shorewall_code/Shorewall-docs2/Documentation_Index.xml

714 lines
20 KiB
XML
Raw Normal View History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<article>
<!--$Id$-->
<articleinfo>
<title>Shorewall 3.x Documentation</title>
<authorgroup>
<author>
<firstname>Tom</firstname>
<surname>Eastep</surname>
</author>
</authorgroup>
<pubdate>2005-10-17</pubdate>
<copyright>
<year>2001-2005</year>
<holder>Thomas M. Eastep</holder>
</copyright>
<edition>2.4.0</edition>
<legalnotice>
<para>Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation
License</ulink></quote>.</para>
</legalnotice>
</articleinfo>
<caution>
<para><emphasis role="bold">This article applies to Shorewall 3.0 and
later. If you are running a version of Shorewall earlier than Shorewall
3.0.0 then please see the documentation for that
release.</emphasis></para>
</caution>
<note>
<para>The complete Shorewall Documentation is <ulink
url="http://www.shorewall.net/download.htm">available for download</ulink>
in both Docbook XML and HTML formats.</para>
</note>
<para>If you are new to Shorewall, please read these two articles
first.</para>
<itemizedlist>
<listitem>
<para><ulink url="Introduction.html">Introduction to
Shorewall</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_quickstart_guide.htm">QuickStart Guides
(HOWTOS)</ulink></para>
</listitem>
</itemizedlist>
<para>The following article is also recommended reading for
newcomers.</para>
<itemizedlist>
<listitem>
<para><ulink url="configuration_file_basics.htm">Configuration File
Basics</ulink><itemizedlist>
<listitem>
<para><ulink url="configuration_file_basics.htm#Comments">Comments
in configuration files</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#Continuation">Line
Continuation</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#INCLUDE">INCLUDE
Directive</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#Ports">Port
Numbers/Service Names</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#Ranges">Port
Ranges</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#Variables">Using
Shell Variables</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#dnsnames">Using
DNS Names</ulink></para>
</listitem>
<listitem>
<para><ulink
url="configuration_file_basics.htm#Compliment">Complementing an IP
address or Subnet</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#IPRanges">IP
Address Ranges</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#Levels">Shorewall
Configurations (making a test configuration)</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#MAC">Using MAC
Addresses in Shorewall</ulink></para>
</listitem>
</itemizedlist></para>
</listitem>
</itemizedlist>
<para>The remainder of the Documentation supplements the QuickStart Guides.
Please review the appropriate guide before trying to use this documentation
directly.</para>
<caution>
<para>Are you running Shorewall on <ulink
url="http://www.mandrakesoft.com"><trademark>Mandrake</trademark>
Linux</ulink> with a two-interface setup?</para>
<para>If so and if you configured your system while running a Mandrake
release earlier than 10.0 final then this documentation will not apply
directly to your environment. If you want to use the documentation that
you find here, you will want to consider uninstalling what you have and
installing a configuration that matches this documentation. See the <ulink
url="two-interface.htm">Two-interface QuickStart Guide</ulink> for
details.</para>
</caution>
<orderedlist>
<listitem>
<para><ulink url="Kernel2.6.html">2.6 Kernel</ulink></para>
</listitem>
<listitem>
<para><ulink url="Accounting.html">Accounting</ulink></para>
</listitem>
<listitem>
<para><ulink url="Actions.html">Actions</ulink></para>
</listitem>
<listitem>
<para><ulink url="Shorewall_and_Aliased_Interfaces.html">Aliased
(virtual) Interfaces (e.g., eth0:0)</ulink></para>
</listitem>
<listitem>
<para><ulink url="traffic_shaping.htm">Bandwidth Control</ulink></para>
</listitem>
<listitem>
<para><ulink url="blacklisting_support.htm">Blacklisting</ulink></para>
<itemizedlist>
<listitem>
<para>Static Blacklisting using /etc/shorewall/blacklist</para>
</listitem>
<listitem>
<para>Dynamic Blacklisting using /sbin/shorewall</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><ulink url="bridge.html">Bridge/Firewall</ulink></para>
</listitem>
<listitem>
<para><ulink url="starting_and_stopping_shorewall.htm">Commands</ulink>
(Description of all /sbin/shorewall commands)</para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm">Configuration File Reference Manual
</ulink><itemizedlist>
<listitem>
<para><ulink
