diff --git a/docs/CompiledPrograms.xml b/docs/CompiledPrograms.xml
index ee5ac6b8e..2f9fd4175 100644
--- a/docs/CompiledPrograms.xml
+++ b/docs/CompiledPrograms.xml
@@ -159,6 +159,10 @@
class="directory">/etc/init.d — they require the
soon-to-be-released Shorewall-minimal Debian package.
+
+ If -d is not specified, the
+ compiled program is generally not suitable for being installed in
+ /etc/init.d.
diff --git a/docs/Documentation_Index.xml b/docs/Documentation_Index.xml
index 9b0ba6a03..62c4e37b6 100644
--- a/docs/Documentation_Index.xml
+++ b/docs/Documentation_Index.xml
@@ -15,7 +15,7 @@
- 2006-02-27
+ 2006-03-10
2001-2006
@@ -738,7 +738,19 @@
- Xen and Shorewall
+ Xen
+
+
+
+ Xen the way that I use
+ it
+
+
+
+ Tight Firewall in Xen
+ Dom0
+
+
\ No newline at end of file
diff --git a/docs/Xen.xml b/docs/Xen.xml
index 7bc82cf52..134307650 100644
--- a/docs/Xen.xml
+++ b/docs/Xen.xml
@@ -15,7 +15,7 @@
- 2006-02-02
+ 2006-03-10
2006
@@ -101,9 +101,18 @@
(the Extended) Dom0 to isolate the server(s) from the other local systems
(including Dom0).
+
+ I find Xen Domain 0 to be an arcane environment in which to try to
+ use Netfilter (and hence Shorewall). As the number of interfaces and
+ bridges increase, complexity increases geometrically. I recommend
+ following this guide only if you really need to place a public server in
+ your local network. Otherwise, the way that I
+ use Xen is much more straight-forward.
+
+
Here is an example. In this example, we will assume that the system
is behind a second firewall that restricts incoming traffic so that we
- only have to worry about protecting the local lan from the systems running
+ only have to worry about protecting the local LAN from the systems running
in the DomU's.
diff --git a/docs/myfiles.xml b/docs/myfiles.xml
index 7e78a8c4f..00f69ff75 100644
--- a/docs/myfiles.xml
+++ b/docs/myfiles.xml
@@ -15,7 +15,7 @@
- 2006-01-21
+ 2006-03-10
2001-2006
@@ -89,18 +89,7 @@
use SNAT through 206.124.146.179 for my Wife's Windows XP
system Tarry
and our SUSE 10.0
laptop Tipper
which connects
- through the Wireless Access Point (wap) via a Wireless Bridge
- (wet).
- While the distance between the WAP and where I usually use
- the laptop isn't very far (50 feet or so), using a WAC11 (CardBus
- wireless card) has proved very unsatisfactory (lots of lost
- connections). By replacing the WAC11 with the WET11 wireless
- bridge, I have virtually eliminated these problems (Being an old
- radio tinkerer (K7JPV), I was also able to eliminate the
- disconnects by hanging a piece of aluminum foil on the family room
- wall. Needless to say, my wife Tarry rejected that as a permanent
- solution :-).
-
+ through the Wireless Access Point (wap).
diff --git a/docs/starting_and_stopping_shorewall.xml b/docs/starting_and_stopping_shorewall.xml
index b1d315634..fe2b097d5 100644
--- a/docs/starting_and_stopping_shorewall.xml
+++ b/docs/starting_and_stopping_shorewall.xml
@@ -15,7 +15,7 @@
- 2006-02-27
+ 2006-03-07
2004
@@ -650,12 +650,25 @@
system.
When -d <distribution> is given, the script is built for
- execution on the distribution specified by <distro>.
- Currently, 'suse' is the only valid <distro>. Usually
- specified together with -e.
+ installation in /etc/init.d
+ on the distribution specified by <distro>. Currently supported
+ values for <distro>are:
+
+
+ redhat (also good for Fedora Core and CentOS)
+
+ debian (Requires the soon to be released Shorewall-minimal
+ package to be run on Debian)
+
+ suse
+
+
+ Usually specified together with -e. If not specified, the
+ output file is not suitable for installation into /etc/init.d/
Example:
- shorewall compile -ed suse foo
+ shorewall compile -ed redhat foo
Additional distributions are expected to be supported
shortly.
@@ -690,6 +703,10 @@
When the '-e' option is specified during compilation, the
program may be installed in /etc/init.d/ and serve as the firewall
on a system without Shorewall installed.
+
+ For additional information about the
+ compile command, see this article.