forked from extern/shorewall_code
Clean up links and add missing sections in Documentation.xml
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@847 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
53a9e87cd9
commit
6e49b4c848
@ -14,11 +14,7 @@
|
|||||||
</authorgroup>
|
</authorgroup>
|
||||||
|
|
||||||
<copyright>
|
<copyright>
|
||||||
<year>2001</year>
|
<year>2001-2003</year>
|
||||||
|
|
||||||
<year>2002</year>
|
|
||||||
|
|
||||||
<year>2003</year>
|
|
||||||
|
|
||||||
<holder>Thomas M. Eastep</holder>
|
<holder>Thomas M. Eastep</holder>
|
||||||
</copyright>
|
</copyright>
|
||||||
@ -268,7 +264,7 @@
|
|||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>accounting</term>
|
<term><ulink url="Accounting.html">accounting</ulink></term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>a parameter file in /etc/shorewall used to define traffic
|
<para>a parameter file in /etc/shorewall used to define traffic
|
||||||
@ -298,7 +294,8 @@
|
|||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>actions and action.template</term>
|
<term><ulink url="User_defined_Actions.html">actions and
|
||||||
|
action.template</ulink></term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>files in /etc/shorewall that allow you to define your own
|
<para>files in /etc/shorewall that allow you to define your own
|
||||||
@ -321,8 +318,7 @@
|
|||||||
<example>
|
<example>
|
||||||
<title>shell variables</title>
|
<title>shell variables</title>
|
||||||
|
|
||||||
<programlisting>NET_IF=eth0
|
<programlisting>NET_IF=eth0 NET_BCAST=130.252.100.255
|
||||||
NET_BCAST=130.252.100.255
|
|
||||||
NET_OPTIONS=blacklist,norfc1918</programlisting>
|
NET_OPTIONS=blacklist,norfc1918</programlisting>
|
||||||
</example>
|
</example>
|
||||||
|
|
||||||
@ -961,8 +957,7 @@ NET_OPTIONS=blacklist,norfc1918</programlisting>
|
|||||||
<title>Your local interface is eth1 and you have two groups of local
|
<title>Your local interface is eth1 and you have two groups of local
|
||||||
hosts that you want to make into separate zones:</title>
|
hosts that you want to make into separate zones:</title>
|
||||||
|
|
||||||
<programlisting>192.168.1.0/25
|
<programlisting>192.168.1.0/25 192.168.1.128/</programlisting>
|
||||||
192.168.1.128/</programlisting>
|
|
||||||
|
|
||||||
<para>Your /etc/shorewall/interfaces file might look like:</para>
|
<para>Your /etc/shorewall/interfaces file might look like:</para>
|
||||||
|
|
||||||
@ -1044,8 +1039,7 @@ NET_OPTIONS=blacklist,norfc1918</programlisting>
|
|||||||
<title>You have local interface eth1 with two IP addresses -
|
<title>You have local interface eth1 with two IP addresses -
|
||||||
192.168.1.1/24 and 192.168.12.1/24</title>
|
192.168.1.1/24 and 192.168.12.1/24</title>
|
||||||
|
|
||||||
<programlisting>192.168.1.0/25
|
<programlisting>192.168.1.0/25 192.168.1.128/25</programlisting>
|
||||||
192.168.1.128/25</programlisting>
|
|
||||||
|
|
||||||
<para>Your /etc/shorewall/interfaces file might look like:</para>
|
<para>Your /etc/shorewall/interfaces file might look like:</para>
|
||||||
|
|
||||||
@ -2053,7 +2047,8 @@ NET_OPTIONS=blacklist,norfc1918</programlisting>
|
|||||||
rule by optionally following ACCEPT, DNAT[-], REDIRECT[-] or LOG
|
rule by optionally following ACCEPT, DNAT[-], REDIRECT[-] or LOG
|
||||||
with</para>
|
with</para>
