holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Add FAQ 69

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7361 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-09-18 18:38:27 +00:00
parent 8382d4efb8
commit 8f152d554a
2 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/FAQ.xml
View File

@ -1653,6 +1653,14 @@ Creating input Chains...
url="Shorewall-perl.html">Shorewall-perl</ulink>.</para> url="Shorewall-perl.html">Shorewall-perl</ulink>.</para>
</section> </section>
<section id="faq69">
<title>(FAQ 69) When I restart Shorewall, new connections are blocked
for a long time. Is there a way to avoid that?</title>
<para><emphasis role="bold">Answer</emphasis>: Switch to using <ulink
url="Shorewall-perl.html">Shorewall-perl</ulink>.</para>
</section>
<section id="faq43"> <section id="faq43">
<title>(FAQ 43) I just installed the Shorewall RPM and Shorewall doesn't <title>(FAQ 43) I just installed the Shorewall RPM and Shorewall doesn't
start at boot time.</title> start at boot time.</title>
@ -1756,7 +1764,7 @@ iptables: Invalid argument
the following message:</title> the following message:</title>
<para>ERROR: Command "/sbin/iptables -A FORWARD -m state --state <para>ERROR: Command "/sbin/iptables -A FORWARD -m state --state
ESTABLISHED,RELATED -j ACCEPT"</para> ESTABLISHED,RELATED -j ACCEPT" failed.</para>
<para><emphasis role="bold">Answer</emphasis>: At a root shell prompt, <para><emphasis role="bold">Answer</emphasis>: At a root shell prompt,
type the iptables command shown in the error message. If the command type the iptables command shown in the error message. If the command

14
docs/Shorewall-perl.xml
View File

@ -127,9 +127,9 @@
<listitem> <listitem>
<para>The BROADCAST column in the interfaces file is essentially <para>The BROADCAST column in the interfaces file is essentially
unused; if you enter anything in this column but '-' or 'detect', unused if your kernel/iptables has Address Type Match support. If
you will receive a warning. This will be relaxed if and when the that support is present and you enter anything in this column but
addrtype match requirement is relaxed.</para> '-' or 'detect', you will receive a warning.</para>
</listitem> </listitem>
<listitem> <listitem>
@ -158,7 +158,7 @@
into the compiled script and executed at run-time. In many cases, into the compiled script and executed at run-time. In many cases,
this approach doesn't work with Shorewall Perl because (almost) the this approach doesn't work with Shorewall Perl because (almost) the
entire ruleset is built by the compiler. As a result, Shorewall-perl entire ruleset is built by the compiler. As a result, Shorewall-perl
runs many extension scripts at compile-time rather than at run-time. runs some extension scripts at compile-time rather than at run-time.
Because the compiler is written in Perl, your extension scripts from Because the compiler is written in Perl, your extension scripts from
earlier versions will no longer work.</para> earlier versions will no longer work.</para>
@ -167,8 +167,8 @@
<tgroup cols="3"> <tgroup cols="3">
<tbody> <tbody>
<row> <row>
<entry><emphasis <entry><emphasis role="bold">Compile-time (Must be written
role="bold">Compile-time</emphasis></entry> in Perl)</emphasis></entry>
<entry><emphasis role="bold">Run-time</emphasis></entry> <entry><emphasis role="bold">Run-time</emphasis></entry>
@ -282,7 +282,7 @@
</simplelist> </simplelist>
<para>The log_rule_limit function works like it does in the shell <para>The log_rule_limit function works like it does in the shell
compiler with two exceptions:</para> compiler with three exceptions:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>