diff --git a/Shorewall-docs2/shorewall_setup_guide.xml b/Shorewall-docs2/shorewall_setup_guide.xml index 9115d6b30..42a9ba349 100644 --- a/Shorewall-docs2/shorewall_setup_guide.xml +++ b/Shorewall-docs2/shorewall_setup_guide.xml @@ -378,9 +378,8 @@ all all REJECT info Do not connect the internal and external interface to the same hub - or switch except for testing AND you are running Shorewall version 1.4.7 - or later. When using these recent versions, you can test using this kind - of configuration if you specify the arp_filter option or the arp_ignore option in /etc/shorewall/interfaces for all interfaces @@ -948,9 +947,8 @@ loc eth2 detect netmask 255.255.255.248. - Beginning with Shorewall 1.4.6, /sbin/shorewall supports an ipcalc - command that automatically calculates information about a - [sub]network. + /sbin/shorewall supports an ipcalc command that automatically + calculates information about a [sub]network. Using the <command>ipcalc </command>command @@ -1235,10 +1233,6 @@ tcpdump: listening on eth2 they are not, change them appropriately: - - NAT_ENABLED=Yes (Shorewall versions earlier than 1.4.6) - - IP_FORWARDING=On @@ -1818,7 +1812,7 @@ ACCEPT net $FW tcp ssh #SSH to the options will be very site-specific). #ZONE INTERFACE BROADCAST OPTIONS -net eth0 detect rfc1918,routefilter +net eth0 detect norfc1918,routefilter loc eth1 detect dmz eth2 detect @@ -1830,7 +1824,7 @@ dmz eth2 detect interfaces. #ZONE INTERFACE BROADCAST OPTIONS -net eth0 192.0.2.255 rfc1918 +net eth0 192.0.2.255 norfc1918 loc eth1 192.168.201.7 dmz eth2 192.168.202.7