From 72f67478b24c6c993ae4b9cb168b8042e75b6cee Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Thu, 22 Aug 2002 21:21:41 +0000
Subject: [PATCH] Shorewall-1.3.7 Changes

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@207 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-docs/Documentation.htm              |  55 ++++---
 Shorewall-docs/Documentation_Index.htm        |   1 -
 Shorewall-docs/FAQ.htm                        | 146 +++++++++---------
 Shorewall-docs/GnuCopyright.htm               |   9 +-
 Shorewall-docs/IPIP.htm                       |   9 +-
 Shorewall-docs/IPSEC.htm                      |  68 ++++++--
 Shorewall-docs/Install.htm                    |  10 +-
 Shorewall-docs/NAT.htm                        |   9 +-
 Shorewall-docs/News.htm                       |  35 ++++-
 Shorewall-docs/PPTP.htm                       |   9 +-
 Shorewall-docs/ProxyARP.htm                   |  27 +++-
 Shorewall-docs/Shorewall_index_frame.htm      |  85 ++++++----
 Shorewall-docs/blacklisting_support.htm       |   9 +-
 Shorewall-docs/configuration_file_basics.htm  |   9 +-
 Shorewall-docs/copyright.htm                  |   9 +-
 Shorewall-docs/dhcp.htm                       |   9 +-
 Shorewall-docs/download.htm                   |  13 +-
 Shorewall-docs/errata.htm                     | 120 ++++++++++++--
 Shorewall-docs/errata_1.htm                   |   9 +-
 Shorewall-docs/errata_2.htm                   |  11 +-
 Shorewall-docs/fallback.htm                   |  11 +-
 Shorewall-docs/gnu_mailman.htm                |  13 +-
 Shorewall-docs/index.htm                      |   3 +-
 Shorewall-docs/kernel.htm                     |   9 +-
 Shorewall-docs/mailing_list.htm               |  14 +-
 Shorewall-docs/mailing_list_problems.htm      |   9 +-
 Shorewall-docs/myfiles.htm                    |  14 +-
 Shorewall-docs/ports.htm                      |  18 ++-
 Shorewall-docs/quotes.htm                     |   9 +-
 Shorewall-docs/samba.htm                      |   9 +-
 Shorewall-docs/seattlefirewall_index.htm      |  44 ++++--
 Shorewall-docs/shoreline.htm                  |  29 ++--
 Shorewall-docs/shorewall_ca_certificate.htm   |   1 -
 .../shorewall_extension_scripts.htm           |  53 ++++---
 Shorewall-docs/shorewall_features.htm         |   9 +-
 .../shorewall_firewall_structure.htm          |  26 +++-
 Shorewall-docs/shorewall_index.htm            |   1 -
 .../shorewall_mailing_list_migration.htm      |   9 +-
 Shorewall-docs/shorewall_mirrors.htm          |   9 +-
 Shorewall-docs/shorewall_prerequisites.htm    |  10 +-
 Shorewall-docs/shorewall_quickstart_guide.htm |  15 +-
 Shorewall-docs/shorewall_setup_guide.htm      |  19 ++-
 Shorewall-docs/spam_filters.htm               |  11 +-
 Shorewall-docs/standalone.htm                 |  19 ++-
 .../starting_and_stopping_shorewall.htm       |   9 +-
 Shorewall-docs/subnet_masks.htm               |   9 +-
 Shorewall-docs/support.htm                    |  17 +-
 Shorewall-docs/three-interface.htm            |   9 +-
 Shorewall-docs/traffic_shaping.htm            |   9 +-
 Shorewall-docs/troubleshoot.htm               |  11 +-
 Shorewall-docs/two-interface.htm              |  13 +-
 .../whitelisting_under_shorewall.htm          |   9 +-
 52 files changed, 783 insertions(+), 319 deletions(-)

diff --git a/Shorewall-docs/Documentation.htm b/Shorewall-docs/Documentation.htm
index b44a0319f..8964733a5 100644
--- a/Shorewall-docs/Documentation.htm
+++ b/Shorewall-docs/Documentation.htm
@@ -9,11 +9,17 @@
                     
        
   <base target="_self">
-<meta name="Microsoft Theme" content="boldstri 011, default">
+<meta name="Microsoft Theme" content="none, default">
 <meta name="Microsoft Border" content="none, default">
 </head>
  <body>
- <h1 align="center">Shorewall 1.3 Reference</h1>
+ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber4" bgcolor="#400169" height="90">
+   <tr>
+     <td width="100%">
+     <h1 align="center"><font color="#FFFFFF">Shorewall 1.3 Reference</font></h1>
+     </td>
+   </tr>
+ </table>
   
 
            
@@ -120,26 +126,14 @@ Shorewall    programs</p>
                    
       <p>Example:</p>
                    
-      <blockquote>                       
-        <pre>NET_IF=eth0
-NET_BCAST=130.252.100.255
-NET_OPTIONS=noping,norfc1918</pre>
-     </blockquote>
-                       
-        <p><br>
-     Example (/etc/shorewall/interfaces record):</p>
-                       
-        <blockquote>                           
-          <pre><font face="Courier">net $NET_IF $NET_BCAST $NET_OPTIONS</font></pre>
-     </blockquote>
-                           
-          <p>The result will be the same as if the record had been written</p>
-                           
-          <blockquote>                               
-            <pre>net eth0 130.252.100.255 noping,norfc1918</pre>
-     </blockquote>
-                               
-            <p>Variables may be used anywhere in the 
+      <pre><font face="Courier"> 	NET_IF=eth0
+	NET_BCAST=130.252.100.255
+	NET_OPTIONS=noping,norfc1918</font></pre>
+ <p>Example (/etc/shorewall/interfaces record):</p>
+ <pre>	<font face="Courier">net $NET_IF $NET_BCAST $NET_OPTIONS</font></pre>
+ <p>The result will be the same as if the record had been written</p>
+ <pre>	<font face="Courier">net eth0 130.252.100.255 noping,norfc1918</font></pre>
+ <p>Variables may be used anywhere in the 
             other configuration files.</p>
                                
                   <h2><b><a name="Zones"></a>
@@ -155,7 +149,9 @@ NET_OPTIONS=noping,norfc1918</pre>
    length and consist of lower-case letters or numbers. Short names must begin 
    with a letter and the name assigned to the firewall is reserved for       use by Shorewall itself. Note that the output produced
  by iptables is much       easier to read if you select short names that
-are  three characters or less       in length.</li>
+are  three characters or less       in length. The name &quot;all&quot; may not be used as 
+   a zone name nor may the zone name assigned to the firewall itself via the FW 
+   variable in <a href="#Conf">/etc/shorewall/shorewall.conf</a>.</li>
    <li><b>
   DISPLAY</b> - The name of the zone as displayed during Shorewall startup.</li>
    <li><b>
@@ -1989,6 +1985,12 @@ a development   snapshot as patching with version 1.9 results in kernel compilat
                                                               <p>
   This file is used to set the following firewall parameters:</p>
  <ul>
+   <li><b>FORWARDPING</b> - Added in Version 1.3.7<br>
+   When set to &quot;Yes&quot; or &quot;yes&quot;, ICMP echo-request (ping) packets from interfaces 
+   that specify &quot;filterping&quot; are ACCEPTed by the firewall. When set to &quot;No&quot; or 
+   &quot;no&quot;, such ping requests are silently dropped unless they are handled by an 
+   explicit entry in the <a href="#Rules">rules file</a>. If not specified, &quot;No&quot; 
+   is assumed.</li>
    <li><b>LOGNEWNOTSYN</b> - Added in Version 1.3.6<br>
    Beginning with version 1.3.6, Shorewall drops non-SYN TCP packets that are 
    not part of an existing connection. If you would like to log these packets, 
@@ -2104,7 +2106,10 @@ starts,        it will create the directory. Example: STATEDIR=/tmp/shorewall.<b
 "No" ("no") and specifies whether       Shorewall allows connection requests 
 that are related to an already       allowed connection. If you say "No" ("no"),
 you can       still override this setting by including "related" rules in
-       /etc/shorewall/rules ("related" given as the protocol).</li>
+       /etc/shorewall/rules ("related" given as the protocol). If you specify 
+   ALLOWRELATED=No, you will need to include rules in
+   <a href="shorewall_extension_scripts.htm">/etc/shorewall/icmpdef</a> to 
+   handle common ICMP packet types.</li>
    <li><b>
   MODULESDIR</b><br>
          This parameter specifies the directory where your kernel netfilter
@@ -2689,7 +2694,7 @@ by   Shorewall, you must have <a href="#MangleEnabled">mangle support enabled</a
                                                                         
                      
                                                                                   <p><font size="2">
-  Updated 8/14/2002 - <a href="support.htm">Tom 
+  Updated 8/22/2002 - <a href="support.htm">Tom 
 Eastep</a>
    </font></p>
                                                                         
diff --git a/Shorewall-docs/Documentation_Index.htm b/Shorewall-docs/Documentation_Index.htm
index 6e2c831ae..60fcdafc8 100644
--- a/Shorewall-docs/Documentation_Index.htm
+++ b/Shorewall-docs/Documentation_Index.htm
@@ -6,7 +6,6 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>The Documentation Index</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
diff --git a/Shorewall-docs/FAQ.htm b/Shorewall-docs/FAQ.htm
index 951f9d91c..caaaa7527 100644
--- a/Shorewall-docs/FAQ.htm
+++ b/Shorewall-docs/FAQ.htm
@@ -6,79 +6,86 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Shorewall FAQ</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
+<meta name="Microsoft Theme" content="none">
 </head>
 
