From d7c95d6fa4ce22a995bf4cc35afcb55da1a9b2ff Mon Sep 17 00:00:00 2001 From: teastep Date: Fri, 26 Dec 2003 21:00:36 +0000 Subject: [PATCH] Convert kernel.htm to Docbook XML git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@982 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-docs/kernel.htm | 81 -------------------- Shorewall-docs/kernel.xml | 152 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 152 insertions(+), 81 deletions(-) delete mode 100644 Shorewall-docs/kernel.htm create mode 100644 Shorewall-docs/kernel.xml diff --git a/Shorewall-docs/kernel.htm b/Shorewall-docs/kernel.htm deleted file mode 100644 index c9efc02ae..000000000 --- a/Shorewall-docs/kernel.htm +++ /dev/null @@ -1,81 +0,0 @@ - - - - - Shorewall Kernel Configuration - - - - -

Kernel Configuration
-

-

For information regarding configuring and building GNU/Linux -kernels, see -http://www.kernelnewbies.org.

-

Here's a screen shot of my Network Options Configuration:

-
-

 

-
-

While not all of the options that I've selected are required, they -should be sufficient for most applications. Here's an excerpt from the -corresponding .config file (Note: If you are running a kernel older -than 2.4.17, be sure to select CONFIG_NETLINK and CONFIG_RTNETLINK):

-
-

#
-# Networking options
-#
-CONFIG_PACKET=y
-# CONFIG_PACKET_MMAP is not set
-# CONFIG_NETLINK_DEV is not set
-CONFIG_NETFILTER=y
-# CONFIG_NETFILTER_DEBUG is not set
-CONFIG_FILTER=y
-CONFIG_UNIX=y
-CONFIG_INET=y
-CONFIG_IP_MULTICAST=y
-CONFIG_IP_ADVANCED_ROUTER=y
-CONFIG_IP_MULTIPLE_TABLES=y
-CONFIG_IP_ROUTE_FWMARK=y
-CONFIG_IP_ROUTE_NAT=y
-CONFIG_IP_ROUTE_MULTIPATH=y
-CONFIG_IP_ROUTE_TOS=y
-CONFIG_IP_ROUTE_VERBOSE=y
-# CONFIG_IP_ROUTE_LARGE_TABLES is not set
-# CONFIG_IP_PNP is not set
-CONFIG_NET_IPIP=y
-CONFIG_NET_IPGRE=y
-# CONFIG_NET_IPGRE_BROADCAST is not set
-# CONFIG_IP_MROUTE is not set
-# CONFIG_ARPD is not set
-CONFIG_INET_ECN=y
-CONFIG_SYN_COOKIES=y
-

-
-

Here's a screen shot of my Netfilter configuration:

-
-

(Netfilter Options)
-

-
-

Note that I have built everything I need as modules. You can also -build -everything into your kernel but if you want to be able to deal with FTP -running -on a non-standard port then I recommend that you modularize FTP -Protocol -support.
-

-

Here's the corresponding part of my .config file:
-

-
- 
#
#   IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_TFTP=m
# CONFIG_IP_NF_IRC is not set
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
# CONFIG_IP_NF_MATCH_TTL is not set
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_HELPER=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_CONNTRACK=m
CONFIG_IP_NF_MATCH_UNCLEAN=m
# CONFIG_IP_NF_MATCH_OWNER is not set
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
# CONFIG_IP_NF_TARGET_MIRROR is not set
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_NAT_LOCAL=y
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
# CONFIG_IP_NF_COMPAT_IPCHAINS is not set
# CONFIG_IP_NF_COMPAT_IPFWADM is not set
-
-

