extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-08 08:44:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Updates to docs

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1595 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-09-04 18:57:53 +00:00
parent 346d125bb8
commit 676d0bebe8
9 changed files with 994 additions and 5667 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
Shorewall-docs2/FAQ.xml
View File

@ -17,7 +17,7 @@
</author>
</authorgroup>
<pubdate>2004-08-19</pubdate>
<pubdate>2004-08-31</pubdate>
<copyright>
<year>2001-2004</year>
@ -98,7 +98,7 @@ DNAT net loc:192.168.1.5 udp 7777</programlisting>
# PORT DEST.
DNAT net loc:&lt;l<emphasis>ocal IP address</emphasis>&gt;[:&lt;<emphasis>local port</emphasis>&gt;] &lt;<emphasis>protocol</emphasis>&gt; &lt;<emphasis>port #</emphasis>&gt; - &lt;<emphasis>external IP</emphasis>&gt;</programlisting>
<para>Finally, if you need to forward a range of ports, in the PORT
<para>Finally, if you need to forward a range of ports, in the DEST PORT
column specify the range as
<emphasis>&lt;low-port&gt;:&lt;high-port&gt;</emphasis>.</para>
@ -212,8 +212,8 @@ DNAT net loc:&lt;l<emphasis>ocal IP address</emphasis>&gt;[:&lt;<emphasis>
<para>In /<filename>etc/shorewall/rules</filename>:</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT
DNAT net loc:192.168.3:22 tcp 1022</programlisting>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT
DNAT net loc:192.168.1.3:22 tcp 1022</programlisting>
</section>
</section>
@ -317,11 +317,15 @@ DNAT loc loc:192.168.1.5 tcp www - 130.15
<para>That rule only works of course if you have a static external
IP address. If you have a dynamic IP address and are running
Shorewall 1.3.4 or later then include this in
Shorewall 1.3.4 through Shorewall 2.0.* then include this in
<filename>/etc/shorewall/init</filename>:</para>
<programlisting><command>ETH0_IP=`find_interface_address eth0`</command></programlisting>
<para>For users of Shorewall 2.1.0 and later:</para>
<programlisting><command>ETH0_IP=`find_first_interface_address eth0`</command></programlisting>
<para>and make your DNAT rule:</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT SOURCE ORIGINAL
@ -1816,6 +1820,17 @@ iptables: Invalid argument
<title>Revision History</title>
<para><revhistory>
<revision>
<revnumber>1.30</revnumber>
<date>2004-08-26</date>
<authorinitials>TE</authorinitials>
<revremark>Update FAQ 2 with information about Shorewall
2.1.</revremark>
</revision>
<revision>
<revnumber>1.29</revnumber>

29
Shorewall-docs2/IPSEC-2.6.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2004-08-21</pubdate>
<pubdate>2004-08-25</pubdate>
<copyright>
<year>2004</year>
@ -55,11 +55,19 @@
<para>The 2.6 Linux Kernel introduces new facilities for defining
encrypted communication between hosts in a network. The network
administrator defines a set of Security Policies which are stored in the
kernel as a Security Policy Database (SPD). Outgoing traffic is encrypted
according to the contents of the SPD and incoming traffic is verified
against the SPD to ensure that no unencrypted traffic is accepted in
violation of the administrator's policies.</para>
administrator defines a set of <firstterm>Security Policies</firstterm>
which are stored in the kernel as a <firstterm>Security Policy
Database</firstterm> (SPD). Security policies determine which traffic is
subject to encryption. <firstterm>Security Associations</firstterm> are
created between pairs of hosts in the network (one SA for traffic in each
direction); these SAs define how traffic is to be encrypted. Outgoing
traffic that is to be encrypted according to the contents of the SPD
requires an appropriate SA to exist. SAs may be created manually using
<command>setkey</command>(8) but most often, they are created by a
cooperative process involving the ISAKMP protocol and daemons such
as<command> racoon</command> or <command>isakmpd</command>. Incoming
traffic is verified against the SPD to ensure that no unencrypted traffic
is accepted in violation of the administrator's policies.</para>
<para>There are three ways in which IPSEC traffic can interact with
Shorewall policies and rules:</para>
@ -99,7 +107,8 @@
class="devicefile">ipsecn</filename> device. The 2.6 kernel-based
implementation does away with these pseudo-interfaces. Outgoing traffic
that is going to be encrypted and incoming traffic that has been decrypted
must be matched against policies in the SPD.</para>
must be matched against policies in the SPD and/or the appropriate
SA.</para>
<para>Shorewall provides support for policy matching in two ways:</para>
@ -108,8 +117,8 @@
<para>In <filename>/etc/shorewall/masq</filename>, traffic that will
later be encrypted is exempted from MASQUERADE/SNAT using existing
entries. If you want to MASQUERADE/SNAT outgoing traffic that will
later be encrypted, you must include an entry in the new IPSEC column
in that file.</para>
later be encrypted, you must include the appropriate indication in the
new IPSEC column in that file.</para>
</listitem>
<listitem>
@ -435,4 +444,4 @@ all all REJECT info
occur, NONE policies are used.</para>
</blockquote>
</section>
</article>
</article>

