<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> <article> <!--$Id$--> <articleinfo> <title>Shorewall Documentation</title> <authorgroup> <author> <firstname>Tom</firstname> <surname>Eastep</surname> </author> </authorgroup> <pubdate>2004-03-28</pubdate> <copyright> <year>2001-2004</year> <holder>Thomas M. Eastep</holder> </copyright> <edition>2.0.1</edition> <legalnotice> <para>Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled <quote><ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para> </legalnotice> </articleinfo> <caution> <para>Are you running Shorewall on <ulink url="http://www.mandrakesoft.com"><trademark>Mandrake</trademark> Linux</ulink> with a two-interface setup?</para> <para>If so and if you configured your system while running a Mandrake release earlier than 10.0 final then this documentation will not apply directly to your environment. If you want to use the documentation that you find here, you will want to consider uninstalling what you have and installing a configuration that matches this documentation. See the <ulink url="two-interface.htm">Two-interface QuickStart Guide</ulink> for details.</para> </caution> <itemizedlist> <listitem> <para><ulink url="Introduction.html">Introduction to Shorewall</ulink></para> </listitem> <listitem> <para><ulink url="shorewall_quickstart_guide.htm">QuickStart Guides (HOWTOS)</ulink></para> </listitem> </itemizedlist> <para>The remainder of the Documentation supplements the QuickStart Guides. Please review the appropriate guide before trying to use this documentation directly.</para> <itemizedlist> <listitem> <para><ulink url="Accounting.html">Accounting</ulink></para> </listitem> <listitem> <para><ulink url="Shorewall_and_Aliased_Interfaces.html">Aliased (virtual) Interfaces (e.g., eth0:0)</ulink></para> </listitem> <listitem> <para><ulink url="traffic_shaping.htm">Bandwidth Control</ulink></para> </listitem> <listitem> <para><ulink url="blacklisting_support.htm">Blacklisting</ulink></para> <itemizedlist> <listitem> <para>Static Blacklisting using /etc/shorewall/blacklist</para> </listitem> <listitem> <para>Dynamic Blacklisting using /sbin/shorewall</para> </listitem> </itemizedlist> </listitem> <listitem> <para><ulink url="bridge.html">Bridge/Firewall</ulink></para> </listitem> <listitem> <para><ulink url="starting_and_stopping_shorewall.htm">Commands</ulink> (Description of all /sbin/shorewall commands)</para> </listitem> <listitem> <para><ulink url="configuration_file_basics.htm">Common configuration file features </ulink><itemizedlist><listitem><para><ulink url="configuration_file_basics.htm#Comments">Comments in configuration files</ulink></para></listitem><listitem><para><ulink url="configuration_file_basics.htm#Continuation">Line Continuation</ulink></para></listitem><listitem><para><ulink url="configuration_file_basics.htm#INCLUDE">INCLUDE Directive</ulink></para></listitem><listitem><para><ulink url="configuration_file_basics.htm#Ports">Port Numbers/Service Names</ulink>configuration_file_basics.htm#Ports</para></listitem><listitem><para><ulink url="configuration_file_basics.htm#Ranges">Port Ranges</ulink></para></listitem><listitem><para><ulink url="configuration_file_basics.htm#Variables">Using Shell Variables</ulink></para></listitem><listitem><para><ulink url="configuration_file_basics.htm#dnsnames">Using DNS Names</ulink></para></listitem><listitem><para><ulink url="configuration_file_basics.htm#Compliment">Complementing an IP address or Subnet</ulink></para></listitem><listitem><para><ulink url="configuration_file_basics.htm#Levels">Shorewall Configurations (making a test configuration)</ulink></para></listitem><listitem><para><ulink url="configuration_file_basics.htm#MAC">Using MAC Addresses in Shorewall</ulink></para></listitem></itemizedlist></para> </listitem> <listitem> <para><ulink url="Documentation.htm">Configuration File Reference Manual </ulink><itemizedlist><listitem><para><ulink url="Documentation.htm#Variables">params</ulink></para></listitem><listitem><para><ulink url="Documentation.htm#Zones">zones</ulink></para></listitem><listitem><para><ulink url="Documentation.htm#Interfaces">interfaces</ulink></para></listitem><listitem><para><ulink url="Documentation.htm#Hosts">hosts</ulink></para></listitem><listitem><para><ulink url="Documentation.htm#Policy">policy</ulink></para></listitem><listitem><para><ulink url="Documentation.htm#Rules">rules</ulink></para></listitem><listitem><para><ulink