extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-21 23:23:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Forth batch of mindless ID changes

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6697 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-06-28 20:41:32 +00:00
parent d6f388a755
commit f8afc6df84
12 changed files with 108 additions and 342 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/NetfilterOverview.xml
View File

@ -36,7 +36,7 @@
</legalnotice>
</articleinfo>
<section>
<section id="Overview">
<title>Netfilter Overview</title>
<para>Netfilter consists of three tables: <emphasis

8
docs/PPTP.xml
View File

@ -62,7 +62,7 @@
work VPN.</para>
</warning>
<section>
<section id="Prelim">
<title>Preliminary Reading</title>
<para>I recommend reading the <ulink url="VPNBasics.html">VPN
@ -250,7 +250,7 @@ esac</programlisting>
<section id="ConfigFw">
<title>Configuring Shorewall</title>
<section>
<section id="Basic">
<title>Basic Setup</title>
<para>Here' a basic setup that treats your remote users as if they
@ -270,7 +270,7 @@ pptpserver net 0.0.0.0/0</programlisting>
loc ppp+</programlisting>
</section>
<section>
<section id="Zones">
<title>Remote Users in a Separate Zone</title>
<para>If you want to place your remote users in their own zone so that
@ -303,7 +303,7 @@ vpn ppp+</programlisting>
to/from the <emphasis role="bold">vpn</emphasis> zone.</para>
</section>
<section>
<section id="Hub">
<title>Multiple Remote Networks</title>
<para>Often there will be situations where you want multiple

14
docs/PacketHandling.xml
View File

@ -36,7 +36,7 @@
</legalnotice>
</articleinfo>
<section>
<section id="Intro">
<title>Introduction</title>
<para>This article will try to help you understand how packets pass
@ -55,7 +55,7 @@
appear.</para>
</section>
<section>
<section id="Incoming">
<title>Packets Entering the Firewall from Outside</title>
<para>Certain processing occurs on packets entering the firewall from the
@ -168,8 +168,8 @@
This happens in the <emphasis>filter</emphasis> table's <emphasis
role="bold">norfc1918</emphasis> chain.</para>
</listitem>
<listitem>
<listitem>
<para>If the interface on which the packet entered the firewall has
the <emphasis>tcpflags</emphasis> option specified in
<filename>/etc/shorewall/interfaces</filename> and the packet's
@ -180,7 +180,7 @@
</itemizedlist>
</section>
<section>
<section id="All">
<title>All Packets</title>
<para>Regardless of whether the packet originated on the firewall or came
@ -248,7 +248,7 @@
</itemizedlist>
</section>
<section>
<section id="Local">
<title>Packets Originating on the Firewall</title>
<para>Packets that originate on the firewall itself undergo additional
@ -271,7 +271,7 @@
</itemizedlist>
</section>
<section>
<section id="Egress">
<title>Packets Leaving the Firewall</title>
<para>Packets being sent to another host undergo additional

14
docs/PacketMarking.xml
View File

@ -40,7 +40,7 @@
earlier releases.</para>
</caution>
<section>
<section id="Marks">
<title>Packet and Connection Marks</title>
<para>Perhaps no aspect of Shorewall causes more confusion than packet
@ -83,7 +83,7 @@ tcp 6 19 TIME_WAIT src=206.124.146.176 dst=192.136.34.98 sport=58597 dport=
</important>
</section>
<section>
<section id="Programs">
<title>Packet Marking "Programs"</title>
<para>Packet marking occurs in Netfilter's <emphasis>mangle</emphasis>
@ -132,7 +132,7 @@ tcp 6 19 TIME_WAIT src=206.124.146.176 dst=192.136.34.98 sport=58597 dport=
POSTROUTING program. These rules are executed for each packet leaving
the firewall. Entries specifying the ":T" suffix in the MARK column
are also part of the POSTROUTING program (Shorewall version 3.4.0 and
later). </para>
later).</para>
</listitem>
<listitem>
@ -210,7 +210,7 @@ tcp 6 19 TIME_WAIT src=206.124.146.176 dst=192.136.34.98 sport=58597 dport=
</itemizedlist>
</section>
<section>
<section id="Values">
<title>Mark and Mask Values</title>
<para>The mark value is held in a 32-bit field. Because packet marking is
@ -258,7 +258,7 @@ tcp 6 19 TIME_WAIT src=206.124.146.176 dst=192.136.34.98 sport=58597 dport=
</itemizedlist>
</section>
<section>
<section id="Shorewall">
<title>Shorewall-defined Chains in the Mangle Table</title>
<para>Shorewall creates a set of chains in the mangle table to hold rules
@ -307,7 +307,7 @@ tcp 6 19 TIME_WAIT src=206.124.146.176 dst=192.136.34.98 sport=58597 dport=
(PREROUTING, FORWARD, etc.).</para>
</section>
<section>
<section id="Examples">
<title>An Example</title>
<para>Here's the example (slightly expanded) from the comments at the top
@ -381,7 +381,7 @@ SAVE 0.0.0.0/0 0.0.0.0/0 all - - - !0 #R
</orderedlist>
</section>
<section>
<section id="Show">
<title>Examining the Marking Programs on a Running System</title>
<para>You can see the tcrules in action using the <command>shorewall show

