extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-22 06:10:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Document/manpage updates

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7025 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-08-01 22:11:34 +00:00
parent 4bc07eb658
commit 981e337c41
5 changed files with 237 additions and 183 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

216
docs/GettingStarted.xml
View File

@ -20,6 +20,8 @@
<copyright> <copyright>
<year>2006</year> <year>2006</year>
<year>2007</year>
<holder>Thomas M. Eastep</holder> <holder>Thomas M. Eastep</holder>
</copyright> </copyright>
@ -34,113 +36,147 @@
</legalnotice> </legalnotice>
</articleinfo> </articleinfo>
<section id="GettingStarted"> <para>Please read this short article first.</para>
<title>Getting Started</title>
<para>If you are new to Shorewall, please read these two articles <itemizedlist>
first.</para> <listitem>
<para><ulink url="Introduction.html">Introduction to
Shorewall</ulink></para>
</listitem>
</itemizedlist>
<itemizedlist> <para>Next, read the QuickStart Guide that is appropriate for your
<listitem> configuration:</para>
<para><ulink url="Introduction.html">Introduction to
Shorewall</ulink></para>
</listitem>
<listitem> <para><emphasis role="bold">If you have only one public IP
<para><ulink url="shorewall_quickstart_guide.htm">QuickStart Guides address:</emphasis></para>
(HOWTOs)</ulink></para>
</listitem>
</itemizedlist>
<para>The following articles are also recommended reading for <itemizedlist>
newcomers.</para> <listitem>
<para><ulink url="standalone.htm">Standalone</ulink> Linux System with a
single network interface (<ulink url="standalone_fr.html">Version
Française</ulink>) <ulink url="standalone_ru.html">(Russian
Version)</ulink> <ulink url="standalone_es.html">Version en
Español</ulink></para>
</listitem>
<itemizedlist> <listitem>
<listitem> <para><ulink url="two-interface.htm">Two-interface</ulink> Linux System
<para><ulink url="configuration_file_basics.htm">Configuration File acting as a firewall/router for a small local network (<ulink
Basics</ulink><blockquote> url="two-interface_fr.html">Version Française</ulink>) (<ulink
<para><informaltable frame="none"> url="two-interface_ru.html">Russian Version</ulink>)</para>
<tgroup cols="2"> </listitem>
<tbody valign="middle">
<row>
<entry><ulink
url="configuration_file_basics.htm#Manpages">Man
Pages</ulink></entry>
<entry><ulink <listitem>
url="configuration_file_basics.htm#MAC">Using MAC <para><ulink url="three-interface.htm">Three-interface</ulink> Linux
Addresses in Shorewall</ulink></entry> System acting as a firewall/router for a small local network and a DMZ..
</row> (<ulink url="three-interface_fr.html">Version Française</ulink>) (<ulink
url="three-interface_ru.html">Russian Version</ulink>)</para>
</listitem>
</itemizedlist>
<row> <para><emphasis role="bold">If you have more than one public IP
<entry><ulink address:</emphasis></para>
url="configuration_file_basics.htm#Comments">Comments in
configuration files</ulink></entry>
<entry><ulink <itemizedlist>
url="configuration_file_basics.htm#Variables">Using <listitem>
Shell Variables</ulink></entry> <para>The <ulink url="shorewall_setup_guide.htm">Shorewall Setup
</row> Guide</ulink> (<ulink url="shorewall_setup_guide_fr.htm">Version
Française</ulink>) outlines the steps necessary to set up a firewall
where there are multiple public IP addresses involved or if you want to
learn more about Shorewall than is explained in the single-address
guides above.</para>
</listitem>
</itemizedlist>
<row> <para>The following articles are also recommended reading for
<entry><ulink newcomers.</para>
url="configuration_file_basics.htm#COMMENT">Attach
Comment to Netfilter Rules</ulink></entry>
<entry><ulink <itemizedlist>
url="configuration_file_basics.htm#dnsnames">Using DNS <listitem>
Names</ulink></entry> <para><ulink url="configuration_file_basics.htm">Configuration File
</row> Basics</ulink><blockquote>
<para><informaltable frame="none">
<tgroup cols="2">
<tbody valign="middle">
<row>
<entry><ulink
url="configuration_file_basics.htm#Manpages">Man
Pages</ulink></entry>
<row> <entry><ulink
<entry><ulink url="configuration_file_basics.htm#MAC">Using MAC
url="configuration_file_basics.htm#Continuation">Line Addresses in Shorewall</ulink></entry>
Continuation</ulink></entry> </row>
<entry><ulink <row>
url="configuration_file_basics.htm#Compliment">Complementing <entry><ulink
an IP address or Subnet</ulink></entry> url="configuration_file_basics.htm#Comments">Comments in
</row> configuration files</ulink></entry>
<row> <entry><ulink
<entry><ulink url="configuration_file_basics.htm#Variables">Using Shell
url="configuration_file_basics.htm#INCLUDE">INCLUDE Variables</ulink></entry>
Directive</ulink></entry> </row>
<entry><ulink <row>
url="configuration_file_basics.htm#IPRanges">IP Address <entry><ulink
Ranges</ulink></entry> url="configuration_file_basics.htm#COMMENT">Attach Comment
</row> to Netfilter Rules</ulink></entry>
<row> <entry><ulink
<entry><ulink url="configuration_file_basics.htm#dnsnames">Using DNS
url="configuration_file_basics.htm#Ports">Port Names</ulink></entry>
Numbers/Service Names</ulink></entry> </row>
<entry><ulink <row>
url="configuration_file_basics.htm#Levels">Shorewall <entry><ulink
Configurations (making a test url="configuration_file_basics.htm#Continuation">Line
configuration)</ulink></entry> Continuation</ulink></entry>
</row>
<row> <entry><ulink
<entry><ulink url="configuration_file_basics.htm#Compliment">Complementing
url="configuration_file_basics.htm#Ranges">Port an IP address or Subnet</ulink></entry>
Ranges</ulink></entry> </row>
<entry></entry> <row>
</row> <entry><ulink
</tbody> url="configuration_file_basics.htm#INCLUDE">INCLUDE
</tgroup> Directive</ulink></entry>
</informaltable></para>
</blockquote></para>
</listitem>
<listitem> <entry><ulink
<para>PPPPPPPS ( or, Paul's Principles for Practical Provision of url="configuration_file_basics.htm#IPRanges">IP Address
Packet Processing with Shorewall ) <ulink Ranges</ulink></entry>
url="http://linuxman.wikispaces.com/PPPPPPS">http://linuxman.wikispaces.com/PPPPPPS</ulink></para> </row>
</listitem>
</itemizedlist> <row>
</section> <entry><ulink
url="configuration_file_basics.htm#Ports">Port
Numbers/Service Names</ulink></entry>
<entry><ulink
url="configuration_file_basics.htm#Levels">Shorewall
Configurations (making a test
configuration)</ulink></entry>
</row>
<row>
<entry><ulink
url="configuration_file_basics.htm#Ranges">Port
Ranges</ulink></entry>
<entry></entry>
</row>
</tbody>
</tgroup>
</informaltable></para>
</blockquote></para>
</listitem>
<listitem>
<para>PPPPPPPS ( or, Paul's Principles for Practical Provision of Packet
Processing with Shorewall ) <ulink
url="http://linuxman.wikispaces.com/PPPPPPS">http://linuxman.wikispaces.com/PPPPPPS</ulink></para>
</listitem>
</itemizedlist>
</article> </article>

