diff --git a/Shorewall-docs2/Documentation.xml b/Shorewall-docs2/Documentation.xml
index d84aa5299..77512ab44 100644
--- a/Shorewall-docs2/Documentation.xml
+++ b/Shorewall-docs2/Documentation.xml
@@ -15,7 +15,7 @@
- 2005-04-16
+ 2005-04-17
2001-2005
@@ -2694,26 +2694,21 @@ eth0 eth1 206.124.146.176
/etc/shorewall/tunnels
The /etc/shorewall/tunnels file allows you to define IPSec, GRE,
- IPIP, OpenVPN, PPTP
- and 6to4.tunnels with end-points on your firewall. To use ipsec, you must
- install version 1.9, 1.91 or the current FreeS/WAN development
- snapshot.
+ IPIP, OpenVPN, PPTP,
+ 6to4 and other tunnels with end-points on your firewall.
-
- For kernels 2.4.4 and above, you will need to use version 1.91 or
- a development snapshot as patching with version 1.9 results in kernel
- compilation errors.
-
+ For an overview of Shorewall's VPN support, try this article.
Instructions for setting up IPSEC
- tunnels may be found here, instructions for IPIP and GRE tunnels are here, instructions for
- OpenVPN tunnels are here, instructions
- for PPTP tunnels are here, instructions for
- 6to4 tunnels are here, and instructions for
- integrating Shorewall with other types of
- tunnels are here.
+ tunnels may be found here (if you are using kernel 2.6 with native
+ IPSEC support, look here),
+ instructions for IPIP and GRE tunnels are
+ here, instructions for OpenVPN tunnels
+ are here, instructions for PPTP tunnels are
+ here, instructions for 6to4 tunnels are
+ here, and instructions for integrating
+ Shorewall with other types of tunnels are here.
@@ -4303,4 +4298,4 @@ eth1 -
-
\ No newline at end of file
+
diff --git a/Shorewall-docs2/Documentation_Index.xml b/Shorewall-docs2/Documentation_Index.xml
index fd3e6766d..4a8ed8820 100644
--- a/Shorewall-docs2/Documentation_Index.xml
+++ b/Shorewall-docs2/Documentation_Index.xml
@@ -15,7 +15,7 @@
- 2005-03-18
+ 2005-04-23
2001-2005
@@ -23,7 +23,7 @@
Thomas M. Eastep
- 2.2.2
+ 2.2.4
Permission is granted to copy, distribute and/or modify this
@@ -624,6 +624,10 @@
UID/GID Based Rules
+
+ UPnP
+
+
Upgrade Issues
diff --git a/Shorewall-docs2/Introduction.xml b/Shorewall-docs2/Introduction.xml
index 2f41bbf3a..da1005165 100644
--- a/Shorewall-docs2/Introduction.xml
+++ b/Shorewall-docs2/Introduction.xml
@@ -13,10 +13,10 @@
Eastep
- 2004-11-18
+ 2005-04-20
- 2003-2004
+ 2003-2005
Thomas M. Eastep
@@ -83,6 +83,29 @@
process left running in your system. The /sbin/shorewall program can be
used at any time to monitor the Netfilter firewall.
+
+ Shorewall is not the easiest to use of the available iptables
+ configuration tools but I believe that it is the most flexible and
+ powerful. So if you are looking for a simple point-and-click
+ set-and-forget Linux firewall solution that requires a minimum of
+ networking knowledge, I would encourage you to check out the following
+ alternatives:
+
+
+
+ http://www.m0n0.ch/wall/
+
+
+
+ http://www.fs-security.com/
+
+
+
+ If you are looking for a Linux firewall solution that can handle
+ complex and fast changing network environments then Shorewall is a
+ logical choice.
@@ -275,10 +298,10 @@ ACCEPT net fw tcp 22
To keep your firewall
log from filling up with useless noise, Shorewall provides
- common actions that
- silently discard or reject such noise before it can be logged. As with
- everything in Shorewall, you can alter the behavior of these common
- actions (or do away with them entirely) as you see fit.
+ common actions that silently discard
+ or reject such noise before it can be logged. As with everything in
+ Shorewall, you can alter the behavior of these common actions (or do
+ away with them entirely) as you see fit.
@@ -301,4 +324,4 @@ ACCEPT net fw tcp 22
along with this program; if not, write to the Free Software Foundation,
Inc., 675 Mass Ave, Cambridge, MA 02139, USA
-
+
\ No newline at end of file
diff --git a/Shorewall-docs2/support.xml b/Shorewall-docs2/support.xml
index 41bc1047b..1b497f169 100644
--- a/Shorewall-docs2/support.xml
+++ b/Shorewall-docs2/support.xml
@@ -15,7 +15,7 @@
- 2005-04-10
+ 2005-04-20
2001-2005
@@ -50,6 +50,12 @@
The two currently-supported Shorewall major releases are 2.0 and 2.2.
+
+
+ Shorewall versions earlier than 2.0.0 are no longer supported;
+ we will only answer your question if it deals with upgrading from
+ these old releases to a current one.
+
@@ -85,12 +91,6 @@
Problem Reporting Guidelines
-
- Shorewall versions earlier than 2.0.0 are no longer supported; we
- will only answer your question if it deals with upgrading from these old
- releases to a current one.
-
-
When reporting a problem,
- shorewall trace start 2> /tmp/trace
+ /sbin/shorewall trace start 2> /tmp/trace
Forward the /tmp/trace file as an
attachment (you may compress it if you like).
+
+ Otherwise, if you are unsure if Shorewall is starting
+ successfully on not then first note that if Shorewall starts
+ successfully, the last message it produces is "Shorewall
+ Started":
+
+
+ …
+Activating Rules...
+Shorewall Started
+gateway:~#
+
+
+ If you are seeing this message then Shorewall is starting
+ successfully.
+
+ If you are still unsure if Shorewall is starting or not,
+ enter the following command:
+
+
+ /sbin/shorewall show shorewall
+
+
+ If Shorewall has started successfully, you will see output
+ similar to this:
+
+
+ Shorewall-2.2.3 Chain shorewall at gateway - Wed Apr 20 14:41:53 PDT 2005
+
+Counters reset Sat Apr 16 17:35:06 PDT 2005
+
+Chain shorewall (0 references)
+ pkts bytes target prot opt in out source destination
+
+
+ If Shorewall has not started properly, you will see output
+ similar to this:
+
+
+ Shorewall-2.2.3 Chain shorewall at gateway - Wed Apr 20 14:43:13 PDT 2005
+
+Counters reset Sat Apr 16 17:35:06 PDT 2005
+
+iptables: No chain/target/match by that name
+
+
+
+ If you get this result after you have tried to start
+ Shorewall, please produce a trace and forward it to the list as
+ instructed above.
+
+
Otherwise, if your problem is that some set of connections to/from or through your
@@ -148,7 +200,7 @@
the exact version of Shorewall you are running.
- shorewall version
+ /sbin/shorewall version