diff --git a/Shorewall-docs2/three-interface.xml b/Shorewall-docs2/three-interface.xml
index 2aa4e1729..bcd47bd9a 100755
--- a/Shorewall-docs2/three-interface.xml
+++ b/Shorewall-docs2/three-interface.xml
@@ -15,7 +15,7 @@
- 2005-09-12
+ 2005-09-19
2002-2005
@@ -34,6 +34,13 @@
+
+ This article applies to Shorewall 3.0 and
+ later. If you are running a version of Shorewall earlier than Shorewall
+ 3.0.0 then please see the documentation for that
+ release.
+
+
Introduction
@@ -340,13 +347,13 @@ $FW net ACCEPT
to the computer using a cross-over cable).
- Do not connect the internal and external interface to the same hub
- or switch except for testing AND you are running Shorewall version 1.4.7
- or later. When using these recent versions, you can test using this kind
- of configuration if you specify the arp_filter option in
- /etc/shorewall/interfaces for all interfaces
- connected to the common hub/switch. Using such a setup with a production
- firewall is strongly recommended against.
+ Do NOT connect the internal and external
+ interface to the same hub or switch except for testing. You
+ can test using this kind of configuration if you specify the arp_filter
+ option in /etc/shorewall/interfaces for all
+ interfaces connected to the common hub/switch. Using such a setup with a production firewall is strongly
+ recommended against.
@@ -732,19 +739,16 @@ DNS/ACCEPT dmz $FW Run name server on DMZ
DNS/ACCEPT loc dmz:10.10.11.1
DNS/ACCEPT $FW dmz:10.10.11.1
- In the rules shown above, AllowDNS
is an example of a
- defined action. Shorewall includes a number of
- defined actions and you can add your
- own. To see the list of actions included with your version of
- Shorewall, look in the file
- /usr/share/shorewall/actions.std. Those actions that
- accept connection requests have names that begin with
- Allow
.
+ In the rules shown above, DNS/ACCEPT
is an example of
+ a defined macro. Shorewall includes a number of
+ defined macros and you can add your own.
+ To see the list of macros included with your version of Shorewall, look in
+ the file /usr/share/shorewall/actions.std.
- You don't have to use defined actions when coding a rule in
+ You don't have to use defined macros when coding a rule in
/etc/shorewall/rules; the generated Netfilter ruleset
is slightly more efficient if you code your rules directly rather than
- using defined actions. The first example above (name server on the
+ using defined macros. The first example above (name server on the
firewall) could also have been coded as follows:
#ACTION SOURCE DEST PROTO DEST PORT(S)
@@ -753,8 +757,8 @@ ACCEPT loc $FW udp 53
ACCEPT dmz $FW tcp 53
ACCEPT dmz $FW udp 53
- In cases where Shorewall doesn't include a defined action to meet
- your needs, you can either define the action yourself or you can simply
+ In cases where Shorewall doesn't include a defined macro to meet
+ your needs, you can either define the macro yourself or you can simply
code the appropriate rules directly.
@@ -775,7 +779,7 @@ SSH/ACCEPT loc dmz Those rules allow you to run
connect to those servers from your local systems.
If you wish to enable other connections between your systems, the
- general format for using a defined action is: #ACTION SOURCE DEST PROTO DEST PORT(S)
+ general format for using a defined macro is: #ACTION SOURCE DEST PROTO DEST PORT(S)
<macro> <source zone> <destination zone>
The general format when not using a defined action
@@ -892,17 +896,16 @@ ACCEPT net $FW tcp 80
The installation procedure
- configures your system to start Shorewall at system boot but beginning
- with Shorewall version 1.3.9 startup is disabled so that your system won't
- try to start Shorewall before configuration is complete. Once you have
- completed configuration of your firewall, you can enable Shorewall startup
- by removing the file /etc/shorewall/startup_disabled.
-
+ configures your system to start Shorewall at system boot but startup is
+ disabled so that your system won't try to start Shorewall before
+ configuration is complete. Once you have completed configuration of your
+ firewall, you can enable Shorewall startup by removing the file
+ /etc/shorewall/startup_disabled.
Users of the .deb package must edit
/etc/default/shorewall and set
startup=1.
- Users running Shorewall 2.1.3 or later should edit
+ You should edit
/etc/shorewall/shorewall.conf and set
STARTUP_ENABLED=Yes.
The firewall is started using the shorewall