Shorewall-1.3.7 Changes

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@207 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-23 08:03:11 +01:00 · 2002-08-22 21:21:41 +00:00 · 2002-08-22 21:21:41 +00:00 · 72f67478b2
commit 72f67478b2
parent 95d02199f9
52 changed files with 783 additions and 319 deletions
--- a/Shorewall-docs/Documentation.htm
+++ b/Shorewall-docs/Documentation.htm
@ -9,11 +9,17 @@
  <base target="_self">
-<meta name="Microsoft Theme" content="boldstri 011, default">
+<meta name="Microsoft Theme" content="none, default">
 <meta name="Microsoft Border" content="none, default">
 </head>
 <body>
- <h1 align="center">Shorewall 1.3 Reference</h1>
+ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber4" bgcolor="#400169" height="90">
   <tr>
     <td width="100%">
     <h1 align="center"><font color="#FFFFFF">Shorewall 1.3 Reference</font></h1>
     </td>
   </tr>
 </table>
@ -120,25 +126,13 @@ Shorewall    programs</p>
      <p>Example:</p>
-      <blockquote>                       
+      <pre><font face="Courier"> 	NET_IF=eth0
-        <pre>NET_IF=eth0
+	NET_BCAST=130.252.100.255
-NET_BCAST=130.252.100.255
+	NET_OPTIONS=noping,norfc1918</font></pre>
-NET_OPTIONS=noping,norfc1918</pre>
+ <p>Example (/etc/shorewall/interfaces record):</p>
-     </blockquote>
+ <pre>	<font face="Courier">net $NET_IF $NET_BCAST $NET_OPTIONS</font></pre>
        <p><br>
     Example (/etc/shorewall/interfaces record):</p>
        <blockquote>                           
          <pre><font face="Courier">net $NET_IF $NET_BCAST $NET_OPTIONS</font></pre>
     </blockquote>
 <p>The result will be the same as if the record had been written</p>
-                           
+ <pre>	<font face="Courier">net eth0 130.252.100.255 noping,norfc1918</font></pre>
          <blockquote>                               
            <pre>net eth0 130.252.100.255 noping,norfc1918</pre>
     </blockquote>
 <p>Variables may be used anywhere in the 
            other configuration files.</p>
@ -155,7 +149,9 @@ NET_OPTIONS=noping,norfc1918</pre>
   length and consist of lower-case letters or numbers. Short names must begin 
   with a letter and the name assigned to the firewall is reserved for       use by Shorewall itself. Note that the output produced
 by iptables is much       easier to read if you select short names that
-are  three characters or less       in length.</li>
+are  three characters or less       in length. The name &quot;all&quot; may not be used as 
   a zone name nor may the zone name assigned to the firewall itself via the FW 
   variable in <a href="#Conf">/etc/shorewall/shorewall.conf</a>.</li>
   <li><b>
  DISPLAY</b> - The name of the zone as displayed during Shorewall startup.</li>
   <li><b>
@ -1989,6 +1985,12 @@ a development   snapshot as patching with version 1.9 results in kernel compilat
                                                              <p>
  This file is used to set the following firewall parameters:</p>
 <ul>
   <li><b>FORWARDPING</b> - Added in Version 1.3.7<br>
   When set to &quot;Yes&quot; or &quot;yes&quot;, ICMP echo-request (ping) packets from interfaces 
   that specify &quot;filterping&quot; are ACCEPTed by the firewall. When set to &quot;No&quot; or 
   &quot;no&quot;, such ping requests are silently dropped unless they are handled by an 
   explicit entry in the <a href="#Rules">rules file</a>. If not specified, &quot;No&quot; 
   is assumed.</li>
   <li><b>LOGNEWNOTSYN</b> - Added in Version 1.3.6<br>
   Beginning with version 1.3.6, Shorewall drops non-SYN TCP packets that are 
   not part of an existing connection. If you would like to log these packets, 
@ -2104,7 +2106,10 @@ starts,        it will create the directory. Example: STATEDIR=/tmp/shorewall.<b
 "No" ("no") and specifies whether       Shorewall allows connection requests 
 that are related to an already       allowed connection. If you say "No" ("no"),
 you can       still override this setting by including "related" rules in
-       /etc/shorewall/rules ("related" given as the protocol).</li>
+       /etc/shorewall/rules ("related" given as the protocol). If you specify 
   ALLOWRELATED=No, you will need to include rules in
   <a href="shorewall_extension_scripts.htm">/etc/shorewall/icmpdef</a> to 
   handle common ICMP packet types.</li>
   <li><b>
  MODULESDIR</b><br>
         This parameter specifies the directory where your kernel netfilter
@ -2689,7 +2694,7 @@ by   Shorewall, you must have <a href="#MangleEnabled">mangle support enabled</a
                                                                                  <p><font size="2">
-  Updated 8/14/2002 - <a href="support.htm">Tom 
+  Updated 8/22/2002 - <a href="support.htm">Tom 
 Eastep</a>
   </font></p>
--- a/Shorewall-docs/Documentation_Index.htm
+++ b/Shorewall-docs/Documentation_Index.htm
@ -6,7 +6,6 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>The Documentation Index</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
--- a/Shorewall-docs/FAQ.htm
+++ b/Shorewall-docs/FAQ.htm
@ -6,79 +6,86 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Shorewall FAQ</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
+<meta name="Microsoft Theme" content="none">
 </head>
 <body>
-<h1 align="center">Shorewall FAQs</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber4" bgcolor="#400169" height="90">
-<h2 align="left">About Shorewall</h2>
+  <tr>
-<blockquote>
+    <td width="100%">
-<p align="left"><a href="#faq13">Why do you call it &quot;Shorewall&quot;?</a></p>
+    <h1 align="center"><font color="#FFFFFF">Shorewall FAQs</font></h1>
-<p align="left"><a href="#faq10">What distributions does it work with?</a></p>
+    </td>
-<p align="left"><a href="shorewall_features.htm">What features does it support?</a></p>
+  </tr>
-<p align="left"><a href="#faq12">Why isn't there a GUI?</a></p>
+</table>
-</blockquote>
+
-<h2 align="left">Filtering</h2>
+<p align="left"><b>1. </b><a href="#faq1">&nbsp;I want to <b>forward</b> UDP <b>
-<blockquote>
+port</b> 7777 to my my personal PC with IP address 192.168.1.5. I've looked 
-<p align="left"><a href="#faq14">I'm connected via a cable modem and it has an 
+everywhere and can't find <b>how to do it</b>.</a></p>
-internel web server that allows me to configure/monitor it but as expected if I 
+<p align="left"><b>1a. </b><a href="#faq1a">Ok -- I followed those instructions 
-enable rfc1918 blocking for my eth0 interface, it also blocks the cable modems 
+but it doesn't work.</a></p>
-web server</a>.</p>
+<p align="left"><b>2.</b> <a href="#faq2">I <b>port forward</b> www requests to www.mydomain.com (IP
-<p align="left"><a href="#faq14a">Even though it assigns public IP addresses, my 
+130.151.100.69) to system 192.168.1.5 in my local network. <b>External clients can browse</b>
-ISP's DHCP server has an RFC 1918 address. If I enable RFC 1918 filtering on my 
+http://www.mydomain.com but <b>internal clients can't</b>.</a></p>
-external interface, my DHCP client cannot renew its lease.</a></p>
+<p align="left"><b>2a. </b><a href="#faq3">I have a zone &quot;Z&quot; with an RFC1918 
-<p align="left"><a href="#faq4">I just used an online port scanner to check my 
+subnet and I use <b>static NAT</b> to assign non-RFC1918 addresses to hosts in 
-firewall and it shows some ports as 'closed' rather than 'blocked'. Why?</a></p>
+Z. Hosts in Z cannot communicate with each other using their external 
-<p align="left"><a href="#faq4a">I just ran an nmap UDP scan of my firewall and 
+(non-RFC1918 addresses) so they <b>can't access each other using their DNS 
-it showed 100s of ports as open!!!!</a></p>
+names.</b></a></p>
-</blockquote>
+
-<h2 align="left">Port Forwarding</h2>
+<p align="left"><b>3. </b><a href="#faq3">I want to use <b>Netmeeting </b>with 
-<blockquote>
+Shorewall. What do I do?</a></p>
-<p align="left"><a href="#faq1">I want to forward UDP port 7777 to my my personal PC with IP
+<p align="left"><b>4. </b><a href="#faq4">I just used an online port scanner to 
-address 192.168.1.5. I've looked everywhere and can't find how to do it.</a></p>
+check my firewall and it shows <b>some ports as 'closed' rather than 'blocked'.</b> 
-<p align="left"><a href="#faq1a">Ok -- I followed those instructions but it 
+Why?</a></p>
-doesn't work.</a></p>
+<p align="left"><b>4a. </b><a href="#faq4a">I just ran an <b>nmap UDP scan</b> 
-<p align="left"><a href="#faq2">I port forward www requests to www.mydomain.com (IP
+of my firewall and it showed 100s of ports as open!!!!</a></p>
-130.151.100.69) to system 192.168.1.5 in my local network. External clients can browse
+<p align="left"><b>5. </b><a href="#faq5">I've installed Shorewall and now I <b>
-http://www.mydomain.com but internal clients can't.</a></p>
+can't ping</b> through the firewall</a></p>
-<p align="left"><a href="#faq3">I have a zone &quot;Z&quot; with an RFC1918 subnet and I
+
-use static NAT to assign non-RFC1918 addresses to hosts in Z. Hosts in Z cannot
+<p align="left"><b>6. </b><a href="#faq6">Where are the <b>log messages</b> 
-communicate with each other using their external (non-RFC1918 addresses) so they
+written and&nbsp; how do I <b>change the destination</b>?</a></p>
-can't access each other using their DNS names.</a></p>
+
-</blockquote>
+<p align="left"><b>6a. </b><a href="#faq6a">Are there any <b>log parsers</b> 
-<h2 align="left">Applications</h2>
+that work with Shorewall?</a></p>
-<blockquote>
+
-<p align="left"><a href="#faq3">I want to use Netmeeting with Shorewall. What do I do?</a></p>
+<p align="left"><b>7. </b><a href="#faq7">When I stop Shorewall <b>using 
-</blockquote>
+'shorewall stop', I can't connect to anything</b>. Why doesn't that command 
-<h2 align="left">Connection Problems</h2>
+work?</a></p>
-<blockquote>
+
-<p align="left"><a href="#faq5">I've installed Shorewall and now I can't ping through the
+<p align="left"><b>8. </b><a href="#faq8">When I try to <b>start Shorewall on RedHat 7.x</b>, I
