mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-28 18:43:30 +01:00
Third cut at removing references to Documentation.htm
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6776 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
34101c0766
commit
fe5978edd7
22
docs/FAQ.xml
22
docs/FAQ.xml
@ -841,7 +841,7 @@ to debug/develop the newnat interface.</programlisting></para>
|
||||
|
||||
<para><emphasis role="bold">Answer</emphasis>: Most likely, you need to
|
||||
set CLAMPMSS=Yes in <ulink
|
||||
url="Documentation.htm#Conf">/etc/shorewall/shorewall.conf</ulink>.</para>
|
||||
url="manpages/shorewall.conf.html">/etc/shorewall/shorewall.conf</ulink>.</para>
|
||||
</section>
|
||||
|
||||
<section id="faq35">
|
||||
@ -904,7 +904,7 @@ to debug/develop the newnat interface.</programlisting></para>
|
||||
restart</quote>).</para>
|
||||
|
||||
<para>By default, older versions of Shorewall rate-limited log messages
|
||||
through <ulink url="Documentation.htm#Conf">settings</ulink> in
|
||||
through <ulink url="manpages/shorewall.conf.html">settings</ulink> in
|
||||
<filename>/etc/shorewall/shorewall.conf</filename> -- If you want to log
|
||||
all messages, set:</para>
|
||||
|
||||
@ -1120,7 +1120,7 @@ DROP net fw udp 10619</programlisting>
|
||||
<para>The destination address is listed in
|
||||
<filename>/usr/share/shorewall/rfc1918</filename> with a <emphasis
|
||||
role="bold">logdrop</emphasis> target -- see <filename> <ulink
|
||||
url="Documentation.htm#rfc1918">/usr/share/shorewall/rfc1918</ulink>
|
||||
url="manpages/shorewall-rfc1918.html">/usr/share/shorewall/rfc1918</ulink>
|
||||
</filename>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -1132,7 +1132,7 @@ DROP net fw udp 10619</programlisting>
|
||||
<para>The source or destination address is listed in
|
||||
<filename>/usr/share/shorewall/rfc1918</filename> with a <emphasis
|
||||
role="bold">logdrop</emphasis> target -- see <filename> <ulink
|
||||
url="Documentation.htm#rfc1918">/usr/share/shorewall/rfc1918</ulink>
|
||||
url="manpages/shorewall-rfc1918.html">/usr/share/shorewall/rfc1918</ulink>
|
||||
</filename>.</para>
|
||||
|
||||
<note>
|
||||
@ -1231,7 +1231,7 @@ DROP net fw udp 10619</programlisting>
|
||||
role="bold">dropunclean</emphasis> <ulink
|
||||
url="manpages/shorewall-interfaces.html">interface option</ulink> as
|
||||
specified in the <emphasis role="bold">LOGUNCLEAN</emphasis>
|
||||
setting in <ulink url="Documentation.htm#Conf">
|
||||
setting in <ulink url="manpages/shorewall.conf.html">
|
||||
<filename>/etc/shorewall/shorewall.conf</filename>
|
||||
</ulink>.</para>
|
||||
</listitem>
|
||||
@ -1243,7 +1243,7 @@ DROP net fw udp 10619</programlisting>
|
||||
<listitem>
|
||||
<para>The packet is being logged because the source IP is
|
||||
blacklisted in the <filename> <ulink
|
||||
url="Documentation.htm#Blacklist">/etc/shorewall/blacklist</ulink>
|
||||
url="manpages/shorewall-blacklist.html">/etc/shorewall/blacklist</ulink>
|
||||
</filename> file.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -1264,10 +1264,10 @@ DROP net fw udp 10619</programlisting>
|
||||
</filename> or you need the <emphasis
|
||||
role="bold">routeback</emphasis> option in the relevant entry in
|
||||
<filename> <ulink
|
||||
url="Documentation.htm#Hosts">/etc/shorewall/hosts</ulink>.</filename></para>
|
||||
url="manpages/shorewall-hosts.html">/etc/shorewall/hosts</ulink>.</filename></para>
|
||||
|
||||
<para>In Shorewall 3.3.3 and later versions with OPTIMIZE=1 in
|
||||
<ulink url="Documentation.htm#Conf">shorewall.conf</ulink>, such
|
||||
<ulink url="manpages/shorewall.conf.html">shorewall.conf</ulink>, such
|
||||
packets may also be logged out of a <zone>2all chain or the
|
||||
all2all chain.</para>
|
||||
</listitem>
|
||||
@ -1282,7 +1282,7 @@ DROP net fw udp 10619</programlisting>
|
||||
and look at the printed zone definitions).</para>
|
||||
|
||||
<para>In Shorewall 3.3.3 and later versions with OPTIMIZE=1 in
|
||||
<ulink url="Documentation.htm#Conf">shorewall.conf</ulink>, such
