diff --git a/docs/FAQ.xml b/docs/FAQ.xml
index 4ede4eb11..83bbe0d9c 100644
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@@ -1927,12 +1927,15 @@ Dec 15 16:47:30 heath-desktop last message repeated 2 times
stop, I can't connect to anything. Why doesn't that command
work?
- Answer: The
- stop
command is intended to place your
- firewall into a safe state whereby only those hosts listed in
- /etc/shorewall/routestopped are allowed. If you
- want to totally open up your firewall, you must use the
- shorewall[-lite] clear
command.
+ Answer: The
+ stop command places the firewall in a safe state;
+ connections that are allowed are governed by the setting of
+ ADMINISABSENTMINDED in shorewall.conf (5) and the
+ contents of shorewall-routestopped
+ (5). To totally open the firewall, use the clear
+ command.
@@ -2009,7 +2012,8 @@ Creating input Chains...
/usr/share/shorewall[-lite]/modules to
/etc/shorewall/modules and modify the copy to
include only the modules that you need. An alternative is to set
- LOAD_HELPERS_ONLY=Yes in shorewall.conf.
+ LOAD_HELPERS_ONLY=Yes in shorewall.conf (5).
@@ -2656,6 +2660,10 @@ if [ $kernel -lt 20624 ]; then
status=2
else
+
+ Update: The above logic is found in
+ /usr/share/shorewall/prog.footer in later
+ Shorewall releases.
@@ -2747,8 +2755,12 @@ else
behind the firewall, I get operation not permitted
. How
can I use nmap with Shorewall?"
- Answer: Temporarily remove and
- rejNotSyn, dropNotSyn and dropInvalid rules from
+ Answer: Temporarily remove any
+ rejNotSyn, dropNotSyn, dropInvalid, NotSyn(...) and Invalid(...) rules from
/etc/shorewall/rules and restart Shorewall.