shorewall_code/Shorewall-docs2/Documentation_Index.xml

725 lines
20 KiB
XML
Raw Normal View History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<article>
<!--$Id$-->
<articleinfo>
<title>Shorewall 3.x Documentation</title>
<authorgroup>
<author>
<firstname>Tom</firstname>
<surname>Eastep</surname>
</author>
</authorgroup>
<pubdate>2005-11-18</pubdate>
<copyright>
<year>2001-2005</year>
<holder>Thomas M. Eastep</holder>
</copyright>
<edition>3.0.0</edition>
<legalnotice>
<para>Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation
License</ulink></quote>.</para>
</legalnotice>
</articleinfo>
<caution>
<para><emphasis role="bold">This article applies to Shorewall 3.0 and
later. If you are running a version of Shorewall earlier than Shorewall
3.0.0 then please see the documentation for that
release.</emphasis></para>
</caution>
<note>
<para>The complete Shorewall Documentation is <ulink
url="http://www.shorewall.net/download.htm">available for download</ulink>
in both Docbook XML and HTML formats.</para>
</note>
<para>Frequently asked questions:</para>
<itemizedlist>
<listitem>
<para><ulink url="FAQ.htm">FAQs</ulink></para>
</listitem>
</itemizedlist>
<para>If you are new to Shorewall, please read these two articles
first.</para>
<itemizedlist>
<listitem>
<para><ulink url="Introduction.html">Introduction to
Shorewall</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_quickstart_guide.htm">QuickStart Guides
(HOWTOS)</ulink></para>
</listitem>
</itemizedlist>
<para>The following article is also recommended reading for
newcomers.</para>
<itemizedlist>
<listitem>
<para><ulink url="configuration_file_basics.htm">Configuration File
Basics</ulink><itemizedlist>
<listitem>
<para><ulink url="configuration_file_basics.htm#Comments">Comments
in configuration files</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#Continuation">Line
Continuation</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#INCLUDE">INCLUDE
Directive</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#Ports">Port
Numbers/Service Names</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#Ranges">Port
Ranges</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#Variables">Using
Shell Variables</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#dnsnames">Using
DNS Names</ulink></para>
</listitem>
<listitem>
<para><ulink
url="configuration_file_basics.htm#Compliment">Complementing an IP
address or Subnet</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#IPRanges">IP
Address Ranges</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#Levels">Shorewall
Configurations (making a test configuration)</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#MAC">Using MAC
Addresses in Shorewall</ulink></para>
</listitem>
</itemizedlist></para>
</listitem>
</itemizedlist>
<para>The remainder of the Documentation supplements the QuickStart Guides.
Please review the appropriate guide before trying to use this documentation
directly.</para>
<orderedlist>
<listitem>
<para><ulink url="Kernel2.6.html">2.6 Kernel</ulink></para>
</listitem>
<listitem>
<para><ulink url="Accounting.html">Accounting</ulink></para>
</listitem>
<listitem>
<para><ulink url="Actions.html">Actions</ulink></para>
</listitem>
<listitem>
<para><ulink url="Shorewall_and_Aliased_Interfaces.html">Aliased
(virtual) Interfaces (e.g., eth0:0)</ulink></para>
</listitem>
<listitem>
<para><ulink url="traffic_shaping.htm">Bandwidth Control</ulink></para>
</listitem>
<listitem>
<para><ulink url="blacklisting_support.htm">Blacklisting</ulink></para>
<itemizedlist>
<listitem>
<para>Static Blacklisting using /etc/shorewall/blacklist</para>
</listitem>
<listitem>
<para>Dynamic Blacklisting using /sbin/shorewall</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Bridging</para>
<itemizedlist>
<listitem>
<para><ulink url="bridge.html">Bridge/Firewall (control traffic
through the bridge)</ulink></para>
</listitem>
<listitem>
<para><ulink url="SimpleBridge.html">Simple Bridge (don't need to
control traffic through the bridge)</ulink></para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><ulink url="starting_and_stopping_shorewall.htm">Commands</ulink>
(Description of all /sbin/shorewall commands)</para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm">Configuration File Reference Manual
</ulink><itemizedlist>
<listitem>
<para><ulink
url="Documentation.htm#Variables">params</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#Zones">zones</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#Interfaces">interfaces</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#Hosts">hosts</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#Policy">policy</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Shorewall_and_Routing.html">providers</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#Rules">rules</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#Masq">masq</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#ProxyArp">proxyarp</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#NAT">nat</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#Tunnels">tunnels</ulink></para>