url="Documentation.htm#Variables">params</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#Zones">zones</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#Interfaces">interfaces</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#Hosts">hosts</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#Policy">policy</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Shorewall_and_Routing.html">providers</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#Rules">rules</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#Masq">masq</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#ProxyArp">proxyarp</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#NAT">nat</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#Tunnels">tunnels</ulink></para>
</listitem>
<listitem>
<para><ulink
url="traffic_shaping.htm#tcrules">tcrules</ulink></para>
</listitem>
<listitem>
<para><ulink
url="traffic_shaping.htm#tcclasses">tcclasses</ulink></para>
</listitem>
<listitem>
<para><ulink
url="traffic_shaping.htm#tcdevices">tcdevices</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#Conf">shorewall.conf</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#modules">modules</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#TOS">tos</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#Blacklist">blacklist</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#rfc1918">rfc1918</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#Routestopped">routestopped</ulink></para>
</listitem>
<listitem>
<para><ulink url="Accounting.html">accounting</ulink></para>
</listitem>
<listitem>
<para><ulink url="UserSets.html">usersets and users</ulink></para>
</listitem>
<listitem>
<para><ulink url="MAC_Validation.html">maclist</ulink></para>
</listitem>
<listitem>
<para><ulink url="Actions.html">actions and
action.template</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#Netmap">netmap</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#Ipsec">ipsec</ulink></para>
</listitem>
</itemizedlist></para>
</listitem>
<listitem>
<para><ulink url="CorpNetwork.htm">Corporate Network Example</ulink>
(Contributed by a Graeme Boyle)</para>
</listitem>
<listitem>
<para><ulink url="dhcp.htm">DHCP</ulink></para>
</listitem>
<listitem>
<para><ulink url="ECN.html">ECN Disabling by host or
subnet</ulink></para>
</listitem>
<listitem>
<para><ulink url="ErrorMessages.html">Error Messages</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_extension_scripts.htm">Extension
Scripts</ulink> (How to extend Shorewall without modifying Shorewall
code through the use of files in /etc/shorewall -- /etc/shorewall/start,
/etc/shorewall/stopped, etc.)</para>
</listitem>
<listitem>
<para><ulink url="fallback.htm">Fallback/Uninstall</ulink></para>
</listitem>
<listitem>
<para><ulink url="FAQ.htm">FAQs</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_features.htm">Features</ulink></para>
</listitem>
<listitem>
<para><ulink url="Multiple_Zones.html">Forwarding Traffic on the Same
Interface</ulink></para>
</listitem>
<listitem>
<para><ulink url="FTP.html">FTP and Shorewall</ulink></para>
</listitem>
<listitem>
<para><ulink url="support.htm">Getting help or answers to
questions</ulink></para>
</listitem>
<listitem>
<para><ulink url="Install.htm">Installation/Upgrade</ulink></para>
</listitem>
<listitem>
<para><ulink url="IPP2P.html">IPP2P</ulink></para>
</listitem>
<listitem>
<para><ulink url="IPSEC.htm">IPSEC</ulink></para>
</listitem>
<listitem>
<para><ulink url="IPSEC-2.6.html">IPSEC using Kernel 2.6 and Shorewall
2.1 or Later</ulink>.</para>
</listitem>
<listitem>
<para><ulink url="ipsets.html">Ipsets</ulink></para>
</listitem>
<listitem>
<para><ulink url="Shorewall_and_Kazaa.html">Kazaa
Filtering</ulink></para>
</listitem>
<listitem>
<para><ulink url="kernel.htm">Kernel Configuration</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_logging.html">Logging</ulink></para>
</listitem>
<listitem>
<para><ulink url="Macros.html">Macros</ulink></para>
</listitem>
<listitem>
<para><ulink url="MAC_Validation.html">MAC Verification</ulink></para>
</listitem>
<listitem>
<para><ulink url="Multiple_Zones.html">Multiple Zones Through One
Interface</ulink></para>
</listitem>
<listitem>
<para><ulink url="myfiles.htm">My Shorewall Configuration</ulink> (How I
personally use Shorewall)</para>
</listitem>
<listitem>
<para><ulink url="NetfilterOverview.html">Netfilter
Overview</ulink></para>
</listitem>
<listitem>
<para><ulink url="netmap.html">Network Mapping</ulink></para>
</listitem>
<listitem>
<para><ulink url="NAT.htm">One-to-one NAT</ulink> (Static NAT)</para>
</listitem>
<listitem>
<para><ulink url="OPENVPN.html">OpenVPN</ulink></para>
</listitem>
<listitem>
<para><ulink url="starting_and_stopping_shorewall.htm">Operating
Shorewall</ulink></para>
</listitem>
<listitem>
<para><ulink url="PacketHandling.html">Packet Processing in a
Shorewall-based Firewall</ulink></para>
</listitem>
<listitem>
<para><ulink url="ping.html">'Ping' Management</ulink></para>
</listitem>
<listitem>
<para><ulink url="ports.htm">Port Information</ulink></para>
<itemizedlist>
<listitem>
