Document/manpage updates

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7025 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

docs/GettingStarted.xml

@@ -20,6 +20,8 @@
     <copyright>
       <year>2006</year>
 
+      <year>2007</year>
+
       <holder>Thomas M. Eastep</holder>
     </copyright>
 
@@ -34,21 +36,56 @@
     </legalnotice>
   </articleinfo>
 
-  <section id="GettingStarted">
+  <para>Please read this short article first.</para>
-    <title>Getting Started</title>
-
-    <para>If you are new to Shorewall, please read these two articles
-    first.</para>
 
   <itemizedlist>
     <listitem>
       <para><ulink url="Introduction.html">Introduction to
       Shorewall</ulink></para>
     </listitem>
+  </itemizedlist>
+
+  <para>Next, read the QuickStart Guide that is appropriate for your
+  configuration:</para>
+
+  <para><emphasis role="bold">If you have only one public IP
+  address:</emphasis></para>
+
+  <itemizedlist>
+    <listitem>
+      <para><ulink url="standalone.htm">Standalone</ulink> Linux System with a
+      single network interface (<ulink url="standalone_fr.html">Version
+      Française</ulink>) <ulink url="standalone_ru.html">(Russian
+      Version)</ulink> <ulink url="standalone_es.html">Version en
+      Español</ulink></para>
+    </listitem>
 
     <listitem>
-        <para><ulink url="shorewall_quickstart_guide.htm">QuickStart Guides
+      <para><ulink url="two-interface.htm">Two-interface</ulink> Linux System
-        (HOWTOs)</ulink></para>
+      acting as a firewall/router for a small local network (<ulink
+      url="two-interface_fr.html">Version Française</ulink>) (<ulink
+      url="two-interface_ru.html">Russian Version</ulink>)</para>
+    </listitem>
+
+    <listitem>
+      <para><ulink url="three-interface.htm">Three-interface</ulink> Linux
+      System acting as a firewall/router for a small local network and a DMZ..
+      (<ulink url="three-interface_fr.html">Version Française</ulink>) (<ulink
+      url="three-interface_ru.html">Russian Version</ulink>)</para>
+    </listitem>
+  </itemizedlist>
+
+  <para><emphasis role="bold">If you have more than one public IP
+  address:</emphasis></para>
+
+  <itemizedlist>
+    <listitem>
+      <para>The <ulink url="shorewall_setup_guide.htm">Shorewall Setup
+      Guide</ulink> (<ulink url="shorewall_setup_guide_fr.htm">Version
+      Française</ulink>) outlines the steps necessary to set up a firewall
+      where there are multiple public IP addresses involved or if you want to
+      learn more about Shorewall than is explained in the single-address
+      guides above.</para>
     </listitem>
   </itemizedlist>
 
@@ -78,14 +115,14 @@
                     configuration files</ulink></entry>
 
                     <entry><ulink
-                      url="configuration_file_basics.htm#Variables">Using
+                    url="configuration_file_basics.htm#Variables">Using Shell
-                      Shell Variables</ulink></entry>
+                    Variables</ulink></entry>
                   </row>
 
                   <row>
                     <entry><ulink
-                      url="configuration_file_basics.htm#COMMENT">Attach
+                    url="configuration_file_basics.htm#COMMENT">Attach Comment
-                      Comment to Netfilter Rules</ulink></entry>
+                    to Netfilter Rules</ulink></entry>
 
                     <entry><ulink
                     url="configuration_file_basics.htm#dnsnames">Using DNS
@@ -137,10 +174,9 @@
     </listitem>
 
     <listitem>
-        <para>PPPPPPPS ( or, Paul's Principles for Practical Provision of
+      <para>PPPPPPPS ( or, Paul's Principles for Practical Provision of Packet
-        Packet Processing with Shorewall ) <ulink
+      Processing with Shorewall ) <ulink
       url="http://linuxman.wikispaces.com/PPPPPPS">http://linuxman.wikispaces.com/PPPPPPS</ulink></para>
     </listitem>
   </itemizedlist>
-  </section>
 </article>

docs/Introduction.xml

@@ -61,6 +61,13 @@
           to the combination of iptables+Netfilter (with Netfilter not in
           ipchains compatibility mode).</para>
         </listitem>
+
+        <listitem>
+          <para>iptables-restore - a program included with iptables that
+          allows for atomic installation of a set of Netfilter rules. This is
+          a much more efficient way to install a ruleset than running the
+          iptables utility once for each rule in the ruleset.</para>
+        </listitem>
       </itemizedlist>
     </section>
 
