From a7fe4b0f7ccc0596b16c8aa1c584ef3d0cdc7106 Mon Sep 17 00:00:00 2001 From: mhnoyes Date: Thu, 25 Dec 2003 18:05:26 +0000 Subject: [PATCH] fixed single quotes git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@959 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-docs/FAQ.xml | 52 +++++++++++++++++++++--------------------- Shorewall-docs/FTP.xml | 2 +- 2 files changed, 27 insertions(+), 27 deletions(-) diff --git a/Shorewall-docs/FAQ.xml b/Shorewall-docs/FAQ.xml index ff3ba6669..b3b755cb6 100644 --- a/Shorewall-docs/FAQ.xml +++ b/Shorewall-docs/FAQ.xml @@ -241,8 +241,8 @@ Locate the appropriate DNAT rule. It will be in a chain - called <source zone>_dnat - ('net_dnat' in the above examples). + called <source zone>_dnat (net_dnat + in the above examples). @@ -702,21 +702,21 @@
(FAQ 4) I just used an online port scanner to check my firewall - and it shows some ports as 'closed' rather than - 'blocked'. Why? + and it shows some ports as closed rather than + blocked. Why? Answer: The common.def included with version 1.3.x always rejects connection requests on TCP port 113 rather than dropping them. This is necessary to prevent outgoing - connection problems to services that use the 'Auth' mechanism - for identifying requesting users. Shorewall also rejects TCP ports 135, - 137 and 139 as well as UDP ports 137-139. These are ports that are used - by Windows (Windows can be configured to use the - DCE cell locator on port 135). Rejecting these connection requests - rather than dropping them cuts down slightly on the amount of Windows - chatter on LAN segments connected to the Firewall. + connection problems to services that use the Auth + mechanism for identifying requesting users. Shorewall also rejects TCP + ports 135, 137 and 139 as well as UDP ports 137-139. These are ports + that are used by Windows (Windows can be configured + to use the DCE cell locator on port 135). Rejecting these connection + requests rather than dropping them cuts down slightly on the amount of + Windows chatter on LAN segments connected to the Firewall. - If you are seeing port 80 being 'closed', that's + If you are seeing port 80 being closed, that's probably your ISP preventing you from running a web server in violation of your Service Agreement. @@ -784,8 +784,8 @@ - For a complete description of Shorewall 'ping' management, - see this page. + For a complete description of Shorewall ping + management, see this page.
@@ -962,11 +962,11 @@ run_iptables -A common -p udp --sport 53 -mstate --state NEW -j DROPAnswer: If you are running Shorewall version 1.4.4 or 1.4.4a then check the errata. - Otherwise, see the 'dmesg' man page (man dmesg). - You must add a suitable 'dmesg' command to your startup scripts - or place it in /etc/shorewall/start. Under RedHat, the max log level - that is sent to the console is specified in /etc/sysconfig/init in the - LOGLEVEL variable. + Otherwise, see the dmesg man page (man dmesg). + You must add a suitable dmesg command to your startup + scripts or place it in /etc/shorewall/start. Under RedHat, the max log + level that is sent to the console is specified in /etc/sysconfig/init in + the LOGLEVEL variable.
@@ -1195,8 +1195,8 @@ run_iptables -A common -p udp --sport 53 -mstate --state NEW -j DROPAnswer: While most people associate the Internet Control Message Protocol (ICMP) with - 'ping', ICMP is a key piece of the internet. ICMP is used to - report problems back to the sender of a packet; this is what is + ping, ICMP is a key piece of the internet. ICMP is used + to report problems back to the sender of a packet; this is what is happening here. Unfortunately, where NAT is involved (including SNAT, DNAT and Masquerade), there are a lot of broken implementations. That is what you are seeing with these messages. @@ -1463,13 +1463,13 @@ ip route add 127.0.0.0/8 dev lo table T2 Starting and Stopping
- (FAQ 7) When I stop Shorewall using 'shorewall stop', I - can't connect to anything. Why doesn't that command work? + (FAQ 7) When I stop Shorewall using <quote>shorewall stop</quote>, + I can't connect to anything. Why doesn't that command work? - The 'stop' command is intended to place your firewall into - a safe state whereby only those hosts listed in + The stop command is intended to place your firewall + into a safe state whereby only those hosts listed in /etc/shorewall/routestopped' are activated. If you want to totally - open up your firewall, you must use the 'shorewall clear' + open up your firewall, you must use the shorewall clear command.
diff --git a/Shorewall-docs/FTP.xml b/Shorewall-docs/FTP.xml index 397ab6d8f..efd6e488b 100644 --- a/Shorewall-docs/FTP.xml +++ b/Shorewall-docs/FTP.xml @@ -201,7 +201,7 @@ ftp> that the modules ip_conntrack_ftp and ip_nat_ftp need to be loaded. Shorewall automatically loads these helper modules from /lib/modules/<kernel-version>/kernel/net/ipv4/netfilter/ - and you can determine if they are loaded using the 'lsmod' + and you can determine if they are loaded using the lsmod command. The <kernel-version> may be obtained by typing