25
docs/Introduction.xml
View File

@ -61,6 +61,13 @@
to the combination of iptables+Netfilter (with Netfilter not in to the combination of iptables+Netfilter (with Netfilter not in
ipchains compatibility mode).</para> ipchains compatibility mode).</para>
</listitem> </listitem>
<listitem>
<para>iptables-restore - a program included with iptables that
allows for atomic installation of a set of Netfilter rules. This is
a much more efficient way to install a ruleset than running the
iptables utility once for each rule in the ruleset.</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>
@ -71,12 +78,12 @@
<quote>Shorewall</quote>, is high-level tool for configuring Netfilter. <quote>Shorewall</quote>, is high-level tool for configuring Netfilter.
You describe your firewall/gateway requirements using entries in a set You describe your firewall/gateway requirements using entries in a set
of configuration files. Shorewall reads those configuration files and of configuration files. Shorewall reads those configuration files and
with the help of the iptables utility, Shorewall configures Netfilter to with the help of the iptables and iptables-restore utilities, Shorewall
match your requirements. Shorewall can be used on a dedicated firewall configures Netfilter to match your requirements. Shorewall can be used
system, a multi-function gateway/router/server or on a standalone on a dedicated firewall system, a multi-function gateway/router/server
GNU/Linux system. Shorewall does not use Netfilter's ipchains or on a standalone GNU/Linux system. Shorewall does not use Netfilter's
compatibility mode and can thus take advantage of Netfilter's connection ipchains compatibility mode and can thus take advantage of Netfilter's
state tracking capabilities.</para> connection state tracking capabilities.</para>
<para>Shorewall is not a daemon. Once Shorewall has configured <para>Shorewall is not a daemon. Once Shorewall has configured
Netfilter, its job is complete and there is no <quote>Shorewall Netfilter, its job is complete and there is no <quote>Shorewall
@ -340,7 +347,8 @@ ACCEPT net $FW tcp 22</programlisting>
to Shorewall-shell written in the Perl language. This compiler is to Shorewall-shell written in the Perl language. This compiler is
highly portable to those Unix-like platforms that support Perl highly portable to those Unix-like platforms that support Perl
(including Cygwin) and is the compiler of choice for new Shorewall (including Cygwin) and is the compiler of choice for new Shorewall
installations.</para> installations. Scripts created using Shorewall-perl use
iptables-restore to install the generated Netfilter ruleset.</para>
</listitem> </listitem>
<listitem> <listitem>
@ -353,9 +361,6 @@ ACCEPT net $FW tcp 22</programlisting>
Shorewall-lite.</para> Shorewall-lite.</para>
</listitem> </listitem>
</orderedlist> </orderedlist>
<para>It is suggested that new users install Shorewall and
Shorewall-perl</para>
</section> </section>
<section id="License"> <section id="License">