6
docs/PortKnocking.xml
View File

@ -43,7 +43,7 @@
capabilities</command> to see if you have that match.</para>
</note>
<section>
<section id="What">
<title>What is Port Knocking?</title>
<para>Port knocking is a technique whereby attempting to connect to port A
@ -53,7 +53,7 @@
which should be considered to be part of this documentation.</para>
</section>
<section>
<section id="How">
<title>Implementing Port Knocking in Shorewall</title>
<para>In order to implement this solution, your iptables and kernel must
@ -239,7 +239,7 @@ Limit:info:SSHA,3,60 net $FW tcp 22</programl
</listitem>
</itemizedlist>
<section>
<section id="LimitImp">
<title>How Limit is Implemented</title>
<para>For those who are curious, the Limit action is implemented in

4
docs/ProxyARP.xml
View File

@ -75,7 +75,7 @@
read the <ulink url="shorewall_setup_guide.htm">Shorewall Setup
Guide</ulink>.</para>
<section>
<section id="Example">
<title>Example</title>
<para>The following figure represents a Proxy ARP environment.</para>
@ -185,7 +185,7 @@ iface eth1 inet static
</warning>
</section>
<section>
<section id="ARP">
<title>ARP cache</title>
<para>A word of warning is in order here. ISPs typically configure their

4
docs/ReleaseModel.xml
View File

@ -38,7 +38,7 @@
</legalnotice>
</articleinfo>
<section>
<section id="Releases">
<title>Shorewall Releases</title>
<orderedlist>
@ -129,7 +129,7 @@
</section>
<section>
<title>Old Release Model</title>
<title id="Old">Old Release Model</title>
<para>This release model described above was adopted on 2004-07-03 and
modified 2004-07-21. Prior to 2004-07-03, a different release model was

12
docs/ScalabilityAndPerformance.xml
View File

@ -36,7 +36,7 @@
</legalnotice>
</articleinfo>
<section>
<section id="Intro">
<title>Introduction</title>
<para>The performance of the <emphasis role="bold">shorewall
@ -50,7 +50,7 @@
to the use of Shorewall-perl if at all possible.</para>
</section>
<section>
<section id="Groups">
<title>Host Groups</title>
<para>In this article, we will use the term <firstterm>host
@ -73,7 +73,7 @@
<firstterm>zone</firstterm>.</para>
</section>
<section>
<section id="GroupScale">
<title>Scaling by Host Groups</title>
<para>For each host group, it is possible to attempt connections to every
@ -93,7 +93,7 @@
combinations.</para>
</section>
<section>
<section id="ZoneScale">
<title>Scaling by Zones</title>
<para>A similar scaling issue applies to Shorewall zones. If there are
@ -106,7 +106,7 @@
role="bold">Z</emphasis><superscript>2</superscript>.</para>
</section>
<section>
<section id="Shorewall">
<title>Scaling within the Shorewall Code</title>
<para>Shorewall is written entirely in Bourne Shell. While this allows
@ -122,7 +122,7 @@
scaling.</para>
</section>
<section>
<section id="Improving">
<title>Improving Performance</title>
<para>Achieving good performance boils down to three things:</para>

