From a0eab5c1e0c4bdcd374ca9dc8fa04b3c1e75238f Mon Sep 17 00:00:00 2001 From: teastep Date: Tue, 24 Apr 2007 22:53:50 +0000 Subject: [PATCH] Update Shorewall-4 documentation git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6110 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/Shorewall-4.xml | 44 ++++++++++++++++++++--------------------- web/shorewall_index.htm | 11 +++++------ 2 files changed, 27 insertions(+), 28 deletions(-) diff --git a/docs/Shorewall-4.xml b/docs/Shorewall-4.xml index c5fcb0304..a1e94e24d 100644 --- a/docs/Shorewall-4.xml +++ b/docs/Shorewall-4.xml @@ -54,10 +54,10 @@ - Shorewall version 4 offers you a choice. You can continue to use - the existing shell-based implementation or you can use a new - implementation of the Shorewall compiler written in the Perl programming - language. The new compiler: + Shorewall version 4 offers you a choice. You can continue to use the + existing shell-based implementation or you can use a new implementation of + the Shorewall compiler written in the Perl programming language. The new + compiler: @@ -98,7 +98,7 @@ Shorewall-perl - the new Perl-based compiler. May be installed - under Shorewall 3.4.2 or 3.9.x. + under Shorewall 3.4.2 or later or 3.9.x. @@ -193,35 +193,28 @@ match requirement is relaxed. - - Because the compiler is now written in Perl, your compile-time - extension scripts from earlier versions will no longer work. For now, - if you want to use extension scripts, you will need to read the Perl - code to see how the compiler operates internally. I will produce - documentation before the first official release. Compile-time - extension scripts are executed using the Perl 'do FILE' - mechanism. - - The 'refresh' command is now synonymous with 'restart'. - Because the compiler is now written in Perl, your compile-time + Because the compiler is now written in Perl, your compile-time extension scripts from earlier versions will no longer work. Compile-time extension scripts are executed using the Perl 'eval `cat <file>`' mechanism. Be sure that each script returns a 'true' value; otherwise, the compiler will assume that the script failed and will abort the compilation. - When a script is invoked, the $chainref scalar variable will - hold a reference to a chain table entry. + When a script is invoked, the $chainref scalar variable will hold a reference + to a chain table entry. - $chainref->{name} contains the name of the chain + $chainref->{name} + contains the name of the chain - $chainref->{table} holds the table name + $chainref->{table} holds + the table name To add a rule to the chain: @@ -269,7 +262,7 @@ There is only a single "pass as-is to iptables" argument (so - you must quote that par + you must quote that part @@ -282,7 +275,8 @@ 'DROP' , '', #Limit '' , #Log tag - 'add'; + 'add' + '-p tcp '; @@ -397,6 +391,12 @@ fi The pre Shorewall-3.0 format of the zones file is not supported; neither is the /etc/shorewall/ipsec file. + + + BLACKLISTNEWONLY=No is not permitted with FASTACCEPT=Yes. This + combination doesn't work in previous versions of Shorewall so the + Perl-based compiler simply rejects it. + diff --git a/web/shorewall_index.htm b/web/shorewall_index.htm index f1b49f7b3..96396fc1c 100644 --- a/web/shorewall_index.htm +++ b/web/shorewall_index.htm @@ -21,7 +21,7 @@ Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”.

-

2007-04-22

+

2007-04-24

Table of Contents

@@ -133,17 +133,16 @@ is 3.2.10
href="http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.10/errata/">updates. The current Development Release is -3.9.3
+3.9.4