 <body>
 
-<h1 align="center">Shorewall FAQs</h1>
-<h2 align="left">About Shorewall</h2>
-<blockquote>
-<p align="left"><a href="#faq13">Why do you call it &quot;Shorewall&quot;?</a></p>
-<p align="left"><a href="#faq10">What distributions does it work with?</a></p>
-<p align="left"><a href="shorewall_features.htm">What features does it support?</a></p>
-<p align="left"><a href="#faq12">Why isn't there a GUI?</a></p>
-</blockquote>
-<h2 align="left">Filtering</h2>
-<blockquote>
-<p align="left"><a href="#faq14">I'm connected via a cable modem and it has an 
-internel web server that allows me to configure/monitor it but as expected if I 
-enable rfc1918 blocking for my eth0 interface, it also blocks the cable modems 
-web server</a>.</p>
-<p align="left"><a href="#faq14a">Even though it assigns public IP addresses, my 
-ISP's DHCP server has an RFC 1918 address. If I enable RFC 1918 filtering on my 
-external interface, my DHCP client cannot renew its lease.</a></p>
-<p align="left"><a href="#faq4">I just used an online port scanner to check my 
-firewall and it shows some ports as 'closed' rather than 'blocked'. Why?</a></p>
-<p align="left"><a href="#faq4a">I just ran an nmap UDP scan of my firewall and 
-it showed 100s of ports as open!!!!</a></p>
-</blockquote>
-<h2 align="left">Port Forwarding</h2>
-<blockquote>
-<p align="left"><a href="#faq1">I want to forward UDP port 7777 to my my personal PC with IP
-address 192.168.1.5. I've looked everywhere and can't find how to do it.</a></p>
-<p align="left"><a href="#faq1a">Ok -- I followed those instructions but it 
-doesn't work.</a></p>
-<p align="left"><a href="#faq2">I port forward www requests to www.mydomain.com (IP
-130.151.100.69) to system 192.168.1.5 in my local network. External clients can browse
-http://www.mydomain.com but internal clients can't.</a></p>
-<p align="left"><a href="#faq3">I have a zone &quot;Z&quot; with an RFC1918 subnet and I
-use static NAT to assign non-RFC1918 addresses to hosts in Z. Hosts in Z cannot
-communicate with each other using their external (non-RFC1918 addresses) so they
-can't access each other using their DNS names.</a></p>
-</blockquote>
-<h2 align="left">Applications</h2>
-<blockquote>
-<p align="left"><a href="#faq3">I want to use Netmeeting with Shorewall. What do I do?</a></p>
-</blockquote>
-<h2 align="left">Connection Problems</h2>
-<blockquote>
-<p align="left"><a href="#faq5">I've installed Shorewall and now I can't ping through the
-firewall</a></p>
-<p align="left"><a href="#faq15">My local systems can't see out to the net</a></p>
-</blockquote>
-<h2 align="left">Logging</h2>
-<blockquote>
-<p align="left"><a href="#faq6">Where are the log messages written and&nbsp;
-how do I change the destination?</a></p>
-<p align="left"><a href="#faq16">Shorewall is writing log messages all over my 
-console making it unusable!</a></p>
-<p align="left"><a href="#faq6a">Are there any log parsers that work with
-Shorewall?</a></p>
-</blockquote>
-<h2 align="left">Starting and stopping the firewall</h2>
-<blockquote>
-<p align="left"><a href="#faq7">When I stop Shorewall using 'shorewall stop',
-I can't connect to anything. Why doesn't that command work?</a></p>
-<p align="left"><a href="#faq8">When I try to start Shorewall on RedHat 7.x, I
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber4" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Shorewall FAQs</font></h1>
+    </td>
+  </tr>
+</table>
+
+<p align="left"><b>1. </b><a href="#faq1">&nbsp;I want to <b>forward</b> UDP <b>
+port</b> 7777 to my my personal PC with IP address 192.168.1.5. I've looked 
+everywhere and can't find <b>how to do it</b>.</a></p>
+<p align="left"><b>1a. </b><a href="#faq1a">Ok -- I followed those instructions 
+but it doesn't work.</a></p>
+<p align="left"><b>2.</b> <a href="#faq2">I <b>port forward</b> www requests to www.mydomain.com (IP
+130.151.100.69) to system 192.168.1.5 in my local network. <b>External clients can browse</b>
+http://www.mydomain.com but <b>internal clients can't</b>.</a></p>
+<p align="left"><b>2a. </b><a href="#faq3">I have a zone &quot;Z&quot; with an RFC1918 
+subnet and I use <b>static NAT</b> to assign non-RFC1918 addresses to hosts in 
+Z. Hosts in Z cannot communicate with each other using their external 
+(non-RFC1918 addresses) so they <b>can't access each other using their DNS 
+names.</b></a></p>
+
+<p align="left"><b>3. </b><a href="#faq3">I want to use <b>Netmeeting </b>with 
+Shorewall. What do I do?</a></p>
+<p align="left"><b>4. </b><a href="#faq4">I just used an online port scanner to 
+check my firewall and it shows <b>some ports as 'closed' rather than 'blocked'.</b> 
+Why?</a></p>
+<p align="left"><b>4a. </b><a href="#faq4a">I just ran an <b>nmap UDP scan</b> 
+of my firewall and it showed 100s of ports as open!!!!</a></p>
+<p align="left"><b>5. </b><a href="#faq5">I've installed Shorewall and now I <b>
+can't ping</b> through the firewall</a></p>
+
+<p align="left"><b>6. </b><a href="#faq6">Where are the <b>log messages</b> 
+written and&nbsp; how do I <b>change the destination</b>?</a></p>
+
+<p align="left"><b>6a. </b><a href="#faq6a">Are there any <b>log parsers</b> 
+that work with Shorewall?</a></p>
+
+<p align="left"><b>7. </b><a href="#faq7">When I stop Shorewall <b>using 
+'shorewall stop', I can't connect to anything</b>. Why doesn't that command 
+work?</a></p>
+
+<p align="left"><b>8. </b><a href="#faq8">When I try to <b>start Shorewall on RedHat 7.x</b>, I
 get messages about insmod failing -- what's wrong?</a></p>
-<p align="left"><a href="#faq17">Why can't Shorewall detect my interfaces 
-properly?</a></p>
-</blockquote>
-<h2 align="left">Design</h2>
-<blockquote>
-<p align="left"><a href="#faq9">Why does Shorewall only accept IP addresses as
+
+<p align="left"><b>9. </b><a href="#faq9"><b>Why </b>does Shorewall <b>only accept IP addresses</b> as
 opposed to FQDNs?</a></p>
+
+<p align="left"><b>10. </b><a href="#faq10">What <b>distributions</b> does it 
+work with?</a></p>
+
+<p align="left"><b>11. </b><a href="#faq18">What <b>features</b> does it 
+support?</a></p>
+
+<p align="left"><b>12. </b><a href="#faq12">Why isn't there a <b>GUI</b></a></p>
+
+<p align="left"><b>13. </b><a href="#faq13">Why do you call it <b>&quot;Shorewall&quot;?</b></a></p>
+<p align="left"><b>14. </b><a href="#faq14">I'm connected via a cable modem and it has an internel 
+web server that allows me to configure/monitor it but as expected if I enable <b>
+rfc1918 blocking</b> for my eth0 interface, it also blocks the <b>cable modems 
+web server</b></a>.</p>
+<p align="left"><b>14a. </b><a href="#faq14a">Even though it assigns public IP 
+addresses, my ISP's DHCP server has an RFC 1918 address. If I enable RFC 1918 
+filtering on my external interface, <b>my DHCP client cannot renew its lease</b>.</a></p>
+
+<p align="left"><b>15. </b><a href="#faq15"><b>My local systems can't see out to 
+the net</b></a></p>
+
+<p align="left"><b>16. </b><a href="#faq16">Shorewall is writing <b>log messages 
+all over my console</b> making it unusable!</a></p>
+
+<p align="left"><b>17. </b><a href="#faq17">Why can't Shorewall <b>detect my 
+interfaces </b>properly?</a></p>
+<blockquote>
+<p align="left">&nbsp;</p>
 </blockquote>
 <hr>
 <h4 align="left"><a name="faq1"></a>1. I want to forward UDP port 7777 to my my personal PC with IP
@@ -556,11 +563,10 @@ over my console making it unusable!</h4>
 <div align="left">
   <p align="left"><b>Answer: </b>The above output is perfectly normal. The Net 
   zone is defined as all hosts that are connected through eth0 and the local 
-  zone is defined as all hosts connected through eth1.
-</div>
+  zone is defined as all hosts connected through eth1.</div>
 
 <p align="left"><font size="2">Last updated 
-7/31/2002 - <a href="support.htm">Tom
+8/15/2002 - <a href="support.htm">Tom
 Eastep</a></font></p>
 
 <p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font> 
diff --git a/Shorewall-docs/GnuCopyright.htm b/Shorewall-docs/GnuCopyright.htm
index 7b70f73ff..9edd1c7ae 100644
--- a/Shorewall-docs/GnuCopyright.htm
+++ b/Shorewall-docs/GnuCopyright.htm
@@ -6,12 +6,17 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Copyright</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-<h2><a href="#TOC1" name="SEC1">GNU Free Documentation License</a></h2>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h2 align="center"><font color="#FFFFFF">GNU Free Documentation License</font></h2>
+    </td>
+  </tr>
+</table>
 <p>Version 1.1, March 2000 </p>
 <pre>Copyright (C) 2000  Free Software Foundation, Inc.
 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
diff --git a/Shorewall-docs/IPIP.htm b/Shorewall-docs/IPIP.htm
index f0c80a4f7..c8c0e7a75 100644
--- a/Shorewall-docs/IPIP.htm
+++ b/Shorewall-docs/IPIP.htm
@@ -5,11 +5,16 @@
 <title>GRE/IPIP Tunnels</title>
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
-<h1 align="center">GRE and IPIP Tunnels</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">GRE and IPIP Tunnels</font></h1>
+    </td>
+  </tr>
+</table>
 <h3><font color="#FF6633">Warning: </font>GRE and IPIP Tunnels are insecure when used
 over the internet; use them at your own risk</h3>
 <p>GRE and IPIP tunneling with Shorewall requires iproute2 and can be used to bridge two masqueraded networks.&nbsp;GRE
diff --git a/Shorewall-docs/IPSEC.htm b/Shorewall-docs/IPSEC.htm
index 2c827b29c..fee400531 100644
--- a/Shorewall-docs/IPSEC.htm
+++ b/Shorewall-docs/IPSEC.htm
@@ -10,10 +10,15 @@
   <meta name="ProgId" content="FrontPage.Editor.Document">
          
    
-  <meta name="Microsoft Theme" content="boldstri 011, default">
-</head>
+  </head>
  <body>
- <h1 align="center">IPSEC Tunnels</h1>
+ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+   <tr>
+     <td width="100%">
+     <h1 align="center"><font color="#FFFFFF">IPSEC Tunnels</font></h1>
+     </td>
+   </tr>
+ </table>
  <h2><font color="#660066">Configuring FreeS/Wan</font></h2>
 There is an excellent guide to configuring IPSEC tunnels at<a href="http://jixen.tripod.com">
  http://jixen.tripod.com</a>
@@ -113,8 +118,28 @@ on system B, we would have:</p>
       </tbody>           
     </table></blockquote>
              
+    <p align="Left">You need to define a zone for the remote subnet or include 
+    it in your local zone. In this example, we'll assume that you have created a 
+    zone called &quot;vpn&quot; to represent the remote subnet.</p>
+              
+    <blockquote>
+    <table border="2" cellpadding="2" style="border-collapse: collapse">
+               <tr>
+              <td><strong>ZONE</strong></td>
+              <td><strong>DISPLAY</strong></td>
+              <td><strong>COMMENTS</strong></td>
+          </tr>
+          <tr>
+              <td>vpn</td>
+              <td>VPN</td>
+              <td>Remote Subnet</td>
+          </tr>
+                   
+    </table>
+ </blockquote>
+             
     <p align="Left">At both
-systems, ipsec0 would be included in /etc/shorewall/interfaces as a "gw"
+systems, ipsec0 would be included in /etc/shorewall/interfaces as a "vpn"
 interface:</p>
               
     <blockquote> 
@@ -131,7 +156,7 @@ interface:</p>
  OPTIONS</strong></td>
           </tr>
           <tr>
-              <td>gw</td>
+              <td>vpn</td>
               <td>ipsec0</td>
               <td>&nbsp;</td>
               <td>&nbsp;</td>
@@ -140,7 +165,7 @@ interface:</p>
         </tbody>             
       </table></blockquote>
                 
-      <p align="Left"> You will need to allow traffic between the &quot;gw&quot; zone and 
+      <p align="Left"> You will need to allow traffic between the &quot;vpn&quot; zone and 
       the &quot;loc&quot; zone -- if you simply want to admit all traffic in both 
       directions, you can use the policy file:</p>
                 
@@ -155,13 +180,13 @@ interface:</p>
           </tr>
           <tr>
               <td>loc</td>
-              <td>gw</td>
+              <td>vpn</td>
               <td>ACCEPT</td>
           <td>&nbsp;</td>
           </tr>
                    
           <tr>
-              <td>gw</td>
+              <td>vpn</td>
               <td>loc</td>
               <td>ACCEPT</td>
           <td>&nbsp;</td>
@@ -188,6 +213,26 @@ be able to establish a secure connection back to your local network.</p>
       <img src="images/Mobile.png" width="677" height="426">
              </font></strong></p>
                 
+    <p align="Left">You need to define a zone for the laptop or include it in 
+    your local zone. In this example, we'll assume that you have created a zone 
+    called &quot;vpn&quot; to represent the remote host.</p>
+              
+    <blockquote>
+    <table border="2" cellpadding="2" style="border-collapse: collapse">
+               <tr>
+              <td><strong>ZONE</strong></td>
+              <td><strong>DISPLAY</strong></td>
+              <td><strong>COMMENTS</strong></td>
+          </tr>
+          <tr>
+              <td>vpn</td>
+              <td>VPN</td>
+              <td>Remote Subnet</td>
+          </tr>
+                   
+    </table>
+ </blockquote>
+                
       <p align="Left"> In this
 instance, the mobile system (B) has IP address 134.28.54.2 but that cannot
 be determined in advance. In the /etc/shorewall/tunnels file on system A,
@@ -210,15 +255,14 @@ the following entry should be made:</p>
               <td>ipsec</td>
               <td>net</td>
               <td>0.0.0.0/0</td>
-              <td>gw</td>
+              <td>vpn</td>
           </tr>
                        
