extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-22 07:33:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Doc updates for 2.2.4

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2064 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-04-23 15:41:13 +00:00
parent 0ce125d36e
commit e3a21c0865
4 changed files with 111 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
Shorewall-docs2/Documentation.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2005-04-16</pubdate>
<pubdate>2005-04-17</pubdate>
<copyright>
<year>2001-2005</year>
@ -2694,26 +2694,21 @@ eth0 eth1 206.124.146.176</programlisting>
<title>/etc/shorewall/tunnels</title>
<para>The /etc/shorewall/tunnels file allows you to define IPSec, GRE,
IPIP, <ulink url="http://openvpn.sourceforge.net/">OpenVPN</ulink>, PPTP
and 6to4.tunnels with end-points on your firewall. To use ipsec, you must
install version 1.9, 1.91 or the current <ulink
url="http://www.xs4all.nl/%7Efreeswan/">FreeS/WAN</ulink> development
snapshot.</para>
IPIP, <ulink url="http://openvpn.sourceforge.net/">OpenVPN</ulink>, PPTP,
6to4 and other tunnels with end-points on your firewall.</para>
<note>
<para>For kernels 2.4.4 and above, you will need to use version 1.91 or
a development snapshot as patching with version 1.9 results in kernel
compilation errors.</para>
</note>
<para>For an overview of Shorewall's VPN support, try <ulink
url="VPNBasics.html">this article</ulink>. </para>
<para>Instructions for setting up <ulink url="IPSEC.htm">IPSEC
tunnels</ulink> may be found here, instructions for <ulink
url="IPIP.htm">IPIP and GRE tunnels</ulink> are here, instructions for
<ulink url="OPENVPN.html">OpenVPN tunnels</ulink> are here, instructions
for <ulink url="PPTP.htm">PPTP tunnels</ulink> are here, instructions for
<ulink url="6to4.htm">6to4 tunnels</ulink> are here, and instructions for
<ulink url="GenericTunnels.html">integrating Shorewall with other types of
tunnels</ulink> are here.</para>
tunnels</ulink> may be found here (if you are using kernel 2.6 with native
IPSEC support, look <ulink url="IPSEC-2.6.html">here</ulink>),
instructions for <ulink url="IPIP.htm">IPIP and GRE tunnels</ulink> are
here, instructions for <ulink url="OPENVPN.html">OpenVPN tunnels</ulink>
are here, instructions for <ulink url="PPTP.htm">PPTP tunnels</ulink> are
here, instructions for <ulink url="6to4.htm">6to4 tunnels</ulink> are
here, and instructions for <ulink url="GenericTunnels.html">integrating
Shorewall with other types of tunnels</ulink> are here.</para>
</section>
<section id="Conf" xreflabel="/etc/shorewall/shorewall.conf">
@ -4303,4 +4298,4 @@ eth1 -</programlisting>
</revision>
</revhistory></para>
</appendix>
</article>
</article>

8
Shorewall-docs2/Documentation_Index.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2005-03-18</pubdate>
<pubdate>2005-04-23</pubdate>
<copyright>
<year>2001-2005</year>
@ -23,7 +23,7 @@
<holder>Thomas M. Eastep</holder>
</copyright>
<edition>2.2.2</edition>
<edition>2.2.4</edition>
<legalnotice>
<para>Permission is granted to copy, distribute and/or modify this
@ -624,6 +624,10 @@
<para><ulink url="UserSets.html">UID/GID Based Rules</ulink></para>
</listitem>
<listitem>
<para><ulink url="UPnP.html">UPnP</ulink></para>
</listitem>
<listitem>
<para><ulink url="upgrade_issues.htm">Upgrade Issues</ulink></para>
</listitem>