12
docs/netmap.xml
View File

@ -36,7 +36,7 @@
</legalnotice>
</articleinfo>
<section>
<section id="Why">
<title>Why use Network Mapping</title>
<para>Network Mapping is most often used to resolve IP address conflicts.
@ -47,7 +47,7 @@
re-addressing.</para>
</section>
<section>
<section id="Solution">
<title>Solution</title>
<para>Shorewall NETMAP support is designed to supply a solution. The basic
@ -180,7 +180,7 @@ DNAT 10.10.11.0/24 vpn 192.168.1.0/24 #RULE 1B</programlist
DNAT 10.10.10.0/24 vpn 192.168.1.0/24 #RULE 2A
SNAT 192.168.1.0/24 vpn 10.10.10.0/24 #RULE 2B</programlisting>
<example>
<example id="Example1">
<title>192.168.1.4 in the top cloud connects to 192.168.1.27 in the
bottom cloud</title>
@ -284,7 +284,7 @@ SNAT 192.168.1.0/24 vpn 10.10.10.0/24 #RULE 2B</programlist
</example>
</section>
<section>
<section id="Notes">
<title>Author's Notes</title>
<para>This could all be made a bit simpler by eliminating the TYPE field
@ -302,7 +302,7 @@ SNAT 192.168.1.0/24 vpn 10.10.10.0/24 #RULE 2B</programlist
network in the top cloud.</para>
</section>
<section>
<section id="WhyTwo">
<title>Can't I do this with one router? Why do I need two?</title>
<para>I wrote this article before Shorewall included <ulink
@ -312,4 +312,4 @@ SNAT 192.168.1.0/24 vpn 10.10.10.0/24 #RULE 2B</programlist
providers</ulink>. If you try it and get it working, please contribute an
update to this article.</para>
</section>
</article>
</article>

38
docs/ping.xml
View File

@ -45,7 +45,7 @@
url="ports.htm">port information page</ulink>.</para>
</note>
<section>
<section id="Ping">
<title>'Ping' Management</title>
<para>In Shorewall , ICMP echo-request's are treated just like any other
@ -96,40 +96,4 @@ Ping/DROP net $FW</programlisting>
files to prevent your log from being flooded by messages generated from
remote pinging.</para>
</section>
<appendix>
<title>Revision History</title>
<para><revhistory>
<revision>
<revnumber>1.3</revnumber>
<date>2005-08-31</date>
<authorinitials>CR</authorinitials>
<revremark>Updated for Shorewall 3</revremark>
</revision>
<revision>
<revnumber>1.2</revnumber>
<date>2004-01-03</date>
<authorinitials>TE</authorinitials>
<revremark>Add traceroute reference</revremark>
</revision>
<revision>
<revnumber>1.1</revnumber>
<date>2003-08-23</date>
<authorinitials>TE</authorinitials>
<revremark>Initial version converted to Docbook XML</revremark>
</revision>
</revhistory></para>
</appendix>
</article>