|
||||
<ulink url="manpages/shorewall.conf.html">shorewall.conf</ulink>, such
|
||||
packets may also be logged out of the fw2all chain or the all2all
|
||||
chain.</para>
|
||||
</listitem>
|
||||
@ -1733,7 +1733,7 @@ iptables: Invalid argument
|
||||
<para><emphasis role="bold">Answer:</emphasis> This usually happens when
|
||||
the firewall uses LDAP Authentication. The solution is to list your LDAP
|
||||
server(s) as <emphasis role="bold">critical</emphasis> in <ulink
|
||||
url="Documentation.htm#Routestopped">/etc/shorewall/routestopped</ulink>.</para>
|
||||
url="manpages/shorewall-routestopped.html">/etc/shorewall/routestopped</ulink>.</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
@ -1930,7 +1930,7 @@ iptables: Invalid argument
|
||||
modem in/out but still block all other rfc1918 addresses?</para>
|
||||
|
||||
<para><emphasis role="bold">Answer:</emphasis> Add the following to
|
||||
<ulink url="Documentation.htm#rfc1918">/etc/shorewall/rfc1918</ulink>
|
||||
<ulink url="manpages/shorewall-rfc1918.html">/etc/shorewall/rfc1918</ulink>
|
||||
(Note: If you are running Shorewall 2.0.0 or later, you may need to
|
||||
first copy <filename>/usr/share/shorewall/rfc1918</filename> to
|
||||
<filename>/etc/shorewall/rfc1918</filename>):</para>
|
||||
|
@ -146,7 +146,7 @@
|
||||
|
||||
<listitem>
|
||||
<para>The<filename> </filename><ulink
|
||||
url="Documentation.htm#Zones"><filename>/etc/shorewall/zones</filename></ulink>
|
||||
url="manpages/shorewall-zones.html"><filename>/etc/shorewall/zones</filename></ulink>
|
||||
file allows you to associate zones with traffic that will be encrypted
|
||||
or that has been decrypted.</para>
|
||||
</listitem>
|
||||
|
@ -403,7 +403,7 @@ ipsec net 0.0.0.0/0</programlisting>
|
||||
zones and add and delete remote endpoints dynamically using
|
||||
/sbin/shorewall. With Shorewall 2.0.2 Beta 1 and later versions, this
|
||||
capability must be enabled by setting DYNAMIC_ZONES=Yes in <ulink
|
||||
url="Documentation.htm#Conf">shorewall.conf</ulink>.</para>
|
||||
url="manpages/shorewall.conf.html">shorewall.conf</ulink>.</para>
|
||||
|
||||
<para>In /etc/shorewall/zones:</para>
|
||||
|
||||
|
@ -128,9 +128,9 @@ loc Your Local Network
|
||||
dmz Demilitarized Zone</programlisting>
|
||||
|
||||
<para>Zones are declared and given a type in the <ulink
|
||||
url="Documentation.htm#Zones"><filename
|
||||
url="manpages/shorewall-zones.html"><filename
|
||||
class="directory">/etc/shorewall/</filename><filename>zones</filename></ulink>
|
||||
file.Here is the <ulink url="Documentation.htm#Zones"><filename
|
||||
file.Here is the <ulink url="manpages/shorewall-zones.html"><filename
|
||||
class="directory">/etc/shorewall/</filename><filename>zones</filename></ulink>
|
||||
file from the three-interface sample:</para>
|
||||
|
||||
@ -169,7 +169,7 @@ dmz eth2 detect</programlisting>
|
||||
file to define a zone, all addresses are included; when you want to define
|
||||
a zone that contains a limited subset of the IPv4 address space, you use
|
||||
the <ulink
|
||||
url="Documentation.htm#Hosts"><filename>/etc/shorewall/hosts</filename></ulink>
|
||||
url="manpages/shorewall-hosts.html"><filename>/etc/shorewall/hosts</filename></ulink>
|
||||
file.</para>
|
||||
|
||||
<para>Rules about what traffic to allow and what traffic to deny are
|
||||
|
@ -86,7 +86,7 @@
|
||||
|
||||
<listitem>
|
||||
<para>The <emphasis role="bold">maclist</emphasis> option in <ulink
|
||||
url="Documentation.htm#Hosts">/etc/shorewall/hosts</ulink>. When this
|
||||
url="manpages/shorewall-hosts.html">/etc/shorewall/hosts</ulink>. When this
|
||||
option is specified for a subnet, all new connection requests from
|
||||
that subnet are subject to MAC verification.</para>
|
||||
</listitem>
|
||||
@ -100,7 +100,7 @@
|
||||
<listitem>
|
||||
<para>The <emphasis role="bold">MACLIST_DISPOSITION</emphasis> and
|
||||
<emphasis role="bold">MACLIST_LOG_LEVEL</emphasis> variables in <ulink
|
||||
url="Documentation.htm#Conf">/etc/shorewall/shorewall.conf</ulink>.
