mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 14:20:40 +01:00
Fix manpages; Add vardir to config file list; annotate manpage index
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6829 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
968ee7ef75
commit
79aab860bc
@ -10,6 +10,8 @@ Changes in 4.0.0 RC 2
|
|||||||
|
|
||||||
5) Fix LITEDIR mess.
|
5) Fix LITEDIR mess.
|
||||||
|
|
||||||
|
6) Fix IPSEC.
|
||||||
|
|
||||||
Changes in 4.0.0 RC 1
|
Changes in 4.0.0 RC 1
|
||||||
|
|
||||||
1) shorewall-perl RPM no longer installable under shorewall 3.4.
|
1) shorewall-perl RPM no longer installable under shorewall 3.4.
|
||||||
|
@ -61,6 +61,9 @@ Problems corrected in 4.0.0 RC 2.
|
|||||||
(compiler, shorewall-common and shorewall-lite) must be version
|
(compiler, shorewall-common and shorewall-lite) must be version
|
||||||
4.0.0-RC2 or later.
|
4.0.0-RC2 or later.
|
||||||
|
|
||||||
|
4) Several bugs in Shorewall-perl's handling of ipsec zones have been
|
||||||
|
corrected.
|
||||||
|
|
||||||
Other changes in Shorewall 4.0.0 RC 2.
|
Other changes in Shorewall 4.0.0 RC 2.
|
||||||
|
|
||||||
1) The -f option is no longer the default when Shorewall is started at
|
1) The -f option is no longer the default when Shorewall is started at
|
||||||
|
@ -144,7 +144,7 @@ sub add_group_to_zone($$$$$)
|
|||||||
|
|
||||||
push @{$arrayref}, { options => $options,
|
push @{$arrayref}, { options => $options,
|
||||||
hosts => \@newnetworks,
|
hosts => \@newnetworks,
|
||||||
ipsec => $type eq 'ipsec' ? 'ipsec' : 'none' };
|
ipsec => $type eq 'ipsec4' ? 'ipsec' : 'none' };
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -137,6 +137,8 @@ sub setup_one_masq($$$$$$$)
|
|||||||
} else {
|
} else {
|
||||||
$rule .= do_ipsec_options $ipsec;
|
$rule .= do_ipsec_options $ipsec;
|
||||||
}
|
}
|
||||||
|
} elsif ( $capabilities{POLICY_MATCH} ) {
|
||||||
|
$rule .= '-m policy --pol none --dir out ';
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -1471,7 +1471,7 @@ sub generate_matrix() {
|
|||||||
|
|
||||||
if ( $capabilities{POLICY_MATCH} ) {
|
if ( $capabilities{POLICY_MATCH} ) {
|
||||||
my $type = $zoneref->{type};
|
my $type = $zoneref->{type};
|
||||||
my $source_ref = ( $zoneref->{hosts}{ipsec} ) || {};
|
my $source_ref = ( $zoneref->{hosts}{ipsec4} ) || {};
|
||||||
|
|
||||||
if ( $config{DYNAMIC_ZONES} ) {
|
if ( $config{DYNAMIC_ZONES} ) {
|
||||||
no warnings;
|
no warnings;
|
||||||
|
@ -53,90 +53,103 @@
|
|||||||
|
|
||||||
<simplelist>
|
<simplelist>
|
||||||
<member><ulink
|
<member><ulink
|
||||||
url="manpages/shorewall-accounting.html">accounting</ulink></member>
|
url="manpages/shorewall-accounting.html">accounting</ulink> - Define IP
|
||||||
|
accounting rules.</member>
|
||||||
|
|
||||||
|
<member><ulink url="manpages/shorewall-actions.html">actions</ulink> -
|
||||||
|
Declare user-defined actions.</member>
|
||||||
|
|
||||||
|
<member><ulink url="manpages/shorewall-blacklist.html">blacklist</ulink>
|
||||||
|
- Static blacklisting.</member>
|
||||||
|
|
||||||
|
<member><ulink url="manpages/shorewall-ecn.html">ecn</ulink> - Disabling
|
||||||
|
Explicit Congestion Notification</member>
|
||||||
|
|
||||||
|
<member><ulink url="manpages/shorewall-exclusion.html">exclusion</ulink>
|
||||||
|
- Excluding hosts from a network or zone</member>
|
||||||
|
|
||||||
|
<member><ulink url="manpages/shorewall-hosts.html">hosts</ulink> -
|
||||||
|
Define multiple zones accessed through a single interface</member>
|
||||||
|
|
||||||
|
<member><ulink url="shorewall-interfaces.html">interfaces</ulink> -
|
||||||
|
Define the interfaces on the system and optionally associate them with
|
||||||
|
zones.</member>
|
||||||
|
|
||||||
|
