
@ -317,11 +317,15 @@ DNAT       loc          loc:192.168.1.5    tcp      www         -         130.15
          <para>That rule only works of course if you have a static external
          IP address. If you have a dynamic IP address and are running
-          Shorewall 1.3.4 or later then include this in
+          Shorewall 1.3.4 through Shorewall 2.0.* then include this in
          <filename>/etc/shorewall/init</filename>:</para>
          <programlisting><command>ETH0_IP=`find_interface_address eth0`</command></programlisting>
          <para>For users of Shorewall 2.1.0 and later:</para>
          <programlisting><command>ETH0_IP=`find_first_interface_address eth0`</command></programlisting>
          <para>and make your DNAT rule:</para>
          <programlisting>#ACTION    SOURCE        DEST               PROTO    DEST PORT   SOURCE    ORIGINAL
@ -1816,6 +1820,17 @@ iptables: Invalid argument
    <title>Revision History</title>
    <para><revhistory>
        <revision>
          <revnumber>1.30</revnumber>
          <date>2004-08-26</date>
          <authorinitials>TE</authorinitials>
          <revremark>Update FAQ 2 with information about Shorewall
          2.1.</revremark>
        </revision>
        <revision>
          <revnumber>1.29</revnumber>
--- a/Shorewall-docs2/IPSEC-2.6.xml
+++ b/Shorewall-docs2/IPSEC-2.6.xml
@ -15,7 +15,7 @@
      </author>
    </authorgroup>
-    <pubdate>2004-08-21</pubdate>
+    <pubdate>2004-08-25</pubdate>
    <copyright>
      <year>2004</year>
@ -55,11 +55,19 @@
    <para>The 2.6 Linux Kernel introduces new facilities for defining
    encrypted communication between hosts in a network. The network
-    administrator defines a set of Security Policies which are stored in the
+    administrator defines a set of <firstterm>Security Policies</firstterm>
-    kernel as a Security Policy Database (SPD). Outgoing traffic is encrypted
+    which are stored in the kernel as a <firstterm>Security Policy
-    according to the contents of the SPD and incoming traffic is verified
+    Database</firstterm> (SPD). Security policies determine which traffic is
-    against the SPD to ensure that no unencrypted traffic is accepted in
+    subject to encryption. <firstterm>Security Associations</firstterm> are
-    violation of the administrator's policies.</para>
+    created between pairs of hosts in the network (one SA for traffic in each
    direction); these SAs define how traffic is to be encrypted. Outgoing
    traffic that is to be encrypted according to the contents of the SPD
    requires an appropriate SA to exist. SAs may be created manually using
    <command>setkey</command>(8) but most often, they are created by a
    cooperative process involving the ISAKMP protocol and daemons such
    as<command> racoon</command> or <command>isakmpd</command>. Incoming
    traffic is verified against the SPD to ensure that no unencrypted traffic
    is accepted in violation of the administrator's policies.</para>
    <para>There are three ways in which IPSEC traffic can interact with
    Shorewall policies and rules:</para>
@ -99,7 +107,8 @@
    class="devicefile">ipsecn</filename> device. The 2.6 kernel-based
    implementation does away with these pseudo-interfaces. Outgoing traffic
    that is going to be encrypted and incoming traffic that has been decrypted
-    must be matched against policies in the SPD.</para>
+    must be matched against policies in the SPD and/or the appropriate
    SA.</para>
    <para>Shorewall provides support for policy matching in two ways:</para>
@ -108,8 +117,8 @@
        <para>In <filename>/etc/shorewall/masq</filename>, traffic that will
