From 9b8d097a6a563a5450b0e8fe7c86358565f48d11 Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 4 Jul 2007 19:26:51 +0000 Subject: [PATCH] More Shorewall-perl doc updates git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6784 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/FAQ.xml | 57 ++++++++++++----------------------------- docs/Shorewall-perl.xml | 13 ++++------ 2 files changed, 22 insertions(+), 48 deletions(-) diff --git a/docs/FAQ.xml b/docs/FAQ.xml index 74c790b8c..c82e1cab4 100644 --- a/docs/FAQ.xml +++ b/docs/FAQ.xml @@ -1159,10 +1159,11 @@ DROP net fw udp 10619 You have a policy that specifies a log - level and this packet is being logged under that policy. If you - intend to ACCEPT this traffic then you need a rule to that effect. + url="manpages/shorewall-policy.html">policy that specifies + a log level and this packet is being logged under that policy. If + you intend to ACCEPT this traffic then you need a rule to that + effect. Beginning with Shorewall 3.3.3, packets logged out of these chains may have a source and/or destination that is not in any @@ -1181,8 +1182,8 @@ DROP net fw udp 10619 role="bold"><zone1> to <zone2> that specifies a log level and this packet is being logged under that policy or this packet - matches a rule that - includes a log level. + matches a rule + that includes a log level. @@ -1212,31 +1213,6 @@ DROP net fw udp 10619 - - logpkt - - - The packet is being logged under the logunclean interface - option. - - - - - badpkt - - - The packet is being logged under the dropunclean interface option as - specified in the LOGUNCLEAN - setting in - /etc/shorewall/shorewall.conf - . - - - blacklst @@ -1267,9 +1243,9 @@ DROP net fw udp 10619 url="manpages/shorewall-hosts.html">/etc/shorewall/hosts. In Shorewall 3.3.3 and later versions with OPTIMIZE=1 in - shorewall.conf, such - packets may also be logged out of a <zone>2all chain or the - all2all chain. + shorewall.conf, + such packets may also be logged out of a <zone>2all chain or + the all2all chain. @@ -1282,9 +1258,9 @@ DROP net fw udp 10619 and look at the printed zone definitions). In Shorewall 3.3.3 and later versions with OPTIMIZE=1 in - shorewall.conf, such - packets may also be logged out of the fw2all chain or the all2all - chain. + shorewall.conf, + such packets may also be logged out of the fw2all chain or the + all2all chain. @@ -1930,7 +1906,8 @@ iptables: Invalid argument modem in/out but still block all other rfc1918 addresses? Answer: Add the following to - /etc/shorewall/rfc1918 + /etc/shorewall/rfc1918 (Note: If you are running Shorewall 2.0.0 or later, you may need to first copy /usr/share/shorewall/rfc1918 to /etc/shorewall/rfc1918): @@ -2021,8 +1998,8 @@ ACCEPT loc modem tcp 80 eth0 eth1 # eth1 = interface to local network For an example of this when the ADSL/Cable modem is bridged, see - my configuration. In that case, I - masquerade using the IP address of my local interface! + my configuration. In that + case, I masquerade using the IP address of my local interface! diff --git a/docs/Shorewall-perl.xml b/docs/Shorewall-perl.xml index 407b2d76d..97dbad1a7 100644 --- a/docs/Shorewall-perl.xml +++ b/docs/Shorewall-perl.xml @@ -367,14 +367,11 @@ insert_rule $filter_table->{OUTPUT}, 1, "-p udp --sport 1701 -j ACCEPT"; - Currently, support for ipsets is only lightly tested (any - volunteers?). That will change with future pre-releases but one - thing is certain -- Shorewall is now out of the ipset load/reload - business. With scripts generated by the Perl-based Compiler, the - Netfilter ruleset is never cleared. That means that there is no - opportunity for Shorewall to load/reload your ipsets since that - cannot be done while there are any current rules using - ipsets. + Shorewall is now out of the ipset load/reload business. With + scripts generated by the Perl-based Compiler, the Netfilter + ruleset is never cleared. That means that there is no opportunity + for Shorewall to load/reload your ipsets since that cannot be done + while there are any current rules using ipsets. So: