Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code

This commit is contained in:
Tom Eastep 2015-06-19 10:04:08 -07:00
commit b5ee52e8de
4 changed files with 32 additions and 34 deletions

View File

@ -529,14 +529,12 @@ EOF
emit( ' run_refreshed_exit',
' do_iptables -N shorewall' );
emit ( ' do_iptables -A shorewall -m recent --set --name %CURRENTTIME' ) if have_capability 'RECENT_MATCH';
emit( ' do_iptables -A shorewall -m recent --set --name %CURRENTTIME' ) if have_capability 'RECENT_MATCH';
emit(
" set_state Started $config_dir",
' [ $0 = ${VARDIR}/firewall ] || cp -f $(my_pathname) ${VARDIR}/firewall',
'else',
' setup_netfilter'
);
emit( " set_state Started $config_dir",
' [ $0 = ${VARDIR}/firewall ] || cp -f $(my_pathname) ${VARDIR}/firewall',
'else',
' setup_netfilter' );
push_indent;
emit 'setup_arptables' if $have_arptables;
@ -604,12 +602,12 @@ sub compiler {
sub validate_boolean( $ ) {
my $val = numeric_value( shift );
defined($val) && ($val >= 0) && ($val < 2);
}
}
sub validate_verbosity( $ ) {
my $val = numeric_value( shift );
defined($val) && ($val >= MIN_VERBOSITY) && ($val <= MAX_VERBOSITY);
}
}
sub validate_family( $ ) {
my $val = numeric_value( shift );
@ -852,7 +850,7 @@ sub compiler {
#
setup_tunnels;
#
# Clear the current filename
# Clear the current filename so that the last one processed doesn't appear in error and warning messages
#
clear_currentfilename;
#

View File

@ -67,6 +67,12 @@
<listitem>
<para><ulink url="Universal.html">Universal</ulink> configuration --
requires no configuration to protect a single system.</para>
<caution>
<para>This configuration places all interfaces in the net zone. If you
add another interface or VPN, you will want to select a different
QuickStart Guide.</para>
</caution>
</listitem>
</itemizedlist>
@ -182,7 +188,7 @@
url="configuration_file_basics.htm#Ranges">Port
Ranges</ulink></entry>
<entry></entry>
<entry/>
</row>
</tbody>
</tgroup>

View File

@ -16,7 +16,7 @@
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
<copyright>
<year>2003-2014</year>
<year>2003-2015</year>
<holder>Thomas M. Eastep</holder>
</copyright>
@ -145,18 +145,8 @@
setups, you will only need to deal with a few of them.</para>
<para>Shorewall views the network where it is running as being composed of
a set of <firstterm>zones</firstterm>. In the <ulink
url="three-interface.htm">three-interface sample configuration</ulink> for
example, the following zone names are used:</para>
<programlisting>#NAME DESCRIPTION
fw The firewall itself
net The Internet
loc Your Local Network
dmz Demilitarized Zone</programlisting>
<para>Zones are declared and given a type in the <ulink
url="manpages/shorewall-zones.html"><filename
a set of <firstterm>zones</firstterm>. Zones are declared and given a type
in the <ulink url="manpages/shorewall-zones.html"><filename
class="directory">/etc/shorewall/</filename><filename>zones</filename></ulink>
file.Here is the <ulink url="manpages/shorewall-zones.html"><filename
class="directory">/etc/shorewall/</filename><filename>zones</filename></ulink>
@ -433,8 +423,8 @@ ACCEPT net $FW tcp 22</programlisting>
<listitem>
<para><emphasis role="bold">Shorewall-init</emphasis>. May be
installed with any of the other firewall packages. Allows the firewall
to be close prior to bringing up network interfaces. It can also react
to interface up/down events.</para>
to be closed prior to bringing up network interfaces. It can also
react to interface up/down events.</para>
</listitem>
</orderedlist>
</section>

View File

@ -22,6 +22,8 @@
<year>2009</year>
<year>2015</year>
<holder>Thomas M. Eastep</holder>
</copyright>
@ -97,11 +99,12 @@
<section id="Install">
<title>Shorewall 4.4</title>
<para>Shorewall 4.4 discontinues the availability of the legacy
<para>Shorewall 4.4 discontinued the availability of the legacy
shell-based compiler. All users must migrate to the perl-based compiler
before or during an upgrade to Shorewall version 4.4. We highly recommend
that current users of the shell-based compiler migrate before upgrading to
4.4 so that both compilers are available during the migration.</para>
before or during an upgrade to Shorewall version 4.4 or later. We highly
recommend that current users of the shell-based compiler migrate before
upgrading to 4.4 or later so that both compilers are available during the
migration.</para>
<para>Shorewall 4.4 contains five packages:</para>
@ -161,11 +164,12 @@
<itemizedlist>
<listitem>
<para>Perl (I use Perl 5.8.10 but other 5.8 versions should work
fine). <note>
<para>Perl (I use Perl 5.14.2 but other 5.8 or later versions should
work fine). <note>
<para>If you want to be able to use DNS names in your Shorewall6
configuration files, then Perl 5.10 is required together with the
Perl <emphasis role="bold">Socket6</emphasis> module.</para>
configuration files, then Perl 5.10 or later is required together
with the Perl <emphasis role="bold">Socket6</emphasis>
module.</para>
</note></para>
</listitem>