forked from extern/shorewall_code
fixed quotes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@956 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
mhnoyes
parent
82689f4254
commit
63e6973250
@ -30,8 +30,8 @@
|
||||
document under the terms of the GNU Free Documentation License, Version
|
||||
1.2 or any later version published by the Free Software Foundation; with
|
||||
no Invariant Sections, with no Front-Cover, and with no Back-Cover
|
||||
Texts. A copy of the license is included in the section entitled "<ulink
|
||||
url="GnuCopyright.htm">GNU Free Documentation License</ulink>".</para>
|
||||
Texts. A copy of the license is included in the section entitled
|
||||
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para>
|
||||
</legalnotice>
|
||||
</articleinfo>
|
||||
|
||||
@ -195,7 +195,7 @@ conn packetdefault
|
||||
|
||||
<para>You need to define a zone for the remote subnet or include it in
|
||||
your local zone. In this example, we'll assume that you have created
|
||||
a zone called "vpn" to represent the remote subnet.</para>
|
||||
a zone called <quote>vpn</quote> to represent the remote subnet.</para>
|
||||
|
||||
<para><table><title>/etc/shorewall/zones local</title><tgroup cols="3"><thead><row><entry
|
||||
align="center">ZONE</entry><entry align="center">DISPLAY</entry><entry
|
||||
@ -203,16 +203,16 @@ conn packetdefault
|
||||
Subnet</entry></row></tbody></tgroup></table></para>
|
||||
|
||||
<para>At both systems, ipsec0 would be included in
|
||||
/etc/shorewall/interfaces as a "vpn" interface:</para>
|
||||
/etc/shorewall/interfaces as a <quote>vpn</quote> interface:</para>
|
||||
|
||||
<para><table><title>/etc/shorewall/interfaces system local & remote</title><tgroup
|
||||
cols="4"><thead><row><entry align="center">ZONE</entry><entry
|
||||
align="center">INTERFACE</entry><entry align="center">BROADCAST</entry><entry
|
||||
align="center">OPTIONS</entry></row></thead><tbody><row><entry>vpn</entry><entry>ipsec0</entry><entry></entry><entry></entry></row></tbody></tgroup></table></para>
|
||||
|
||||
<para>You will need to allow traffic between the "vpn" zone and
|
||||
the "loc" zone -- if you simply want to admit all traffic in
|
||||
both directions, you can use the policy file:</para>
|
||||
<para>You will need to allow traffic between the <quote>vpn</quote> zone
|
||||
and the <quote>loc</quote> zone -- if you simply want to admit all
|
||||
traffic in both directions, you can use the policy file:</para>
|
||||
|
||||
<para><table><title>/etc/shorewall/policy local & remote</title><tgroup
|
||||
cols="4"><thead><row><entry align="center">SOURCE</entry><entry
|
||||
@ -511,10 +511,10 @@ conn packetdefault
|
||||
</table>
|
||||
|
||||
<para>On systems A, you will need to allow traffic between the
|
||||
"vpn1" zone and the "loc" zone as well as between
|
||||
"vpn2" and the "loc" zone -- if you simply want to admit
|
||||
all traffic in both directions, you can use the following policy file
|
||||
entries on all three gateways:</para>
|
||||
<quote>vpn1</quote> zone and the <quote>loc</quote> zone as well as
|
||||
between <quote>vpn2</quote> and the <quote>loc</quote> zone -- if you
|
||||
simply want to admit all traffic in both directions, you can use the
|
||||
following policy file entries on all three gateways:</para>
|
||||
|
||||
<table>
|
||||
<title>/etc/shorewall/policy system A</title>
|
||||
@ -577,9 +577,9 @@ conn packetdefault
|
||||
</table>
|
||||
|
||||
<para>On systems B and C, you will need to allow traffic between the
|
||||
"vpn" zone and the "loc" zone -- if you simply want to
|
||||
admit all traffic in both directions, you can use the following policy
|
||||
file entries on all three gateways:</para>
|
||||
<quote>vpn</quote> zone and the <quote>loc</quote> zone -- if you simply
|
||||
want to admit all traffic in both directions, you can use the following
|
||||
policy file entries on all three gateways:</para>
|
||||
|
||||
<table>
|
||||
<title>/etc/shorewall/policy system B & C</title>
|
||||
@ -692,7 +692,7 @@ conn packetdefault
|
||||
|
||||
<para>You need to define a zone for the laptop or include it in your
|
||||
local zone. In this example, we'll assume that you have created a
|
||||
zone called "vpn" to represent the remote host.</para>
|
||||
zone called <quote>vpn</quote> to represent the remote host.</para>
|
||||
|
||||
<para><table><title>/etc/shorewall/zones local</title><tgroup cols="3"><thead><row><entry
|
||||
align="center">ZONE</entry><entry align="center">DISPLAY</entry><entry
|
||||
@ -714,7 +714,7 @@ conn packetdefault
|
||||
gateway is a standalone system.</para></note></para>
|
||||
|
||||
<para>You will need to configure /etc/shorewall/interfaces and establish
|
||||
