mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 06:10:42 +01:00
Doc updates for 2.2.4
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2064 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
0ce125d36e
commit
e3a21c0865
@ -15,7 +15,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2005-04-16</pubdate>
|
||||
<pubdate>2005-04-17</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2001-2005</year>
|
||||
@ -2694,26 +2694,21 @@ eth0 eth1 206.124.146.176</programlisting>
|
||||
<title>/etc/shorewall/tunnels</title>
|
||||
|
||||
<para>The /etc/shorewall/tunnels file allows you to define IPSec, GRE,
|
||||
IPIP, <ulink url="http://openvpn.sourceforge.net/">OpenVPN</ulink>, PPTP
|
||||
and 6to4.tunnels with end-points on your firewall. To use ipsec, you must
|
||||
install version 1.9, 1.91 or the current <ulink
|
||||
url="http://www.xs4all.nl/%7Efreeswan/">FreeS/WAN</ulink> development
|
||||
snapshot.</para>
|
||||
IPIP, <ulink url="http://openvpn.sourceforge.net/">OpenVPN</ulink>, PPTP,
|
||||
6to4 and other tunnels with end-points on your firewall.</para>
|
||||
|
||||
<note>
|
||||
<para>For kernels 2.4.4 and above, you will need to use version 1.91 or
|
||||
a development snapshot as patching with version 1.9 results in kernel
|
||||
compilation errors.</para>
|
||||
</note>
|
||||
<para>For an overview of Shorewall's VPN support, try <ulink
|
||||
url="VPNBasics.html">this article</ulink>. </para>
|
||||
|
||||
<para>Instructions for setting up <ulink url="IPSEC.htm">IPSEC
|
||||
tunnels</ulink> may be found here, instructions for <ulink
|
||||
url="IPIP.htm">IPIP and GRE tunnels</ulink> are here, instructions for
|
||||
<ulink url="OPENVPN.html">OpenVPN tunnels</ulink> are here, instructions
|
||||
for <ulink url="PPTP.htm">PPTP tunnels</ulink> are here, instructions for
|
||||
<ulink url="6to4.htm">6to4 tunnels</ulink> are here, and instructions for
|
||||
<ulink url="GenericTunnels.html">integrating Shorewall with other types of
|
||||
tunnels</ulink> are here.</para>
|
||||
tunnels</ulink> may be found here (if you are using kernel 2.6 with native
|
||||
IPSEC support, look <ulink url="IPSEC-2.6.html">here</ulink>),
|
||||
instructions for <ulink url="IPIP.htm">IPIP and GRE tunnels</ulink> are
|
||||
here, instructions for <ulink url="OPENVPN.html">OpenVPN tunnels</ulink>
|
||||
are here, instructions for <ulink url="PPTP.htm">PPTP tunnels</ulink> are
|
||||
here, instructions for <ulink url="6to4.htm">6to4 tunnels</ulink> are
|
||||
here, and instructions for <ulink url="GenericTunnels.html">integrating
|
||||
Shorewall with other types of tunnels</ulink> are here.</para>
|
||||
</section>
|
||||
|
||||
<section id="Conf" xreflabel="/etc/shorewall/shorewall.conf">
|
||||
@ -4303,4 +4298,4 @@ eth1 -</programlisting>
|
||||
</revision>
|
||||
</revhistory></para>
|
||||
</appendix>
|
||||
</article>
|
||||
</article>
|
||||
|
@ -15,7 +15,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2005-03-18</pubdate>
|
||||
<pubdate>2005-04-23</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2001-2005</year>
|
||||
@ -23,7 +23,7 @@
|
||||
<holder>Thomas M. Eastep</holder>
|
||||
</copyright>
|
||||
|
||||
<edition>2.2.2</edition>
|
||||
<edition>2.2.4</edition>
|
||||
|
||||
<legalnotice>
|
||||
<para>Permission is granted to copy, distribute and/or modify this
|
||||
@ -624,6 +624,10 @@
|
||||
<para><ulink url="UserSets.html">UID/GID Based Rules</ulink></para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><ulink url="UPnP.html">UPnP</ulink></para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><ulink url="upgrade_issues.htm">Upgrade Issues</ulink></para>
|
||||
</listitem>
|
||||
|
@ -13,10 +13,10 @@
|
||||
<surname>Eastep</surname>
|
||||
</author>
|
||||
|
||||
<pubdate>2004-11-18</pubdate>
|
||||
<pubdate>2005-04-20</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2003-2004</year>
|
||||
<year>2003-2005</year>
|
||||
|
||||
<holder>Thomas M. Eastep</holder>
|
||||
</copyright>
|
||||
@ -83,6 +83,29 @@
|
||||
process</quote> left running in your system. The <ulink
|
||||
url="starting_and_stopping_shorewall.htm">/sbin/shorewall program can be
|
||||
used at any time to monitor the Netfilter firewall</ulink>.</para>
|
||||
|
||||
<para>Shorewall is not the easiest to use of the available iptables
|
||||
configuration tools but I believe that it is the most flexible and
|
||||
powerful. So if you are looking for a simple point-and-click
|
||||
set-and-forget Linux firewall solution that requires a minimum of
|
||||
networking knowledge, I would encourage you to check out the following
|
||||
alternatives:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para><ulink
|
||||
url="http://www.m0n0.ch/wall/">http://www.m0n0.ch/wall/</ulink></para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><ulink
|
||||
url="http://www.fs-security.com/">http://www.fs-security.com/</ulink></para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>If you are looking for a Linux firewall solution that can handle
|
||||
complex and fast changing network environments then Shorewall is a
|
||||