@@ -71,12 +78,12 @@
       <quote>Shorewall</quote>, is high-level tool for configuring Netfilter.
       You describe your firewall/gateway requirements using entries in a set
       of configuration files. Shorewall reads those configuration files and
-      with the help of the iptables utility, Shorewall configures Netfilter to
+      with the help of the iptables and iptables-restore utilities, Shorewall
-      match your requirements. Shorewall can be used on a dedicated firewall
+      configures Netfilter to match your requirements. Shorewall can be used
-      system, a multi-function gateway/router/server or on a standalone
+      on a dedicated firewall system, a multi-function gateway/router/server
-      GNU/Linux system. Shorewall does not use Netfilter's ipchains
+      or on a standalone GNU/Linux system. Shorewall does not use Netfilter's
-      compatibility mode and can thus take advantage of Netfilter's connection
+      ipchains compatibility mode and can thus take advantage of Netfilter's
-      state tracking capabilities.</para>
+      connection state tracking capabilities.</para>
 
       <para>Shorewall is not a daemon. Once Shorewall has configured
       Netfilter, its job is complete and there is no <quote>Shorewall
@@ -340,7 +347,8 @@ ACCEPT     net           $FW       tcp        22</programlisting>
         to Shorewall-shell written in the Perl language. This compiler is
         highly portable to those Unix-like platforms that support Perl
         (including Cygwin) and is the compiler of choice for new Shorewall
-        installations.</para>
+        installations. Scripts created using Shorewall-perl use
+        iptables-restore to install the generated Netfilter ruleset.</para>
       </listitem>
 
       <listitem>
@@ -353,9 +361,6 @@ ACCEPT     net           $FW       tcp        22</programlisting>
         Shorewall-lite.</para>
       </listitem>
     </orderedlist>
-
-    <para>It is suggested that new users install Shorewall and
-    Shorewall-perl</para>
   </section>
 
   <section id="License">

docs/Manpages.xml

@@ -51,36 +51,39 @@
   <section id="Section5">
     <title>Section 5 — Files and Concepts</title>
 
+    <blockquote>
       <simplelist>
         <member><ulink
-      url="manpages/shorewall-accounting.html">accounting</ulink> - Define IP
+        url="manpages/shorewall-accounting.html">accounting</ulink> - Define
-      accounting rules.</member>
+        IP accounting rules.</member>
 
         <member><ulink url="manpages/shorewall-actions.html">actions</ulink> -
         Declare user-defined actions.</member>
 
-      <member><ulink url="manpages/shorewall-blacklist.html">blacklist</ulink>
+        <member><ulink
-      - Static blacklisting.</member>
+        url="manpages/shorewall-blacklist.html">blacklist</ulink> - Static
+        blacklisting.</member>
 
-      <member><ulink url="manpages/shorewall-ecn.html">ecn</ulink> - Disabling
+        <member><ulink url="manpages/shorewall-ecn.html">ecn</ulink> -
-      Explicit Congestion Notification</member>
+        Disabling Explicit Congestion Notification</member>
 
-      <member><ulink url="manpages/shorewall-exclusion.html">exclusion</ulink>
+        <member><ulink
-      - Excluding hosts from a network or zone</member>
+        url="manpages/shorewall-exclusion.html">exclusion</ulink> - Excluding
+        hosts from a network or zone</member>
 
         <member><ulink url="manpages/shorewall-hosts.html">hosts</ulink> -
         Define multiple zones accessed through a single interface</member>
 
         <member><ulink
-      url="manpages/shorewall-interfaces.html">interfaces</ulink> - Define the
+        url="manpages/shorewall-interfaces.html">interfaces</ulink> - Define
-      interfaces on the system and optionally associate them with
+        the interfaces on the system and optionally associate them with
         zones.</member>
 
         <member><ulink url="manpages/shorewall-maclist.html">maclist</ulink> -
         Define MAC verification.</member>
 
-      <member><ulink url="manpages/shorewall-masq.html">masq</ulink> - Define
+        <member><ulink url="manpages/shorewall-masq.html">masq</ulink> -
-      Masquerade/SNAT</member>
+        Define Masquerade/SNAT</member>
 
         <member><ulink url="manpages/shorewall-modules.html">modules</ulink> -
         Specify which kernel modules to load.</member>
@@ -91,8 +94,8 @@
         <member><ulink url="manpages/shorewall-nesting.html">nesting</ulink> -
         How to define nested zones.</member>
 
-      <member><ulink url="manpages/shorewall-netmap.html">netmap</ulink> - How
+        <member><ulink url="manpages/shorewall-netmap.html">netmap</ulink> -
-      to map addresses from one net to another.</member>
+        How to map addresses from one net to another.</member>
 
         <member><ulink url="manpages/shorewall-params.html">params</ulink> -
         Assign values to shell variables used in other files.</member>
@@ -100,11 +103,12 @@
         <member><ulink url="manpages/shorewall-policy.html">policy</ulink> -
         Define high-level policies for connections between zones.</member>
 