|
||||||
|
|
||||||
<programlisting>< <rate>/<interval>[:<burst>] ></programlisting>
|
<programlisting><
|
||||||
|
<rate>/<interval>[:<burst>] ></programlisting>
|
||||||
|
|
||||||
<para>where <rate> is the number of connections per
|
<para>where <rate> is the number of connections per
|
||||||
<interval> ("sec" or "min") and
|
<interval> ("sec" or "min") and
|
||||||
@ -2292,7 +2287,8 @@ NET_OPTIONS=blacklist,norfc1918</programlisting>
|
|||||||
<example>
|
<example>
|
||||||
<title></title>
|
<title></title>
|
||||||
|
|
||||||
<programlisting>DNAT loc:<emphasis role="bold">192.168.1.0/24</emphasis> loc:192.168.1.3 tcp www - 206.124.146.179:192.168.1.3</programlisting>
|
<programlisting>DNAT loc:<emphasis role="bold">192.168.1.0/24</emphasis>
|
||||||
|
loc:192.168.1.3 tcp www - 206.124.146.179:192.168.1.3</programlisting>
|
||||||
</example>
|
</example>
|
||||||
</note>
|
</note>
|
||||||
|
|
||||||
@ -2988,7 +2984,7 @@ NET_OPTIONS=blacklist,norfc1918</programlisting>
|
|||||||
<para><ulink url="ports.htm">Look here for information on other services.</ulink></para>
|
<para><ulink url="ports.htm">Look here for information on other services.</ulink></para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section id="Common" xreflabel="/etc/shorewall/common">
|
||||||
<title>/etc/shorewall/common</title>
|
<title>/etc/shorewall/common</title>
|
||||||
|
|
||||||
<para>Shorewall allows definition of rules that apply between all zones.
|
<para>Shorewall allows definition of rules that apply between all zones.
|
||||||
@ -3345,9 +3341,9 @@ NET_OPTIONS=blacklist,norfc1918</programlisting>
|
|||||||
<title>You have public IP addresses 155.182.235.0/28. You configure your
|
<title>You have public IP addresses 155.182.235.0/28. You configure your
|
||||||
firewall as follows:</title>
|
firewall as follows:</title>
|
||||||
|
|
||||||
<programlisting>eth0 - 155.186.235.1 (internet connection)
|
<programlisting>eth0 - 155.186.235.1 (internet connection) eth1 -
|
||||||
eth1 - 192.168.9.0/24 (masqueraded local systems)
|
192.168.9.0/24 (masqueraded local systems) eth2 - 192.168.10.1
|
||||||
eth2 - 192.168.10.1 (interface to your DMZ)</programlisting>
|
(interface to your DMZ)</programlisting>
|
||||||
|
|
||||||
<para>In your DMZ, you want to install a Web/FTP server with public
|
<para>In your DMZ, you want to install a Web/FTP server with public
|
||||||
address 155.186.235.4. On the Web server, you subnet just like the
|
address 155.186.235.4. On the Web server, you subnet just like the
|
||||||
@ -3850,8 +3846,7 @@ eth2 - 192.168.10.1 (interface to your DMZ)</programlisting>
|
|||||||
<example>
|
<example>
|
||||||
<title></title>
|
<title></title>
|
||||||
|
|
||||||
<programlisting>LOGRATE=10/minute
|
<programlisting>LOGRATE=10/minute LOGBURST=5</programlisting>
|
||||||
LOGBURST=5</programlisting>
|
|
||||||
</example>
|
</example>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
@ -4078,7 +4073,8 @@ LOGBURST=5</programlisting>
|
|||||||
|
|
||||||
<para>The <emphasis>loadmodule</emphasis> function is called as follows:</para>
|
<para>The <emphasis>loadmodule</emphasis> function is called as follows:</para>
|
||||||
|
|
||||||
<programlisting>loadmodule <<emphasis>modulename</emphasis>> [ <<emphasis>module parameters</emphasis>> ]</programlisting>
|