15
Shorewall-docs2/Kernel2.6.xml
View File

@ -15,11 +15,13 @@
</author>
</authorgroup>
<pubdate>2003-07-02</pubdate>
<pubdate>2003-08-25</pubdate>
<copyright>
<year>2003</year>
<year>2004</year>
<holder>Thomas M. Eastep</holder>
</copyright>
@ -29,7 +31,8 @@
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para>
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation
License</ulink></quote>.</para>
</legalnotice>
</articleinfo>
@ -37,7 +40,8 @@
<title>General</title>
<para>Shorewall is compatible with the Linux 2.6 kernel series and
contains support for the following features that are added in that series:</para>
contains support for the following features that are added in that
series:</para>
<orderedlist>
<listitem>
@ -59,5 +63,10 @@
names. Netfilter/iptables support for this new implementation is
incomplete and therefore Shorewall support is limited. See the <ulink
url="IPSEC.htm">Shorewall IPSEC documentation</ulink>.</para>
<para><emphasis role="bold">Update:</emphasis> The Shorewall 2.1 <ulink
url="ReleaseModel.html">Development release</ulink> now contains support
for IPSEC under the 2.6 Kernel. See the <ulink url="IPSEC-2.6.html">Kernel
2.6 IPSEC documentation</ulink> for details.</para>
</section>
</article>