|
||||
url="manpages/shorewall.conf.html">/etc/shorewall/shorewall.conf</ulink>.
|
||||
The MACLIST_DISPOSITION variable has the value DROP, REJECT or ACCEPT
|
||||
and determines the disposition of connection requests that fail MAC
|
||||
verification. The MACLIST_LOG_LEVEL variable gives the syslogd level
|
||||
|
@ -102,7 +102,7 @@ PARAM - - tcp 135,139,445
|
||||
<para>User-defined Macros. These macros are created by end-users. They
|
||||
are defined in macros.* files in /etc/shorewall or in another
|
||||
directory listed in your CONFIG_PATH (defined in <ulink
|
||||
url="Documentation.htm#Conf">/etc/shorewall/shorewall.conf</ulink>).</para>
|
||||
url="manpages/shorewall.conf.html">/etc/shorewall/shorewall.conf</ulink>).</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
|
@ -222,7 +222,7 @@
|
||||
role="bold"><emphasis>zone1</emphasis>2<emphasis>zone2</emphasis></emphasis></emphasis>
|
||||
chain where <emphasis>zone1</emphasis> is the source zone and
|
||||
<emphasis>zone2</emphasis> is the destination zone. Note that in the
|
||||
presence of <ulink url="Documentation.htm#Nested">nested or
|
||||
presence of <ulink url="manpages/shorewall-nested.html">nested or
|
||||
overlapping zones</ulink> and CONTINUE policies, a packet may go
|
||||
through more than one of these chains.</para>
|
||||
</listitem>
|
||||
|
@ -196,7 +196,7 @@
|
||||
<para>If you want to be able to give access to all of your local systems
|
||||
to the remote network, you should consider running a VPN client on your
|
||||
firewall. As starting points, see <ulink
|
||||
url="Documentation.htm#Tunnels">http://www.shorewall.net/Documentation.htm#Tunnels</ulink>
|
||||
url="manpages/shorewall-tunnels.html">http://www.shorewall.net/Documentation.htm#Tunnels</ulink>
|
||||
or <ulink url="PPTP.htm">http://www.shorewall.net/PPTP.htm</ulink>.</para>
|
||||
</section>
|
||||
</article>
|
@ -79,17 +79,17 @@
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>Пакеты с хостов из чёрного списка будут отбрасываться без уведомления (drop) или с уведомлением (reject), согласно параметру BLACKLIST_DISPOSITION из файла <ulink
|
||||
url="Documentation.htm#Config"><filename>/etc/shorewall/shorewall.conf</filename>.</ulink></para>
|
||||
url="manpages/shorewall.conf.htmlig"><filename>/etc/shorewall/shorewall.conf</filename>.</ulink></para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Пакеты с хостов из чёрного списка будут заноситься в протокол с заданным уровнем syslog согласно параметру BLACKLIST_LOGLEVEL из файла <ulink
|
||||
url="Documentation.htm#Config"><filename>/etc/shorewall/shorewall.conf</filename></ulink>.</para>
|
||||
url="manpages/shorewall.conf.htmlig"><filename>/etc/shorewall/shorewall.conf</filename></ulink>.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>IP-адреса или подсети, которые требуется занести в чёрный список, указываются в файле <ulink
|
||||
url="Documentation.htm#Blacklist"><filename>/etc/shorewall/blacklist</filename></ulink>.
|
||||
url="manpages/shorewall-blacklist.html"><filename>/etc/shorewall/blacklist</filename></ulink>.