<programlisting>loadmodule <<emphasis>modulename</emphasis>> [
|
||||||
|
<<emphasis>module parameters</emphasis>> ]</programlisting>
|
||||||
|
|
||||||
<para>where</para>
|
<para>where</para>
|
||||||
|
|
||||||
@ -4107,7 +4103,8 @@ LOGBURST=5</programlisting>
|
|||||||
<emphasis>moduledirectory</emphasis>; if so, then the following command is
|
<emphasis>moduledirectory</emphasis>; if so, then the following command is
|
||||||
executed:</para>
|
executed:</para>
|
||||||
|
|
||||||
<programlisting>insmod <emphasis>moduledirectory</emphasis>/<<emphasis>modulename</emphasis>>.o <<emphasis>module parameters</emphasis>></programlisting>
|
<programlisting>insmod <emphasis>moduledirectory</emphasis>/<<emphasis>modulename</emphasis>>.o
|
||||||
|
<<emphasis>module parameters</emphasis>></programlisting>
|
||||||
|
|
||||||
<para>If the file doesn't exist, the function determines of the
|
<para>If the file doesn't exist, the function determines of the
|
||||||
".o.gz" file corresponding to the module exists in the
|
".o.gz" file corresponding to the module exists in the
|
||||||
@ -4115,7 +4112,8 @@ LOGBURST=5</programlisting>
|
|||||||
that the running configuration supports compressed modules and execute the
|
that the running configuration supports compressed modules and execute the
|
||||||
following command:</para>
|
following command:</para>
|
||||||
|
|
||||||
<programlisting>insmod <emphasis>moduledirectory</emphasis>/<<emphasis>modulename</emphasis>>.o.gz <<emphasis>module parameters</emphasis>></programlisting>
|
<programlisting>insmod <emphasis>moduledirectory</emphasis>/<<emphasis>modulename</emphasis>>.o.gz
|
||||||
|
<<emphasis>module parameters</emphasis>></programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="TOS" xreflabel="/etc/shorewall/tos">
|
<section id="TOS" xreflabel="/etc/shorewall/tos">
|
||||||
@ -4326,8 +4324,7 @@ LOGBURST=5</programlisting>
|
|||||||
<example>
|
<example>
|
||||||
<title></title>
|
<title></title>
|
||||||
|
|
||||||
<programlisting>130.252.100.69
|
<programlisting>130.252.100.69 206.124.146.0/24</programlisting>
|
||||||
206.124.146.0/24</programlisting>
|
|
||||||
</example>
|
</example>
|
||||||
|
|
||||||
<para>Packets <emphasis role="bold">from</emphasis> hosts listed in the
|
<para>Packets <emphasis role="bold">from</emphasis> hosts listed in the
|
||||||
@ -4510,4 +4507,18 @@ LOGBURST=5</programlisting>
|
|||||||
<para>This file is described in the <ulink url="ECN.html">ECN Control
|
<para>This file is described in the <ulink url="ECN.html">ECN Control
|
||||||
Documentation</ulink>.</para>
|
Documentation</ulink>.</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section id="UserSets" xreflabel="/usr/shorewall/Users">
|
||||||
|
<title>/etc/shorewall/users and /etc/shorewall/usersets</title>
|
||||||
|
|
||||||
|
<para>These files are described in the<ulink url="UserSets.html">UID/GID-based
|
||||||
|
Rules Documentation</ulink> .</para>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section id="Accounting" xreflabel="/usr/shorewall/accounting">
|
||||||
|
<title>/etc/shorewall/accounting</title>
|
||||||
|
|
||||||
|
<para>This file is described in the <ulink url="Accounting.html">Traffic
|
||||||
|
Accounting Documentation</ulink>.</para>
|
||||||
|
</section>
|
||||||
</article>
|
</article>
|
Loading…
Reference in New Issue
Block a user