Doc updates for 2.2.4

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2064 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-22 15:43:30 +01:00 · 2005-04-23 15:41:13 +00:00 · 2005-04-23 15:41:13 +00:00 · e3a21c0865
commit e3a21c0865
parent 0ce125d36e
4 changed files with 111 additions and 37 deletions
--- a/Shorewall-docs2/Documentation.xml
+++ b/Shorewall-docs2/Documentation.xml
@ -15,7 +15,7 @@
      </author>
    </authorgroup>
-    <pubdate>2005-04-16</pubdate>
+    <pubdate>2005-04-17</pubdate>
    <copyright>
      <year>2001-2005</year>
@ -2694,26 +2694,21 @@ eth0                  eth1            206.124.146.176</programlisting>
    <title>/etc/shorewall/tunnels</title>
    <para>The /etc/shorewall/tunnels file allows you to define IPSec, GRE,
-    IPIP, <ulink url="http://openvpn.sourceforge.net/">OpenVPN</ulink>, PPTP
+    IPIP, <ulink url="http://openvpn.sourceforge.net/">OpenVPN</ulink>, PPTP,
-    and 6to4.tunnels with end-points on your firewall. To use ipsec, you must
+    6to4 and other tunnels with end-points on your firewall.</para>
    install version 1.9, 1.91 or the current <ulink
    url="http://www.xs4all.nl/%7Efreeswan/">FreeS/WAN</ulink> development
    snapshot.</para>
-    <note>
+    <para>For an overview of Shorewall's VPN support, try <ulink
-      <para>For kernels 2.4.4 and above, you will need to use version 1.91 or
+    url="VPNBasics.html">this article</ulink>. </para>
      a development snapshot as patching with version 1.9 results in kernel
      compilation errors.</para>
    </note>
    <para>Instructions for setting up <ulink url="IPSEC.htm">IPSEC
-    tunnels</ulink> may be found here, instructions for <ulink
+    tunnels</ulink> may be found here (if you are using kernel 2.6 with native
-    url="IPIP.htm">IPIP and GRE tunnels</ulink> are here, instructions for
+    IPSEC support, look <ulink url="IPSEC-2.6.html">here</ulink>),
-    <ulink url="OPENVPN.html">OpenVPN tunnels</ulink> are here, instructions
+    instructions for <ulink url="IPIP.htm">IPIP and GRE tunnels</ulink> are
-    for <ulink url="PPTP.htm">PPTP tunnels</ulink> are here, instructions for
+    here, instructions for <ulink url="OPENVPN.html">OpenVPN tunnels</ulink>
-    <ulink url="6to4.htm">6to4 tunnels</ulink> are here, and instructions for
+    are here, instructions for <ulink url="PPTP.htm">PPTP tunnels</ulink> are
-    <ulink url="GenericTunnels.html">integrating Shorewall with other types of
+    here, instructions for <ulink url="6to4.htm">6to4 tunnels</ulink> are
-    tunnels</ulink> are here.</para>
+    here, and instructions for <ulink url="GenericTunnels.html">integrating
    Shorewall with other types of tunnels</ulink> are here.</para>
  </section>
  <section id="Conf" xreflabel="/etc/shorewall/shorewall.conf">
--- a/Shorewall-docs2/Documentation_Index.xml
+++ b/Shorewall-docs2/Documentation_Index.xml
@ -15,7 +15,7 @@
      </author>
    </authorgroup>
-    <pubdate>2005-03-18</pubdate>
+    <pubdate>2005-04-23</pubdate>
    <copyright>
      <year>2001-2005</year>
@ -23,7 +23,7 @@
      <holder>Thomas M. Eastep</holder>
    </copyright>
-    <edition>2.2.2</edition>
+    <edition>2.2.4</edition>
    <legalnotice>
      <para>Permission is granted to copy, distribute and/or modify this
@ -624,6 +624,10 @@
      <para><ulink url="UserSets.html">UID/GID Based Rules</ulink></para>
    </listitem>
    <listitem>
      <para><ulink url="UPnP.html">UPnP</ulink></para>
    </listitem>
    <listitem>
      <para><ulink url="upgrade_issues.htm">Upgrade Issues</ulink></para>
    </listitem>
--- a/Shorewall-docs2/Introduction.xml
+++ b/Shorewall-docs2/Introduction.xml
@ -13,10 +13,10 @@
      <surname>Eastep</surname>
    </author>
-    <pubdate>2004-11-18</pubdate>
+    <pubdate>2005-04-20</pubdate>
    <copyright>
-      <year>2003-2004</year>
+      <year>2003-2005</year>
      <holder>Thomas M. Eastep</holder>
    </copyright>
@ -83,6 +83,29 @@
      process</quote> left running in your system. The <ulink
      url="starting_and_stopping_shorewall.htm">/sbin/shorewall program can be
      used at any time to monitor the Netfilter firewall</ulink>.</para>
      <para>Shorewall is not the easiest to use of the available iptables
      configuration tools but I believe that it is the most flexible and
      powerful. So if you are looking for a simple point-and-click
      set-and-forget Linux firewall solution that requires a minimum of
      networking knowledge, I would encourage you to check out the following
      alternatives:</para>
      <itemizedlist>
        <listitem>
          <para><ulink
          url="http://www.m0n0.ch/wall/">http://www.m0n0.ch/wall/</ulink></para>
        </listitem>
        <listitem>
          <para><ulink
          url="http://www.fs-security.com/">http://www.fs-security.com/</ulink></para>
        </listitem>
      </itemizedlist>
      <para>If you are looking for a Linux firewall solution that can handle