        later be encrypted is exempted from MASQUERADE/SNAT using existing
        entries. If you want to MASQUERADE/SNAT outgoing traffic that will
-        later be encrypted, you must include an entry in the new IPSEC column
+        later be encrypted, you must include the appropriate indication in the
-        in that file.</para>
+        new IPSEC column in that file.</para>
      </listitem>
      <listitem>
--- a/Shorewall-docs2/Kernel2.6.xml
+++ b/Shorewall-docs2/Kernel2.6.xml
@ -15,11 +15,13 @@
      </author>
    </authorgroup>
-    <pubdate>2003-07-02</pubdate>
+    <pubdate>2003-08-25</pubdate>
    <copyright>
      <year>2003</year>
      <year>2004</year>
      <holder>Thomas M. Eastep</holder>
    </copyright>
@ -29,7 +31,8 @@
      1.2 or any later version published by the Free Software Foundation; with
      no Invariant Sections, with no Front-Cover, and with no Back-Cover
      Texts. A copy of the license is included in the section entitled
-      <quote><ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para>
+      <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
      License</ulink></quote>.</para>
    </legalnotice>
  </articleinfo>
@ -37,7 +40,8 @@
    <title>General</title>
    <para>Shorewall is compatible with the Linux 2.6 kernel series and
-    contains support for the following features that are added in that series:</para>
+    contains support for the following features that are added in that
    series:</para>
    <orderedlist>
      <listitem>
@ -59,5 +63,10 @@
    names. Netfilter/iptables support for this new implementation is
    incomplete and therefore Shorewall support is limited. See the <ulink
    url="IPSEC.htm">Shorewall IPSEC documentation</ulink>.</para>
    <para><emphasis role="bold">Update:</emphasis> The Shorewall 2.1 <ulink
    url="ReleaseModel.html">Development release</ulink> now contains support
    for IPSEC under the 2.6 Kernel. See the <ulink url="IPSEC-2.6.html">Kernel
    2.6 IPSEC documentation</ulink> for details.</para>
  </section>
 </article>
--- a/Shorewall-docs2/errata.xml
+++ b/Shorewall-docs2/errata.xml
@ -13,7 +13,7 @@
      </author>
    </authorgroup>
-    <pubdate>2004-07-30</pubdate>
+    <pubdate>2004-09-02</pubdate>
    <copyright>
      <year>2001-2004</year>
@ -27,7 +27,8 @@
      1.2 or any later version published by the Free Software Foundation; with
      no Invariant Sections, with no Front-Cover, and with no Back-Cover
      Texts. A copy of the license is included in the section entitled
-      <quote><ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para>
+      <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
      License</ulink></quote>.</para>
    </legalnotice>
  </articleinfo>
@ -55,9 +56,9 @@
      <listitem>
        <para><emphasis role="bold">DO NOT INSTALL CORRECTED COMPONENTS ON A
-        RELEASE EARLIER THAN THE ONE THAT THEY ARE LISTED UNDER BELOW.</emphasis>
+        RELEASE EARLIER THAN THE ONE THAT THEY ARE LISTED UNDER
-        For example, do NOT install the 2.0.2 firewall script if you are
+        BELOW.</emphasis> For example, do NOT install the 2.0.2 firewall
-        running 2.0.0-RC2</para>
+        script if you are running 2.0.0-RC2</para>
      </listitem>
    </itemizedlist>
  </caution>
@ -79,7 +80,8 @@
  <section>
    <title>Bogons File</title>
-    <para><ulink url="http://shorewall.net/pub/shorewall/errata/2.0.1/bogons">Here</ulink>
+    <para><ulink
    url="http://shorewall.net/pub/shorewall/errata/2.0.8/bogons">Here</ulink>
    is the most up to date version of the <ulink
    url="Documentation.htm#Bogons">bogons file</ulink>.</para>