           </tbody>               
         </table></blockquote>
                   
         <p>Note that the GATEWAY
-ZONE column contains the name of the zone corresponding to peer subnetworks
-(<i>gw</i> in the default /etc/shorewall/zones). This indicates that the
+ZONE column contains the name of the zone corresponding to peer subnetworks. This indicates that the
 gateway system itself comprises the peer subnetwork; in other words, the
 remote gateway is a standalone system.</p>
                  
@@ -228,7 +272,7 @@ remote gateway is a standalone system.</p>
                  
         
         <p><font size="2"> Last
-updated 5/18/2002 - </font><font size="2">
+updated 8/20/2002 - </font><font size="2">
         <a href="support.htm">Tom Eastep</a></font>
  </p>
                  
diff --git a/Shorewall-docs/Install.htm b/Shorewall-docs/Install.htm
index 321ae6156..468f4b2e7 100644
--- a/Shorewall-docs/Install.htm
+++ b/Shorewall-docs/Install.htm
@@ -5,10 +5,16 @@
 <title>Shorewall Installation</title>
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
-<body><h1 align="center">Shorewall Installation</h1>
+<body>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Shorewall Installation</font></h1>
+    </td>
+  </tr>
+</table>
 
 <p><font size="4"><b><a href="#Install_RPM">Install using RPM</a><br>
 <a href="#Install_Tarball">Install
diff --git a/Shorewall-docs/NAT.htm b/Shorewall-docs/NAT.htm
index 6c7d6dadc..c72bf1388 100644
--- a/Shorewall-docs/NAT.htm
+++ b/Shorewall-docs/NAT.htm
@@ -5,13 +5,18 @@
 <title>Shorewall NAT</title>
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
 <blockquote>
-    <h1 align="center">Static NAT</h1>
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+      <tr>
+        <td width="100%">
+        <h1 align="center"><font color="#FFFFFF">Static NAT</font></h1>
+        </td>
+      </tr>
+    </table>
     <p><font color="#FF0000"><b>IMPORTANT: If all you want to do is forward 
     ports to servers behind your firewall, you do NOT want to use static NAT. 
     Port forwarding can be accomplished with simple entries in the
diff --git a/Shorewall-docs/News.htm b/Shorewall-docs/News.htm
index bd6842fa3..78ec4d63d 100644
--- a/Shorewall-docs/News.htm
+++ b/Shorewall-docs/News.htm
@@ -5,13 +5,42 @@
 <title>Shorewall News</title>
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
-<meta name="Microsoft Theme" content="none">
 </head>
 
 <body>
 
-<h1 align="center">Shorewall News Archive</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Shorewall News Archive</font></h1>
+    </td>
+  </tr>
+</table>
 
+ <p><b>8/22/2002 - Shorewall 1.3.7 Released 8/13/2002</b></p>
+                              
+ <p>Features in this release include:</p>
+                              
+ <ul>
+   <li>The 'icmp.def' file is now empty! The rules in that file were required in 
+   ipchains firewalls but are not required in Shorewall. Users who have 
+   ALLOWRELATED=No in <a href="Documentation.htm#Conf">shorewall.conf</a> should 
+   see the <a href="errata.htm#Upgrade">Upgrade Issues</a>.</li>
+   <li>A 'FORWARDPING' option has been added to <a href="Documentation.htm#Conf">
+   shorewall.conf</a>. The effect of setting this variable to Yes is the same as 
+   the effect of adding an ACCEPT rule for ICMP echo-request in
+   <a href="shorewall_extension_scripts.htm">/etc/shorewall/icmpdef</a>. Users 
+   who have such a rule in icmpdef are encouraged to switch to FORWARDPING=Yes.</li>
+   <li>The loopback CLASS A Network (127.0.0.0/8) has been added to the rfc1918 
+   file.</li>
+   <li>Shorewall now works with iptables 1.2.7</li>
+   <li>The documentation and web site no longer uses FrontPage themes.</li>
+</ul>
+                              
+ <p>I would like to thank John Distler for his valuable input regarding TCP SYN 
+ and ICMP treatment in Shorewall. That input has led to marked improvement in 
+ Shorewall in the last two releases.</p>
+                              
  <p><b>8/13/2002 - Documentation in the <a target="_top" href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">CVS Repository</a></b></p>
                               
  <p>The Shorewall-docs project now contains just the HTML and image files - the 
@@ -995,7 +1024,7 @@ version:</p>
   additional &quot;gw&quot; (gateway) zone for tunnels and it supports IPSEC
   tunnels with end-points on the firewall. There is also a .lrp available now.</b></p>
 
-    <p><font size="2">Updated 8/13/2002 - <a href="support.htm">Tom
+    <p><font size="2">Updated 8/22/2002 - <a href="support.htm">Tom
 Eastep</a> </font></p>
 
     <p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">
diff --git a/Shorewall-docs/PPTP.htm b/Shorewall-docs/PPTP.htm
index 0bcf7ba44..b8a61e6c4 100644
--- a/Shorewall-docs/PPTP.htm
+++ b/Shorewall-docs/PPTP.htm
@@ -6,12 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Shorewall PPTP</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-<h1 align="center">PPTP</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">PPTP</font></h1>
+    </td>
+  </tr>
+</table>
 
 <p align="left">Shorewall easily supports PPTP in a number of configurations:</p>
 <ul>
diff --git a/Shorewall-docs/ProxyARP.htm b/Shorewall-docs/ProxyARP.htm
index d87c18d34..c42ae0a9d 100644
--- a/Shorewall-docs/ProxyARP.htm
+++ b/Shorewall-docs/ProxyARP.htm
@@ -5,27 +5,37 @@
 <title>Shorewall Proxy ARP</title>
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
-<meta name="Microsoft Theme" content="boldstri 011, default">
+<meta name="Microsoft Theme" content="none">
 </head>
 
 <body>
 
-<blockquote>
-    <h1 align="center">Proxy ARP</h1>
-    <p>&nbsp;</p>
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+      <tr>
+        <td width="100%">
+        <h1 align="center"><font color="#FFFFFF">Proxy ARP</font></h1>
+        </td>
+      </tr>
+    </table>
     <p>Proxy ARP allows you to insert a firewall in front of a set of servers 
     without changing their IP addresses and without having to re-subnet.</p>
     <p>The following figure represents a Proxy ARP
     environment.</p>
+
+<blockquote>
     <p align="center"><strong>
-    <img src="images/proxyarp.png" width="444" height="397"></strong></p>
+    <img src="images/proxyarp.png" width="519" height="397"></strong></p>
     <blockquote>
     </blockquote>
+</blockquote>
+
     <p align="left">Proxy ARP can be used to make the systems with addresses 
     130.252.100.18 and 130.252.100.19 appear to be on the upper (130.252.100.*) 
     subnet.&nbsp; Assuming that the upper firewall interface is eth0 and the 
     lower interface is eth1, this is accomplished using the following entries in 
     /etc/shorewall/proxyarp:</p>
+
+<blockquote>
     <table border="2" cellpadding="2" style="border-collapse: collapse">
       <tr>
         <td><b>ADDRESS</b></td>
@@ -46,6 +56,8 @@
         <td>no</td>
       </tr>
     </table>
+</blockquote>
+
     <p>Be sure that the internal systems (130.242.100.18 and 130.252.100.19&nbsp; 
     in the above example) are not included in any specification in 
     /etc/shorewall/masq or /etc/shorewall/nat.</p>
@@ -56,7 +68,7 @@
     Firewall system's eth0 is configured.</p>
 <div align="left">
   <p align="left">A word of warning is in order here. ISPs typically configure 
-  there routers with a long ARP cache timeout. If you move a system from 
+  their routers with a long ARP cache timeout. If you move a system from 
   parallel to your firewall to behind your firewall with Proxy ARP, it will 
   probably be HOURS before that system can communicate with the internet. You 
   can call your ISP and ask them to purge the stale ARP cache entry but many 
@@ -86,9 +98,8 @@
   was the MAC address of the system on the lower left. In other words, the gateway's ARP cache still 
   associates 130.252.100.19 with the NIC in that system rather than with the firewall's 
   eth0.</div>
-</blockquote>
 
-<p><font size="2">Last updated 8/11/2002 - </font><font size="2">
+<p><font size="2">Last updated 8/17/2002 - </font><font size="2">
 <a href="support.htm">Tom
 Eastep</a></font> </p>
 <font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font> 
diff --git a/Shorewall-docs/Shorewall_index_frame.htm b/Shorewall-docs/Shorewall_index_frame.htm
index 8fefa6838..707727ca4 100644
--- a/Shorewall-docs/Shorewall_index_frame.htm
+++ b/Shorewall-docs/Shorewall_index_frame.htm
@@ -7,47 +7,70 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Shorewall Index</title>
 <base target="main">
-<meta name="Microsoft Theme" content="boldstri 011, default">
+<meta name="Microsoft Theme" content="none">
 </head>
 
 <body>
 <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#4B017C" height="90">
   <tr>
-    <td width="100%">
+    <td width="100%" height="90">
     <h3 align="center"><font color="#FFFFFF">Shorewall</font></h3>
     </td>
   </tr>
-</table>
-<table border="0" cellpadding="8" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber2">
   <tr>
-    <td width="14%">&nbsp;</td>
-    <td width="86%">
-<a href="seattlefirewall_index.htm">Home</a><br>
-<a target="_top" href="/1.2/index.htm">Shorewall 1.2 Home</a><br>
-<a href="shorewall_features.htm">Features</a><br>
-<a href="shorewall_prerequisites.htm">Requirements</a><br>
-<a href="download.htm">Download</a><br>
-<a href="shorewall_quickstart_guide.htm">QuickStart Guides</a><br>
-<a href="Install.htm">Installation/Upgrade<br>
-    /Configuration</a><br>
-<a href="shorewall_quickstart_guide.htm#Documentation">Documentation</a><br>
-<a href="Documentation.htm">Reference Manual</a><br>
-<a href="FAQ.htm">FAQs</a><br>
-<a href="troubleshoot.htm">Troubleshooting</a><br>
-<a href="errata.htm">Errata</a><br>
-<a href="support.htm">Support</a><br>
-<a href="mailing_list.htm">Mailing Lists</a><br>
+    <td width="100%" bgcolor="#FFFFFF">
+    <ul>
+      <li>
+<a href="seattlefirewall_index.htm">Home</a></li>
+      <li>
+<a target="_top" href="/1.2/index.htm">Shorewall 1.2 Home</a></li>
+      <li>
+<a href="shorewall_features.htm">Features</a></li>
+      <li>
+<a href="shorewall_prerequisites.htm">Requirements</a></li>
+      <li>
+<a href="download.htm">Download</a></li>
+      <li>
+<a href="shorewall_quickstart_guide.htm">QuickStart Guides</a></li>
+      <li>
+<a href="Install.htm">Installation/Upgrade/</a><br>
+<a href="Install.htm">Configuration</a></li>
+      <li>
+<a href="shorewall_quickstart_guide.htm#Documentation">Documentation</a></li>
+      <li>
+<a href="Documentation.htm">Reference Manual</a></li>
+      <li>
+<a href="FAQ.htm">FAQs</a></li>
+      <li>
+<a href="troubleshoot.htm">Troubleshooting</a></li>
+      <li>
+<a href="errata.htm">Errata/Upgrade Issues</a></li>
+      <li>
+<a href="support.htm">Support</a></li>
+      <li>
+<a href="mailing_list.htm">Mailing Lists</a></li>
+      <li>
 <a href="shorewall_mirrors.htm">Mirrors</a><ul>
-    <li><a target="_top" href="http://slovakia.shorewall.net">Slovak Republic</a></li>
-    <li><a target="_top" href="http://shorewall.infohiiway.com">Texas, USA</a></li>
-    <li><a target="_top" href="http://germany.shorewall.net">Germany</a></li>
-    <li><a target="_top" href="http://shorewall.correofuego.com.ar">Argentina</a></li>
-  </ul>
-  <a href="News.htm">News Archive</a><br>
-<a target="_top" href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">CVS Repository</a><br>
-<a href="quotes.htm">Quotes from Users</a><br>
-<a href="shoreline.htm">About the Author</a><br>
-<a href="seattlefirewall_index.htm#Donations">Donations</a></td>
+        <li><a target="_top" href="http://slovakia.shorewall.net">Slovak Republic</a></li>
+        <li><a target="_top" href="http://shorewall.infohiiway.com">Texas, USA</a></li>
+        <li><a target="_top" href="http://germany.shorewall.net">Germany</a></li>
+        <li><a target="_top" href="http://shorewall.correofuego.com.ar">Argentina</a></li>
+      </ul>
+      </li>
+    </ul>
+    <ul>
+      <li>
+  <a href="News.htm">News Archive</a></li>
+      <li>
+<a target="_top" href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">CVS Repository</a></li>
+      <li>
+<a href="quotes.htm">Quotes from Users</a></li>
+      <li>
+<a href="shoreline.htm">About the Author</a></li>
+      <li>
+<a href="seattlefirewall_index.htm#Donations">Donations</a></li>
+    </ul>
+    </td>
   </tr>
 </table>
 