101
Shorewall-docs2/errata.xml
View File

@ -13,7 +13,7 @@
</author>
</authorgroup>
<pubdate>2004-07-30</pubdate>
<pubdate>2004-09-02</pubdate>
<copyright>
<year>2001-2004</year>
@ -27,7 +27,8 @@
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para>
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation
License</ulink></quote>.</para>
</legalnotice>
</articleinfo>
@ -55,9 +56,9 @@
<listitem>
<para><emphasis role="bold">DO NOT INSTALL CORRECTED COMPONENTS ON A
RELEASE EARLIER THAN THE ONE THAT THEY ARE LISTED UNDER BELOW.</emphasis>
For example, do NOT install the 2.0.2 firewall script if you are
running 2.0.0-RC2</para>
RELEASE EARLIER THAN THE ONE THAT THEY ARE LISTED UNDER
BELOW.</emphasis> For example, do NOT install the 2.0.2 firewall
script if you are running 2.0.0-RC2</para>
</listitem>
</itemizedlist>
</caution>
@ -79,7 +80,8 @@
<section>
<title>Bogons File</title>
<para><ulink url="http://shorewall.net/pub/shorewall/errata/2.0.1/bogons">Here</ulink>
<para><ulink
url="http://shorewall.net/pub/shorewall/errata/2.0.8/bogons">Here</ulink>
is the most up to date version of the <ulink
url="Documentation.htm#Bogons">bogons file</ulink>.</para>
</section>
@ -87,13 +89,31 @@
<section>
<title>Problems in Version 2.0</title>
<section>
<title>Shorewall 2.0.3 through 2.0.8</title>
<itemizedlist>
<listitem>
<para>An empty PROTO column in /etc/shorewall/tcrules produced
iptables errors during <command>shorewall start</command>. A value
of <command>all</command> in that column produced a similar
error.</para>
</listitem>
</itemizedlist>
<para>Corrected in <ulink
url="http://shorewall.net/pub/shorewall/errata/2.0.8/firewall">this
firewall script</ulink> which may be installed in
/usr/share/shorewall/firewall as described above.</para>
</section>
<section>
<title>Shorewall 2.0.3a through 2.0.7</title>
<itemizedlist>
<listitem>
<para>Entries in the USER/GROUP column of an action file (made from
action.template) may be ignored or cause odd errors. </para>
action.template) may be ignored or cause odd errors.</para>
</listitem>
</itemizedlist>
@ -127,9 +147,9 @@
<itemizedlist>
<listitem>
<para>DNAT rules with <emphasis role="bold">fw</emphasis> as the
source zone and that specify logging cause <command>shorewall start</command>
to fail with an iptables error. The problem is corrected for
Shorewall 2.0.3 users in <ulink
source zone and that specify logging cause <command>shorewall
start</command> to fail with an iptables error. The problem is
corrected for Shorewall 2.0.3 users in <ulink
url="http://shorewall.net/pub/shorewall/errata/2.0.3/firewall">this
firewall script</ulink> which may be installed in
/usr/share/shorewall/firewall as described above.</para>
@ -153,7 +173,8 @@
</listitem>
</itemizedlist>
<para>The above problems are corrected in Shorewall version 2.0.3c.</para>
<para>The above problems are corrected in Shorewall version
2.0.3c.</para>
</section>
<section>
@ -170,8 +191,8 @@
</listitem>
<listitem>
<para>Shorewall fails to start if there is no <command>mktemp</command>
utility.</para>
<para>Shorewall fails to start if there is no
<command>mktemp</command> utility.</para>
</listitem>
</itemizedlist>
@ -209,8 +230,8 @@
</listitem>
<listitem>
<para>&#34;shorewall restore&#34; and &#34;shorewall -f start&#34;
do not load kernel modules.</para>
<para>"shorewall restore" and "shorewall -f start" do not load
kernel modules.</para>
<para><emphasis role="bold">The above two problems are corrected in
Shorewall 2.0.2a</emphasis></para>
@ -261,19 +282,19 @@
</listitem>
<listitem>
<para>Kernel modules fail to load when MODULE_SUFFIX isn&#39;t set
in shorewall.conf</para>
<para>Kernel modules fail to load when MODULE_SUFFIX isn't set in
shorewall.conf</para>
<para><emphasis role="bold">All of the above problems are corrected
in Shorewall 2.0.2f</emphasis></para>
</listitem>
</itemizedlist>