<member><ulink url="manpages/shorewall-maclist.html">maclist</ulink> -
|
||||||
|
Define MAC verification.</member>
|
||||||
|
|
||||||
|
<member><ulink url="manpages/shorewall-masq.html">masq</ulink> - Define
|
||||||
|
Masquerade/SNAT</member>
|
||||||
|
|
||||||
|
<member><ulink url="manpages/shorewall-nat.html">nat</ulink> - Define
|
||||||
|
one-to-one NAT.</member>
|
||||||
|
|
||||||
|
<member><ulink url="manpages/shorewall-nesting.html">nesting</ulink> -
|
||||||
|
How to define nested zones.</member>
|
||||||
|
|
||||||
|
<member><ulink url="manpages/shorewall-netmap.html">netmap</ulink> - How
|
||||||
|
to map addresses from one net to another.</member>
|
||||||
|
|
||||||
|
<member><ulink url="manpages/shorewall-params.html">params</ulink> -
|
||||||
|
Assign values to shell variables used in other files.</member>
|
||||||
|
|
||||||
|
<member><ulink url="manpages/shorewall-policy.html">policy</ulink> -
|
||||||
|
Define high-level policies for connections between zones.</member>
|
||||||
|
|
||||||
|
<member><ulink url="manpages/shorewall-providers.html">providers</ulink>
|
||||||
|
- Define routing tables, usually for mutliple internet links.</member>
|
||||||
|
|
||||||
|
<member><ulink url="manpages/shorewall-proxyarp.html">proxyarp</ulink> -
|
||||||
|
Define Proxy ARP.</member>
|
||||||
|
|
||||||
|
<member><ulink url="manpages/shorewall-rfc1918.html">rfc1918</ulink> -
|
||||||
|
Specify address ranges affected by the <option>norfc1918</option>
|
||||||
|
interface option.</member>
|
||||||
|
|
||||||
<member><ulink
|
<member><ulink
|
||||||
url="manpages/shorewall-actions.html">actions</ulink></member>
|
url="manpages/shorewall-route_rules.html">route_rules</ulink> - Define
|
||||||
|
routing rules.</member>
|
||||||
|
|
||||||
<member><ulink
|
<member><ulink
|
||||||
url="manpages/shorewall-blacklist.html">blacklist</ulink></member>
|
url="manpages/shorewall-routestopped.html">routestopped</ulink> -
|
||||||
|
Specify connections to be permitted when Shorewall is in the stopped
|
||||||
|
state.</member>
|
||||||
|
|
||||||
<member><ulink url="manpages/shorewall-ecn.html">ecn</ulink></member>
|
<member><ulink url="manpages/shorewall-rules.html">rules</ulink> -
|
||||||
|
Specify exceptions to policies, including DNAT and REDIRECT.</member>
|
||||||
|
|
||||||
|
<member><ulink url="manpages/shorewall-tcclasses.html">tcclasses</ulink>
|
||||||
|
- Define htb classes for traffic shaping.</member>
|
||||||
|
|
||||||
|
<member><ulink url="manpages/shorewall-tcdevices.html">tcdevices</ulink>
|
||||||
|
- Specify speed of devices for traffic shaping.</member>
|
||||||
|
|
||||||
|
<member><ulink url="manpages/shorewall-tcrules.html">tcrules</ulink> -
|
||||||
|
Define packet marking rules, usually for traffic shaping.</member>
|
||||||
|
|
||||||
|
<member><ulink url="manpages/shorewall-tos.html">tos</ulink> - Define
|
||||||
|
TOS field manipulation.</member>
|
||||||
|
|
||||||
|
<member><ulink url="manpages/shorewall-tunnels.html">tunnels</ulink> -
|
||||||
|
Define VPN connections with endpoints on the firewall.</member>
|
||||||
|
|
||||||
|
<member><ulink url="manpages/shorewall.conf.html">shorewall.conf</ulink>
|
||||||
|
- Specify values for global Shorewall options.</member>
|
||||||
|
|
||||||
<member><ulink
|
<member><ulink
|
||||||
url="manpages/shorewall-exclusion.html">exclusion</ulink></member>
|
url="manpages/shorewall.conf.html">shorewall-lite.conf</ulink> - Specify
|
||||||
|
values for global Shorewall Lite options.</member>
|
||||||
|
|
||||||
|
<member><ulink url="manpages/shorewall-vardir.html">vardir</ulink> -
|
||||||
|
Redefine the directory where Shorewall keeps its state
|
||||||
|
information.</member>
|
||||||
|
|
||||||
<member><ulink
|
<member><ulink
|
||||||