diff --git a/Shorewall-docs/blacklisting_support.htm b/Shorewall-docs/blacklisting_support.htm
index c27da0af8..d6f57f189 100644
--- a/Shorewall-docs/blacklisting_support.htm
+++ b/Shorewall-docs/blacklisting_support.htm
@@ -6,12 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Blacklisting Support</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-<h1 align="center">Blacklisting Support</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Blacklisting Support</font></h1>
+    </td>
+  </tr>
+</table>
 <p>Shorewall supports two different forms of blacklisting; static and dynamic.</p>
 <h2>Static Blacklisting</h2>
 <p>Shorewall
diff --git a/Shorewall-docs/configuration_file_basics.htm b/Shorewall-docs/configuration_file_basics.htm
index c08ba2dca..7071256c0 100644
--- a/Shorewall-docs/configuration_file_basics.htm
+++ b/Shorewall-docs/configuration_file_basics.htm
@@ -6,12 +6,17 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Configuration File Basics</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-<h1 align="center">Configuration Files</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Configuration Files</font></h1>
+    </td>
+  </tr>
+</table>
       <p><b><font color="#FF0000">Warning: </font>If you copy or edit your 
       configuration files on a system running Microsoft Windows, you <u>must</u> 
       run them through <a href="http://www.megaloman.com/~hany/software/hd2u/">
diff --git a/Shorewall-docs/copyright.htm b/Shorewall-docs/copyright.htm
index 2330511e6..b4af82bdd 100644
--- a/Shorewall-docs/copyright.htm
+++ b/Shorewall-docs/copyright.htm
@@ -6,12 +6,17 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Copyright</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-<h1 align="center">Copyright</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Copyright</font></h1>
+    </td>
+  </tr>
+</table>
 <p align="left">Copyright <font face="Trebuchet MS">©</font>&nbsp; 2000, 2001 
 Thomas M Eastep<br>
 &nbsp;</p>
diff --git a/Shorewall-docs/dhcp.htm b/Shorewall-docs/dhcp.htm
index 4e68f8043..c66b6fe65 100644
--- a/Shorewall-docs/dhcp.htm
+++ b/Shorewall-docs/dhcp.htm
@@ -6,12 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>DHCP</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-<h1 align="center">DHCP</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">DHCP</font></h1>
+    </td>
+  </tr>
+</table>
 <h2 align="left">DHCP Server on your firewall</h2>
 <ul>
   <li>
diff --git a/Shorewall-docs/download.htm b/Shorewall-docs/download.htm
index fd531673a..73418d31b 100644
--- a/Shorewall-docs/download.htm
+++ b/Shorewall-docs/download.htm
@@ -6,12 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Download</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-<h1 align="center">Shorewall Download</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Shorewall Download</font></h1>
+    </td>
+  </tr>
+</table>
                                       
       <p><b>I strongly urge you to read and print a copy of the
       <a href="shorewall_quickstart_guide.htm">Shorewall QuickStart Guide</a> 
@@ -61,7 +66,7 @@ AND ISSUE A &quot;shorewall start&quot; COMMAND. SOME CONFIGURATION IS REQUIRED
 FIREWALL WILL START. IF YOU ISSUE A &quot;start&quot; COMMAND AND THE FIREWALL FAILS TO 
 START, YOUR SYSTEM WILL NO LONGER ACCEPT ANY NETWORK TRAFFIC. IF THIS HAPPENS, 
 ISSUE A &quot;shorewall clear&quot; COMMAND TO RESTORE NETWORK CONNECTIVITY.</b></font></p>
-<p>Download Latest Version (<b>1.3.6</b>): <b>Remember that updates to the mirrors 
+<p>Download Latest Version (<b>1.3.7</b>): <b>Remember that updates to the mirrors 
 occur 1-12 hours after an update to the primary site.</b></p>
 <blockquote>
   <table border="2" cellspacing="3" cellpadding="3" style="border-collapse: collapse">
@@ -211,7 +216,7 @@ Shorewall component. There's no guarantee that what you find there will work at
 all.</p>
 
 </blockquote>
-<p align="left"><font size="2">Last Updated 8/05/2002 - <a href="support.htm">Tom
+<p align="left"><font size="2">Last Updated 8/22/2002 - <a href="support.htm">Tom
 Eastep</a></font></p>
 
 <p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font> 
diff --git a/Shorewall-docs/errata.htm b/Shorewall-docs/errata.htm
index a3905ae22..6adf735d5 100644
--- a/Shorewall-docs/errata.htm
+++ b/Shorewall-docs/errata.htm
@@ -10,15 +10,19 @@
   <meta name="ProgId" content="FrontPage.Editor.Document">
      
        
-  <meta name="Microsoft Theme" content="boldstri 011, default">
+  <meta name="Microsoft Theme" content="none">
 </head>
  <body>
- <h1 align="center">Shorewall Errata/Upgrade Issues</h1>
+ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+   <tr>
+     <td width="100%">
+     <h1 align="center"><font color="#FFFFFF">Shorewall Errata/Upgrade Issues</font></h1>
+     </td>
+   </tr>
+ </table>
             
  <p align="center">
-  <font face="Century Gothic, Arial, Helvetica">
-  
-      <b><u>IMPORTANT</u></b></font></p>
+      <b><u>IMPORTANT</u></b></p>
             
  <ol>
    <li>
@@ -86,6 +90,53 @@ dos2unix</a></u>
             
           <h2 align="Left"><a name="Upgrade"></a>Upgrade Issues</h2>
                 
+                              <h3>Version &gt;= 1.3.7</h3>
+
+                              <p>Users specifying ALLOWRELATED=No in 
+                              /etc/shorewall.conf will need to include the 
+                              following rules in their /etc/shorewall/icmpdef 
+                              file (creating this file if necessary):</p>
+
+                              <pre>	run_iptables -A icmpdef -p ICMP --icmp-type echo-reply -j ACCEPT
+	run_iptables -A icmpdef -p ICMP --icmp-type source-quench -j ACCEPT
+	run_iptables -A icmpdef -p ICMP --icmp-type destination-unreachable -j ACCEPT
+	run_iptables -A icmpdef -p ICMP --icmp-type time-exceeded -j ACCEPT
+	run_iptables -A icmpdef -p ICMP --icmp-type parameter-problem -j ACCEPT</pre>
+ <p>Users having an /etc/shorewall/icmpdef file may remove the &quot;. 
+ /etc/shorewall/icmp.def&quot; command from that file since the icmp.def file is now 
+ empty.</p>
+ <h3><b><a name="Bering">Upgrading </a>Bering to 
+                              Shorewall &gt;= 1.3.3</b></h3>
+
+                              <p>To properly upgrade with Shorewall version 
+                              1.3.3 and later:</p>
+
+                              <ol>
+                                <li>Be sure you have a backup -- you will need 
+                                to transcribe any Shorewall configuration 
+                                changes that you have made to the new 
+                                configuration.</li>
+                                <li>Replace the shorwall.lrp package provided on 
+                                the Bering floppy with the later one. If you did 
+                                not obtain the later version from Jacques's 
+                                site, see additional instructions below.</li>
+                                <li>Edit the /var/lib/lrpkg/root.exclude.list 
+                                file and remove the /var/lib/shorewall entry if 
+                                present. Then do not forget to backup root.lrp !</li>
+ </ol>
+ <p>The .lrp that I release isn't set up for a two-interface firewall like 
+ Jacques's. You need to follow the <a href="two-interface.htm">instructions for 
+ setting up a two-interface firewall</a> plus you also need to add the following 
+ two Bering-specific rules to /etc/shorewall/rules:</p>
+ <blockquote>
+   <pre># Bering specific rules:
+# allow loc to fw udp/53 for dnscache to work
+# allow loc to fw tcp/80 for weblet to work
+#
+ACCEPT loc fw udp 53
+ACCEPT loc fw tcp 80</pre>
+ </blockquote>
+                
           <h3 align="Left">Version &gt;= 1.3.6</h3>
                 
           <p align="Left">If you have a pair of firewall systems configured for 
@@ -144,6 +195,38 @@ dos2unix</a></u>
                 
           <h2 align="Left"><a name="V1.3"></a>Problems in Version 1.3</h2>
                 
+          <h3 align="Left">Version 1.3.6</h3>
+                
+          <ul>
+            <li>
+                
+          <p align="Left">If ADD_SNAT_ALIASES=Yes is specified in 
+          /etc/shorewall/shorewall.conf, an error occurs when the firewall 
+          script attempts to add an SNAT alias.</li>
+ <li>
+                
+          <p align="Left">The <b>logunclean </b>and <b>dropunclean</b> options 
+          cause errors during startup when Shorewall is run with iptables 1.2.7.</li>
+</ul>
+                
+          <p align="Left">These problems are fixed in
+          <a href="http://www.shorewall.net/pub/shorewall/errata/1.3.6/firewall">
+          this correct firewall script</a> which must be installed in 
+          /var/lib/shorewall/ as described above. These problems are also 
+          corrected in version 1.3.7.</p>
+                
+          <h3 align="Left">Two-interface Samples 1.3.6 (file two-interfaces.tgz)</h3>
+                
+          <p align="Left">A line was inadvertently deleted from the &quot;interfaces 
+          file&quot; -- this line should be added back in if the version that you 
+          downloaded is missing it:</p>
+                
+          <p align="Left">net&nbsp;&nbsp;&nbsp; eth0&nbsp;&nbsp;&nbsp; detect&nbsp;&nbsp;&nbsp; 
+          routefilter,dhcp,norfc1918</p>
+                
+          <p align="Left">If you downloaded two-interfaces-a.tgz then the above 
+          line should already be in the file.</p>
+                
           <h3 align="Left">Version 1.3.5-1.3.5b</h3>
                 
           <p align="Left">The new 'proxyarp' interface option doesn't work :-( 
@@ -289,8 +372,7 @@ you are currently running RedHat 7.1, you can install either of these RPMs
             
