diff --git a/docs/6to4.xml b/docs/6to4.xml
index 11e7c9c84..d4b994860 100644
--- a/docs/6to4.xml
+++ b/docs/6to4.xml
@@ -26,7 +26,7 @@
2003-2004
- Eric de Thoars and Tom Eastep
+ Eric de Thouars and Tom Eastep
diff --git a/docs/Accounting.xml b/docs/Accounting.xml
index 240ea46a0..44938d519 100644
--- a/docs/Accounting.xml
+++ b/docs/Accounting.xml
@@ -202,7 +202,7 @@
on outbound ones.
Accounting rules are not stateful -- each rule only handles traffic
- in one direction. For example, if eth0 is your internet interface, and you
+ in one direction. For example, if eth0 is your Internet interface, and you
have a web server in your DMZ connected to eth1, then to count HTTP
traffic in both directions requires two rules:
diff --git a/docs/Actions.xml b/docs/Actions.xml
index eb98a94d0..c13fc58a5 100644
--- a/docs/Actions.xml
+++ b/docs/Actions.xml
@@ -144,9 +144,9 @@ ACCEPT - - tcp 135,139,445
Ensure correct operation. Default actions can also avoid common
pitfalls like dropping connection requests on port TCP port 113. If
these connections are dropped (rather than rejected) then you may
- encounter problems connecting to internet services that utilize the
+ encounter problems connecting to Internet services that utilize the
AUTH protocol of client authentication
- AUTH is actually pretty silly on today's internet but it's
+ AUTH is actually pretty silly on today's Internet but it's
amazing how many servers still employ it.
diff --git a/docs/Anatomy.xml b/docs/Anatomy.xml
index ea653ffe0..b116fbc13 100644
--- a/docs/Anatomy.xml
+++ b/docs/Anatomy.xml
@@ -81,7 +81,7 @@
class="directory">/usr/share/shorewall, /etc/shorewall,
/etc/init.d and /var/lilb/shorewall/. These are described in
+ class="directory">/var/lib/shorewall/. These are described in
the sub-sections that follow.
@@ -363,7 +363,7 @@
class="directory">/usr/share/shorewall-lite, /etc/shorewall-lite,
/etc/init.d and /var/lilb/shorewall/. These are described in
+ class="directory">/var/lib/shorewall/. These are described in
the sub-sections that follow.
diff --git a/docs/CompiledPrograms.xml b/docs/CompiledPrograms.xml
index cd6316cba..00cc44ba1 100644
--- a/docs/CompiledPrograms.xml
+++ b/docs/CompiledPrograms.xml
@@ -226,7 +226,7 @@
The firewall systems do NOT
need to have the full Shorewall product installed but rather only
- the Shorewall Lite product. Shorewall and Shorewall LIte may be
+ the Shorewall Lite product. Shorewall and Shorewall Lite may be
installed on the same system but that isn't encouraged.
diff --git a/docs/ECN.xml b/docs/ECN.xml
index d45b5af19..9b3c2f656 100644
--- a/docs/ECN.xml
+++ b/docs/ECN.xml
@@ -50,7 +50,7 @@
Explicit Congestion Notification (ECN)Explicit Congestion Notification (ECN) is described in RFC 3168 and
- is a proposed internet standard. Unfortunately, not all sites support ECN
+ is a proposed Internet standard. Unfortunately, not all sites support ECN
and when a TCP connection offering ECN is sent to sites that don't support
it, the result is often that the connection request is ignored.
diff --git a/docs/FAQ.xml b/docs/FAQ.xml
index fe52582d2..1f68b2a83 100644
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@@ -135,7 +135,7 @@
(FAQ 76) I just upgraded my Debian system and now masquerading
- doesn work? What happened?
+ doesn't work? What happened?
Answer: This happens to people
who ignore our advice and
@@ -149,7 +149,7 @@
(FAQ 76a) I just upgraded my Ubuntu system and now masquerading
- doesn work? What happened?
+ doesn't work? What happened?
Answer: See above.
@@ -157,7 +157,7 @@
(FAQ 76b) I just upgraded my Kubuntu system and now
- masquerading doesn work? What happened?
+ masquerading doesn't work? What happened?
Answer: See above.
@@ -193,7 +193,7 @@ DNAT net loc:192.168.1.5 udp 7777
# PORT DEST.
DNAT net loc:local-IP-address>[:local-port] protocolport-number - external-IP
- If you want to forward requests from a particular internet address
+ If you want to forward requests from a particular Internet address
( address ):#ACTION SOURCE DEST PROTO DEST PORT SOURCE ORIGINAL
@@ -253,7 +253,7 @@ DNAT net:address loc:local-IP-address
As root, type shorewall reset ("shorewall-lite reset", if you are
- running Shorewall Lite). This clears all NetFilter
+ running Shorewall Lite). This clears all Netfilter
counters.