your "through the tunnel" policy as shown under the first
|
||||
your <quote>through the tunnel</quote> policy as shown under the first
|
||||
example above.</para>
|
||||
</example>
|
||||
</section>
|
||||
@ -808,7 +808,7 @@ conn packetdefault
|
||||
a different updown script that adds the remote station to the appropriate
|
||||
zone when the connection comes up and that deletes the remote station when
|
||||
the connection comes down. For example, when 134.28.54.2 connects for the
|
||||
vpn2 zone the 'up' part of the script will issue the command":</para>
|
||||
vpn2 zone the 'up' part of the script will issue the command:</para>
|
||||
|
||||
<programlisting>/sbin/shorewall add ipsec0:134.28.54.2 vpn2</programlisting>
|
||||
|
||||
|
||||
@ -30,8 +30,8 @@
|
||||
document under the terms of the GNU Free Documentation License, Version
|
||||
1.2 or any later version published by the Free Software Foundation; with
|
||||
no Invariant Sections, with no Front-Cover, and with no Back-Cover
|
||||
Texts. A copy of the license is included in the section entitled "<ulink
|
||||
url="GnuCopyright.htm">GNU Free Documentation License</ulink>".</para>
|
||||
Texts. A copy of the license is included in the section entitled
|
||||
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para>
|
||||
</legalnotice>
|
||||
</articleinfo>
|
||||
|
||||
@ -54,7 +54,7 @@
|
||||
|
||||
<warning>
|
||||
<para>If you have RedHat 7.2 and are running iptables version 1.2.3 (at
|
||||
a shell prompt, type "/sbin/iptables --version"), you must
|
||||
a shell prompt, type <quote>/sbin/iptables --version</quote>), you must
|
||||
upgrade to version 1.2.4 either from the <ulink
|
||||
url="http://www.redhat.com/support/errata/RHSA-2001-144.html">RedHat
|
||||
update site</ulink> or from the <ulink url="errata.htm">Shorewall Errata
|
||||
@ -95,12 +95,12 @@
|
||||
|
||||
<warning>
|
||||
<para>YOU CAN <emphasis role="bold">NOT</emphasis> SIMPLY INSTALL
|
||||
THE RPM AND ISSUE A "shorewall start" COMMAND. SOME
|
||||
THE RPM AND ISSUE A <quote>shorewall start</quote> COMMAND. SOME
|
||||
CONFIGURATION IS REQUIRED BEFORE THE FIREWALL WILL START. IF YOU
|
||||
ISSUE A "start" COMMAND AND THE FIREWALL FAILS TO START,
|
||||
YOUR SYSTEM WILL NO LONGER ACCEPT ANY NETWORK TRAFFIC. IF THIS
|
||||
HAPPENS, ISSUE A "shorewall clear" COMMAND TO RESTORE
|
||||
NETWORK CONNECTIVITY.</para>
|
||||
ISSUE A <quote>start</quote> COMMAND AND THE FIREWALL FAILS TO
|
||||
START, YOUR SYSTEM WILL NO LONGER ACCEPT ANY NETWORK TRAFFIC. IF
|
||||
THIS HAPPENS, ISSUE A <quote>shorewall clear</quote> COMMAND TO
|
||||
RESTORE NETWORK CONNECTIVITY.</para>
|
||||
</warning>
|
||||
</listitem>
|
||||
|
||||
@ -124,7 +124,7 @@
|
||||
|
||||
<listitem>
|
||||
<para>cd to the shorewall directory (the version is encoded in the
|
||||
directory name as in "shorewall-1.1.10").</para>
|
||||
directory name as in <quote>shorewall-1.1.10</quote>).</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
@ -185,8 +185,8 @@
|
||||
<title>Install the .lrp</title>
|
||||
|
||||
<para>To install my version of Shorewall on a fresh Bering disk, simply
|
||||
replace the "shorwall.lrp" file on the image with the file that
|
||||
you downloaded. See the <ulink url="two-interface.htm">two-interface
|
||||
replace the <quote>shorwall.lrp</quote> file on the image with the file
|
||||
that you downloaded. See the <ulink url="two-interface.htm">two-interface
|
||||
QuickStart Guide</ulink> for information about further steps required.</para>
|
||||
</section>
|
||||
|
||||
@ -213,9 +213,9 @@
|
||||
<programlisting>rpm -Uvh <shorewall rpm file></programlisting>
|
||||
|
||||
<note>
|
||||
<para> If you are installing version 1.2.0 and have one of the 1.2.0
|
||||
Beta RPMs installed, you must use the "--oldpackage" option
|
||||
to rpm.</para>
|
||||
<para>If you are installing version 1.2.0 and have one of the 1.2.0
|
||||
Beta RPMs installed, you must use the <quote>--oldpackage</quote>
|
||||
option to rpm.</para>
|
||||
|
||||
<informalexample>
|
||||
<programlisting>rpm -Uvh --oldpackage shorewall-1.2-0.noarch.rpm</programlisting>
|
||||
@ -284,7 +284,7 @@
|
||||
|
||||
<listitem>
|
||||
<para>cd to the shorewall directory (the version is encoded in the
|
||||
directory name as in "shorewall-3.0.1").</para>
|
||||
directory name as in <quote>shorewall-3.0.1</quote>).</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
@ -364,6 +364,6 @@
|
||||
<section>
|
||||
<title>Uninstall/Fallback</title>
|
||||
|
||||
<para>See "<ulink url="fallback.htm">Fallback and Uninstall</ulink>".</para>
|
||||
<para>See <quote><ulink url="fallback.htm">Fallback and Uninstall</ulink></quote>.</para>
|
||||
</section>
|
||||
</article>
|
||||
Loading…
Reference in New Issue
Block a user