diff --git a/docs/GettingStarted.xml b/docs/GettingStarted.xml index 481bba0d1..4780e231c 100644 --- a/docs/GettingStarted.xml +++ b/docs/GettingStarted.xml @@ -20,6 +20,8 @@ 2006 + 2007 + Thomas M. Eastep @@ -34,113 +36,147 @@ -
- Getting Started + Please read this short article first. - If you are new to Shorewall, please read these two articles - first. + + + Introduction to + Shorewall + + - - - Introduction to - Shorewall - + Next, read the QuickStart Guide that is appropriate for your + configuration: - - QuickStart Guides - (HOWTOs) - - + If you have only one public IP + address: - The following articles are also recommended reading for - newcomers. + + + Standalone Linux System with a + single network interface (Version + Française) (Russian + Version) Version en + Español + - - - Configuration File - Basics
- - - - - Man - Pages + + Two-interface Linux System + acting as a firewall/router for a small local network (Version Française) (Russian Version) + - Using MAC - Addresses in Shorewall - + + Three-interface Linux + System acting as a firewall/router for a small local network and a DMZ.. + (Version Française) (Russian Version) + + - - Comments in - configuration files + If you have more than one public IP + address: - Using - Shell Variables - + + + The Shorewall Setup + Guide (Version + Française) outlines the steps necessary to set up a firewall + where there are multiple public IP addresses involved or if you want to + learn more about Shorewall than is explained in the single-address + guides above. + + - - Attach - Comment to Netfilter Rules + The following articles are also recommended reading for + newcomers. - Using DNS - Names - + + + Configuration File + Basics
+ + + + + Man + Pages - - Line - Continuation + Using MAC + Addresses in Shorewall + - Complementing - an IP address or Subnet - + + Comments in + configuration files - - INCLUDE - Directive + Using Shell + Variables + - IP Address - Ranges - + + Attach Comment + to Netfilter Rules - - Port - Numbers/Service Names + Using DNS + Names + - Shorewall - Configurations (making a test - configuration) - + + Line + Continuation - - Port - Ranges + Complementing + an IP address or Subnet + - - - - - -
- + + INCLUDE + Directive - - PPPPPPPS ( or, Paul's Principles for Practical Provision of - Packet Processing with Shorewall ) http://linuxman.wikispaces.com/PPPPPPS - - -
+ IP Address + Ranges + + + + Port + Numbers/Service Names + + Shorewall + Configurations (making a test + configuration) + + + + Port + Ranges + + + + + + + + + + + PPPPPPPS ( or, Paul's Principles for Practical Provision of Packet + Processing with Shorewall ) http://linuxman.wikispaces.com/PPPPPPS + + \ No newline at end of file diff --git a/docs/Introduction.xml b/docs/Introduction.xml index 743a2e203..1b74145d9 100644 --- a/docs/Introduction.xml +++ b/docs/Introduction.xml @@ -61,6 +61,13 @@ to the combination of iptables+Netfilter (with Netfilter not in ipchains compatibility mode). + + + iptables-restore - a program included with iptables that + allows for atomic installation of a set of Netfilter rules. This is + a much more efficient way to install a ruleset than running the + iptables utility once for each rule in the ruleset. + @@ -71,12 +78,12 @@ Shorewall, is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and - with the help of the iptables utility, Shorewall configures Netfilter to - match your requirements. Shorewall can be used on a dedicated firewall - system, a multi-function gateway/router/server or on a standalone - GNU/Linux system. Shorewall does not use Netfilter's ipchains - compatibility mode and can thus take advantage of Netfilter's connection - state tracking capabilities. + with the help of the iptables and iptables-restore utilities, Shorewall + configures Netfilter to match your requirements. Shorewall can be used + on a dedicated firewall system, a multi-function gateway/router/server + or on a standalone GNU/Linux system. Shorewall does not use Netfilter's + ipchains compatibility mode and can thus take advantage of Netfilter's + connection state tracking capabilities. Shorewall is not a daemon. Once Shorewall has configured Netfilter, its job is complete and there is no Shorewall @@ -340,7 +347,8 @@ ACCEPT net $FW tcp 22 to Shorewall-shell written in the Perl language. This compiler is highly portable to those Unix-like platforms that support Perl (including Cygwin) and is the compiler of choice for new Shorewall - installations. + installations. Scripts created using Shorewall-perl use + iptables-restore to install the generated Netfilter ruleset. @@ -353,9 +361,6 @@ ACCEPT net $FW tcp 22 Shorewall-lite. - - It is suggested that new users install Shorewall and - Shorewall-perl
diff --git a/docs/Manpages.xml b/docs/Manpages.xml index d409daa6f..042850e84 100644 --- a/docs/Manpages.xml +++ b/docs/Manpages.xml @@ -51,121 +51,133 @@