276
docs/ports.xml
View File

@ -49,7 +49,7 @@
3.0.0 then please see the documentation for that release</emphasis></para>
</caution>
<section>
<section id="Notes">
<title>Important Notes</title>
<note>
@ -84,7 +84,7 @@ FTP/DNAT net dmz:192.168.1.4 </programlisting>
</note>
</section>
<section>
<section id="Auth">
<title>Auth (identd)</title>
<caution>
@ -97,7 +97,7 @@ FTP/DNAT net dmz:192.168.1.4 </programlisting>
Auth/ACCEPT <emphasis> &lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
</section>
<section>
<section id="BT">
<title>BitTorrent</title>
<caution>
@ -114,7 +114,7 @@ Auth/ACCEPT <emphasis> &lt;source&gt;</emphasis> <emphasis>&lt;destination&
BitTorrent/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
</section>
<section>
<section id="DNS">
<title>DNS</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
@ -180,7 +180,7 @@ Edonkey/DNAT net loc:192.168.1.4
DNAT net loc:192.168.1.4 tcp 4711</programlisting>
</section>
<section>
<section id="FTP">
<title>FTP</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
@ -190,7 +190,7 @@ FTP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt
information.</para>
</section>
<section>
<section id="Gnutella">
<title>Gnutella</title>
<para><orderedlist>
@ -216,14 +216,14 @@ FTP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt
Gnutella/DNAT net loc:192.168.1.4</programlisting></para>
</section>
<section>
<section id="ICQ">
<title>ICQ/AIM</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
ICQ/ACCEPT <emphasis>&lt;source&gt;</emphasis> net</programlisting>
</section>
<section>
<section id="IMAP">
<title>IMAP</title>
<caution>
@ -241,7 +241,7 @@ IMAP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&g
IMAPS/ACCEPT &lt;source&gt; &lt;destination&gt; # IMAP over SSL.</programlisting>
</section>
<section>
<section id="IPSEC">
<title>IPSEC</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
@ -256,7 +256,7 @@ ACCEPT <emphasis>&lt;destination&gt;</emphasis> <emphasis>&lt;source&gt;</e
url="VPN.htm">here</ulink>.</para>
</section>
<section>
<section id="LDAP">
<title>LDAP</title>
<caution>
@ -268,8 +268,8 @@ LDAP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis> &lt;destina
LDAPS/ACCEPT <emphasis><emphasis>&lt;source&gt;</emphasis> <emphasis> &lt;destination&gt;</emphasis></emphasis><emphasis></emphasis> # LDAP over SSL</programlisting>
</section>
<section>
<title><trademark>MySQL</trademark></title>
<section id="MySQL">
<title><trademark>My\SQL</trademark></title>
<caution>
<para>This information is valid only for Shorewall 3.2 or later.</para>
@ -288,31 +288,32 @@ LDAPS/ACCEPT <emphasis><emphasis>&lt;source&gt;</emphasis> <emphasis> &
MySQL/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis> &lt;destination&gt;</emphasis> <emphasis> </emphasis></programlisting>
</section>
<section>
<section id="NFS">
<title>NFS</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
ACCEPT <emphasis>&lt;z1&gt;</emphasis>:&lt;list of client IPs&gt; <emphasis> &lt;z2&gt;</emphasis>:a.b.c.d tcp 111
ACCEPT <emphasis>&lt;z1&gt;</emphasis>:&lt;list of client IPs&gt; <emphasis> &lt;z2&gt;</emphasis>:a.b.c.d udp</programlisting>
<para>For more NFS information, see <ulink url="http://lists.shorewall.net/~kb/">http://lists.shorewall.net/~kb/</ulink>.</para>
<para>For more NFS information, see <ulink
url="http://lists.shorewall.net/~kb/">http://lists.shorewall.net/~kb/</ulink>.</para>
</section>
<section>
<section id="NTP">
<title>NTP (Network Time Protocol)</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
NTP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
</section>
<section>
<section id="PCA">
<title><trademark>PCAnywhere</trademark></title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
PCA/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
</section>
<section>
<section id="POP3">
<title>POP3</title>
<caution>
@ -329,7 +330,7 @@ POP3/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&g
POP3S/ACCEPT &lt;source&gt; &lt;destination&gt; #Unsecure Pop3</programlisting>
</section>
<section>