@@ -315,7 +315,7 @@ DNAT net:address loc:local-IP-addressshorewall show zones"
+ root prompt, type "shorewall show zones"
("shorewall-lite show zones") then be sure that
in the DEST column you have specified the first zone in the list that matches
@@ -335,7 +335,7 @@ DNAT net:address loc:local-IP-address
- (FAQ 1c) From the internet, I want to connect to port 1022 on
+ <title>(FAQ 1c) From the Internet, I want to connect to port 1022 on
my firewall and have the firewall forward the connection to port 22 on
local system 192.168.1.3. How do I do that?
@@ -462,7 +462,7 @@ eth1:192.168.1.4 0.0.0.0/0 192.168.1.1 tcp 21
(FAQ 1g) I would like to redirect port 80 on my public IP
- address (206.124.146.176) to port 993 on internet host
+ address (206.124.146.176) to port 993 on Internet host
66.249.93.111Answer: This requires a vile
@@ -497,8 +497,8 @@ eth0:66.249.93.111 0.0.0.0/0 206.124.146.176 tcp 993 appropriate for your setup; the guides cover this topic in
a tutorial fashion. DNAT rules should be used for connections that need
to go the opposite direction from SNAT/MASQUERADE. So if you masquerade
- or use SNAT from your local network to the internet then you will need
- to use DNAT rules to allow connections from the internet to your local
+ or use SNAT from your local network to the Internet then you will need
+ to use DNAT rules to allow connections from the Internet to your local
network. You also want to use DNAT rules when you intentionally want to
rewrite the destination IP address or port number. In all other cases,
you use ACCEPT unless you need to hijack connections as they go through
@@ -537,7 +537,7 @@ eth0:66.249.93.111 0.0.0.0/0 206.124.146.176 tcp 993
- Having an internet-accessible server in your local network is
+ Having an Internet-accessible server in your local network is
like raising foxes in the corner of your hen house. If the server is
compromised, there's nothing between that server and your other
internal systems. For the cost of another NIC and a cross-over
@@ -559,7 +559,7 @@ eth0:66.249.93.111 0.0.0.0/0 206.124.146.176 tcp 993
So the best and most secure way to solve this problem is to move
- your internet-accessible server(s) to a separate LAN segment with it's
+ your Internet-accessible server(s) to a separate LAN segment with it's
own interface to your firewall and follow FAQ
2b. That way, your local systems are still safe if your server
gets hacked and you don't have to run a split DNS configuration
@@ -643,7 +643,7 @@ DNAT loc loc:192.168.1.5 tcp www - If the ALL INTERFACES column in /etc/shorewall/nat is empty or
contains Yes, you will also see log messages like the
following when trying to access a host in Z from another host in Z
- using the destination hosts's public address:
+ using the destination host's public address:Oct 4 10:26:40 netgw kernel:
Shorewall:FORWARD:REJECT:IN=eth1 OUT=eth1 SRC=192.168.118.200
@@ -685,7 +685,7 @@ DNAT loc loc:192.168.1.5 tcp www - #ZONE INTERFACE BROADCAST OPTIONS
dmz eth2 192.168.2.255 routeback
- In /etc/shorewall/nat, be sure that you
+ In /etc/shorewall/nat, be sure that you
have Yes in the ALL INTERFACES column.In /etc/shorewall/masq:
@@ -802,7 +802,7 @@ DNAT loc dmz:192.168.2.4 tcp 80 - > I know PoM -ng is going to address this issue, but till it is ready, and
> all the extras are ported to it, is there any way to use the h.323
-> contrack module kernel patch with a 2.6 kernel?
+> conntrack module kernel patch with a 2.6 kernel?
> Running 2.6.1 - no 2.4 kernel stuff on the system, so downgrade is not
> an option... The module is not ported yet to 2.6, sorry.
> Do I have any options besides a gatekeeper app (does not work in my
@@ -831,7 +831,7 @@ to debug/develop the newnat interface.
url="shorewall_quickstart_guide.htm">Quick Start Guides should
have to ask this question.
