holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

More standards work

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1061 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-01-06 19:05:54 +00:00
parent d32a946a0f
commit dfe1ffbd37
7 changed files with 396 additions and 1926 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
Shorewall-docs/6to4.xml
View File

@ -21,10 +21,10 @@
</author>
</authorgroup>
<pubdate>2003-05-18</pubdate>
<pubdate>2004-01-05</pubdate>
<copyright>
<year>2003</year>
<year>2003-2004</year>
<holder>Eric de Thoars and Tom Eastep</holder>
</copyright>
@ -62,94 +62,47 @@
<para>We want systems in the 2002:100:333::/64 subnetwork to be able to
communicate with the systems in the 2002:488:999::/64 network. This is
accomplished through use of the /etc/shorewall/tunnels file and the
<quote>ip</quote> utility for network interface and routing configuration.</para>
accomplished through use of the <filename><filename>/etc/shorewall/tunnels</filename></filename>
file and the <quote>ip</quote> utility for network interface and routing
configuration.</para>
<para>Unlike GRE and IPIP tunneling, the /etc/shorewall/policy,
/etc/shorewall/interfaces and /etc/shorewall/zones files are not used.
There is no need to declare a zone to represent the remote IPv6 network.
This remote network is not visible on IPv4 interfaces and to iptables. All
that is visible on the IPv4 level is an IPv4 stream which contains IPv6
traffic. Separate IPv6 interfaces and ip6tables rules need to be defined
to handle this traffic.</para>
<para>Unlike GRE and IPIP tunneling, the <filename>/etc/shorewall/policy</filename>,
<filename>/etc/shorewall/interfaces</filename> and <filename>/etc/shorewall/zones</filename>
files are not used. There is no need to declare a zone to represent the
remote IPv6 network. This remote network is not visible on IPv4 interfaces
and to iptables. All that is visible on the IPv4 level is an IPv4 stream
which contains IPv6 traffic. Separate IPv6 interfaces and ip6tables rules
need to be defined to handle this traffic.</para>
<para>In /etc/shorewall/tunnels on system A, we need the following:</para>
<para>In <filename>/etc/shorewall/tunnels </filename>on system A, we need
the following:</para>
<informaltable>
<tgroup cols="4">
<thead>
<row>
<entry align="center">TYPE</entry>
<programlisting>#TYPE ZONE GATEWAY GATEWAY ZONE
6to4 net 134.28.54.2</programlisting>
<entry align="center">ZONE</entry>
<entry align="center">GATEWAY</entry>
<entry align="center">GATEWAY ZONE</entry>
</row>
</thead>
<tbody>
<row>
<entry>6to4</entry>
<entry>net</entry>
<entry>134.28.54.2</entry>
<entry></entry>
</row>
</tbody>
</tgroup>
</informaltable>
<para>This entry in /etc/shorewall/tunnels, opens the firewall so that the
IPv6 encapsulation protocol (41) will be accepted to/from the remote
gateway.</para>
<para>This entry in <filename>/etc/shorewall/tunnels</filename>, opens the
firewall so that the IPv6 encapsulation protocol (41) will be accepted
to/from the remote gateway.</para>
<para>Use the following commands to setup system A:</para>
<programlisting>&#62;ip tunnel add tun6to4 mode sit ttl 254 remote 134.28.54.2
&#62;ip link set dev tun6to4 up
&#62;ip addr add 3ffe:8280:0:2001::1/64 dev tun6to4
&#62;ip route add 2002:488:999::/64 via 3ffe:8280:0:2001::2</programlisting>
<programlisting>&#62;<command>ip tunnel add tun6to4 mode sit ttl 254 remote 134.28.54.2</command>
&#62;<command>ip link set dev tun6to4 up</command>
&#62;<command>ip addr add 3ffe:8280:0:2001::1/64 dev tun6to4</command>
&#62;<command>ip route add 2002:488:999::/64 via 3ffe:8280:0:2001::2</command></programlisting>
<para>Similarly, in /etc/shorewall/tunnels on system B we have:</para>
<para>Similarly, in <filename>/etc/shorewall/tunnels</filename> on system
B we have:</para>
<informaltable>
<tgroup cols="4">
<thead>
<row>
<entry align="center">TYPE</entry>
<entry align="center">ZONE</entry>
<entry align="center">GATEWAY</entry>
<entry align="center">GATEWAY ZONE</entry>
</row>
</thead>
<tbody>
<row>
<entry>6to4</entry>
<entry>net</entry>
<entry>206.191.148.9</entry>
<entry></entry>
</row>
</tbody>
</tgroup>
</informaltable>
<programlisting>#TYPE ZONE GATEWAY GATEWAY ZONE
6to4 net 206.191.148.9</programlisting>
<para>And use the following commands to setup system B:</para>
<programlisting>&#62;ip tunnel add tun6to4 mode sit ttl 254 remote 206.191.148.9
&#62;ip link set dev tun6to4 up
&#62;ip addr add 3ffe:8280:0:2001::2/64 dev tun6to4
&#62;ip route add 2002:100:333::/64 via 3ffe:8280:0:2001::1</programlisting>
<programlisting>&#62;<command>ip tunnel add tun6to4 mode sit ttl 254 remote 206.191.148.9</command>
&#62;<command>ip link set dev tun6to4 up</command>
&#62;<command>ip addr add 3ffe:8280:0:2001::2/64 dev tun6to4</command>
&#62;<command>ip route add 2002:100:333::/64 via 3ffe:8280:0:2001::1</command></programlisting>
<para>On both systems, restart Shorewall and issue the configuration
commands as listed above. The systems in both IPv6 subnetworks can now