<section id="PPTP">
<title>PPTP</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
@ -340,21 +341,21 @@ ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</e
url="VPN.htm">here</ulink>.</para>
</section>
<section>
<section id="Rdate">
<title>rdate</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
Rdate/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
</section>
<section>
<section id="rsync">
<title>rsync</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
Rsync/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
</section>
<section>
<section id="Siproxd">
<title>Siproxd</title>
<caution>
@ -368,14 +369,14 @@ ACCEPT net fw udp 5060
ACCEPT <emphasis> net fw udp 7070:7089</emphasis><emphasis></emphasis></programlisting>
</section>
<section>
<section id="SSH">
<title>SSH/SFTP</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
SSH/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> </programlisting>
</section>
<section>
<section id="SMB">
<title>SMB/NMB (Samba/<trademark>Windows</trademark> Browsing/File
Sharing)</title>
@ -386,7 +387,7 @@ SMB/ACCEPT <emphasis>&lt;destination&gt;</emphasis> <emphasis>&lt;source&gt
<para>Also, see <ulink url="samba.htm">this page</ulink>.</para>
</section>
<section>
<section id="SMTP">
<title>SMTP</title>
<caution>
@ -398,14 +399,14 @@ SMTP/ACCEPT<emphasis> &lt;source&gt;</emphasis> <emphasis>&lt;destination&
SMTPS/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> #SMTP over SSL (TLS)</programlisting>
</section>
<section>
<section id="SNMP">
<title>SNMP</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
SNMP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
</section>
<section>
<section id="SVN">
<title>SVN</title>
<caution>
@ -421,7 +422,7 @@ SNMP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&g
SVN/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
</section>
<section>
<section id="Telnet">
<title>Telnet</title>
<caution>
@ -433,7 +434,7 @@ SVN/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt
Telnet/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
</section>
<section>
<section id="TFTP">
<title>TFTP</title>
<para>You must have TFTP connection tracking support in your kernel. If
@ -450,7 +451,7 @@ Telnet/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination
ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> udp 69</programlisting>
</section>
<section>
<section id="Traceroute">
<title>Traceroute</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
@ -469,7 +470,7 @@ ACCEPT fw loc icmp
ACCEPT fw ...</programlisting>
</section>
<section>
<section id="NNTP">
<title>Usenet (NNTP)</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
@ -479,7 +480,7 @@ NNTPS/ACCEPT &lt;source&gt; &lt;destination&gt; # secure NNTP</programlisti
<para>TCP Port 119</para>
</section>
<section>
<section id="VNC">
<title>VNC</title>
<caution>
@ -502,19 +503,16 @@ VNC/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt
VNCL/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
</section>
<section>
<section id="Vonage">
<title><trademark>Vonage</trademark></title>
<para>The standard Shorewall loc-&gt;net ACCEPT policy is all that is
required for <trademark>Vonage</trademark> IP phone service to work,
provided that you have loaded the tftp helper modules (add the following
entries to /etc/shorewall/modules if they are not there already):</para>
<programlisting> loadmodule ip_conntrack_tftp
loadmodule ip_nat_tftp</programlisting>
</section>
<section>
<section id="Web">
<title>Web Access</title>
<caution>
@ -526,7 +524,7 @@ HTTP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&g
HTTPS/ACCEPT &lt;source&gt; &lt;destination&gt; #Secure HTTP</programlisting>
</section>
<section>
<section id="Webmin">
<title>Webmin</title>
<para><programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
@ -534,14 +532,14 @@ Webmin/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination
use TCP port 10000.</para>
</section>
<section>
<section id="Whois">
<title>Whois</title>
