fixed quotes, add CVS Id

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1002 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
mhnoyes 2003-12-28 17:56:45 +00:00
parent 424bfe9f2d
commit 65002ec162
2 changed files with 36 additions and 29 deletions

View File

@ -2,6 +2,8 @@
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<article id="IPIP">
<!--$Id$-->
<articleinfo>
<title>Shorewall Logging</title>
@ -26,8 +28,8 @@
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled &#34;<ulink
url="GnuCopyright.htm">GNU Free Documentation License</ulink>&#34;.</para>
Texts. A copy of the license is included in the section entitled
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para>
</legalnotice>
</articleinfo>
@ -63,16 +65,16 @@
<para>The packet matches a rule in <ulink
url="Documentation.htm#Rules">/etc/shorewall/rules</ulink>. By
including a syslog level (see below) in the ACTION column of a rule
(e.g., &#34;ACCEPT<emphasis role="bold">:info</emphasis> net fw tcp
22&#34;), the connection attempt will be logged at that level.</para>
(e.g., <quote>ACCEPT<emphasis role="bold">:info</emphasis> net fw tcp
22</quote>), the connection attempt will be logged at that level.</para>
</listitem>
<listitem>
<para>The packet doesn&#39;t match a rule so it is handled by a policy
defined in <ulink url="Documentation.htm#Policy">/etc/shorewall/policy</ulink>.
These may be logged by specifying a syslog level in the LOG LEVEL
column of the policy&#39;s entry (e.g., &#34;loc net ACCEPT <emphasis
role="bold">info</emphasis>&#34;).</para>
column of the policy&#39;s entry (e.g., <quote>loc net ACCEPT
<emphasis role="bold">info</emphasis></quote>).</para>
</listitem>
</orderedlist>
</section>
@ -91,7 +93,7 @@
<para>Throughout the Shorewall documentation, I will use the term
<emphasis>level</emphasis> rather than <emphasis>priority </emphasis>since
<emphasis>level</emphasis> is the term used by NetFilter. The syslog
documentation uses the term <emphasis>priority</emphasis>. </para>
documentation uses the term <emphasis>priority</emphasis>.</para>
<section>
<title>Syslog Levels</title>
@ -165,8 +167,8 @@
target support (and most vendor-supplied kernels do), you may also
specify a log level of ULOG (must be all caps). When ULOG is used,
Shorewall will direct netfilter to log the related messages via the ULOG
target which will send them to a process called &#39;ulogd&#39;. The
ulogd program is available from <ulink
target which will send them to a process called <quote>ulogd</quote>.
The ulogd program is available from <ulink
url="http://www.gnumonks.org/projects/ulogd">http://www.gnumonks.org/projects/ulogd</ulink>
and can be configured to log all Shorewall message to their own log
file.</para>
@ -241,15 +243,15 @@
</simplelist>
<para>I also copied the file /usr/local/src/ulogd-<emphasis>version</emphasis>/ulogd.init
to /etc/init.d/ulogd. I had to edit the line that read &#34;daemon
/usr/local/sbin/ulogd&#34; to read daemon /usr/local/sbin/ulogd -d&#34;.
On a RedHat system, a simple &#34;chkconfig --level 3 ulogd on&#34;
starts ulogd during boot up. Your init system may need something else
done to activate the script.</para>
to /etc/init.d/ulogd. I had to edit the line that read <quote>daemon
/usr/local/sbin/ulogd</quote> to read <quote>daemon
/usr/local/sbin/ulogd -d</quote>. On a RedHat system, a simple
<quote>chkconfig --level 3 ulogd on</quote> starts ulogd during boot up.
Your init system may need something else done to activate the script.</para>
<para>You will need to change all instances of log levels (usually
&#39;info&#39;) in your configuration files to &#39;ULOG&#39; - this
includes entries in the policy, rules and shorewall.conf files.
<quote>info</quote>) in your configuration files to <quote>ULOG</quote>
- this includes entries in the policy, rules and shorewall.conf files.
Here&#39;s what I have:</para>
<programlisting> [root@gateway shorewall]# grep ULOG *
@ -263,8 +265,8 @@
<para>Finally edit /etc/shorewall/shorewall.conf and set LOGFILE=&#60;<emphasis>file
that you wish to log to</emphasis>&#62;. This tells the /sbin/shorewall
program where to look for the log when processing its &#34;show
log&#34;, &#34;logwatch&#34; and &#34;monitor&#34; commands.</para>
program where to look for the log when processing its <quote>show log</quote>,
<quote>logwatch</quote> and <quote>monitor</quote> commands.</para>
</section>
</section>

View File

@ -2,6 +2,8 @@
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<article id="shorewall_prerequisites">
<!--$Id$-->
<articleinfo>
<title>Shorewall Requirements</title>
@ -24,8 +26,8 @@
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled &#34;<ulink
url="GnuCopyright.htm">GNU Free Documentation License</ulink>&#34;.</para>
Texts. A copy of the license is included in the section entitled
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para>
</legalnotice>
</articleinfo>
@ -44,18 +46,21 @@
<listitem>
<para>iptables 1.2 or later but beware version 1.2.3 -- see the <ulink
url="errata.htm">Errata</ulink>. <emphasis role="bold">WARNING</emphasis>:
The buggy iptables version 1.2.3 is included in RedHat 7.2 and you
should upgrade to iptables 1.2.4 prior to installing Shorewall.
Version 1.2.4 is available <ulink
url="http://www.redhat.com/support/errata/RHSA-2001-144.html">from
RedHat</ulink> and in the <ulink url="errata.htm">Shorewall Errata</ulink>.</para>
url="errata.htm">Errata</ulink>.</para>
<warning>
<para>The buggy iptables version 1.2.3 is included in RedHat 7.2 and
you should upgrade to iptables 1.2.4 prior to installing Shorewall.
Version 1.2.4 is available <ulink
url="http://www.redhat.com/support/errata/RHSA-2001-144.html">from
RedHat</ulink> and in the <ulink url="errata.htm">Shorewall Errata</ulink>.</para>
</warning>
</listitem>
<listitem>
<para>Iproute (&#34;ip&#34; utility). The iproute package is included
with most distributions but may not be installed by default. The
official download site is <ulink type="remote"
<para>Iproute (<quote>ip</quote> utility). The iproute package is
included with most distributions but may not be installed by default.
The official download site is <ulink type="remote"
url="ftp://ftp.inr.ac.ru/ip-routing">ftp://ftp.inr.ac.ru/ip-routing</ulink>.</para>
</listitem>