From 15fd3455450aeec5b6808c787d7648696d164fa6 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 25 Aug 2012 08:10:26 -0700 Subject: [PATCH] FAQ update Signed-off-by: Tom Eastep --- docs/FAQ.xml | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/docs/FAQ.xml b/docs/FAQ.xml index 4ede4eb11..83bbe0d9c 100644 --- a/docs/FAQ.xml +++ b/docs/FAQ.xml @@ -1927,12 +1927,15 @@ Dec 15 16:47:30 heath-desktop last message repeated 2 times stop, I can't connect to anything. Why doesn't that command work? - Answer: The - stop command is intended to place your - firewall into a safe state whereby only those hosts listed in - /etc/shorewall/routestopped are allowed. If you - want to totally open up your firewall, you must use the - shorewall[-lite] clear command. + Answer: The + stop command places the firewall in a safe state; + connections that are allowed are governed by the setting of + ADMINISABSENTMINDED in shorewall.conf (5) and the + contents of shorewall-routestopped + (5). To totally open the firewall, use the clear + command.
@@ -2009,7 +2012,8 @@ Creating input Chains... /usr/share/shorewall[-lite]/modules to /etc/shorewall/modules and modify the copy to include only the modules that you need. An alternative is to set - LOAD_HELPERS_ONLY=Yes in shorewall.conf. + LOAD_HELPERS_ONLY=Yes in shorewall.conf (5).
@@ -2656,6 +2660,10 @@ if [ $kernel -lt 20624 ]; then status=2 else + + Update: The above logic is found in + /usr/share/shorewall/prog.footer in later + Shorewall releases.
@@ -2747,8 +2755,12 @@ else behind the firewall, I get operation not permitted. How can I use nmap with Shorewall?" - Answer: Temporarily remove and - rejNotSyn, dropNotSyn and dropInvalid rules from + Answer: Temporarily remove any + rejNotSyn, dropNotSyn, dropInvalid, NotSyn(...) and Invalid(...) rules from /etc/shorewall/rules and restart Shorewall.