|
||||
В этом файле можно также указать имена протоколов, номеров портов или имён служб.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -174,7 +174,7 @@
|
||||
<listitem>
|
||||
<para>Rate Limit (if passed as "" then $LOGLIMIT is assumed — see
|
||||
the LOGLIMIT option in <ulink
|
||||
url="Documentation.htm#Conf">/etc/shorewall/shorewall.conf</ulink>)</para>
|
||||
url="manpages/shorewall.conf.html">/etc/shorewall/shorewall.conf</ulink>)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
|
@ -63,7 +63,7 @@
|
||||
|
||||
<listitem>
|
||||
<para>Allows you to partition the network into <ulink
|
||||
url="Documentation.htm#Zones">zones</ulink> and gives you complete
|
||||
url="manpages/shorewall-zones.html">zones</ulink> and gives you complete
|
||||
control over the connections permitted between each pair of
|
||||
zones.</para>
|
||||
</listitem>
|
||||
@ -105,7 +105,7 @@
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para><ulink
|
||||
url="Documentation.htm#Masq">Masquerading/SNAT</ulink>.</para>
|
||||
url="manpages/shorewall-masq.html">Masquerading/SNAT</ulink>.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
@ -164,7 +164,7 @@
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para><ulink url="Documentation.htm#Tunnels">IPSEC, GRE, IPIP and
|
||||
<para><ulink url="manpages/shorewall-tunnels.html">IPSEC, GRE, IPIP and
|
||||
OpenVPN Tunnels</ulink>.</para>
|
||||
</listitem>
|
||||
|
||||
|
@ -67,12 +67,12 @@
|
||||
|
||||
<listitem>
|
||||
<para>The packet is rejected because of an option in <ulink
|
||||
url="Documentation.htm#Conf">/etc/shorewall/shorewall.conf</ulink> or
|
||||
url="manpages/shorewall.conf.html">/etc/shorewall/shorewall.conf</ulink> or
|
||||
<ulink
|
||||
url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces</ulink>.
|
||||
These packets can be logged by setting the appropriate logging-related
|
||||
option in <ulink
|
||||
url="Documentation.htm#Conf">/etc/shorewall/shorewall.conf</ulink>.</para>
|
||||
url="manpages/shorewall.conf.html">/etc/shorewall/shorewall.conf</ulink>.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
|
@ -169,7 +169,7 @@
|
||||
</variablelist>
|
||||
|
||||
<para>Zones are defined in the file <filename><ulink
|
||||
url="Documentation.htm#Zones"><filename>/etc/shorewall/zones</filename></ulink></filename>.</para>
|
||||
url="manpages/shorewall-zones.html"><filename>/etc/shorewall/zones</filename></ulink></filename>.</para>
|
||||
|
||||
<important>
|
||||
<para>The <filename>/etc/shorewall/zones</filename> file included in the
|
||||
@ -363,7 +363,7 @@ all all REJECT info</programlisting>
|
||||
class="devicefile">ppp0</filename> or <filename
|
||||
class="devicefile">ippp0</filename> then you will want to set CLAMPMSS=yes
|
||||
in <filename><ulink
|
||||
url="Documentation.htm#Config">/etc/shorewall/shorewall.conf</ulink></filename>.</para>
|
||||
url="manpages/shorewall.conf.htmlig">/etc/shorewall/shorewall.conf</ulink></filename>.</para>
|
||||
|
||||
<para>Your <emphasis>Local Interface</emphasis> will be an Ethernet
|
||||
adapter (<filename class="devicefile">eth0</filename>,
|
||||
@ -444,7 +444,7 @@ loc eth2 detect</programlisting>
|
||||
<para><inlinegraphic fileref="images/BD21298_.gif" /></para>
|
||||
|
||||
<para>You may define more complicated zones using the<filename> <ulink
|
||||
url="Documentation.htm#Hosts">/etc/shorewall/hosts</ulink></filename> file
|
||||
url="manpages/shorewall-hosts.html">/etc/shorewall/hosts</ulink></filename> file
|
||||
but in most cases, that isn't necessary. See <ulink
|
||||
url="Shorewall_and_Aliased_Interfaces.html">Shorewall_and_Aliased_Interfaces.html</ulink>
|
||||
and <ulink url="Multiple_Zones.html">Multiple_Zones.html</ulink> for
|
||||
@ -1377,7 +1377,7 @@ Destination Gateway Genmask Flags MSS Window irtt Iface
|
||||
<member><inlinegraphic fileref="images/BD21298_.gif" /></member>
|
||||
|
||||
<member>SNAT is configured in Shorewall using the <filename><ulink
|
||||
url="Documentation.htm#Masq">/etc/shorewall/masq</ulink></filename>
|
||||
url="manpages/shorewall-masq.html">/etc/shorewall/masq</ulink></filename>
|
||||
file.</member>
|
||||
</simplelist>
|
||||
|
||||
@ -1803,7 +1803,7 @@ ACCEPT net $FW tcp ssh #SSH to the
|
||||
|
||||
<para>If you haven't already, it would be a good idea to browse through
|
||||
<ulink
|
||||
url="Documentation.htm#Config"><filename>/etc/shorewall/shorewall.conf</filename></ulink>
|
||||
url="manpages/shorewall.conf.htmlig"><filename>/etc/shorewall/shorewall.conf</filename></ulink>
|
||||
just to see if there is anything there that might be of interest. You
|
||||
might also want to look at the other configuration files that you
|
||||
haven't touched yet just to get a feel for the other things that
|
||||
@ -2402,7 +2402,7 @@ foobar.net. 86400 IN A 192.0.2.177
|
||||
command and stopped using <quote>shorewall stop</quote>. When the firewall
|
||||
is stopped, routing is enabled on those hosts that have an entry in
|
||||
<filename><ulink
|
||||
url="Documentation.htm#Routestopped">/etc/shorewall/routestopped</ulink></filename>.