</listitem>
<listitem>
<para><ulink
url="traffic_shaping.htm#tcrules">tcrules</ulink></para>
</listitem>
<listitem>
<para><ulink
url="traffic_shaping.htm#tcclasses">tcclasses</ulink></para>
</listitem>
<listitem>
<para><ulink
url="traffic_shaping.htm#tcdevices">tcdevices</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#Conf">shorewall.conf</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#modules">modules</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#TOS">tos</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#Blacklist">blacklist</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#rfc1918">rfc1918</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#Routestopped">routestopped</ulink></para>
</listitem>
<listitem>
<para><ulink url="Accounting.html">accounting</ulink></para>
</listitem>
<listitem>
<para><ulink url="UserSets.html">usersets and users</ulink></para>
</listitem>
<listitem>
<para><ulink url="MAC_Validation.html">maclist</ulink></para>
</listitem>
<listitem>
<para><ulink url="Actions.html">actions and
action.template</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#Netmap">netmap</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#Ipsec">ipsec</ulink></para>
</listitem>
</itemizedlist></para>
</listitem>
<listitem>
<para><ulink url="CorpNetwork.htm">Corporate Network Example</ulink>
(Contributed by a Graeme Boyle)</para>
</listitem>
<listitem>
<para><ulink url="dhcp.htm">DHCP</ulink></para>
</listitem>
<listitem>
<para><ulink url="ECN.html">ECN Disabling by host or
subnet</ulink></para>
</listitem>
<listitem>
<para><ulink url="ErrorMessages.html">Error Messages</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_extension_scripts.htm">Extension
Scripts</ulink> (How to extend Shorewall without modifying Shorewall
code through the use of files in /etc/shorewall -- /etc/shorewall/start,
/etc/shorewall/stopped, etc.)</para>
</listitem>
<listitem>
<para><ulink url="fallback.htm">Fallback/Uninstall</ulink></para>
</listitem>
<listitem>
<para><ulink url="FAQ.htm">FAQs</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_features.htm">Features</ulink></para>
</listitem>
<listitem>
<para><ulink url="Multiple_Zones.html">Forwarding Traffic on the Same
Interface</ulink></para>
</listitem>
<listitem>
<para><ulink url="FTP.html">FTP and Shorewall</ulink></para>
</listitem>
<listitem>
<para><ulink url="support.htm">Getting help or answers to
questions</ulink></para>
</listitem>
<listitem>
<para><ulink url="Install.htm">Installation/Upgrade</ulink></para>
</listitem>
<listitem>
<para><ulink url="IPP2P.html">IPP2P</ulink></para>
</listitem>
<listitem>
<para><ulink url="IPSEC.htm">IPSEC</ulink></para>
</listitem>
<listitem>
<para><ulink url="IPSEC-2.6.html">IPSEC using Kernel 2.6 and Shorewall
2.1 or Later</ulink>.</para>
</listitem>
<listitem>
<para><ulink url="ipsets.html">Ipsets</ulink></para>
</listitem>
<listitem>
<para><ulink url="Shorewall_and_Kazaa.html">Kazaa
Filtering</ulink></para>
</listitem>
<listitem>
<para><ulink url="kernel.htm">Kernel Configuration</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_logging.html">Logging</ulink></para>
</listitem>
<listitem>
<para><ulink url="Macros.html">Macros</ulink></para>
</listitem>
<listitem>
<para><ulink url="MAC_Validation.html">MAC Verification</ulink></para>
</listitem>
<listitem>
<para><ulink url="MultiISP.html">Multiple Internet Connections from a
Single Firewall</ulink></para>
</listitem>
<listitem>
<para><ulink url="Multiple_Zones.html">Multiple Zones Through One
Interface</ulink></para>
</listitem>
<listitem>
<para><ulink url="myfiles.htm">My Shorewall Configuration</ulink> (How I
personally use Shorewall)</para>
</listitem>
<listitem>
<para><ulink url="NetfilterOverview.html">Netfilter
Overview</ulink></para>
</listitem>
<listitem>
<para><ulink url="netmap.html">Network Mapping</ulink></para>
</listitem>
<listitem>
<para><ulink url="NAT.htm">One-to-one NAT</ulink> (Static NAT)</para>
</listitem>
<listitem>
<para><ulink url="OPENVPN.html">OpenVPN</ulink></para>
</listitem>
<listitem>
<para><ulink url="starting_and_stopping_shorewall.htm">Operating
Shorewall</ulink></para>
</listitem>
<listitem>
<para><ulink url="PacketHandling.html">Packet Processing in a
Shorewall-based Firewall</ulink></para>
</listitem>
<listitem>
<para><ulink url="ping.html">'Ping' Management</ulink></para>
</listitem>
<listitem>
<para><ulink url="ports.htm">Port Information</ulink></para>
<itemizedlist>
<listitem>
<para>Which applications use which ports</para>