  </section>
@ -87,13 +89,31 @@
  <section>
    <title>Problems in Version 2.0</title>
    <section>
      <title>Shorewall 2.0.3 through 2.0.8</title>
      <itemizedlist>
        <listitem>
          <para>An empty PROTO column in /etc/shorewall/tcrules produced
          iptables errors during <command>shorewall start</command>. A value
          of <command>all</command> in that column produced a similar
          error.</para>
        </listitem>
      </itemizedlist>
      <para>Corrected in <ulink
      url="http://shorewall.net/pub/shorewall/errata/2.0.8/firewall">this
      firewall script</ulink> which may be installed in
      /usr/share/shorewall/firewall as described above.</para>
    </section>
    <section>
      <title>Shorewall 2.0.3a through 2.0.7</title>
      <itemizedlist>
        <listitem>
          <para>Entries in the USER/GROUP column of an action file (made from
-          action.template) may be ignored or cause odd errors. </para>
+          action.template) may be ignored or cause odd errors.</para>
        </listitem>
      </itemizedlist>
@ -127,9 +147,9 @@
      <itemizedlist>
        <listitem>
          <para>DNAT rules with <emphasis role="bold">fw</emphasis> as the
-          source zone and that specify logging cause <command>shorewall start</command>
+          source zone and that specify logging cause <command>shorewall
-          to fail with an iptables error. The problem is corrected for
+          start</command> to fail with an iptables error. The problem is
-          Shorewall 2.0.3 users in <ulink
+          corrected for Shorewall 2.0.3 users in <ulink
          url="http://shorewall.net/pub/shorewall/errata/2.0.3/firewall">this
          firewall script</ulink> which may be installed in
          /usr/share/shorewall/firewall as described above.</para>
@ -153,7 +173,8 @@
        </listitem>
      </itemizedlist>
-      <para>The above problems are corrected in Shorewall version 2.0.3c.</para>
+      <para>The above problems are corrected in Shorewall version
      2.0.3c.</para>
    </section>
    <section>
@ -170,8 +191,8 @@
        </listitem>
        <listitem>
-          <para>Shorewall fails to start if there is no <command>mktemp</command>
+          <para>Shorewall fails to start if there is no
-          utility.</para>
+          <command>mktemp</command> utility.</para>
        </listitem>
      </itemizedlist>
@ -209,8 +230,8 @@
        </listitem>
        <listitem>
-          <para>&#34;shorewall restore&#34; and &#34;shorewall -f start&#34;
+          <para>"shorewall restore" and "shorewall -f start" do not load
-          do not load kernel modules.</para>
+          kernel modules.</para>
          <para><emphasis role="bold">The above two problems are corrected in
          Shorewall 2.0.2a</emphasis></para>
@ -261,19 +282,19 @@
        </listitem>
        <listitem>
-          <para>Kernel modules fail to load when MODULE_SUFFIX isn&#39;t set
+          <para>Kernel modules fail to load when MODULE_SUFFIX isn't set in
-          in shorewall.conf</para>
+          shorewall.conf</para>
          <para><emphasis role="bold">All of the above problems are corrected
          in Shorewall 2.0.2f</emphasis></para>
        </listitem>
      </itemizedlist>
-      <para>These problems are all corrected by the <filename>firewall</filename>
+      <para>These problems are all corrected by the
-      and <filename>functions</filename> files in <ulink
+      <filename>firewall</filename> and <filename>functions</filename> files
-      url="http://shorewall.net/pub/shorewall/errata/2.0.2">this directory</ulink>.