172
docs/Manpages.xml
View File

@ -51,121 +51,133 @@
<section id="Section5"> <section id="Section5">
<title>Section 5 — Files and Concepts</title> <title>Section 5 — Files and Concepts</title>
<simplelist> <blockquote>
<member><ulink <simplelist>
url="manpages/shorewall-accounting.html">accounting</ulink> - Define IP <member><ulink
accounting rules.</member> url="manpages/shorewall-accounting.html">accounting</ulink> - Define
IP accounting rules.</member>
<member><ulink url="manpages/shorewall-actions.html">actions</ulink> - <member><ulink url="manpages/shorewall-actions.html">actions</ulink> -
Declare user-defined actions.</member> Declare user-defined actions.</member>
<member><ulink url="manpages/shorewall-blacklist.html">blacklist</ulink> <member><ulink
- Static blacklisting.</member> url="manpages/shorewall-blacklist.html">blacklist</ulink> - Static
blacklisting.</member>
<member><ulink url="manpages/shorewall-ecn.html">ecn</ulink> - Disabling <member><ulink url="manpages/shorewall-ecn.html">ecn</ulink> -
Explicit Congestion Notification</member> Disabling Explicit Congestion Notification</member>
<member><ulink url="manpages/shorewall-exclusion.html">exclusion</ulink> <member><ulink
- Excluding hosts from a network or zone</member> url="manpages/shorewall-exclusion.html">exclusion</ulink> - Excluding
hosts from a network or zone</member>
<member><ulink url="manpages/shorewall-hosts.html">hosts</ulink> - <member><ulink url="manpages/shorewall-hosts.html">hosts</ulink> -
Define multiple zones accessed through a single interface</member> Define multiple zones accessed through a single interface</member>
<member><ulink <member><ulink
url="manpages/shorewall-interfaces.html">interfaces</ulink> - Define the url="manpages/shorewall-interfaces.html">interfaces</ulink> - Define
interfaces on the system and optionally associate them with the interfaces on the system and optionally associate them with
zones.</member> zones.</member>
<member><ulink url="manpages/shorewall-maclist.html">maclist</ulink> - <member><ulink url="manpages/shorewall-maclist.html">maclist</ulink> -
Define MAC verification.</member> Define MAC verification.</member>
<member><ulink url="manpages/shorewall-masq.html">masq</ulink> - Define <member><ulink url="manpages/shorewall-masq.html">masq</ulink> -
Masquerade/SNAT</member> Define Masquerade/SNAT</member>
<member><ulink url="manpages/shorewall-modules.html">modules</ulink> - <member><ulink url="manpages/shorewall-modules.html">modules</ulink> -
Specify which kernel modules to load.</member> Specify which kernel modules to load.</member>
<member><ulink url="manpages/shorewall-nat.html">nat</ulink> - Define <member><ulink url="manpages/shorewall-nat.html">nat</ulink> - Define
one-to-one NAT.</member> one-to-one NAT.</member>
<member><ulink url="manpages/shorewall-nesting.html">nesting</ulink> - <member><ulink url="manpages/shorewall-nesting.html">nesting</ulink> -
How to define nested zones.</member> How to define nested zones.</member>
<member><ulink url="manpages/shorewall-netmap.html">netmap</ulink> - How <member><ulink url="manpages/shorewall-netmap.html">netmap</ulink> -
to map addresses from one net to another.</member> How to map addresses from one net to another.</member>
<member><ulink url="manpages/shorewall-params.html">params</ulink> - <member><ulink url="manpages/shorewall-params.html">params</ulink> -
Assign values to shell variables used in other files.</member> Assign values to shell variables used in other files.</member>
<member><ulink url="manpages/shorewall-policy.html">policy</ulink> - <member><ulink url="manpages/shorewall-policy.html">policy</ulink> -
Define high-level policies for connections between zones.</member> Define high-level policies for connections between zones.</member>
<member><ulink url="manpages/shorewall-providers.html">providers</ulink> <member><ulink
- Define routing tables, usually for mutliple internet links.</member> url="manpages/shorewall-providers.html">providers</ulink> - Define
routing tables, usually for mutliple internet links.</member>
<member><ulink url="manpages/shorewall-proxyarp.html">proxyarp</ulink> - <member><ulink url="manpages/shorewall-proxyarp.html">proxyarp</ulink>
Define Proxy ARP.</member> - Define Proxy ARP.</member>
<member><ulink url="manpages/shorewall-rfc1918.html">rfc1918</ulink> - <member><ulink url="manpages/shorewall-rfc1918.html">rfc1918</ulink> -
