Update Website for new Mailing List Policy and Search

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1983 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-06-14 13:47:07 +02:00 · 2005-03-05 16:53:54 +00:00 · 2005-03-05 16:53:54 +00:00 · 9ce8fa2d66
commit 9ce8fa2d66
parent 4677b99368
8 changed files with 263 additions and 82 deletions
--- a/Shorewall-Website/mailing_list.htm
+++ b/Shorewall-Website/mailing_list.htm
@ -27,7 +27,7 @@ Documentation License</a></span>
 </div>
 </div>
 <div>
-<p class="pubdate">2005-02-15<br>
+<p class="pubdate">2005-03-05<br>
 </p>
 <hr style="width: 100%; height: 2px;">
 <h2>See the <a target="_top" href="http://shorewall.net/">Shorewall
@ -59,15 +59,22 @@ Shorewall information and documentation.</h2>
  <li><a href="#Acknowlegments">Acknowlegements</a><br>
  </li>
 </ul>
-<h2><a name="Moderated"></a>Mailing Lists are Moderated for Non-Member
+<hr style="width: 100%; height: 2px;">
-Posts</h2>
+<h2><a name="Moderated"></a>Mailing Lists are closed to Non-Member Posts<br>
-Given recent problems associated with viruses (and the more annoying
+</h2>
-problems of clueless mail admins who configure their AV software to
+For several years, the Shorewall lists were moderated for non-member
-spam
+posts. I've found that this is a pain for me (I have to wade through
-innocent bystanders during a virus storm), the Shorewall lists are
+the spam to find and approve legitimate posts).&nbsp; Additionally,
-moderated for non-member posts. It is also a good idea to mention that
+non-members seemed to almost universally ignore instructions to mention
-you are a non-member so that people will include you in the CC list
+that they were non-members in their post. Since the mailing lists are
-when replying.
+set up so that replies go to the list rather than to the poster, this
 means that most non-members who posted were not receiving their
 replies. So effective 2005-03-05, all Shorewall lists are closed to
 non-member posts.<br>
 <br>
 <div style="text-align: center;">- Tom Eastep<br>
 </div>
 <hr style="width: 100%; height: 2px;">
 <h2><a name="Plain"></a>Please post in plain text</h2>
 A growing number of MTAs serving list subscribers are rejecting all
 HTML traffic. At least one MTA has gone so far as to blacklist
@ -91,22 +98,22 @@ On shorewall.net as elsewhere, it is considered very bad netiquette to
 hijack another poster's thread by simply replying to a list post and
 changing the subject to a different one. Please start a new thread when
 you wish to introduce a new topic for discussion.<br>
 <hr style="width: 100%; height: 2px;">
 <h2 align="left"><a name="Search"></a>Mailing Lists Archive Search</h2>
 <!-- Search Google -->
 <center>
 <form method="get" action="http://www.google.com/search" target="_top"><input
- name="ie" value="UTF-8" type="hidden">
+ name="ie" value="UTF-8" type="hidden"> <input name="oe" value="UTF-8"
-  <input name="oe" value="UTF-8" type="hidden"><input
+ type="hidden"><input name="as_sitesearch" value="lists.shorewall.net"
- name="as_sitesearch" value="lists.shorewall.net" type="hidden">
+ type="hidden">
  <table bgcolor="#ffffff">
    <tbody>
      <tr>
-        <td><a href="http://www.google.com/">
+        <td><a href="http://www.google.com/"> <img
-        <img src="http://www.google.com/logos/Logo_40wht.gif"
+ src="http://www.google.com/logos/Logo_40wht.gif" alt="Google"
- alt="Google" align="middle" border="0"></a><input name="q" size="25"
+ align="middle" border="0"></a><input name="q" size="25" maxlength="255"
- maxlength="255" value="" type="text">
+ value="" type="text"> <input name="btnG"
-        <input name="btnG" value="List Archive Search by Google"
+ value="List Archive Search by Google" type="submit"></td>
 type="submit"></td>
      </tr>
    </tbody>
  </table>
@ -120,6 +127,7 @@ simply
 won't
 stand the traffic. If I catch you, you will be blacklisted.<br>
 </font></h2>
 <hr style="width: 100%; height: 2px;">
 <h2 align="left"><a name="Cert"></a>Shorewall CA Certificate</h2>