   <p align="Left"><font color="#FF6633"><b>Update
   11/9/2001: </b></font>RedHat has
-  released an iptables-1.2.4 RPM of their own which you can download from<font face="Century Gothic, Arial, Helvetica" color="#FF6633">
-  </font><font color="#FF6633">
+  released an iptables-1.2.4 RPM of their own which you can download from<font color="#FF6633">
   <a href="http://www.redhat.com/support/errata/RHSA-2001-144.html">http://www.redhat.com/support/errata/RHSA-2001-144.html</a>.
   </font>I have installed this RPM
   on my firewall and it works fine.</p>
@@ -357,21 +439,25 @@ Aborted (core dumped)
 
                               <p>Upgrading: rpm -Uvh <i>&lt;shorewall rpm&gt;</i></p>
 
-                              <p><a name="Multiport"></a><b>Problems with 
-                              iptables version 1.2.7 and MULTIPORT=Yes</b></p>
+                              <h3><a name="Multiport"></a><b>Problems with 
+                              iptables version 1.2.7 and MULTIPORT=Yes</b></h3>
 
                               <p>The iptables 1.2.7 release of iptables has made 
                               an incompatible change to the syntax used to 
                               specify multiport match rules; as a consequence, 
-                              users who install iptables 1.2.7 must set 
-                              MULTIPORT=No in /etc/shorewall/shorewall.conf or 
-                              install
-                              <a href="http://www.shorewall.net/pub/shorewall/errata/1.3.6/firewall">
-                              this firewall script</a> in /var/lib/shorewall/firewall 
-                              as described above.</p>
+                              if you install iptables 1.2.7 you must</p>
 
-                              <p><font size="2">
- Last updated 8/14/2002 -
+                              <ul>
+                                <li>set MULTIPORT=No in 
+                                /etc/shorewall/shorewall.conf; or </li>
+                                <li>if you are running Shorewall 1.3.6 you may 
+                                install
+                                <a href="http://www.shorewall.net/pub/shorewall/errata/1.3.6/firewall">
+                                this firewall script</a> in /var/lib/shorewall/firewall 
+                                as described above.</li>
+ </ul>
+ <p><font size="2">
+ Last updated 8/22/2002 -
                               <a href="support.htm">Tom Eastep</a></font> </p>
 
  <p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font> 
diff --git a/Shorewall-docs/errata_1.htm b/Shorewall-docs/errata_1.htm
index c6b5123a1..b64dc819a 100644
--- a/Shorewall-docs/errata_1.htm
+++ b/Shorewall-docs/errata_1.htm
@@ -6,12 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Shorewall Errata for Version 1</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-<h1 align="center">Shorewall Errata for Version 1.1</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Shorewall Errata for Version 1.1</font></h1>
+    </td>
+  </tr>
+</table>
             
       <h3 align="Left"><font color="#660066"><u>To those of you who downloaded the 1.1.13 updated firewall script prior 
 to Sept 20, 2001:</u></font></h3>
diff --git a/Shorewall-docs/errata_2.htm b/Shorewall-docs/errata_2.htm
index 11355f3a7..29250ef7d 100644
--- a/Shorewall-docs/errata_2.htm
+++ b/Shorewall-docs/errata_2.htm
@@ -10,10 +10,15 @@
   <meta name="ProgId" content="FrontPage.Editor.Document">
      
        
-  <meta name="Microsoft Theme" content="boldstri 011, default">
-</head>
+  </head>
  <body>
- <h1 align="center">Shorewall 1.2 Errata</h1>
+ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="90" bgcolor="#400169">
+   <tr>
+     <td width="100%">
+     <h1 align="center"><font color="#FFFFFF">Shorewall 1.2 Errata</font></h1>
+     </td>
+   </tr>
+ </table>
             
  <p align="center">
   <font face="Century Gothic, Arial, Helvetica">
diff --git a/Shorewall-docs/fallback.htm b/Shorewall-docs/fallback.htm
index 843fa0682..b3219c5e1 100644
--- a/Shorewall-docs/fallback.htm
+++ b/Shorewall-docs/fallback.htm
@@ -5,12 +5,19 @@
 <title>Shorewall Fallback and Uninstall</title>
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-<h1 align="center">Fallback and Uninstall</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+
+<h1 align="center"><font color="#FFFFFF">Fallback and Uninstall</font></h1>
+
+    </td>
+  </tr>
+</table>
 
 <p><strong>Shorewall includes
 a </strong><a href="#fallback"><strong>fallback script</strong></a><strong>
diff --git a/Shorewall-docs/gnu_mailman.htm b/Shorewall-docs/gnu_mailman.htm
index 94a1aa0bd..702ff74be 100644
--- a/Shorewall-docs/gnu_mailman.htm
+++ b/Shorewall-docs/gnu_mailman.htm
@@ -6,13 +6,20 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>GNU Mailman</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-<h1 align="center">GNU Mailman/Postfix<br>
-the Easy Way</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">GNU Mailman/Postfix
+the Easy Way</font></h1>
+    </td>
+  </tr>
+</table>
+
+<h1 align="center">&nbsp;</h1>
 <h4>The following was posted on the Postfix mailing list on 5/4/2002 by Michael 
 Tokarev as a suggested addition to the Postfix FAQ.</h4>
 <p>Q: Mailman does not work with Postfix, complaining about GID mismatch<br>
diff --git a/Shorewall-docs/index.htm b/Shorewall-docs/index.htm
index b140d6f58..6bf808fdb 100644
--- a/Shorewall-docs/index.htm
+++ b/Shorewall-docs/index.htm
@@ -5,10 +5,9 @@
 <title>Shoreline Firewall</title>
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
-<frameset cols="237,*">
+<frameset cols="242,*">
   <frame name="contents" target="main" src="Shorewall_index_frame.htm">
   <frame name="main" src="seattlefirewall_index.htm" target="_self" scrolling="auto">
   <noframes>
diff --git a/Shorewall-docs/kernel.htm b/Shorewall-docs/kernel.htm
index 9c3e2dab0..175527399 100644
--- a/Shorewall-docs/kernel.htm
+++ b/Shorewall-docs/kernel.htm
@@ -5,11 +5,16 @@
 <title>Shorewall Kernel Configuration</title>
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
-<h1 align="center">Kernel Configuration</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Kernel Configuration</font></h1>
+    </td>
+  </tr>
+</table>
 <p>For information regarding configuring and building GNU/Linux kernels, see <a href="http://www.kernelnewbies.org">http://www.kernelnewbies.org</a>.</p>
 <p>Here's a screen shot of my Network Options Configuration:</p>
 <blockquote>
diff --git a/Shorewall-docs/mailing_list.htm b/Shorewall-docs/mailing_list.htm
index b5faeb2e0..7a0d25340 100644
--- a/Shorewall-docs/mailing_list.htm
+++ b/Shorewall-docs/mailing_list.htm
@@ -11,12 +11,14 @@
 
 <body>
 
-<h1 align="center"><a href="http://www.gnu.org/software/mailman/mailman.html">
-<img border="0" src="images/logo-sm.jpg" align="left" width="110" height="35"></a>Shorewall Mailing Lists</h1>
-
-<p align="left">&nbsp;<a href="http://www.postfix.org/"><img src="images/small-picture.gif" align="left" width="115" height="45"></a> </p>
-
-<h2 align="left">&nbsp;</h2>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><a href="http://www.gnu.org/software/mailman/mailman.html">
+<img border="0" src="images/logo-sm.jpg" align="left" hspace="5" width="110" height="35"></a><a href="http://www.postfix.org/"><img src="images/small-picture.gif" align="right" border="0" width="115" height="45"></a><font color="#FFFFFF">Shorewall Mailing Lists</font></h1>
+    </td>
+  </tr>
+</table>
 
 <p align="left">
 <b>Note: </b>The list server limits posts to 120kb.</p>
diff --git a/Shorewall-docs/mailing_list_problems.htm b/Shorewall-docs/mailing_list_problems.htm
index 167b74a39..4c76f9a6d 100644
--- a/Shorewall-docs/mailing_list_problems.htm
+++ b/Shorewall-docs/mailing_list_problems.htm
@@ -6,12 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Mailing List Problems</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-<h1 align="center">Mailing List Problems</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Mailing List Problems</font></h1>
+    </td>
+  </tr>
+</table>
 
 <h2 align="left">Shorewall.net is currently experiencing mail delivery problems
 to at least one address in each of the following domains:</h2>
diff --git a/Shorewall-docs/myfiles.htm b/Shorewall-docs/myfiles.htm
index d85d5cf6a..d39dd4de6 100644
--- a/Shorewall-docs/myfiles.htm
+++ b/Shorewall-docs/myfiles.htm
@@ -10,10 +10,16 @@
   <meta name="ProgId" content="FrontPage.Editor.Document">
  
    
-  <meta name="Microsoft Theme" content="boldstri 011, default">
+  <meta name="Microsoft Theme" content="none">
 </head>
   <body>
-      <h1 align="center">About My Network</h1>
+      <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+        <tr>
+          <td width="100%">
+          <h1 align="center"><font color="#FFFFFF">About My Network</font></h1>
+          </td>
+        </tr>
+      </table>
  
                       <blockquote> </blockquote>
   
@@ -116,10 +122,10 @@ interfaces. </p>
  
                                 <h3>Routestopped File:</h3>
  
-  <pre>	#INTERFACE	HOST(S)
+  <pre><font face="Courier" size="2">	#INTERFACE	HOST(S)
 	eth1		206.124.146.177
 	eth2 		-
-	eth3 		206.124.146.180</pre>
+	eth3 		206.124.146.180</font></pre>
   <h3>Common File: </h3>
   <pre><font size="2" face="Courier">	. /etc/shorewall/common.def
 	run_iptables -A common -p udp --sport 53 -mstate --state NEW -j DROP
diff --git a/Shorewall-docs/ports.htm b/Shorewall-docs/ports.htm
index 5a4d43b72..f205236fe 100644
--- a/Shorewall-docs/ports.htm
+++ b/Shorewall-docs/ports.htm
@@ -5,10 +5,16 @@
 <title>Shorewall Port Information</title>
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
-<body><h1 align="center">Ports required for Various Services/Applications</h1>
+<body>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Ports required for Various Services/Applications</font></h1>
+    </td>
+  </tr>
+</table>
 
 <p>In addition to those applications described in <a href="Documentation.htm">the
 /etc/shorewall/rules documentation</a>, here are some other
@@ -95,6 +101,12 @@ services/applications that you may need to configure your firewall to accommodat
   <p>Traceroute</p>
 <blockquote>
   <p>UDP ports 33434 through 33434+<i>&lt;max number of hops&gt;</i>-1</p>
+</blockquote>
+  <p>NFS</p>
+<blockquote>
+  <p>There's some good information at&nbsp;
+  <a href="http://nfs.sourceforge.net/nfs-howto/security.html">
+  http://nfs.sourceforge.net/nfs-howto/security.html</a></p>
 </blockquote>
   <p>Didn't find what you are looking for -- have you looked in your own
   /etc/services file? </p>
@@ -103,7 +115,7 @@ services/applications that you may need to configure your firewall to accommodat
   <a href="http://www.networkice.com/advice/Exploits/Ports">
   http://www.networkice.com/advice/Exploits/Ports</a></p>
 
-<p><font size="2">Last updated 7/30/2002 - </font><font size="2">
+<p><font size="2">Last updated 8/21/2002 - </font><font size="2">
 <a href="support.htm">Tom
 Eastep</a></font> </p>
 <font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font> 
diff --git a/Shorewall-docs/quotes.htm b/Shorewall-docs/quotes.htm
index bff768d67..9f3778db2 100644
--- a/Shorewall-docs/quotes.htm
+++ b/Shorewall-docs/quotes.htm
@@ -6,12 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Quotes from Shorewall Users</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-<h1 align="center">Quotes from Shorewall Users</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Quotes from Shorewall Users</font></h1>
+    </td>
+  </tr>
+</table>
                          
