holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Merge branch 'master' into 4.6.1

Browse Source
This commit is contained in:
Tom Eastep 2014-06-13 07:02:51 -07:00
commit a0bb7ca018
21 changed files with 33 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/Anatomy.xml
View File

@ -504,7 +504,7 @@
<section id="sbin-lite">
<title>/sbin</title>
<para>The <filename>/sbin/shorewall-lite</filename> shell program is use
<para>The <filename>/sbin/shorewall-lite</filename> shell program is used
to interact with Shorewall lite. See <ulink
url="manpages/shorewall-lite.html">shorewall-lite</ulink>(8).</para>
</section>

2
docs/Build.xml
View File

@ -134,7 +134,7 @@
<para>Added in Shorewall 4.4.22, this directory contains the files that
contain release-dependent information (change.txt, releasenotes.txt,
.spec files, etc). This is actually a symbolic link to ../release which
has it's own Git repository.</para>
has its own Git repository.</para>
</section>
</section>

2
docs/ConnectionRate.xml
View File

@ -67,7 +67,7 @@
by 1 but is not allowed to exceed its initial setting (5).</para>
<para>By default, the aggregate connection rate is limited. If the
specification is preceeded by "<option>s:</option>" or
specification is preceded by "<option>s:</option>" or
"<option>d:</option>", then the rate is limited per SOURCE or per
DESTINATION IP address respectively.</para>

4
docs/Events.xml
View File

@ -35,7 +35,7 @@
</articleinfo>
<caution>
<para>This article applies to Shorewall 4.5.19 and later and supercedes
<para>This article applies to Shorewall 4.5.19 and later and supersedes
<ulink url="PortKnocking.html">this article.</ulink></para>
</caution>
@ -477,7 +477,7 @@ root@gateway:~# </programlisting>
<para>This example is taken from <ulink
url="http://www.briandowney.net/blog/2009/08/20/firewalling-brute-force-attempts-with-iptables/">this
article</ulink> which explains the nice benifits of this approach. This
article</ulink> which explains the nice benefits of this approach. This
example is for ssh, but it can be adapted for any application.</para>
<para>The name SSH has been changed to SSHLIMIT so as not to override

4
docs/IPSEC-2.6.xml
View File

@ -59,7 +59,7 @@
<important>
<para><emphasis role="bold">Shorewall does not configure IPSEC for
you</emphasis> -- it rather configures netfilter to accomodate your IPSEC
you</emphasis> -- it rather configures netfilter to accommodate your IPSEC
configuration.</para>
</important>
@ -139,7 +139,7 @@
and zones was made easy by the presence of IPSEC pseudo-interfaces with
names of the form <filename class="devicefile">ipsecN</filename> (e.g.
<filename class="devicefile">ipsec0</filename>). Outgoing unencrypted
traffic (case 1.) was send through an <filename
traffic (case 1.) was sent through an <filename
class="devicefile">ipsecN</filename> device while incoming unencrypted
traffic (case 2) arrived from an <filename
class="devicefile">ipsecN</filename> device. The 2.6 kernel-based

4
docs/Install.xml
View File

@ -147,7 +147,7 @@
<emphasis role="bold">Shorewall-core</emphasis> 4.5.2 or later, a
shorewallrc file named ${HOME}/.shorewallrc will be installed. That file
will provide the default parameters for installing other Shorewall
components of the same or later verion.</para>
components of the same or later version.</para>
<para>Note that <emphasis role="bold">you must install Shorewall-core
before installing any other Shorewall package</emphasis>.</para>
@ -730,7 +730,7 @@
<programlisting><command>./install.sh -s</command></programlisting>
<para>The <emphasis role="bold">-s</emphasis> option supresses
<para>The <emphasis role="bold">-s</emphasis> option suppresses
installation of all files in <filename
class="directory">/etc/shorewall</filename> except
<filename>shorewall.conf</filename>. You can copy any other files

2
docs/KVM.xml
View File

@ -66,7 +66,7 @@
<section>
<title>Networking Configuration</title>
<para>I use a network configuration where each VM has it's own VNET and
<para>I use a network configuration where each VM has its own VNET and
tap device and the tap devices are all configured as ports on a Linux
Bridge. For clarity, I've only shown four of the virtual machines
available on the system.</para>

4
docs/Manpages.xml
View File

@ -89,7 +89,7 @@
Define MAC verification.</member>
<member><ulink url="manpages/shorewall-mangle.html">mangle</ulink> -
Supercedes tcrules and describes packet/connection marking.</member>
Supersedes tcrules and describes packet/connection marking.</member>
<member><ulink url="manpages/shorewall-masq.html">masq</ulink> -
Define Masquerade/SNAT</member>
@ -168,7 +168,7 @@
state (added in Shorewall 4.5.8).</member>
<member><ulink url="manpages/shorewall-tcrules.html">tcrules</ulink> -
Define packet marking rules, usually for traffic shaping. Superceded
Define packet marking rules, usually for traffic shaping. Superseded
by mangle (above) in Shorewall 4.6.0.</member>
<member><ulink url="manpages/shorewall-tos.html">tos</ulink> - Define