url="Documentation.htm#Common">common</ulink></para></listitem><listitem><para><ulink url="Documentation.htm#Masq">masq</ulink></para></listitem><listitem><para><ulink url="Documentation.htm#ProxyArp">proxyarp</ulink></para></listitem><listitem><para><ulink url="Documentation.htm#NAT">nat</ulink></para></listitem><listitem><para><ulink url="Documentation.htm#Tunnels">tunnels</ulink></para></listitem><listitem><para><ulink url="traffic_shaping.htm#tcrules">tcrules</ulink></para></listitem><listitem><para><ulink url="Documentation.htm#Conf">shorewall.conf</ulink></para></listitem><listitem><para><ulink url="Documentation.htm#modules">modules</ulink></para></listitem><listitem><para><ulink url="Documentation.htm#TOS">tos</ulink></para></listitem><listitem><para><ulink url="Documentation.htm#Blacklist">blacklist</ulink></para></listitem><listitem><para><ulink url="Documentation.htm#rfc1918">rfc1918</ulink></para></listitem><listitem><para><ulink url="Documentation.htm#Routestopped">routestopped</ulink></para></listitem><listitem><para><ulink url="Accounting.html">accounting</ulink></para></listitem><listitem><para><ulink url="UserSets.html">usersets and users</ulink></para></listitem><listitem><para><ulink url="MAC_Validation.html">maclist</ulink></para></listitem><listitem><para><ulink url="User_defined_Actions.html">actions and action.template</ulink></para></listitem><listitem><para><ulink url="Documentation.htm#Bogons">bogons</ulink></para></listitem><listitem><para><ulink url="Documentation.htm#Netmap">netmap</ulink></para></listitem></itemizedlist></para> </listitem> <listitem> <para><ulink url="CorpNetwork.htm">Corporate Network Example</ulink> (Contributed by a Graeme Boyle)</para> </listitem> <listitem> <para><ulink url="dhcp.htm">DHCP</ulink></para> </listitem> <listitem> <para><ulink url="ECN.html">ECN Disabling by host or subnet</ulink></para> </listitem> <listitem> <para><ulink url="errata.htm">Errata</ulink></para> </listitem> <listitem> <para><ulink url="shorewall_extension_scripts.htm">Extension Scripts</ulink> (How to extend Shorewall without modifying Shorewall code through the use of files in /etc/shorewall -- /etc/shorewall/start, /etc/shorewall/stopped, etc.)</para> </listitem> <listitem> <para><ulink url="fallback.htm">Fallback/Uninstall</ulink></para> </listitem> <listitem> <para><ulink url="FAQ.htm">FAQs</ulink></para> </listitem> <listitem> <para><ulink url="shorewall_features.htm">Features</ulink></para> </listitem> <listitem> <para><ulink url="Multiple_Zones.html">Forwarding Traffic on the Same Interface</ulink></para> </listitem> <listitem> <para><ulink url="FTP.html">FTP and Shorewall</ulink></para> </listitem> <listitem> <para><ulink url="support.htm">Getting help or answers to questions</ulink></para> </listitem> <listitem> <para><ulink url="Install.htm">Installation/Upgrade</ulink></para> </listitem> <listitem> <para><ulink url="IPSEC.htm">IPSEC</ulink></para> </listitem> <listitem> <para><ulink url="Shorewall_and_Kazaa.html">Kazaa Filtering</ulink></para> </listitem> <listitem> <para><ulink url="kernel.htm">Kernel Configuration</ulink></para> </listitem> <listitem> <para><ulink url="shorewall_logging.html">Logging</ulink></para> </listitem> <listitem> <para><ulink url="MAC_Validation.html">MAC Verification</ulink></para> </listitem> <listitem> <para><ulink url="Multiple_Zones.html">Multiple Zones Through One Interface</ulink></para> </listitem> <listitem> <para><ulink url="myfiles.htm">My Shorewall Configuration</ulink> (How I personally use Shorewall)</para> </listitem> <listitem> <para><ulink url="NetfilterOverview.html">Netfilter Overview</ulink></para> </listitem> <listitem> <para><ulink url="netmap.html">Network Mapping</ulink></para> </listitem> <listitem> <para><ulink url="NAT.htm">One-to-one NAT</ulink> (Formerly referred to as Static NAT)</para> </listitem> <listitem> <para><ulink url="OPENVPN.html">OpenVPN</ulink></para> </listitem> <listitem> <para><ulink url="starting_and_stopping_shorewall.htm">Operating Shorewall</ulink></para> </listitem> <listitem> <para><ulink url="ping.html">'Ping' Management</ulink></para> </listitem> <listitem> <para><ulink url="ports.htm">Port Information</ulink></para> <itemizedlist> <listitem> <para>Which applications use which ports</para> </listitem> <listitem> <para>Ports used by Trojans</para> </listitem> </itemizedlist> </listitem> <listitem> <para><ulink url="PPTP.htm">PPTP</ulink></para> </listitem> <listitem> <para><ulink