 If you want to trust X.509 certificates issued by Shoreline Firewall
 (such as the one used on my web site), you may <a
@ -128,6 +136,7 @@ in your browser. If you don't wish to trust my certificates then you
 can either use unencrypted access when subscribing to Shorewall mailing
 lists or you can use secure access (SSL) and
 accept the server's certificate when prompted by your browser.<br>
 <hr style="width: 100%; height: 2px;">
 <h2 align="left"><a name="Users"></a>Shorewall Users Mailing List</h2>
 <p align="left">The Shorewall Users Mailing list provides a way for
 users to get answers to questions and to report problems. Information
@ -157,6 +166,7 @@ at <a href="http://sourceforge.net">Sourceforge</a>. The archives from
 that
 list may be found at <a
 href="http://www.geocrawler.com/lists/3/Sourceforge/9327/0/">www.geocrawler.com/lists/3/Sourceforge/9327/0/</a>.</p>
 <hr style="width: 100%; height: 2px;">
 <h2 align="left"><a name="Announce"></a>Shorewall Announce Mailing List</h2>
 <p align="left">This list is for announcements of general interest to
 the Shorewall community. <big><span style="color: rgb(255, 0, 0);"><span
@ -171,6 +181,7 @@ OR ASKING FOR HELP.</span></span></big><br>
 </ul>
 The list archives are at <a
 href="http://lists.shorewall.net/pipermail/shorewall-announce">http://lists.shorewall.net/pipermail/shorewall-announce</a>.
 <hr style="width: 100%; height: 2px;">
 <h2 align="left"><a name="Devel"></a>Shorewall Development Mailing List</h2>
 <p align="left">The Shorewall Development Mailing list provides a forum
 for the exchange of ideas about the future of Shorewall and
@ -189,6 +200,7 @@ REGULAR RELEASE SUPPORT REQUESTS SHOULD BE POSTED TO THE <a
 <p align="left">The list archives are at <a
 href="http://lists.shorewall.net/pipermail/shorewall-devel">http://lists.shorewall.net/pipermail/shorewall-devel</a>.<br>
 </p>
 <hr style="width: 100%; height: 2px;">
 <h2 align="left"><a name="Newbies"></a>Shorewall Newbies Mailing List
 (Closed)<br>
 </h2>
@ -201,6 +213,7 @@ to be less that a success and has been discontinued.<br>
 target="_top">https//lists.shorewall.net/mailman/listinfo/shorewall-newbies</a></p>
 <p align="left">The list archives are at <a
 href="http://lists.shorewall.net/pipermail/shorewall-newbies/index.html">http://lists.shorewall.net/pipermail/shorewall-newbies</a>.</p>
 <hr style="width: 100%; height: 2px;">
 <h2 align="left"><a name="Unsubscribe"></a>How to Unsubscribe from one
 of the Mailing Lists</h2>
 <p align="left">There seems to be near-universal confusion about
@ -226,6 +239,7 @@ password, there is another button that will cause your password
 to be emailed to you.</p>
  </li>
 </ul>
 <hr style="width: 100%; height: 2px;">
 <h2><a name="Spamfilters"></a>A Word about the SPAM Filters at
 Shorewall.net&nbsp;<a href="http://osirusoft.com/"> </a></h2>
 <p>Please note that the mail server at shorewall.net checks
@ -244,8 +258,9 @@ fully-qualified DNS name.</li>
 lookup must not fail).<br>
  </li>
 </ol>
-<h2><a name="Problems"></a>
+<hr style="width: 100%; height: 2px;">
-If you experience problems with any of these lists,
+<h2><a name="Problems"></a>If you experience problems with any of these
 lists,
 please let <a href="mailto:postmaster@shorewall.net">me</a>
 know
 </h2>
@ -253,6 +268,7 @@ know
 <p align="left">You can report such problems by sending mail to
 tmeastep at
 hotmail dot com.</p>
 <hr style="width: 100%; height: 2px;">
 <h2><a name="Acknowlegments"></a>Acknowlegments</h2>
 The Shorewall Mailing Lists use the following software:<br>
 <ul>
--- a/Shorewall-Website/search.html
+++ b/Shorewall-Website/search.html
@ -0,0 +1,60 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
 <html>
 <head>
  <title>ht://Dig WWW Search</title>
  <meta name="Microsoft Theme" content="none">
 </head>
 <body>
 <h1>Shorewall Site Searches</h1>
 <hr>This search will allow you to search the contents of <b>all the
 publicly available WWW documents at shorewall.net</b>. Currently
 searches only the shorewall.net mirror in Washington State, USA.
