2003-12-23 22:51:59 +01:00
|
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
|
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
|
|
|
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
|
|
|
|
<!-- $Id$ -->
|
|
|
|
|
<article id="usefull_links">
|
|
|
|
|
<articleinfo>
|
|
|
|
|
<title>Introduction</title>
|
|
|
|
|
|
|
|
|
|
<author>
|
|
|
|
|
<firstname>Tom</firstname>
|
|
|
|
|
|
|
|
|
|
<surname>Eastep</surname>
|
|
|
|
|
</author>
|
|
|
|
|
|
|
|
|
|
<pubdate>2003/12/23</pubdate>
|
|
|
|
|
|
|
|
|
|
<copyright>
|
|
|
|
|
<year>2003</year>
|
|
|
|
|
|
|
|
|
|
<holder>Thomas M. Eastep</holder>
|
|
|
|
|
</copyright>
|
|
|
|
|
|
|
|
|
|
<legalnotice>
|
|
|
|
|
<para>Permission is granted to copy, distribute and/or modify this
|
|
|
|
|
document under the terms of the GNU Free Documentation License, Version
|
|
|
|
|
1.2 or any later version published by the Free Software Foundation; with
|
|
|
|
|
no Invariant Sections, with no Front-Cover, and with no Back-Cover
|
|
|
|
|
Texts. A copy of the license is included in the section entitled
|
|
|
|
|
<quote><ulink type="" url="Copyright.htm">GNU Free Documentation License</ulink></quote>.</para>
|
|
|
|
|
</legalnotice>
|
|
|
|
|
</articleinfo>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<title>Introduction</title>
|
|
|
|
|
|
|
|
|
|
<para>The information in this document applies only to 1.4.x releases of
|
|
|
|
|
Shorewall.</para>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<title>Glossary</title>
|
|
|
|
|
|
|
|
|
|
<itemizedlist>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para><ulink url="http://www.netfilter.org">Netfilter</ulink> - the
|
2003-12-25 19:33:58 +01:00
|
|
|
packet filter facility built into the 2.4 and later Linux kernels.</para>
|
2003-12-23 22:51:59 +01:00
|
|
|
</listitem>
|
|
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>ipchains - the packet filter facility built into the 2.2 Linux
|
|
|
|
|
kernels. Also the name of the utility program used to configure and
|
|
|
|
|
control that facility. Netfilter can be used in ipchains
|
|
|
|
|
compatibility mode.</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>iptables - the utility program used to configure and control
|
2003-12-25 19:33:58 +01:00
|
|
|
Netfilter. The term <quote>iptables</quote> is often used to refer
|
|
|
|
|
to the combination of iptables+Netfilter (with Netfilter not in
|
|
|
|
|
ipchains compatibility mode).</para>
|
2003-12-23 22:51:59 +01:00
|
|
|
</listitem>
|
|
|
|
|
</itemizedlist>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<title>What is Shorewall?</title>
|
|
|
|
|
|
2003-12-25 19:33:58 +01:00
|
|
|
<para>The Shoreline Firewall, more commonly known as <quote>Shorewall</quote>,
|
|
|
|
|
is high-level tool for configuring Netfilter. You describe your
|
|
|
|
|
firewall/gateway requirements using entries in a set of configuration
|
|
|
|
|
files. Shorewall reads those configuration files and with the help of
|
|
|
|
|
the iptables utility, Shorewall configures Netfilter to match your
|
|
|
|
|
requirements. Shorewall can be used on a dedicated firewall system, a
|
|
|
|
|
multi-function gateway/router/server or on a standalone GNU/Linux
|
|
|
|
|
system. Shorewall does not use Netfilter's ipchains compatibility
|
|
|
|
|
mode and can thus take advantage of Netfilter's connection state
|
|
|
|
|
tracking capabilities.</para>
|
2003-12-23 22:51:59 +01:00
|
|
|
|
|
|
|
|
<para>Shorewall is not a daemon. Once Shorewall has configured
|
|
|
|
|
Netfilter, it's job is complete although the <ulink
|
|
|
|
|
url="starting_and_stopping_shorewall.htm">/sbin/shorewall program can be
|
|
|
|
|
used at any time to monitor the Netfilter firewall</ulink>.</para>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<title>Getting Started with Shorewall</title>
|
|
|
|
|
|
|
|
|
|
<para>New to Shorewall? Start by selecting the <ulink
|
|
|
|
|
url="shorewall_quickstart_guide.htm">QuickStart Guide</ulink> that most
|
|
|
|
|
closely match your environment and follow the step by step instructions.</para>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<title>Looking for Information?</title>
|
|
|
|
|
|
|
|
|
|
<para>The <ulink url="shorewall_quickstart_guide.htm#Documentation">Documentation
|
|
|
|
|
Index</ulink> is a good place to start.</para>
|
|
|
|
|
</section>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<title>License</title>
|
|
|
|
|
|
|
|
|
|
<para>This program is free software; you can redistribute it and/or modify
|
|
|
|
|
it under the terms of <ulink url="http://www.gnu.org/licenses/gpl.html">Version
|
|
|
|
|
2 of the GNU General Public License</ulink> as published by the Free
|
|
|
|
|
Software Foundation.</para>
|
|
|
|
|
|
|
|
|
|
<para>This program is distributed in the hope that it will be useful, but
|
|
|
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
|
|
|
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
|
|
for more detail.</para>
|
|
|
|
|
|
|
|
|
|
<para>You should have received a copy of the GNU General Public License
|
|
|
|
|
along with this program; if not, write to the Free Software Foundation,
|
|
|
|
|
Inc., 675 Mass Ave, Cambridge, MA 02139, USA</para>
|
|
|
|
|
</section>
|
|
|
|
|
</article>
|
