More 2.4.0 doc updates

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2167 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-08 08:44:05 +01:00 · 2005-05-23 22:29:52 +00:00 · 2005-05-23 22:29:52 +00:00 · fb487f5b54
commit fb487f5b54
parent b0cf1dc06d
2 changed files with 58 additions and 15 deletions
--- a/Shorewall-docs2/Shorewall_and_Routing.xml
+++ b/Shorewall-docs2/Shorewall_and_Routing.xml
@ -361,12 +361,9 @@
            <glossdef>
              <para>The IP address of the provider's Gateway router.</para>

-              <para>Users with point-to-point dynamic connections such as
-              PPPoE, PPPoA or PPTP can enter <emphasis
-              role="bold">detect</emphasis> here and Shorewall will
-              automatically determine the gateway IP address. You must of
-              course configure your ppp service to restart Shorewall when you
-              connect or when the gateway IP address changes.</para>
+              <para>You can enter <emphasis role="bold">detect</emphasis> here
+              and Shorewall will attempt to automatically determine the
+              gateway IP address.</para>
            </glossdef>
          </glossentry>

@ -435,9 +432,12 @@

        <listitem>
          <para>If you specify <emphasis role="bold">balance</emphasis>, then
-          Shorewall will replace the 'default' route in the 'main' routing
-          table with a load-balancing route among those gateways where
-          <emphasis role="bold">balance</emphasis> was specified.</para>
+          Shorewall will replace the 'default' route with weight 100 in the
+          'main' routing table with a load-balancing route among those
+          gateways where <emphasis role="bold">balance</emphasis> was
+          specified. So if you configure default routes, be sure that their
+          weight is less than 100 or the route added by Shorewall will not be
+          used.</para>
        </listitem>
      </orderedlist>

@ -472,6 +472,14 @@
        usually be done by <command>/etc/init.d/network restart</command> or
        <command>/etc/init.d/networking restart</command>. Check your
        distribution's networking documentation.</para>
+
+        <para>You can mitigate the effect of the Shorewall-generated changes
+        to your routing table by specifying a <emphasis>metric</emphasis> for
+        each default route that you configure. Shorewall will generate a
+        load-balancing default route (assuming that <emphasis
+        role="bold">balance</emphasis> has been specified for some of the
+        providers) that does not include a metric and that will therefore not
+        replace any existing route that has a non-zero metric.</para>
      </warning>
    </section>

@ -543,11 +551,12 @@ eth1             eth2              130.252.99.27</programlisting>
    determination.</para>

    <para>Routing with Shorewall is specified through entries in
-    /etc/shorewall/routes. Note that entries in the /etc/shorewall/routes file
-    override the routing specified in your routing tables. These rules
-    generate Netfilter rules in the mangle tables FORWARD chain or OUTPUT
-    chain depending whether the packets are being routed through the firewall
-    or originate on the firewall itself (see figure above).</para>
+    <filename>/etc/shorewall/routes</filename>. Note that entries in the
+    <filename>/etc/shorewall/routes</filename> file override the routing
+    specified in your routing tables. These rules generate Netfilter rules in
+    the mangle tables FORWARD chain or OUTPUT chain depending whether the
+    packets are being routed through the firewall or originate on the firewall
+    itself (see the flow diagram at the top of this article).</para>

    <para>Columns in this file are as follows:</para>

--- a/Shorewall-docs2/starting_and_stopping_shorewall.xml
+++ b/Shorewall-docs2/starting_and_stopping_shorewall.xml
@ -15,7 +15,7 @@
      </author>
    </authorgroup>

-    <pubdate>2005-05-15</pubdate>
+    <pubdate>2005-05-23</pubdate>

    <copyright>
      <year>2004</year>
@ -780,6 +780,40 @@
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term>safe-restart (Shorewall version 2.4.0 and later)</term>
+
+        <listitem>
+          <para><command>shorewall [ -q ] safe-restart [ &lt;filename&gt;
+          ]</command></para>
+
+          <para>Only allowed if Shorewall is running. The current
+          configuration is saved in
+          <filename>/var/lib/shorewall/safe-restart</filename> (see the
+          <command>save</command> command below). You will then be prompted
+          asking if you want to accept the new configuration or not. If you
+          answer "n" or if you fail to answer within 60 seconds (such as when
+          your new configuration has disabled communication with your
+          terminal), the configuration is restored from the saved
+          configuration.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>safe-start (Shorewall version 2.4.0 and later)</term>
+
+        <listitem>
+          <para><command>shorewall [ -q ] safe-start [ &lt;filename&gt;
+          ]</command></para>
+
+          <para>Shorewall is started normally. You will then be prompted
+          asking if everything went all right. If you answer "n" or if you
+          fail to answer within 60 seconds (such as when your new
+          configuration has disabled communication with your terminal), a
+          <command>shorewall clear</command> is performed for you.</para>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term>save</term>