<para>These problems are all corrected by the <filename>firewall</filename>
and <filename>functions</filename> files in <ulink
url="http://shorewall.net/pub/shorewall/errata/2.0.2">this directory</ulink>.
Both files must be installed in <filename>/usr/share/shorewall/</filename>
as described above.</para>
<para>These problems are all corrected by the
<filename>firewall</filename> and <filename>functions</filename> files
in <ulink url="http://shorewall.net/pub/shorewall/errata/2.0.2">this
directory</ulink>. Both files must be installed in
<filename>/usr/share/shorewall/</filename> as described above.</para>
</section>
<section>
@ -285,20 +306,22 @@
</listitem>
<listitem>
<para>Modules listed in /etc/shorewall/modules don&#39;t load or
produce errors on Mandrake 10.0 Final.</para>
<para>Modules listed in /etc/shorewall/modules don't load or produce
errors on Mandrake 10.0 Final.</para>
</listitem>
<listitem>
<para>The <command>shorewall delete</command> command does not
remove all dynamic rules pertaining to the host(s) being deleted.</para>
remove all dynamic rules pertaining to the host(s) being
deleted.</para>
</listitem>
</itemizedlist>
<para>These problems are corrected in <ulink
url="http://shorewall.net/pub/shorewall/errata/2.0.1/firewall">this
firewall script</ulink> which may be installed in <filename>/usr/share/shorewall/firewall</filename>
as described above.</para>
firewall script</ulink> which may be installed in
<filename>/usr/share/shorewall/firewall</filename> as described
above.</para>
<itemizedlist>
<listitem>
@ -322,10 +345,11 @@
url="http://shorewall.net/pub/shorewall/errata/2.0.1/init.debian.sh">this
file</ulink> as /etc/init.d/shorewall (replacing the existing file
with that name). If you are just installing or upgrading to
Shorewall 2.0.0 or 2.0.1, then replace the <filename>init.debian.sh</filename>
file in the Shorewall distribution directory (shorewall-2.0.x) with
the updated file before running <command>install.sh</command> from
that directory.</para>
Shorewall 2.0.0 or 2.0.1, then replace the
<filename>init.debian.sh</filename> file in the Shorewall
distribution directory (shorewall-2.0.x) with the updated file
before running <command>install.sh</command> from that
directory.</para>
</listitem>
</itemizedlist>
</section>
@ -347,11 +371,13 @@
</listitem>
</itemizedlist>
<para>The first problem has been corrected in Shorewall update 2.0.0a.</para>
<para>The first problem has been corrected in Shorewall update
2.0.0a.</para>
<para>All of these problems may be corrected by installing <ulink
url="http://shorewall.net/pub/shorewall/errata/2.0.0/firewall">this
firewall script</ulink> in /usr/share/shorewall as described above.</para>
firewall script</ulink> in /usr/share/shorewall as described
above.</para>
</section>
</section>
@ -369,7 +395,8 @@
Final) or later then you need to patch your iptables 1.2.9 with <ulink
url="http://shorewall.net/pub/shorewall/errata/iptables-1.2.9.diff">this
patch</ulink> or you need to use the <ulink
url="http://www.netfilter.org/downloads.html#cvs">CVS version of iptables</ulink>.</para>
url="http://www.netfilter.org/downloads.html#cvs">CVS version of
iptables</ulink>.</para>
</section>
<section>
@ -380,10 +407,12 @@
--reject-with tcp-reset</quote> is broken. The symptom most commonly seen
is that REJECT rules act just like DROP rules when dealing with TCP. A
kernel patch and precompiled modules to fix this problem are available at
<ulink url="ftp://ftp1.shorewall.net/pub/shorewall/errata/kernel">ftp://ftp1.shorewall.net/pub/shorewall/errata/kernel</ulink></para>
<ulink
url="ftp://ftp1.shorewall.net/pub/shorewall/errata/kernel">ftp://ftp1.shorewall.net/pub/shorewall/errata/kernel</ulink></para>
<note>
<para>RedHat have corrected this problem in their 2.4.20-27.x kernels.</para>
<para>RedHat have corrected this problem in their 2.4.20-27.x
kernels.</para>
</note>
</section>
</article>