- Regardless of which guide you used, all outbound communcation is
+ Regardless of which guide you used, all outbound communication is
open by default. So you do not need to 'open ports' for output.For input:
@@ -877,7 +877,7 @@ to debug/develop the newnat interface.Answer: The default Shorewall
setup invokes the Drop action prior to
enforcing a DROP policy and the default policy to all zones from the
- internet is DROP. The Drop action is defined in
+ Internet is DROP. The Drop action is defined in
/usr/share/shorewall/action.Drop which in turn
invokes the Auth macro (defined in
/usr/share/shorewall/macro.Auth) specifying the
@@ -916,7 +916,7 @@ to debug/develop the newnat interface.
establishment of new connections. Once a connection is established
through the firewall it will be usable until disconnected (tcp) or
until it times out (other protocols). If you stop telnet and try to
- establish a new session your firerwall will block that attempt.
+ establish a new session your firewall will block that attempt.
@@ -973,7 +973,7 @@ to debug/develop the newnat interface.
The DNS settings on the local systems are wrong or the user is
running a DNS server on the firewall and hasn't enabled UDP and TCP
port 53 from the local net to the firewall or from the firewall to
- the internet.
+ the Internet.
@@ -1042,7 +1042,7 @@ to debug/develop the newnat interface.
may no longer be defined in terms of bridge ports. See the new Shorewall-shell bridging
documentation for information about configuring a
- bridge/firewall under kernel 2.6.20 and later with Shoreawall shell or
+ bridge/firewall under kernel 2.6.20 and later with Shorewall shell or
the Shorewall-perl bridging
documentation if you use Shorewall-perl
(highly-recommended).
@@ -1167,7 +1167,7 @@ DROP net fw udp 10619
- the ethernet frame type (2 bytes)
+ the Ethernet frame type (2 bytes)
@@ -1216,7 +1216,7 @@ teastep@ursa:~$ The first number determines the maximum log
less than this number are sent to the
console. On the system shown in the example above, priorities 0-5 are
sent to the console. Since Shorewall defaults to using 'info' (6), the
- Shorewall-generated Netfilter ruleset will generate log messages that
+ Shorewall-generated Netfilter rule set will generate log messages that
will not appear on the console.The second number is the default log level for kernel printk()
@@ -1252,7 +1252,7 @@ teastep@ursa:~$ The first number determines the maximum log
messages or the content of the messages.The actual log file where Netfilter messages are written is not
- standardized and will vary by distribution and distribusion version.
+ standardized and will vary by distribution and distribution version.
But anytime you see no logging, it's time to look outside the
Shorewall configuration for the cause. As an example, recent
SuSE releases use syslog-ng by default and
@@ -1376,7 +1376,7 @@ teastep@ursa:~$ The first number determines the maximum log
- blacklst
+ blacklistThe packet is being logged because the source IP is
@@ -1634,7 +1634,7 @@ modprobe: Can't locate module iptable_raw
Routing
- (FAQ 32) My firewall has two connections to the internet from two
+ <title>(FAQ 32) My firewall has two connections to the Internet from two
different ISPs. How do I set this up in Shorewall?Answer: See /sbin/shorewall (and
/sbin/shorewall-lite). For more information on the
- tradeoffs involved when deciding whether to use the Debian package, see
+ factors involved when deciding whether to use the Debian package, see
this
article.
@@ -2004,7 +2004,7 @@ iptables: Invalid argument
Traffic Shaping
- (FAQ 67) I just configured Shorewall's builtin traffic shaping
+ <title>(FAQ 67) I just configured Shorewall's built in traffic shaping
and now Shorewall fails to Start.The error I receive is as follows:RTNETLINK answers: No such file or directory
@@ -2086,7 +2086,7 @@ We have an error talking to the kernel
(FAQ 25a) How do I tell which version of Shorewall-perl and
- Shorewall-shell that I have intalled?
+ Shorewall-shell that I have installed?
Answer: At the shell prompt,
type:
@@ -2174,7 +2174,7 @@ We have an error talking to the kernel
(FAQ 14) I'm connected via a cable modem and it has an internal
web server that allows me to configure/monitor it but as expected if I
- enable rfc1918 blocking for my eth0 interface (the internet one), it
+ enable rfc1918 blocking for my eth0 interface (the Internet one), it
also blocks the cable modems web server.Is there any way it can add a rule before the rfc1918 blocking
@@ -2217,7 +2217,7 @@ We have an error talking to the kernel
- (FAQ 14b) I connect to the internet with PPPoE. When I try to
+ <title>(FAQ 14b) I connect to the Internet with PPPoE. When I try to
access the built-in web server in my DSL Modem, I get connection
Refused.
@@ -2285,7 +2285,7 @@ eth0 eth1 # eth1 = interface to local netwo
(FAQ 18) Is there any way to use aliased ip addresses with
- Shorewall, and maintain separate rulesets for different IPs?
