extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-03 03:59:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Updates for routestopped -> stoppedrules

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2015-10-05 07:51:43 -07:00
parent 0385b2cd37
commit 89122c0d55
10 changed files with 65 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/CompiledPrograms.xml
View File

@ -186,8 +186,8 @@
configuring Shorewall on the firewall system itself</emphasis>).
It's a good idea to include the IP address of the administrative
system in the <ulink
url="manpages/shorewall-routestopped.html"><filename>routestopped</filename>
file</ulink>.</para>
url="manpages/shorewall-stoppedrules.html"><filename>stoppedrules
</filename> file</ulink>.</para>
<para>It is important to understand that with Shorewall Lite,
the firewall's export directory on the administrative system
@ -493,7 +493,7 @@ clean:
<para>Be sure that the IP address of the administrative system is
included in the firewall's export directory
<filename>routestopped</filename> file.</para>
<filename>stoppedrules</filename> file.</para>
<programlisting><command>shorewall stop</command></programlisting>
@ -514,7 +514,7 @@ clean:
<para>It's a good idea to include the IP address of the
administrative system in the firewall system's <ulink
url="manpages/shorewall-routestopped.html"><filename>routestopped</filename>
url="manpages/shorewall-stoppedrules.html"><filename>stoppedrules</filename>
file</ulink>.</para>
<para>Also, edit the <filename>shorewall.conf</filename> file in

8
docs/FAQ.xml
View File

@ -2029,7 +2029,7 @@ Dec 15 16:47:30 heath-desktop last message repeated 2 times</programlisting>
ADMINISABSENTMINDED in <ulink
url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5) and the
contents of <ulink
url="manpages/shorewall-routestopped.html">shorewall-routestopped</ulink>
url="manpages/shorewall-stoppedrules.html">shorewall-stoppedrules</ulink>
(5). To totally open the firewall, use the <command>clear</command>
command.</para>
</section>
@ -2138,8 +2138,8 @@ Creating input Chains...
<para><command>/sbin/shorewall stop</command> places the firewall in a
<firstterm>safe state</firstterm>, the details of which depend on your
<filename>/etc/shorewall/routestopped</filename> file (<ulink
url="manpages/shorewall-routestopped.html">shorewall-routestopped</ulink>(5))
<filename>/etc/shorewall/stoppedrules</filename> file (<ulink
url="manpages/shorewall-stoppedrules.html">shorewall-stoppedrules</ulink>(5))
and on the setting of ADMINISABSENTMINDED in
<filename>/etc/shorewall/shorewall.conf</filename> (<ulink
url="manpages/shorewall.conf.html">shorewall.conf</ulink>(5)).</para>
@ -3065,7 +3065,7 @@ Shorewall has detected the following iptables/netfilter capabilities:
Persistent SNAT: Available
gateway:~# </programlisting>
<para></para>
<para/>
</section>
<section id="faq19">

2
docs/Manpages.xml
View File

@ -37,7 +37,7 @@
<warning>
<para>These manpages are for Shorewall 5.0 and later only. They describe
features and options not available on earlier releases. The manpages for
Shorewall 4.4-4.6 are available<ulink url="/Manpages4/Manpages.html">
Shorewall 4.4-4.6 are available<ulink url="/manpages4/Manpages.html">
here</ulink>.</para>
</warning>

2
docs/Manpages6.xml
View File

@ -38,7 +38,7 @@
<para>These manpages are for Shorewall6 5.0 and later only. They describe
features and options not available on earlier releases.The manpages for
Shorewall 4.4-4.6 are available <ulink
url="/Manpages4/Manpages.html">here</ulink>.</para>
url="/manpages4/Manpages.html">here</ulink>.</para>
</warning>
<section id="Section5">

6
docs/Shorewall-Lite.xml
View File

@ -191,7 +191,7 @@
configuring Shorewall on the firewall system itself</emphasis>).
It's a good idea to include the IP address of the administrative
system in the <ulink
url="manpages/shorewall-routestopped.html"><filename>routestopped</filename>
url="manpages/shorewall-stoppedrules.html"><filename>stoppedrules</filename>
file</ulink>.</para>
<para>It is important to understand that with Shorewall Lite,
@ -412,7 +412,7 @@
<para>Be sure that the IP address of the administrative system is
included in the firewall's export directory
<filename>routestopped</filename> file.</para>
<filename>stoppedrules</filename> file.</para>
<programlisting><command>shorewall stop</command></programlisting>
@ -433,7 +433,7 @@
<para>It's a good idea to include the IP address of the
administrative system in the firewall system's <ulink
url="manpages/shorewall-routestopped.html"><filename>routestopped</filename>
url="manpages/shorewall-stoppedrules.html"><filename>stoppedrules</filename>
file</ulink>.</para>
<para>Also, edit the <filename>shorewall.conf</filename> file in

