diff --git a/Shorewall-docs/FAQ.xml b/Shorewall-docs/FAQ.xml
index ff3ba6669..b3b755cb6 100644
--- a/Shorewall-docs/FAQ.xml
+++ b/Shorewall-docs/FAQ.xml
@@ -241,8 +241,8 @@
Locate the appropriate DNAT rule. It will be in a chain
- called <source zone>_dnat
- ('net_dnat' in the above examples).
+ called <source zone>_dnat (net_dnat
+ in the above examples).
@@ -702,21 +702,21 @@
(FAQ 4) I just used an online port scanner to check my firewall
- and it shows some ports as 'closed' rather than
- 'blocked'. Why?
+ and it shows some ports as closed
rather than
+ blocked
. Why?
Answer: The common.def included
with version 1.3.x always rejects connection requests on TCP port 113
rather than dropping them. This is necessary to prevent outgoing
- connection problems to services that use the 'Auth' mechanism
- for identifying requesting users. Shorewall also rejects TCP ports 135,
- 137 and 139 as well as UDP ports 137-139. These are ports that are used
- by Windows (Windows can be configured to use the
- DCE cell locator on port 135). Rejecting these connection requests
- rather than dropping them cuts down slightly on the amount of Windows
- chatter on LAN segments connected to the Firewall.
+ connection problems to services that use the Auth
+ mechanism for identifying requesting users. Shorewall also rejects TCP
+ ports 135, 137 and 139 as well as UDP ports 137-139. These are ports
+ that are used by Windows (Windows can be configured
+ to use the DCE cell locator on port 135). Rejecting these connection
+ requests rather than dropping them cuts down slightly on the amount of
+ Windows chatter on LAN segments connected to the Firewall.
- If you are seeing port 80 being 'closed', that's
+ If you are seeing port 80 being closed
, that's
probably your ISP preventing you from running a web server in violation
of your Service Agreement.
@@ -784,8 +784,8 @@
- For a complete description of Shorewall 'ping' management,
- see this page.
+ For a complete description of Shorewall ping
+ management, see this page.
@@ -962,11 +962,11 @@ run_iptables -A common -p udp --sport 53 -mstate --state NEW -j DROPAnswer: If you are running
Shorewall version 1.4.4 or 1.4.4a then check the errata.
- Otherwise, see the 'dmesg' man page (man dmesg
).
- You must add a suitable 'dmesg' command to your startup scripts
- or place it in /etc/shorewall/start. Under RedHat, the max log level
- that is sent to the console is specified in /etc/sysconfig/init in the
- LOGLEVEL variable.
+ Otherwise, see the dmesg
man page (man dmesg
).
+ You must add a suitable dmesg
command to your startup
+ scripts or place it in /etc/shorewall/start. Under RedHat, the max log
+ level that is sent to the console is specified in /etc/sysconfig/init in
+ the LOGLEVEL variable.
@@ -1195,8 +1195,8 @@ run_iptables -A common -p udp --sport 53 -mstate --state NEW -j DROPAnswer: While most people
associate the Internet Control Message Protocol (ICMP) with
- 'ping', ICMP is a key piece of the internet. ICMP is used to
- report problems back to the sender of a packet; this is what is
+ ping
, ICMP is a key piece of the internet. ICMP is used
+ to report problems back to the sender of a packet; this is what is
happening here. Unfortunately, where NAT is involved (including SNAT,
DNAT and Masquerade), there are a lot of broken implementations. That is
what you are seeing with these messages.
@@ -1463,13 +1463,13 @@ ip route add 127.0.0.0/8 dev lo table T2
Starting and Stopping
- (FAQ 7) When I stop Shorewall using 'shorewall stop', I
- can't connect to anything. Why doesn't that command work?
+ (FAQ 7) When I stop Shorewall using <quote>shorewall stop</quote>,
+ I can't connect to anything. Why doesn't that command work?
- The 'stop' command is intended to place your firewall into
- a safe state whereby only those hosts listed in
+ The stop
command is intended to place your firewall
+ into a safe state whereby only those hosts listed in
/etc/shorewall/routestopped' are activated. If you want to totally
- open up your firewall, you must use the 'shorewall clear'
+ open up your firewall, you must use the shorewall clear
command.
diff --git a/Shorewall-docs/FTP.xml b/Shorewall-docs/FTP.xml
index 397ab6d8f..efd6e488b 100644
--- a/Shorewall-docs/FTP.xml
+++ b/Shorewall-docs/FTP.xml
@@ -201,7 +201,7 @@ ftp>
that the modules ip_conntrack_ftp
and ip_nat_ftp
need to be loaded. Shorewall automatically loads these helper
modules from /lib/modules/<kernel-version>/kernel/net/ipv4/netfilter/
- and you can determine if they are loaded using the 'lsmod'
+ and you can determine if they are loaded using the lsmod
command. The <kernel-version> may be obtained
by typing