<para><programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
Whois/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> </programlisting></para>
</section>
<section>
<section id="X">
<title>X/XDMCP</title>
<para>Assume that the Choser and/or X Server are running at
@ -553,7 +551,7 @@ ACCEPT &lt;<emphasis>chooser</emphasis>&gt; &lt;<emphasis>apps</emphasis>&gt
ACCEPT &lt;<emphasis>apps</emphasis>&gt; &lt;<emphasis>chooser</emphasis>&gt; tcp 6000:6009 #X Displays 0-9</programlisting>
</section>
<section>
<section id="Other">
<title>Other Source of Port Information</title>
<para>Didn't find what you are looking for -- have you looked in your own
@ -562,202 +560,4 @@ ACCEPT &lt;<emphasis>apps</emphasis>&gt; &lt;<emphasis>chooser</emphasis>
<para>Still looking? Try <ulink
url="http://www.networkice.com/advice/Exploits/Ports">http://www.networkice.com/advice/Exploits/Ports</ulink></para>
</section>
<appendix>
<title>Revision History</title>
<para><revhistory>
<revision>
<revnumber>1.18</revnumber>
<date>2006-07-18</date>
<authorinitials>CR</authorinitials>
<revremark>Updated for Shorewall 3.2</revremark>
</revision>
<revision>
<revnumber>1.18</revnumber>
<date>2005-11-23</date>
<authorinitials>CR</authorinitials>
<revremark>Add Webmin info</revremark>
</revision>
<revision>
<revnumber>1.17</revnumber>
<date>2005-09-20</date>
<authorinitials>TE</authorinitials>
<revremark>More 3.0 Updates</revremark>
</revision>
<revision>
<revnumber>1.16</revnumber>
<date>2005-09-02</date>
<authorinitials>CR</authorinitials>
<revremark>Updated for Shorewall v3.0</revremark>
</revision>
<revision>
<revnumber>1.15</revnumber>
<date>2005-05-02</date>
<authorinitials>TE</authorinitials>
<revremark>Added Emule</revremark>
</revision>
<revision>
<revnumber>1.14</revnumber>
<date>2004-10-01</date>
<authorinitials>TE</authorinitials>
<revremark>Add rsync.</revremark>
</revision>
<revision>
<revnumber>1.13</revnumber>
<date>2004-09-21</date>
<authorinitials>TE</authorinitials>
<revremark>Add note about ICMP type 11 to Traceroute.</revremark>
</revision>
<revision>
<revnumber>1.12</revnumber>
<date>2004-09-09</date>
<authorinitials>TE</authorinitials>
<revremark>Add note about <trademark>Vonage</trademark>.</revremark>
</revision>
<revision>
<revnumber>1.11</revnumber>
<date>2004-05-28</date>
<authorinitials>TE</authorinitials>
<revremark>Corrected directory for actions.std and enhanced the DNS
section.</revremark>
</revision>
<revision>
<revnumber>1.10</revnumber>
<date>2004-05-09</date>
<authorinitials>TE</authorinitials>
<revremark>Added TFTP.</revremark>
</revision>
<revision>
<revnumber>1.9</revnumber>
<date>2004-04-24</date>
<authorinitials>TE</authorinitials>
<revremark>Revised ICQ/AIM.</revremark>
</revision>
<revision>
<revnumber>1.8</revnumber>
<date>2004-04-23</date>
<authorinitials>TE</authorinitials>
<revremark>Added SNMP.</revremark>
</revision>
<revision>
<revnumber>1.7</revnumber>
<date>2004-02-18</date>
<authorinitials>TE</authorinitials>
<revremark>Make NFS work for everyone.</revremark>
</revision>
<revision>
<revnumber>1.6</revnumber>
<date>2004-02-14</date>
<authorinitials>TE</authorinitials>
<revremark>Add PCAnywhere.</revremark>
</revision>
<revision>
<revnumber>1.5</revnumber>
<date>2004-02-05</date>
<authorinitials>TE</authorinitials>
<revremark>Added information about VNC viewers in listen
mode.</revremark>
</revision>
<revision>
<revnumber>1.4</revnumber>
<date>2004-01-26</date>
<authorinitials>TE</authorinitials>
<revremark>Correct ICQ.</revremark>
</revision>
<revision>
<revnumber>1.3</revnumber>
<date>2004-01-04</date>
<authorinitials>TE</authorinitials>
<revremark>Alphabetize</revremark>
</revision>
<revision>
<revnumber>1.2</revnumber>
<date>2004-01-03</date>
<authorinitials>TE</authorinitials>
<revremark>Add rules file entries.</revremark>
</revision>
<revision>
<revnumber>1.1</revnumber>
<date>2002-07-30</date>
<authorinitials>TE</authorinitials>
<revremark>Initial version converted to Docbook XML</revremark>
</revision>
</revhistory></para>
</appendix>
</article>

