From 981e337c418e6f425d4c20dd6046afb9b7a62c40 Mon Sep 17 00:00:00 2001
From: teastep
Date: Wed, 1 Aug 2007 22:11:34 +0000
Subject: [PATCH] Document/manpage updates
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7025 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
docs/GettingStarted.xml | 216 +++++++++++++++++++++---------------
docs/Introduction.xml | 25 +++--
docs/Manpages.xml | 172 +++++++++++++++-------------
manpages/shorewall.conf.xml | 3 +-
web/Documentation.html | 4 +-
5 files changed, 237 insertions(+), 183 deletions(-)
diff --git a/docs/GettingStarted.xml b/docs/GettingStarted.xml
index 481bba0d1..4780e231c 100644
--- a/docs/GettingStarted.xml
+++ b/docs/GettingStarted.xml
@@ -20,6 +20,8 @@
2006
+ 2007
+
Thomas M. Eastep
@@ -34,113 +36,147 @@
-
- Getting Started
+ Please read this short article first.
- If you are new to Shorewall, please read these two articles
- first.
+
+
+ Introduction to
+ Shorewall
+
+
-
-
- Introduction to
- Shorewall
-
+ Next, read the QuickStart Guide that is appropriate for your
+ configuration:
-
- QuickStart Guides
- (HOWTOs)
-
-
+ If you have only one public IP
+ address:
- The following articles are also recommended reading for
- newcomers.
+
+
+ Standalone Linux System with a
+ single network interface (Version
+ Française) (Russian
+ Version)Version en
+ Español
+
-
-
- Configuration File
- Basics
-
-
-
-
- Man
- Pages
+
+ Two-interface Linux System
+ acting as a firewall/router for a small local network (Version Française) (Russian Version)
+
- Using MAC
- Addresses in Shorewall
-
+
+ Three-interface Linux
+ System acting as a firewall/router for a small local network and a DMZ..
+ (Version Française) (Russian Version)
+
+
-
- Comments in
- configuration files
+ If you have more than one public IP
+ address:
- Using
- Shell Variables
-
+
+
+ The Shorewall Setup
+ Guide (Version
+ Française) outlines the steps necessary to set up a firewall
+ where there are multiple public IP addresses involved or if you want to
+ learn more about Shorewall than is explained in the single-address
+ guides above.
+
+
-
- Attach
- Comment to Netfilter Rules
+ The following articles are also recommended reading for
+ newcomers.
- Using DNS
- Names
-
+
+
+ Configuration File
+ Basics
+
+
+
+
+ Man
+ Pages
-
- Line
- Continuation
+ Using MAC
+ Addresses in Shorewall
+
- Complementing
- an IP address or Subnet
-
+
+ Comments in
+ configuration files
-
- INCLUDE
- Directive
+ Using Shell
+ Variables
+
- IP Address
- Ranges
-
+
+ Attach Comment
+ to Netfilter Rules
-
- Port
- Numbers/Service Names
+ Using DNS
+ Names
+
- Shorewall
- Configurations (making a test
- configuration)
-
+
+ Line
+ Continuation
-
- Port
- Ranges
+ Complementing
+ an IP address or Subnet
+
-
-
-
-
-
-
-
+
+ INCLUDE
+ Directive
-
- PPPPPPPS ( or, Paul's Principles for Practical Provision of
- Packet Processing with Shorewall ) http://linuxman.wikispaces.com/PPPPPPS
-
-
-
+ IP Address
+ Ranges
+
+
+
+ Port
+ Numbers/Service Names
+
+ Shorewall
+ Configurations (making a test
+ configuration)
+
+
+
+ Port
+ Ranges
+
+
+
+
+
+
+
+
+
+
+ PPPPPPPS ( or, Paul's Principles for Practical Provision of Packet
+ Processing with Shorewall ) http://linuxman.wikispaces.com/PPPPPPS
+
+
\ No newline at end of file
diff --git a/docs/Introduction.xml b/docs/Introduction.xml
index 743a2e203..1b74145d9 100644
--- a/docs/Introduction.xml
+++ b/docs/Introduction.xml
@@ -61,6 +61,13 @@
to the combination of iptables+Netfilter (with Netfilter not in
ipchains compatibility mode).
+
+
+ iptables-restore - a program included with iptables that
+ allows for atomic installation of a set of Netfilter rules. This is
+ a much more efficient way to install a ruleset than running the
+ iptables utility once for each rule in the ruleset.
+
@@ -71,12 +78,12 @@
Shorewall, is high-level tool for configuring Netfilter.
You describe your firewall/gateway requirements using entries in a set
of configuration files. Shorewall reads those configuration files and
- with the help of the iptables utility, Shorewall configures Netfilter to
- match your requirements. Shorewall can be used on a dedicated firewall
- system, a multi-function gateway/router/server or on a standalone
- GNU/Linux system. Shorewall does not use Netfilter's ipchains
- compatibility mode and can thus take advantage of Netfilter's connection
- state tracking capabilities.
+ with the help of the iptables and iptables-restore utilities, Shorewall
+ configures Netfilter to match your requirements. Shorewall can be used
+ on a dedicated firewall system, a multi-function gateway/router/server
+ or on a standalone GNU/Linux system. Shorewall does not use Netfilter's
+ ipchains compatibility mode and can thus take advantage of Netfilter's
+ connection state tracking capabilities.
