mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-08 22:58:50 +01:00
Link the Shorewall-perl article from the FAQ
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5864 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
6363ba8621
commit
d27cda8c49
12
docs/FAQ.xml
12
docs/FAQ.xml
@ -1666,10 +1666,10 @@ Creating input Chains...
|
||||
will revert to the old configuration stored in
|
||||
<filename>/var/lib/shorewall/restore</filename>.</para>
|
||||
|
||||
<para>Finally, the time that new connections are blocked during
|
||||
shorewall restart can be dramatically reduced by upgrading to Shorewall
|
||||
3.2 or later. In 3.2 and later releases, <command>shorewall
|
||||
[re]start</command> proceeds in two phases:</para>
|
||||
<para>The time that new connections are blocked during shorewall restart
|
||||
can be dramatically reduced by upgrading to Shorewall 3.2 or later. In
|
||||
3.2 and later releases, <command>shorewall [re]start</command> proceeds
|
||||
in two phases:</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
@ -1683,6 +1683,10 @@ Creating input Chains...
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>Finally, if you are adventuresome, you can try <ulink
|
||||
url="Shorewall-perl.html">Shorewall-perl</ulink>, the new Shorewall
|
||||
compiler currently under development. It is very fast.</para>
|
||||
|
||||
<para>For additional information about Shorewall Scalability and
|
||||
Performance, see <ulink url="ScalabilityAndPerformance.html">this
|
||||
article</ulink>.</para>
|
||||
|
@ -38,7 +38,7 @@
|
||||
<title>Shorewall-perl - What is it?</title>
|
||||
|
||||
<para>Shorewall-perl is a companion product to Shorewall. It requires
|
||||
Shorewall 3.4.2 or later. </para>
|
||||
Shorewall 3.4.2 or later.</para>
|
||||
|
||||
<para>Shorewall-perl contains a re-implementation of the Shorewall
|
||||
compiler written in Perl. The advantages of using Shorewall-perl are over
|
||||
@ -62,6 +62,12 @@
|
||||
configuration than the Shorewall-shell compiler does.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>The error messages produced by the compiler are better, more
|
||||
consistent and always include the file name and line number where the
|
||||
error was detected.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Going forward, the Shorewall-perl compiler will get all
|
||||
enhancements; the Shorewall-shell compiler will only get those
|
||||
@ -124,7 +130,7 @@
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para> Because the compiler is now written in Perl, your
|
||||
<para>Because the compiler is now written in Perl, your
|
||||
compile-time extension scripts from earlier versions will no
|
||||
longer work. For now, if you want to use extension scripts, you
|
||||
will need to read the Perl code to see how the compiler operates
|
||||
@ -193,7 +199,7 @@
|
||||
by the Perl-based Compiler, the Netfilter ruleset is never
|
||||
cleared. That means that there is no opportunity for Shorewall to
|
||||
load/reload your ipsets since that cannot be done while there are
|
||||
any current rules using ipsets. </para>
|
||||
any current rules using ipsets.</para>
|
||||
|
||||
<para>So:</para>
|
||||
|
||||
@ -239,7 +245,7 @@ fi</programlisting>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para> Because the configuration files (with the exception of
|
||||
<para>Because the configuration files (with the exception of
|
||||
<filename>/etc/shorewall/params</filename>) are now processed by
|
||||
the Shorewall-perl compiler rather than by the shell, only the
|
||||
basic forms of Shell expansion ($variable and ${variable}) are
|
||||
@ -307,7 +313,7 @@ fi</programlisting>
|
||||
<caution>
|
||||
<para>Shorewall-perl is still part of the <ulink
|
||||
url="ReleaseModel.html">current development release</ulink>. Use it at
|
||||
your own risk. </para>
|
||||
your own risk.</para>
|
||||
</caution>
|
