mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 22:30:58 +01:00
Add FAQ 69
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7361 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
8382d4efb8
commit
8f152d554a
10
docs/FAQ.xml
10
docs/FAQ.xml
@ -1653,6 +1653,14 @@ Creating input Chains...
|
||||
url="Shorewall-perl.html">Shorewall-perl</ulink>.</para>
|
||||
</section>
|
||||
|
||||
<section id="faq69">
|
||||
<title>(FAQ 69) When I restart Shorewall, new connections are blocked
|
||||
for a long time. Is there a way to avoid that?</title>
|
||||
|
||||
<para><emphasis role="bold">Answer</emphasis>: Switch to using <ulink
|
||||
url="Shorewall-perl.html">Shorewall-perl</ulink>.</para>
|
||||
</section>
|
||||
|
||||
<section id="faq43">
|
||||
<title>(FAQ 43) I just installed the Shorewall RPM and Shorewall doesn't
|
||||
start at boot time.</title>
|
||||
@ -1756,7 +1764,7 @@ iptables: Invalid argument
|
||||
the following message:</title>
|
||||
|
||||
<para>ERROR: Command "/sbin/iptables -A FORWARD -m state --state
|
||||
ESTABLISHED,RELATED -j ACCEPT"</para>
|
||||
ESTABLISHED,RELATED -j ACCEPT" failed.</para>
|
||||
|
||||
<para><emphasis role="bold">Answer</emphasis>: At a root shell prompt,
|
||||
type the iptables command shown in the error message. If the command
|
||||
|
@ -127,9 +127,9 @@
|
||||
|
||||
<listitem>
|
||||
<para>The BROADCAST column in the interfaces file is essentially
|
||||
unused; if you enter anything in this column but '-' or 'detect',
|
||||
you will receive a warning. This will be relaxed if and when the
|
||||
addrtype match requirement is relaxed.</para>
|
||||
unused if your kernel/iptables has Address Type Match support. If
|
||||
that support is present and you enter anything in this column but
|
||||
'-' or 'detect', you will receive a warning.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
@ -158,7 +158,7 @@
|
||||
into the compiled script and executed at run-time. In many cases,
|
||||
this approach doesn't work with Shorewall Perl because (almost) the
|
||||
entire ruleset is built by the compiler. As a result, Shorewall-perl
|
||||
runs many extension scripts at compile-time rather than at run-time.
|
||||
runs some extension scripts at compile-time rather than at run-time.
|
||||
Because the compiler is written in Perl, your extension scripts from
|
||||
earlier versions will no longer work.</para>
|
||||
|
||||
@ -167,8 +167,8 @@
|
||||
<tgroup cols="3">
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><emphasis
|
||||
role="bold">Compile-time</emphasis></entry>
|
||||
<entry><emphasis role="bold">Compile-time (Must be written
|
||||
in Perl)</emphasis></entry>
|
||||
|
||||
<entry><emphasis role="bold">Run-time</emphasis></entry>
|
||||
|
||||
@ -282,7 +282,7 @@
|
||||
</simplelist>
|
||||
|
||||
<para>The log_rule_limit function works like it does in the shell
|
||||
compiler with two exceptions:</para>
|
||||
compiler with three exceptions:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
|
Loading…
Reference in New Issue
Block a user