4
docs/ipsets.xml
View File

@ -146,8 +146,10 @@ ACCEPT net:+sshok $FW tcp 22</programlisting></para>
<listitem>
<para>You cannot use an ipset in <ulink
url="manpages/shorewall-stoppedulres.html">shorewall-stoppedrules</ulink>
(5) (<ulink
url="manpages/shorewall-routestopped.html">shorewall-routestopped</ulink>
(5).</para>
(5)).</para>
</listitem>
<listitem>

4
docs/shorewall_extension_scripts.xml
View File

@ -174,8 +174,8 @@ esac</programlisting><caution>
indeterminate. So if you have ADMINISABSENTMINDED=No in <ulink
url="manpages/shorewall.conf.html">shorewall.conf</ulink>(8) and
output on an interface is not allowed by <ulink
url="manpages/shorewall.conf.html">routestopped</ulink>(8) then
the isuasable script must blow it's own holes in the firewall
url="manpages/shorewall-stoppedrules.html">stoppedrules</ulink>(8)
then the isuasable script must blow it's own holes in the firewall
before probing.</para>
</caution></para>
</listitem>

15
docs/shorewall_setup_guide.xml
View File

@ -2400,9 +2400,9 @@ foobar.net. 86400 IN A 192.0.2.177
<para>The firewall is started using the <quote>shorewall start</quote>
command and stopped using <quote>shorewall stop</quote>. When the firewall
is stopped, routing is enabled on those hosts that have an entry in
is stopped, routing is enabled on those hosts that have an ACCEPT entry in
<filename><ulink
url="manpages/shorewall-routestopped.html">/etc/shorewall/routestopped</ulink></filename>.
url="manpages/shorewall-stoppedrules.html">/etc/shorewall/stoppedrules</ulink></filename>.
A running firewall may be restarted using the <quote>shorewall
restart</quote> command. If you want to totally remove any trace of
Shorewall from your Netfilter configuration, use <quote>shorewall
@ -2411,15 +2411,16 @@ foobar.net. 86400 IN A 192.0.2.177
<para><inlinegraphic fileref="images/BD21298_.gif"/></para>
<para>Edit the <filename><ulink
url="manpages/shorewall-routestopped.html">/etc/shorewall/routestopped</ulink></filename>
file and configure those systems that you want to be able to access the
firewall when it is stopped.</para>
url="manpages/shorewall-stoppedrules.html">/etc/shorewall/stoppedrules</ulink></filename>
file and add ACCEPT rules for those systems that you want to be able to
access the firewall when it is stopped.</para>
<caution>
<para>If you are connected to your firewall from the Internet, do not
issue a <quote>shorewall stop</quote> command unless you have added an
entry for the IP address that you are connected from to <filename><ulink
url="manpages/shorewall-routestopped.html">/etc/shorewall/routestopped</ulink></filename>.
ACCEPT entry for the IP address that you are connected from to
<filename><ulink
url="manpages/shorewall-stoppedrules.html">/etc/shorewall/stoppedrules</ulink></filename>.
Also, I don't recommend using <quote>shorewall restart</quote>; it is
better to create an <ulink
url="starting_and_stopping_shorewall.htm"><emphasis>an alternate

5
docs/standalone.xml
View File

@ -119,8 +119,7 @@
<title>Conventions</title>
<para>Points at which configuration changes are recommended are flagged
with <inlinegraphic fileref="images/BD21298_.gif"
format="GIF" />.</para>
with <inlinegraphic fileref="images/BD21298_.gif" format="GIF"/>.</para>
<para>Configuration notes that are unique to Debian and it's derivatives
are marked with <inlinegraphic fileref="images/openlogo-nd-25.png"
@ -610,7 +609,7 @@ SSH(ACCEPT) net $FW </programlisting>
<para>The firewall is started using the <quote><command>shorewall
start</command></quote> command and stopped using
<quote><command>shorewall stop</command></quote>. When the firewall is
stopped, routing is enabled on those hosts that have an entry in
stopped, traffic is enabled on those hosts that have an entry in
<filename><ulink
url="manpages/shorewall-stoppedrules.html">/etc/shorewall/stoppedrules</ulink></filename>
(<filename><ulink

6
docs/starting_and_stopping_shorewall.xml
View File

@ -151,7 +151,7 @@
all Netfilter rules and open your firewall for all traffic to pass.
It rather places your firewall in a safe state defined by the
contents of your <ulink
url="manpages/shorewall-routestopped.html">/etc/shorewall/routestopped</ulink>
url="manpages/shorewall-stoppedrules.html">/etc/shorewall/stoppedrules</ulink>
file and the setting of ADMINISABSENTMINDED in <ulink
url="manpages/shorewall.conf.html">/etc/shorewall/shorewall.conf</ulink>.</para>
</important>
@ -638,8 +638,8 @@
<entry>firewall stop</entry>
<entry>Only traffic to/from hosts listed in
/etc/shorewall/routestopped is passed to/from/through the
<entry>Only traffic allowed by ACCEPT entries in
/etc/shorewall/stoppedrules is passed to/from/through the
firewall. If ADMINISABSENTMINDED=Yes in
/etc/shorewall/shorewall.conf then in addition, all existing
connections are retained and all connection requests from the