+      in <ulink url="http://shorewall.net/pub/shorewall/errata/2.0.2">this
-      Both files must be installed in <filename>/usr/share/shorewall/</filename>
+      directory</ulink>. Both files must be installed in
-      as described above.</para>
+      <filename>/usr/share/shorewall/</filename> as described above.</para>
    </section>
    <section>
@ -285,20 +306,22 @@
        </listitem>
        <listitem>
-          <para>Modules listed in /etc/shorewall/modules don&#39;t load or
+          <para>Modules listed in /etc/shorewall/modules don't load or produce
-          produce errors on Mandrake 10.0 Final.</para>
+          errors on Mandrake 10.0 Final.</para>
        </listitem>
        <listitem>
          <para>The <command>shorewall delete</command> command does not
-          remove all dynamic rules pertaining to the host(s) being deleted.</para>
+          remove all dynamic rules pertaining to the host(s) being
          deleted.</para>
        </listitem>
      </itemizedlist>
      <para>These problems are corrected in <ulink
      url="http://shorewall.net/pub/shorewall/errata/2.0.1/firewall">this
-      firewall script</ulink> which may be installed in <filename>/usr/share/shorewall/firewall</filename>
+      firewall script</ulink> which may be installed in
-      as described above.</para>
+      <filename>/usr/share/shorewall/firewall</filename> as described
      above.</para>
      <itemizedlist>
        <listitem>
@ -322,10 +345,11 @@
          url="http://shorewall.net/pub/shorewall/errata/2.0.1/init.debian.sh">this
          file</ulink> as /etc/init.d/shorewall (replacing the existing file
          with that name). If you are just installing or upgrading to
-          Shorewall 2.0.0 or 2.0.1, then replace the <filename>init.debian.sh</filename>
+          Shorewall 2.0.0 or 2.0.1, then replace the
-          file in the Shorewall distribution directory (shorewall-2.0.x) with
+          <filename>init.debian.sh</filename> file in the Shorewall
-          the updated file before running <command>install.sh</command> from
+          distribution directory (shorewall-2.0.x) with the updated file
-          that directory.</para>
+          before running <command>install.sh</command> from that
          directory.</para>
        </listitem>
      </itemizedlist>
    </section>
@ -347,11 +371,13 @@
        </listitem>
      </itemizedlist>
-      <para>The first problem has been corrected in Shorewall update 2.0.0a.</para>
+      <para>The first problem has been corrected in Shorewall update
      2.0.0a.</para>
      <para>All of these problems may be corrected by installing <ulink
      url="http://shorewall.net/pub/shorewall/errata/2.0.0/firewall">this
-      firewall script</ulink> in /usr/share/shorewall as described above.</para>
+      firewall script</ulink> in /usr/share/shorewall as described
      above.</para>
    </section>
  </section>
@ -369,7 +395,8 @@
    Final) or later then you need to patch your iptables 1.2.9 with <ulink
    url="http://shorewall.net/pub/shorewall/errata/iptables-1.2.9.diff">this
    patch</ulink> or you need to use the <ulink
-    url="http://www.netfilter.org/downloads.html#cvs">CVS version of iptables</ulink>.</para>
+    url="http://www.netfilter.org/downloads.html#cvs">CVS version of
    iptables</ulink>.</para>
  </section>
  <section>
@ -380,10 +407,12 @@
    --reject-with tcp-reset</quote> is broken. The symptom most commonly seen
    is that REJECT rules act just like DROP rules when dealing with TCP. A
    kernel patch and precompiled modules to fix this problem are available at
-    <ulink url="ftp://ftp1.shorewall.net/pub/shorewall/errata/kernel">ftp://ftp1.shorewall.net/pub/shorewall/errata/kernel</ulink></para>
+    <ulink