|
||||
url="manpages/shorewall-routestopped.html">/etc/shorewall/routestopped</ulink></filename>.
|
||||
A running firewall may be restarted using the <quote>shorewall
|
||||
restart</quote> command. If you want to totally remove any trace of
|
||||
Shorewall from your Netfilter configuration, use <quote>shorewall
|
||||
@ -2411,7 +2411,7 @@ foobar.net. 86400 IN A 192.0.2.177
|
||||
<para><inlinegraphic fileref="images/BD21298_.gif" /></para>
|
||||
|
||||
<para>Edit the <filename><ulink
|
||||
url="Documentation.htm#Routestopped">/etc/shorewall/routestopped</ulink></filename>
|
||||
url="manpages/shorewall-routestopped.html">/etc/shorewall/routestopped</ulink></filename>
|
||||
file and configure those systems that you want to be able to access the
|
||||
firewall when it is stopped.</para>
|
||||
|
||||
@ -2419,7 +2419,7 @@ foobar.net. 86400 IN A 192.0.2.177
|
||||
<para>If you are connected to your firewall from the internet, do not
|
||||
issue a <quote>shorewall stop</quote> command unless you have added an
|
||||
entry for the IP address that you are connected from to <filename><ulink
|
||||
url="Documentation.htm#Routestopped">/etc/shorewall/routestopped</ulink></filename>.
|
||||
url="manpages/shorewall-routestopped.html">/etc/shorewall/routestopped</ulink></filename>.
|
||||
Also, I don't recommend using <quote>shorewall restart</quote>; it is
|
||||
better to create an <ulink
|
||||
url="starting_and_stopping_shorewall.htm"><emphasis>an alternate
|
||||
|
@ -228,7 +228,7 @@ fw firewall
|
||||
net ipv4</programlisting>
|
||||
|
||||
<para>Shorewall zones are defined in <ulink
|
||||
url="Documentation.htm#Zones"><filename>/etc/shorewall/zones</filename></ulink>.</para>
|
||||
url="manpages/shorewall-zones.html"><filename>/etc/shorewall/zones</filename></ulink>.</para>
|
||||
|
||||
<para>Note that Shorewall recognizes the firewall system as its own zone.
|
||||
When the <filename>/etc/shorewall/zones</filename> file is processed, the
|
||||
@ -528,7 +528,7 @@ SSH/ACCEPT net $FW </programlisting>
|
||||
<quote><command>shorewall stop</command></quote>. When the firewall is
|
||||
stopped, routing is enabled on those hosts that have an entry in
|
||||
<filename><ulink
|
||||
url="Documentation.htm#Routestopped">/etc/shorewall/routestopped</ulink></filename>.
|
||||
url="manpages/shorewall-routestopped.html">/etc/shorewall/routestopped</ulink></filename>.
|
||||
A running firewall may be restarted using the <quote><command>shorewall
|
||||
restart</command></quote> command. If you want to totally remove any trace
|
||||
of Shorewall from your Netfilter configuration, use
|
||||
@ -539,7 +539,7 @@ SSH/ACCEPT net $FW </programlisting>
|
||||
issue a <quote><command>shorewall stop</command></quote> command unless
|
||||
you have added an entry for the IP address that you are connected from
|
||||
to <ulink
|
||||
url="Documentation.htm#Routestopped"><filename>/etc/shorewall/routestopped</filename></ulink>.