Shorewall is not a daemon. Once Shorewall has configured
Netfilter, its job is complete and there is no Shorewall
@@ -340,7 +347,8 @@ ACCEPT net $FW tcp 22
to Shorewall-shell written in the Perl language. This compiler is
highly portable to those Unix-like platforms that support Perl
(including Cygwin) and is the compiler of choice for new Shorewall
- installations.
+ installations. Scripts created using Shorewall-perl use
+ iptables-restore to install the generated Netfilter ruleset.
@@ -353,9 +361,6 @@ ACCEPT net $FW tcp 22
Shorewall-lite.
-
- It is suggested that new users install Shorewall and
- Shorewall-perl
diff --git a/docs/Manpages.xml b/docs/Manpages.xml
index d409daa6f..042850e84 100644
--- a/docs/Manpages.xml
+++ b/docs/Manpages.xml
@@ -51,121 +51,133 @@
Section 5 — Files and Concepts
-
- accounting - Define IP
- accounting rules.
+
+
+ accounting - Define
+ IP accounting rules.
- actions -
- Declare user-defined actions.
+ actions -
+ Declare user-defined actions.
- blacklist
- - Static blacklisting.
+ blacklist - Static
+ blacklisting.
- ecn - Disabling
- Explicit Congestion Notification
+ ecn -
+ Disabling Explicit Congestion Notification
- exclusion
- - Excluding hosts from a network or zone
+ exclusion - Excluding
+ hosts from a network or zone
- hosts -
- Define multiple zones accessed through a single interface
+ hosts -
+ Define multiple zones accessed through a single interface
- interfaces - Define the
- interfaces on the system and optionally associate them with
- zones.
+ interfaces - Define
+ the interfaces on the system and optionally associate them with
+ zones.
- maclist -
- Define MAC verification.
+ maclist -
+ Define MAC verification.
- masq - Define
- Masquerade/SNAT
+ masq -
+ Define Masquerade/SNAT
- modules -
- Specify which kernel modules to load.
+ modules -
+ Specify which kernel modules to load.
- nat - Define
- one-to-one NAT.
+ nat - Define
+ one-to-one NAT.
- nesting -
- How to define nested zones.
+ nesting -
+ How to define nested zones.
- netmap - How
- to map addresses from one net to another.
+ netmap -
+ How to map addresses from one net to another.
- params -
- Assign values to shell variables used in other files.
+ params -
+ Assign values to shell variables used in other files.
- policy -
- Define high-level policies for connections between zones.
+ policy -
+ Define high-level policies for connections between zones.
- providers
- - Define routing tables, usually for mutliple internet links.
+ providers - Define
+ routing tables, usually for mutliple internet links.
- proxyarp -
- Define Proxy ARP.
+ proxyarp
+ - Define Proxy ARP.
- rfc1918 -
- Specify address ranges affected by the
- interface option.
+ rfc1918 -
+ Specify address ranges affected by the
+ interface option.
- route_rules - Define
- routing rules.
+ route_rules - Define
+ routing rules.
- routestopped -
- Specify connections to be permitted when Shorewall is in the stopped
- state.
+ routestopped -
+ Specify connections to be permitted when Shorewall is in the stopped
+ state.
- rules -
- Specify exceptions to policies, including DNAT and REDIRECT.
+ rules -
+ Specify exceptions to policies, including DNAT and REDIRECT.
- tcclasses
- - Define htb classes for traffic shaping.
+ tcclasses - Define htb
+ classes for traffic shaping.
- tcdevices
- - Specify speed of devices for traffic shaping.
+ tcdevices - Specify
+ speed of devices for traffic shaping.
- tcrules -
- Define packet marking rules, usually for traffic shaping.
+ tcrules -
+ Define packet marking rules, usually for traffic shaping.
- tos - Define
- TOS field manipulation.
+ tos - Define
+ TOS field manipulation.
- tunnels -
- Define VPN connections with endpoints on the firewall.
+ tunnels -
+ Define VPN connections with endpoints on the firewall.
- shorewall.conf
- - Specify values for global Shorewall options.
+ shorewall.conf - Specify
+ values for global Shorewall options.
- shorewall-lite.conf -
- Specify values for global Shorewall Lite options.
+ shorewall-lite.conf -
+ Specify values for global Shorewall Lite options.
- vardir -
- Redefine the directory where Shorewall keeps its state
- information.
+ vardir -
+ Redefine the directory where Shorewall keeps its state
+ information.
- vardir-lite - Redefine
- the directory where Shorewall Lite keeps its state information.
+ vardir-lite -
+ Redefine the directory where Shorewall Lite keeps its state
+ information.
- zones -
- Declare Shorewall zones.l
-
+ zones -
+ Declare Shorewall zones.
+
+
+ shorewall -
+ /sbin/shorewall command syntax and semantics.
- shorewall-lite
- - /sbin/shorewall-lite command syntax and semantics.
-
+ shorewall-lite -
+ /sbin/shorewall-lite command syntax and semantics.
+
+
\ No newline at end of file
diff --git a/manpages/shorewall.conf.xml b/manpages/shorewall.conf.xml
index 225b9ae00..58fd22a61 100644
--- a/manpages/shorewall.conf.xml
+++ b/manpages/shorewall.conf.xml
@@ -127,7 +127,8 @@
a) The name of an
action.
- b) The name of a macro
+ b) The name of a macro
+ (Shorewall-shell only)c) None or none
diff --git a/web/Documentation.html b/web/Documentation.html
index 7dd35e98e..bb7adba13 100644
--- a/web/Documentation.html
+++ b/web/Documentation.html
@@ -22,7 +22,7 @@ href="GnuCopyright.htm" target="_self">GNU Free Documentation
License”.