BIN
Shorewall-docs2/images/network.png
View File

Binary file not shown.

3088
Shorewall-docs2/images/network.vdx
View File

File diff suppressed because it is too large Load Diff

BIN
Shorewall-docs2/images/network1.png
View File

Binary file not shown.

3134
Shorewall-docs2/images/network1.vdx
View File

File diff suppressed because it is too large Load Diff

269
Shorewall-docs2/support.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2004-07-29</pubdate>
<pubdate>2004-09-04</pubdate>
<copyright>
<year>2001-2004</year>
@ -29,7 +29,14 @@
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para>
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation
License</ulink></quote>.</para>
<important>
<para>Problem reports that do not include the information requested in
the <link linkend="Guidelines">Problem Reporting Guidelines</link>
below will not be answered by the Shorewall author.</para>
</important>
</legalnotice>
</articleinfo>
@ -57,8 +64,9 @@
</listitem>
<listitem>
<para>The <ulink url="troubleshoot.htm">Troubleshooting Information</ulink>
contains a number of tips to help you solve common problems.</para>
<para>The <ulink url="troubleshoot.htm">Troubleshooting
Information</ulink> contains a number of tips to help you solve common
problems.</para>
</listitem>
<listitem>
@ -67,74 +75,26 @@
</listitem>
<listitem>
<para>The <ulink url="http://lists.shorewall.net/htdig/search.html">Site
and Mailing List Archives search facility</ulink> can locate documents
and posts about similar problems:</para>
<para>The <ulink
url="http://lists.shorewall.net/htdig/search.html">Site and Mailing
List Archives search facility</ulink> can locate documents and posts
about similar problems:</para>
</listitem>
</itemizedlist>
</section>
<section>
<section id="Guidelines">
<title>Problem Reporting Guidelines</title>
<note>
<para>Shorewall versions earlier that 1.4.0 are no longer supported.</para>
<para>Shorewall versions earlier that 1.4.0 are no longer
supported.</para>
</note>
<itemizedlist>
<listitem>
<para>Please remember we only know what is posted in your message. Do
not leave out any information that appears to be correct, or was
mentioned in a previous post. There have been countless posts by
people who were sure that some part of their configuration was correct
when it actually contained a small error. We tend to be skeptics where
detail is lacking.</para>
</listitem>
<listitem>
<para>Please keep in mind that you&#39;re asking for <emphasis
role="bold">free</emphasis> technical support. Any help we offer is an
act of generosity, not an obligation. Try to make it easy for us to
help you. Follow good, courteous practices in writing and formatting
your e-mail. Provide details that we need if you expect good answers.
Exact quoting of error messages, log entries, command output, and
other output is better than a paraphrase or summary.</para>
</listitem>
<listitem>
<para>Please don&#39;t describe your problem as <quote>Computer A
can&#39;t see Computer B</quote>. Of course it can&#39;t -- it
hasn&#39;t any eyes! If ping from A to B fails, say so (and see below
for information about reporting <quote>ping</quote> problems). If
Computer B doesn&#39;t show up in <quote>Network Neighborhood</quote>
then say so.</para>
</listitem>
<listitem>
<para>Please give details about what doesn&#39;t work. Reports that
say <quote>I followed the directions and it didn&#39;t work</quote>
will elicit sympathy but probably little in the way of help. Again --
if ping from A to B fails, say so (and see below for information about
reporting <quote>ping</quote> problems). If Computer B doesn&#39;t
show up in <quote>Network Neighborhood</quote> then say so. If access
by IP address works but by DNS names it doesn&#39;t then say so.</para>
</listitem>
<listitem>
<para>Please don&#39;t describe your environment and then ask us to
send you custom configuration files. We&#39;re here to answer your
questions but we can&#39;t do your job for you.</para>
</listitem>
<listitem>
<para>Please do NOT include the output of <command>iptables -L</command>
— the output of <emphasis role="bold">shorewall show</emphasis> or
<command>shorewall status</command> is much more useful.</para>
</listitem>
<listitem>
<para>When reporting a problem, <emphasis role="bold">ALWAYS</emphasis>
include this information:</para>
<para>When reporting a problem, <emphasis
role="bold">ALWAYS</emphasis> include this information:</para>
<itemizedlist>
<listitem>
@ -158,13 +118,14 @@
<listitem>
<para><emphasis role="bold">THIS IS IMPORTANT!</emphasis> If your
problem is that some type of connection to/from or through your
firewall isn&#39;t working then please perform the following four
firewall isn't working then please perform the following four
steps:</para>
<orderedlist>
<listitem>
<para>If Shorewall isn&#39;t started then <command>/sbin/shorewall/start</command>.
Otherwise <command>/sbin/shorewall reset</command>.</para>