|
||||
url="manpages/shorewall-routestopped.html"><filename>/etc/shorewall/routestopped</filename></ulink>.
|
||||
Also, I don't recommend using <quote><command>shorewall
|
||||
restart</command></quote>; it is better to create an <emphasis><ulink
|
||||
url="configuration_file_basics.htm#Configs">alternate
|
||||
|
@ -234,7 +234,7 @@ fw firewall
|
||||
net ipv4</programlisting>
|
||||
|
||||
<para>Зоны Shorewall описаны в файле <ulink
|
||||
url="Documentation.htm#Zones"><filename>/etc/shorewall/zones</filename></ulink>.</para>
|
||||
url="manpages/shorewall-zones.html"><filename>/etc/shorewall/zones</filename></ulink>.</para>
|
||||
|
||||
<para>Заметьте, что Shorewall рассматривает систему файервола как свою
|
||||
собственную зону. При обработке файла
|
||||
@ -488,7 +488,7 @@ SSH/ACCEPT net $FW </programlisting>
|
||||
<quote><command>shorewall stop</command></quote>. Когда файервол
|
||||
остановливается, маршрутизация разрешается на те хосты, которые указаны в
|
||||
<filename><ulink
|
||||
url="Documentation.htm#Routestopped">/etc/shorewall/routestopped</ulink></filename>.
|
||||
url="manpages/shorewall-routestopped.html">/etc/shorewall/routestopped</ulink></filename>.
|
||||
Запущенный файервол может быть перезапущен при помощи команды
|
||||
<quote><command>shorewall restart</command></quote>. Если Вы хотите
|
||||
полностью удалить изменения сделанные Shorewall из конфигурации Вашего
|
||||
@ -500,7 +500,7 @@ SSH/ACCEPT net $FW </programlisting>
|
||||
используйте команду <quote><command>shorewall stop</command></quote>
|
||||
если Вы не добавили запись для <acronym>IP</acronym>-адреса, с которого
|
||||
Вы подсоединены, в <ulink
|
||||
url="Documentation.htm#Routestopped"><filename>/etc/shorewall/routestopped</filename></ulink>.
|
||||
url="manpages/shorewall-routestopped.html"><filename>/etc/shorewall/routestopped</filename></ulink>.
|
||||
Также, я не рекоммендую использовать <quote><command>shorewall
|
||||
restart</command></quote>; лучше создать <emphasis><ulink
|
||||
url="configuration_file_basics.htm#Configs">альтернативную
|
||||
|
@ -151,9 +151,9 @@
|
||||
all netfilter rules and open your firewall for all traffic to pass.
|
||||
It rather places your firewall in a safe state defined by the
|
||||
contents of your <ulink
|
||||
url="Documentation.htm#Routestopped">/etc/shorewall/routestopped</ulink>
|
||||
url="manpages/shorewall-routestopped.html">/etc/shorewall/routestopped</ulink>
|
||||
file and the setting of ADMINISABSENTMINDED in <ulink
|
||||
url="Documentation.htm#Conf">/etc/shorewall/shorewall.conf</ulink>.</para>
|
||||
url="manpages/shorewall.conf.html">/etc/shorewall/shorewall.conf</ulink>.</para>
|
||||
</important>
|
||||
</listitem>
|
||||
|
||||
@ -244,7 +244,7 @@
|
||||
<para>That command creates the default restore script,
|
||||
<filename>/var/lib/shorewall/restore</filename>. The default may be
|
||||
changed using the RESTOREFILE option in <ulink
|
||||
url="Documentation.htm#Conf">/etc/shorewall/shorewall.conf</ulink>. A
|
||||
url="manpages/shorewall.conf.html">/etc/shorewall/shorewall.conf</ulink>. A
|
||||
different file name may also be specified in the <command>save</command>
|
||||
command:</para>
|
||||
|
||||
@ -464,7 +464,7 @@
|
||||
|
||||
<listitem>
|
||||
<para>Reduces the verbosity level (see VERBOSITY setting in <ulink
|
||||
url="Documentation.htm#Config">shorewall.conf</ulink>). May be
|
||||
url="manpages/shorewall.conf.htmlig">shorewall.conf</ulink>). May be
|
||||
repeated (e.g., "-qq") with each instance reducing the verbosity
|
||||
level by one.</para>
|
||||
</listitem>
|
||||
@ -475,7 +475,7 @@
|
||||
|
||||
<listitem>
|
||||
<para>Increases the verbosity level (see VERBOSITY setting in
|
||||
<ulink url="Documentation.htm#Config">shorewall.conf</ulink>). May
|
||||
<ulink url="manpages/shorewall.conf.htmlig">shorewall.conf</ulink>). May
|
||||
be repeated (e.g., "-qq") with each instance increasing the
|
||||
verbosity level by one.</para>
|
||||
</listitem>
|
||||
|
@ -1031,7 +1031,7 @@ ACCEPT net $FW tcp 80 </programlisting><it
|
||||
start</command> command and stopped using <command>shorewall
|
||||
stop</command>. When the firewall is stopped, routing is enabled on those
|
||||
hosts that have an entry in <ulink
|
||||
url="Documentation.htm#Routestopped"><filename>/etc/shorewall/routestopped</filename></ulink>.