                       
       <p>&quot;I just installed Shorewall after weeks of messing with
diff --git a/Shorewall-docs/samba.htm b/Shorewall-docs/samba.htm
index 98d52d9a6..6656b21bf 100644
--- a/Shorewall-docs/samba.htm
+++ b/Shorewall-docs/samba.htm
@@ -6,12 +6,17 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Samba</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-<h1 align="center">Samba</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Samba</font></h1>
+    </td>
+  </tr>
+</table>
 <p>If you wish to run Samba on your firewall and access shares between the 
 firewall and local hosts, you need the following rules:</p>
 <h4>/etc/shorewall/rules:</h4>
diff --git a/Shorewall-docs/seattlefirewall_index.htm b/Shorewall-docs/seattlefirewall_index.htm
index 6db9b5750..81e76436c 100644
--- a/Shorewall-docs/seattlefirewall_index.htm
+++ b/Shorewall-docs/seattlefirewall_index.htm
@@ -11,7 +11,7 @@
                                  
    
       <base target="_self">
-  <meta name="Microsoft Theme" content="boldstri 011, default">
+  <meta name="Microsoft Theme" content="none">
 </head>
  <body>                                      
       <table border="0" cellpadding="0" cellspacing="4" style="border-collapse: collapse" width="100%" id="AutoNumber3" bgcolor="#4B017C">
@@ -63,29 +63,53 @@
                       
       <h2>News</h2>
                               
+ <p><b>8/22/2002 - Shorewall 1.3.7 Released 8/13/2002
+ <img border="0" src="images/new10.gif" width="28" height="12"> </b></p>
+                              
+ <p>Features in this release include:</p>
+                              
+      <ul>
+        <li>The 'icmp.def' file is now empty! The rules in that file were 
+        required in ipchains firewalls but are not required in Shorewall. Users 
+        who have ALLOWRELATED=No in <a href="Documentation.htm#Conf">
+        shorewall.conf</a> should see the <a href="errata.htm#Upgrade">Upgrade 
+        Issues</a>.</li>
+        <li>A 'FORWARDPING' option has been added to
+        <a href="Documentation.htm#Conf">shorewall.conf</a>. The effect of 
+        setting this variable to Yes is the same as the effect of adding an 
+        ACCEPT rule for ICMP echo-request in
+        <a href="shorewall_extension_scripts.htm">/etc/shorewall/icmpdef</a>. 
+        Users who have such a rule in icmpdef are encouraged to switch to 
+        FORWARDPING=Yes.</li>
+        <li>The loopback CLASS A Network (127.0.0.0/8) has been added to the 
+        rfc1918 file.</li>
+        <li>Shorewall now works with iptables 1.2.7.</li>
+        <li>The documentation and Web site no longer use FrontPage themes.</li>
+      </ul>
+                              
+ <p>I would like to thank John Distler for his valuable input regarding TCP SYN 
+ and ICMP treatment in Shorewall. That input has led to marked improvement in 
+ Shorewall in the last two releases.</p>
+                              
  <p><b>8/13/2002 - Documentation in the <a target="_top" href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">
- CVS Repository</a>
- <img border="0" src="images/new10.gif" width="28" height="12"></b></p>
+ CVS Repository</a></b></p>
                               
  <p>The Shorewall-docs project now contains just the HTML and image files - the 
  Frontpage files have been removed.</p>
                               
  <p><b>8/7/2002 - <i>STABLE</i></b> <b>branch added to <a target="_top" href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">
- CVS Repository</a>
- <img border="0" src="images/new10.gif" width="28" height="12"></b></p>
+ CVS Repository</a></b></p>
                               
  <p>This branch will only be updated after I release a new version of Shorewall 
  so you can always update from this branch to get the latest stable tree.</p>
                               
  <p><b>8/7/2002 - <a href="errata.htm#Upgrade">Upgrade Issues</a> section added 
- to the <a href="errata.htm">Errata Page</a>
- <img border="0" src="images/new10.gif" width="28" height="12"></b></p>
+ to the <a href="errata.htm">Errata Page</a></b></p>
                               
  <p>Now there is one place to go to look for issues involved with upgrading to 
  recent versions of Shorewall.</p>
                               
- <p><b>8/7/2002 - Shorewall 1.3.6
- <img border="0" src="images/new10.gif" width="28" height="12"></b></p>
+ <p><b>8/7/2002 - Shorewall 1.3.6</b></p>
                               
  <p>This is primarily a bug-fix rollup with a couple of new features:</p>
                               
@@ -126,7 +150,7 @@
  </table>
                       
       <p><font size="2">Updated
-      8/13/2002 - <a href="support.htm">Tom Eastep</a>
+      8/22/2002 - <a href="support.htm">Tom Eastep</a>
      </font>
                                   
                       
diff --git a/Shorewall-docs/shoreline.htm b/Shorewall-docs/shoreline.htm
index 039c60ba3..3e6239b7f 100644
--- a/Shorewall-docs/shoreline.htm
+++ b/Shorewall-docs/shoreline.htm
@@ -10,13 +10,19 @@
   <meta name="ProgId" content="FrontPage.Editor.Document">
  
    
-  <meta name="Microsoft Theme" content="boldstri 011">
+  <meta name="Microsoft Theme" content="none">
 </head>
   <body>
 
 
   
-      <h1 align="Center">Tom Eastep</h1>
+      <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+        <tr>
+          <td width="100%">
+          <h1 align="center"><font color="#FFFFFF">Tom Eastep</font></h1>
+          </td>
+        </tr>
+      </table>
   
       
   
@@ -65,16 +71,15 @@ Washington</a>
       <p>Our current home network consists of: </p>
  
   <ul>
-    <li>1.2Gz Athlon, Windows XP Pro, 320MB RAM, 40GB &amp; 8GB IDE HDs 
-    and LNE100TX (Tulip) NIC - My personal Windows system. This system also has 
-    RH7.3     installed.</li>
-    <li>PII/266, RH7.3, 320MB RAM, 20GB HD, LNE100TX(Tulip) NIC - My personal 
-    GNU/Linux System which runs Samba configured as a WINS server.</li>
-    <li>K6-2/350, RH7.3, 256MB RAM, 8GB IDE HD, EEPRO100 NIC 
+    <li>1.2Gz Athlon, Windows XP Pro, 320MB RAM, 40GB &amp; 8GB IDE HDs and LNE100TX 
+    (Tulip) NIC - My personal Windows system.</li>
+    <li>Celeron 1.4Gz, RH7.3, 256MB RAM, 60GB HD, LNE100TX(Tulip) NIC - My 
+    personal Linux System which runs Samba configured as a WINS server.</li>
+    <li>K6-2/350, RH7.3, 384MB RAM, 8GB IDE HD, EEPRO100 NIC 
 - Mail (Postfix &amp; Courier-IMAP), HTTP (Apache), FTP (Pure_ftpd), DNS server 
     (Bind).</li>
-    <li>PII/233, RH7.3 with 2.4.19 kernel, 128MB MB RAM, 2GB SCSI HD - 3 
-    LNE100TX&nbsp; (Tulip) and 1 TLAN NICs&nbsp; - Firewall running Shorewall 1.3.4 and a DHCP  
+    <li>PII/233, RH7.3 with 2.4.19 kernel, 256MB MB RAM, 2GB SCSI HD - 3 
+    LNE100TX&nbsp; (Tulip) and 1 TLAN NICs&nbsp; - Firewall running Shorewall 1.3.6 and a DHCP  
   server.  Also  runs PoPToP for     road warrior access.</li>
     <li>Duron 750, Win ME, 192MB RAM, 20GB HD, RTL8139 NIC - My wife's     personal system.</li>
     <li>PII/400 Laptop, Win2k SP2, 224MB RAM, 12GB HD, onboard EEPRO100 and     EEPRO100
@@ -83,7 +88,7 @@ in expansion base - My main work system.</li>
   <p>For more about our network see <a href="myfiles.htm">my Shorewall
   Configuration</a>.</p>
  
-      <p>The PII/266 is made by <a href="http://www.dell.com">Dell</a>. All of our 
+      <p>All of our 
       other systems are made by <a href="http://www.compaq.com">Compaq</a> (part 
       of the new <a href="http://www.hp.com/">HP</a>).. All of our Tulip NICs are <a href="http://www.netgear.com">Netgear</a>
       FA310TXs.</p>
@@ -93,7 +98,7 @@ in expansion base - My main work system.</li>
  </font></p>
 
       
-      <p><font size="2">Last updated 8/10/2002 - </font><font size="2">
+      <p><font size="2">Last updated 8/16/2002 - </font><font size="2">
       <a href="support.htm">Tom Eastep</a></font>
  </p>
   <font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font> 
diff --git a/Shorewall-docs/shorewall_ca_certificate.htm b/Shorewall-docs/shorewall_ca_certificate.htm
index 1241ebdc7..3768f568c 100644
--- a/Shorewall-docs/shorewall_ca_certificate.htm
+++ b/Shorewall-docs/shorewall_ca_certificate.htm
@@ -6,7 +6,6 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Shorewall CA Certificate</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
diff --git a/Shorewall-docs/shorewall_extension_scripts.htm b/Shorewall-docs/shorewall_extension_scripts.htm
index bb81ef009..c8689cdbe 100644
--- a/Shorewall-docs/shorewall_extension_scripts.htm
+++ b/Shorewall-docs/shorewall_extension_scripts.htm
@@ -6,12 +6,17 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Shorewall Extension Scripts</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-                                                                                  <h1 align="center">Extension Scripts</h1>
+                                                                                  <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+                                                                                    <tr>
+                                                                                      <td width="100%">
+                                                                                      <h1 align="center"><font color="#FFFFFF">Extension Scripts</font></h1>
+                                                                                      </td>
+                                                                                    </tr>
+                                                                                  </table>
                                       
                                                                                   <p>
  Extension scripts are   user-provided
@@ -41,20 +46,10 @@ been  processed.</p>
                                                                         
                                                                         
                          
-                                                                                  <p>The following two   files receive 
-special treatment:</p>
-                                                                        
- <ul>
-   <li>/etc/shorewall/common -- If this file is present, the rules that it   
+                                                                                  <p>The /etc/shorewall/common file receives special treatment. If this file is present, the rules that it   
    defines will totally replace the default rules in the common chain. These 
        default rules are contained in the file /etc/shorewall/common.def which
-       may be used as a starting point for making your own customized file.</li>
-   <li>/etc/shorewall/icmpdef -- If this file is present, the rules that it  
-    defines will totally replace the default rules in the icmpdef chain.
-These        default rules are contained in the file /etc/shorewall/icmp.def
-which  may       be used as a starting point for making your own customized
-file.</li>
-</ul>
+       may be used as a starting point for making your own customized file.</p>
                                                                         
                                                                         
                          
@@ -68,9 +63,8 @@ processing of the command.</p>
                                                                         
                         
                                                                                   <p>
-  If you decide to create /etc/shorewall/common or /etc/shorewall/icmp.def, it 
-  is a good idea to use the following technique (common file shown but the same 
-  technique applies to icmpdef).</p>
+  If you decide to create /etc/shorewall/common it is a good idea to use the 
+  following technique</p>
                                                                         
                                                                         
                         
@@ -80,25 +74,36 @@ processing of the command.</p>
                                                                         
                         
                                                                                   <blockquote>
-                                                                                    <pre>source /etc/shorewall/common.def
+                                                                                    <pre>. /etc/shorewall/common.def
 &lt;add your rules here&gt;</pre>
  </blockquote>
  <p>If you need to supercede a rule in the released common.def file, you can add 
- the superceding rule before the 'source' command. Using this technique allows 
+ the superceding rule before the '.' command. Using this technique allows 
  you to add new rules while still getting the benefit of the latest common.def 
  file.</p>
                                                                         
                                                                         
                         
- <p>Remember that /etc/shorewall/common and /etc/shorewall/icmpdef define rules 
+ <p>Remember that /etc/shorewall/common defines rules 
  that are only applied if the applicable policy is DROP or REJECT. These rules 
- are NOT applied if the policy is ACCEPT or CONTINUE.<br>
-</p>
+ are NOT applied if the policy is ACCEPT or CONTINUE.</p>
                                                                         
