diff --git a/docs/Dynamic.xml b/docs/Dynamic.xml
index aa1cdc074..c7805f537 100644
--- a/docs/Dynamic.xml
+++ b/docs/Dynamic.xml
@@ -49,140 +49,12 @@
support is based on ipset. Most current
distributions have ipset, but you may need to install the xtables-addons.
-
-
-
- Installing xtables-addons
-
- If your distribution does not have an xtables-addons package, the
- xtables-addons are fairly easy to install. You do not need to recompile
- your kernel.
-
- Debian users can find xtables-addons-common
- and xtables-addons-source packages in testing. The
- kernel modules can be built and installed with the help of
- module-assistant. As of this writing, these packages are in the
- admin group rather than in the
- network group!!??
-
- For other users, the basic steps are as follows:
-
-
-
- Install gcc and make
-
-
-
- Install the headers for the kernel you are running. In some
- distributions, such as Debian and
- Ubuntu, the packet is called kernel-headers.
- For other distrubutions, such as OpenSuSE, you must install the
- kernel-source package.
-
-
-
- download the iptables source tarball
-
-
-
- untar the source
-
-
-
- cd to the iptables source directory
-
-
-
- run 'make'
-
-
-
- as root, run 'make install'
-
-
-
- Your new iptables binary will now be installed in
- /usr/local/sbin. Modify shorewall.conf to specify
- IPTABLES=/usr/local/sbin/iptables
-
-
-
- Download the latest xtables-addons source tarball
-
-
-
- Untar the xtables-addons source
-
-
-
- cd to the xtables-addons source directory
-
-
-
- run './configure'
-
-
-
- run 'make'
-
-
-
- As root, cd to the xtables-addons directory and run 'make
- install'.
-
-
-
- Restart shorewall
-
-
-
- 'shorewall show capabilities' should now indicate Ipset Match: Available
-
-
-
- You will have to repeat steps 10-13 each time that you receive a
- kernel upgrade from your distribution vendor. You can install
- xtables-addons before booting to the new kernel as follows
- (new-kernel-version is the version of the
- newly-installed kernel - example 2.6.28.11-generic. Look in the /lib/modules
- directory to get the full version name)
-
-
-
- cd to the xtables-addons source directory
-
-
-
- run 'make clean'
-
-
-
- run './configure
- --with-kbuild=/lib/modules/new-kernel-version/build
- --with-ksource=/lib/modules/new-kernel-version/source'
-
-
-
- run 'make'
-
-
-
- As root, cd to the xtables-addons source directory and run 'make
- install'.
-
-
-
- As root, run 'depmod -a
- new-kernel-version'
-
-
+ url="http://xtables-addons.sourceforge.net/">xtables-addons
+ package.
- Dynamic Zones -- Shorewall 4.5.9 and Later
+ Dynamic Zones
Prior to Shorewall 4.5.9, when multiple records for a zone appear in
/etc/shorewall/hosts, Shorewall would create a
@@ -288,117 +160,6 @@ rsyncok:
-
- Dynamic Zones -- Shorewall 4.5.8 and Earlier.
-
- The method described in this section is still supported in the later
- releases.
-
-
- Defining a Dynamic Zone
-
- A dynamic zone is defined by using the keyword dynamic in the zones host list.
-
- Example:
-
-
- /etc/shorewall/zones:#NAME TYPE OPTIONS
-loc ipv4
-webok:loc ipv4/etc/shorewall/interfaces:
-
- #ZONE INTERFACE BROADCAST OPTIONS
-loc eth0 - …
-
-
- /etc/shorewall/hosts:
-
- #ZONE HOSTS OPTIONS
-webok eth0:dynamic
-
-
- Once the above definition is added, Shorewall will automatically
- create an ipset named webok_eth0 the next time that
- Shorewall is started or restarted. Shorewall will create an ipset of
- type iphash. If you want to use a different type
- of ipset, such as macipmap, then you will want to
- manually create that ipset yourself before the next Shorewall
- start/restart.
-
- The dynamic zone capability was added to Shorewall6 in Shorewall
- 4.4.21.
-
-
-
- Adding a Host to a Dynamic Zone
-
- Adding a host to a dynamic zone is accomplished by adding the
- host's IP address to the appropriate ipset. Shorewall provldes a command
- for doing that:
-
-
- shorewall add interface:address
- ... zone
-
-
- Example:
-
-
- shorewall add eth0:192.168.3.4 webok
-
-
- The command can only be used when the ipset involved is of type
- iphash. For other ipset types, the ipset command must
- be used directly.
-
-
-
- Deleting a Host from a Dynamic Zone
-
- Deleting a host from a dynamic zone is accomplished by removing
- the host's IP address from the appropriate ipset. Shorewall provldes a
- command for doing that:
-
-
- shorewall delete
- interface:address ...
- zone
-
-
- Example:
-
-
- shorewall delete eth0:192.168.3.4
- webok
-
-
- The command can only be used when the ipset involved is of type
- iphash. For other ipset types, the ipse t command
- must be used directly.
-
-
-
- Listing the Contents of a Dynamic Zone
-
- The shorewall show command may be used to list the current
- contents of a dynamic zone.
-
-
- shorewall show dynamic
- zone
-
-
- Example:
-
-
- shorewall show dynamic webok
-eth0:
- 192.168.3.4
- 192.168.3.9
-
-
-
-
Dynamic Zone Contents and Shorewall stop/start/restart