holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Minor Updates

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@813 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2003-12-09 18:32:39 +00:00
parent 795c791669
commit 8647348873
6 changed files with 197 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Shorewall-docs/Documentation.htm
View File

@ -105,6 +105,15 @@ rules. This file was added in version 1.4.7.<br>
(/var/lib/shorewall in version 1.3.2-1.3.8 and /usr/lib/shorewall
beginning in version 1.3.9) that describes the version of Shorewall
installed on your system.</li>
<li><a href="UserSets.html" style="font-weight: bold;">users and
usersets</a> - files in /etc/shorewall allowing connections originating
on the firewall to be policed by the user id and/or group id of the
user.</li>
<li><a href="User_defined_Actions.html"><span
style="font-weight: bold;">actions and action.template</span></a> -
files in /etc/shorewall that allow you to define your own actions for
rules in /etc/shorewall/rules.<br>
</li>
</ul>
<h2><a name="Variables"></a> /etc/shorewall/params</h2>
<p>You may use the file /etc/shorewall/params file to set shell
@ -1189,6 +1198,9 @@ facility is provided to allow interfacing to <a
protocol specified in the PROTO column is TCP ("tcp", "TCP" or "6"),
Shorewall will only pass connection requests (SYN packets) to user
space. This is for compatibility with ftwall.</li>
<li>A <a href="User_defined_Actions.html">&lt;user-defined
action&gt;</a> (Shorewall 1.4.9 and later)<br>
</li>
</ul>
<p>Beginning with Shorewall version 1.4.7, you may rate-limit the
rule by optionally following ACCEPT, DNAT[-], REDIRECT[-] or LOG with<br>
@ -2846,7 +2858,7 @@ Validation Documentation</a>.<br>
<h2><a name="ECN"></a>/etc/shorewall/ecn (Added in Version 1.4.0)</h2>
This file is described in the <a href="ECN.html">ECN Control
Documentation</a>.<br>
<p><font size="-1"> Updated 11/15/2003 - <a href="support.htm">Tom
<p><font size="-1"> Updated 12/08/2003 - <a href="support.htm">Tom
Eastep</a>
</font></p>
<p><a href="copyright.htm"><font size="2">Copyright</font> © <font

5
Shorewall-docs/configuration_file_basics.htm
View File

@ -63,7 +63,10 @@ at the completion of a "shorewall stop".</li>
<li>/etc/shorewall/accounting - define IP traffic accounting rules</li>
<li>/etc/shorewall/usersets and /etc/shorewall/users - define sets of
users/groups with
similar access rights<br>
similar access rights</li>
<li>/etc/shorewall/actions and /etc/shorewall/action.template -
define your own actions for rules in /etc/shorewall/rules (shorewall
1.4.9 and later).<br>
</li>
</ul>
<h2>Comments</h2>

5
Shorewall-docs/mailing_list.htm
View File

@ -156,7 +156,10 @@ reporting guidelines</a>.<br>
href="https://lists.shorewall.net/mailman/listinfo/shorewall-newbies"
target="_top">https//lists.shorewall.net/mailman/listinfo/shorewall-newbies</a></p>
<p align="left"> To post to the list, post to <a
href="mailto:shorewall-newbies@lists.shorewall.net">shorewall-newbies@lists.shorewall.net</a>.</p>
href="mailto:shorewall-newbies@lists.shorewall.net">shorewall-newbies@lists.shorewall.net</a>.<br>
</p>
<p align="left">The list archives are at <a
href="http://lists.shorewall.net/pipermail/shorewall-newbies/index.html">http://lists.shorewall.net/pipermail/shorewall-newbies</a>.</p>
<h2 align="left">Shorewall Users Mailing List</h2>
<p align="left">The Shorewall Users Mailing list provides a way for
users to get answers to questions and to report problems. Information