</listitem>
<listitem>
<para>Ports used by Trojans</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><ulink url="PortKnocking.html">Port Knocking</ulink></para>
</listitem>
<listitem>
<para><ulink url="PPTP.htm">PPTP</ulink></para>
</listitem>
<listitem>
<para><ulink url="ProxyARP.htm">Proxy ARP</ulink></para>
</listitem>
<listitem>
<para><ulink url="ReleaseModel.html">Release Model</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_prerequisites.htm">Requirements</ulink></para>
</listitem>
<listitem>
<para><ulink url="Shorewall_and_Routing.html">Routing and
Shorewall</ulink></para>
</listitem>
<listitem>
<para><ulink url="Multiple_Zones.html">Routing on One
Interface</ulink></para>
</listitem>
<listitem>
<para><ulink url="samba.htm">Samba</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_setup_guide.htm">Shorewall Setup
Guide</ulink><itemizedlist>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#Introduction">Introduction</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_setup_guide.htm#Concepts">Shorewall
Concepts</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_setup_guide.htm#Interfaces">Network
Interfaces</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#Addressing">Addressing, Subnets and
Routing</ulink></para>
<itemizedlist>
<listitem>
<para><ulink url="shorewall_setup_guide.htm#Addresses">IP
Addresses</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#Subnets">Subnets</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#Routing">Routing</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_setup_guide.htm#ARP">Address
Resolution Protocol (ARP)</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_setup_guide.htm#RFC1918">RFC
1918</ulink></para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><ulink url="shorewall_setup_guide.htm#Options">Setting up
your Network</ulink></para>
<itemizedlist>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#Routed">Routed</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#NonRouted">Non-routed</ulink></para>
<itemizedlist>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#SNAT">SNAT</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#DNAT">DNAT</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#ProxyARP">Proxy
ARP</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#NAT">One-to-one
NAT</ulink></para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#Rules">Rules</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_setup_guide.htm#OddsAndEnds">Odds
and Ends</ulink></para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#DNS">DNS</ulink></para>
</listitem>
<listitem>
<para><ulink url="starting_and_stopping_shorewall.htm">Starting
and Stopping the Firewall</ulink></para>
</listitem>
</itemizedlist></para>
</listitem>
<listitem>
<para><ulink url="samba.htm">SMB</ulink></para>
</listitem>
<listitem>
<para><ulink url="Shorewall_Squid_Usage.html">Squid with
Shorewall</ulink></para>
</listitem>
<listitem>
<para><ulink url="starting_and_stopping_shorewall.htm">Starting/stopping
the Firewall</ulink><itemizedlist>
<listitem>
<para>Description of all /sbin/shorewall commands</para>
</listitem>
<listitem>
<para>How to safely test a Shorewall configuration change</para>
</listitem>
</itemizedlist></para>
</listitem>
<listitem>
<para><ulink url="NAT.htm">Static (one-to-one) NAT</ulink></para>
</listitem>
<listitem>
<para><ulink url="support.htm">Support</ulink></para>
</listitem>
<listitem>
<para><ulink url="Accounting.html">Traffic Accounting</ulink></para>
</listitem>
<listitem>
<para><ulink url="traffic_shaping.htm">Traffic
Shaping/QOS</ulink></para>
</listitem>
<listitem>
<para><ulink url="troubleshoot.htm">Troubleshooting</ulink> (Things to
try if it doesn't work)</para>
</listitem>
<listitem>
<para><ulink url="UPnP.html">UPnP</ulink></para>
</listitem>
<listitem>
<para><ulink url="upgrade_issues.htm">Upgrade Issues</ulink></para>
</listitem>
<listitem>
<para>VPN</para>
<itemizedlist>
<listitem>
<para><ulink url="VPNBasics.html">Basics</ulink></para>
</listitem>
<listitem>
<para><ulink url="IPSEC.htm">IPSEC</ulink></para>
</listitem>
<listitem>
<para><ulink url="IPIP.htm">GRE and IPIP</ulink></para>
</listitem>
<listitem>
<para><ulink url="OPENVPN.html">OpenVPN (My personal
choice)</ulink></para>
</listitem>
<listitem>
<para><ulink url="PPTP.htm">PPTP</ulink></para>
</listitem>
<listitem>
<para><ulink url="6to4.htm">6to4</ulink></para>
</listitem>
<listitem>
<para><ulink url="VPN.htm">IPSEC/PPTP passthrough from a system
behind your firewall to a remote network</ulink></para>
</listitem>
<listitem>
<para><ulink url="GenericTunnels.html">Other VPN
types</ulink></para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><ulink url="whitelisting_under_shorewall.htm">White List
Creation</ulink></para>
</listitem>
</orderedlist>
</article>