37
Shorewall-docs2/Introduction.xml
View File

@ -13,10 +13,10 @@
<surname>Eastep</surname>
</author>
<pubdate>2004-11-18</pubdate>
<pubdate>2005-04-20</pubdate>
<copyright>
<year>2003-2004</year>
<year>2003-2005</year>
<holder>Thomas M. Eastep</holder>
</copyright>
@ -83,6 +83,29 @@
process</quote> left running in your system. The <ulink
url="starting_and_stopping_shorewall.htm">/sbin/shorewall program can be
used at any time to monitor the Netfilter firewall</ulink>.</para>
<para>Shorewall is not the easiest to use of the available iptables
configuration tools but I believe that it is the most flexible and
powerful. So if you are looking for a simple point-and-click
set-and-forget Linux firewall solution that requires a minimum of
networking knowledge, I would encourage you to check out the following
alternatives:</para>
<itemizedlist>
<listitem>
<para><ulink
url="http://www.m0n0.ch/wall/">http://www.m0n0.ch/wall/</ulink></para>
</listitem>
<listitem>
<para><ulink
url="http://www.fs-security.com/">http://www.fs-security.com/</ulink></para>
</listitem>
</itemizedlist>
<para>If you are looking for a Linux firewall solution that can handle
complex and fast changing network environments then Shorewall is a
logical choice.</para>
</section>
</section>
@ -275,10 +298,10 @@ ACCEPT net fw tcp 22</programlisting>
<listitem>
<para>To keep your <ulink url="shorewall_logging.html">firewall
log</ulink> from filling up with useless noise, Shorewall provides
<ulink url="Actions.html">common actions</ulink> that
silently discard or reject such noise before it can be logged. As with
everything in Shorewall, you can alter the behavior of these common
actions (or do away with them entirely) as you see fit.</para>
<ulink url="Actions.html">common actions</ulink> that silently discard
or reject such noise before it can be logged. As with everything in
Shorewall, you can alter the behavior of these common actions (or do
away with them entirely) as you see fit.</para>
</listitem>
</itemizedlist>
</section>
@ -301,4 +324,4 @@ ACCEPT net fw tcp 22</programlisting>
along with this program; if not, write to the Free Software Foundation,
Inc., 675 Mass Ave, Cambridge, MA 02139, USA</para>
</section>
</article>
</article>

70
Shorewall-docs2/support.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2005-04-10</pubdate>
<pubdate>2005-04-20</pubdate>
<copyright>
<year>2001-2005</year>
@ -50,6 +50,12 @@
<listitem>
<para>The two currently-supported Shorewall <ulink
url="ReleaseModel.html">major releases</ulink> are 2.0 and 2.2.</para>
<note>
<para>Shorewall versions earlier than 2.0.0 are no longer supported;
we will only answer your question if it deals with upgrading from
these old releases to a current one.</para>
</note>
</listitem>
<listitem>
@ -85,12 +91,6 @@
<section id="Guidelines">
<title>Problem Reporting Guidelines</title>
<note>
<para>Shorewall versions earlier than 2.0.0 are no longer supported; we
will only answer your question if it deals with upgrading from these old
releases to a current one.</para>
</note>
<itemizedlist>
<listitem>
<para>When reporting a problem, <emphasis
@ -104,13 +104,65 @@
please:</para>
<blockquote>
<programlisting><command>shorewall trace start 2&gt; /tmp/trace</command></programlisting>
<programlisting><command>/sbin/shorewall trace start 2&gt; /tmp/trace</command></programlisting>
<para>Forward the <filename>/tmp/trace</filename> file as an
attachment (you may compress it if you like).</para>
</blockquote>
</listitem>
<listitem>
<para>Otherwise, if you are unsure if Shorewall is starting
successfully on not then first note that if Shorewall starts
successfully, the last message it produces is "Shorewall
Started":</para>
<blockquote>
<programlisting>
Activating Rules...
<emphasis role="bold">Shorewall Started</emphasis>
gateway:~#</programlisting>
</blockquote>
<para>If you are seeing this message then Shorewall is starting
successfully.</para>
<para>If you are still unsure if Shorewall is starting or not,
enter the following command:</para>
<blockquote>
<programlisting><command>/sbin/shorewall show shorewall</command></programlisting>
</blockquote>
<para>If Shorewall has started successfully, you will see output
similar to this:</para>
<blockquote>
<programlisting>Shorewall-2.2.3 Chain shorewall at gateway - Wed Apr 20 14:41:53 PDT 2005
Counters reset Sat Apr 16 17:35:06 PDT 2005
<emphasis role="bold">Chain shorewall (0 references)
pkts bytes target prot opt in out source destination</emphasis></programlisting>
</blockquote>
<para>If Shorewall has not started properly, you will see output
similar to this:</para>
<blockquote>
<programlisting>Shorewall-2.2.3 Chain shorewall at gateway - Wed Apr 20 14:43:13 PDT 2005
Counters reset Sat Apr 16 17:35:06 PDT 2005
<emphasis role="bold">iptables: No chain/target/match by that name</emphasis>
</programlisting>
</blockquote>
<para>If you get this result after you have tried to start
Shorewall, please produce a trace and forward it to the list as
instructed above.</para>
</listitem>
<listitem>
<para>Otherwise, if your problem is that some set of <emphasis
role="bold">connection</emphasis>s to/from or through your
@ -148,7 +200,7 @@
<listitem>
<para>the exact version of Shorewall you are running.</para>
<programlisting><emphasis role="bold">shorewall version</emphasis></programlisting>
<programlisting><emphasis role="bold">/sbin/shorewall version</emphasis></programlisting>
</listitem>
<listitem>