 firewall</a></p>
 <p align="left"><a href="#faq15">My local systems can't see out to the net</a></p>
 </blockquote>
 <h2 align="left">Logging</h2>
 <blockquote>
 <p align="left"><a href="#faq6">Where are the log messages written and&nbsp;
 how do I change the destination?</a></p>
 <p align="left"><a href="#faq16">Shorewall is writing log messages all over my 
 console making it unusable!</a></p>
 <p align="left"><a href="#faq6a">Are there any log parsers that work with
 Shorewall?</a></p>
 </blockquote>
 <h2 align="left">Starting and stopping the firewall</h2>
 <blockquote>
 <p align="left"><a href="#faq7">When I stop Shorewall using 'shorewall stop',
 I can't connect to anything. Why doesn't that command work?</a></p>
 <p align="left"><a href="#faq8">When I try to start Shorewall on RedHat 7.x, I
 get messages about insmod failing -- what's wrong?</a></p>
-<p align="left"><a href="#faq17">Why can't Shorewall detect my interfaces 
+
-properly?</a></p>
+<p align="left"><b>9. </b><a href="#faq9"><b>Why </b>does Shorewall <b>only accept IP addresses</b> as
 </blockquote>
 <h2 align="left">Design</h2>
 <blockquote>
 <p align="left"><a href="#faq9">Why does Shorewall only accept IP addresses as
 opposed to FQDNs?</a></p>
 <p align="left"><b>10. </b><a href="#faq10">What <b>distributions</b> does it 
 work with?</a></p>
 <p align="left"><b>11. </b><a href="#faq18">What <b>features</b> does it 
 support?</a></p>
 <p align="left"><b>12. </b><a href="#faq12">Why isn't there a <b>GUI</b></a></p>
 <p align="left"><b>13. </b><a href="#faq13">Why do you call it <b>&quot;Shorewall&quot;?</b></a></p>
 <p align="left"><b>14. </b><a href="#faq14">I'm connected via a cable modem and it has an internel 
 web server that allows me to configure/monitor it but as expected if I enable <b>
 rfc1918 blocking</b> for my eth0 interface, it also blocks the <b>cable modems 
 web server</b></a>.</p>
 <p align="left"><b>14a. </b><a href="#faq14a">Even though it assigns public IP 
 addresses, my ISP's DHCP server has an RFC 1918 address. If I enable RFC 1918 
 filtering on my external interface, <b>my DHCP client cannot renew its lease</b>.</a></p>
 <p align="left"><b>15. </b><a href="#faq15"><b>My local systems can't see out to 
 the net</b></a></p>
 <p align="left"><b>16. </b><a href="#faq16">Shorewall is writing <b>log messages 
 all over my console</b> making it unusable!</a></p>
 <p align="left"><b>17. </b><a href="#faq17">Why can't Shorewall <b>detect my 
 interfaces </b>properly?</a></p>
 <blockquote>
 <p align="left">&nbsp;</p>
 </blockquote>
 <hr>
 <h4 align="left"><a name="faq1"></a>1. I want to forward UDP port 7777 to my my personal PC with IP
@ -556,11 +563,10 @@ over my console making it unusable!</h4>
 <div align="left">
  <p align="left"><b>Answer: </b>The above output is perfectly normal. The Net 
  zone is defined as all hosts that are connected through eth0 and the local 
-  zone is defined as all hosts connected through eth1.
+  zone is defined as all hosts connected through eth1.</div>
 </div>
 <p align="left"><font size="2">Last updated 
-7/31/2002 - <a href="support.htm">Tom
+8/15/2002 - <a href="support.htm">Tom
 Eastep</a></font></p>
 <p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font> 
--- a/Shorewall-docs/GnuCopyright.htm
+++ b/Shorewall-docs/GnuCopyright.htm
@ -6,12 +6,17 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Copyright</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h2><a href="#TOC1" name="SEC1">GNU Free Documentation License</a></h2>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h2 align="center"><font color="#FFFFFF">GNU Free Documentation License</font></h2>
    </td>
  </tr>
 </table>
 <p>Version 1.1, March 2000 </p>
 <pre>Copyright (C) 2000  Free Software Foundation, Inc.
 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
--- a/Shorewall-docs/IPIP.htm
+++ b/Shorewall-docs/IPIP.htm
@ -5,11 +5,16 @@
 <title>GRE/IPIP Tunnels</title>
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">GRE and IPIP Tunnels</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">GRE and IPIP Tunnels</font></h1>
    </td>
  </tr>
 </table>
 <h3><font color="#FF6633">Warning: </font>GRE and IPIP Tunnels are insecure when used
 over the internet; use them at your own risk</h3>
 <p>GRE and IPIP tunneling with Shorewall requires iproute2 and can be used to bridge two masqueraded networks.&nbsp;GRE
--- a/Shorewall-docs/IPSEC.htm
+++ b/Shorewall-docs/IPSEC.htm
@ -10,10 +10,15 @@
  <meta name="ProgId" content="FrontPage.Editor.Document">
-  <meta name="Microsoft Theme" content="boldstri 011, default">
+  </head>
 </head>
 <body>
- <h1 align="center">IPSEC Tunnels</h1>
+ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
   <tr>
     <td width="100%">
     <h1 align="center"><font color="#FFFFFF">IPSEC Tunnels</font></h1>
     </td>
   </tr>
 </table>
 <h2><font color="#660066">Configuring FreeS/Wan</font></h2>
 There is an excellent guide to configuring IPSEC tunnels at<a href="http://jixen.tripod.com">
 http://jixen.tripod.com</a>
@ -113,8 +118,28 @@ on system B, we would have:</p>
      </tbody>           
    </table></blockquote>
    <p align="Left">You need to define a zone for the remote subnet or include 
    it in your local zone. In this example, we'll assume that you have created a 
    zone called &quot;vpn&quot; to represent the remote subnet.</p>
    <blockquote>
    <table border="2" cellpadding="2" style="border-collapse: collapse">
               <tr>
              <td><strong>ZONE</strong></td>
              <td><strong>DISPLAY</strong></td>
              <td><strong>COMMENTS</strong></td>
          </tr>
          <tr>
              <td>vpn</td>
              <td>VPN</td>
              <td>Remote Subnet</td>
          </tr>
    </table>
 </blockquote>
    <p align="Left">At both
-systems, ipsec0 would be included in /etc/shorewall/interfaces as a "gw"
+systems, ipsec0 would be included in /etc/shorewall/interfaces as a "vpn"
 interface:</p>
    <blockquote> 
@ -131,7 +156,7 @@ interface:</p>
 OPTIONS</strong></td>
          </tr>
          <tr>
-              <td>gw</td>
+              <td>vpn</td>
              <td>ipsec0</td>
              <td>&nbsp;</td>
              <td>&nbsp;</td>
@ -140,7 +165,7 @@ interface:</p>
        </tbody>             
      </table></blockquote>
-      <p align="Left"> You will need to allow traffic between the &quot;gw&quot; zone and 
+      <p align="Left"> You will need to allow traffic between the &quot;vpn&quot; zone and 
      the &quot;loc&quot; zone -- if you simply want to admit all traffic in both 
      directions, you can use the policy file:</p>
@ -155,13 +180,13 @@ interface:</p>
          </tr>
          <tr>
              <td>loc</td>
-              <td>gw</td>
+              <td>vpn</td>
              <td>ACCEPT</td>
          <td>&nbsp;</td>
          </tr>
          <tr>
-              <td>gw</td>
+              <td>vpn</td>
              <td>loc</td>
              <td>ACCEPT</td>
          <td>&nbsp;</td>
@ -188,6 +213,26 @@ be able to establish a secure connection back to your local network.</p>
      <img src="images/Mobile.png" width="677" height="426">
             </font></strong></p>
    <p align="Left">You need to define a zone for the laptop or include it in 
    your local zone. In this example, we'll assume that you have created a zone 
    called &quot;vpn&quot; to represent the remote host.</p>
    <blockquote>
    <table border="2" cellpadding="2" style="border-collapse: collapse">
               <tr>
              <td><strong>ZONE</strong></td>
              <td><strong>DISPLAY</strong></td>
              <td><strong>COMMENTS</strong></td>
          </tr>
          <tr>
              <td>vpn</td>
              <td>VPN</td>
              <td>Remote Subnet</td>
          </tr>
    </table>
 </blockquote>
      <p align="Left"> In this
 instance, the mobile system (B) has IP address 134.28.54.2 but that cannot
 be determined in advance. In the /etc/shorewall/tunnels file on system A,
@ -210,15 +255,14 @@ the following entry should be made:</p>
              <td>ipsec</td>
              <td>net</td>
              <td>0.0.0.0/0</td>
-              <td>gw</td>
+              <td>vpn</td>
          </tr>
          </tbody>               
        </table></blockquote>
        <p>Note that the GATEWAY
-ZONE column contains the name of the zone corresponding to peer subnetworks
+ZONE column contains the name of the zone corresponding to peer subnetworks. This indicates that the
 (<i>gw</i> in the default /etc/shorewall/zones). This indicates that the
 gateway system itself comprises the peer subnetwork; in other words, the
 remote gateway is a standalone system.</p>
@ -228,7 +272,7 @@ remote gateway is a standalone system.</p>
        <p><font size="2"> Last
-updated 5/18/2002 - </font><font size="2">
+updated 8/20/2002 - </font><font size="2">
        <a href="support.htm">Tom Eastep</a></font>
 </p>
--- a/Shorewall-docs/Install.htm
+++ b/Shorewall-docs/Install.htm
@ -5,10 +5,16 @@
 <title>Shorewall Installation</title>
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
-<body><h1 align="center">Shorewall Installation</h1>
+<body>
 <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Shorewall Installation</font></h1>
    </td>
  </tr>
 </table>
 <p><font size="4"><b><a href="#Install_RPM">Install using RPM</a><br>
 <a href="#Install_Tarball">Install
--- a/Shorewall-docs/NAT.htm
+++ b/Shorewall-docs/NAT.htm
@ -5,13 +5,18 @@
 <title>Shorewall NAT</title>
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
 <blockquote>
-    <h1 align="center">Static NAT</h1>
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
      <tr>
        <td width="100%">
        <h1 align="center"><font color="#FFFFFF">Static NAT</font></h1>
        </td>
      </tr>
    </table>
    <p><font color="#FF0000"><b>IMPORTANT: If all you want to do is forward 
    ports to servers behind your firewall, you do NOT want to use static NAT. 
