Slight re-org of Xen docs

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3644 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2006-03-10 23:03:07 +00:00 · 2006-03-10 23:03:07 +00:00 · 59714b4aaf
commit 59714b4aaf
parent 93a8419520
5 changed files with 53 additions and 22 deletions
--- a/docs/CompiledPrograms.xml
+++ b/docs/CompiledPrograms.xml
@ -159,6 +159,10 @@
              class="directory">/etc/init.d</filename> — they require the
              soon-to-be-released Shorewall-minimal Debian package.</member>
            </simplelist>
+
+            <para>If <emphasis role="bold">-d</emphasis> is not specified, the
+            compiled program is generally not suitable for being installed in
+            <filename class="directory">/etc/init.d</filename>.</para>
          </listitem>
        </varlistentry>

--- a/docs/Documentation_Index.xml
+++ b/docs/Documentation_Index.xml
@ -15,7 +15,7 @@
      </author>
    </authorgroup>

-    <pubdate>2006-02-27</pubdate>
+    <pubdate>2006-03-10</pubdate>

    <copyright>
      <year>2001-2006</year>
@ -738,7 +738,19 @@
    </listitem>

    <listitem>
-      <para><ulink url="Xen.html">Xen and Shorewall</ulink></para>
+      <para>Xen</para>
+
+      <itemizedlist>
+        <listitem>
+          <para><ulink url="XenMyWay.html">Xen the way that I use
+          it</ulink></para>
+        </listitem>
+
+        <listitem>
+          <para><ulink url="Xen.html">Tight Firewall in Xen
+          Dom0</ulink></para>
+        </listitem>
+      </itemizedlist>
    </listitem>
  </orderedlist>
 </article>
--- a/docs/Xen.xml
+++ b/docs/Xen.xml
@ -15,7 +15,7 @@
      </author>
    </authorgroup>

-    <pubdate>2006-02-02</pubdate>
+    <pubdate>2006-03-10</pubdate>

    <copyright>
      <year>2006</year>
@ -101,9 +101,18 @@
    (the Extended) Dom0 to isolate the server(s) from the other local systems
    (including Dom0).</para>

+    <caution>
+      <para>I find Xen Domain 0 to be an arcane environment in which to try to
+      use Netfilter (and hence Shorewall). As the number of interfaces and
+      bridges increase, complexity increases geometrically. I recommend
+      following this guide only if you really need to place a public server in
+      your local network. Otherwise, the <ulink url="XenMyWay.html">way that I
+      use Xen</ulink> is much more straight-forward.</para>
+    </caution>
+
    <para>Here is an example. In this example, we will assume that the system
    is behind a second firewall that restricts incoming traffic so that we
-    only have to worry about protecting the local lan from the systems running
+    only have to worry about protecting the local LAN from the systems running
    in the DomU's.</para>

    <section>
--- a/docs/myfiles.xml
+++ b/docs/myfiles.xml
@ -15,7 +15,7 @@
      </author>
    </authorgroup>

-    <pubdate>2006-01-21</pubdate>
+    <pubdate>2006-03-10</pubdate>

    <copyright>
      <year>2001-2006</year>
@ -89,18 +89,7 @@
        <para>use SNAT through 206.124.146.179 for&nbsp;my Wife's Windows XP
        system <quote><emphasis>Tarry</emphasis></quote> and our SUSE 10.0
        laptop <quote><emphasis>Tipper</emphasis></quote> which connects
-        through the Wireless Access Point (wap) via a Wireless Bridge
-        (wet).<note>
-            <para>While the distance between the WAP and where I usually use
-            the laptop isn't very far (50 feet or so), using a WAC11 (CardBus
-            wireless card) has proved very unsatisfactory (lots of lost
-            connections). By replacing the WAC11 with the WET11 wireless
-            bridge, I have virtually eliminated these problems (Being an old
-            radio tinkerer (K7JPV), I was also able to eliminate the
-            disconnects by hanging a piece of aluminum foil on the family room
-            wall. Needless to say, my wife Tarry rejected that as a permanent
-            solution :-).</para>
-          </note></para>
+        through the Wireless Access Point (wap).</para>
      </listitem>
    </itemizedlist>

--- a/docs/starting_and_stopping_shorewall.xml
+++ b/docs/starting_and_stopping_shorewall.xml
@ -15,7 +15,7 @@
      </author>
    </authorgroup>

-    <pubdate>2006-02-27</pubdate>
+    <pubdate>2006-03-07</pubdate>

    <copyright>
      <year>2004</year>
@ -650,12 +650,25 @@
          system.</para>

          <para>When -d &lt;distribution&gt; is given, the script is built for
-          execution on the distribution specified by &lt;distro&gt;.
-          Currently, 'suse' is the only valid &lt;distro&gt;. Usually
-          specified together with -e.</para>
+          installation in <filename class="directory">/etc/init.d</filename>
+          on the distribution specified by &lt;distro&gt;. Currently supported
+          values for &lt;distro&gt;are:</para>
+
+          <simplelist>
+            <member>redhat (also good for Fedora Core and CentOS)</member>
+
+            <member>debian (Requires the soon to be released Shorewall-minimal
+            package to be run on Debian)</member>
+
+            <member>suse</member>
+          </simplelist>
+
+          <para>Usually specified together with -e. If not specified, the
+          output file is not suitable for installation into <filename
+          class="directory">/etc/init.d/</filename></para>

          <para>Example:<blockquote>
-              <para><command>shorewall compile -ed suse foo</command></para>
+              <para><command>shorewall compile -ed redhat foo</command></para>
            </blockquote>Additional distributions are expected to be supported
          shortly.</para>

@ -690,6 +703,10 @@
          <para>When the '-e' option is specified during compilation, the
          program may be installed in /etc/init.d/ and serve as the firewall
          on a system without Shorewall installed.</para>
+
+          <para>For additional information about the
+          <command>compile</command> command, see <ulink
+          url="CompiledPrograms.html">this article</ulink>.</para>
        </listitem>
      </varlistentry>