mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 06:10:42 +01:00
More documentation improvements
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4144 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
75550b44c4
commit
e1db37160b
@ -263,7 +263,8 @@
|
||||
|
||||
<listitem>
|
||||
<para>On the administrative system, for each firewall system you do
|
||||
the following (this may be done by a non-root user):</para>
|
||||
the following (this may be done by a non-root user who has root ssh
|
||||
access to the firewall system):</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
@ -284,7 +285,7 @@
|
||||
|
||||
<listitem>
|
||||
<programlisting><command>cd <configuration directory></command>
|
||||
<command>/sbin/shorewall load . firewall</command></programlisting>
|
||||
<command>/sbin/shorewall load firewall</command></programlisting>
|
||||
|
||||
<para>The <ulink
|
||||
url="starting_and_stopping_shorewall.htm#Load"><command>load</command></ulink>
|
||||
@ -292,9 +293,28 @@
|
||||
the current working directory, copies that file to the remote
|
||||
system via scp and starts Shorewall Lite on the remote system via
|
||||
ssh.</para>
|
||||
|
||||
<para>Example (firewall's DNS name is 'gateway'):</para>
|
||||
|
||||
<para><command>/sbin/shorewall load gateway</command></para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>If you later need to change the firewall's configuration, change
|
||||
the appropriate files in the firewall's configuration directory
|
||||
then:</para>
|
||||
|
||||
<programlisting><command>cd <configuration directory></command>
|
||||
<command>/sbin/shorewall reload firewall</command></programlisting>
|
||||
|
||||
<para>The <ulink
|
||||
url="starting_and_stopping_shorewall.htm#Reload"><command>reload</command></ulink>
|
||||
command compiles a firewall script from the configuration files in the
|
||||
current working directory, copies that file to the remote system via
|
||||
scp and restarts Shorewall Lite on the remote system via ssh.</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>The <filename>/sbin/shorewall-lite</filename> program included with
|
||||
@ -342,7 +362,7 @@
|
||||
<para>Converting a firewall system that is currently running Shorewall
|
||||
to run Shorewall Lite instead is straight-forward.</para>
|
||||
|
||||
<orderedlist>
|
||||
<orderedlist numeration="loweralpha">
|
||||
<listitem>
|
||||
<para>On the administrative system, create a configuration directory
|
||||
for the firewall system.</para>
|
||||
@ -394,8 +414,9 @@
|
||||
|
||||
<para>Also, edit the shorewall.conf file in the firewall's
|
||||
configuration directory and change the CONFIG_PATH setting to remove
|
||||
<filename>/etc/shorewall</filename>. You can replace it with
|
||||
<filename>/usr/share/shorewall/configfiles</filename> if you
|
||||
<filename class="directory">/etc/shorewall</filename>. You can
|
||||
replace it with <filename
|
||||
class="directory">/usr/share/shorewall/configfiles</filename> if you
|
||||
like.</para>
|
||||
|
||||
<para>Example:</para>
|
||||
@ -410,6 +431,10 @@
|
||||
<programlisting>CONFIG_PATH=/usr/share/shorewall/configfiles:/usr/share/shorewall</programlisting>
|
||||
</blockquote>
|
||||
|
||||
<para>Changing CONFIG_PATH will ensure that subsequent compilations
|
||||
using the configuration directory will not include any files from
|
||||
<filename class="directory">/etc/shorewall</filename>.</para>
|
||||
|
||||
<para>After having made the above changes to the firewall's
|
||||
configuration directory, execute the following commands:</para>
|
||||
|
||||
@ -417,7 +442,7 @@
|
||||
<command>/sbin/shorewall load <firewall system></command>
|
||||
</programlisting>
|
||||
|
||||
<para>Example:</para>
|
||||
<para>Example (firewall's DNS name is 'gateway'):</para>
|
||||
|
||||
<para><command>/sbin/shorewall load gateway</command></para>
|
||||
|
||||
@ -428,6 +453,22 @@
|
||||
via scp and starts Shorewall Lite on the remote system via
|
||||
ssh.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>If you later need to change the firewall's configuration,
|
||||
change the appropriate files in the firewall's configuration
|
||||
directory then:</para>
|
||||
|
||||
<programlisting><command>cd <configuration directory></command>
|
||||
<command>/sbin/shorewall reload firewall</command></programlisting>
|
||||
|
||||
<para>The <ulink
|
||||
url="starting_and_stopping_shorewall.htm#Reload"><command>reload</command></ulink>
|
||||
command compiles a firewall script from the configuration files in
|
||||
the current working directory, copies that file to the remote system
|
||||
via scp and restarts Shorewall Lite on the remote system via
|
||||
ssh.</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
Loading…
Reference in New Issue
Block a user