    Port forwarding can be accomplished with simple entries in the
--- a/Shorewall-docs/News.htm
+++ b/Shorewall-docs/News.htm
@ -5,12 +5,41 @@
 <title>Shorewall News</title>
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta name="Microsoft Theme" content="none">
 </head>
 <body>
-<h1 align="center">Shorewall News Archive</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Shorewall News Archive</font></h1>
    </td>
  </tr>
 </table>
 <p><b>8/22/2002 - Shorewall 1.3.7 Released 8/13/2002</b></p>
 <p>Features in this release include:</p>
 <ul>
   <li>The 'icmp.def' file is now empty! The rules in that file were required in 
   ipchains firewalls but are not required in Shorewall. Users who have 
   ALLOWRELATED=No in <a href="Documentation.htm#Conf">shorewall.conf</a> should 
   see the <a href="errata.htm#Upgrade">Upgrade Issues</a>.</li>
   <li>A 'FORWARDPING' option has been added to <a href="Documentation.htm#Conf">
   shorewall.conf</a>. The effect of setting this variable to Yes is the same as 
   the effect of adding an ACCEPT rule for ICMP echo-request in
   <a href="shorewall_extension_scripts.htm">/etc/shorewall/icmpdef</a>. Users 
   who have such a rule in icmpdef are encouraged to switch to FORWARDPING=Yes.</li>
   <li>The loopback CLASS A Network (127.0.0.0/8) has been added to the rfc1918 
   file.</li>
   <li>Shorewall now works with iptables 1.2.7</li>
   <li>The documentation and web site no longer uses FrontPage themes.</li>
 </ul>
 <p>I would like to thank John Distler for his valuable input regarding TCP SYN 
 and ICMP treatment in Shorewall. That input has led to marked improvement in 
 Shorewall in the last two releases.</p>
 <p><b>8/13/2002 - Documentation in the <a target="_top" href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">CVS Repository</a></b></p>
@ -995,7 +1024,7 @@ version:</p>
  additional &quot;gw&quot; (gateway) zone for tunnels and it supports IPSEC
  tunnels with end-points on the firewall. There is also a .lrp available now.</b></p>
-    <p><font size="2">Updated 8/13/2002 - <a href="support.htm">Tom
+    <p><font size="2">Updated 8/22/2002 - <a href="support.htm">Tom
 Eastep</a> </font></p>
    <p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">
--- a/Shorewall-docs/PPTP.htm
+++ b/Shorewall-docs/PPTP.htm
@ -6,12 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Shorewall PPTP</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">PPTP</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">PPTP</font></h1>
    </td>
  </tr>
 </table>
 <p align="left">Shorewall easily supports PPTP in a number of configurations:</p>
 <ul>
--- a/Shorewall-docs/ProxyARP.htm
+++ b/Shorewall-docs/ProxyARP.htm
@ -5,27 +5,37 @@
 <title>Shorewall Proxy ARP</title>
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
-<meta name="Microsoft Theme" content="boldstri 011, default">
+<meta name="Microsoft Theme" content="none">
 </head>
 <body>
-<blockquote>
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
-    <h1 align="center">Proxy ARP</h1>
+      <tr>
-    <p>&nbsp;</p>
+        <td width="100%">
        <h1 align="center"><font color="#FFFFFF">Proxy ARP</font></h1>
        </td>
      </tr>
    </table>
    <p>Proxy ARP allows you to insert a firewall in front of a set of servers 
    without changing their IP addresses and without having to re-subnet.</p>
    <p>The following figure represents a Proxy ARP
    environment.</p>
 <blockquote>
    <p align="center"><strong>
-    <img src="images/proxyarp.png" width="444" height="397"></strong></p>
+    <img src="images/proxyarp.png" width="519" height="397"></strong></p>
    <blockquote>
    </blockquote>
 </blockquote>
    <p align="left">Proxy ARP can be used to make the systems with addresses 
    130.252.100.18 and 130.252.100.19 appear to be on the upper (130.252.100.*) 
    subnet.&nbsp; Assuming that the upper firewall interface is eth0 and the 
    lower interface is eth1, this is accomplished using the following entries in 
    /etc/shorewall/proxyarp:</p>
 <blockquote>
    <table border="2" cellpadding="2" style="border-collapse: collapse">
      <tr>
        <td><b>ADDRESS</b></td>
@ -46,6 +56,8 @@
        <td>no</td>
      </tr>
    </table>
 </blockquote>
    <p>Be sure that the internal systems (130.242.100.18 and 130.252.100.19&nbsp; 
    in the above example) are not included in any specification in 
    /etc/shorewall/masq or /etc/shorewall/nat.</p>
@ -56,7 +68,7 @@
    Firewall system's eth0 is configured.</p>
 <div align="left">
  <p align="left">A word of warning is in order here. ISPs typically configure 
-  there routers with a long ARP cache timeout. If you move a system from 
+  their routers with a long ARP cache timeout. If you move a system from 
  parallel to your firewall to behind your firewall with Proxy ARP, it will 
  probably be HOURS before that system can communicate with the internet. You 
  can call your ISP and ask them to purge the stale ARP cache entry but many 
@ -86,9 +98,8 @@
  was the MAC address of the system on the lower left. In other words, the gateway's ARP cache still 
  associates 130.252.100.19 with the NIC in that system rather than with the firewall's 
  eth0.</div>
 </blockquote>
-<p><font size="2">Last updated 8/11/2002 - </font><font size="2">
+<p><font size="2">Last updated 8/17/2002 - </font><font size="2">
 <a href="support.htm">Tom
 Eastep</a></font> </p>
 <font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font> 
--- a/Shorewall-docs/Shorewall_index_frame.htm
+++ b/Shorewall-docs/Shorewall_index_frame.htm
@ -7,47 +7,70 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Shorewall Index</title>
 <base target="main">
-<meta name="Microsoft Theme" content="boldstri 011, default">
+<meta name="Microsoft Theme" content="none">
 </head>
 <body>
 <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#4B017C" height="90">
  <tr>
-    <td width="100%">
+    <td width="100%" height="90">
    <h3 align="center"><font color="#FFFFFF">Shorewall</font></h3>
    </td>
  </tr>
 </table>
 <table border="0" cellpadding="8" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber2">
  <tr>
-    <td width="14%">&nbsp;</td>
+    <td width="100%" bgcolor="#FFFFFF">
-    <td width="86%">
+    <ul>
-<a href="seattlefirewall_index.htm">Home</a><br>
+      <li>
-<a target="_top" href="/1.2/index.htm">Shorewall 1.2 Home</a><br>
+<a href="seattlefirewall_index.htm">Home</a></li>
-<a href="shorewall_features.htm">Features</a><br>
+      <li>
-<a href="shorewall_prerequisites.htm">Requirements</a><br>
+<a target="_top" href="/1.2/index.htm">Shorewall 1.2 Home</a></li>
-<a href="download.htm">Download</a><br>
+      <li>
-<a href="shorewall_quickstart_guide.htm">QuickStart Guides</a><br>
+<a href="shorewall_features.htm">Features</a></li>
-<a href="Install.htm">Installation/Upgrade<br>
+      <li>
-    /Configuration</a><br>
+<a href="shorewall_prerequisites.htm">Requirements</a></li>
-<a href="shorewall_quickstart_guide.htm#Documentation">Documentation</a><br>
+      <li>
-<a href="Documentation.htm">Reference Manual</a><br>
+<a href="download.htm">Download</a></li>
-<a href="FAQ.htm">FAQs</a><br>
+      <li>
-<a href="troubleshoot.htm">Troubleshooting</a><br>
+<a href="shorewall_quickstart_guide.htm">QuickStart Guides</a></li>
-<a href="errata.htm">Errata</a><br>
+      <li>
-<a href="support.htm">Support</a><br>
+<a href="Install.htm">Installation/Upgrade/</a><br>
-<a href="mailing_list.htm">Mailing Lists</a><br>
+<a href="Install.htm">Configuration</a></li>
      <li>
 <a href="shorewall_quickstart_guide.htm#Documentation">Documentation</a></li>
      <li>
 <a href="Documentation.htm">Reference Manual</a></li>
      <li>
 <a href="FAQ.htm">FAQs</a></li>
      <li>
 <a href="troubleshoot.htm">Troubleshooting</a></li>
      <li>
 <a href="errata.htm">Errata/Upgrade Issues</a></li>
      <li>
 <a href="support.htm">Support</a></li>
      <li>
 <a href="mailing_list.htm">Mailing Lists</a></li>
      <li>
 <a href="shorewall_mirrors.htm">Mirrors</a><ul>
        <li><a target="_top" href="http://slovakia.shorewall.net">Slovak Republic</a></li>
        <li><a target="_top" href="http://shorewall.infohiiway.com">Texas, USA</a></li>
        <li><a target="_top" href="http://germany.shorewall.net">Germany</a></li>
        <li><a target="_top" href="http://shorewall.correofuego.com.ar">Argentina</a></li>
      </ul>
-  <a href="News.htm">News Archive</a><br>
+      </li>
-<a target="_top" href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">CVS Repository</a><br>
+    </ul>
-<a href="quotes.htm">Quotes from Users</a><br>
+    <ul>
-<a href="shoreline.htm">About the Author</a><br>
+      <li>
-<a href="seattlefirewall_index.htm#Donations">Donations</a></td>
+  <a href="News.htm">News Archive</a></li>
      <li>
 <a target="_top" href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">CVS Repository</a></li>
      <li>
 <a href="quotes.htm">Quotes from Users</a></li>
      <li>
 <a href="shoreline.htm">About the Author</a></li>
      <li>
 <a href="seattlefirewall_index.htm#Donations">Donations</a></li>
    </ul>