    url="ftp://ftp1.shorewall.net/pub/shorewall/errata/kernel">ftp://ftp1.shorewall.net/pub/shorewall/errata/kernel</ulink></para>
    <note>
-      <para>RedHat have corrected this problem in their 2.4.20-27.x kernels.</para>
+      <para>RedHat have corrected this problem in their 2.4.20-27.x
      kernels.</para>
    </note>
  </section>
 </article>
--- a/Shorewall-docs2/images/network.png
+++ b/Shorewall-docs2/images/network.png
--- a/Shorewall-docs2/images/network.vdx
+++ b/Shorewall-docs2/images/network.vdx
--- a/Shorewall-docs2/images/network1.png
+++ b/Shorewall-docs2/images/network1.png
--- a/Shorewall-docs2/images/network1.vdx
+++ b/Shorewall-docs2/images/network1.vdx
--- a/Shorewall-docs2/support.xml
+++ b/Shorewall-docs2/support.xml
@ -15,7 +15,7 @@
      </author>
    </authorgroup>
-    <pubdate>2004-07-29</pubdate>
+    <pubdate>2004-09-04</pubdate>
    <copyright>
      <year>2001-2004</year>
@ -29,7 +29,14 @@
      1.2 or any later version published by the Free Software Foundation; with
      no Invariant Sections, with no Front-Cover, and with no Back-Cover
      Texts. A copy of the license is included in the section entitled
-      <quote><ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para>
+      <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
      License</ulink></quote>.</para>
      <important>
        <para>Problem reports that do not include the information requested in
        the <link linkend="Guidelines">Problem Reporting Guidelines</link>
        below will not be answered by the Shorewall author.</para>
      </important>
    </legalnotice>
  </articleinfo>
@ -57,8 +64,9 @@
      </listitem>
      <listitem>
-        <para>The <ulink url="troubleshoot.htm">Troubleshooting Information</ulink>
+        <para>The <ulink url="troubleshoot.htm">Troubleshooting
-        contains a number of tips to help you solve common problems.</para>
+        Information</ulink> contains a number of tips to help you solve common
        problems.</para>
      </listitem>
      <listitem>
@ -67,74 +75,26 @@
      </listitem>
      <listitem>
-        <para>The <ulink url="http://lists.shorewall.net/htdig/search.html">Site
+        <para>The <ulink
-        and Mailing List Archives search facility</ulink> can locate documents
+        url="http://lists.shorewall.net/htdig/search.html">Site and Mailing
-        and posts about similar problems:</para>
+        List Archives search facility</ulink> can locate documents and posts
        about similar problems:</para>
      </listitem>
    </itemizedlist>
  </section>
-  <section>
+  <section id="Guidelines">
    <title>Problem Reporting Guidelines</title>
    <note>
-      <para>Shorewall versions earlier that 1.4.0 are no longer supported.</para>
+      <para>Shorewall versions earlier that 1.4.0 are no longer
      supported.</para>
    </note>
    <itemizedlist>
      <listitem>
-        <para>Please remember we only know what is posted in your message. Do
+        <para>When reporting a problem, <emphasis
-        not leave out any information that appears to be correct, or was
+        role="bold">ALWAYS</emphasis> include this information:</para>
        mentioned in a previous post. There have been countless posts by
        people who were sure that some part of their configuration was correct
        when it actually contained a small error. We tend to be skeptics where
        detail is lacking.</para>
      </listitem>
      <listitem>
        <para>Please keep in mind that you&#39;re asking for <emphasis
        role="bold">free</emphasis> technical support. Any help we offer is an
        act of generosity, not an obligation. Try to make it easy for us to
        help you. Follow good, courteous practices in writing and formatting
        your e-mail. Provide details that we need if you expect good answers.