|
||||
url="manpages/shorewall-routestopped.html"><filename>/etc/shorewall/routestopped</filename></ulink>.
|
||||
A running firewall may be restarted using the <command>shorewall
|
||||
restart</command> command. If you want to totally remove any trace of
|
||||
Shorewall from your Netfilter configuration, use <command>shorewall
|
||||
@ -1049,7 +1049,7 @@ ACCEPT net $FW tcp 80 </programlisting><it
|
||||
issue a <command>shorewall stop</command> command unless you have
|
||||
added an entry for the IP address that you are connected from to
|
||||
<ulink
|
||||
url="Documentation.htm#Routestopped"><filename>/etc/shorewall/routestopped</filename></ulink>.
|
||||
url="manpages/shorewall-routestopped.html"><filename>/etc/shorewall/routestopped</filename></ulink>.
|
||||
Also, I don't recommend using <command>shorewall restart</command>; it
|
||||
is better to create an <ulink
|
||||
url="configuration_file_basics.htm#Levels">alternate
|
||||
|
@ -254,7 +254,7 @@ loc ipv4
|
||||
dmz ipv4</programlisting>
|
||||
|
||||
<para>Зоны Shorewall описаны в файле <ulink
|
||||
url="Documentation.htm#Zones"><filename>/etc/shorewall/zones</filename></ulink>.</para>
|
||||
url="manpages/shorewall-zones.html"><filename>/etc/shorewall/zones</filename></ulink>.</para>
|
||||
|
||||
<para>Заметьте, что Shorewall рассматривает систему файервола как свою
|
||||
собственную зону. При обработке файла
|
||||
@ -1035,7 +1035,7 @@ ACCEPT net $FW tcp 80 </programlisting><it
|
||||
помощи <quote><command>shorewall stop</command></quote>. Когда файервол
|
||||
остановливается, маршрутизация разрешается на те хосты, которые указаны в
|
||||
<filename><ulink
|
||||
url="Documentation.htm#Routestopped">/etc/shorewall/routestopped</ulink></filename>.
|
||||
url="manpages/shorewall-routestopped.html">/etc/shorewall/routestopped</ulink></filename>.
|
||||
Запущенный файервол может быть перезапущен при помощи команды
|
||||
<quote><command>shorewall restart</command></quote>. Если Вы хотите
|
||||
полностью удалить изменения сделанные Shorewall из конфигурации Вашего
|
||||
@ -1055,7 +1055,7 @@ ACCEPT net $FW tcp 80 </programlisting><it
|
||||
используйте команду <quote><command>shorewall stop</command></quote>
|
||||
если Вы не добавили запись для <acronym>IP</acronym>-адреса, с
|
||||
которого Вы подсоединены, в <ulink
|
||||
url="Documentation.htm#Routestopped"><filename>/etc/shorewall/routestopped</filename></ulink>.
|
||||
url="manpages/shorewall-routestopped.html"><filename>/etc/shorewall/routestopped</filename></ulink>.