    </td>
  </tr>
 </table>
--- a/Shorewall-docs/blacklisting_support.htm
+++ b/Shorewall-docs/blacklisting_support.htm
@ -6,12 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Blacklisting Support</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">Blacklisting Support</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Blacklisting Support</font></h1>
    </td>
  </tr>
 </table>
 <p>Shorewall supports two different forms of blacklisting; static and dynamic.</p>
 <h2>Static Blacklisting</h2>
 <p>Shorewall
--- a/Shorewall-docs/configuration_file_basics.htm
+++ b/Shorewall-docs/configuration_file_basics.htm
@ -6,12 +6,17 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Configuration File Basics</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">Configuration Files</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Configuration Files</font></h1>
    </td>
  </tr>
 </table>
      <p><b><font color="#FF0000">Warning: </font>If you copy or edit your 
      configuration files on a system running Microsoft Windows, you <u>must</u> 
      run them through <a href="http://www.megaloman.com/~hany/software/hd2u/">
--- a/Shorewall-docs/copyright.htm
+++ b/Shorewall-docs/copyright.htm
@ -6,12 +6,17 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Copyright</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">Copyright</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Copyright</font></h1>
    </td>
  </tr>
 </table>
 <p align="left">Copyright <font face="Trebuchet MS">©</font>&nbsp; 2000, 2001 
 Thomas M Eastep<br>
 &nbsp;</p>
--- a/Shorewall-docs/dhcp.htm
+++ b/Shorewall-docs/dhcp.htm
@ -6,12 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>DHCP</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">DHCP</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">DHCP</font></h1>
    </td>
  </tr>
 </table>
 <h2 align="left">DHCP Server on your firewall</h2>
 <ul>
  <li>
--- a/Shorewall-docs/download.htm
+++ b/Shorewall-docs/download.htm
@ -6,12 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Download</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">Shorewall Download</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Shorewall Download</font></h1>
    </td>
  </tr>
 </table>
      <p><b>I strongly urge you to read and print a copy of the
      <a href="shorewall_quickstart_guide.htm">Shorewall QuickStart Guide</a> 
@ -61,7 +66,7 @@ AND ISSUE A &quot;shorewall start&quot; COMMAND. SOME CONFIGURATION IS REQUIRED
 FIREWALL WILL START. IF YOU ISSUE A &quot;start&quot; COMMAND AND THE FIREWALL FAILS TO 
 START, YOUR SYSTEM WILL NO LONGER ACCEPT ANY NETWORK TRAFFIC. IF THIS HAPPENS, 
 ISSUE A &quot;shorewall clear&quot; COMMAND TO RESTORE NETWORK CONNECTIVITY.</b></font></p>
-<p>Download Latest Version (<b>1.3.6</b>): <b>Remember that updates to the mirrors 
+<p>Download Latest Version (<b>1.3.7</b>): <b>Remember that updates to the mirrors 
 occur 1-12 hours after an update to the primary site.</b></p>
 <blockquote>
  <table border="2" cellspacing="3" cellpadding="3" style="border-collapse: collapse">
@ -211,7 +216,7 @@ Shorewall component. There's no guarantee that what you find there will work at
 all.</p>
 </blockquote>
-<p align="left"><font size="2">Last Updated 8/05/2002 - <a href="support.htm">Tom
+<p align="left"><font size="2">Last Updated 8/22/2002 - <a href="support.htm">Tom
 Eastep</a></font></p>
 <p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font> 
--- a/Shorewall-docs/errata.htm
+++ b/Shorewall-docs/errata.htm
@ -10,15 +10,19 @@
  <meta name="ProgId" content="FrontPage.Editor.Document">
-  <meta name="Microsoft Theme" content="boldstri 011, default">
+  <meta name="Microsoft Theme" content="none">
 </head>
 <body>
- <h1 align="center">Shorewall Errata/Upgrade Issues</h1>
+ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
   <tr>
     <td width="100%">
     <h1 align="center"><font color="#FFFFFF">Shorewall Errata/Upgrade Issues</font></h1>
     </td>
   </tr>
 </table>
 <p align="center">
-  <font face="Century Gothic, Arial, Helvetica">
+      <b><u>IMPORTANT</u></b></p>
      <b><u>IMPORTANT</u></b></font></p>
 <ol>
   <li>
@ -86,6 +90,53 @@ dos2unix</a></u>
          <h2 align="Left"><a name="Upgrade"></a>Upgrade Issues</h2>
                              <h3>Version &gt;= 1.3.7</h3>
                              <p>Users specifying ALLOWRELATED=No in 
                              /etc/shorewall.conf will need to include the 
                              following rules in their /etc/shorewall/icmpdef 
                              file (creating this file if necessary):</p>
                              <pre>	run_iptables -A icmpdef -p ICMP --icmp-type echo-reply -j ACCEPT
 	run_iptables -A icmpdef -p ICMP --icmp-type source-quench -j ACCEPT
 	run_iptables -A icmpdef -p ICMP --icmp-type destination-unreachable -j ACCEPT
 	run_iptables -A icmpdef -p ICMP --icmp-type time-exceeded -j ACCEPT
 	run_iptables -A icmpdef -p ICMP --icmp-type parameter-problem -j ACCEPT</pre>
 <p>Users having an /etc/shorewall/icmpdef file may remove the &quot;. 
 /etc/shorewall/icmp.def&quot; command from that file since the icmp.def file is now 
 empty.</p>
 <h3><b><a name="Bering">Upgrading </a>Bering to 
                              Shorewall &gt;= 1.3.3</b></h3>
                              <p>To properly upgrade with Shorewall version 
                              1.3.3 and later:</p>
                              <ol>
                                <li>Be sure you have a backup -- you will need 
                                to transcribe any Shorewall configuration 
                                changes that you have made to the new 
                                configuration.</li>
                                <li>Replace the shorwall.lrp package provided on 
                                the Bering floppy with the later one. If you did 
                                not obtain the later version from Jacques's 
                                site, see additional instructions below.</li>
                                <li>Edit the /var/lib/lrpkg/root.exclude.list 
                                file and remove the /var/lib/shorewall entry if 
                                present. Then do not forget to backup root.lrp !</li>
 </ol>
 <p>The .lrp that I release isn't set up for a two-interface firewall like 
 Jacques's. You need to follow the <a href="two-interface.htm">instructions for 
 setting up a two-interface firewall</a> plus you also need to add the following 
 two Bering-specific rules to /etc/shorewall/rules:</p>
 <blockquote>
   <pre># Bering specific rules:
 # allow loc to fw udp/53 for dnscache to work
 # allow loc to fw tcp/80 for weblet to work
 #
 ACCEPT loc fw udp 53
 ACCEPT loc fw tcp 80</pre>
 </blockquote>
          <h3 align="Left">Version &gt;= 1.3.6</h3>
          <p align="Left">If you have a pair of firewall systems configured for 
@ -144,6 +195,38 @@ dos2unix</a></u>
          <h2 align="Left"><a name="V1.3"></a>Problems in Version 1.3</h2>
          <h3 align="Left">Version 1.3.6</h3>
          <ul>
            <li>
          <p align="Left">If ADD_SNAT_ALIASES=Yes is specified in 
          /etc/shorewall/shorewall.conf, an error occurs when the firewall 
          script attempts to add an SNAT alias.</li>
 <li>
          <p align="Left">The <b>logunclean </b>and <b>dropunclean</b> options 
          cause errors during startup when Shorewall is run with iptables 1.2.7.</li>
 </ul>
          <p align="Left">These problems are fixed in
          <a href="http://www.shorewall.net/pub/shorewall/errata/1.3.6/firewall">
          this correct firewall script</a> which must be installed in 
          /var/lib/shorewall/ as described above. These problems are also 
          corrected in version 1.3.7.</p>
          <h3 align="Left">Two-interface Samples 1.3.6 (file two-interfaces.tgz)</h3>
          <p align="Left">A line was inadvertently deleted from the &quot;interfaces 
          file&quot; -- this line should be added back in if the version that you 
          downloaded is missing it:</p>
          <p align="Left">net&nbsp;&nbsp;&nbsp; eth0&nbsp;&nbsp;&nbsp; detect&nbsp;&nbsp;&nbsp; 
          routefilter,dhcp,norfc1918</p>
          <p align="Left">If you downloaded two-interfaces-a.tgz then the above 
          line should already be in the file.</p>
          <h3 align="Left">Version 1.3.5-1.3.5b</h3>
          <p align="Left">The new 'proxyarp' interface option doesn't work :-( 
@ -289,8 +372,7 @@ you are currently running RedHat 7.1, you can install either of these RPMs
  <p align="Left"><font color="#FF6633"><b>Update
  11/9/2001: </b></font>RedHat has
-  released an iptables-1.2.4 RPM of their own which you can download from<font face="Century Gothic, Arial, Helvetica" color="#FF6633">
+  released an iptables-1.2.4 RPM of their own which you can download from<font color="#FF6633">
  </font><font color="#FF6633">
  <a href="http://www.redhat.com/support/errata/RHSA-2001-144.html">http://www.redhat.com/support/errata/RHSA-2001-144.html</a>.