60
docs/quotes.xml
View File

@ -29,23 +29,23 @@
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para>
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation
License</ulink></quote>.</para>
</legalnotice>
</articleinfo>
<section>
<section id="Quotes">
<title>What Users are saying...</title>
<blockquote>
<attribution>AS, Poland</attribution>
<para><emphasis>I want to say that Shorewall documentation is the best
I&#39;ve ever found on the net. It&#39;s helped me a lot in
understanding how network is working. It is the best of breed. It
contains not only Shorewall specific topics with the assumption that all
the rest is well known, but also gives some very useful background
information. Thank you very much for this wonderful piece of work.
</emphasis></para>
I've ever found on the net. It's helped me a lot in understanding how
network is working. It is the best of breed. It contains not only
Shorewall specific topics with the assumption that all the rest is well
known, but also gives some very useful background information. Thank you
very much for this wonderful piece of work. </emphasis></para>
</blockquote>
<blockquote>
@ -63,12 +63,12 @@
<blockquote>
<attribution>SE, California, USA</attribution>
<para><emphasis>In two words, I&#39;d call Shorewall &#34;brilliant
simplicity&#34;. Define general rules of what it is you want to do, and
let the software determine the specific rules on how to implement it.
It&#39;s great only having to define specific rules for specific
instances. I have a much higher degree of confidence in my firewall than
I have had previously. Thank you for Shorewall!.</emphasis></para>
<para><emphasis>In two words, I'd call Shorewall "brilliant simplicity".
Define general rules of what it is you want to do, and let the software
determine the specific rules on how to implement it. It's great only
having to define specific rules for specific instances. I have a much
higher degree of confidence in my firewall than I have had previously.
Thank you for Shorewall!.</emphasis></para>
</blockquote>
<blockquote>
@ -84,7 +84,8 @@
<attribution>JL, Ohio</attribution>
<para><emphasis>I just installed Shorewall after weeks of messing with
ipchains/iptables and I had it up and running in under 20 minutes!</emphasis></para>
ipchains/iptables and I had it up and running in under 20
minutes!</emphasis></para>
</blockquote>
<blockquote>
@ -124,8 +125,9 @@
<blockquote>
<attribution>B.R, Netherlands</attribution>
<para><emphasis>[Shorewall is a] great, great project. I&#39;ve
used/tested may firewall scripts but this one is till now the best.</emphasis></para>
<para><emphasis>[Shorewall is a] great, great project. I've used/tested
may firewall scripts but this one is till now the
best.</emphasis></para>
</blockquote>
<blockquote>
@ -150,19 +152,19 @@
<blockquote>
<attribution>SE, US</attribution>
<para><emphasis>You have the best support of any other package I&#39;ve
ever used.</emphasis></para>
<para><emphasis>You have the best support of any other package I've ever
used.</emphasis></para>
</blockquote>
<blockquote>
<attribution>Name withheld by request, Europe</attribution>
<para><emphasis>Because our company has information which has been
classified by the national government as secret, our security
doesn&#39;t stop by putting a fence around our company. Information
security is a hot issue. We also make use of checkpoint firewalls, but
not all of the internet servers are guarded by checkpoint, some of them
are running....Shorewall.</emphasis></para>
classified by the national government as secret, our security doesn't
stop by putting a fence around our company. Information security is a
hot issue. We also make use of checkpoint firewalls, but not all of the
internet servers are guarded by checkpoint, some of them are
running....Shorewall.</emphasis></para>
</blockquote>
<blockquote>
@ -170,7 +172,7 @@
<para><emphasis>thanx for all your efforts you put into shorewall - this
product stands out against a lot of commercial stuff i´ve been working
with in terms of flexibillity, quality &#38; support</emphasis></para>
with in terms of flexibillity, quality &amp; support</emphasis></para>
</blockquote>
<blockquote>
@ -184,13 +186,13 @@
<blockquote>
<attribution>RP, Guatamala</attribution>
<para><emphasis>My respects... I&#39;ve just found and installed
Shorewall 1.3.3-1 and it is a wonderful piece of software. I&#39;ve just
sent out an email to about 30 people recommending it. :-)</emphasis></para>
<para><emphasis>My respects... I've just found and installed Shorewall
1.3.3-1 and it is a wonderful piece of software. I've just sent out an
email to about 30 people recommending it. :-)</emphasis></para>
<para><emphasis>While I had previously taken the time (maybe 40 hours)
to really understand ipchains, then spent at least an hour per server
customizing and carefully scrutinizing firewall rules, I&#39;ve got
customizing and carefully scrutinizing firewall rules, I've got
shorewall running on my home firewall, with rulesets and policies that I
know make sense, in under 20 minutes.</emphasis></para>
</blockquote>