 <center>
 <form method="get" action="http://www.google.com/search"> <input
 name="ie" value="UTF-8" type="hidden"> <input name="oe" value="UTF-8"
 type="hidden"> <input name="as_sitesearch" value="www.shorewall.net"
 type="hidden">
  <table style="background-color: rgb(255, 255, 240);" border="0"
 cellspacing="0">
    <tbody>
      <tr>
        <td> <a href="http://www.google.com/"> <img
 src="http://www.google.com/logos/Logo_40wht.gif" alt="Google"
 align="middle" border="0"></a> <input name="q" size="25"
 maxlength="255" value="" type="text"> <input name="btnG"
 value="Site Search by Google" type="submit"> </td>
      </tr>
    </tbody>
  </table>
 </form>
 </center>
 <br>
 <hr>
 <p>This search will allow you to search the contents of the <b>Mailing
 List Archives</b> at shorewall.net. Currently searches at the main
 shorewall.net site only. </p>
 <center>
 <form method="get" action="http://www.google.com/search" target="_top"><input
 name="ie" value="UTF-8" type="hidden"> <input name="oe" value="UTF-8"
 type="hidden"><input name="as_sitesearch" value="lists.shorewall.net"
 type="hidden">
  <table style="width: 534px; height: 63px;" bgcolor="#ffffff">
    <tbody>
      <tr>
        <td><a href="http://www.google.com/"> <img
 src="http://www.google.com/logos/Logo_40wht.gif" alt="Google"
 align="middle" border="0"></a><input name="q" size="25" maxlength="255"
 value="" type="text"> <input name="btnG"
 value="List Archive Search by Google" type="submit"></td>
      </tr>
    </tbody>
  </table>
 </form>
 </center>
 <hr>
 <p><a href="http://www.htdig.org/"><br>
 </a></p>
 <br>
 <br>
 </body>
 </html>
--- a/Shorewall-docs2/Shorewall_Squid_Usage.xml
+++ b/Shorewall-docs2/Shorewall_Squid_Usage.xml
@ -181,9 +181,12 @@ REDIRECT  loc        3128     tcp      www              -          !206.124.146.
        </listitem>
        <listitem>
-          <para>In /etc/shorewall/init, put:</para>
+          <para>Create <filename>/etc/shorewall/addroutes</filename> as
          follows:</para>
-          <programlisting><command>if [ -z "`ip rule list | grep www.out`" ] ; then
+          <programlisting><command>#!/bin/sh
 if [ -z "`ip rule list | grep www.out`" ] ; then
        ip rule add fwmark 0xCA table www.out # Note 0xCA = 202
        ip route add default via 192.168.1.3 dev eth1 table www.out
        ip route flush cache
@ -192,7 +195,21 @@ fi</command></programlisting>
        </listitem>
        <listitem>
-          <para>In <filename>/etc/shorewall/interfaces</filename>:</para>
+          <para>Make <filename>/etc/shorewall/addroutes </filename>executable
          via:</para>
          <programlisting><command>chmod +x /etc/shorewall/addroutes</command></programlisting>
        </listitem>
        <listitem>
          <para>In /etc/shorewall/init, put:</para>
          <programlisting><command>run_and_save_command "/etc/shorewall/addroutes"</command></programlisting>
        </listitem>
        <listitem>
          <para>In
          <filename><filename>/etc/shorewall/interfaces</filename></filename>:</para>
          <programlisting>#ZONE   INTERFACE    BROADCAST    OPTIONS
 loc     eth1         detect       <emphasis role="bold">routeback</emphasis>    </programlisting>
@ -254,15 +271,32 @@ chkconfig --level 35 iptables on</command></programlisting>
        </listitem>
        <listitem>
-          <para>In /etc/shorewall/init, put:</para>
+          <para>Create <filename>/etc/shorewall/addroutes</filename> as
          follows:</para>
-          <programlisting><command>if [ -z "`ip rule list | grep www.out`" ] ; then
+          <programlisting><command>#!/bin/sh
 if [ -z "`ip rule list | grep www.out`" ] ; then
        ip rule add fwmark 0xCA table www.out # Note 0xCA = 202
-        ip route add default via 192.0.2.177 dev eth1 table www.out
+        ip route add default via 192.168.1.3 dev eth1 table www.out
        ip route flush cache
        echo 0 &gt; /proc/sys/net/ipv4/conf/eth1/send_redirects
 fi</command></programlisting>
        </listitem>
        <listitem>
