holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Add a little IPv6 Documentation

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9079 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-12-16 22:33:11 +00:00
parent 4889d5860c
commit 10335f52ce
3 changed files with 88 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
docs/Documentation_Index.xml
View File

@ -18,7 +18,7 @@
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
<copyright>
<year>2001-2007</year>
<year>2001-2008</year>
<holder>Thomas M. Eastep</holder>
</copyright>
@ -60,8 +60,8 @@
<entry><ulink url="PortKnocking.html#Limit">Limiting per-IPaddress
Connection Rate</ulink></entry>
<entry><ulink url="ScalabilityAndPerformance.html">Scalability and
Performance</ulink></entry>
<entry><ulink url="CompiledPrograms.html#Lite">Shorewall
Lite</ulink></entry>
</row>
<row>
@ -69,8 +69,8 @@
<entry><ulink url="shorewall_logging.html">Logging</ulink></entry>
<entry><ulink url="CompiledPrograms.html#Lite">Shorewall
Lite</ulink></entry>
<entry><ulink url="Modularization.html">Shorewall
Modularization</ulink></entry>
</row>
<row>
@ -78,8 +78,8 @@
<entry><ulink url="Macros.html">Macros</ulink></entry>
<entry><ulink url="Modularization.html">Shorewall
Modularization</ulink></entry>
<entry><ulink url="Shorewall-4.html">Shorewall 4.x</ulink> --
What's new</entry>
</row>
<row>
@ -89,8 +89,8 @@
<entry><ulink url="MAC_Validation.html">MAC
Verification</ulink></entry>
<entry><ulink url="Shorewall-4.html">Shorewall 4.x</ulink> --
What's new</entry>
<entry><ulink url="Shorewall-perl.html">Shorewall
Perl</ulink></entry>
</row>
<row>
@ -99,8 +99,8 @@
<entry><ulink url="Manpages.html">Man Pages</ulink></entry>
<entry><ulink url="Shorewall-perl.html">Shorewall
Perl</ulink></entry>
<entry><ulink url="shorewall_setup_guide.htm">Shorewall Setup
Guide</ulink></entry>
</row>
<row>
@ -110,8 +110,7 @@
<entry><ulink url="ManualChains.html">Manual
Chains</ulink></entry>
<entry><ulink url="shorewall_setup_guide.htm">Shorewall Setup
Guide</ulink></entry>
<entry><ulink url="samba.htm">SMB</ulink></entry>
</row>
<row>
@ -122,7 +121,9 @@
<entry><ulink
url="two-interface.htm#SNAT">Masquerading</ulink></entry>
<entry><ulink url="samba.htm">SMB</ulink></entry>
<entry><ulink url="two-interface.htm#SNAT">SNAT</ulink>
(<firstterm>Source Network Address
Translation</firstterm>)</entry>
</row>
<row>
@ -133,9 +134,8 @@
from a Single Firewall</ulink> (<ulink
url="MultiISP_ru.html">Russian</ulink>)</entry>
<entry><ulink url="two-interface.htm#SNAT">SNAT</ulink>
(<firstterm>Source Network Address
Translation</firstterm>)</entry>
<entry><ulink url="SplitDNS.html">Split DNS the Easy
Way</ulink></entry>
</row>
<row>
@ -145,8 +145,8 @@
<entry><ulink url="Multiple_Zones.html">Multiple Zones Through One
Interface</ulink></entry>
<entry><ulink url="SplitDNS.html">Split DNS the Easy
Way</ulink></entry>
<entry><ulink url="Shorewall_Squid_Usage.html">Squid with
Shorewall</ulink></entry>
</row>
<row>
@ -156,8 +156,9 @@
<entry><ulink url="XenMyWay-Routed.html">My Shorewall
Configuration</ulink></entry>
<entry><ulink url="Shorewall_Squid_Usage.html">Squid with
Shorewall</ulink></entry>
<entry><ulink
url="starting_and_stopping_shorewall.htm">Starting/stopping the
Firewall</ulink></entry>
</row>
<row>
@ -167,9 +168,8 @@
<entry><ulink url="NetfilterOverview.html">Netfilter
Overview</ulink></entry>
<entry><ulink
url="starting_and_stopping_shorewall.htm">Starting/stopping the
Firewall</ulink></entry>
<entry><ulink url="NAT.htm">Static (one-to-one)
NAT</ulink></entry>
</row>
<row>
@ -178,8 +178,7 @@
<entry><ulink url="netmap.html">Network Mapping</ulink></entry>
<entry><ulink url="NAT.htm">Static (one-to-one)
NAT</ulink></entry>
<entry><ulink url="support.htm">Support</ulink></entry>
</row>
<row>
@ -188,7 +187,8 @@
<entry><ulink url="NAT.htm">One-to-one NAT</ulink> (Static