Section 5 — Files and Concepts - - accounting - Define IP - accounting rules. +
+ + accounting - Define + IP accounting rules. - actions - - Declare user-defined actions. + actions - + Declare user-defined actions. - blacklist - - Static blacklisting. + blacklist - Static + blacklisting. - ecn - Disabling - Explicit Congestion Notification + ecn - + Disabling Explicit Congestion Notification - exclusion - - Excluding hosts from a network or zone + exclusion - Excluding + hosts from a network or zone - hosts - - Define multiple zones accessed through a single interface + hosts - + Define multiple zones accessed through a single interface - interfaces - Define the - interfaces on the system and optionally associate them with - zones. + interfaces - Define + the interfaces on the system and optionally associate them with + zones. - maclist - - Define MAC verification. + maclist - + Define MAC verification. - masq - Define - Masquerade/SNAT + masq - + Define Masquerade/SNAT - modules - - Specify which kernel modules to load. + modules - + Specify which kernel modules to load. - nat - Define - one-to-one NAT. + nat - Define + one-to-one NAT. - nesting - - How to define nested zones. + nesting - + How to define nested zones. - netmap - How - to map addresses from one net to another. + netmap - + How to map addresses from one net to another. - params - - Assign values to shell variables used in other files. + params - + Assign values to shell variables used in other files. - policy - - Define high-level policies for connections between zones. + policy - + Define high-level policies for connections between zones. - providers - - Define routing tables, usually for mutliple internet links. + providers - Define + routing tables, usually for mutliple internet links. - proxyarp - - Define Proxy ARP. + proxyarp + - Define Proxy ARP. - rfc1918 - - Specify address ranges affected by the - interface option. + rfc1918 - + Specify address ranges affected by the + interface option. - route_rules - Define - routing rules. + route_rules - Define + routing rules. - routestopped - - Specify connections to be permitted when Shorewall is in the stopped - state. + routestopped - + Specify connections to be permitted when Shorewall is in the stopped + state. - rules - - Specify exceptions to policies, including DNAT and REDIRECT. + rules - + Specify exceptions to policies, including DNAT and REDIRECT. - tcclasses - - Define htb classes for traffic shaping. + tcclasses - Define htb + classes for traffic shaping. - tcdevices - - Specify speed of devices for traffic shaping. + tcdevices - Specify + speed of devices for traffic shaping. - tcrules - - Define packet marking rules, usually for traffic shaping. + tcrules - + Define packet marking rules, usually for traffic shaping. - tos - Define - TOS field manipulation. + tos - Define + TOS field manipulation. - tunnels - - Define VPN connections with endpoints on the firewall. + tunnels - + Define VPN connections with endpoints on the firewall. - shorewall.conf - - Specify values for global Shorewall options. + shorewall.conf - Specify + values for global Shorewall options. - shorewall-lite.conf - - Specify values for global Shorewall Lite options. + shorewall-lite.conf - + Specify values for global Shorewall Lite options. - vardir - - Redefine the directory where Shorewall keeps its state - information. + vardir - + Redefine the directory where Shorewall keeps its state + information. - vardir-lite - Redefine - the directory where Shorewall Lite keeps its state information. + vardir-lite - + Redefine the directory where Shorewall Lite keeps its state + information. - zones - - Declare Shorewall zones.l - + zones - + Declare Shorewall zones. + +
Section 8 — Administrative Commands - - shorewall - - /sbin/shorewall command syntax and semantics. +
+ + shorewall - + /sbin/shorewall command syntax and semantics. - shorewall-lite - - /sbin/shorewall-lite command syntax and semantics. - + shorewall-lite - + /sbin/shorewall-lite command syntax and semantics. + +
\ No newline at end of file diff --git a/manpages/shorewall.conf.xml b/manpages/shorewall.conf.xml index 225b9ae00..58fd22a61 100644 --- a/manpages/shorewall.conf.xml +++ b/manpages/shorewall.conf.xml @@ -127,7 +127,8 @@ a) The name of an action. - b) The name of a macro + b) The name of a macro + (Shorewall-shell only) c) None or none diff --git a/web/Documentation.html b/web/Documentation.html index 7dd35e98e..bb7adba13 100644 --- a/web/Documentation.html +++ b/web/Documentation.html @@ -22,7 +22,7 @@ href="GnuCopyright.htm" target="_self">GNU Free Documentation License”.

-

2007-07-13
+

2007-08-01


@@ -41,7 +41,7 @@ License”.
HOWTOs

Shorewall 3.x

-

Shorewall 4.x

+

Shorewall 4.x

  • Man Pages -- Online version of the manpages released with Shorewall 3.4.0 and later