diff --git a/Shorewall-Website/News.htm b/Shorewall-Website/News.htm index bc6cd3281..daa4ecf53 100644 --- a/Shorewall-Website/News.htm +++ b/Shorewall-Website/News.htm @@ -70,7 +70,9 @@ Must be listed in GATEWAY         The IP address of the provider's gateway router. If you enter "detect" here then -Shorewall will attempt to +Shorewall
+                       +will attempt to determine the gateway IP address automatically.
@@ -84,39 +86,49 @@ comma-separated list selected from the               track   If specified, connections FROM this interface are to be tracked so that responses may -be routed back out this +be
+                       +routed back out this same interface.

                       You want specify 'track' if internet hosts will be connecting to local servers through + style="font-family: monospace;"> connecting to local servers through
+                       this provider.

                       Because of limitations in the 'ip' utility and policy routing, you may not use the -SAVE or RESTORE tcrules +SAVE or
+                       +RESTORE tcrules options or use connection marking on any traffic to or from this
                       interface. For traffic control purposes, you must mark packets in the FORWARD -chain (or better yet, use +chain (or
+                       +better yet, use the CLASSIFY target).

               balance The providers that have 'balance' specified will get outbound traffic load-balanced -among them. By default, +among
+                       +them. By default, all interfaces with 'balance' specified will have the same -weight   
+weight (1).
                       -(1). You can change the +You can change the weight of the route out of the interface by specifiying balance=<weight> + style="font-family: monospace;"> specifiying balance=<weight>
+                       where <weight> is the desired route weight.

@@ -133,14 +145,14 @@ Squid   1       -          eth2      192.168.2.99  -

-   Use of this feature requires that your kernel and iptabls +Use of this feature requires that your kernel and iptabls support CONNMARK target and conntrack match support. It does NOT require the ROUTE target extension.

-   WARNING: The current version of iptables (1.3.1) is broken +WARNING: The current version of iptables (1.3.1) is broken with respect to CONNMARK and iptables-save/iptables-restore. This means -that if you configure multiple ISPs, "shorewall restore" may
-   fail. You must patch your iptables using the patch at http://shorewall.net/pub/shorewall/contrib/iptables/CONNMARK.diff.

@@ -393,24 +405,30 @@ and an address or address range.
"ipp2p", a number, or "all". "ipp2p" -requires ipp2p match +requires
+                        +ipp2p match support in your kernel and iptables.

        PORT(S)         Destination Ports. A comma-separated list of Port names (from /etc/services), port + style="font-family: monospace;"> Port names (from /etc/services), port
+                        numbers or port ranges; if the protocol is "icmp", this -column is interpreted as the destination icmp-type(s).
+                        +destination icmp-type(s).

                        If the protocol is ipp2p, this column is interpreted as an ipp2p option -without the leading "--" +without the
+                        +leading "--" (example "bit" for bit-torrent). If no PORT is given, "ipp2p" is assumed.
@@ -418,7 +436,9 @@ assumed.
                        This column is ignored if PROTOCOL = all but must be entered if any of the -following field is +following
+                        +field is supplied. In that case, it is suggested that this field contain "-"
@@ -426,7 +446,8 @@ supplied. In that case, it is suggested that        SOURCE PORT(S)  (Optional) Source port(s). If omitted, any source port is acceptable. -Specified as a +Specified as a
+                        comma-separated list of port names, port numbers or port ranges.
@@ -440,7 +461,9 @@ Defines a test on the existing packet or                        The rule will match only if the test returns true. Tests have the format [!]<value>[/<mask>][:C]

+                        +[!]<value>[/<mask>][:C]

                        @@ -449,8 +472,9 @@ Where:
                                !       Inverts the test (not equal) <value> Value of the packet or connection mark.
+ style="font-family: monospace;">
+                                        +connection mark.

                                <mask>  A mask to be applied to the
                                :C      Designates a connection mark. If omitted, the packet mark's value is tested.
+ style="font-family: monospace;"> mark's value
+                                        +is tested.

        INTERFACE       The interface that the packet is to be routed out -of. If you do not specify this field then you must place "-" in this column and +of. If you do not specify this
+                        +field then you must place +"-" in this column and enter an IP address in the -GATEWAY column.
+GATEWAY
+                        +column.

        GATEWAY         The gateway diff --git a/Shorewall-Website/mailing_list.htm b/Shorewall-Website/mailing_list.htm index 60dfb9088..ec83067c0 100755 --- a/Shorewall-Website/mailing_list.htm +++ b/Shorewall-Website/mailing_list.htm @@ -27,7 +27,7 @@ Documentation License
-

2005-03-05
+

2005-06-14

See the Shorewall @@ -168,13 +168,13 @@ the Shorewall community.

To subscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-announce. + href="http://lists.sourceforge.net/mailman/listinfo/shorewall-announce" + target="_top">http://lists.sourceforge.net/mailman/listinfo/shorewall-announce.

The list archives are at http://lists.shorewall.net/pipermail/shorewall-announce. + href="http://sourceforge.net/mailarchive/forum.php?forum_id=45422">http://sourceforge.net/mailarchive/forum.php?forum_id=45422.

Shorewall Development Mailing List

The Shorewall Development Mailing list provides a forum