||||
|
||||
<para>Either</para>
|
||||
|
@ -187,11 +187,11 @@
|
||||
that boots Xen in Dom0.</para>
|
||||
|
||||
<blockquote>
|
||||
<programlisting>title XEN
|
||||
root (hd0,1)
|
||||
kernel /boot/xen.gz Dom0_mem=458752 sched=bvt
|
||||
module /boot/vmlinuz-xen root=/dev/hda2 vga=0x31a selinux=0 resume=/dev/hda1 splash=silent showopts
|
||||
module /boot/initrd-xen</programlisting>
|
||||
<programlisting>title Kernel-2.6.18.8-0.1-xen
|
||||
root (hd0,5)
|
||||
kernel /boot/xen.gz
|
||||
module /boot/vmlinuz-2.6.18.8-0.1-xen root=/dev/sda6 vga=0x31a resume=/dev/sda5 splash=silent showopts
|
||||
module /boot/initrd-2.6.18.8-0.1-xen</programlisting>
|
||||
</blockquote>
|
||||
|
||||
<para><filename>/etc/modprobe.conf.local</filename> (This may need to
|
||||
@ -208,29 +208,19 @@
|
||||
automatically by Xen's <emphasis>xendomains</emphasis> service.</para>
|
||||
|
||||
<blockquote>
|
||||
<programlisting># -*- mode: python; -*-
|
||||
|
||||
# configuration name:
|
||||
name = "lists"
|
||||
|
||||
# usable ram:
|
||||
memory = 512
|
||||
|
||||
# kernel and initrd:
|
||||
kernel = "/xen2/vmlinuz-xen"
|
||||
ramdisk = "/xen2/initrd-xen"
|
||||
|
||||
# boot device:
|
||||
root = "/dev/hda3"
|
||||
|
||||
# boot to run level:
|
||||
extra = "3"
|
||||
|
||||
# network interface:
|
||||
vif = [ 'mac=aa:cc:00:00:00:01, <emphasis role="bold">ip=206.124.146.177, vifname=eth3</emphasis>' ]
|
||||
|
||||
# storage devices:
|
||||
disk = [ 'phy:hda3,hda3,w' ]</programlisting>
|
||||
<programlisting>disk = [ 'phy:/dev/sda9,hda,w', 'phy:/dev/hda,hdb,r' ]
|
||||
memory = 512
|
||||
vcpus = 1
|
||||
builder = 'linux'
|
||||
name = 'server'
|
||||
vif = [ 'mac=00:16:3e:b1:d7:90, <emphasis role="bold">ip=206.124.146.177, vifname=eth3</emphasis>' ]
|
||||
localtime = 0
|
||||
on_poweroff = 'destroy'
|
||||
on_reboot = 'restart'
|
||||
on_crash = 'restart'
|
||||
extra = ' TERM=xterm'
|
||||
bootloader = '/usr/lib/xen/boot/domUloader.py'
|
||||
bootentry = 'hda2:/boot/vmlinuz-xen,/boot/initrd-xen'</programlisting>
|
||||
|
||||
<para>Note that the vifname is set to 'eth3' for the virtual
|
||||
interface to this DomU. This will cause the Dom0 interface to the
|
||||
@ -293,32 +283,22 @@ gateway:~ #</programlisting>
|
||||
<note>
|
||||
<para>I have been asked a couple of times "How would I add another
|
||||
domU to the DMZ?" Here is a sample config file to add a second domU
|
||||
named "server", boot device <filename>/dev/hdb1</filename> and IP
|
||||
named "server", boot device <filename>/dev/sda10</filename> and IP
|
||||
address 206.124.146.179:</para>
|
||||
|
||||
<programlisting># -*- mode: python; -*-
|
||||
|
||||
# configuration name:
|
||||
name = "server"
|
||||
|
||||
# usable ram:
|
||||
memory = 512
|
||||
|
||||
# kernel and initrd:
|
||||
kernel = "/xen2/vmlinuz-xen"
|
||||
ramdisk = "/xen2/initrd-xen"
|
||||
|
||||
# boot device:
|
||||
root = "/dev/hdb1"
|
||||
|
||||
# boot to run level:
|
||||
extra = "3"
|
||||
|
||||
# network interface:
|
||||
vif = [ 'mac=aa:cc:00:00:00:02, <emphasis role="bold">ip=206.124.146.179, vifname=eth4</emphasis>' ]
|
||||
|
||||
# storage devices:
|
||||
disk = [ 'phy:hdb1,hdb1,w' ]</programlisting>
|
||||
<programlisting>disk = [ 'phy:/dev/sda10,hda,w', 'phy:/dev/hda,hdb,r' ]
|
||||
memory = 512
|
||||
vcpus = 1
|
||||
builder = 'linux'
|
||||
name = 'server'
|
||||
vif = [ 'mac=aa:cc:00:00:00:02, <emphasis role="bold">ip=206.124.146.179, vifname=eth4</emphasis>' ]
|
||||
localtime = 0
|
||||
on_poweroff = 'destroy'
|
||||
on_reboot = 'restart'
|
||||
on_crash = 'restart'
|
||||
extra = ' TERM=xterm'
|
||||
bootloader = '/usr/lib/xen/boot/domUloader.py'
|
||||
bootentry = 'hda2:/boot/vmlinuz-xen,/boot/initrd-xen'</programlisting>
|
||||
|
||||
<para>Note that this domU has its own vif named <filename
|
||||
class="devicefile">eth4</filename>.</para>
|
||||
|
Loading…
Reference in New Issue
Block a user