4
docs/Manpages6.xml
View File

@ -79,7 +79,7 @@
- Define MAC verification.</member>
<member><ulink url="manpages6/shorewall6-mangle.html">mangle</ulink> -
Supercedes tcrules and describes packet/connection marking.</member>
Supersedes tcrules and describes packet/connection marking.</member>
<member><ulink url="manpages6/shorewall6-masq.html">masq</ulink> -
Define Masquerade/SNAT</member>
@ -149,7 +149,7 @@
Classify traffic for simplified traffic shaping.</member>
<member><ulink url="manpages6/shorewall6-tcrules.html">tcrules</ulink>
- Define packet marking rules, usually for traffic shaping. Superceded
- Define packet marking rules, usually for traffic shaping. Superseded
by mangle (above) in Shorewall 4.6.0.</member>
<member><ulink url="manpages6/shorewall6-tos.html">tos</ulink> -

2
docs/MultiISP.xml
View File

@ -155,7 +155,7 @@
Shorewall can set up the correct marking rules for you.</para>
<important>
<para><filename>/etc/shorewall/mangle</filename> superceded
<para><filename>/etc/shorewall/mangle</filename> superseded
<filename>/etc/shorewall/tcrules</filename> in Shorewall 4.6.0.</para>
</important>

2
docs/MyNetwork.xml
View File

@ -171,7 +171,7 @@
<section>
<title>Shorewall Configuration</title>
<para>This section contains exerpts from the Shorewall
<para>This section contains excerpts from the Shorewall
configuration.</para>
<para>It is important to keep in mind that parts of my configuration are

2
docs/OPENVPN.xml
View File

@ -603,7 +603,7 @@ net COM_IF detect dhcp,blacklist,optional,routefilter=0,logmartians,pr
6to4 net
<emphasis role="bold">6to4 vpn</emphasis></programlisting>
<para>Similarly, here are exerpts from the Shorewall6
<para>Similarly, here are excerpts from the Shorewall6
configuration.</para>
<para><filename>/etc/shorewall6/zones</filename>:</para>

4
docs/OpenVZ.xml
View File

@ -452,7 +452,7 @@ NAME="server"</emphasis></programlisting>
<section>
<title>Shorewall Configuration on the Host</title>
<para>Below are exerpts from the configuration files as they pertain to
<para>Below are excerpts from the configuration files as they pertain to
the OpenVZ environment.</para>
<para><filename>/etc/shorewall/zones</filename>:</para>
@ -762,7 +762,7 @@ NAME="server"
<section>
<title>Shorewall Configuration on the Host</title>
<para>Below are exerpts from the configuration files as they pertain to
<para>Below are excerpts from the configuration files as they pertain to
the OpenVZ environment. Again, bold font indicates change from the prior
configuration.</para>

2
docs/PacketMarking.xml
View File

@ -44,7 +44,7 @@
</caution>
<important>
<para>/etc/shorewall/mangle superceded /etc/shorewall/tcruels in Shorewall
<para>/etc/shorewall/mangle superseded /etc/shorewall/tcruels in Shorewall
4.6.0. /etc/shorwall/tcrules is still supported but its use is
deprecated.</para>
</important>

2
docs/PortKnocking.xml
View File

@ -41,7 +41,7 @@
</articleinfo>
<note>
<para>The techniques described in this article were superceded in
<para>The techniques described in this article were superseded in
Shorewall 4.5.19 with the introduction of Shorewall Events.</para>
</note>

2
docs/SplitDNS.xml
View File

@ -167,7 +167,7 @@ linksys.shorewall.net has address 172.20.1.1
teastep@tipper:~$ </programlisting></para>
<para>As a bonus, dnsmasq can also act as a DHCP server. Here are some
exerpts from the corresponding /etc/dnsmasq.conf:</para>
excerpts from the corresponding /etc/dnsmasq.conf:</para>
<programlisting>interface=eth1

2
docs/XenMyWay-Routed.xml
View File

@ -376,7 +376,7 @@ bootentry = 'hda2:/boot/vmlinuz-xen,/boot/initrd-xen'
has an RFC 1918 address (192.168.1.7). That configuration is established
by Xen which clones the primary IP address of eth0 on all of the routed
virtual interfaces that it creates. <emphasis
role="bold">test</emphasis> is configured with it's default route via
role="bold">test</emphasis> is configured with its default route via
192.168.1.254 which is the IP address of the firewall's br0. That works
because of the way that the Linux network stack treats local IPv4
addresses; by default, it will respond to ARP "who-has" broadcasts for

