diff --git a/docs/FAQ.xml b/docs/FAQ.xml
index 92ecc8168..d08ba4e43 100644
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@@ -1666,10 +1666,10 @@ Creating input Chains...
will revert to the old configuration stored in
/var/lib/shorewall/restore.
- Finally, the time that new connections are blocked during
- shorewall restart can be dramatically reduced by upgrading to Shorewall
- 3.2 or later. In 3.2 and later releases, shorewall
- [re]start proceeds in two phases:
+ The time that new connections are blocked during shorewall restart
+ can be dramatically reduced by upgrading to Shorewall 3.2 or later. In
+ 3.2 and later releases, shorewall [re]start proceeds
+ in two phases:
@@ -1683,6 +1683,10 @@ Creating input Chains...
+ Finally, if you are adventuresome, you can try Shorewall-perl, the new Shorewall
+ compiler currently under development. It is very fast.
+
For additional information about Shorewall Scalability and
Performance, see this
article.
diff --git a/docs/Shorewall-perl.xml b/docs/Shorewall-perl.xml
index 33afa347b..02789991e 100644
--- a/docs/Shorewall-perl.xml
+++ b/docs/Shorewall-perl.xml
@@ -38,7 +38,7 @@
Shorewall-perl - What is it?
Shorewall-perl is a companion product to Shorewall. It requires
- Shorewall 3.4.2 or later.
+ Shorewall 3.4.2 or later.
Shorewall-perl contains a re-implementation of the Shorewall
compiler written in Perl. The advantages of using Shorewall-perl are over
@@ -62,6 +62,12 @@
configuration than the Shorewall-shell compiler does.
+
+ The error messages produced by the compiler are better, more
+ consistent and always include the file name and line number where the
+ error was detected.
+
+
Going forward, the Shorewall-perl compiler will get all
enhancements; the Shorewall-shell compiler will only get those
@@ -124,7 +130,7 @@
- Because the compiler is now written in Perl, your
+ Because the compiler is now written in Perl, your
compile-time extension scripts from earlier versions will no
longer work. For now, if you want to use extension scripts, you
will need to read the Perl code to see how the compiler operates
@@ -193,7 +199,7 @@
by the Perl-based Compiler, the Netfilter ruleset is never
cleared. That means that there is no opportunity for Shorewall to
load/reload your ipsets since that cannot be done while there are
- any current rules using ipsets.
+ any current rules using ipsets.
So:
@@ -239,7 +245,7 @@ fi
- Because the configuration files (with the exception of
+ Because the configuration files (with the exception of
/etc/shorewall/params) are now processed by
the Shorewall-perl compiler rather than by the shell, only the
basic forms of Shell expansion ($variable and ${variable}) are
@@ -307,7 +313,7 @@ fi
Shorewall-perl is still part of the current development release. Use it at
- your own risk.
+ your own risk.
Either
diff --git a/docs/XenMyWay-Routed.xml b/docs/XenMyWay-Routed.xml
index 1dab263f6..a81e4d3a0 100644
--- a/docs/XenMyWay-Routed.xml
+++ b/docs/XenMyWay-Routed.xml
@@ -187,11 +187,11 @@
that boots Xen in Dom0.
- title XEN
- root (hd0,1)
- kernel /boot/xen.gz Dom0_mem=458752 sched=bvt
- module /boot/vmlinuz-xen root=/dev/hda2 vga=0x31a selinux=0 resume=/dev/hda1 splash=silent showopts
- module /boot/initrd-xen
+ title Kernel-2.6.18.8-0.1-xen
+ root (hd0,5)
+ kernel /boot/xen.gz
+ module /boot/vmlinuz-2.6.18.8-0.1-xen root=/dev/sda6 vga=0x31a resume=/dev/sda5 splash=silent showopts
+ module /boot/initrd-2.6.18.8-0.1-xen
/etc/modprobe.conf.local (This may need to
@@ -208,29 +208,19 @@
automatically by Xen's xendomains service.
- # -*- mode: python; -*-
-
-# configuration name:
-name = "lists"
-
-# usable ram:
-memory = 512
-
-# kernel and initrd:
-kernel = "/xen2/vmlinuz-xen"
-ramdisk = "/xen2/initrd-xen"
-
-# boot device:
-root = "/dev/hda3"
-
-# boot to run level:
-extra = "3"
-
-# network interface:
-vif = [ 'mac=aa:cc:00:00:00:01, ip=206.124.146.177, vifname=eth3' ]
-
-# storage devices:
-disk = [ 'phy:hda3,hda3,w' ]
+ disk = [ 'phy:/dev/sda9,hda,w', 'phy:/dev/hda,hdb,r' ]
+memory = 512
+vcpus = 1
+builder = 'linux'
+name = 'server'
+vif = [ 'mac=00:16:3e:b1:d7:90, ip=206.124.146.177, vifname=eth3' ]
+localtime = 0
+on_poweroff = 'destroy'
+on_reboot = 'restart'
+on_crash = 'restart'
+extra = ' TERM=xterm'
+bootloader = '/usr/lib/xen/boot/domUloader.py'
+bootentry = 'hda2:/boot/vmlinuz-xen,/boot/initrd-xen'
Note that the vifname is set to 'eth3' for the virtual
interface to this DomU. This will cause the Dom0 interface to the
@@ -293,32 +283,22 @@ gateway:~ #
I have been asked a couple of times "How would I add another
domU to the DMZ?" Here is a sample config file to add a second domU
- named "server", boot device /dev/hdb1 and IP
+ named "server", boot device /dev/sda10 and IP
address 206.124.146.179:
- # -*- mode: python; -*-
-
-# configuration name:
-name = "server"
-
-# usable ram:
-memory = 512
-
-# kernel and initrd:
-kernel = "/xen2/vmlinuz-xen"
-ramdisk = "/xen2/initrd-xen"
-
-# boot device:
-root = "/dev/hdb1"
-
-# boot to run level:
-extra = "3"
-
-# network interface:
-vif = [ 'mac=aa:cc:00:00:00:02, ip=206.124.146.179, vifname=eth4' ]
-
-# storage devices:
-disk = [ 'phy:hdb1,hdb1,w' ]
+ disk = [ 'phy:/dev/sda10,hda,w', 'phy:/dev/hda,hdb,r' ]
+memory = 512
+vcpus = 1
+builder = 'linux'
+name = 'server'
+vif = [ 'mac=aa:cc:00:00:00:02, ip=206.124.146.179, vifname=eth4' ]
+localtime = 0
+on_poweroff = 'destroy'
+on_reboot = 'restart'
+on_crash = 'restart'
+extra = ' TERM=xterm'
+bootloader = '/usr/lib/xen/boot/domUloader.py'
+bootentry = 'hda2:/boot/vmlinuz-xen,/boot/initrd-xen'
Note that this domU has its own vif named eth4.