url="manpages/shorewall-hosts.html">hosts</ulink></member>
|
url="manpages/shorewall-lite-vardir.html">vardir-lite</ulink> - Redefine
|
||||||
|
the directory where Shorewall Lite keeps its state information.</member>
|
||||||
|
|
||||||
<member><ulink
|
<member><ulink url="manpages/shorewall-zones.html">zones</ulink> -
|
||||||
url="shorewall-interfaces.html">interfaces</ulink></member>
|
Declare Shorewall zones.l</member>
|
||||||
|
|
||||||
<member><ulink
|
|
||||||
url="manpages/shorewall-maclist.html">maclist</ulink></member>
|
|
||||||
|
|
||||||
<member><ulink url="manpages/shorewall-masq.html">masq</ulink></member>
|
|
||||||
|
|
||||||
<member><ulink url="manpages/shorewall-nat.html">nat</ulink></member>
|
|
||||||
|
|
||||||
<member><ulink
|
|
||||||
url="manpages/shorewall-nesting.html">nesting</ulink></member>
|
|
||||||
|
|
||||||
<member><ulink
|
|
||||||
url="manpages/shorewall-netmap.html">netmap</ulink></member>
|
|
||||||
|
|
||||||
<member><ulink
|
|
||||||
url="manpages/shorewall-params.html">params</ulink></member>
|
|
||||||
|
|
||||||
<member><ulink
|
|
||||||
url="manpages/shorewall-policy.html">policy</ulink></member>
|
|
||||||
|
|
||||||
<member><ulink
|
|
||||||
url="manpages/shorewall-providers.html">providers</ulink></member>
|
|
||||||
|
|
||||||
<member><ulink
|
|
||||||
url="manpages/shorewall-proxyarp.html">proxyarp</ulink></member>
|
|
||||||
|
|
||||||
<member><ulink
|
|
||||||
url="manpages/shorewall-rfc1918.html">rfc1918</ulink></member>
|
|
||||||
|
|
||||||
<member><ulink
|
|
||||||
url="manpages/shorewall-route_rules.html">route_rules</ulink></member>
|
|
||||||
|
|
||||||
<member><ulink
|
|
||||||
url="manpages/shorewall-routestopped.html">routestopped</ulink></member>
|
|
||||||
|
|
||||||
<member><ulink
|
|
||||||
url="manpages/shorewall-rules.html">rules</ulink></member>
|
|
||||||
|
|
||||||
<member><ulink
|
|
||||||
url="manpages/shorewall-tcclasses.html">tcclasses</ulink></member>
|
|
||||||
|
|
||||||
<member><ulink
|
|
||||||
url="manpages/shorewall-tcdevices.html">tcdevices</ulink></member>
|
|
||||||
|
|
||||||
<member><ulink
|
|
||||||
url="manpages/shorewall-tcrules.html">tcrules</ulink></member>
|
|
||||||
|
|
||||||
<member><ulink url="manpages/shorewall-tos.html">tos</ulink></member>
|
|
||||||
|
|
||||||
<member><ulink
|
|
||||||
url="manpages/shorewall-tunnels.html">tunnels</ulink></member>
|
|
||||||
|
|
||||||
<member><ulink
|
|
||||||
url="manpages/shorewall.conf.html">shorewall.conf</ulink></member>
|
|
||||||
|
|
||||||
<member><ulink
|
|
||||||
url="manpages/shorewall.conf.html">shorewall-lite.conf</ulink></member>
|
|
||||||
|
|
||||||
<member><ulink
|
|
||||||
url="manpages/shorewall-vardir.html">vardir</ulink></member>
|
|
||||||
|
|
||||||
<member><ulink
|
|
||||||
url="manpages/shorewall-lite-vardir.html">vardir-lite</ulink></member>
|
|
||||||
|
|
||||||
<member><ulink
|
|
||||||
url="manpages/shorewall-zones.html">zones</ulink></member>
|
|
||||||
</simplelist>
|
</simplelist>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
@ -144,10 +157,11 @@
|
|||||||
<title>Section 8 — Administrative Commands</title>
|
<title>Section 8 — Administrative Commands</title>
|
||||||
|
|
||||||
<simplelist>
|
<simplelist>
|
||||||
<member><ulink url="manpages/shorewall.html">shorewall</ulink></member>
|
<member><ulink url="manpages/shorewall.html">shorewall</ulink> -
|
||||||
|
/sbin/shorewall command syntax and semantics.</member>
|
||||||
|
|
||||||
<member><ulink
|
<member><ulink url="manpages/shorewall-lite.html">shorewall-lite</ulink>
|
||||||
url="manpages/shorewall-lite.html">shorewall-lite</ulink></member>
|
- /sbin/shorewall-lite command syntax and semantics.</member>
|
||||||
</simplelist>
|
</simplelist>
|
||||||
</section>
|