        Exact quoting of error messages, log entries, command output, and
        other output is better than a paraphrase or summary.</para>
      </listitem>
      <listitem>
        <para>Please don&#39;t describe your problem as <quote>Computer A
        can&#39;t see Computer B</quote>. Of course it can&#39;t -- it
        hasn&#39;t any eyes! If ping from A to B fails, say so (and see below
        for information about reporting <quote>ping</quote> problems). If
        Computer B doesn&#39;t show up in <quote>Network Neighborhood</quote>
        then say so.</para>
      </listitem>
      <listitem>
        <para>Please give details about what doesn&#39;t work. Reports that
        say <quote>I followed the directions and it didn&#39;t work</quote>
        will elicit sympathy but probably little in the way of help. Again --
        if ping from A to B fails, say so (and see below for information about
        reporting <quote>ping</quote> problems). If Computer B doesn&#39;t
        show up in <quote>Network Neighborhood</quote> then say so. If access
        by IP address works but by DNS names it doesn&#39;t then say so.</para>
      </listitem>
      <listitem>
        <para>Please don&#39;t describe your environment and then ask us to
        send you custom configuration files. We&#39;re here to answer your
        questions but we can&#39;t do your job for you.</para>
      </listitem>
      <listitem>
        <para>Please do NOT include the output of <command>iptables -L</command>
        — the output of <emphasis role="bold">shorewall show</emphasis> or
        <command>shorewall status</command> is much more useful.</para>
      </listitem>
      <listitem>
        <para>When reporting a problem, <emphasis role="bold">ALWAYS</emphasis>
        include this information:</para>
        <itemizedlist>
          <listitem>
@ -158,13 +118,14 @@
          <listitem>
            <para><emphasis role="bold">THIS IS IMPORTANT!</emphasis> If your
            problem is that some type of connection to/from or through your
-            firewall isn&#39;t working then please perform the following four
+            firewall isn't working then please perform the following four
            steps:</para>
            <orderedlist>
              <listitem>
-                <para>If Shorewall isn&#39;t started then <command>/sbin/shorewall/start</command>.
+                <para>If Shorewall isn't started then
-                Otherwise <command>/sbin/shorewall reset</command>.</para>
+                <command>/sbin/shorewall/start</command>. Otherwise
                <command>/sbin/shorewall reset</command>.</para>
              </listitem>
              <listitem>
@ -172,7 +133,8 @@
              </listitem>
              <listitem>
-                <para><command>/sbin/shorewall status &#62; /tmp/status.txt</command></para>
+                <para><command>/sbin/shorewall status &gt;
                /tmp/status.txt</command></para>
              </listitem>
              <listitem>
@ -188,25 +150,77 @@
          <listitem>
            <para><emphasis role="bold">If you installed Shorewall using one
-            of the QuickStart Guides, please indicate which one</emphasis>.</para>
+            of the QuickStart Guides, please indicate which
            one</emphasis>.</para>
          </listitem>
        </itemizedlist>
      </listitem>
      <listitem>
-        <para>As a general matter, <emphasis role="bold">please do not edit
+        <para>Please remember we only know what is posted in your message. Do
-        the diagnostic information</emphasis> in an attempt to conceal your IP
+        not leave out any information that appears to be correct, or was
-        address, netmask, nameserver addresses, domain name, etc. These
+        mentioned in a previous post. There have been countless posts by
-        aren&#39;t secrets, and concealing them often misleads us (and 80% of
+        people who were sure that some part of their configuration was correct
-        the time, a hacker could derive them anyway from information contained
+        when it actually contained a small error. We tend to be skeptics where
-        in the SMTP headers of your post).</para>
+        detail is lacking.</para>
      </listitem>
      <listitem>
-        <para>Do you see any <quote>Shorewall</quote> messages (<quote><command>/sbin/shorewall
+        <para>Please keep in mind that you're asking for <emphasis
-        show log</command></quote>) when you exercise the function that is
+        role="bold">free</emphasis> technical support. Any help we offer is an
-        giving you problems? If so, include the message(s) in your post along
+        act of generosity, not an obligation. Try to make it easy for us to
-        with a copy of your /etc/shorewall/interfaces file.</para>
+        help you. Follow good, courteous practices in writing and formatting
        your e-mail. Provide details that we need if you expect good answers.
