From d27cda8c496e45e47627c0c66d4221dbc9cf997b Mon Sep 17 00:00:00 2001 From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb> Date: Sun, 8 Apr 2007 18:51:50 +0000 Subject: [PATCH] Link the Shorewall-perl article from the FAQ git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5864 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/FAQ.xml | 12 ++++-- docs/Shorewall-perl.xml | 16 +++++--- docs/XenMyWay-Routed.xml | 84 +++++++++++++++------------------------- 3 files changed, 51 insertions(+), 61 deletions(-) diff --git a/docs/FAQ.xml b/docs/FAQ.xml index 92ecc8168..d08ba4e43 100644 --- a/docs/FAQ.xml +++ b/docs/FAQ.xml @@ -1666,10 +1666,10 @@ Creating input Chains... will revert to the old configuration stored in <filename>/var/lib/shorewall/restore</filename>.</para> - <para>Finally, the time that new connections are blocked during - shorewall restart can be dramatically reduced by upgrading to Shorewall - 3.2 or later. In 3.2 and later releases, <command>shorewall - [re]start</command> proceeds in two phases:</para> + <para>The time that new connections are blocked during shorewall restart + can be dramatically reduced by upgrading to Shorewall 3.2 or later. In + 3.2 and later releases, <command>shorewall [re]start</command> proceeds + in two phases:</para> <orderedlist> <listitem> @@ -1683,6 +1683,10 @@ Creating input Chains... </listitem> </orderedlist> + <para>Finally, if you are adventuresome, you can try <ulink + url="Shorewall-perl.html">Shorewall-perl</ulink>, the new Shorewall + compiler currently under development. It is very fast.</para> + <para>For additional information about Shorewall Scalability and Performance, see <ulink url="ScalabilityAndPerformance.html">this article</ulink>.</para> diff --git a/docs/Shorewall-perl.xml b/docs/Shorewall-perl.xml index 33afa347b..02789991e 100644 --- a/docs/Shorewall-perl.xml +++ b/docs/Shorewall-perl.xml @@ -38,7 +38,7 @@ <title>Shorewall-perl - What is it?</title> <para>Shorewall-perl is a companion product to Shorewall. It requires - Shorewall 3.4.2 or later. </para> + Shorewall 3.4.2 or later.</para> <para>Shorewall-perl contains a re-implementation of the Shorewall compiler written in Perl. The advantages of using Shorewall-perl are over @@ -62,6 +62,12 @@ configuration than the Shorewall-shell compiler does.</para> </listitem> + <listitem> + <para>The error messages produced by the compiler are better, more + consistent and always include the file name and line number where the + error was detected.</para> + </listitem> + <listitem> <para>Going forward, the Shorewall-perl compiler will get all enhancements; the Shorewall-shell compiler will only get those @@ -124,7 +130,7 @@ </listitem> <listitem> - <para> Because the compiler is now written in Perl, your + <para>Because the compiler is now written in Perl, your compile-time extension scripts from earlier versions will no longer work. For now, if you want to use extension scripts, you will need to read the Perl code to see how the compiler operates @@ -193,7 +199,7 @@ by the Perl-based Compiler, the Netfilter ruleset is never cleared. That means that there is no opportunity for Shorewall to load/reload your ipsets since that cannot be done while there are - any current rules using ipsets. </para> + any current rules using ipsets.</para> <para>So:</para> @@ -239,7 +245,7 @@ fi</programlisting> </listitem> <listitem> - <para> Because the configuration files (with the exception of + <para>Because the configuration files (with the exception of <filename>/etc/shorewall/params</filename>) are now processed by the Shorewall-perl compiler rather than by the shell, only the basic forms of Shell expansion ($variable and ${variable}) are @@ -307,7 +313,7 @@ fi</programlisting> <caution> <para>Shorewall-perl is still part of the <ulink url="ReleaseModel.html">current development release</ulink>. Use it at - your own risk. </para> + your own risk.