NAT)</entry>
<entry><ulink url="support.htm">Support</ulink></entry>
<entry><ulink url="Accounting.html">Traffic
Accounting</ulink></entry>
</row>
<row>
@ -199,8 +199,9 @@
<entry><ulink url="Multiple_Zones.html"><ulink
url="OPENVPN.html">OpenVPN</ulink></ulink></entry>
<entry><ulink url="Accounting.html">Traffic
Accounting</ulink></entry>
<entry><ulink url="traffic_shaping.htm">Traffic
Shaping/QOS</ulink> (<ulink
url="traffic_shaping_ru.html">Russian</ulink>)</entry>
</row>
<row>
@ -210,9 +211,8 @@
<entry><ulink url="starting_and_stopping_shorewall.htm">Operating
Shorewall</ulink></entry>
<entry><ulink url="traffic_shaping.htm">Traffic
Shaping/QOS</ulink> (<ulink
url="traffic_shaping_ru.html">Russian</ulink>)</entry>
<entry><ulink url="Shorewall_Squid_Usage.html">Transparent
Proxy</ulink></entry>
</row>
<row>
@ -223,8 +223,7 @@
<entry><ulink url="PacketMarking.html">Packet
Marking</ulink></entry>
<entry><ulink url="Shorewall_Squid_Usage.html">Transparent
Proxy</ulink></entry>
<entry><ulink url="UPnP.html">UPnP</ulink></entry>
</row>
<row>
@ -234,7 +233,8 @@
<entry><ulink url="PacketHandling.html">Packet Processing in a
Shorewall-based Firewall</ulink></entry>
<entry><ulink url="UPnP.html">UPnP</ulink></entry>
<entry><ulink url="upgrade_issues.htm">Upgrade
Issues</ulink></entry>
</row>
<row>
@ -242,8 +242,7 @@
<entry><ulink url="ping.html">'Ping' Management</ulink></entry>
<entry><ulink url="upgrade_issues.htm">Upgrade
Issues</ulink></entry>
<entry><ulink url="VPNBasics.html">VPN</ulink></entry>
</row>
<row>
@ -253,7 +252,7 @@
<entry><ulink url="two-interface.htm#DNAT">Port
Forwarding</ulink></entry>
<entry><ulink url="VPNBasics.html">VPN</ulink></entry>
<entry><ulink url="VPN.htm">VPN Passthrough</ulink></entry>
</row>
<row>
@ -262,7 +261,8 @@
<entry><ulink url="ports.htm">Port Information</ulink></entry>
<entry><ulink url="VPN.htm">VPN Passthrough</ulink></entry>
<entry><ulink url="whitelisting_under_shorewall.htm">White List
Creation</ulink></entry>
</row>
<row>
@ -271,8 +271,8 @@
<entry><ulink url="PortKnocking.html">Port Knocking and Other Uses
of the 'Recent Match'</ulink></entry>
<entry><ulink url="whitelisting_under_shorewall.htm">White List
Creation</ulink></entry>
<entry><ulink url="XenMyWay.html">Xen - Shorewall in a Bridged Xen
DomU</ulink></entry>
</row>
<row>
@ -281,8 +281,8 @@
<entry><ulink url="PPTP.htm">PPTP</ulink></entry>
<entry><ulink url="XenMyWay.html">Xen - Shorewall in a Bridged Xen
DomU</ulink></entry>
<entry><ulink url="XenMyWay-Routed.html">Xen - Shorewall in Routed
Xen Dom0</ulink></entry>
</row>
<row>
@ -291,8 +291,7 @@
<entry><ulink url="ProxyARP.htm">Proxy ARP</ulink></entry>
<entry><ulink url="XenMyWay-Routed.html">Xen - Shorewall in Routed
Xen Dom0</ulink></entry>
<entry></entry>
</row>
<row>
@ -324,8 +323,7 @@
</row>
<row>
<entry><ulink url="Shorewall_and_Kazaa.html">Kazaa
Filtering</ulink></entry>
<entry><ulink url="IPv6Support.html">IPv6 Support</ulink></entry>
<entry><ulink url="Shorewall_and_Routing.html">Routing and
Shorewall</ulink></entry>
@ -334,8 +332,8 @@
</row>
<row>
<entry><ulink url="kernel.htm">Kernel
Configuration</ulink></entry>
<entry><ulink url="Shorewall_and_Kazaa.html">Kazaa
Filtering</ulink></entry>
<entry><ulink url="Multiple_Zones.html">Routing on One
Interface</ulink></entry>
@ -343,11 +341,21 @@
<entry></entry>
</row>
<row>
<entry><ulink url="kernel.htm">Kernel
Configuration</ulink></entry>
<entry><ulink url="samba.htm">Samba</ulink></entry>
<entry></entry>
</row>
<row>
<entry><ulink url="KVM.html">KVM (Kernel-mode Virtual
Machine)</ulink></entry>
<entry><ulink url="samba.htm">Samba</ulink></entry>
<entry><ulink url="ScalabilityAndPerformance.html">Scalability and
Performance</ulink></entry>
<entry></entry>
</row>
@ -355,4 +363,4 @@
</tgroup>
</informaltable>
</section>
</article>
</article>

