Merge branch 'master' of ssh://teastep@shorewall.git.sourceforge.net/gitroot/shorewall/shorewall

This commit is contained in:
Tom Eastep 2009-10-13 17:51:45 -07:00
commit 94d039bf56
8 changed files with 19 additions and 19 deletions

View File

@ -161,7 +161,7 @@ loc eth2 -</programlisting>
<para>Only those interfaces with the
<option>arp_filter</option> option will have their setting
changes; the value assigned to the setting will be the value
changed; the value assigned to the setting will be the value
specified (if any) or 1 if no value is given.</para>
<para></para>
@ -188,7 +188,7 @@ loc eth2 -</programlisting>
<para>2 - reply only if the target IP address is local address
configured on the incoming interface and the sender's IP
address is part from same subnet on this interface</para>
address is part from same subnet on this interface's address</para>
<para>3 - do not reply for local addresses configured with
scope host, only resolutions for global and link</para>
@ -290,11 +290,11 @@ loc eth2 -</programlisting>
role="bold">logmartians</emphasis>. Even if you do not specify
the <option>routefilter</option> option, it is a good idea to
specify <option>logmartians</option> because your distribution
may be enabling route filtering without you knowing it.</para>
may have enabled route filtering without you knowing it.</para>
<para>Only those interfaces with the
<option>logmartians</option> option will have their setting
changes; the value assigned to the setting will be the value
changed; the value assigned to the setting will be the value
specified (if any) or 1 if no value is given.</para>
<para>To find out if route filtering is set on a given
@ -510,12 +510,12 @@ loc eth2 -</programlisting>
(sets
/proc/sys/net/ipv4/conf/<emphasis>interface</emphasis>/accept_source_route
to 1). Only set this option if you know what you are doing.
This might represent a security risk and is not usually
needed.</para>
This might represent a security risk and is usually
unneeded.</para>
<para>Only those interfaces with the
<option>sourceroute</option> option will have their setting
changes; the value assigned to the setting will be the value
changed; the value assigned to the setting will be the value
specified (if any) or 1 if no value is given.</para>
<para></para>
@ -579,7 +579,7 @@ loc eth2 -</programlisting>
<listitem>
<para>Suppose you have eth0 connected to a DSL modem and eth1
connected to your local network and that your local subnet is
192.168.1.0/24. The interface gets it's IP address via DHCP from
192.168.1.0/24. The interface gets its IP address via DHCP from
subnet 206.191.149.192/27. You have a DMZ with subnet 192.168.2.0/24
using eth2.</para>

View File

@ -409,7 +409,7 @@
<para>Only locally-generated connections will match if this column
is non-empty.</para>
<para>When this column is non-empty, the rule applies only if the
<para>When this column is non-empty, the rule matches only if the
program generating the output is running under the effective
<emphasis>user</emphasis> and/or <emphasis>group</emphasis>
specified (or is NOT running under that id if "!" is given).</para>

View File

@ -63,7 +63,7 @@
role="bold">:</emphasis>[<emphasis>digit</emphasis>]]</term>
<listitem>
<para>Interfacees that have the <emphasis
<para>Interfaces that have the <emphasis
role="bold">EXTERNAL</emphasis> address. If ADD_IP_ALIASES=Yes in
<ulink url="shorewall.conf.html">shorewall.conf</ulink>(5),
Shorewall will automatically add the EXTERNAL address to this

View File

@ -43,7 +43,7 @@
<para>Must be DNAT or SNAT.</para>
<para>If DNAT, traffic entering INTERFACE and addressed to NET1 has
it's destination address rewritten to the corresponding address in
its destination address rewritten to the corresponding address in
NET2.</para>
<para>If SNAT, traffic leaving INTERFACE with a source address in

View File

@ -41,7 +41,7 @@
<para>For $FW and for all of the zones defined in /etc/shorewall/zones,
the POLICY for connections from the zone to itself is ACCEPT (with no
logging or TCP connection rate limiting but may be overridden by an
logging or TCP connection rate limiting) but may be overridden by an
entry in this file. The overriding entry must be explicit (cannot use
"all" in the SOURCE or DEST).</para>
@ -95,7 +95,7 @@
<listitem>
<para>Policy if no match from the rules file is found.</para>
<para>If the policy is other than CONTINUE or NONE then the policy
<para>If the policy is neither CONTINUE nor NONE then the policy
may be followed by ":" and one of the following:</para>
<orderedlist numeration="loweralpha">

View File

@ -175,7 +175,7 @@
specified will get outbound traffic load-balanced among them.
By default, all interfaces with <option>balance</option>
specified will have the same weight (1). You can change the
weight of an interface by specifiying
weight of an interface by specifying
<option>balance=</option><replaceable>weight</replaceable>
where <replaceable>weight</replaceable> is the weight of the
route out of this interface.</para>

View File

@ -67,8 +67,8 @@
or <emphasis role="bold">yes</emphasis> in this column. Otherwise,
enter <emphasis role="bold">no</emphasis> or <emphasis
role="bold">No</emphasis> or leave the column empty and Shorewall
will add the route for you. If Shorewall adds the route,the route
will be persistent if the <emphasis
will add the route for you. If Shorewall adds the route, its
persistence depends on the value of the<emphasis
role="bold">PERSISTENT</emphasis> column contains <emphasis
role="bold">Yes</emphasis>; otherwise, <emphasis
role="bold">shorewall stop</emphasis> or <emphasis

View File

@ -68,7 +68,7 @@
(although it probably isn't installed by default). Ulogd is also available
from <ulink
url="http://www.netfilter.org/projects/ulogd/index.html">http://www.netfilter.org/projects/ulogd/index.html</ulink>
and can be configured to log all Shorewall message to their own log
and can be configured to log all Shorewall messages to their own log
file</para>
<para>The following options may be set in shorewall.conf.</para>
@ -262,7 +262,7 @@
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
<listitem>
<para>If set, the behavior of the 'start' command is change; if no
<para>If set, the behavior of the 'start' command is changed; if no
files in /etc/shorewall have been changed since the last successful
<command>start</command> or <command>restart</command> command, then
the compilation step is skipped and the compiled script that
@ -362,7 +362,7 @@
<listitem>
<para>If this option is set to <emphasis role="bold">No</emphasis>
then Shorewall won't clear the current traffic control rules during
[re]start. This setting is intended for use by people that prefer to
[re]start. This setting is intended for use by people who prefer to
configure traffic shaping when the network interfaces come up rather
than when the firewall is started. If that is what you want to do,
set TC_ENABLED=Yes and CLEAR_TC=No and do not supply an