From 394850e68ef718ededb565cd659db3120053f3a2 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 13 Feb 2013 06:58:22 -0800 Subject: [PATCH] Document updates for IPv6 and Shorewall Lite Signed-off-by: Tom Eastep --- docs/IPv6Support.xml | 25 +++++++++++++++++-------- docs/Shorewall-Lite.xml | 16 +++++++++++----- 2 files changed, 28 insertions(+), 13 deletions(-) diff --git a/docs/IPv6Support.xml b/docs/IPv6Support.xml index f26f9c7ff..e1b558606 100644 --- a/docs/IPv6Support.xml +++ b/docs/IPv6Support.xml @@ -400,15 +400,18 @@ Specifying Addresses + Shorewall follows the usual convention of distinguishing IPv6 + address by enclosing them in square brackets ("[" and "]"). + Anywhere that an address or address list follows a colon - (":"), the address or list may be enclosed in angled brackets - ("<" and ">") to improve readability. + (":"), the address or list may be enclosed in square brackets to + improve readability. Example (/etc/shorewall6/rules): #ACTION SOURCE DEST PROTO DEST # PORT(S) -ACCEPT net $FW:<2002:ce7c:92b4::3> tcp 22 +ACCEPT net $FW:[2002:ce7c:92b4::3] tcp 22 When the colon is preceeded by an interface name, the angle brackets are required. This is true @@ -418,22 +421,28 @@ ACCEPT net $FW:<2002:ce7c:92b4::3> tcp #ACTION SOURCE DEST PROTO DEST # PORT(S) -ACCEPT net:wlan0:<2002:ce7c:92b4::3> tcp 22 +ACCEPT net:wlan0:[2002:ce7c:92b4::3] tcp 22 - Beginning with Shorewall 4.4.6 and 4.5.4, square brackets ("[" - and "]") may also be used. + Prior to Shorewall 4.5.4, angled brackets ("<" and ">") + were used. While these are still accepted, their use is deprecated + in favor of square brackets. Example (/etc/shorewall6/rules): #ACTION SOURCE DEST PROTO DEST # PORT(S) -ACCEPT net:wlan0:[2002:ce7c:92b4::3] tcp 22 +ACCEPT net:wlan0:<2002:ce7c:92b4::3> tcp 22 Prior to Shorewall 4.5.9, network addresses were required to be enclosed in either angle brackets or square brackets (e.g. [2001:470:b:787::/64]). Beginning with Shorewall 4.5.9, the more common representation that places the VLSM outside the brackets is - also accepted (e.g., [2001:470:b:787::]/64). + accepted and preferred (e.g., [2001:470:b:787::]/64). + + Beginning with Shorewall 4.5.14, the rules compiler translates + "<" and ">" to "[" and "]" respectively before parsing. So + square brackets may appear in error messages even when angled + brackets were used. diff --git a/docs/Shorewall-Lite.xml b/docs/Shorewall-Lite.xml index 01faeff2b..5eec0c762 100644 --- a/docs/Shorewall-Lite.xml +++ b/docs/Shorewall-Lite.xml @@ -149,20 +149,26 @@ - The /etc/shorewall/shorewall.conf file is - used to determine the VERBOSITY setting which determines how much - output the compiler generates. All other settings are taken from the + Prior to Shorewall 4.5.8, the + /etc/shorewall/shorewall.conf file was used to + determine the VERBOSITY setting which determines how much output the + compiler generates. All other settings were taken from the shorewall.conf file in the remote systems export directory. - If you want to be able to allow non-root users to manage - remote firewall systems, then the files + Prior to Shorewall 4.5.8, if you want to be able to allow + non-root users to manage remote firewall systems, then the files /etc/shorewall/params and /etc/shorewall/shorewall.conf must be readable by all users on the administrative system. Not all packages secure the files that way and you may have to change the file permissions yourself. + + Prior to Shorewall 4.5.14, + /etc/shorewall/params must be readable by + non-root users or each export directory must have its own params + file.