93
Shorewall-docs/seattlefirewall_index.htm
View File

@ -104,10 +104,92 @@ setup that matches the documentation on this site. See the <a
href="two-interface.htm">Two-interface QuickStart Guide</a> for
details.<br>
<h2>News</h2>
<p><b>12/07/2003 - Shorewall 1.4.9 Beta 1 </b><b> <img
style="border: 0px solid ; width: 28px; height: 12px;"
src="images/new10.gif" alt="(New)" title=""><br>
</b></p>
<div style="margin-left: 40px;"><a
href="http://shorewall.net/pub/shorewall/Beta">http://shorewall.net/pub/shorewall/Beta</a><br>
<a href="ftp://shorewall.net/pub/shorewall/Beta" target="_top">ftp://shorewall.net/pub/shorewall/Beta</a><br>
</div>
<p>Problems Corrected since version 1.4.8:<br>
</p>
<ol>
<li>There has been a low continuing level of confusion over the
terms "Source NAT" (SNAT) and "Static NAT". To avoid future confusion,
all instances of "Static NAT" have been replaced with "One-to-one NAT"
in the documentation and configuration files.</li>
<li>The description of NEWNOTSYN in shorewall.conf has been
reworded for clarity.</li>
<li>Wild-card rules (those involving "all" as SOURCE or DEST)
will no longer produce an error if they attempt to add a rule that would
override a NONE policy. The logic for expanding these wild-card rules
now simply skips those (SOURCE,DEST) pairs that have a NONE policy.<br>
</li>
</ol>
<p>Migration Issues:<br>
<br>
&nbsp;&nbsp;&nbsp; None.<br>
<br>
New Features:<br>
</p>
<ol>
<li>To cut down on the number of "Why are these ports closed
rather than stealthed?" questions, the SMB-related rules in
/etc/shorewall/common.def have been changed from 'reject' to 'DROP'.</li>
<li>For easier identification, packets logged under the
'norfc1918' interface option are now logged out of chains named
'rfc1918'. Previously, such packets were logged under chains named
'logdrop'.</li>
<li>Distributors and developers seem to be regularly inventing
new naming conventions for kernel modules. To avoid the need to change
Shorewall code for each new convention, the MODULE_SUFFIX option has
been added to shorewall.conf. MODULE_SUFFIX may be set to the suffix
for module names in your particular distribution. If MODULE_SUFFIX is
not set in shorewall.conf, Shorewall will use the list "o gz ko o.gz".<br>
<br>
To see what suffix is used by your distribution:<br>
<br>
ls /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter<br>
<br>
All of the files listed should have the same suffix (extension). Set
MODULE_SUFFIX to that suffix.<br>
<br>
Examples:<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp; If all files end in ".kzo" then set
MODULE_SUFFIX="kzo"<br>
&nbsp;&nbsp;&nbsp;&nbsp; If all files end in ".kz.o" then set
MODULE_SUFFIX="kz.o"</li>
<li>Support for user defined rule ACTIONS has been implemented
through two new files:<br>
<br>
/etc/shorewall/actions - used to list the user-defined ACTIONS.<br>
/etc/shorewall/action.template - For each user defined &lt;action&gt;,
copy this file to /etc/shorewall/action.&lt;action&gt; and add the
appropriate rules for that &lt;action&gt;. Once an &lt;action&gt; has
been defined, it may be used like any of the builtin ACTIONS (ACCEPT,
DROP, etc.) in /etc/shorewall/rules.<br>
<br>
Example: You want an action that logs a packet at the 'info' level and
accepts the connection.<br>
<br>
In /etc/shorewall/actions, you would add:<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp; LogAndAccept<br>
<br>
You would then copy /etc/shorewall/action.template to
/etc/shorewall/LogAndAccept and in that file, you would add the two
rules:<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; LOG:info<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ACCEPT<br>
<br>
</li>
</ol>
<p><b>12/03/2003 - Support Torch Passed</b><b> <img
style="border: 0px solid ; width: 28px; height: 12px;"
src="images/new10.gif" alt="(New)" title=""></b></p>
<p>Effective today, I am reducing my participation in the
Effective today, I am reducing my participation in the
day-to-day support of Shorewall. As part of this shift to
community-based Shorewall support a new <a
href="https://lists.shorewall.net/mailman/listinfo/shorewall-newbies">Shorewall
@ -115,11 +197,8 @@ Newbies mailing list</a> has been established to field questions and
problems from new users. I will not monitor that list personally. I
will continue my active development of Shorewall
and will be available via the development list to handle development
issues -- Tom.<br>
</p>
<p><b>11/07/2003 - Shorewall 1.4.8</b><b> <img
style="border: 0px solid ; width: 28px; height: 12px;"
src="images/new10.gif" alt="(New)" title=""></b><b><br>
issues -- Tom.
<p><b>11/07/2003 - Shorewall 1.4.8</b><b><br>
<br>
</b>Problems Corrected since version 1.4.7:<br>
</p>
@ -348,7 +427,7 @@ Children's Foundation</a>. Thanks!</big><br>
</table>
</center>
</div>
<p><font size="2">Updated 12/02/2003 - <a href="support.htm">Tom Eastep</a></font>
<p><font size="2">Updated 12/07/2003 - <a href="support.htm">Tom Eastep</a></font>
<br>
</p>
</body>