</section>
|
||||||
</article>
|
</article>
|
@ -185,10 +185,16 @@
|
|||||||
<listitem>
|
<listitem>
|
||||||
<para><filename>/etc/shorewall/route_rules</filename> (Added in
|
<para><filename>/etc/shorewall/route_rules</filename> (Added in
|
||||||
Shorewall 3.2.0) - Defines routing rules to be used in conjunction
|
Shorewall 3.2.0) - Defines routing rules to be used in conjunction
|
||||||
with the routing tables devined in
|
with the routing tables defined in
|
||||||
<filename>/etc/shorewall/providers</filename>.</para>
|
<filename>/etc/shorewall/providers</filename>.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><filename>/etc/shorewall/vardir</filename> - (Added in
|
||||||
|
Shoreall 4.0.0-RC2) - Determines the directory where Shorewall
|
||||||
|
maintains its state.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para><filename>/usr/share/shorewall/actions.std</filename> -
|
<para><filename>/usr/share/shorewall/actions.std</filename> -
|
||||||
Actions defined by Shorewall.</para>
|
Actions defined by Shorewall.</para>
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
<refnamediv>
|
<refnamediv>
|
||||||
<refname>vardir</refname>
|
<refname>vardir</refname>
|
||||||
|
|
||||||
<refpurpose>Shorewall file</refpurpose>
|
<refpurpose>Shorewall Lite file</refpurpose>
|
||||||
</refnamediv>
|
</refnamediv>
|
||||||
|
|
||||||
<refsynopsisdiv>
|
<refsynopsisdiv>
|
||||||
@ -22,9 +22,9 @@
|
|||||||
<title>Description</title>
|
<title>Description</title>
|
||||||
|
|
||||||
<para>This file does not exist by default. You may create the file if you
|
<para>This file does not exist by default. You may create the file if you
|
||||||
want to change the directory used by Shorewall to store state information,
|
want to change the directory used by Shorewall Lite to store state
|
||||||
including compiled firewall scripts. By default, the directory used is
|
information, including compiled firewall scripts. By default, the
|
||||||
<filename>/var/lib/shorewall-lite/</filename>.</para>
|
directory used is <filename>/var/lib/shorewall-lite/</filename>.</para>
|
||||||
|
|
||||||
<para>The file contains a single variable assignment:</para>
|
<para>The file contains a single variable assignment:</para>
|
||||||
|
|
||||||
|
@ -22,9 +22,9 @@
|
|||||||
<title>Description</title>
|
<title>Description</title>
|
||||||
|
|
||||||
<para>This file does not exist by default. You may create the file if you
|
<para>This file does not exist by default. You may create the file if you
|
||||||
want to change the directory used by Shorewall lite to store state
|
want to change the directory used by Shorewall to store state information,
|
||||||
information, including compiled firewall scripts. By default, the
|
including compiled firewall scripts. By default, the directory used is
|
||||||
directory used is <filename>/var/lib/shorewall/</filename>.</para>
|
<filename>/var/lib/shorewall/</filename>.</para>
|
||||||
|
|
||||||
<para>The file contains a single variable assignment:</para>
|
<para>The file contains a single variable assignment:</para>
|
||||||
|
|
||||||
@ -32,7 +32,7 @@
|
|||||||
|
|
||||||
<para>where <replaceable>directory</replaceable> is the name of a
|
<para>where <replaceable>directory</replaceable> is the name of a
|
||||||
directory. If you add this file, you should copy the files from
|
directory. If you add this file, you should copy the files from
|
||||||
<filename>/var/lib/shorewall-lite</filename> to the new directory before
|
<filename>/var/lib/shorewall</filename> to the new directory before
|
||||||
performing a <command>shorewall restart</command>.</para>
|
performing a <command>shorewall restart</command>.</para>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user