Last updated 7/20/2003 - Tom Eastep

-Copyright © 2001-2003,  Thomas M. Eastep.
-
- - diff --git a/Shorewall-docs/kernel.xml b/Shorewall-docs/kernel.xml new file mode 100644 index 000000000..b4c4475f8 --- /dev/null +++ b/Shorewall-docs/kernel.xml @@ -0,0 +1,152 @@ + + +
+ + + + Kernel Configuration + + + + Tom + + Eastep + + + + 2003-07-20 + + + 2001-2003 + + Thomas M. Eastep + + + + Permission is granted to copy, distribute and/or modify this + document under the terms of the GNU Free Documentation License, Version + 1.2 or any later version published by the Free Software Foundation; with + no Invariant Sections, with no Front-Cover, and with no Back-Cover + Texts. A copy of the license is included in the section entitled + GNU Free Documentation License. + + + + + For information regarding configuring and building GNU/Linux + kernels, see http://www.kernelnewbies.org. + + +
+ Network Options Configuration + + Here's a screen shot of my Network Options Configuration: + + While not all of the options that I've selected are required, + they should be sufficient for most applications. Here's an excerpt + from the corresponding .config file (Note: If you are running a kernel + older than 2.4.17, be sure to select CONFIG_NETLINK and CONFIG_RTNETLINK): + +
+ # + # Networking options + # + CONFIG_PACKET=y + # CONFIG_PACKET_MMAP is not set + # CONFIG_NETLINK_DEV is not set + CONFIG_NETFILTER=y + # CONFIG_NETFILTER_DEBUG is not set + CONFIG_FILTER=y + CONFIG_UNIX=y + CONFIG_INET=y + CONFIG_IP_MULTICAST=y + CONFIG_IP_ADVANCED_ROUTER=y + CONFIG_IP_MULTIPLE_TABLES=y + CONFIG_IP_ROUTE_FWMARK=y + CONFIG_IP_ROUTE_NAT=y + CONFIG_IP_ROUTE_MULTIPATH=y + CONFIG_IP_ROUTE_TOS=y + CONFIG_IP_ROUTE_VERBOSE=y + # CONFIG_IP_ROUTE_LARGE_TABLES is not set + # CONFIG_IP_PNP is not set + CONFIG_NET_IPIP=y + CONFIG_NET_IPGRE=y + # CONFIG_NET_IPGRE_BROADCAST is not set + # CONFIG_IP_MROUTE is not set + # CONFIG_ARPD is not set + CONFIG_INET_ECN=y + CONFIG_SYN_COOKIES=y +
+
+ +
+ Netfilter Configuration + + Here's a screen shot of my Netfilter configuration: + + Note that I have built everything I need as modules. You can also + build everything into your kernel but if you want to be able to deal with + FTP running on a non-standard port then I recommend that you modularize + FTP Protocol support. + + Here's the corresponding part of my .config file: + +
+ # +#   IP: Netfilter Configuration +# +CONFIG_IP_NF_CONNTRACK=m +CONFIG_IP_NF_FTP=m +CONFIG_IP_NF_AMANDA=m +CONFIG_IP_NF_TFTP=m +# CONFIG_IP_NF_IRC is not set +# CONFIG_IP_NF_QUEUE is not set +CONFIG_IP_NF_IPTABLES=m +CONFIG_IP_NF_MATCH_LIMIT=m +CONFIG_IP_NF_MATCH_MAC=m +CONFIG_IP_NF_MATCH_PKTTYPE=m +CONFIG_IP_NF_MATCH_MARK=m +CONFIG_IP_NF_MATCH_MULTIPORT=m +CONFIG_IP_NF_MATCH_TOS=m +CONFIG_IP_NF_MATCH_ECN=m +CONFIG_IP_NF_MATCH_DSCP=m +CONFIG_IP_NF_MATCH_AH_ESP=m +CONFIG_IP_NF_MATCH_LENGTH=m +# CONFIG_IP_NF_MATCH_TTL is not set +CONFIG_IP_NF_MATCH_TCPMSS=m +CONFIG_IP_NF_MATCH_HELPER=m +CONFIG_IP_NF_MATCH_STATE=m +CONFIG_IP_NF_MATCH_CONNTRACK=m +CONFIG_IP_NF_MATCH_UNCLEAN=m +# CONFIG_IP_NF_MATCH_OWNER is not set +CONFIG_IP_NF_FILTER=m +CONFIG_IP_NF_TARGET_REJECT=m +# CONFIG_IP_NF_TARGET_MIRROR is not set +CONFIG_IP_NF_NAT=m +CONFIG_IP_NF_NAT_NEEDED=y +CONFIG_IP_NF_TARGET_MASQUERADE=m +CONFIG_IP_NF_TARGET_REDIRECT=m +CONFIG_IP_NF_NAT_AMANDA=m +CONFIG_IP_NF_NAT_LOCAL=y +# CONFIG_IP_NF_NAT_SNMP_BASIC is not set +CONFIG_IP_NF_NAT_FTP=m +CONFIG_IP_NF_NAT_TFTP=m +CONFIG_IP_NF_MANGLE=m +CONFIG_IP_NF_TARGET_TOS=m +CONFIG_IP_NF_TARGET_ECN=m +CONFIG_IP_NF_TARGET_DSCP=m +CONFIG_IP_NF_TARGET_MARK=m +CONFIG_IP_NF_TARGET_LOG=m +CONFIG_IP_NF_TARGET_ULOG=m +CONFIG_IP_NF_TARGET_TCPMSS=m +CONFIG_IP_NF_ARPTABLES=m +CONFIG_IP_NF_ARPFILTER=m +# CONFIG_IP_NF_COMPAT_IPCHAINS is not set +# CONFIG_IP_NF_COMPAT_IPFWADM is not set + +
+
+
\ No newline at end of file