11
Shorewall-docs/shorewall_quickstart_guide.htm
View File

@ -97,7 +97,7 @@ in Shorewall</a> </li>
</ul>
<li><a href="Documentation.htm">Configuration File Reference Manual</a>
<ul>
<li> <a href="Documentation.htm#Variables">params</a></li>
<li><a href="Documentation.htm#Variables">params</a></li>
<li><font color="#000099"><a href="Documentation.htm#Zones">zones</a></font></li>
<li><font color="#000099"><a href="Documentation.htm#Interfaces">interfaces</a></font></li>
<li><font color="#000099"><a href="Documentation.htm#Hosts">hosts</a></font></li>
@ -116,7 +116,10 @@ in Shorewall</a> </li>
<li><a href="Documentation.htm#rfc1918">rfc1918</a></li>
<li><a href="Documentation.htm#Routestopped">routestopped</a></li>
<li><a href="Accounting.html">accounting</a></li>
<li><a href="UserSets.html">usersets and users</a><br>
<li><a href="UserSets.html">usersets and users</a></li>
<li><a href="MAC_Validation.html">maclist</a></li>
<li><a href="User_defined_Actions.html">actions and
action.template</a><br>
</li>
</ul>
</li>
@ -244,6 +247,8 @@ Firewall</a></font></li>
<li><a href="traffic_shaping.htm">Traffic Shaping/QOS</a></li>
<li><a href="troubleshoot.htm">Troubleshooting (Things to try if it
doesn't work)</a></li>
<li><a href="User_defined_Actions.html">User-defined Actions</a><br>
</li>
<li><a href="UserSets.html">UID/GID Based Rules</a><br>
</li>
<li><a href="upgrade_issues.htm">Upgrade Issues</a><br>
@ -268,7 +273,7 @@ firewall to a remote network.</li>
</ul>
<p>If you use one of these guides and have a suggestion for improvement
<a href="mailto:webmaster@shorewall.net">please let me know</a>.</p>
<p><font size="2">Last modified 11/22/2003 - <a href="support.htm">Tom
<p><font size="2">Last modified 12/08/2003 - <a href="support.htm">Tom
Eastep</a></font></p>
<p><a href="copyright.htm"><font size="2">Copyright 2002, 2003 Thomas
M. Eastep</font></a><br>