          <para>Make <filename>/etc/shorewall/addroutes</filename> executable
          via:</para>
          <programlisting><command>chmod +x /etc/shorewall/addroutes</command></programlisting>
        </listitem>
        <listitem>
          <para>In <filename>/etc/shorewall/init</filename>, put:</para>
          <programlisting><command>run_and_save_command "/etc/shorewall/addroutes"</command></programlisting>
        </listitem>
        <listitem>
          <para>Do <emphasis role="bold">one</emphasis> of the
          following:</para>
--- a/Shorewall-docs2/configuration_file_basics.xml
+++ b/Shorewall-docs2/configuration_file_basics.xml
@ -15,7 +15,7 @@
      </author>
    </authorgroup>
-    <pubdate>2005-02-28</pubdate>
+    <pubdate>2005-03-24</pubdate>
    <copyright>
      <year>2001-2005</year>
@ -495,6 +495,34 @@ DNAT       net        loc:192.168.1.3 tcp       4000:4100</programlisting>
    omit the high port number, a value of 65535 is assumed.</para>
  </section>
  <section>
    <title>Port Lists</title>
    <para>In most cases where a port or port range may appear, a
    comma-separated list of ports or port ranges may also be entered.
    Shorewall will use the Netfilter <emphasis
    role="bold">multiport</emphasis> match capability if it is available (see
    the output of "<emphasis role="bold">shorewall check</emphasis>" under the
    heading "Shorewall has detected the following iptables/netfilter
    capabilities:") and if its use is appropriate.</para>
    <para>Shorewall can use multiport match if: </para>
    <orderedlist>
      <listitem>
        <para>The list contains 15 or fewer port number; and</para>
      </listitem>
      <listitem>
        <para>There are no port ranges listed OR your iptables/kernel support
        the Extended <emphasis role="bold">multiport</emphasis> match (again
        see the output of "shorewall check"). Where the Extended <emphasis
        role="bold">multiport</emphasis> match is available, each port range
        counts as two ports toward the maximum of 15.</para>
      </listitem>
    </orderedlist>
  </section>
  <section id="Variables">
    <title>Using Shell Variables</title>
--- a/Shorewall-docs2/ping.xml
+++ b/Shorewall-docs2/ping.xml
@ -13,10 +13,10 @@
      </author>
    </authorgroup>
-    <pubdate>2004-01-03</pubdate>
+    <pubdate>2005-03-04</pubdate>
    <copyright>
-      <year>2001-2004</year>
+      <year>2001-2005</year>
      <holder>Thomas M. Eastep</holder>
    </copyright>
@ -27,7 +27,8 @@
      1.2 or any later version published by the Free Software Foundation; with
      no Invariant Sections, with no Front-Cover, and with no Back-Cover
      Texts. A copy of the license is included in the section entitled
-      <quote><ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para>
+      <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
      License</ulink></quote>.</para>
    </legalnotice>
  </articleinfo>
@ -36,8 +37,8 @@
    the latest change coming in Shorewall version 1.4.0. To find out which
    version of Shorewall you are running, at a shell prompt type
    <quote><command>/sbin/shorewall version</command></quote>. If that command
-    gives you an error, it&#39;s time to upgrade since you have a very old
+    gives you an error, it's time to upgrade since you have a very old version
-    version of Shorewall installed (1.2.4 or earlier).</para>
+    of Shorewall installed (1.2.4 or earlier).</para>
  </note>
  <note>
@ -47,14 +48,14 @@
  </note>
  <section>
-    <title>Shorewall Versions &#62;= 2.0.0</title>
+    <title>Shorewall Versions &gt;= 2.0.0</title>
-    <para>In Shoreall 1.4.0 and later version, ICMP echo-request&#39;s are
+    <para>In Shoreall 1.4.0 and later version, ICMP echo-request's are treated
-    treated just like any other connection request.</para>
+    just like any other connection request.</para>
    <para>In order to accept ping requests from zone z1 to zone z2 where the
    policy for z1 to z2 is not ACCEPT, you need a rule in
-    <filename>/etc/shoreall/rules</filename> of the form:</para>
