From 9b293f5ed699d161b09415c3eab63d4f4e064cd4 Mon Sep 17 00:00:00 2001 From: teastep Date: Fri, 30 Sep 2005 14:01:04 +0000 Subject: [PATCH] More 3.0 changes for the config file basics doc git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2756 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-docs2/configuration_file_basics.xml | 33 +++++++++---------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/Shorewall-docs2/configuration_file_basics.xml b/Shorewall-docs2/configuration_file_basics.xml index 7d61e0e2b..90f15dc89 100644 --- a/Shorewall-docs2/configuration_file_basics.xml +++ b/Shorewall-docs2/configuration_file_basics.xml @@ -15,7 +15,7 @@ - 2005-09-12 + 2005-09-29 2001-2005 @@ -207,16 +207,6 @@ -
- Special Note about /etc/shorewall/shorewall.conf - - It is a good idea to modify your /etc/shorewall/shorewall.conf file, - even if you just add a comment that says "I modified this file". That way, - your package manager won't overwrite the file with future updated - versions. Such overwrites can cause unwanted changes in the behavior of - Shorewall. -
-
Comments @@ -530,9 +520,8 @@ DNAT net loc:192.168.1.3 tcp 4000:4100 comma-separated list of ports or port ranges may also be entered. Shorewall will use the Netfilter multiport match capability if it is available (see - the output of "shorewall check" under the - heading "Shorewall has detected the following iptables/netfilter - capabilities:") and if its use is appropriate. + the output of "shorewall show + capabilities") and if its use is appropriate. Shorewall can use multiport match if: @@ -544,9 +533,10 @@ DNAT net loc:192.168.1.3 tcp 4000:4100 There are no port ranges listed OR your iptables/kernel support the Extended multiport match (again - see the output of "shorewall check"). Where the Extended multiport match is available, each port range - counts as two ports toward the maximum of 15. + see the output of "shorewall show capabilities"). + Where the Extended multiport match is + available, each port range counts as two ports toward the maximum of + 15.
@@ -644,6 +634,15 @@ wookie:~ # EXT_IF=$(getcfg-interface bus-pci-0000:00:05.0) INT_IF=$(getcfg-interface bus-pci-0000:00:03.0) + + + The shorewall save and shorewall + restore commands should be used carefully if you use the above + workaround for unstable interface names. In particular, you should set + OPTIONS="" in /etc/default/shorewall or + /etc/sysconfig/shorewall so that the "-f" option + will not be specified on startup at boot time. +