Add FAQ 69

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7361 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-22 15:43:30 +01:00 · 2007-09-18 18:38:27 +00:00 · 2007-09-18 18:38:27 +00:00 · 8f152d554a
commit 8f152d554a
parent 8382d4efb8
2 changed files with 16 additions and 8 deletions
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@ -1653,6 +1653,14 @@ Creating input Chains...
      url="Shorewall-perl.html">Shorewall-perl</ulink>.</para>
    </section>

+    <section id="faq69">
+      <title>(FAQ 69) When I restart Shorewall, new connections are blocked
+      for a long time. Is there a way to avoid that?</title>
+
+      <para><emphasis role="bold">Answer</emphasis>: Switch to using <ulink
+      url="Shorewall-perl.html">Shorewall-perl</ulink>.</para>
+    </section>
+
    <section id="faq43">
      <title>(FAQ 43) I just installed the Shorewall RPM and Shorewall doesn't
      start at boot time.</title>
@ -1756,7 +1764,7 @@ iptables: Invalid argument
      the following message:</title>

      <para>ERROR: Command "/sbin/iptables -A FORWARD -m state --state
-      ESTABLISHED,RELATED -j ACCEPT"</para>
+      ESTABLISHED,RELATED -j ACCEPT" failed.</para>

      <para><emphasis role="bold">Answer</emphasis>: At a root shell prompt,
      type the iptables command shown in the error message. If the command
--- a/docs/Shorewall-perl.xml
+++ b/docs/Shorewall-perl.xml
@ -127,9 +127,9 @@

        <listitem>
          <para>The BROADCAST column in the interfaces file is essentially
-          unused; if you enter anything in this column but '-' or 'detect',
-          you will receive a warning. This will be relaxed if and when the
-          addrtype match requirement is relaxed.</para>
+          unused if your kernel/iptables has Address Type Match support. If
+          that support is present and you enter anything in this column but
+          '-' or 'detect', you will receive a warning.</para>
        </listitem>

        <listitem>
@ -158,7 +158,7 @@
          into the compiled script and executed at run-time. In many cases,
          this approach doesn't work with Shorewall Perl because (almost) the
          entire ruleset is built by the compiler. As a result, Shorewall-perl
-          runs many extension scripts at compile-time rather than at run-time.
+          runs some extension scripts at compile-time rather than at run-time.
          Because the compiler is written in Perl, your extension scripts from
          earlier versions will no longer work.</para>

@ -167,8 +167,8 @@
              <tgroup cols="3">
                <tbody>
                  <row>
-                    <entry><emphasis
-                    role="bold">Compile-time</emphasis></entry>
+                    <entry><emphasis role="bold">Compile-time (Must be written
+                    in Perl)</emphasis></entry>

                    <entry><emphasis role="bold">Run-time</emphasis></entry>

@ -282,7 +282,7 @@
          </simplelist>

          <para>The log_rule_limit function works like it does in the shell
-          compiler with two exceptions:</para>
+          compiler with three exceptions:</para>

          <itemizedlist>
            <listitem>