        Exact quoting of error messages, log entries, command output, and
        other output is better than a paraphrase or summary.</para>
      </listitem>
      <listitem>
        <para>Please don't describe your problem as <quote>Computer A can't
        see Computer B</quote>. Of course it can't -- it hasn't any eyes! If
        ping from A to B fails, say so (and see below for information about
        reporting <quote>ping</quote> problems). If Computer B doesn't show up
        in <quote>Network Neighborhood</quote> then say so.</para>
      </listitem>
      <listitem>
        <para>Please give details about what doesn't work. Reports that say
        <quote>I followed the directions and it didn't work</quote> will
        elicit sympathy but probably little in the way of help. Again -- if
        ping from A to B fails, say so (and see below for information about
        reporting <quote>ping</quote> problems). If Computer B doesn't show up
        in <quote>Network Neighborhood</quote> then say so. If access by IP
        address works but by DNS names it doesn't then say so.</para>
      </listitem>
      <listitem>
        <para>Please don't describe your environment and then ask us to send
        you custom configuration files. We're here to answer your questions
        but we can't do your job for you.</para>
      </listitem>
      <listitem>
        <para>Please do NOT include the output of <command>iptables
        -L</command> — the output of <emphasis role="bold">shorewall
        show</emphasis> or <command>shorewall status</command> is much more
        useful.</para>
      </listitem>
      <listitem>
        <para>As a general matter, <emphasis role="bold">please do not edit
        the diagnostic information</emphasis> in an attempt to conceal your IP
        address, netmask, nameserver addresses, domain name, etc. These aren't
        secrets, and concealing them often misleads us (and 80% of the time, a
        hacker could derive them anyway from information contained in the SMTP
        headers of your post).</para>
      </listitem>
      <listitem>
        <para>Do you see any <quote>Shorewall</quote> messages
        (<quote><command>/sbin/shorewall show log</command></quote>) when you
        exercise the function that is giving you problems? If so, include the
        message(s) in your post along with a copy of your
        /etc/shorewall/interfaces file.</para>
      </listitem>
      <listitem>
@ -226,14 +240,14 @@
      <listitem>
        <para><emphasis role="bold">The list server limits posts to 120kb so
-        don&#39;t post graphics of your network layout, etc. to the Mailing
+        don't post graphics of your network layout, etc. to the Mailing List
-        List -- your post will be rejected</emphasis>.</para>
+        -- your post will be rejected</emphasis>.</para>
      </listitem>
      <listitem>
        <para>The author gratefully acknowleges that the above list was
-        heavily plagiarized from the excellent LEAF document by
+        heavily plagiarized from the excellent LEAF document by <emphasis>Ray
-        <emphasis>Ray Olszewski</emphasis> found at <ulink
+        Olszewski</emphasis> found at <ulink
        url="http://leaf-project.org/pub/doc/docmanager/docid_1891.html">http://leaf-project.org/pub/doc/docmanager/docid_1891.html</ulink>.</para>
      </listitem>
    </itemizedlist>
@ -250,10 +264,10 @@
    <para>I think that blocking all HTML is a Draconian way to control spam
    and that the ultimate losers here are not the spammers but the list
    subscribers whose MTAs are bouncing all shorewall.net mail. As one list
-    subscriber wrote to me privately <quote>These e-mail admin&#39;s need to
+    subscriber wrote to me privately <quote>These e-mail admin's need to get a
-    get a (expletive deleted) life instead of trying to rid the planet of HTML
+    (expletive deleted) life instead of trying to rid the planet of HTML based
-    based e-mail</quote>. Nevertheless, to allow subscribers to receive list
+    e-mail</quote>. Nevertheless, to allow subscribers to receive list posts
-    posts as must as possible, I have now configured the list server at
+    as must as possible, I have now configured the list server at
    shorewall.net to convert all HTML to plain text. These converted posts are
    difficult to read so all of us will appreciate it if you just post in