+ Shorewall, and maintain separate rule sets for different IPs?
Answer: Yes. See Shorewall and Aliased
@@ -2369,7 +2369,7 @@ eth0 eth1 # eth1 = interface to local netwo
iptables-restore to instantiate the Netfilter
configuration. So it runs much faster than the script generated by
the Shorewall-shell compiler and doesn't disable new connections
- during ruleset installation.
+ during rule set installation.
@@ -2432,7 +2432,7 @@ rmmod nf_conntrack_sipThen change the DONT_LOAD specification
(FAQ 20) I have just set up a server. Do I have to change
- Shorewall to allow access to my server from the internet?
+ Shorewall to allow access to my server from the Internet?
Answer: Yes. Consult the QuickStart guide that you
@@ -2441,8 +2441,8 @@ rmmod nf_conntrack_sipThen change the DONT_LOAD specification
- (FAQ 24) How can I allow conections to let's say the ssh port
- only from specific IP Addresses on the internet?
+ (FAQ 24) How can I allow connections to let's say the ssh port
+ only from specific IP Addresses on the Internet?Answer: In the SOURCE column of
the rule, follow net by a colon and a list of the
@@ -2540,14 +2540,14 @@ REJECT fw net:pagead2.googlesyndication.com all
When you specify a domain name in a
Shorewall rule, the iptables program resolves that name to one
- or more IP addresses and the actual netfilter rules that are created are
+ or more IP addresses and the actual Netfilter rules that are created are
expressed in terms of those IP addresses. So the rule that you entered
was equivalent to:
diff --git a/docs/FTP.xml b/docs/FTP.xml
index 7b10e3be2..41f732b86 100644
--- a/docs/FTP.xml
+++ b/docs/FTP.xml
@@ -319,7 +319,7 @@ xt_tcpudp 3328 0
if you run an FTP server that listens on port 49 or you need to
- access a server on the internet that listens on that port then you would
+ access a server on the Internet that listens on that port then you would
have:loadmodule nf_conntrack_ftp ports=21,49
@@ -414,7 +414,7 @@ FTP/ACCEPT dmz netNote that the FTP connection tracking in the kernel cannot handle
cases where a PORT command (or PASV reply) is broken across two packets or
- is misssing the ending <cr>/<lf>. When such cases occur, you
+ is missing the ending <cr>/<lf>. When such cases occur, you
will see a console message similar to this one:Apr 28 23:55:09 gateway kernel: conntrack_ftp: partial PORT 715014972+1
diff --git a/docs/GenericTunnels.xml b/docs/GenericTunnels.xml
index 5fe5837d2..425c3b95f 100644
--- a/docs/GenericTunnels.xml
+++ b/docs/GenericTunnels.xml
@@ -54,7 +54,7 @@
We want systems in the 192.168.1.0/24 subnetwork to be able to
communicate with the systems in the 10.0.0.0/8 network. This is
- accomplished through use of the /etc/shorwall/tunnels file, the
+ accomplished through use of the /etc/shorewall/tunnels file, the
/etc/shorewall/policy file and the /etc/shorewall/tunnel script that is
included with Shorewall.
diff --git a/docs/IPIP.xml b/docs/IPIP.xml
index 8f06edcfc..607615903 100644
--- a/docs/IPIP.xml
+++ b/docs/IPIP.xml
@@ -43,7 +43,7 @@
- GRE and IPIP Tunnels are insecure when used over the internet; use
+ GRE and IPIP Tunnels are insecure when used over the Internet; use
them at your own risk
diff --git a/docs/IPP2P.xml b/docs/IPP2P.xml
index 464b5bd6b..64483d887 100644
--- a/docs/IPP2P.xml
+++ b/docs/IPP2P.xml
@@ -48,9 +48,9 @@
Introduction
- Shorewall verions 2.2.0 and later include support for the ipp2p
+ Shorewall versions 2.2.0 and later include support for the ipp2p
match facility. This is a departure from my usual policy in that the ipp2p
- match facility is included in Patch-O-Matic-NG and is unlikely to ever be
+ match facility is included in Patch-O-Matic-ENG and is unlikely to ever be
included in the kernel.org source tree. Questions about how to install the
patch or how to build your kernel and/or iptables should not be posted on
the Shorewall mailing lists but should rather be referred to the Netfilter
diff --git a/docs/IPSEC-2.6.xml b/docs/IPSEC-2.6.xml
index a105ab942..0e614bcf8 100644
--- a/docs/IPSEC-2.6.xml
+++ b/docs/IPSEC-2.6.xml
@@ -76,7 +76,7 @@
broken when used with a bridge device. The problem has been reported to
the responsible Netfilter developer who has confirmed the problem. The
problem was presumably corrected in Kernel 2.6.20 as a result of the
- removal of defered FORWARD/OUTPUT processing of traffic destined for a
+ removal of deferred FORWARD/OUTPUT processing of traffic destined for a
bridge. See the "Shorewall-perl and Bridged
Firewalls" article.