</para> </caution> <para>Either</para> diff --git a/docs/XenMyWay-Routed.xml b/docs/XenMyWay-Routed.xml index 1dab263f6..a81e4d3a0 100644 --- a/docs/XenMyWay-Routed.xml +++ b/docs/XenMyWay-Routed.xml @@ -187,11 +187,11 @@ that boots Xen in Dom0.</para> <blockquote> - <programlisting>title XEN - root (hd0,1) - kernel /boot/xen.gz Dom0_mem=458752 sched=bvt - module /boot/vmlinuz-xen root=/dev/hda2 vga=0x31a selinux=0 resume=/dev/hda1 splash=silent showopts - module /boot/initrd-xen</programlisting> + <programlisting>title Kernel-2.6.18.8-0.1-xen + root (hd0,5) + kernel /boot/xen.gz + module /boot/vmlinuz-2.6.18.8-0.1-xen root=/dev/sda6 vga=0x31a resume=/dev/sda5 splash=silent showopts + module /boot/initrd-2.6.18.8-0.1-xen</programlisting> </blockquote> <para><filename>/etc/modprobe.conf.local</filename> (This may need to @@ -208,29 +208,19 @@ automatically by Xen's <emphasis>xendomains</emphasis> service.</para> <blockquote> - <programlisting># -*- mode: python; -*- - -# configuration name: -name = "lists" - -# usable ram: -memory = 512 - -# kernel and initrd: -kernel = "/xen2/vmlinuz-xen" -ramdisk = "/xen2/initrd-xen" - -# boot device: -root = "/dev/hda3" - -# boot to run level: -extra = "3" - -# network interface: -vif = [ 'mac=aa:cc:00:00:00:01, <emphasis role="bold">ip=206.124.146.177, vifname=eth3</emphasis>' ] - -# storage devices: -disk = [ 'phy:hda3,hda3,w' ]</programlisting> + <programlisting>disk = [ 'phy:/dev/sda9,hda,w', 'phy:/dev/hda,hdb,r' ] +memory = 512 +vcpus = 1 +builder = 'linux' +name = 'server' +vif = [ 'mac=00:16:3e:b1:d7:90, <emphasis role="bold">ip=206.124.146.177, vifname=eth3</emphasis>' ] +localtime = 0 +on_poweroff = 'destroy' +on_reboot = 'restart' +on_crash = 'restart' +extra = ' TERM=xterm' +bootloader = '/usr/lib/xen/boot/domUloader.py' +bootentry = 'hda2:/boot/vmlinuz-xen,/boot/initrd-xen'</programlisting> <para>Note that the vifname is set to 'eth3' for the virtual interface to this DomU. This will cause the Dom0 interface to the @@ -293,32 +283,22 @@ gateway:~ #</programlisting> <note> <para>I have been asked a couple of times "How would I add another domU to the DMZ?" Here is a sample config file to add a second domU - named "server", boot device <filename>/dev/hdb1</filename> and IP + named "server", boot device <filename>/dev/sda10</filename> and IP address 206.124.146.179:</para> - <programlisting># -*- mode: python; -*- - -# configuration name: -name = "server" - -# usable ram: -memory = 512 - -# kernel and initrd: -kernel = "/xen2/vmlinuz-xen" -ramdisk = "/xen2/initrd-xen" - -# boot device: -root = "/dev/hdb1" - -# boot to run level: -extra = "3" - -# network interface: -vif = [ 'mac=aa:cc:00:00:00:02, <emphasis role="bold">ip=206.124.146.179, vifname=eth4</emphasis>' ] - -# storage devices: -disk = [ 'phy:hdb1,hdb1,w' ]</programlisting> + <programlisting>disk = [ 'phy:/dev/sda10,hda,w', 'phy:/dev/hda,hdb,r' ] +memory = 512 +vcpus = 1 +builder = 'linux' +name = 'server' +vif = [ 'mac=aa:cc:00:00:00:02, <emphasis role="bold">ip=206.124.146.179, vifname=eth4</emphasis>' ] +localtime = 0 +on_poweroff = 'destroy' +on_reboot = 'restart' +on_crash = 'restart' +extra = ' TERM=xterm' +bootloader = '/usr/lib/xen/boot/domUloader.py' +bootentry = 'hda2:/boot/vmlinuz-xen,/boot/initrd-xen'</programlisting> <para>Note that this domU has its own vif named <filename class="devicefile">eth4</filename>.</para>