-      <member><ulink url="manpages/shorewall-providers.html">providers</ulink>
+        <member><ulink
-      - Define routing tables, usually for mutliple internet links.</member>
+        url="manpages/shorewall-providers.html">providers</ulink> - Define
+        routing tables, usually for mutliple internet links.</member>
 
-      <member><ulink url="manpages/shorewall-proxyarp.html">proxyarp</ulink> -
+        <member><ulink url="manpages/shorewall-proxyarp.html">proxyarp</ulink>
-      Define Proxy ARP.</member>
+        - Define Proxy ARP.</member>
 
         <member><ulink url="manpages/shorewall-rfc1918.html">rfc1918</ulink> -
         Specify address ranges affected by the <option>norfc1918</option>
@@ -122,11 +126,13 @@
         <member><ulink url="manpages/shorewall-rules.html">rules</ulink> -
         Specify exceptions to policies, including DNAT and REDIRECT.</member>
 
-      <member><ulink url="manpages/shorewall-tcclasses.html">tcclasses</ulink>
+        <member><ulink
-      - Define htb classes for traffic shaping.</member>
+        url="manpages/shorewall-tcclasses.html">tcclasses</ulink> - Define htb
+        classes for traffic shaping.</member>
 
-      <member><ulink url="manpages/shorewall-tcdevices.html">tcdevices</ulink>
+        <member><ulink
-      - Specify speed of devices for traffic shaping.</member>
+        url="manpages/shorewall-tcdevices.html">tcdevices</ulink> - Specify
+        speed of devices for traffic shaping.</member>
 
         <member><ulink url="manpages/shorewall-tcrules.html">tcrules</ulink> -
         Define packet marking rules, usually for traffic shaping.</member>
@@ -137,8 +143,9 @@
         <member><ulink url="manpages/shorewall-tunnels.html">tunnels</ulink> -
         Define VPN connections with endpoints on the firewall.</member>
 
-      <member><ulink url="manpages/shorewall.conf.html">shorewall.conf</ulink>
+        <member><ulink
-      - Specify values for global Shorewall options.</member>
+        url="manpages/shorewall.conf.html">shorewall.conf</ulink> - Specify
+        values for global Shorewall options.</member>
 
         <member><ulink
         url="manpages/shorewall-lite.conf.html">shorewall-lite.conf</ulink> -
@@ -149,23 +156,28 @@
         information.</member>
 
         <member><ulink
-      url="manpages/shorewall-lite-vardir.html">vardir-lite</ulink> - Redefine
+        url="manpages/shorewall-lite-vardir.html">vardir-lite</ulink> -
-      the directory where Shorewall Lite keeps its state information.</member>
+        Redefine the directory where Shorewall Lite keeps its state
+        information.</member>
 
         <member><ulink url="manpages/shorewall-zones.html">zones</ulink> -
-      Declare Shorewall zones.l</member>
+        Declare Shorewall zones.</member>
       </simplelist>
+    </blockquote>
   </section>
 
   <section id="Section8">
     <title>Section 8 — Administrative Commands</title>
 
+    <blockquote>
       <simplelist>
         <member><ulink url="manpages/shorewall.html">shorewall</ulink> -
         /sbin/shorewall command syntax and semantics.</member>
 
-      <member><ulink url="manpages/shorewall-lite.html">shorewall-lite</ulink>
+        <member><ulink
-      - /sbin/shorewall-lite command syntax and semantics.</member>
+        url="manpages/shorewall-lite.html">shorewall-lite</ulink> -
+        /sbin/shorewall-lite command syntax and semantics.</member>
       </simplelist>
+    </blockquote>
   </section>
 </article>

manpages/shorewall.conf.xml

@@ -127,7 +127,8 @@
             <member>a) The name of an
             <replaceable>action</replaceable>.</member>
 
-            <member>b) The name of a <replaceable>macro</replaceable></member>
+            <member>b) The name of a <replaceable>macro</replaceable>
+            (Shorewall-shell only)</member>
 
             <member>c) <emphasis role="bold">None</emphasis> or <emphasis
             role="bold">none</emphasis></member>

web/Documentation.html

@@ -22,7 +22,7 @@ href="GnuCopyright.htm" target="_self">GNU Free Documentation
 License</a></span>”.<br>
 </p>
 
-<p>2007-07-13<br>
+<p>2007-08-01<br>
 </p>
 <hr style="width: 100%; height: 2px;">
 <br>
@@ -41,7 +41,7 @@ License</a></span>”.<br>
     HOWTOs 
     <p><span style="font-weight: bold;"></span><a
     href="3.0/shorewall_quickstart_guide.htm">Shorewall 3.x</a></p>
-    <p><a href="shorewall_quickstart_guide.htm">Shorewall 4.x</a></p>
+    <p><a href="GettingStarted.html">Shorewall 4.x</a></p>
   </li>
   <li><strong>Man Pages</strong> -- Online version of the manpages released
     with Shorewall 3.4.0 and later