  </font>I have installed this RPM
  on my firewall and it works fine.</p>
@ -357,21 +439,25 @@ Aborted (core dumped)
                              <p>Upgrading: rpm -Uvh <i>&lt;shorewall rpm&gt;</i></p>
-                              <p><a name="Multiport"></a><b>Problems with 
+                              <h3><a name="Multiport"></a><b>Problems with 
-                              iptables version 1.2.7 and MULTIPORT=Yes</b></p>
+                              iptables version 1.2.7 and MULTIPORT=Yes</b></h3>
                              <p>The iptables 1.2.7 release of iptables has made 
                              an incompatible change to the syntax used to 
                              specify multiport match rules; as a consequence, 
-                              users who install iptables 1.2.7 must set 
+                              if you install iptables 1.2.7 you must</p>
-                              MULTIPORT=No in /etc/shorewall/shorewall.conf or 
+
                              <ul>
                                <li>set MULTIPORT=No in 
                                /etc/shorewall/shorewall.conf; or </li>
                                <li>if you are running Shorewall 1.3.6 you may 
                                install
                                <a href="http://www.shorewall.net/pub/shorewall/errata/1.3.6/firewall">
                                this firewall script</a> in /var/lib/shorewall/firewall 
-                              as described above.</p>
+                                as described above.</li>
-
+ </ul>
 <p><font size="2">
- Last updated 8/14/2002 -
+ Last updated 8/22/2002 -
                              <a href="support.htm">Tom Eastep</a></font> </p>
 <p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font> 
--- a/Shorewall-docs/errata_1.htm
+++ b/Shorewall-docs/errata_1.htm
@ -6,12 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Shorewall Errata for Version 1</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">Shorewall Errata for Version 1.1</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Shorewall Errata for Version 1.1</font></h1>
    </td>
  </tr>
 </table>
      <h3 align="Left"><font color="#660066"><u>To those of you who downloaded the 1.1.13 updated firewall script prior 
 to Sept 20, 2001:</u></font></h3>
--- a/Shorewall-docs/errata_2.htm
+++ b/Shorewall-docs/errata_2.htm
@ -10,10 +10,15 @@
  <meta name="ProgId" content="FrontPage.Editor.Document">
-  <meta name="Microsoft Theme" content="boldstri 011, default">
+  </head>
 </head>
 <body>
- <h1 align="center">Shorewall 1.2 Errata</h1>
+ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="90" bgcolor="#400169">
   <tr>
     <td width="100%">
     <h1 align="center"><font color="#FFFFFF">Shorewall 1.2 Errata</font></h1>
     </td>
   </tr>
 </table>
 <p align="center">
  <font face="Century Gothic, Arial, Helvetica">
--- a/Shorewall-docs/fallback.htm
+++ b/Shorewall-docs/fallback.htm
@ -5,12 +5,19 @@
 <title>Shorewall Fallback and Uninstall</title>
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">Fallback and Uninstall</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
 <h1 align="center"><font color="#FFFFFF">Fallback and Uninstall</font></h1>
    </td>
  </tr>
 </table>
 <p><strong>Shorewall includes
 a </strong><a href="#fallback"><strong>fallback script</strong></a><strong>
--- a/Shorewall-docs/gnu_mailman.htm
+++ b/Shorewall-docs/gnu_mailman.htm
@ -6,13 +6,20 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>GNU Mailman</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">GNU Mailman/Postfix<br>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
-the Easy Way</h1>
+  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">GNU Mailman/Postfix
 the Easy Way</font></h1>
    </td>
  </tr>
 </table>
 <h1 align="center">&nbsp;</h1>
 <h4>The following was posted on the Postfix mailing list on 5/4/2002 by Michael 
 Tokarev as a suggested addition to the Postfix FAQ.</h4>
 <p>Q: Mailman does not work with Postfix, complaining about GID mismatch<br>
--- a/Shorewall-docs/index.htm
+++ b/Shorewall-docs/index.htm
@ -5,10 +5,9 @@
 <title>Shoreline Firewall</title>
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
-<frameset cols="237,*">
+<frameset cols="242,*">
  <frame name="contents" target="main" src="Shorewall_index_frame.htm">
  <frame name="main" src="seattlefirewall_index.htm" target="_self" scrolling="auto">
  <noframes>
--- a/Shorewall-docs/kernel.htm
+++ b/Shorewall-docs/kernel.htm
@ -5,11 +5,16 @@
 <title>Shorewall Kernel Configuration</title>
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">Kernel Configuration</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Kernel Configuration</font></h1>
    </td>
  </tr>
 </table>
 <p>For information regarding configuring and building GNU/Linux kernels, see <a href="http://www.kernelnewbies.org">http://www.kernelnewbies.org</a>.</p>
 <p>Here's a screen shot of my Network Options Configuration:</p>
 <blockquote>
--- a/Shorewall-docs/mailing_list.htm
+++ b/Shorewall-docs/mailing_list.htm
@ -11,12 +11,14 @@
 <body>
-<h1 align="center"><a href="http://www.gnu.org/software/mailman/mailman.html">
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
-<img border="0" src="images/logo-sm.jpg" align="left" width="110" height="35"></a>Shorewall Mailing Lists</h1>
+  <tr>
-
+    <td width="100%">
-<p align="left">&nbsp;<a href="http://www.postfix.org/"><img src="images/small-picture.gif" align="left" width="115" height="45"></a> </p>
+    <h1 align="center"><a href="http://www.gnu.org/software/mailman/mailman.html">
-
+<img border="0" src="images/logo-sm.jpg" align="left" hspace="5" width="110" height="35"></a><a href="http://www.postfix.org/"><img src="images/small-picture.gif" align="right" border="0" width="115" height="45"></a><font color="#FFFFFF">Shorewall Mailing Lists</font></h1>
-<h2 align="left">&nbsp;</h2>
+    </td>
  </tr>
 </table>
 <p align="left">
 <b>Note: </b>The list server limits posts to 120kb.</p>
--- a/Shorewall-docs/mailing_list_problems.htm
+++ b/Shorewall-docs/mailing_list_problems.htm
@ -6,12 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Mailing List Problems</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">Mailing List Problems</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Mailing List Problems</font></h1>
    </td>
  </tr>
 </table>
 <h2 align="left">Shorewall.net is currently experiencing mail delivery problems
 to at least one address in each of the following domains:</h2>
--- a/Shorewall-docs/myfiles.htm
+++ b/Shorewall-docs/myfiles.htm
@ -10,10 +10,16 @@
  <meta name="ProgId" content="FrontPage.Editor.Document">
-  <meta name="Microsoft Theme" content="boldstri 011, default">
+  <meta name="Microsoft Theme" content="none">
 </head>
  <body>
-      <h1 align="center">About My Network</h1>
+      <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
        <tr>
          <td width="100%">
          <h1 align="center"><font color="#FFFFFF">About My Network</font></h1>
          </td>
        </tr>
      </table>
                      <blockquote> </blockquote>
@ -116,10 +122,10 @@ interfaces. </p>
                                <h3>Routestopped File:</h3>
-  <pre>	#INTERFACE	HOST(S)
+  <pre><font face="Courier" size="2">	#INTERFACE	HOST(S)
 	eth1		206.124.146.177
 	eth2 		-
-	eth3 		206.124.146.180</pre>
+	eth3 		206.124.146.180</font></pre>
  <h3>Common File: </h3>
  <pre><font size="2" face="Courier">	. /etc/shorewall/common.def
 	run_iptables -A common -p udp --sport 53 -mstate --state NEW -j DROP
--- a/Shorewall-docs/ports.htm
+++ b/Shorewall-docs/ports.htm
@ -5,10 +5,16 @@
 <title>Shorewall Port Information</title>
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
-<body><h1 align="center">Ports required for Various Services/Applications</h1>
+<body>
 <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Ports required for Various Services/Applications</font></h1>
    </td>
  </tr>
 </table>
 <p>In addition to those applications described in <a href="Documentation.htm">the
 /etc/shorewall/rules documentation</a>, here are some other
@ -95,6 +101,12 @@ services/applications that you may need to configure your firewall to accommodat
  <p>Traceroute</p>
 <blockquote>
  <p>UDP ports 33434 through 33434+<i>&lt;max number of hops&gt;</i>-1</p>
 </blockquote>
  <p>NFS</p>
 <blockquote>
  <p>There's some good information at&nbsp;
  <a href="http://nfs.sourceforge.net/nfs-howto/security.html">
  http://nfs.sourceforge.net/nfs-howto/security.html</a></p>
 </blockquote>
  <p>Didn't find what you are looking for -- have you looked in your own
  /etc/services file? </p>
@ -103,7 +115,7 @@ services/applications that you may need to configure your firewall to accommodat
  <a href="http://www.networkice.com/advice/Exploits/Ports">
  http://www.networkice.com/advice/Exploits/Ports</a></p>
-<p><font size="2">Last updated 7/30/2002 - </font><font size="2">
+<p><font size="2">Last updated 8/21/2002 - </font><font size="2">
 <a href="support.htm">Tom
 Eastep</a></font> </p>
 <font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font> 
--- a/Shorewall-docs/quotes.htm
+++ b/Shorewall-docs/quotes.htm
@ -6,12 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Quotes from Shorewall Users</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">Quotes from Shorewall Users</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Quotes from Shorewall Users</font></h1>
    </td>
  </tr>
 </table>
      <p>&quot;I just installed Shorewall after weeks of messing with
--- a/Shorewall-docs/samba.htm
+++ b/Shorewall-docs/samba.htm
@ -6,12 +6,17 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Samba</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">Samba</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Samba</font></h1>
    </td>
  </tr>
 </table>
 <p>If you wish to run Samba on your firewall and access shares between the 
 firewall and local hosts, you need the following rules:</p>
 <h4>/etc/shorewall/rules:</h4>
--- a/Shorewall-docs/seattlefirewall_index.htm
+++ b/Shorewall-docs/seattlefirewall_index.htm
@ -11,7 +11,7 @@
      <base target="_self">
-  <meta name="Microsoft Theme" content="boldstri 011, default">
+  <meta name="Microsoft Theme" content="none">
 </head>
 <body>                                      
      <table border="0" cellpadding="0" cellspacing="4" style="border-collapse: collapse" width="100%" id="AutoNumber3" bgcolor="#4B017C">
@ -63,29 +63,53 @@
      <h2>News</h2>
 <p><b>8/22/2002 - Shorewall 1.3.7 Released 8/13/2002
 <img border="0" src="images/new10.gif" width="28" height="12"> </b></p>
 <p>Features in this release include:</p>
      <ul>
        <li>The 'icmp.def' file is now empty! The rules in that file were 
        required in ipchains firewalls but are not required in Shorewall. Users 
        who have ALLOWRELATED=No in <a href="Documentation.htm#Conf">
        shorewall.conf</a> should see the <a href="errata.htm#Upgrade">Upgrade 
        Issues</a>.</li>
        <li>A 'FORWARDPING' option has been added to
        <a href="Documentation.htm#Conf">shorewall.conf</a>. The effect of 
        setting this variable to Yes is the same as the effect of adding an 
        ACCEPT rule for ICMP echo-request in
        <a href="shorewall_extension_scripts.htm">/etc/shorewall/icmpdef</a>. 