@@ -134,7 +134,7 @@
by normal rules and policies.Under the 2.4 Linux Kernel, the association of unencrypted traffic
- and zones was made easy by the presense of IPSEC pseudo-interfaces with
+ and zones was made easy by the presence of IPSEC pseudo-interfaces with
names of the form ipsecn (e.g.
ipsec0). Outgoing unencrypted
traffic (case 1.) was send through an For simple zones such as are shown in the following examples, the
- two techniques are equivalent and are used interchangably.
+ two techniques are equivalent and are used interchangeably.
- It is redundent to have ipsec in
+ It is redundant to have ipsec in
the TYPE column of the /etc/shorewall/zones entry
for a zone and to also have the ipsec
option in /etc/shorewall/hosts entries for that
@@ -234,13 +234,13 @@
IPSec Gateway on the Firewall System
- Suppose that we have the following sutuation:
+ Suppose that we have the following situation:We want systems in the 192.168.1.0/24 sub-network to be able to
communicate with systems in the 10.0.0.0/8 network. We assume that on both
- systems A and B, eth0 is the internet interface.
+ systems A and B, eth0 is the Internet interface.To make this work, we need to do two things:
@@ -301,7 +301,7 @@ net ipv4
Remember the assumption that both systems A and B have eth0 as their
- internet interface.
+ Internet interface.You must define the vpn zone using the
/etc/shorewall/hosts file. The hosts file entries
@@ -448,11 +448,11 @@ sainfo address 192.168.1.0/24 any address 134.28.54.2/32 any
}
- If you have hosts that access the internet through an IPSEC
+ If you have hosts that access the Internet through an IPSEC
tunnel, then it is a good idea to set the MSS value for traffic from
those hosts explicitly in the
/etc/shorewall/zones file. For example, if hosts
- in the sec zone access the internet
+ in the sec zone access the Internet
through an ESP tunnel then the following entry would be
appropriate:
@@ -605,7 +605,7 @@ spdflush;
On the mobile system (system B), it is not possible to create a
static IPSEC configuration because the IP address of the laptop's
- internet connection isn't static. I have created an 'ipsecvpn' script
+ Internet connection isn't static. I have created an 'ipsecvpn' script
and included in the tarball and in the RPM's documentation directory;
this script can be used to start and stop the connection.
@@ -726,7 +726,7 @@ loc ipv4
Since the L2TP will require the use of pppd, you will end up with
one or more ppp interfaces (each representing an individual road warrior
connection) for which you will need to account. This can be done by
- modifying the inerfaces file. (Modify with additional options as
+ modifying the interfaces file. (Modify with additional options as
needed.)
diff --git a/docs/IPSEC.xml b/docs/IPSEC.xml
index 5600ea637..c50c0f792 100644
--- a/docs/IPSEC.xml
+++ b/docs/IPSEC.xml
@@ -105,13 +105,13 @@ conn packetdefault
IPSec Gateway on the Firewall System
- Suppose that we have the following sutuation:
+ Suppose that we have the following situation:We want systems in the 192.168.1.0/24 sub-network to be able to
communicate with systems in the 10.0.0.0/8 network. We assume that on both
- systems A and B, eth0 is the internet interface.
+ systems A and B, eth0 is the Internet interface.
To make this work, we need to do two things:
@@ -177,7 +177,7 @@ vpn ipsec0
/etc/shorewall/zones.Remember the assumption that both systems A and B have eth0 as
- their internet interface.
+ their Internet interface.You must define the vpn zone using the /etc/shorewall/hosts
file.
@@ -193,7 +193,7 @@ vpn eth0:10.0.0.0/8
vpn eth0:192.168.1.0/24
In addition, if you are using Masquerading
- or SNAT on your firewalls, you need to elmiinate the remote
+ or SNAT on your firewalls, you need to eliminate the remote
network from Masquerade/SNAT. These entries replace your current masquerade/SNAT entries for
the local networks.
@@ -229,7 +229,7 @@ vpn loc ACCEPT
Shorewall can be used in a VPN Hub environment where multiple remote
networks are connected to a gateway running Shorewall. This environment is
- shown in this diatram.
+ shown in this diagram.