+    <filename>/etc/shorewall/rules</filename> of the form:</para>
    <programlisting>#ACTION      SOURCE    DEST     PROTO    DEST PORT(S)
 AllowPing    z1        z2</programlisting>
@ -69,8 +70,11 @@ AllowPing    loc       fw</programlisting>
    </example>
    <para>If you would like to accept <quote>ping</quote> by default even when
-    the relevant policy is DROP or REJECT, modify /etc/shorewall/action.Drop
+    the relevant policy is DROP or REJECT, copy
-    or /etc/shorewall/action.Reject respectively and simply add the line:</para>
+    <filename>/usr/share/shorewall/action.Drop</filename> or
    <filename>/usr/share shorewall/action.Reject</filename> respectively to
    <filename class="directory">/etc/shorewall</filename> and simply add this
    line to the copy:</para>
    <programlisting>AllowPing</programlisting>
@ -84,7 +88,7 @@ DropPing     z1        z2</programlisting>
      <title>Silently drop pings from the Internet</title>
      <para>To drop ping from the internet, you would need this rule in
-      /etc/shorewall/rules:</para>
+      <filename>/etc/shorewall/rules</filename>:</para>
      <programlisting>#ACTION   SOURCE    DEST     PROTO    DEST PORT(S)
 DropPing  net       fw</programlisting>
@ -96,10 +100,10 @@ DropPing  net       fw</programlisting>
  </section>
  <section>
-    <title>Shorewall Versions &#62;= 1.4.0</title>
+    <title>Shorewall Versions &gt;= 1.4.0</title>
-    <para>In Shoreall 1.4.0 and later version, ICMP echo-request&#39;s are
+    <para>In Shoreall 1.4.0 and later version, ICMP echo-request's are treated
-    treated just like any other connection request.</para>
+    just like any other connection request.</para>
    <para>In order to accept ping requests from zone z1 to zone z2 where the
    policy for z1 to z2 is not ACCEPT, you need a rule in
@ -119,7 +123,7 @@ ACCEPT    loc       fw       icmp     8</programlisting>
    <para>If you would like to accept <quote>ping</quote> by default even when
    the relevant policy is DROP or REJECT, create /etc/shorewall/icmpdef if it
-    doesn&#39;t already exist and in that file place the following command:</para>
+    doesn't already exist and in that file place the following command:</para>
    <programlisting>run_iptables -A icmpdef -p icmp --icmp-type 8 -j ACCEPT</programlisting>
@ -145,7 +149,7 @@ DROP      net       fw       icmp     8</programlisting>
  </section>
  <section>
-    <title>Shorewall Versions &#62;= 1.3.14 and &#60; 1.4.0 with
+    <title>Shorewall Versions &gt;= 1.3.14 and &lt; 1.4.0 with
    OLD_PING_HANDLING=No in /etc/shorewall/shorewall.conf</title>
    <para>In 1.3.14, Ping handling was put under control of the rules and
@ -167,7 +171,7 @@ ACCEPT    loc       fw       icmp     8</programlisting>
    <para>If you would like to accept <quote>ping</quote> by default even when
    the relevant policy is DROP or REJECT, create /etc/shorewall/icmpdef if it
-    doesn&#39;t already exist and in that file place the following command:</para>
+    doesn't already exist and in that file place the following command:</para>
    <programlisting>run_iptables -A icmpdef -p icmp --icmp-type 8 -j ACCEPT</programlisting>
@ -199,10 +203,11 @@ DROP      net       fw       icmp     8</programlisting>
  </section>
  <section>
-    <title>Shorewall Versions &#60; 1.3.14 or with OLD_PING_HANDLING=Yes in
+    <title>Shorewall Versions &lt; 1.3.14 or with OLD_PING_HANDLING=Yes in
    /etc/shorewall/shorewall.conf</title>
-    <para>There are several aspects to the old Shorewall Ping management:</para>
+    <para>There are several aspects to the old Shorewall Ping
    management:</para>
    <orderedlist>
      <listitem>
@ -213,11 +218,13 @@ DROP      net       fw       icmp     8</programlisting>
      <listitem>
        <para>The <emphasis role="bold">FORWARDPING</emphasis> option in
-        <ulink url="Documentation.htm#Config">/etc/shorewall/shorewall.conf</ulink>.</para>
+        <ulink
        url="Documentation.htm#Config">/etc/shorewall/shorewall.conf</ulink>.</para>
      </listitem>