83
Shorewall-docs/sourceforge_index.htm
View File

@ -93,6 +93,87 @@ setup that matches the documentation on this site. See the <a
details.
<h2></h2>
<h2><b>News</b></h2>
<p><b>12/07/2003 - Shorewall 1.4.9 Beta 1 </b><b> <img
style="border: 0px solid ; width: 28px; height: 12px;"
src="images/new10.gif" alt="(New)" title=""><br>
</b></p>
<div style="margin-left: 40px;"><a
href="http://shorewall.net/pub/shorewall/Beta">http://shorewall.net/pub/shorewall/Beta</a><br>
<a href="ftp://shorewall.net/pub/shorewall/Beta" target="_top">ftp://shorewall.net/pub/shorewall/Beta</a><br>
</div>
<p>Problems Corrected since version 1.4.8:<br>
</p>
<ol>
<li>There has been a low continuing level of confusion over the
terms "Source NAT" (SNAT) and "Static NAT". To avoid future confusion,
all instances of "Static NAT" have been replaced with "One-to-one NAT"
in the documentation and configuration files.</li>
<li>The description of NEWNOTSYN in shorewall.conf has been
reworded for clarity.</li>
<li>Wild-card rules (those involving "all" as SOURCE or DEST)
will no longer produce an error if they attempt to add a rule that
would override a NONE policy. The logic for expanding these wild-card
rules now simply skips those (SOURCE,DEST) pairs that have a NONE
policy.<br>
</li>
</ol>
<p>Migration Issues:<br>
<br>
&nbsp;&nbsp;&nbsp; None.<br>
<br>
New Features:<br>
</p>
<ol>
<li>To cut down on the number of "Why are these ports closed
rather than stealthed?" questions, the SMB-related rules in
/etc/shorewall/common.def have been changed from 'reject' to 'DROP'.</li>
<li>For easier identification, packets logged under the
'norfc1918' interface option are now logged out of chains named
'rfc1918'. Previously, such packets were logged under chains named
'logdrop'.</li>
<li>Distributors and developers seem to be regularly inventing
new naming conventions for kernel modules. To avoid the need to change
Shorewall code for each new convention, the MODULE_SUFFIX option has
been added to shorewall.conf. MODULE_SUFFIX may be set to the suffix
for module names in your particular distribution. If MODULE_SUFFIX is
not set in shorewall.conf, Shorewall will use the list "o gz ko o.gz".<br>
<br>
To see what suffix is used by your distribution:<br>
<br>
ls /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter<br>
<br>
All of the files listed should have the same suffix (extension). Set
MODULE_SUFFIX to that suffix.<br>
<br>
Examples:<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp; If all files end in ".kzo" then set
MODULE_SUFFIX="kzo"<br>
&nbsp;&nbsp;&nbsp;&nbsp; If all files end in ".kz.o" then set
MODULE_SUFFIX="kz.o"</li>
<li>Support for user defined rule ACTIONS has been implemented
through two new files:<br>
<br>
/etc/shorewall/actions - used to list the user-defined ACTIONS.<br>
/etc/shorewall/action.template - For each user defined &lt;action&gt;,
copy this file to /etc/shorewall/action.&lt;action&gt; and add the
appropriate rules for that &lt;action&gt;. Once an &lt;action&gt; has
been defined, it may be used like any of the builtin ACTIONS (ACCEPT,
DROP, etc.) in /etc/shorewall/rules.<br>
<br>
Example: You want an action that logs a packet at the 'info' level and
accepts the connection.<br>
<br>
In /etc/shorewall/actions, you would add:<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp; LogAndAccept<br>
<br>
You would then copy /etc/shorewall/action.template to
/etc/shorewall/LogAndAccept and in that file, you would add the two
rules:<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; LOG:info<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ACCEPT</li>
</ol>
<p><b>12/03/2003 - Support Torch Passed</b><b> <img
style="border: 0px solid ; width: 28px; height: 12px;"
src="images/new10.gif" alt="(New)" title=""></b></p>
@ -337,7 +418,7 @@ Children's Foundation.</font></a> Thanks!</font></font></p>
</tr>
</tbody>
</table>
<p><font size="2">Updated 12/03/2003 - <a href="support.htm">Tom Eastep</a></font>
<p><font size="2">Updated 12/07/2003 - <a href="support.htm">Tom Eastep</a></font>
<br>
</p>
</body>