                                                                         
                         
-<p align="left"><font size="2">Last updated 
-8/5/2002 - <a href="support.htm">Tom
+ <p>If you set ALLOWRELATED=No in shorewall.conf, then most ICMP packets will be 
+ rejected by the firewall. It is recommended with this setting that you create 
+ the file /etc/shorewall/icmpdef and in it place the following commands:</p>
+                                                                        
+                                                                        
+                        
+                                                                                  <pre>	run_iptables -A icmpdef -p ICMP --icmp-type echo-reply -j ACCEPT
+	run_iptables -A icmpdef -p ICMP --icmp-type source-quench -j ACCEPT
+	run_iptables -A icmpdef -p ICMP --icmp-type destination-unreachable -j ACCEPT
+	run_iptables -A icmpdef -p ICMP --icmp-type time-exceeded -j ACCEPT
+	run_iptables -A icmpdef -p ICMP --icmp-type parameter-problem -j ACCEPT
+</pre>
+                                                                                  <p align="left"><font size="2">Last updated 
+8/22/2002 - <a href="support.htm">Tom
 Eastep</a></font></p>
 
 <p align="left"><a href="copyright.htm"><font size="2">Copyright  2002 Thomas M. Eastep</font></a></p>
diff --git a/Shorewall-docs/shorewall_features.htm b/Shorewall-docs/shorewall_features.htm
index afd814396..e2dff314f 100644
--- a/Shorewall-docs/shorewall_features.htm
+++ b/Shorewall-docs/shorewall_features.htm
@@ -6,12 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Shorewall Features</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-<h1 align="center">Shorewall Features</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Shorewall Features</font></h1>
+    </td>
+  </tr>
+</table>
 <ul>
   <li>Uses Netfilter's connection tracking facilities for stateful packet 
   filtering.</li>
diff --git a/Shorewall-docs/shorewall_firewall_structure.htm b/Shorewall-docs/shorewall_firewall_structure.htm
index 89dcfd7b1..ffdfd6b46 100644
--- a/Shorewall-docs/shorewall_firewall_structure.htm
+++ b/Shorewall-docs/shorewall_firewall_structure.htm
@@ -6,14 +6,19 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Shorewall Firewall Structure</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-      <h1 align="center">Firewall Structure</h1>
+      <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+        <tr>
+          <td width="100%">
+          <h1 align="center"><font color="#FFFFFF">Firewall Structure</font></h1>
+          </td>
+        </tr>
+      </table>
       <p>
- Shorewall views the network in which it is running as a set of disjoint
+ Shorewall views the network in which it is running as a set of
       <i> zones. </i>Shorewall itself defines exactly   one zone called "fw"
 which refers to the firewall system itself . The   /etc/shorewall/zones file
 is used to define additional zones and the example file   provided with Shorewall 
@@ -36,6 +41,21 @@ from the internet and from the DMZ and in       some cases, from each other.</li
  with the exception of the firewall zone, Shorewall itself attaches no meaning to
  zone names. Zone names are simply labels used to refer to a collection of
  network hosts.</p>
+ <p>While zones are normally disjoint (no two zones have a host in common), 
+ there are cases where nested or overlapping zone definitions are appropriate.</p>
+ <p>Packets entering the firewall first pass through the <i>mangle </i>table's 
+ PREROUTING chain (you can see the mangle table by typing &quot;shorewall show 
+ mangle&quot;). If the packet entered through an interface that has the <b>norfc1918</b> 
+ option, then the packet is sent down the <b>man1918</b>&nbsp; which will drop 
+ the packet if its destination IP address is reserved (as specified in the 
+ /etc/shorewall/rfc1918 file). Next the packet passes through the<b> pretos</b> 
+ chain to set its TOS field as specified in the /etc/shorewall/tos file. 
+ Finally, if traffic control/shaping is being used, the packet is sent through 
+ the<b> tcpre</b> chain to be marked for later use in policy routing or traffic 
+ control.</p>
+ <p>Next, if the packet isn't part of an established connection, it passes 
+ through the<i> nat</i> table's PREROUTING chain (you can see the nat table by 
+ typing &quot;shorewall show nat&quot;). </p>
       <p>
  Traffic entering the 
  firewall is sent to an<i> input </i>chain. If the traffic is destined for the 
diff --git a/Shorewall-docs/shorewall_index.htm b/Shorewall-docs/shorewall_index.htm
index 0624df8b4..bede1c576 100644
--- a/Shorewall-docs/shorewall_index.htm
+++ b/Shorewall-docs/shorewall_index.htm
@@ -5,7 +5,6 @@
 <title>Shoreline Firewall</title>
 <meta name="GENERATOR" content="Microsoft FrontPage 4.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
-<meta name="Microsoft Theme" content="boldstri 011, default">
 <meta name="Microsoft Border" content="none, default">
 </head>
 
diff --git a/Shorewall-docs/shorewall_mailing_list_migration.htm b/Shorewall-docs/shorewall_mailing_list_migration.htm
index 054eb4a46..d39573fe8 100644
--- a/Shorewall-docs/shorewall_mailing_list_migration.htm
+++ b/Shorewall-docs/shorewall_mailing_list_migration.htm
@@ -6,12 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Shorewall Mailing List Migration</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-<h1 align="center">Shorewall Mailing List Migration</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Shorewall Mailing List Migration</font></h1>
+    </td>
+  </tr>
+</table>
 <p align="left">If you are a current subscriber to the Shorewall mailing list at
 <a href="http://sourceforge.net">Sourceforge</a>, please do the following:</p>
 <ol>
diff --git a/Shorewall-docs/shorewall_mirrors.htm b/Shorewall-docs/shorewall_mirrors.htm
index 01bf4e6ff..a99d161ed 100644
--- a/Shorewall-docs/shorewall_mirrors.htm
+++ b/Shorewall-docs/shorewall_mirrors.htm
@@ -6,12 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Shorewall Mirrors</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-<h1 align="center">Shorewall Mirrors</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Shorewall Mirrors</font></h1>
+    </td>
+  </tr>
+</table>
 
 <p align="left"><b>Remember that updates to the mirrors are often delayed for 
 6-12 hours after an update to the primary site.</b></p>
diff --git a/Shorewall-docs/shorewall_prerequisites.htm b/Shorewall-docs/shorewall_prerequisites.htm
index 2a3eb83d4..56067978f 100644
--- a/Shorewall-docs/shorewall_prerequisites.htm
+++ b/Shorewall-docs/shorewall_prerequisites.htm
@@ -6,13 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Shorewall Prerequisites</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-<h1 align="center">Shorewall Requirements</h1>
-<p align="center">&nbsp;</p>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Shorewall Requirements</font></h1>
+    </td>
+  </tr>
+</table>
 <ul>
   <li>A kernel that supports netfilter. I've tested with 2.4.2 - 2.4.19. <a href="kernel.htm">
     Check here for kernel configuration       information.</a>
diff --git a/Shorewall-docs/shorewall_quickstart_guide.htm b/Shorewall-docs/shorewall_quickstart_guide.htm
index 5c3d47df5..bcd097d68 100644
--- a/Shorewall-docs/shorewall_quickstart_guide.htm
+++ b/Shorewall-docs/shorewall_quickstart_guide.htm
@@ -6,13 +6,19 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Shorewall QuickStart Guide</title>
-<meta name="Microsoft Theme" content="boldstri 011">
+<meta name="Microsoft Theme" content="none">
 </head>
 
 <body>
 
-<h1 align="center">Shorewall QuickStart Guides<br>
-Version 3.0</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Shorewall QuickStart Guides<br>
+Version 3.0</font></h1>
+    </td>
+  </tr>
+</table>
 
 <p align="center">With thanks to Richard who reminded me once again that we must 
 all first walk before we can run.</p>
@@ -69,7 +75,7 @@ explained in the single-address guides above.</p>
 </ul>
 <h2><a name="Documentation"></a>Additional Documentation</h2>
 <p>The following documentation covers a variety of topics and supplements the 
-QuickStart Guides described above.</p>
+<a href="shorewall_quickstart_guide.htm">QuickStart Guides</a> described above.</p>
 <ul>
   <li><a href="blacklisting_support.htm">Blacklisting</a><ul>
     <li>Static Blacklisting using /etc/shorewall/blacklist</li>
@@ -126,6 +132,7 @@ QuickStart Guides described above.</p>
   <li><a href="samba.htm">Samba</a></li>
   <li><font color="#000099"><a href="starting_and_stopping_shorewall.htm">Starting/stopping the Firewall</a></font></li>
   <li><font color="#000099"><a href="NAT.htm">Static NAT</a></font></li>
+  <li><a href="traffic_shaping.htm">Traffic Shaping/Control</a></li>
   <li>Tunnels<ul>
     <li><a href="IPSEC.htm">IPSEC</a></li>
     <li><a href="IPIP.htm">GRE and IPIP</a></li>
diff --git a/Shorewall-docs/shorewall_setup_guide.htm b/Shorewall-docs/shorewall_setup_guide.htm
index e99e5abfe..fefe0e2ab 100644
--- a/Shorewall-docs/shorewall_setup_guide.htm
+++ b/Shorewall-docs/shorewall_setup_guide.htm
@@ -6,7 +6,7 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Shorewall Setup Guide</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
+<meta name="Microsoft Theme" content="none">
 </head>
 
 <body>
@@ -46,6 +46,10 @@ know more about Shorewall than is contained in the
 guides</a>. Because the 
 range of possible applications is so broad, the Guide will give you general 
 guidelines and will point you to other resources as necessary.</p>
+<p><img border="0" src="images/j0213519.gif" width="60" height="60">&nbsp;&nbsp;&nbsp; 
+If you run LEAF Bering, your Shorewall configuration is NOT what I release -- I 
+suggest that you consider installing a stock Shorewall lrp from the 
+shorewall.net site before you proceed.</p>
 <p>This guide assumes that you have the iproute/iproute2 package installed (on 
 RedHat, the package is called <i>iproute</i>)<i>. </i>You can tell if this 
 package is installed by the presence of an <b>ip</b> program on your firewall 
@@ -730,6 +734,13 @@ table but if we logically and that address with 255.255.255.0, the result is
     <pre>192.168.1.0     0.0.0.0 	255.255.255.0 	U     40  0         0 eth2</pre>
   </blockquote>
   <p>So to route a packet to 192.168.1.5, the packet is sent directly over eth2.</div>
+<p align="left">One more thing needs to be emphasized -- all outgoing packet are 
+sent using the routing table and reply packets are not a special case. There 
+seems to be a common mis-conception whereby people think that request packets 
+are like salmon and contain a genetic code that is magically transferred to 
+reply packets so that the replies follow the reverse route taken by the request. 
+That isn't the case; the replies may take a totally different route back to the 
+client than was taken by the requests -- they are totally independent.</p>
 <h3 align="left"><a name="ARP"></a>4.4 Address Resolution Protocol</h3>
 <p align="left">When sending packets over Ethernet, IP addresses aren't used. 
 Rather Ethernet addressing is based on <i>Media Access Control</i> (MAC) 
@@ -1123,7 +1134,7 @@ Destination 	Gateway 	Genmask 	Flags MSS Window irtt Iface
   host routes thru eth2 to 192.0.2.177 and 192.0.2.178.</div>
 <div align="left">
   <p align="left">A word of warning is in order here. ISPs typically configure 
-  there routers with a long ARP cache timeout. If you move a system from 
+  their routers with a long ARP cache timeout. If you move a system from 
   parallel to your firewall to behind your firewall with Proxy ARP, it will 
   probably be HOURS before that system can communicate with the internet. You 
   can call your ISP and ask them to purge the stale ARP cache entry but many 
@@ -2347,11 +2358,11 @@ foobar.net.	86400	IN A	192.0.2.177
   test it using the <a href="Documentation.htm#Starting">&quot;shorewall try&quot; command</a>.</div>
 