    plain text to begin with.</para>
@ -262,17 +276,18 @@
  <section>
    <title>Where to Send your Problem Report or to Ask for Help</title>
-    <para><emphasis role="bold">If you run the current development release</emphasis>
+    <para><emphasis role="bold">If you run the current development
-    (see the <ulink url="ReleaseModel.html">Shorewall Release Model page</ulink>)
+    release</emphasis> (see the <ulink url="ReleaseModel.html">Shorewall
-    -- please post your question or problem to the <ulink
+    Release Model page</ulink>) -- please post your question or problem to the
-    url="mailto:shorewall-devel@lists.shorewall.net">Shorewall Development
+    <ulink url="mailto:shorewall-devel@lists.shorewall.net">Shorewall
-    Mailing List</ulink>.</para>
+    Development Mailing List</ulink>.</para>
    <para><emphasis role="bold">If you run Shorewall under MandrakeSoft Multi
    Network Firewall (MNF) and you have not purchased an MNF license from
    MandrakeSoft then you can post non MNF-specific Shorewall questions to the
    <ulink url="mailto:shorewall-users@lists.shorewall.net">Shorewall users
-    mailing list</ulink>. Do not expect to get free MNF support on the list</emphasis>.</para>
+    mailing list</ulink>. Do not expect to get free MNF support on the
    list</emphasis>.</para>
    <para>Otherwise, please post your question or problem to the <ulink
    url="mailto:shorewall-users@lists.shorewall.net">Shorewall users mailing
@ -292,19 +307,75 @@
    <title>Other Mailing Lists</title>
    <para>For information on other Shorewall mailing lists, go to <ulink
-    url="http://lists.shorewall.net">http://lists.shorewall.net</ulink> .</para>
+    url="http://lists.shorewall.net">http://lists.shorewall.net</ulink>
    .</para>
  </section>
  <appendix>
    <title>Revision History</title>
-    <para><revhistory><revision><revnumber>1.6</revnumber><date>2003-07-03</date><authorinitials>TE</authorinitials><revremark>New
+    <para><revhistory>
-    Release Model</revremark></revision><revision><revnumber>1.5</revnumber><date>2003-05-16</date><authorinitials>TE</authorinitials><revremark>Add
+        <revision>
-    link to the troubleshooting section</revremark></revision><revision><revnumber>1.4</revnumber><date>2003-03-15</date><authorinitials>TE</authorinitials><revremark>Remove
+          <revnumber>1.6</revnumber>
-    Newbies Mailing List.</revremark></revision><revision><revnumber>1.3</revnumber><date>2003-02-19</date><authorinitials>TE</authorinitials><revremark>Admonish
+
-    against including &#34;iptables -L&#34; output.</revremark></revision><revision><revnumber>1.2</revnumber><date>2003-01-01</date><authorinitials>TE</authorinitials><revremark>Removed
+          <date>2003-07-03</date>
-    .GIF and moved note about unsupported releases. Move Revision History to
+
-    this Appendix.</revremark></revision><revision><revnumber>1.1</revnumber><date>2003-12-19</date><authorinitials>TE</authorinitials><revremark>Corrected
+          <authorinitials>TE</authorinitials>
-    URL for Newbies List</revremark></revision></revhistory></para>
+
          <revremark>New Release Model</revremark>
        </revision>
        <revision>
          <revnumber>1.5</revnumber>
          <date>2003-05-16</date>
          <authorinitials>TE</authorinitials>
          <revremark>Add link to the troubleshooting section</revremark>
        </revision>
        <revision>
          <revnumber>1.4</revnumber>
          <date>2003-03-15</date>
          <authorinitials>TE</authorinitials>
          <revremark>Remove Newbies Mailing List.</revremark>
        </revision>
        <revision>
          <revnumber>1.3</revnumber>
          <date>2003-02-19</date>
          <authorinitials>TE</authorinitials>
          <revremark>Admonish against including "iptables -L"
          output.</revremark>
        </revision>
        <revision>
          <revnumber>1.2</revnumber>
          <date>2003-01-01</date>
          <authorinitials>TE</authorinitials>
          <revremark>Removed .GIF and moved note about unsupported releases.
          Move Revision History to this Appendix.</revremark>
        </revision>
        <revision>
          <revnumber>1.1</revnumber>
          <date>2003-12-19</date>
          <authorinitials>TE</authorinitials>
          <revremark>Corrected URL for Newbies List</revremark>
        </revision>
      </revhistory></para>
  </appendix>
 </article>