Specify address ranges affected by the <option>norfc1918</option> Specify address ranges affected by the <option>norfc1918</option>
interface option.</member> interface option.</member>
<member><ulink <member><ulink
url="manpages/shorewall-route_rules.html">route_rules</ulink> - Define url="manpages/shorewall-route_rules.html">route_rules</ulink> - Define
routing rules.</member> routing rules.</member>
<member><ulink <member><ulink
url="manpages/shorewall-routestopped.html">routestopped</ulink> - url="manpages/shorewall-routestopped.html">routestopped</ulink> -
Specify connections to be permitted when Shorewall is in the stopped Specify connections to be permitted when Shorewall is in the stopped
state.</member> state.</member>
<member><ulink url="manpages/shorewall-rules.html">rules</ulink> - <member><ulink url="manpages/shorewall-rules.html">rules</ulink> -
Specify exceptions to policies, including DNAT and REDIRECT.</member> Specify exceptions to policies, including DNAT and REDIRECT.</member>
<member><ulink url="manpages/shorewall-tcclasses.html">tcclasses</ulink> <member><ulink
- Define htb classes for traffic shaping.</member> url="manpages/shorewall-tcclasses.html">tcclasses</ulink> - Define htb
classes for traffic shaping.</member>
<member><ulink url="manpages/shorewall-tcdevices.html">tcdevices</ulink> <member><ulink
- Specify speed of devices for traffic shaping.</member> url="manpages/shorewall-tcdevices.html">tcdevices</ulink> - Specify
speed of devices for traffic shaping.</member>
<member><ulink url="manpages/shorewall-tcrules.html">tcrules</ulink> - <member><ulink url="manpages/shorewall-tcrules.html">tcrules</ulink> -
Define packet marking rules, usually for traffic shaping.</member> Define packet marking rules, usually for traffic shaping.</member>
<member><ulink url="manpages/shorewall-tos.html">tos</ulink> - Define <member><ulink url="manpages/shorewall-tos.html">tos</ulink> - Define
TOS field manipulation.</member> TOS field manipulation.</member>
<member><ulink url="manpages/shorewall-tunnels.html">tunnels</ulink> - <member><ulink url="manpages/shorewall-tunnels.html">tunnels</ulink> -
Define VPN connections with endpoints on the firewall.</member> Define VPN connections with endpoints on the firewall.</member>
<member><ulink url="manpages/shorewall.conf.html">shorewall.conf</ulink> <member><ulink
- Specify values for global Shorewall options.</member> url="manpages/shorewall.conf.html">shorewall.conf</ulink> - Specify
values for global Shorewall options.</member>
<member><ulink <member><ulink
url="manpages/shorewall-lite.conf.html">shorewall-lite.conf</ulink> - url="manpages/shorewall-lite.conf.html">shorewall-lite.conf</ulink> -
Specify values for global Shorewall Lite options.</member> Specify values for global Shorewall Lite options.</member>
<member><ulink url="manpages/shorewall-vardir.html">vardir</ulink> - <member><ulink url="manpages/shorewall-vardir.html">vardir</ulink> -
Redefine the directory where Shorewall keeps its state Redefine the directory where Shorewall keeps its state
information.</member> information.</member>
<member><ulink <member><ulink
url="manpages/shorewall-lite-vardir.html">vardir-lite</ulink> - Redefine url="manpages/shorewall-lite-vardir.html">vardir-lite</ulink> -
the directory where Shorewall Lite keeps its state information.</member> Redefine the directory where Shorewall Lite keeps its state
information.</member>
<member><ulink url="manpages/shorewall-zones.html">zones</ulink> - <member><ulink url="manpages/shorewall-zones.html">zones</ulink> -
Declare Shorewall zones.l</member> Declare Shorewall zones.</member>
</simplelist> </simplelist>
</blockquote>
</section> </section>
<section id="Section8"> <section id="Section8">
<title>Section 8 — Administrative Commands</title> <title>Section 8 — Administrative Commands</title>
<simplelist> <blockquote>
<member><ulink url="manpages/shorewall.html">shorewall</ulink> - <simplelist>
/sbin/shorewall command syntax and semantics.</member> <member><ulink url="manpages/shorewall.html">shorewall</ulink> -
/sbin/shorewall command syntax and semantics.</member>
<member><ulink url="manpages/shorewall-lite.html">shorewall-lite</ulink> <member><ulink
- /sbin/shorewall-lite command syntax and semantics.</member> url="manpages/shorewall-lite.html">shorewall-lite</ulink> -
</simplelist> /sbin/shorewall-lite command syntax and semantics.</member>
</simplelist>
</blockquote>
</section> </section>
</article> </article>