        Users who have such a rule in icmpdef are encouraged to switch to 
        FORWARDPING=Yes.</li>
        <li>The loopback CLASS A Network (127.0.0.0/8) has been added to the 
        rfc1918 file.</li>
        <li>Shorewall now works with iptables 1.2.7.</li>
        <li>The documentation and Web site no longer use FrontPage themes.</li>
      </ul>
 <p>I would like to thank John Distler for his valuable input regarding TCP SYN 
 and ICMP treatment in Shorewall. That input has led to marked improvement in 
 Shorewall in the last two releases.</p>
 <p><b>8/13/2002 - Documentation in the <a target="_top" href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">
- CVS Repository</a>
+ CVS Repository</a></b></p>
 <img border="0" src="images/new10.gif" width="28" height="12"></b></p>
 <p>The Shorewall-docs project now contains just the HTML and image files - the 
 Frontpage files have been removed.</p>
 <p><b>8/7/2002 - <i>STABLE</i></b> <b>branch added to <a target="_top" href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">
- CVS Repository</a>
+ CVS Repository</a></b></p>
 <img border="0" src="images/new10.gif" width="28" height="12"></b></p>
 <p>This branch will only be updated after I release a new version of Shorewall 
 so you can always update from this branch to get the latest stable tree.</p>
 <p><b>8/7/2002 - <a href="errata.htm#Upgrade">Upgrade Issues</a> section added 
- to the <a href="errata.htm">Errata Page</a>
+ to the <a href="errata.htm">Errata Page</a></b></p>
 <img border="0" src="images/new10.gif" width="28" height="12"></b></p>
 <p>Now there is one place to go to look for issues involved with upgrading to 
 recent versions of Shorewall.</p>
- <p><b>8/7/2002 - Shorewall 1.3.6
+ <p><b>8/7/2002 - Shorewall 1.3.6</b></p>
 <img border="0" src="images/new10.gif" width="28" height="12"></b></p>
 <p>This is primarily a bug-fix rollup with a couple of new features:</p>
@ -126,7 +150,7 @@
 </table>
      <p><font size="2">Updated
-      8/13/2002 - <a href="support.htm">Tom Eastep</a>
+      8/22/2002 - <a href="support.htm">Tom Eastep</a>
     </font>
--- a/Shorewall-docs/shoreline.htm
+++ b/Shorewall-docs/shoreline.htm
@ -10,13 +10,19 @@
  <meta name="ProgId" content="FrontPage.Editor.Document">
-  <meta name="Microsoft Theme" content="boldstri 011">
+  <meta name="Microsoft Theme" content="none">
 </head>
  <body>
-      <h1 align="Center">Tom Eastep</h1>
+      <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
        <tr>
          <td width="100%">
          <h1 align="center"><font color="#FFFFFF">Tom Eastep</font></h1>
          </td>
        </tr>
      </table>
@ -65,16 +71,15 @@ Washington</a>
      <p>Our current home network consists of: </p>
  <ul>
-    <li>1.2Gz Athlon, Windows XP Pro, 320MB RAM, 40GB &amp; 8GB IDE HDs 
+    <li>1.2Gz Athlon, Windows XP Pro, 320MB RAM, 40GB &amp; 8GB IDE HDs and LNE100TX 
-    and LNE100TX (Tulip) NIC - My personal Windows system. This system also has 
+    (Tulip) NIC - My personal Windows system.</li>
-    RH7.3     installed.</li>
+    <li>Celeron 1.4Gz, RH7.3, 256MB RAM, 60GB HD, LNE100TX(Tulip) NIC - My 
-    <li>PII/266, RH7.3, 320MB RAM, 20GB HD, LNE100TX(Tulip) NIC - My personal 
+    personal Linux System which runs Samba configured as a WINS server.</li>
-    GNU/Linux System which runs Samba configured as a WINS server.</li>
+    <li>K6-2/350, RH7.3, 384MB RAM, 8GB IDE HD, EEPRO100 NIC 
    <li>K6-2/350, RH7.3, 256MB RAM, 8GB IDE HD, EEPRO100 NIC 
 - Mail (Postfix &amp; Courier-IMAP), HTTP (Apache), FTP (Pure_ftpd), DNS server 
    (Bind).</li>
-    <li>PII/233, RH7.3 with 2.4.19 kernel, 128MB MB RAM, 2GB SCSI HD - 3 
+    <li>PII/233, RH7.3 with 2.4.19 kernel, 256MB MB RAM, 2GB SCSI HD - 3 
-    LNE100TX&nbsp; (Tulip) and 1 TLAN NICs&nbsp; - Firewall running Shorewall 1.3.4 and a DHCP  
+    LNE100TX&nbsp; (Tulip) and 1 TLAN NICs&nbsp; - Firewall running Shorewall 1.3.6 and a DHCP  
  server.  Also  runs PoPToP for     road warrior access.</li>
    <li>Duron 750, Win ME, 192MB RAM, 20GB HD, RTL8139 NIC - My wife's     personal system.</li>
    <li>PII/400 Laptop, Win2k SP2, 224MB RAM, 12GB HD, onboard EEPRO100 and     EEPRO100
@ -83,7 +88,7 @@ in expansion base - My main work system.</li>
  <p>For more about our network see <a href="myfiles.htm">my Shorewall
  Configuration</a>.</p>
-      <p>The PII/266 is made by <a href="http://www.dell.com">Dell</a>. All of our 
+      <p>All of our 
      other systems are made by <a href="http://www.compaq.com">Compaq</a> (part 
      of the new <a href="http://www.hp.com/">HP</a>).. All of our Tulip NICs are <a href="http://www.netgear.com">Netgear</a>
      FA310TXs.</p>
@ -93,7 +98,7 @@ in expansion base - My main work system.</li>
 </font></p>
-      <p><font size="2">Last updated 8/10/2002 - </font><font size="2">
+      <p><font size="2">Last updated 8/16/2002 - </font><font size="2">
      <a href="support.htm">Tom Eastep</a></font>
 </p>
  <font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font> 
--- a/Shorewall-docs/shorewall_ca_certificate.htm
+++ b/Shorewall-docs/shorewall_ca_certificate.htm
@ -6,7 +6,6 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Shorewall CA Certificate</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
--- a/Shorewall-docs/shorewall_extension_scripts.htm
+++ b/Shorewall-docs/shorewall_extension_scripts.htm
@ -6,12 +6,17 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Shorewall Extension Scripts</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-                                                                                  <h1 align="center">Extension Scripts</h1>
+                                                                                  <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
                                                                                    <tr>
                                                                                      <td width="100%">
                                                                                      <h1 align="center"><font color="#FFFFFF">Extension Scripts</font></h1>
                                                                                      </td>
                                                                                    </tr>
                                                                                  </table>
                                                                                  <p>
 Extension scripts are   user-provided
@ -41,20 +46,10 @@ been  processed.</p>
-                                                                                  <p>The following two   files receive 
+                                                                                  <p>The /etc/shorewall/common file receives special treatment. If this file is present, the rules that it   
 special treatment:</p>
 <ul>
   <li>/etc/shorewall/common -- If this file is present, the rules that it   
   defines will totally replace the default rules in the common chain. These 
       default rules are contained in the file /etc/shorewall/common.def which
-       may be used as a starting point for making your own customized file.</li>
+       may be used as a starting point for making your own customized file.</p>
   <li>/etc/shorewall/icmpdef -- If this file is present, the rules that it  
    defines will totally replace the default rules in the icmpdef chain.