<para>Which applications use which ports</para>
</listitem>
<listitem>
<para>Ports used by Trojans</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><ulink url="PortKnocking.html">Port Knocking</ulink></para>
</listitem>
<listitem>
<para><ulink url="PPTP.htm">PPTP</ulink></para>
</listitem>
<listitem>
<para><ulink url="ProxyARP.htm">Proxy ARP</ulink></para>
</listitem>
<listitem>
<para><ulink url="ReleaseModel.html">Release Model</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_prerequisites.htm">Requirements</ulink></para>
</listitem>
<listitem>
<para><ulink url="Shorewall_and_Routing.html">Routing and
Shorewall</ulink></para>
</listitem>
<listitem>
<para><ulink url="Multiple_Zones.html">Routing on One
Interface</ulink></para>
</listitem>
<listitem>
<para><ulink url="samba.htm">Samba</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_setup_guide.htm">Shorewall Setup
Guide</ulink><itemizedlist>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#Introduction">Introduction</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_setup_guide.htm#Concepts">Shorewall
Concepts</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_setup_guide.htm#Interfaces">Network
Interfaces</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#Addressing">Addressing, Subnets and
Routing</ulink></para>
<itemizedlist>
<listitem>
<para><ulink url="shorewall_setup_guide.htm#Addresses">IP
Addresses</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#Subnets">Subnets</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#Routing">Routing</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_setup_guide.htm#ARP">Address
Resolution Protocol (ARP)</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_setup_guide.htm#RFC1918">RFC
1918</ulink></para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><ulink url="shorewall_setup_guide.htm#Options">Setting up
your Network</ulink></para>
<itemizedlist>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#Routed">Routed</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#NonRouted">Non-routed</ulink></para>
<itemizedlist>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#SNAT">SNAT</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#DNAT">DNAT</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#ProxyARP">Proxy
ARP</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#NAT">One-to-one
NAT</ulink></para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#Rules">Rules</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_setup_guide.htm#OddsAndEnds">Odds
and Ends</ulink></para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#DNS">DNS</ulink></para>
</listitem>
<listitem>
<para><ulink url="starting_and_stopping_shorewall.htm">Starting
and Stopping the Firewall</ulink></para>
</listitem>
</itemizedlist></para>
</listitem>
<listitem>
<para><ulink url="samba.htm">SMB</ulink></para>
</listitem>
<listitem>
<para><ulink url="starting_and_stopping_shorewall.htm">Starting/stopping
the Firewall</ulink><itemizedlist>
<listitem>
<para>Description of all /sbin/shorewall commands</para>
</listitem>
<listitem>
<para>How to safely test a Shorewall configuration change</para>
</listitem>
</itemizedlist></para>
</listitem>
<listitem>
<para><ulink url="Shorewall_Squid_Usage.html">Squid with
Shorewall</ulink></para>
</listitem>
<listitem>
<para><ulink url="NAT.htm">Static (one-to-one) NAT</ulink></para>
</listitem>
<listitem>
<para><ulink url="Accounting.html">Traffic Accounting</ulink></para>
</listitem>
<listitem>
<para><ulink url="traffic_shaping.htm">Traffic
Shaping/QOS</ulink></para>
</listitem>
<listitem>
<para><ulink url="troubleshoot.htm">Troubleshooting</ulink> (Things to
try if it doesn't work)</para>
</listitem>
<listitem>
<para><ulink url="UserSets.html">UID/GID Based Rules</ulink></para>
</listitem>
<listitem>
<para><ulink url="UPnP.html">UPnP</ulink></para>
</listitem>
<listitem>
<para><ulink url="upgrade_issues.htm">Upgrade Issues</ulink></para>
</listitem>
<listitem>
<para>VPN</para>
<itemizedlist>
<listitem>
<para><ulink url="VPNBasics.html">Basics</ulink></para>
</listitem>
<listitem>
<para><ulink url="IPSEC.htm">IPSEC</ulink></para>
</listitem>
<listitem>
<para><ulink url="IPIP.htm">GRE and IPIP</ulink></para>
</listitem>
<listitem>
<para><ulink url="OPENVPN.html">OpenVPN (My personal
choice)</ulink></para>
</listitem>
<listitem>
<para><ulink url="PPTP.htm">PPTP</ulink></para>
</listitem>
<listitem>
<para><ulink url="6to4.htm">6to4</ulink></para>
</listitem>
<listitem>
<para><ulink url="VPN.htm">IPSEC/PPTP passthrough from a system
behind your firewall to a remote network</ulink></para>
</listitem>
<listitem>
<para><ulink url="GenericTunnels.html">Other VPN
types</ulink></para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><ulink url="whitelisting_under_shorewall.htm">White List
Creation</ulink></para>
</listitem>
</orderedlist>
</article>