 <p align="left"><font size="2">Last updated 
-8/10/2002 - <a href="support.htm">Tom
+8/18/2002 - <a href="support.htm">Tom
 Eastep</a></font></p>
 
 <p align="left"><a href="copyright.htm"><font size="2">Copyright  2002 Thomas M. Eastep</font></a></p>
 
     </body>
 
-</html>
+</html>
\ No newline at end of file
diff --git a/Shorewall-docs/spam_filters.htm b/Shorewall-docs/spam_filters.htm
index e78e581f0..b230cdda6 100644
--- a/Shorewall-docs/spam_filters.htm
+++ b/Shorewall-docs/spam_filters.htm
@@ -6,12 +6,19 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>SPAM Filters</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-<h1 align="center">SPAM Filters<br>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">SPAM Filters</font></h1>
+    </td>
+  </tr>
+</table>
+
+<h1 align="center"><br>
 <a href="http://ordb.org">
 <img border="0" src="images/but3.png" hspace="3" width="88" height="31"></a></h1>
 <p>Like all of you, I'm concerned about the increasing volume of Unsolicited
diff --git a/Shorewall-docs/standalone.htm b/Shorewall-docs/standalone.htm
index b14242d05..c09af0eda 100644
--- a/Shorewall-docs/standalone.htm
+++ b/Shorewall-docs/standalone.htm
@@ -6,12 +6,19 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Standalone Firewall</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-<h1 align="center">Standalone Firewall</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber6" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+
+<h1 align="center"><font color="#FFFFFF">Standalone Firewall</font></h1>
+
+    </td>
+  </tr>
+</table>
 
 <h2 align="center">Version 2.0.1</h2>
 <p align="left">Setting up Shorewall on a standalone Linux system is very easy if you understand the basics and follow the 
@@ -93,7 +100,7 @@ file for you).</p>
 <p>The /etc/shorewall/policy file included with the one-interface sample has the 
 following policies:</p>
 <blockquote>
-  <table border="1" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber3">
+  <table border="1" cellpadding="2" style="border-collapse: collapse" id="AutoNumber3">
     <tr>
       <td><u><b>SOURCE ZONE</b></u></td>
       <td><u><b>DESTINATION ZONE</b></u></td>
@@ -185,7 +192,7 @@ use in private networks:</p>
   <p align="left">If you wish to enable connections from the internet to your firewall, the general format is:</div>
 <div align="left">
   <blockquote>
-    <table border="1" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber4">
+    <table border="1" cellpadding="2" style="border-collapse: collapse" id="AutoNumber4">
       <tr>
         <td><u><b>ACTION</b></u></td>
         <td><u><b>SOURCE</b></u></td>
@@ -212,7 +219,7 @@ use in private networks:</p>
   system:</div>
 <div align="left">
   <blockquote>
-    <table border="1" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5">
+    <table border="1" cellpadding="2" style="border-collapse: collapse" id="AutoNumber5">
       <tr>
         <td><u><b>ACTION</b></u></td>
         <td><u><b>SOURCE</b></u></td>
@@ -252,7 +259,7 @@ use in private networks:</p>
   access to your firewall from the internet, use SSH:</div>
 <div align="left">
   <blockquote>
-    <table border="1" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber4">
+    <table border="1" cellpadding="2" style="border-collapse: collapse" id="AutoNumber4">
       <tr>
         <td><u><b>ACTION</b></u></td>
         <td><u><b>SOURCE</b></u></td>
diff --git a/Shorewall-docs/starting_and_stopping_shorewall.htm b/Shorewall-docs/starting_and_stopping_shorewall.htm
index 89bf70f77..67cc82150 100644
--- a/Shorewall-docs/starting_and_stopping_shorewall.htm
+++ b/Shorewall-docs/starting_and_stopping_shorewall.htm
@@ -6,14 +6,19 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Starting and Stopping Shorewall</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
                                                                         
                      
-                                                                                <h1 align="center">Starting/Stopping and Monitoring the Firewall</h1>
+                                                                                <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+                                                                                  <tr>
+                                                                                    <td width="100%">
+                                                                                    <h1 align="center"><font color="#FFFFFF">Starting/Stopping and Monitoring the Firewall</font></h1>
+                                                                                    </td>
+                                                                                  </tr>
+                                                                                </table>
                                                                         
                                                                         
                      
diff --git a/Shorewall-docs/subnet_masks.htm b/Shorewall-docs/subnet_masks.htm
index 5eb644ecc..d3d0b3159 100644
--- a/Shorewall-docs/subnet_masks.htm
+++ b/Shorewall-docs/subnet_masks.htm
@@ -6,12 +6,17 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Subnet Masks</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-<h1 align="center">Subnet Masks/VLSM Notation</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Subnet Masks/VLSM Notation</font></h1>
+    </td>
+  </tr>
+</table>
 <p align="left">IP addresses and subnet masks are 32-bit numbers. The notation 
 w.x.y.z refers to an address where the high-order byte has value &quot;w&quot;, the next 
 byte has value &quot;x&quot;, etc. If we take 255.255.255.0 and express it in 
diff --git a/Shorewall-docs/support.htm b/Shorewall-docs/support.htm
index befd8a1cb..79ce8991f 100644
--- a/Shorewall-docs/support.htm
+++ b/Shorewall-docs/support.htm
@@ -6,12 +6,18 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Support</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
+<meta name="Microsoft Theme" content="none">
 </head>
 
 <body>
 
-<h1 align="center">Shorewall Support</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Shorewall Support</font></h1>
+    </td>
+  </tr>
+</table>
 
 <h3 align="left">Before Reporting a Problem</h3>
 <blockquote>
@@ -92,7 +98,10 @@ isn't working? For example, if "ssh" isn't able     to connect, using the
 </ul>
 <h3>Where to Send your Problem
 Report or to Ask for Help</h3>
-<p>Please post your question or problem to the
+<h4>If you run Shorewall under Bering -- <span style="font-weight: 400">please 
+post your question or problem to the
+<a href="mailto:leaf-user@lists.sourceforge.net">LEAF Users mailing list</a>.</span></h4>
+<p>Otherwise, please post your question or problem to the
 <a href="mailto:shorewall-users@shorewall.net">Shorewall users mailing list</a>; 
 there are lots of folks there who are willing to help you. Your question/problem 
 description and their responses will be placed in the mailing list archives to 
@@ -107,7 +116,7 @@ to respond promptly to mailing list posts.&nbsp;&nbsp; <a href="mailto:teastep@s
 <p>To Subscribe to the  mailing list go to <a href="http://www.shorewall.net/mailman/listinfo/shorewall-users">http://www.shorewall.net/mailman/listinfo/shorewall-users</a>
     .</p>
                               
-<p align="left"><font size="2">Last Updated 8/5/2002 - Tom
+<p align="left"><font size="2">Last Updated 8/17/2002 - Tom
 Eastep</font></p>
 
 <p align="left"><font face="Trebuchet MS"><a href="copyright.htm">
diff --git a/Shorewall-docs/three-interface.htm b/Shorewall-docs/three-interface.htm
index ea100a5b6..ad554638d 100644
--- a/Shorewall-docs/three-interface.htm
+++ b/Shorewall-docs/three-interface.htm
@@ -6,12 +6,17 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Three-Interface Firewall</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-<h1 align="center">Three-Interface Firewall</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber5" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Three-Interface Firewall</font></h1>
+    </td>
+  </tr>
+</table>
 
 <h2 align="center">Version 2.0.1</h2>
 <p align="left">Setting up a Linux system as a firewall for a small network with 
diff --git a/Shorewall-docs/traffic_shaping.htm b/Shorewall-docs/traffic_shaping.htm
index 12e2fc37b..22092ef11 100644
--- a/Shorewall-docs/traffic_shaping.htm
+++ b/Shorewall-docs/traffic_shaping.htm
@@ -6,12 +6,17 @@
 <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <title>Traffic Shaping</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-<h1 align="center">Traffic Shaping/Control</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Traffic Shaping/Control</font></h1>
+    </td>
+  </tr>
+</table>
 <p align="left">Beginning with version 1.2.0, Shorewall has limited support for traffic
 shaping/control. In order to use traffic shaping under Shorewall, it is
 essential that you get a copy of the <a href="http://ds9a.nl/lartc">Linux Advanced Routing
diff --git a/Shorewall-docs/troubleshoot.htm b/Shorewall-docs/troubleshoot.htm
index c184d0703..43ae1333e 100644
--- a/Shorewall-docs/troubleshoot.htm
+++ b/Shorewall-docs/troubleshoot.htm
@@ -10,13 +10,18 @@
   <meta name="ProgId" content="FrontPage.Editor.Document">
  
    
-  <meta name="Microsoft Theme" content="boldstri 011, default">
-</head>
+  </head>
   <body>
 
 
     
-      <h1 align="center">Shorewall Troubleshooting</h1>
+      <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+        <tr>
+          <td width="100%">
+          <h1 align="center"><font color="#FFFFFF">Shorewall Troubleshooting</font></h1>
+          </td>
+        </tr>
+      </table>
    
 
     
diff --git a/Shorewall-docs/two-interface.htm b/Shorewall-docs/two-interface.htm
index 3ed7f1775..b8867ba10 100644
--- a/Shorewall-docs/two-interface.htm
+++ b/Shorewall-docs/two-interface.htm
@@ -6,12 +6,18 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Two-Interface Firewall</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
+<meta name="Microsoft Theme" content="none">
 </head>
 
 <body>
 
-<h1 align="center">Basic Two-Interface Firewall</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber5" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Basic Two-Interface Firewall</font></h1>
+    </td>
+  </tr>
+</table>
 <p align="left">Setting up a Linux system as a firewall for a small network is a 
 fairly straight-forward task if you understand the basics and follow the 
 documentation.</p>
@@ -53,8 +59,7 @@ copy before using it with Shorewall.</p>
 <p>The configuration files for Shorewall are contained in the directory 
 /etc/shorewall -- for simple setups, you will only need to deal with a few of 
 these as described in this guide.  After you have <a href="Install.htm">installed Shorewall</a>, 
-download the <a href="/pub/shorewall/LATEST.samples/two-interfaces.tgz">
-two-interface sample</a>, un-tar it (tar -zxvf two-interfaces.tgz) and and copy the files to /etc/shorewall 
+download the <a href="/pub/shorewall/LATEST.samples/two-interfaces.tgz">two-interface sample</a>, un-tar it (tar -zxvf two-interfaces.tgz) and and copy the files to /etc/shorewall 
 (these files will replace files with the same name).</p>
 <p>As each file is introduced, I suggest that you 
 look through the actual file on your system -- each file contains detailed 
diff --git a/Shorewall-docs/whitelisting_under_shorewall.htm b/Shorewall-docs/whitelisting_under_shorewall.htm
index d8b9776e6..c0a706c56 100644
--- a/Shorewall-docs/whitelisting_under_shorewall.htm
+++ b/Shorewall-docs/whitelisting_under_shorewall.htm
@@ -6,12 +6,17 @@
 <meta name="ProgId" content="FrontPage.Editor.Document">
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 <title>Whitelisting under Shorewall</title>
-<meta name="Microsoft Theme" content="boldstri 011, default">
 </head>
 
 <body>
 
-<h1 align="center">Whitelisting under Shorewall</h1>
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
+  <tr>
+    <td width="100%">
+    <h1 align="center"><font color="#FFFFFF">Whitelisting under Shorewall</font></h1>
+    </td>
+  </tr>
+</table>
 <p align="left">For a brief time, the 1.2 version of Shorewall supported an 
 /etc/shorewall/whitelist file. This file was intended to contain a list of IP 
 addresses of hosts whose POLICY to all zones was ACCEPT. The whitelist file was