<para>If Shorewall isn't started then
<command>/sbin/shorewall/start</command>. Otherwise
<command>/sbin/shorewall reset</command>.</para>
</listitem>
<listitem>
@ -172,7 +133,8 @@
</listitem>
<listitem>
<para><command>/sbin/shorewall status &#62; /tmp/status.txt</command></para>
<para><command>/sbin/shorewall status &gt;
/tmp/status.txt</command></para>
</listitem>
<listitem>
@ -188,25 +150,77 @@
<listitem>
<para><emphasis role="bold">If you installed Shorewall using one
of the QuickStart Guides, please indicate which one</emphasis>.</para>
of the QuickStart Guides, please indicate which
one</emphasis>.</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>As a general matter, <emphasis role="bold">please do not edit
the diagnostic information</emphasis> in an attempt to conceal your IP
address, netmask, nameserver addresses, domain name, etc. These
aren&#39;t secrets, and concealing them often misleads us (and 80% of
the time, a hacker could derive them anyway from information contained
in the SMTP headers of your post).</para>
<para>Please remember we only know what is posted in your message. Do
not leave out any information that appears to be correct, or was
mentioned in a previous post. There have been countless posts by
people who were sure that some part of their configuration was correct
when it actually contained a small error. We tend to be skeptics where
detail is lacking.</para>
</listitem>
<listitem>
<para>Do you see any <quote>Shorewall</quote> messages (<quote><command>/sbin/shorewall
show log</command></quote>) when you exercise the function that is
giving you problems? If so, include the message(s) in your post along
with a copy of your /etc/shorewall/interfaces file.</para>
<para>Please keep in mind that you're asking for <emphasis
role="bold">free</emphasis> technical support. Any help we offer is an
act of generosity, not an obligation. Try to make it easy for us to
help you. Follow good, courteous practices in writing and formatting
your e-mail. Provide details that we need if you expect good answers.
Exact quoting of error messages, log entries, command output, and
other output is better than a paraphrase or summary.</para>
</listitem>
<listitem>
<para>Please don't describe your problem as <quote>Computer A can't
see Computer B</quote>. Of course it can't -- it hasn't any eyes! If
ping from A to B fails, say so (and see below for information about
reporting <quote>ping</quote> problems). If Computer B doesn't show up
in <quote>Network Neighborhood</quote> then say so.</para>
</listitem>
<listitem>
<para>Please give details about what doesn't work. Reports that say
<quote>I followed the directions and it didn't work</quote> will
elicit sympathy but probably little in the way of help. Again -- if
ping from A to B fails, say so (and see below for information about
reporting <quote>ping</quote> problems). If Computer B doesn't show up
in <quote>Network Neighborhood</quote> then say so. If access by IP
address works but by DNS names it doesn't then say so.</para>
</listitem>
<listitem>
<para>Please don't describe your environment and then ask us to send
you custom configuration files. We're here to answer your questions
but we can't do your job for you.</para>
</listitem>
<listitem>
<para>Please do NOT include the output of <command>iptables
-L</command> — the output of <emphasis role="bold">shorewall
show</emphasis> or <command>shorewall status</command> is much more
useful.</para>
</listitem>
<listitem>
<para>As a general matter, <emphasis role="bold">please do not edit
the diagnostic information</emphasis> in an attempt to conceal your IP
address, netmask, nameserver addresses, domain name, etc. These aren't
secrets, and concealing them often misleads us (and 80% of the time, a
hacker could derive them anyway from information contained in the SMTP
headers of your post).</para>
</listitem>
<listitem>
<para>Do you see any <quote>Shorewall</quote> messages
(<quote><command>/sbin/shorewall show log</command></quote>) when you
exercise the function that is giving you problems? If so, include the
message(s) in your post along with a copy of your
/etc/shorewall/interfaces file.</para>
</listitem>
<listitem>
@ -226,14 +240,14 @@
<listitem>
<para><emphasis role="bold">The list server limits posts to 120kb so
don&#39;t post graphics of your network layout, etc. to the Mailing
List -- your post will be rejected</emphasis>.</para>
don't post graphics of your network layout, etc. to the Mailing List
-- your post will be rejected</emphasis>.</para>
</listitem>
<listitem>
<para>The author gratefully acknowleges that the above list was
heavily plagiarized from the excellent LEAF document by
<emphasis>Ray Olszewski</emphasis> found at <ulink
heavily plagiarized from the excellent LEAF document by <emphasis>Ray
Olszewski</emphasis> found at <ulink
url="http://leaf-project.org/pub/doc/docmanager/docid_1891.html">http://leaf-project.org/pub/doc/docmanager/docid_1891.html</ulink>.</para>
