Link the Shorewall-perl article from the FAQ

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5864 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-04-08 18:51:50 +00:00
parent 6363ba8621
commit d27cda8c49
3 changed files with 51 additions and 61 deletions

View File

@ -1666,10 +1666,10 @@ Creating input Chains...
will revert to the old configuration stored in
<filename>/var/lib/shorewall/restore</filename>.</para>
<para>Finally, the time that new connections are blocked during
shorewall restart can be dramatically reduced by upgrading to Shorewall
3.2 or later. In 3.2 and later releases, <command>shorewall
[re]start</command> proceeds in two phases:</para>
<para>The time that new connections are blocked during shorewall restart
can be dramatically reduced by upgrading to Shorewall 3.2 or later. In
3.2 and later releases, <command>shorewall [re]start</command> proceeds
in two phases:</para>
<orderedlist>
<listitem>
@ -1683,6 +1683,10 @@ Creating input Chains...
</listitem>
</orderedlist>
<para>Finally, if you are adventuresome, you can try <ulink
url="Shorewall-perl.html">Shorewall-perl</ulink>, the new Shorewall
compiler currently under development. It is very fast.</para>
<para>For additional information about Shorewall Scalability and
Performance, see <ulink url="ScalabilityAndPerformance.html">this
article</ulink>.</para>

View File

@ -38,7 +38,7 @@
<title>Shorewall-perl - What is it?</title>
<para>Shorewall-perl is a companion product to Shorewall. It requires
Shorewall 3.4.2 or later. </para>
Shorewall 3.4.2 or later.</para>
<para>Shorewall-perl contains a re-implementation of the Shorewall
compiler written in Perl. The advantages of using Shorewall-perl are over
@ -62,6 +62,12 @@
configuration than the Shorewall-shell compiler does.</para>
</listitem>
<listitem>
<para>The error messages produced by the compiler are better, more
consistent and always include the file name and line number where the
error was detected.</para>
</listitem>
<listitem>
<para>Going forward, the Shorewall-perl compiler will get all
enhancements; the Shorewall-shell compiler will only get those
@ -124,7 +130,7 @@
</listitem>
<listitem>
<para> Because the compiler is now written in Perl, your
<para>Because the compiler is now written in Perl, your
compile-time extension scripts from earlier versions will no
longer work. For now, if you want to use extension scripts, you
will need to read the Perl code to see how the compiler operates
@ -193,7 +199,7 @@
by the Perl-based Compiler, the Netfilter ruleset is never
cleared. That means that there is no opportunity for Shorewall to
load/reload your ipsets since that cannot be done while there are
any current rules using ipsets. </para>
any current rules using ipsets.</para>
<para>So:</para>
@ -239,7 +245,7 @@ fi</programlisting>
</listitem>
<listitem>
<para> Because the configuration files (with the exception of
<para>Because the configuration files (with the exception of
<filename>/etc/shorewall/params</filename>) are now processed by
the Shorewall-perl compiler rather than by the shell, only the
basic forms of Shell expansion ($variable and ${variable}) are
@ -307,7 +313,7 @@ fi</programlisting>
<caution>
<para>Shorewall-perl is still part of the <ulink
url="ReleaseModel.html">current development release</ulink>. Use it at
your own risk. </para>
your own risk.</para>
</caution>
<para>Either</para>

View File

@ -187,11 +187,11 @@
that boots Xen in Dom0.</para>
<blockquote>
<programlisting>title XEN
root (hd0,1)
kernel /boot/xen.gz Dom0_mem=458752 sched=bvt
module /boot/vmlinuz-xen root=/dev/hda2 vga=0x31a selinux=0 resume=/dev/hda1 splash=silent showopts
module /boot/initrd-xen</programlisting>
<programlisting>title Kernel-2.6.18.8-0.1-xen
root (hd0,5)
kernel /boot/xen.gz
module /boot/vmlinuz-2.6.18.8-0.1-xen root=/dev/sda6 vga=0x31a resume=/dev/sda5 splash=silent showopts
module /boot/initrd-2.6.18.8-0.1-xen</programlisting>
</blockquote>
<para><filename>/etc/modprobe.conf.local</filename> (This may need to
@ -208,29 +208,19 @@
automatically by Xen's <emphasis>xendomains</emphasis> service.</para>
<blockquote>
<programlisting># -*- mode: python; -*-
# configuration name:
name = "lists"
# usable ram:
memory = 512
# kernel and initrd:
kernel = "/xen2/vmlinuz-xen"
ramdisk = "/xen2/initrd-xen"
# boot device:
root = "/dev/hda3"
# boot to run level:
extra = "3"
# network interface:
vif = [ 'mac=aa:cc:00:00:00:01, <emphasis role="bold">ip=206.124.146.177, vifname=eth3</emphasis>' ]
# storage devices:
disk = [ 'phy:hda3,hda3,w' ]</programlisting>
<programlisting>disk = [ 'phy:/dev/sda9,hda,w', 'phy:/dev/hda,hdb,r' ]
memory = 512
vcpus = 1
builder = 'linux'
name = 'server'
vif = [ 'mac=00:16:3e:b1:d7:90, <emphasis role="bold">ip=206.124.146.177, vifname=eth3</emphasis>' ]
localtime = 0
on_poweroff = 'destroy'
on_reboot = 'restart'
on_crash = 'restart'
extra = ' TERM=xterm'
bootloader = '/usr/lib/xen/boot/domUloader.py'
bootentry = 'hda2:/boot/vmlinuz-xen,/boot/initrd-xen'</programlisting>
<para>Note that the vifname is set to 'eth3' for the virtual
interface to this DomU. This will cause the Dom0 interface to the
@ -293,32 +283,22 @@ gateway:~ #</programlisting>
<note>
<para>I have been asked a couple of times "How would I add another
domU to the DMZ?" Here is a sample config file to add a second domU
named "server", boot device <filename>/dev/hdb1</filename> and IP
named "server", boot device <filename>/dev/sda10</filename> and IP
address 206.124.146.179:</para>
<programlisting># -*- mode: python; -*-
# configuration name:
name = "server"
# usable ram:
memory = 512
# kernel and initrd:
kernel = "/xen2/vmlinuz-xen"
ramdisk = "/xen2/initrd-xen"
# boot device:
root = "/dev/hdb1"
# boot to run level:
extra = "3"
# network interface:
vif = [ 'mac=aa:cc:00:00:00:02, <emphasis role="bold">ip=206.124.146.179, vifname=eth4</emphasis>' ]
# storage devices:
disk = [ 'phy:hdb1,hdb1,w' ]</programlisting>
<programlisting>disk = [ 'phy:/dev/sda10,hda,w', 'phy:/dev/hda,hdb,r' ]
memory = 512
vcpus = 1
builder = 'linux'
name = 'server'
vif = [ 'mac=aa:cc:00:00:00:02, <emphasis role="bold">ip=206.124.146.179, vifname=eth4</emphasis>' ]
localtime = 0
on_poweroff = 'destroy'
on_reboot = 'restart'
on_crash = 'restart'
extra = ' TERM=xterm'
bootloader = '/usr/lib/xen/boot/domUloader.py'
bootentry = 'hda2:/boot/vmlinuz-xen,/boot/initrd-xen'</programlisting>
<para>Note that this domU has its own vif named <filename
class="devicefile">eth4</filename>.</para>