url="ProxyARP.htm">Proxy ARP</ulink></para> </listitem> <listitem> <para><ulink url="shorewall_prerequisites.htm">Requirements</ulink></para> </listitem> <listitem> <para><ulink url="Multiple_Zones.html">Routing on One Interface</ulink></para> </listitem> <listitem> <para><ulink url="samba.htm">Samba</ulink></para> </listitem> <listitem> <para><ulink url="shorewall_setup_guide.htm">Shorewall Setup Guide</ulink><itemizedlist><listitem><para><ulink url="shorewall_setup_guide.htm#Introduction">Introduction</ulink></para></listitem><listitem><para><ulink url="shorewall_setup_guide.htm#Concepts">Shorewall Concepts</ulink></para></listitem><listitem><para><ulink url="shorewall_setup_guide.htm#Interfaces">Network Interfaces</ulink></para></listitem><listitem><para><ulink url="shorewall_setup_guide.htm#Addressing">Addressing, Subnets and Routing</ulink></para><itemizedlist><listitem><para><ulink url="shorewall_setup_guide.htm#Addresses">IP Addresses</ulink></para></listitem><listitem><para><ulink url="shorewall_setup_guide.htm#Subnets">Subnets</ulink></para></listitem><listitem><para><ulink url="shorewall_setup_guide.htm#Routing">Routing</ulink></para></listitem><listitem><para><ulink url="shorewall_setup_guide.htm#ARP">Address Resolution Protocol (ARP)</ulink></para></listitem><listitem><para><ulink url="shorewall_setup_guide.htm#RFC1918">RFC 1918</ulink></para></listitem></itemizedlist></listitem><listitem><para><ulink url="shorewall_setup_guide.htm#Options">Setting up your Network</ulink></para><itemizedlist><listitem><para><ulink url="shorewall_setup_guide.htm#Routed">Routed</ulink></para></listitem><listitem><para><ulink url="shorewall_setup_guide.htm#NonRouted">Non-routed</ulink></para><itemizedlist><listitem><para><ulink url="shorewall_setup_guide.htm#SNAT">SNAT</ulink></para></listitem><listitem><para><ulink url="shorewall_setup_guide.htm#DNAT">DNAT</ulink></para></listitem><listitem><para><ulink url="shorewall_setup_guide.htm#ProxyARP">Proxy ARP</ulink></para></listitem><listitem><para><ulink url="shorewall_setup_guide.htm#NAT">One-to-one NAT</ulink></para></listitem></itemizedlist></listitem><listitem><para><ulink url="shorewall_setup_guide.htm#Rules">Rules</ulink></para></listitem><listitem><para><ulink url="shorewall_setup_guide.htm#OddsAndEnds">Odds and Ends</ulink></para></listitem></itemizedlist></listitem><listitem><para><ulink url="shorewall_setup_guide.htm#DNS">DNS</ulink></para></listitem><listitem><para><ulink url="starting_and_stopping_shorewall.htm">Starting and Stopping the Firewall</ulink></para></listitem></itemizedlist></para> </listitem> <listitem> <para><ulink url="starting_and_stopping_shorewall.htm">Starting/stopping the Firewall</ulink><itemizedlist><listitem><para>Description of all /sbin/shorewall commands</para></listitem><listitem><para>How to safely test a Shorewall configuration change</para></listitem></itemizedlist></para> </listitem> <listitem> <para><ulink url="Shorewall_Squid_Usage.html">Squid with Shorewall</ulink></para> </listitem> <listitem> <para><ulink url="Accounting.html">Traffic Accounting</ulink></para> </listitem> <listitem> <para><ulink url="traffic_shaping.htm">Traffic Shaping/QOS</ulink></para> </listitem> <listitem> <para><ulink url="troubleshoot.htm">Troubleshooting</ulink> (Things to try if it doesn't work)</para> </listitem> <listitem> <para><ulink url="User_defined_Actions.html">User-defined Actions</ulink></para> </listitem> <listitem> <para><ulink url="UserSets.html">UID/GID Based Rules</ulink></para> </listitem> <listitem> <para><ulink url="upgrade_issues.htm">Upgrade Issues</ulink></para> </listitem> <listitem> <para>VPN</para> <itemizedlist> <listitem> <para><ulink url="IPSEC.htm">IPSEC</ulink></para> </listitem> <listitem> <para><ulink url="IPIP.htm">GRE and IPIP</ulink></para> </listitem> <listitem> <para><ulink url="OPENVPN.html">OpenVPN</ulink></para> </listitem> <listitem> <para><ulink url="PPTP.htm">PPTP</ulink></para> </listitem> <listitem> <para><ulink url="6to4.htm">6to4</ulink></para> </listitem> <listitem> <para><ulink url="VPN.htm">IPSEC/PPTP passthrough from a system behind your firewall to a remote network</ulink></para> </listitem> <listitem> <para><ulink url="GenericTunnels.html">Other VPN types</ulink></para> </listitem> </itemizedlist> </listitem> <listitem> <para><ulink url="whitelisting_under_shorewall.htm">White List Creation</ulink></para> </listitem> </itemizedlist> </article>