@@ -425,7 +425,7 @@ ipsec net 0.0.0.0/0 vpn1,vpn2,vpn3
Shorewall will issue warnings to that effect. These warnings may be safely
ignored. FreeS/Wan may now be configured to have three different Road
Warrior connections with the choice of connection being based on X-509
- certificates or some other means. Each of these connectioins will utilize
+ certificates or some other means. Each of these connections will utilize
a different updown script that adds the remote station to the appropriate
zone when the connection comes up and that deletes the remote station when
the connection comes down. For example, when 134.28.54.2 connects for the
diff --git a/docs/Install.xml b/docs/Install.xml
index e53191248..1f984a7ba 100644
--- a/docs/Install.xml
+++ b/docs/Install.xml
@@ -38,7 +38,7 @@
This article applies to Shorewall 3.0 and
- later. If you are installing or upgradeing to a version of Shorewall
+ later. If you are installing or upgrading to a version of Shorewall
earlier than Shorewall 3.0.0 then please see the documentation for that
release.
@@ -490,12 +490,12 @@ tar -jxf shorewall-shell-4.0.0.tar.bz2 (if you use this compiler)
It's *VERY* simple...just put in a new CD and reboot! :-)
Actually, I'm only slightly kidding...that's exactly how I upgrade my
- prodution firewalls. The partial backup feature I added to Dachstein
- allows configuration data to be stored seperately from the rest of the
+ production firewalls. The partial backup feature I added to Dachstein
+ allows configuration data to be stored separately from the rest of the
package.
- Once the config data is seperated from the rest of the package,
- it's an easy matter to upgrade the pacakge while keeping your current
+ Once the config data is separated from the rest of the package,
+ it's an easy matter to upgrade the package while keeping your current
configuration (in my case, just inserting a new CD and
re-booting).
@@ -521,7 +521,7 @@ tar -jxf shorewall-shell-4.0.0.tar.bz2 (if you use this compiler)
Make sure you have a working copy of your existing firewall
- ('OLD') in a safe place, that you *DO NOT* use durring this process.
+ ('OLD') in a safe place, that you *DO NOT* use during this process.
That way, if anything goes wrong you can simply reboot off the OLD
disk to get back to a working configuration.
@@ -593,7 +593,7 @@ tar -xzvf /mnt/package2.lrp
<package>.list file that resides in /etc or /var/lib/lrpkg is
part of the configuration data and is used to create the partial
backup. If shorewall puts anything in /etc that isn't a user modified
- configuration file, a proper shorwall.local file should be created
+ configuration file, a proper shorewall.local file should be created
prior to making the partial backup [Editor's
note: Shorewall places only user-modifiable files in
/etc].
diff --git a/docs/Introduction.xml b/docs/Introduction.xml
index f5ad190f1..2e20aa1d0 100644
--- a/docs/Introduction.xml
+++ b/docs/Introduction.xml
@@ -65,8 +65,8 @@
iptables-restore - a program included with iptables that
allows for atomic installation of a set of Netfilter rules. This is
- a much more efficient way to install a ruleset than running the
- iptables utility once for each rule in the ruleset.
+ a much more efficient way to install a rule set than running the
+ iptables utility once for each rule in the rule set.
@@ -269,17 +269,17 @@ loc net ACCEPT
net all DROP info
all all REJECT infoIn the three-interface
sample, the line below is included but commented out. If you want your
- firewall system to have full access to servers on the internet, uncomment
+ firewall system to have full access to servers on the Internet, uncomment
that line. #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
$FW net ACCEPT The above policy will:
Allow all connection requests from your local network to the
- internet
+ Internet
- Drop (ignore) all connection requests from the internet to
+ Drop (ignore) all connection requests from the Internet to
your firewall or local networks; these ignored connection requests
will be logged using the info syslog priority
(log level).
@@ -287,7 +287,7 @@ $FW net ACCEPT The above policy will:
Optionally accept all connection requests from the firewall to
- the internet (if you uncomment the additional policy)
+ the Internet (if you uncomment the additional policy)
@@ -298,8 +298,8 @@ $FW net ACCEPT The above policy will:
To illustrate how rules provide exceptions to policies, suppose that
- you have the polcies listed above but you want to be able to connect to
- your firewall from the internet using Secure Shell (SSH). Recall that SSH
+ you have the polices listed above but you want to be able to connect to
+ your firewall from the Internet using Secure Shell (SSH). Recall that SSH
connects uses TCP port 22.#ACTION SOURCE DEST PROTO DEST
@@ -307,7 +307,7 @@ $FW net ACCEPT The above policy will:
ACCEPT net $FW tcp 22
So although you have a policy of ignoring all connection attempts
- from the net zone (from the internet), the above exception to that policy
+ from the net zone (from the Internet), the above exception to that policy
allows you to connect to the SSH server running on your firewall.Because Shorewall makes no assumptions about what traffic you want
@@ -317,7 +317,7 @@ ACCEPT net $FW tcp 22
The QuickStart
- guildes point to pre-populated files for use in common setups
+ guides point to pre-populated files for use in common setups
and the Shorewall Setup
Guide shows you examples for use with other more complex
setups.
