diff --git a/Shorewall-docs/Documentation.xml b/Shorewall-docs/Documentation.xml
index cb6f531d3..da23a859c 100644
--- a/Shorewall-docs/Documentation.xml
+++ b/Shorewall-docs/Documentation.xml
@@ -14,11 +14,7 @@
- 2001
-
- 2002
-
- 2003
+ 2001-2003
Thomas M. Eastep
@@ -268,7 +264,7 @@
- accounting
+ accounting
a parameter file in /etc/shorewall used to define traffic
@@ -298,7 +294,8 @@
- actions and action.template
+ actions and
+ action.template
files in /etc/shorewall that allow you to define your own
@@ -321,9 +318,8 @@
shell variables
- NET_IF=eth0
-NET_BCAST=130.252.100.255
-NET_OPTIONS=blacklist,norfc1918
+ NET_IF=eth0 NET_BCAST=130.252.100.255
+ NET_OPTIONS=blacklist,norfc1918
@@ -961,8 +957,7 @@ NET_OPTIONS=blacklist,norfc1918
Your local interface is eth1 and you have two groups of local
hosts that you want to make into separate zones:
- 192.168.1.0/25
-192.168.1.128/
+ 192.168.1.0/25 192.168.1.128/
Your /etc/shorewall/interfaces file might look like:
@@ -1044,8 +1039,7 @@ NET_OPTIONS=blacklist,norfc1918
You have local interface eth1 with two IP addresses -
192.168.1.1/24 and 192.168.12.1/24
- 192.168.1.0/25
-192.168.1.128/25
+ 192.168.1.0/25 192.168.1.128/25
Your /etc/shorewall/interfaces file might look like:
@@ -2053,7 +2047,8 @@ NET_OPTIONS=blacklist,norfc1918
rule by optionally following ACCEPT, DNAT[-], REDIRECT[-] or LOG
with
- < <rate>/<interval>[:<burst>] >
+ <
+ <rate>/<interval>[:<burst>] >
where <rate> is the number of connections per
<interval> ("sec" or "min") and
@@ -2065,7 +2060,7 @@ NET_OPTIONS=blacklist,norfc1918
rate-limit
- ACCEPT<2/sec:4> net dmz tcp 80
+ ACCEPT<2/sec:4> net dmz tcp 80
The first time this rule is reached, the packet will be
accepted; in fact, since the burst is 4, the first four packets
@@ -2292,7 +2287,8 @@ NET_OPTIONS=blacklist,norfc1918
- DNAT loc:192.168.1.0/24 loc:192.168.1.3 tcp www - 206.124.146.179:192.168.1.3
+ DNAT loc:192.168.1.0/24
+ loc:192.168.1.3 tcp www - 206.124.146.179:192.168.1.3
@@ -2323,7 +2319,7 @@ NET_OPTIONS=blacklist,norfc1918
Let's take
- ACCEPT<2/sec:4> net dmz tcp 80
+ ACCEPT<2/sec:4> net dmz tcp 80
The first time this rule is reached, the packet will be
accepted; in fact, since the burst is 4, the first four packets
@@ -2988,7 +2984,7 @@ NET_OPTIONS=blacklist,norfc1918
Look here for information on other services.
-
+
/etc/shorewall/common
Shorewall allows definition of rules that apply between all zones.
@@ -3345,9 +3341,9 @@ NET_OPTIONS=blacklist,norfc1918
You have public IP addresses 155.182.235.0/28. You configure your
firewall as follows:
- eth0 - 155.186.235.1 (internet connection)
-eth1 - 192.168.9.0/24 (masqueraded local systems)
-eth2 - 192.168.10.1 (interface to your DMZ)
+ eth0 - 155.186.235.1 (internet connection) eth1 -
+ 192.168.9.0/24 (masqueraded local systems) eth2 - 192.168.10.1
+ (interface to your DMZ)
In your DMZ, you want to install a Web/FTP server with public
address 155.186.235.4. On the Web server, you subnet just like the
@@ -3850,8 +3846,7 @@ eth2 - 192.168.10.1 (interface to your DMZ)
- LOGRATE=10/minute
-LOGBURST=5
+ LOGRATE=10/minute LOGBURST=5
@@ -4078,7 +4073,8 @@ LOGBURST=5
The loadmodule function is called as follows:
- loadmodule <modulename> [ <module parameters> ]
+ loadmodule <modulename> [
+ <module parameters> ]
where
@@ -4107,7 +4103,8 @@ LOGBURST=5
moduledirectory; if so, then the following command is
executed:
- insmod moduledirectory/<modulename>.o <module parameters>
+ insmod moduledirectory/<modulename>.o
+ <module parameters>
If the file doesn't exist, the function determines of the
".o.gz" file corresponding to the module exists in the
@@ -4115,7 +4112,8 @@ LOGBURST=5
that the running configuration supports compressed modules and execute the
following command:
- insmod moduledirectory/<modulename>.o.gz <module parameters>
+ insmod moduledirectory/<modulename>.o.gz
+ <module parameters>
@@ -4326,8 +4324,7 @@ LOGBURST=5
- 130.252.100.69
-206.124.146.0/24
+ 130.252.100.69 206.124.146.0/24
Packets from hosts listed in the
@@ -4510,4 +4507,18 @@ LOGBURST=5
This file is described in the ECN Control
Documentation.
-
+
+
+ /etc/shorewall/users and /etc/shorewall/usersets
+
+ These files are described in theUID/GID-based
+ Rules Documentation .
+
+
+
+ /etc/shorewall/accounting
+
+ This file is described in the Traffic
+ Accounting Documentation.
+
+
\ No newline at end of file