8
docs/FAQ.xml
View File

@ -2176,6 +2176,14 @@ We have an error talking to the kernel
url="http://linuxman.wikispaces.com/Clustering+Shorewall">This article
by Paul Gear</ulink> should help you get started.</para>
</section>
<section id="faq80">
<title>(FAQ 80) Does Shorewall support IPV6?</title>
<para>Answer: <ulink url="IPv6Support.html">Shorewall IPv6
support</ulink> is currently available in the <ulink
url="ReleaseModel.html">development releases</ulink>.</para>
</section>
</section>
<section id="RFC1918">

42
docs/IPv6Support.xml
View File

@ -108,37 +108,37 @@
<filename>/etc/shorewall/shorewall.conf</filename>. When configuring
Shorewall6, you will want to set DISABLE_IPV6=No and restart Shorewall
or Shorewall-lite.</para>
</section>
<section>
<title>TC_ENABLED</title>
<section>
<title>TC_ENABLED</title>
<para>The other area where their configurations overlap is in
traffic shaping; the <filename>tcdevices</filename> and tcclasses
files do exactly the same thing in both Shorewall and Shorewall6.
Consequently, you will have TC_ENABLED=Internal in Shorewall or in
Shorewall6 and TC_ENABLED=No in the other product. Also, you will
want CLEAR_TC=No in the configuration with TC_ENABLED=No.</para>
<para>The other area where their configurations overlap is in traffic
shaping; the <filename>tcdevices</filename> and tcclasses files do
exactly the same thing in both Shorewall and Shorewall6. Consequently,
you will have TC_ENABLED=Internal in Shorewall or in Shorewall6 and
TC_ENABLED=No in the other product. Also, you will want CLEAR_TC=No in
the configuration with TC_ENABLED=No.</para>
<para>Regardless of which product has TC_ENABLED=Internal:</para>
<para>Regardless of which product has TC_ENABLED=Internal:</para>
<itemizedlist>
<listitem>
<para>IPv4 packet marking is controlled by
/etc/shorewall/tcrules</para>
</listitem>
<itemizedlist>
<listitem>
<para>IPv4 packet marking is controlled by
/etc/shorewall/tcrules</para>
</listitem>
<listitem>
<para>IPv6 packet marking is controlled by
/etc/shorewall6/tcrules</para>
</listitem>
</itemizedlist>
</section>
<listitem>
<para>IPv6 packet marking is controlled by
/etc/shorewall6/tcrules</para>
</listitem>
</itemizedlist>
</section>
</section>
</section>
<section>
<title>Shorewall6 Differences from Shoreawall</title>
<title>Shorewall6 Differences from Shorewall</title>
<para>Configuring Shorewall6 is very similar to configuring Shorewall with
some notable exceptions:</para>