@@ -377,7 +377,7 @@ ACCEPT net $FW tcp 22
highly portable to those Unix-like platforms that support Perl
(including Cygwin) and is the compiler of choice for new Shorewall
installations. Scripts created using Shorewall-perl use
- iptables-restore to install the generated Netfilter ruleset.
+ iptables-restore to install the generated Netfilter rule set.
diff --git a/docs/KVM.xml b/docs/KVM.xml
index a096f8258..8aa3620dd 100644
--- a/docs/KVM.xml
+++ b/docs/KVM.xml
@@ -53,10 +53,10 @@
My personal laptop (Ursa) hosts the virtual machines. As shown in
- the diagram, Ursa has routes to the internet through both the
+ the diagram, Ursa has routes to the Internet through both the
Linksys WRT300N and through my Shorewall firewall.
This allows me to test the Shorewall Multi-ISP
- feature, even though I only have a single internet
+ feature, even though I only have a single Internet
connectionThe Linux Bridges shown in the diagram are, of course, actually
diff --git a/docs/MAC_Validation.xml b/docs/MAC_Validation.xml
index d8054ecfe..b0a2ffe1c 100644
--- a/docs/MAC_Validation.xml
+++ b/docs/MAC_Validation.xml
@@ -41,7 +41,7 @@
MAC addresses are only visible within an
- ethernet segment so all MAC addresses used in verification must belong to
+ Ethernet segment so all MAC addresses used in verification must belong to
devices physically connected to one of the LANs to which your firewall is
connected.
@@ -175,7 +175,7 @@
INTERFACE
- The name of an ethernet interface on the Shorewall
+ The name of an Ethernet interface on the Shorewall
system.
@@ -184,7 +184,7 @@
MAC
- The MAC address of a device on the ethernet segment connected
+ The MAC address of a device on the Ethernet segment connected
by INTERFACE. It is not necessary to use the Shorewall MAC format in
this column although you may use that format if you so choose.
Beginning with Shorewall 3.1, you may specify "-" here if you enter
diff --git a/docs/Manpages.xml b/docs/Manpages.xml
index a935ee98b..82a1e6e24 100644
--- a/docs/Manpages.xml
+++ b/docs/Manpages.xml
@@ -105,7 +105,7 @@
providers - Define
- routing tables, usually for mutliple internet links.
+ routing tables, usually for multiple Internet links.
proxyarp
- Define Proxy ARP.
diff --git a/docs/Modularization.xml b/docs/Modularization.xml
index 6d20e14b9..52ca063a1 100644
--- a/docs/Modularization.xml
+++ b/docs/Modularization.xml
@@ -90,7 +90,7 @@
Optional libraries are loaded upon demand based on the user's
configuration.
- In Shorewall 3.4, the optional librares are as follows.
+ In Shorewall 3.4, the optional libraries are as follows.
diff --git a/docs/MultiISP.xml b/docs/MultiISP.xml
index b5992b29e..d685bcb5b 100644
--- a/docs/MultiISP.xml
+++ b/docs/MultiISP.xml
@@ -75,7 +75,7 @@
Multiple Internet Connection SupportBeginning with Shorewall 2.3.2, limited support is included for
- multiple internet connections. Limitations of this support are as
+ multiple Internet connections. Limitations of this support are as
follows:
@@ -110,7 +110,7 @@
OverviewLet's assume that a firewall is connected via two separate
- ethernet interfaces to two different ISPs as in the following
+ Ethernet interfaces to two different ISPs as in the following
diagram.
@@ -148,7 +148,7 @@
When you use the track option in
/etc/shorewall/providers, connections from the
- internet are automatically routed back out of the correct interface and
+ Internet are automatically routed back out of the correct interface and
through the correct ISP gateway. This works whether the connection is
handled by the firewall itself or if it is routed or port-forwarded to a
system behind the firewall.
@@ -304,7 +304,7 @@
be tracked so that responses may be routed back out this
same interface.
- You want to specify 'track' if internet hosts will be
+ You want to specify 'track' if Internet hosts will be
connecting to local servers through this provider. Any time
that you specify 'track', you will also want to specify
'balance' (see below).