 These        default rules are contained in the file /etc/shorewall/icmp.def
 which  may       be used as a starting point for making your own customized
 file.</li>
 </ul>
@ -68,9 +63,8 @@ processing of the command.</p>
                                                                                  <p>
-  If you decide to create /etc/shorewall/common or /etc/shorewall/icmp.def, it 
+  If you decide to create /etc/shorewall/common it is a good idea to use the 
-  is a good idea to use the following technique (common file shown but the same 
+  following technique</p>
  technique applies to icmpdef).</p>
@ -80,25 +74,36 @@ processing of the command.</p>
                                                                                  <blockquote>
-                                                                                    <pre>source /etc/shorewall/common.def
+                                                                                    <pre>. /etc/shorewall/common.def
 &lt;add your rules here&gt;</pre>
 </blockquote>
 <p>If you need to supercede a rule in the released common.def file, you can add 
- the superceding rule before the 'source' command. Using this technique allows 
+ the superceding rule before the '.' command. Using this technique allows 
 you to add new rules while still getting the benefit of the latest common.def 
 file.</p>
- <p>Remember that /etc/shorewall/common and /etc/shorewall/icmpdef define rules 
+ <p>Remember that /etc/shorewall/common defines rules 
 that are only applied if the applicable policy is DROP or REJECT. These rules 
- are NOT applied if the policy is ACCEPT or CONTINUE.<br>
+ are NOT applied if the policy is ACCEPT or CONTINUE.</p>
 </p>
-<p align="left"><font size="2">Last updated 
+ <p>If you set ALLOWRELATED=No in shorewall.conf, then most ICMP packets will be 
-8/5/2002 - <a href="support.htm">Tom
+ rejected by the firewall. It is recommended with this setting that you create 
 the file /etc/shorewall/icmpdef and in it place the following commands:</p>
                                                                                  <pre>	run_iptables -A icmpdef -p ICMP --icmp-type echo-reply -j ACCEPT
 	run_iptables -A icmpdef -p ICMP --icmp-type source-quench -j ACCEPT
 	run_iptables -A icmpdef -p ICMP --icmp-type destination-unreachable -j ACCEPT
 	run_iptables -A icmpdef -p ICMP --icmp-type time-exceeded -j ACCEPT
 	run_iptables -A icmpdef -p ICMP --icmp-type parameter-problem -j ACCEPT
 </pre>
                                                                                  <p align="left"><font size="2">Last updated 
 8/22/2002 - <a href="support.htm">Tom
 Eastep</a></font></p>
 <p align="left"><a href="copyright.htm"><font size="2">Copyright  2002 Thomas M. Eastep</font></a></p>
--- a/Shorewall-docs/shorewall_features.htm
+++ b/Shorewall-docs/shorewall_features.htm
@ -6,12 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Shorewall Features</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">Shorewall Features</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Shorewall Features</font></h1>
    </td>
  </tr>
 </table>
 <ul>
  <li>Uses Netfilter's connection tracking facilities for stateful packet 
  filtering.</li>
--- a/Shorewall-docs/shorewall_firewall_structure.htm
+++ b/Shorewall-docs/shorewall_firewall_structure.htm
@ -6,14 +6,19 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Shorewall Firewall Structure</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-      <h1 align="center">Firewall Structure</h1>
+      <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
        <tr>
          <td width="100%">
          <h1 align="center"><font color="#FFFFFF">Firewall Structure</font></h1>
          </td>
        </tr>
      </table>
      <p>
- Shorewall views the network in which it is running as a set of disjoint
+ Shorewall views the network in which it is running as a set of
      <i> zones. </i>Shorewall itself defines exactly   one zone called "fw"
 which refers to the firewall system itself . The   /etc/shorewall/zones file
 is used to define additional zones and the example file   provided with Shorewall 
@ -36,6 +41,21 @@ from the internet and from the DMZ and in       some cases, from each other.</li
 with the exception of the firewall zone, Shorewall itself attaches no meaning to
 zone names. Zone names are simply labels used to refer to a collection of
 network hosts.</p>
 <p>While zones are normally disjoint (no two zones have a host in common), 
 there are cases where nested or overlapping zone definitions are appropriate.</p>
 <p>Packets entering the firewall first pass through the <i>mangle </i>table's 
 PREROUTING chain (you can see the mangle table by typing &quot;shorewall show 
 mangle&quot;). If the packet entered through an interface that has the <b>norfc1918</b> 
 option, then the packet is sent down the <b>man1918</b>&nbsp; which will drop 
 the packet if its destination IP address is reserved (as specified in the 
 /etc/shorewall/rfc1918 file). Next the packet passes through the<b> pretos</b> 
 chain to set its TOS field as specified in the /etc/shorewall/tos file. 
 Finally, if traffic control/shaping is being used, the packet is sent through 
 the<b> tcpre</b> chain to be marked for later use in policy routing or traffic 
 control.</p>
 <p>Next, if the packet isn't part of an established connection, it passes 
 through the<i> nat</i> table's PREROUTING chain (you can see the nat table by 
 typing &quot;shorewall show nat&quot;). </p>
      <p>
 Traffic entering the 
 firewall is sent to an<i> input </i>chain. If the traffic is destined for the 
--- a/Shorewall-docs/shorewall_index.htm
+++ b/Shorewall-docs/shorewall_index.htm
@ -5,7 +5,6 @@
 <title>Shoreline Firewall</title>
 <meta name="GENERATOR" content="Microsoft FrontPage 4.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta name="Microsoft Theme" content="boldstri 011, default">
 <meta name="Microsoft Border" content="none, default">
 </head>
--- a/Shorewall-docs/shorewall_mailing_list_migration.htm
+++ b/Shorewall-docs/shorewall_mailing_list_migration.htm
@ -6,12 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Shorewall Mailing List Migration</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">Shorewall Mailing List Migration</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Shorewall Mailing List Migration</font></h1>
    </td>
  </tr>
 </table>
 <p align="left">If you are a current subscriber to the Shorewall mailing list at
 <a href="http://sourceforge.net">Sourceforge</a>, please do the following:</p>
 <ol>
--- a/Shorewall-docs/shorewall_mirrors.htm
+++ b/Shorewall-docs/shorewall_mirrors.htm
@ -6,12 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Shorewall Mirrors</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">Shorewall Mirrors</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Shorewall Mirrors</font></h1>
    </td>
  </tr>
 </table>
 <p align="left"><b>Remember that updates to the mirrors are often delayed for 
 6-12 hours after an update to the primary site.</b></p>
--- a/Shorewall-docs/shorewall_prerequisites.htm
+++ b/Shorewall-docs/shorewall_prerequisites.htm
@ -6,13 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Shorewall Prerequisites</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">Shorewall Requirements</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
-<p align="center">&nbsp;</p>
+  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Shorewall Requirements</font></h1>
    </td>
  </tr>
 </table>
 <ul>
  <li>A kernel that supports netfilter. I've tested with 2.4.2 - 2.4.19. <a href="kernel.htm">
    Check here for kernel configuration       information.</a>
--- a/Shorewall-docs/shorewall_quickstart_guide.htm
+++ b/Shorewall-docs/shorewall_quickstart_guide.htm
@ -6,13 +6,19 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Shorewall QuickStart Guide</title>
-<meta name="Microsoft Theme" content="boldstri 011">
+<meta name="Microsoft Theme" content="none">
 </head>
 <body>
-<h1 align="center">Shorewall QuickStart Guides<br>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
-Version 3.0</h1>
+  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Shorewall QuickStart Guides<br>
 Version 3.0</font></h1>
    </td>
  </tr>
 </table>
 <p align="center">With thanks to Richard who reminded me once again that we must 
 all first walk before we can run.</p>
@ -69,7 +75,7 @@ explained in the single-address guides above.</p>
 </ul>
 <h2><a name="Documentation"></a>Additional Documentation</h2>
 <p>The following documentation covers a variety of topics and supplements the 
-QuickStart Guides described above.</p>
+<a href="shorewall_quickstart_guide.htm">QuickStart Guides</a> described above.</p>
 <ul>
  <li><a href="blacklisting_support.htm">Blacklisting</a><ul>
    <li>Static Blacklisting using /etc/shorewall/blacklist</li>
@ -126,6 +132,7 @@ QuickStart Guides described above.</p>
  <li><a href="samba.htm">Samba</a></li>
  <li><font color="#000099"><a href="starting_and_stopping_shorewall.htm">Starting/stopping the Firewall</a></font></li>
  <li><font color="#000099"><a href="NAT.htm">Static NAT</a></font></li>
  <li><a href="traffic_shaping.htm">Traffic Shaping/Control</a></li>
  <li>Tunnels<ul>
    <li><a href="IPSEC.htm">IPSEC</a></li>
    <li><a href="IPIP.htm">GRE and IPIP</a></li>
--- a/Shorewall-docs/shorewall_setup_guide.htm
+++ b/Shorewall-docs/shorewall_setup_guide.htm
@ -6,7 +6,7 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Shorewall Setup Guide</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
+<meta name="Microsoft Theme" content="none">
 </head>
 <body>
@ -46,6 +46,10 @@ know more about Shorewall than is contained in the
 guides</a>. Because the 
 range of possible applications is so broad, the Guide will give you general 
 guidelines and will point you to other resources as necessary.</p>
 <p><img border="0" src="images/j0213519.gif" width="60" height="60">&nbsp;&nbsp;&nbsp; 
 If you run LEAF Bering, your Shorewall configuration is NOT what I release -- I 
 suggest that you consider installing a stock Shorewall lrp from the 
 shorewall.net site before you proceed.</p>
 <p>This guide assumes that you have the iproute/iproute2 package installed (on 
 RedHat, the package is called <i>iproute</i>)<i>. </i>You can tell if this 
 package is installed by the presence of an <b>ip</b> program on your firewall 
@ -730,6 +734,13 @@ table but if we logically and that address with 255.255.255.0, the result is
    <pre>192.168.1.0     0.0.0.0 	255.255.255.0 	U     40  0         0 eth2</pre>
  </blockquote>
  <p>So to route a packet to 192.168.1.5, the packet is sent directly over eth2.</div>
 <p align="left">One more thing needs to be emphasized -- all outgoing packet are 
 sent using the routing table and reply packets are not a special case. There 
 seems to be a common mis-conception whereby people think that request packets 
 are like salmon and contain a genetic code that is magically transferred to 
 reply packets so that the replies follow the reverse route taken by the request. 
 That isn't the case; the replies may take a totally different route back to the 
 client than was taken by the requests -- they are totally independent.</p>
 <h3 align="left"><a name="ARP"></a>4.4 Address Resolution Protocol</h3>
 <p align="left">When sending packets over Ethernet, IP addresses aren't used. 