|
||||
Также, я не рекоммендую использовать <quote><command>shorewall
|
||||
restart</command></quote>; лучше создать <emphasis><ulink
|
||||
url="configuration_file_basics.htm#Configs">альтернативную
|
||||
|
@ -232,7 +232,7 @@ gateway:~/test # </programlisting>A look at /var/lib/shorewall/restore at line
|
||||
is to run a DHCP server; running it on your firewall is fine — be sure to
|
||||
set the <emphasis role="bold">dhcp</emphasis> option on your internal
|
||||
interface in <ulink
|
||||
url="Documentation.htm#INterfaces">/etc/shorewall/interfaces</ulink>.</para>
|
||||
url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces</ulink>.</para>
|
||||
</section>
|
||||
|
||||
<section id="Connections">
|
||||
@ -457,7 +457,7 @@ Ping/DROP net all</programlisting>
|
||||
<para>your zone definitions are screwed up and the host that is
|
||||
sending the packets or the destination host isn't in any zone
|
||||
(using an <ulink
|
||||
url="Documentation.htm#Hosts"><filename>/etc/shorewall/hosts</filename></ulink>
|
||||
url="manpages/shorewall-hosts.html"><filename>/etc/shorewall/hosts</filename></ulink>
|
||||
file are you?); or</para>
|
||||
</listitem>
|
||||
|
||||
|
@ -235,7 +235,7 @@
|
||||
fw firewall
|
||||
net ipv4
|
||||
loc ipv4</programlisting>Zones are defined in the <ulink
|
||||
url="Documentation.htm#Zones"><filename
|
||||
url="manpages/shorewall-zones.html"><filename
|
||||
class="directory">/etc/shorewall/</filename><filename>zones</filename></ulink>
|
||||
file.</para>
|
||||
|
||||
@ -929,7 +929,7 @@ ACCEPT loc $FW tcp 80 #Allow Weblet to work</progra
|
||||
<quote><command>shorewall stop</command></quote>. When the firewall is
|
||||
stopped, routing is enabled on those hosts that have an entry in <filename
|
||||
class="directory">/etc/shorewall/</filename><filename><ulink
|
||||
url="Documentation.htm#Routestopped">routestopped</ulink></filename>. A
|
||||
url="manpages/shorewall-routestopped.html">routestopped</ulink></filename>. A
|
||||
running firewall may be restarted using the <quote><command>shorewall
|
||||
restart</command></quote> command. If you want to totally remove any trace
|
||||
of Shorewall from your Netfilter configuration, use
|
||||
|
@ -241,7 +241,7 @@ net ipv4
|
||||
loc ipv4</programlisting>
|
||||
|
||||
<para>Зоны Shorewall описаны в файле <ulink
|
||||
url="Documentation.htm#Zones"><filename>/etc/shorewall/zones</filename></ulink>.</para>
|
||||
url="manpages/shorewall-zones.html"><filename>/etc/shorewall/zones</filename></ulink>.</para>
|
||||
|
||||
<para>Заметьте, что Shorewall рассматривает систему файервола как свою
|
||||
собственную зону. При обработке файла
|
||||
@ -940,7 +940,7 @@ ACCEPT loc $FW tcp 80 #Allow Weblet to work</progra
|
||||
помощи <quote><command>shorewall stop</command></quote>. Когда файервол
|
||||
остановливается, маршрутизация разрешается на те хосты, которые указаны в
|
||||
<filename><ulink
|
||||
url="Documentation.htm#Routestopped">/etc/shorewall/routestopped</ulink></filename>.
|
||||
url="manpages/shorewall-routestopped.html">/etc/shorewall/routestopped</ulink></filename>.
|
||||
Запущенный файервол может быть перезапущен при помощи команды
|
||||
<quote><command>shorewall restart</command></quote>. Если Вы хотите
|
||||
полностью удалить изменения сделанные Shorewall из конфигурации Вашего
|
||||
@ -960,7 +960,7 @@ ACCEPT loc $FW tcp 80 #Allow Weblet to work</progra
|
||||
используйте команду <quote><command>shorewall stop</command></quote>
|
||||
если Вы не добавили запись для <acronym>IP</acronym>-адреса, с
|
||||
которого Вы подсоединены, в <ulink
|
||||
url="Documentation.htm#Routestopped"><filename>/etc/shorewall/routestopped</filename></ulink>.
|
||||
url="manpages/shorewall-routestopped.html"><filename>/etc/shorewall/routestopped</filename></ulink>.
|
||||
Также, я не рекоммендую использовать <quote><command>shorewall
|
||||
restart</command></quote>; лучше создать <emphasis><ulink
|
||||
url="configuration_file_basics.htm#Configs">альтернативную
|
||||
|
@ -596,7 +596,7 @@ all all REJECT:MyReject info</programlisting>
|
||||
|
||||
<para>The shorewall.conf file included in this release sets
|
||||
IPSECFILE=zones so that new users are expected to use the <ulink
|
||||
url="Documentation.htm#Zones">new zone file format</ulink>.</para>
|
||||
url="manpages/shorewall-zones.html">new zone file format</ulink>.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
|
Loading…
Reference in New Issue
Block a user