      <listitem>
-        <para>Explicit rules in <ulink url="Documentation.htm#rules">/etc/shorewall/rules</ulink>.</para>
+        <para>Explicit rules in <ulink
        url="Documentation.htm#rules">/etc/shorewall/rules</ulink>.</para>
      </listitem>
    </orderedlist>
@ -268,15 +275,17 @@ DROP      net       fw       icmp     8</programlisting>
    <section>
      <title>Ping Requests Forwarded by the Firewall</title>
-      <para>These requests are always passed to rules/policy evaluation.</para>
+      <para>These requests are always passed to rules/policy
      evaluation.</para>
      <section>
        <title>Rules Evaluation</title>
-        <para>Ping requests are ICMP type 8. So the general rule format is:</para>
+        <para>Ping requests are ICMP type 8. So the general rule format
        is:</para>
        <programlisting>#ACTION   SOURCE    DEST          PROTO    DEST PORT(S)
-<emphasis>&#60;action&#62;</emphasis>  <emphasis>&#60;source&#62;</emphasis>  <emphasis>&#60;destination&#62;</emphasis>          icmp     8</programlisting>
+<emphasis>&lt;action&gt;</emphasis>  <emphasis>&lt;source&gt;</emphasis>  <emphasis>&lt;destination&gt;</emphasis>          icmp     8</programlisting>
        <example>
          <title>Allow ping from DMZ to Net</title>
@ -327,8 +336,26 @@ DROP      net       fw       icmp     8</programlisting>
  <appendix>
    <title>Revision History</title>
-    <para><revhistory><revision><revnumber>1.2</revnumber><date>2004-01-03</date><authorinitials>TE</authorinitials><revremark>Add
+    <para><revhistory>
-    traceroute reference</revremark></revision><revision><revnumber>1.1</revnumber><date>2003-08-23</date><authorinitials>TE</authorinitials><revremark>Initial
+        <revision>
-    version converted to Docbook XML</revremark></revision></revhistory></para>
+          <revnumber>1.2</revnumber>
          <date>2004-01-03</date>
          <authorinitials>TE</authorinitials>
          <revremark>Add traceroute reference</revremark>
        </revision>
        <revision>
          <revnumber>1.1</revnumber>
          <date>2003-08-23</date>
          <authorinitials>TE</authorinitials>
          <revremark>Initial version converted to Docbook XML</revremark>
        </revision>
      </revhistory></para>
  </appendix>
 </article>
--- a/Shorewall-docs2/shorewall_logging.xml
+++ b/Shorewall-docs2/shorewall_logging.xml
@ -15,10 +15,10 @@
      </author>
    </authorgroup>
-    <pubdate>2004-12-27</pubdate>
+    <pubdate>2005-03-04</pubdate>
    <copyright>
-      <year>2001 - 2004</year>
+      <year>2001 - 2005</year>
      <holder>Thomas M. Eastep</holder>
    </copyright>
@ -220,17 +220,25 @@
      <para>You will need to change all instances of log levels (usually
      <quote>info</quote>) in your Shorewall configuration files to
      <quote>ULOG</quote> - this includes entries in the policy, rules and
-      shorewall.conf files. Here's what I have:</para>
+      shorewall.conf files. Here's what I had at one time:</para>
-      <programlisting>     [root@gateway shorewall]# grep LOG * | grep -v ^\#
+      <programlisting>gateway:/etc/shorewall# grep -v ^\# * | egrep '\$LOG|ULOG|LOGFILE'
-     params:LOG=ULOG
+params:LOG=ULOG
-     policy:loc fw  REJECT $LOG
+policy:loc              $FW             REJECT          $LOG
-     policy:net all DROP   $LOG    10/sec:40
+policy:net              all             DROP            $LOG            10/sec:40
-     policy:all all REJECT $LOG
+policy:all              all             REJECT          $LOG
-     rules:REJECT:$LOG loc net tcp 6667
+rules:REJECT:$LOG       loc                             net                     tcp     25
-     shorewall.conf:TCP_FLAGS_LOG_LEVEL=$LOG
+rules:REJECT:$LOG       loc                             net                     udp     1025:1031
-     shorewall.conf:RFC1918_LOG_LEVEL=$LOG
+rules:REJECT:$LOG       dmz                             net                     udp     1025:1031
-     [root@gateway shorewall]#</programlisting>