</listitem>
</itemizedlist>
@ -250,10 +264,10 @@
<para>I think that blocking all HTML is a Draconian way to control spam
and that the ultimate losers here are not the spammers but the list
subscribers whose MTAs are bouncing all shorewall.net mail. As one list
subscriber wrote to me privately <quote>These e-mail admin&#39;s need to
get a (expletive deleted) life instead of trying to rid the planet of HTML
based e-mail</quote>. Nevertheless, to allow subscribers to receive list
posts as must as possible, I have now configured the list server at
subscriber wrote to me privately <quote>These e-mail admin's need to get a
(expletive deleted) life instead of trying to rid the planet of HTML based
e-mail</quote>. Nevertheless, to allow subscribers to receive list posts
as must as possible, I have now configured the list server at
shorewall.net to convert all HTML to plain text. These converted posts are
difficult to read so all of us will appreciate it if you just post in
plain text to begin with.</para>
@ -262,17 +276,18 @@
<section>
<title>Where to Send your Problem Report or to Ask for Help</title>
<para><emphasis role="bold">If you run the current development release</emphasis>
(see the <ulink url="ReleaseModel.html">Shorewall Release Model page</ulink>)
-- please post your question or problem to the <ulink
url="mailto:shorewall-devel@lists.shorewall.net">Shorewall Development
Mailing List</ulink>.</para>
<para><emphasis role="bold">If you run the current development
release</emphasis> (see the <ulink url="ReleaseModel.html">Shorewall
Release Model page</ulink>) -- please post your question or problem to the
<ulink url="mailto:shorewall-devel@lists.shorewall.net">Shorewall
Development Mailing List</ulink>.</para>
<para><emphasis role="bold">If you run Shorewall under MandrakeSoft Multi
Network Firewall (MNF) and you have not purchased an MNF license from
MandrakeSoft then you can post non MNF-specific Shorewall questions to the
<ulink url="mailto:shorewall-users@lists.shorewall.net">Shorewall users
mailing list</ulink>. Do not expect to get free MNF support on the list</emphasis>.</para>
mailing list</ulink>. Do not expect to get free MNF support on the
list</emphasis>.</para>
<para>Otherwise, please post your question or problem to the <ulink
url="mailto:shorewall-users@lists.shorewall.net">Shorewall users mailing
@ -292,19 +307,75 @@
<title>Other Mailing Lists</title>
<para>For information on other Shorewall mailing lists, go to <ulink
url="http://lists.shorewall.net">http://lists.shorewall.net</ulink> .</para>
url="http://lists.shorewall.net">http://lists.shorewall.net</ulink>
.</para>
</section>
<appendix>
<title>Revision History</title>
<para><revhistory><revision><revnumber>1.6</revnumber><date>2003-07-03</date><authorinitials>TE</authorinitials><revremark>New
Release Model</revremark></revision><revision><revnumber>1.5</revnumber><date>2003-05-16</date><authorinitials>TE</authorinitials><revremark>Add
link to the troubleshooting section</revremark></revision><revision><revnumber>1.4</revnumber><date>2003-03-15</date><authorinitials>TE</authorinitials><revremark>Remove
Newbies Mailing List.</revremark></revision><revision><revnumber>1.3</revnumber><date>2003-02-19</date><authorinitials>TE</authorinitials><revremark>Admonish
against including &#34;iptables -L&#34; output.</revremark></revision><revision><revnumber>1.2</revnumber><date>2003-01-01</date><authorinitials>TE</authorinitials><revremark>Removed
.GIF and moved note about unsupported releases. Move Revision History to
this Appendix.</revremark></revision><revision><revnumber>1.1</revnumber><date>2003-12-19</date><authorinitials>TE</authorinitials><revremark>Corrected
URL for Newbies List</revremark></revision></revhistory></para>
<para><revhistory>
<revision>
<revnumber>1.6</revnumber>
<date>2003-07-03</date>
<authorinitials>TE</authorinitials>
<revremark>New Release Model</revremark>
</revision>
<revision>
<revnumber>1.5</revnumber>
<date>2003-05-16</date>
<authorinitials>TE</authorinitials>
<revremark>Add link to the troubleshooting section</revremark>
</revision>
<revision>
<revnumber>1.4</revnumber>
<date>2003-03-15</date>
<authorinitials>TE</authorinitials>
<revremark>Remove Newbies Mailing List.</revremark>
</revision>
<revision>
<revnumber>1.3</revnumber>
<date>2003-02-19</date>
<authorinitials>TE</authorinitials>
<revremark>Admonish against including "iptables -L"
output.</revremark>
</revision>
<revision>
<revnumber>1.2</revnumber>
<date>2003-01-01</date>
<authorinitials>TE</authorinitials>
<revremark>Removed .GIF and moved note about unsupported releases.
Move Revision History to this Appendix.</revremark>
</revision>
<revision>
<revnumber>1.1</revnumber>
<date>2003-12-19</date>
<authorinitials>TE</authorinitials>
<revremark>Corrected URL for Newbies List</revremark>
</revision>
</revhistory></para>
</appendix>
</article>