 Rather Ethernet addressing is based on <i>Media Access Control</i> (MAC) 
@ -1123,7 +1134,7 @@ Destination 	Gateway 	Genmask 	Flags MSS Window irtt Iface
  host routes thru eth2 to 192.0.2.177 and 192.0.2.178.</div>
 <div align="left">
  <p align="left">A word of warning is in order here. ISPs typically configure 
-  there routers with a long ARP cache timeout. If you move a system from 
+  their routers with a long ARP cache timeout. If you move a system from 
  parallel to your firewall to behind your firewall with Proxy ARP, it will 
  probably be HOURS before that system can communicate with the internet. You 
  can call your ISP and ask them to purge the stale ARP cache entry but many 
@ -2347,7 +2358,7 @@ foobar.net.	86400	IN A	192.0.2.177
  test it using the <a href="Documentation.htm#Starting">&quot;shorewall try&quot; command</a>.</div>
 <p align="left"><font size="2">Last updated 
-8/10/2002 - <a href="support.htm">Tom
+8/18/2002 - <a href="support.htm">Tom
 Eastep</a></font></p>
 <p align="left"><a href="copyright.htm"><font size="2">Copyright  2002 Thomas M. Eastep</font></a></p>
--- a/Shorewall-docs/spam_filters.htm
+++ b/Shorewall-docs/spam_filters.htm
@ -6,12 +6,19 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>SPAM Filters</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">SPAM Filters<br>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">SPAM Filters</font></h1>
    </td>
  </tr>
 </table>
 <h1 align="center"><br>
 <a href="http://ordb.org">
 <img border="0" src="images/but3.png" hspace="3" width="88" height="31"></a></h1>
 <p>Like all of you, I'm concerned about the increasing volume of Unsolicited
--- a/Shorewall-docs/standalone.htm
+++ b/Shorewall-docs/standalone.htm
@ -6,12 +6,19 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Standalone Firewall</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">Standalone Firewall</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber6" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
 <h1 align="center"><font color="#FFFFFF">Standalone Firewall</font></h1>
    </td>
  </tr>
 </table>
 <h2 align="center">Version 2.0.1</h2>
 <p align="left">Setting up Shorewall on a standalone Linux system is very easy if you understand the basics and follow the 
@ -93,7 +100,7 @@ file for you).</p>
 <p>The /etc/shorewall/policy file included with the one-interface sample has the 
 following policies:</p>
 <blockquote>
-  <table border="1" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber3">
+  <table border="1" cellpadding="2" style="border-collapse: collapse" id="AutoNumber3">
    <tr>
      <td><u><b>SOURCE ZONE</b></u></td>
      <td><u><b>DESTINATION ZONE</b></u></td>
@ -185,7 +192,7 @@ use in private networks:</p>
  <p align="left">If you wish to enable connections from the internet to your firewall, the general format is:</div>
 <div align="left">
  <blockquote>
-    <table border="1" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber4">
+    <table border="1" cellpadding="2" style="border-collapse: collapse" id="AutoNumber4">
      <tr>
        <td><u><b>ACTION</b></u></td>
        <td><u><b>SOURCE</b></u></td>
@ -212,7 +219,7 @@ use in private networks:</p>
  system:</div>
 <div align="left">
  <blockquote>
-    <table border="1" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5">
+    <table border="1" cellpadding="2" style="border-collapse: collapse" id="AutoNumber5">
      <tr>
        <td><u><b>ACTION</b></u></td>
        <td><u><b>SOURCE</b></u></td>
@ -252,7 +259,7 @@ use in private networks:</p>
  access to your firewall from the internet, use SSH:</div>
 <div align="left">
  <blockquote>
-    <table border="1" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber4">
+    <table border="1" cellpadding="2" style="border-collapse: collapse" id="AutoNumber4">
      <tr>
        <td><u><b>ACTION</b></u></td>
        <td><u><b>SOURCE</b></u></td>
--- a/Shorewall-docs/starting_and_stopping_shorewall.htm
+++ b/Shorewall-docs/starting_and_stopping_shorewall.htm
@ -6,14 +6,19 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Starting and Stopping Shorewall</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-                                                                                <h1 align="center">Starting/Stopping and Monitoring the Firewall</h1>
+                                                                                <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
                                                                                  <tr>
                                                                                    <td width="100%">
                                                                                    <h1 align="center"><font color="#FFFFFF">Starting/Stopping and Monitoring the Firewall</font></h1>
                                                                                    </td>
                                                                                  </tr>
                                                                                </table>
--- a/Shorewall-docs/subnet_masks.htm
+++ b/Shorewall-docs/subnet_masks.htm
@ -6,12 +6,17 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Subnet Masks</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">Subnet Masks/VLSM Notation</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Subnet Masks/VLSM Notation</font></h1>
    </td>
  </tr>
 </table>
 <p align="left">IP addresses and subnet masks are 32-bit numbers. The notation 
 w.x.y.z refers to an address where the high-order byte has value &quot;w&quot;, the next 
 byte has value &quot;x&quot;, etc. If we take 255.255.255.0 and express it in 
--- a/Shorewall-docs/support.htm
+++ b/Shorewall-docs/support.htm
@ -6,12 +6,18 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Support</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
+<meta name="Microsoft Theme" content="none">
 </head>
 <body>
-<h1 align="center">Shorewall Support</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Shorewall Support</font></h1>
    </td>
  </tr>
 </table>
 <h3 align="left">Before Reporting a Problem</h3>
 <blockquote>
@ -92,7 +98,10 @@ isn't working? For example, if "ssh" isn't able     to connect, using the
 </ul>
 <h3>Where to Send your Problem
 Report or to Ask for Help</h3>
-<p>Please post your question or problem to the
+<h4>If you run Shorewall under Bering -- <span style="font-weight: 400">please 
 post your question or problem to the
 <a href="mailto:leaf-user@lists.sourceforge.net">LEAF Users mailing list</a>.</span></h4>
 <p>Otherwise, please post your question or problem to the
 <a href="mailto:shorewall-users@shorewall.net">Shorewall users mailing list</a>; 
 there are lots of folks there who are willing to help you. Your question/problem 
 description and their responses will be placed in the mailing list archives to 
@ -107,7 +116,7 @@ to respond promptly to mailing list posts.&nbsp;&nbsp; <a href="mailto:teastep@s
 <p>To Subscribe to the  mailing list go to <a href="http://www.shorewall.net/mailman/listinfo/shorewall-users">http://www.shorewall.net/mailman/listinfo/shorewall-users</a>
    .</p>
-<p align="left"><font size="2">Last Updated 8/5/2002 - Tom
+<p align="left"><font size="2">Last Updated 8/17/2002 - Tom
 Eastep</font></p>
 <p align="left"><font face="Trebuchet MS"><a href="copyright.htm">
--- a/Shorewall-docs/three-interface.htm
+++ b/Shorewall-docs/three-interface.htm
@ -6,12 +6,17 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Three-Interface Firewall</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">Three-Interface Firewall</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber5" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Three-Interface Firewall</font></h1>
    </td>
  </tr>
 </table>
 <h2 align="center">Version 2.0.1</h2>
 <p align="left">Setting up a Linux system as a firewall for a small network with 
--- a/Shorewall-docs/traffic_shaping.htm
+++ b/Shorewall-docs/traffic_shaping.htm
@ -6,12 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Traffic Shaping</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">Traffic Shaping/Control</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Traffic Shaping/Control</font></h1>
    </td>
  </tr>
 </table>
 <p align="left">Beginning with version 1.2.0, Shorewall has limited support for traffic
 shaping/control. In order to use traffic shaping under Shorewall, it is
 essential that you get a copy of the <a href="http://ds9a.nl/lartc">Linux Advanced Routing
--- a/Shorewall-docs/troubleshoot.htm
+++ b/Shorewall-docs/troubleshoot.htm
@ -10,13 +10,18 @@
  <meta name="ProgId" content="FrontPage.Editor.Document">
-  <meta name="Microsoft Theme" content="boldstri 011, default">
+  </head>
 </head>
  <body>
-      <h1 align="center">Shorewall Troubleshooting</h1>
+      <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
        <tr>
          <td width="100%">
          <h1 align="center"><font color="#FFFFFF">Shorewall Troubleshooting</font></h1>
          </td>
        </tr>
      </table>
--- a/Shorewall-docs/two-interface.htm
+++ b/Shorewall-docs/two-interface.htm
@ -6,12 +6,18 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Two-Interface Firewall</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
+<meta name="Microsoft Theme" content="none">
 </head>
 <body>
-<h1 align="center">Basic Two-Interface Firewall</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber5" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Basic Two-Interface Firewall</font></h1>
    </td>
  </tr>
 </table>
 <p align="left">Setting up a Linux system as a firewall for a small network is a 
 fairly straight-forward task if you understand the basics and follow the 
 documentation.</p>
@ -53,8 +59,7 @@ copy before using it with Shorewall.</p>
 <p>The configuration files for Shorewall are contained in the directory 
 /etc/shorewall -- for simple setups, you will only need to deal with a few of 
 these as described in this guide.  After you have <a href="Install.htm">installed Shorewall</a>, 
-download the <a href="/pub/shorewall/LATEST.samples/two-interfaces.tgz">
+download the <a href="/pub/shorewall/LATEST.samples/two-interfaces.tgz">two-interface sample</a>, un-tar it (tar -zxvf two-interfaces.tgz) and and copy the files to /etc/shorewall 
 two-interface sample</a>, un-tar it (tar -zxvf two-interfaces.tgz) and and copy the files to /etc/shorewall 
 (these files will replace files with the same name).</p>
 <p>As each file is introduced, I suggest that you 
 look through the actual file on your system -- each file contains detailed 
--- a/Shorewall-docs/whitelisting_under_shorewall.htm
+++ b/Shorewall-docs/whitelisting_under_shorewall.htm
@ -6,12 +6,17 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Whitelisting under Shorewall</title>
 <meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 <body>
-<h1 align="center">Whitelisting under Shorewall</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Whitelisting under Shorewall</font></h1>
    </td>
  </tr>
 </table>
 <p align="left">For a brief time, the 1.2 version of Shorewall supported an 
 /etc/shorewall/whitelist file. This file was intended to contain a list of IP 
 addresses of hosts whose POLICY to all zones was ACCEPT. The whitelist file was