@@ -338,7 +338,7 @@
If you are using
/etc/shorewall/providers because you
- have multiple internet connections, we recommend that you
+ have multiple Internet connections, we recommend that you
specify 'track' even if you don't need it. It helps
maintain long-term connections in which there are
significant periods with no traffic.
@@ -367,7 +367,7 @@
If you are using
/etc/shorewall/providers because you
- have multiple internet connections, we recommend that you
+ have multiple Internet connections, we recommend that you
specify 'balance' even if you don't need it. You can still
use entries in /etc/shorewall/tcrules
to force all traffic to one provider or another.
@@ -464,7 +464,7 @@
- For those of you who are termnally confused betweenFor those of you who are terminally confused between track and balance:
@@ -494,7 +494,7 @@
Shorewall copies all routes through the interface specified in the
INTERFACE column plus the interfaces listed in this column.
Normally, you will list all interfaces on your firewall in this
- column except those internet interfaces specified in the INTERFACE
+ column except those Internet interfaces specified in the INTERFACE
column of entries in this file.
@@ -532,7 +532,7 @@
and any interfaces that do not have an IPv4 configuration. You should
also omit interfaces like tun
interfaces that are created dynamically. Traffic to networks handled by
- those intefaces should be routed through the main table using entries in
+ those interfaces should be routed through the main table using entries in
/etc/shorewall/route_rules (see Example 2 below).
@@ -608,7 +608,7 @@
MartiansOne problem that often arises with Multi-ISP configuration is
- 'Martians'. If your internet interfaces are configured with the
+ 'Martians'. If your Internet interfaces are configured with the
routefilter option in
/etc/shorewall/interfaces (remember that if you set
that option, you should also select Note that because we used a priority of 1000, the
OpenVPN (routed setup w/tunX) in combination with multiple providers.
In this case you have to set up a rule to ensure that the OpenVPN
traffic is routed back through the tunX interface(s) rather than
- through any of the providers. 10.8.0.0/24 is the subnet choosen in
+ through any of the providers. 10.8.0.0/24 is the subnet chosen in
your OpenVPN configuration (server 10.8.0.0 255.255.255.0).#SOURCE DEST PROVIDER PRIORITY
@@ -981,7 +981,7 @@ gateway:~ #Note that because we used a priority of 1000, the
- Only ethernet (or ethernet-like) interfaces can be used. For
+ Only Ethernet (or Ethernet-like) interfaces can be used. For
inbound traffic, the MAC addresses of the gateway routers are used
to determine which provider a packet was received through. Note that
only routed traffic can be categorized using this technique.
@@ -1129,4 +1129,4 @@ linksys 1 1 - wlan0 172.20.1.1 track,balance=1,optional
shorewall 2 2 - eth0 192.168.1.254 track,balance=2,optional/etc/shorewall/rules:#SOURCE DEST PROVIDER PRIORITY
- - shorewall 11999
-
\ No newline at end of file
+
diff --git a/docs/Multiple_Zones.xml b/docs/Multiple_Zones.xml
index aad71012e..b3b6c79d6 100644
--- a/docs/Multiple_Zones.xml
+++ b/docs/Multiple_Zones.xml
@@ -90,7 +90,7 @@
The order of entries in /etc/shorewall/hosts is immaterial as
- far as the generated ruleset is concerned.
+ far as the generated rule set is concerned.
@@ -125,7 +125,7 @@
- The firewall requirements to/from the internet are the same
+ The firewall requirements to/from the Internet are the same
for 192.168.1.0/24 and 192.168.2.0/24.
@@ -180,7 +180,7 @@
Nested ZonesYou can define one zone (called it loc) as being
- all hosts connectied to eth1 and a second zone loc1
+ all hosts connected to eth1 and a second zone loc1
(192.168.2.0/24) as a sub-zone.
@@ -190,7 +190,7 @@
connection request doesn't match a loc1 rule, it will
be matched against the loc rules. For example, if your
loc1->net policy is CONTINUE then if a connection request from loc1
- to the internet doesn't match any rules for loc1->net then it will
+ to the Internet doesn't match any rules for loc1->net then it will
be checked against the loc->net rules.
/etc/shorewall/zones
@@ -302,7 +302,7 @@ loc1 loc NONE
Nested zones may also be used to configure a
one-armed router (I don't call it a firewall
- because it is very insecure. For example, if you connect to the internet
+ because it is very insecure. For example, if you connect to the Internet
via cable modem, your next door neighbor has full access to your local
systems as does everyone else connected to the same cable modem head-end
controller). Here eth0 is configured with both a public IP address and an