3
manpages/shorewall.conf.xml
View File

@ -127,7 +127,8 @@
<member>a) The name of an <member>a) The name of an
<replaceable>action</replaceable>.</member> <replaceable>action</replaceable>.</member>
<member>b) The name of a <replaceable>macro</replaceable></member> <member>b) The name of a <replaceable>macro</replaceable>
(Shorewall-shell only)</member>
<member>c) <emphasis role="bold">None</emphasis> or <emphasis <member>c) <emphasis role="bold">None</emphasis> or <emphasis
role="bold">none</emphasis></member> role="bold">none</emphasis></member>

4
web/Documentation.html
View File

@ -22,7 +22,7 @@ href="GnuCopyright.htm" target="_self">GNU Free Documentation
License</a></span>”.<br> License</a></span>”.<br>
</p> </p>
<p>2007-07-13<br> <p>2007-08-01<br>
</p> </p>
<hr style="width: 100%; height: 2px;"> <hr style="width: 100%; height: 2px;">
<br> <br>
@ -41,7 +41,7 @@ License</a></span>”.<br>
HOWTOs HOWTOs
<p><span style="font-weight: bold;"></span><a <p><span style="font-weight: bold;"></span><a
href="3.0/shorewall_quickstart_guide.htm">Shorewall 3.x</a></p> href="3.0/shorewall_quickstart_guide.htm">Shorewall 3.x</a></p>
<p><a href="shorewall_quickstart_guide.htm">Shorewall 4.x</a></p> <p><a href="GettingStarted.html">Shorewall 4.x</a></p>
</li> </li>
<li><strong>Man Pages</strong> -- Online version of the manpages released <li><strong>Man Pages</strong> -- Online version of the manpages released
with Shorewall 3.4.0 and later with Shorewall 3.4.0 and later