      complex and fast changing network environments then Shorewall is a
      logical choice.</para>
    </section>
  </section>
@ -275,10 +298,10 @@ ACCEPT     net           fw        tcp        22</programlisting>
      <listitem>
        <para>To keep your <ulink url="shorewall_logging.html">firewall
        log</ulink> from filling up with useless noise, Shorewall provides
-        <ulink url="Actions.html">common actions</ulink> that
+        <ulink url="Actions.html">common actions</ulink> that silently discard
-        silently discard or reject such noise before it can be logged. As with
+        or reject such noise before it can be logged. As with everything in
-        everything in Shorewall, you can alter the behavior of these common
+        Shorewall, you can alter the behavior of these common actions (or do
-        actions (or do away with them entirely) as you see fit.</para>
+        away with them entirely) as you see fit.</para>
      </listitem>
    </itemizedlist>
  </section>
--- a/Shorewall-docs2/support.xml
+++ b/Shorewall-docs2/support.xml
@ -15,7 +15,7 @@
      </author>
    </authorgroup>
-    <pubdate>2005-04-10</pubdate>
+    <pubdate>2005-04-20</pubdate>
    <copyright>
      <year>2001-2005</year>
@ -50,6 +50,12 @@
      <listitem>
        <para>The two currently-supported Shorewall <ulink
        url="ReleaseModel.html">major releases</ulink> are 2.0 and 2.2.</para>
        <note>
          <para>Shorewall versions earlier than 2.0.0 are no longer supported;
          we will only answer your question if it deals with upgrading from
          these old releases to a current one.</para>
        </note>
      </listitem>
      <listitem>
@ -85,12 +91,6 @@
  <section id="Guidelines">
    <title>Problem Reporting Guidelines</title>
    <note>
      <para>Shorewall versions earlier than 2.0.0 are no longer supported; we
      will only answer your question if it deals with upgrading from these old
      releases to a current one.</para>
    </note>
    <itemizedlist>
      <listitem>
        <para>When reporting a problem, <emphasis
@ -104,13 +104,65 @@
            please:</para>
            <blockquote>
-              <programlisting><command>shorewall trace start 2&gt; /tmp/trace</command></programlisting>
+              <programlisting><command>/sbin/shorewall trace start 2&gt; /tmp/trace</command></programlisting>
              <para>Forward the <filename>/tmp/trace</filename> file as an
              attachment (you may compress it if you like).</para>
            </blockquote>
          </listitem>
          <listitem>
            <para>Otherwise, if you are unsure if Shorewall is starting
            successfully on not then first note that if Shorewall starts
            successfully, the last message it produces is "Shorewall
            Started":</para>
            <blockquote>
              <programlisting>…
 Activating Rules...
 <emphasis role="bold">Shorewall Started</emphasis>
 gateway:~#</programlisting>
            </blockquote>
            <para>If you are seeing this message then Shorewall is starting
            successfully.</para>
            <para>If you are still unsure if Shorewall is starting or not,
            enter the following command:</para>
            <blockquote>
              <programlisting><command>/sbin/shorewall show shorewall</command></programlisting>
            </blockquote>
            <para>If Shorewall has started successfully, you will see output
            similar to this:</para>
            <blockquote>
              <programlisting>Shorewall-2.2.3 Chain shorewall at gateway - Wed Apr 20 14:41:53 PDT 2005
 Counters reset Sat Apr 16 17:35:06 PDT 2005
 <emphasis role="bold">Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source               destination</emphasis></programlisting>
            </blockquote>
            <para>If Shorewall has not started properly, you will see output
            similar to this:</para>
            <blockquote>
              <programlisting>Shorewall-2.2.3 Chain shorewall at gateway - Wed Apr 20 14:43:13 PDT 2005
 Counters reset Sat Apr 16 17:35:06 PDT 2005
 <emphasis role="bold">iptables: No chain/target/match by that name</emphasis>
 </programlisting>
            </blockquote>
            <para>If you get this result after you have tried to start
            Shorewall, please produce a trace and forward it to the list as
            instructed above.</para>
          </listitem>
          <listitem>
            <para>Otherwise, if your problem is that some set of <emphasis
            role="bold">connection</emphasis>s to/from or through your
@ -148,7 +200,7 @@
                <listitem>
                  <para>the exact version of Shorewall you are running.</para>
-                  <programlisting><emphasis role="bold">shorewall version</emphasis></programlisting>
+                  <programlisting><emphasis role="bold">/sbin/shorewall version</emphasis></programlisting>
                </listitem>
                <listitem>