+rules:ACCEPT:$LOG       dmz                             net                     tcp     1024:                                   20
 rules:REJECT:$LOG       fw                              net                     udp     1025:1031
 shorewall.conf:LOGFILE=/var/log/shorewall
 shorewall.conf:LOGUNCLEAN=$LOG
 shorewall.conf:LOGNEWNOTSYN=$LOG
 shorewall.conf:MACLIST_LOG_LEVEL=$LOG
 shorewall.conf:TCP_FLAGS_LOG_LEVEL=$LOG
 shorewall.conf:RFC1918_LOG_LEVEL=$LOG
 gateway:/etc/shorewall#                                               </programlisting>
      <para>Finally edit /etc/shorewall/shorewall.conf and set
      LOGFILE=&lt;<emphasis>file that you wish to log to</emphasis>&gt;. This
--- a/Shorewall-docs2/support.xml
+++ b/Shorewall-docs2/support.xml
@ -15,7 +15,7 @@
      </author>
    </authorgroup>
-    <pubdate>2005-02-20</pubdate>
+    <pubdate>2005-03-05</pubdate>
    <copyright>
      <year>2001-2005</year>
@ -75,10 +75,9 @@
      </listitem>
      <listitem>
-        <para>The <ulink
+        <para>The <ulink url="http://shorewall.net/search.html">Search
-        url="http://lists.shorewall.net/htdig/search.html">Site and Mailing
+        facility</ulink> linked from the Shorewall Home Page can locate
-        List Archives search facility</ulink> can locate documents and posts
+        documents and posts about similar problems:</para>
        about similar problems:</para>
      </listitem>
    </itemizedlist>
  </section>
@ -274,7 +273,9 @@
    release</emphasis> (see the <ulink url="ReleaseModel.html">Shorewall
    Release Model page</ulink>) -- please post your question or problem to the
    <ulink url="mailto:shorewall-devel@lists.shorewall.net">Shorewall
-    Development Mailing List</ulink>.</para>
+    Development Mailing List</ulink>. <emphasis
    role="bold">IMPORTANT</emphasis>: You must subscribe to the list before
    you will be able to post to it (see link below).</para>
    <para><emphasis role="bold">If you run Shorewall under MandrakeSoft Multi
    Network Firewall (MNF) and you have not purchased an MNF license from
@ -285,18 +286,25 @@
    <para>Otherwise, please post your question or problem to the <ulink
    url="mailto:shorewall-users@lists.shorewall.net">Shorewall users mailing
-    list</ulink>. <emphasis role="bold">IMPORTANT</emphasis>: If you are not
+    list</ulink>. <emphasis role="bold">IMPORTANT</emphasis>: You must
-    subscribed to the list, please say so -- otherwise, you will not be
+    subscribe to the list before you will be able to post to it (see link
-    included in any replies.</para>
+    below).</para>
  </section>
  <section>
    <title>Subscribing to the Users Mailing List</title>
-    <para>To Subscribe to the mailing list go to <ulink
+    <para>To Subscribe to the users mailing list go to <ulink
    url="https://lists.shorewall.net/mailman/listinfo/shorewall-users">https://lists.shorewall.net/mailman/listinfo/shorewall-users</ulink>.</para>
  </section>
  <section>
    <title>Subscribing to the Development Mailing List</title>
    <para>To Subscribe to the development mailing list go to <ulink
    url="https://lists.shorewall.net/mailman/listinfo/shorewall-devel">https://lists.shorewall.net/mailman/listinfo/shorewall-devel</ulink>.</para>
  </section>
  <section>
    <title>Other Mailing Lists</title>
--- a/Shorewall-docs2/troubleshoot.xml
+++ b/Shorewall-docs2/troubleshoot.xml
@ -13,7 +13,7 @@
      <surname>Eastep</surname>
    </author>
-    <pubdate>20045-03-03</pubdate>
+    <pubdate>2005-03-05</pubdate>
    <copyright>
      <year>2001-2005</year>
@ -57,9 +57,9 @@
      <title>Try Searching the Shorewall Site and Mailing List
      Archives</title>
-      <para>The <ulink url="http://lists.shorewall.net/htdig/search.html">Site
+      <para>The <ulink url="http://shorewall.net/search.html">Site and Mailing
-      and Mailing List Archives search facility</ulink> can locate documents
+      List Archives search facility</ulink> can locate documents and posts
-      and posts about similar problems.</para>
+      about similar problems.</para>
    </section>
  </section>