extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-25 12:13:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update standalone article for 5.0

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-02-19 09:51:16 -08:00
parent 60f319a718
commit b95a15631c
1 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
docs/standalone.xml
View File

@ -277,7 +277,7 @@ net ipv4</programlisting>
<para>The <filename>/etc/shorewall/policy</filename> file included with <para>The <filename>/etc/shorewall/policy</filename> file included with
the one-interface sample has the following policies:</para> the one-interface sample has the following policies:</para>
<programlisting>#SOURCE ZONE DESTINATION ZONE POLICY LOG LEVEL LIMIT:BURST <programlisting>#SOURCE DEST POLICY LOGLEVEL LIMIT
$FW net ACCEPT $FW net ACCEPT
net all DROP info net all DROP info
all all REJECT info</programlisting> all all REJECT info</programlisting>
@ -517,20 +517,19 @@ root@lists:~# </programlisting>
<filename>/usr/share/shorewall/macro.*</filename>, the general format of a <filename>/usr/share/shorewall/macro.*</filename>, the general format of a
rule in <filename>/etc/shorewall/rules</filename> is:</para> rule in <filename>/etc/shorewall/rules</filename> is:</para>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S) <programlisting>#ACTION SOURCE DEST PROTO DPORT
&lt;<emphasis>macro</emphasis>&gt;(ACCEPT) net $FW</programlisting> &lt;<emphasis>macro</emphasis>&gt;(ACCEPT) net $FW</programlisting>
<important> <important>
<para>Be sure to add your rules after the line that reads <emphasis <para>Be sure to add your rules after the line that reads <emphasis
role="bold">SECTION NEW</emphasis> (?SECTION NEW in Shorewall 4.6.0 and role="bold">?SECTION NEW</emphasis>.</para>
later).</para>
</important> </important>
<example id="Example1"> <example id="Example1">
<title>You want to run a Web Server and a IMAP Server on your firewall <title>You want to run a Web Server and a IMAP Server on your firewall
system:</title> system:</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S) <programlisting>#ACTION SOURCE DEST PROTO DPORT
Web(ACCEPT) net $FW Web(ACCEPT) net $FW
IMAP(ACCEPT)net $FW</programlisting> IMAP(ACCEPT)net $FW</programlisting>
</example> </example>
@ -546,14 +545,14 @@ IMAP(ACCEPT)net $FW</programlisting>
a pre-defined macro that meets your requirements. In that case the general a pre-defined macro that meets your requirements. In that case the general
format of a rule in <filename>/etc/shorewall/rules</filename> is:</para> format of a rule in <filename>/etc/shorewall/rules</filename> is:</para>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S) <programlisting>#ACTION SOURCE DEST PROTO DPORT
ACCEPT net $FW <emphasis>&lt;protocol&gt;</emphasis> <emphasis>&lt;port&gt;</emphasis></programlisting> ACCEPT net $FW <emphasis>&lt;protocol&gt;</emphasis> <emphasis>&lt;port&gt;</emphasis></programlisting>
<example id="Example2"> <example id="Example2">
<title>You want to run a Web Server and a IMAP Server on your firewall <title>You want to run a Web Server and a IMAP Server on your firewall
system:</title> system:</title>
<para><programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S) <para><programlisting>#ACTION SOURCE DEST PROTO DPORT
ACCEPT net $FW tcp 80 ACCEPT net $FW tcp 80
ACCEPT net $FW tcp 143</programlisting></para> ACCEPT net $FW tcp 143</programlisting></para>
</example> </example>
@ -566,7 +565,7 @@ ACCEPT net $FW tcp 143</programlisting></para>
uses clear text (even for login!). If you want shell access to your uses clear text (even for login!). If you want shell access to your
firewall from the Internet, use <acronym>SSH</acronym>:</para> firewall from the Internet, use <acronym>SSH</acronym>:</para>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S) <programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
SSH(ACCEPT) net $FW </programlisting> SSH(ACCEPT) net $FW </programlisting>
</important> </important>
@ -615,7 +614,7 @@ SSH(ACCEPT) net $FW </programlisting>
(<filename><ulink (<filename><ulink
url="manpages/shorewall-routestopped.html">/etc/shorewall/routestopped</ulink></filename> url="manpages/shorewall-routestopped.html">/etc/shorewall/routestopped</ulink></filename>
in Shorewall 4.5.7 and earlier). A running firewall may be restarted using in Shorewall 4.5.7 and earlier). A running firewall may be restarted using
the <quote><command>shorewall restart</command></quote> command. If you the <quote><command>shorewall reload</command></quote> command. If you
want to totally remove any trace of Shorewall from your Netfilter want to totally remove any trace of Shorewall from your Netfilter
configuration, use <quote><command>shorewall configuration, use <quote><command>shorewall
clear</command></quote>.</para> clear</command></quote>.</para>
@ -639,7 +638,7 @@ SSH(ACCEPT) net $FW </programlisting>
</orderedlist> </orderedlist>
<para>Also, I don't recommend using <quote><command>shorewall <para>Also, I don't recommend using <quote><command>shorewall
restart</command></quote>; it is better to create an <emphasis><ulink reload</command></quote>; it is better to create an <emphasis><ulink
url="configuration_file_basics.htm#Configs">alternate url="configuration_file_basics.htm#Configs">alternate
configuration</ulink></emphasis> and test it using the <ulink configuration</ulink></emphasis> and test it using the <ulink
url="starting_and_stopping_shorewall.htm"><quote><command>shorewall url="starting_and_stopping_shorewall.htm"><quote><command>shorewall