14
docs/configuration_file_basics.xml
View File

@ -110,7 +110,7 @@
</listitem>
<listitem>
<para><filename>/etc/shorewall/mangle</filename> - supercedes
<para><filename>/etc/shorewall/mangle</filename> - supersedes
<filename>/etc/shorewall/tcrules</filename> in Shorewall 4.6.0.
Contains rules for packet marking, TTL, TPROXY, etc.</para>
</listitem>
@ -140,7 +140,7 @@
<para><filename>/etc/shorewall/tcrules </filename>- The file has a
rather unfortunate name because it is used to define marking of
packets for later use by both traffic control/shaping and policy
routing. This file is superceded by
routing. This file is superseded by
<filename>/etc/shorewall/mangle</filename> in Shorewall
4.6.0.</para>
</listitem>
@ -288,7 +288,7 @@
<listitem>
<para><filename>/etc/shorewall/mangle</filename> -- Added in
Shorewall 4.6.0. Supercedes<filename>
Shorewall 4.6.0. Supersedes<filename>
/etc/shorewall/tcrules</filename>.</para>
</listitem>
</itemizedlist></para>
@ -1168,7 +1168,7 @@ SHELL cat /etc/shorewall/rules.d/*.rules 2&gt; /dev/null || true</programlisting
<para>Beginning with Shorewall 4.5.2, in files other than
<filename>/etc/shorewall/params</filename> and
<filename>/etc/shorewall/conf</filename>, INCLUDE may be immediately
preceeded with '?' to signal that the line is a compiler directive and
preceded with '?' to signal that the line is a compiler directive and
not configuration data.</para>
<para>Example:</para>
@ -1483,7 +1483,7 @@ SHELL cat /etc/shorewall/rules.d/*.rules 2&gt; /dev/null || true</programlisting
<programlisting>EXT_IP=$(ssh root@firewall "/sbin/shorewall-lite call find_first_interface_address eth0")</programlisting>
<para>The <command>shorewall-lite call</command> command allows you to
to call interactively any Shorewall function that you can call in an
call interactively any Shorewall function that you can call in an
extension script.</para>
<note>
@ -2150,7 +2150,7 @@ SHELL cat /etc/shorewall/rules.d/*.rules 2&gt; /dev/null || true</programlisting
ACCEPT loc fw tcp 22
ACCEPT dmz fw tcp 22</programlisting></para>
<para>Perl scripts run in the context of of the compiler process using
<para>Perl scripts run in the context of the compiler process using
Perl's eval() function. Perl scripts are implicitly prefixed by the
following:</para>
@ -2370,7 +2370,7 @@ POP(ACCEPT) loc net:pop.gmail.com</programlisting>
192.168.1.4</quote>. There must be no white space following the
<quote>!</quote>.</para>
<para>Similarly, in columns that specify an IP protocol, you can preceed
<para>Similarly, in columns that specify an IP protocol, you can precede
the protocol name or number by "!". For example, !tcp means "any protocol
except tcp".</para>

2
docs/ipsets.xml
View File

@ -130,7 +130,7 @@ ACCEPT net:+sshok $FW tcp 22</programlisting></para>
<para>Beginning with Shorewall 4.4.14, multiple source or destination
matches may be specified by placing multiple set names in '+[...]' (e.g.,
+[myset,myotherset]). When so inclosed, the set names need not be prefixed
+[myset,myotherset]). When so enclosed, the set names need not be prefixed
with a plus sign.</para>
<para>Shorewall can save/restore your ipset contents with certain

2
docs/traffic_shaping.xml
View File

@ -908,7 +908,7 @@ ppp0 6000kbit 500kbit</programlisting>
qualifier (see below).</emphasis></para>
<para>See shorewall-mangle(5) and shorewall-tcrules(5) for a description
of the entries in these files. Note that the mangle file superceded the
of the entries in these files. Note that the mangle file superseded the
tcrules file in Shorewall 4.6.0.</para>
<para>The following examples are for the mangle file.</para>

2
docs/upgrade_issues.xml
View File

@ -95,7 +95,7 @@
<listitem>
<para>Beginning with Shorewall 4.6.0, the 'tcrules' file has been
superceded by the 'mangle' file. Existing 'tcrules' files will still
superseded by the 'mangle' file. Existing 'tcrules' files will still
be processed, with the restriction that TPROXY is no longer supported
in FORMAT 1. If your 'tcrules' file has non-commentary entries, the
following warning message is issued:</para>