logical choice.</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
@ -275,10 +298,10 @@ ACCEPT net fw tcp 22</programlisting>
|
||||
<listitem>
|
||||
<para>To keep your <ulink url="shorewall_logging.html">firewall
|
||||
log</ulink> from filling up with useless noise, Shorewall provides
|
||||
<ulink url="Actions.html">common actions</ulink> that
|
||||
silently discard or reject such noise before it can be logged. As with
|
||||
everything in Shorewall, you can alter the behavior of these common
|
||||
actions (or do away with them entirely) as you see fit.</para>
|
||||
<ulink url="Actions.html">common actions</ulink> that silently discard
|
||||
or reject such noise before it can be logged. As with everything in
|
||||
Shorewall, you can alter the behavior of these common actions (or do
|
||||
away with them entirely) as you see fit.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
@ -301,4 +324,4 @@ ACCEPT net fw tcp 22</programlisting>
|
||||
along with this program; if not, write to the Free Software Foundation,
|
||||
Inc., 675 Mass Ave, Cambridge, MA 02139, USA</para>
|
||||
</section>
|
||||
</article>
|
||||
</article>
|
@ -15,7 +15,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2005-04-10</pubdate>
|
||||
<pubdate>2005-04-20</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2001-2005</year>
|
||||
@ -50,6 +50,12 @@
|
||||
<listitem>
|
||||
<para>The two currently-supported Shorewall <ulink
|
||||
url="ReleaseModel.html">major releases</ulink> are 2.0 and 2.2.</para>
|
||||
|
||||
<note>
|
||||
<para>Shorewall versions earlier than 2.0.0 are no longer supported;
|
||||
we will only answer your question if it deals with upgrading from
|
||||
these old releases to a current one.</para>
|
||||
</note>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
@ -85,12 +91,6 @@
|
||||
<section id="Guidelines">
|
||||
<title>Problem Reporting Guidelines</title>
|
||||
|
||||
<note>
|
||||
<para>Shorewall versions earlier than 2.0.0 are no longer supported; we
|
||||
will only answer your question if it deals with upgrading from these old
|
||||
releases to a current one.</para>
|
||||
</note>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>When reporting a problem, <emphasis
|
||||
@ -104,13 +104,65 @@
|
||||
please:</para>
|
||||
|
||||
<blockquote>
|
||||
<programlisting><command>shorewall trace start 2> /tmp/trace</command></programlisting>
|
||||
<programlisting><command>/sbin/shorewall trace start 2> /tmp/trace</command></programlisting>
|
||||
|
||||
<para>Forward the <filename>/tmp/trace</filename> file as an
|
||||
attachment (you may compress it if you like).</para>
|
||||
</blockquote>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Otherwise, if you are unsure if Shorewall is starting
|
||||
successfully on not then first note that if Shorewall starts
|
||||
successfully, the last message it produces is "Shorewall
|
||||
Started":</para>
|
||||
|
||||
<blockquote>
|
||||
<programlisting>…
|
||||
Activating Rules...
|
||||
<emphasis role="bold">Shorewall Started</emphasis>
|
||||
gateway:~#</programlisting>
|
||||
</blockquote>
|
||||
|
||||
<para>If you are seeing this message then Shorewall is starting
|
||||
successfully.</para>
|
||||
|
||||
<para>If you are still unsure if Shorewall is starting or not,
|
||||
enter the following command:</para>
|
||||
|
||||
<blockquote>
|
||||
<programlisting><command>/sbin/shorewall show shorewall</command></programlisting>
|
||||
</blockquote>
|
||||
|
||||
<para>If Shorewall has started successfully, you will see output
|
||||
similar to this:</para>
|
||||
|
||||
<blockquote>
|
||||
<programlisting>Shorewall-2.2.3 Chain shorewall at gateway - Wed Apr 20 14:41:53 PDT 2005
|
||||
|
||||
Counters reset Sat Apr 16 17:35:06 PDT 2005
|
||||
|
||||
<emphasis role="bold">Chain shorewall (0 references)
|
||||
pkts bytes target prot opt in out source destination</emphasis></programlisting>
|
||||
</blockquote>
|
||||
|
||||
<para>If Shorewall has not started properly, you will see output
|
||||
similar to this:</para>
|
||||
|
||||
<blockquote>
|
||||
<programlisting>Shorewall-2.2.3 Chain shorewall at gateway - Wed Apr 20 14:43:13 PDT 2005
|
||||
|
||||
Counters reset Sat Apr 16 17:35:06 PDT 2005
|
||||
|
||||
<emphasis role="bold">iptables: No chain/target/match by that name</emphasis>
|
||||
</programlisting>
|
||||
</blockquote>
|
||||
|
||||
<para>If you get this result after you have tried to start
|
||||
Shorewall, please produce a trace and forward it to the list as
|
||||
instructed above.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Otherwise, if your problem is that some set of <emphasis
|
||||
role="bold">connection</emphasis>s to/from or through your
|
||||
@ -148,7 +200,7 @@
|
||||
<listitem>
|
||||
<para>the exact version of Shorewall you are running.</para>
|
||||
|
||||
<programlisting><emphasis role="bold">shorewall version</emphasis></programlisting>
|
||||
<programlisting><emphasis role="bold">/sbin/shorewall version</emphasis></programlisting>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
|
Loading…
Reference in New Issue
Block a user