10
Shorewall-docs/Accounting.xml
View File

@ -15,10 +15,10 @@
</author>
</authorgroup>
<pubdate>2003-12-06</pubdate>
<pubdate>2004-01-05</pubdate>
<copyright>
<year>2003</year>
<year>2003-2004</year>
<holder>Thomas M. Eastep</holder>
</copyright>
@ -98,13 +98,13 @@
<listitem>
<para><emphasis role="bold">PROTOCOL</emphasis> - A protocol name (from
/etc/protocols) or a protocol number.</para>
<filename>/etc/protocols</filename>) or a protocol number.</para>
</listitem>
<listitem>
<para><emphasis role="bold">DEST PORT</emphasis> - Destination Port
number. Service name from /etc/services or port number. May only be
specified if the protocol is TCP or UDP (6 or 17).</para>
number. Service name from <filename>/etc/services</filename> or port
number. May only be specified if the protocol is TCP or UDP (6 or 17).</para>
</listitem>
<listitem>

2013
Shorewall-docs/Documentation.xml
View File

File diff suppressed because it is too large Load Diff

24
Shorewall-docs/blacklisting_support.xml
View File

@ -15,10 +15,10 @@
</author>
</authorgroup>
<pubdate>2003-11-14</pubdate>
<pubdate>2004-01-05</pubdate>
<copyright>
<year>2002-2003</year>
<year>2002-2004</year>
<holder>Thomas M. Eastep</holder>
</copyright>
@ -70,18 +70,18 @@
<listitem>
<para>You specify whether you want packets from blacklisted hosts
dropped or rejected using the BLACKLIST_DISPOSITION setting in <ulink
url="Documentation.htm#Config">/etc/shorewall/shorewall.conf.</ulink></para>
url="Documentation.htm#Config"><filename>/etc/shorewall/shorewall.conf</filename>.</ulink></para>
</listitem>
<listitem>
<para>You specify whether you want packets from blacklisted hosts
logged and at what syslog level using the BLACKLIST_LOGLEVEL setting
in <ulink url="Documentation.htm#Config">/etc/shorewall/shorewall.conf</ulink>.</para>
in <ulink url="Documentation.htm#Config"><filename>/etc/shorewall/shorewall.conf</filename></ulink>.</para>
</listitem>
<listitem>
<para>You list the IP addresses/subnets that you wish to blacklist in
<ulink url="Documentation.htm#Blacklist">/etc/shorewall/blacklist</ulink>.
<ulink url="Documentation.htm#Blacklist"><filename>/etc/shorewall/blacklist</filename></ulink>.
Beginning with Shorewall version 1.3.8, you may also specify PROTOCOL
and Port numbers/Service names in the blacklist file.</para>
</listitem>
@ -89,13 +89,13 @@
<listitem>
<para>You specify the interfaces whose incoming packets you want
checked against the blacklist using the <quote>blacklist</quote>
option in <ulink url="Documentation.htm#Interfaces">/etc/shorewall/interfaces</ulink>.</para>
option in <ulink url="Documentation.htm#Interfaces"><filename>/etc/shorewall/interfaces</filename></ulink>.</para>
</listitem>
<listitem>
<para>The black list is refreshed from /etc/shorewall/blacklist by the
<quote><ulink url="starting_and_stopping_shorewall.htm">shorewall
refresh</ulink></quote> command.</para>
<para>The black list is refreshed from <filename>/etc/shorewall/blacklist</filename>
by the <quote><ulink url="starting_and_stopping_shorewall.htm"><command>shorewall
refresh</command></ulink></quote> command.</para>
</listitem>
</itemizedlist>
</section>
@ -137,12 +137,12 @@
</itemizedlist>
<para>Dynamic blacklisting is not dependent on the <quote>blacklist</quote>
option in /etc/shorewall/interfaces.</para>
option in <filename>/etc/shorewall/interfaces</filename>.</para>
<example>
<title>Ingore packets from a pair of systems</title>
<programlisting> shorewall drop 192.0.2.124 192.0.2.125</programlisting>
<programlisting> <command>shorewall drop 192.0.2.124 192.0.2.125</command></programlisting>
<para>Drops packets from hosts 192.0.2.124 and 192.0.2.125</para>
</example>
@ -150,7 +150,7 @@
<example>
<title>Re-enable packetes from a system</title>
<programlisting> shorewall allow 192.0.2.125</programlisting>
<programlisting> <command>shorewall allow 192.0.2.125</command></programlisting>
<para>Re-enables traffic from 192.0.2.125.</para>
</example>

140
Shorewall-docs/configuration_file_basics.xml
View File

@ -15,10 +15,10 @@
</author>
</authorgroup>
<pubdate>2003-11-20</pubdate>
<pubdate>2004-01-05</pubdate>
<copyright>
<year>2001-2003</year>
<year>2001-2004</year>
<holder>Thomas M. Eastep</holder>
</copyright>
@ -43,45 +43,45 @@
<section id="Files">
<title>Files</title>
<para><itemizedlist><listitem><para>/etc/shorewall/shorewall.conf - used
to set several firewall parameters.</para></listitem><listitem><para>/etc/shorewall/params
<para><itemizedlist><listitem><para><filename>/etc/shorewall/shorewall.conf</filename>
- used to set several firewall parameters.</para></listitem><listitem><para><filename>/etc/shorewall/params</filename>
- use this file to set shell variables that you will expand in other
files.</para></listitem><listitem><para>/etc/shorewall/zones - partition
the firewall&#39;s view of the world into zones.</para></listitem><listitem><para>/etc/shorewall/policy
- establishes firewall high-level policy.</para></listitem><listitem><para>/etc/shorewall/interfaces
- describes the interfaces on the firewall system.</para></listitem><listitem><para>/etc/shorewall/hosts
- allows defining zones in terms of individual hosts and subnetworks.</para></listitem><listitem><para>/etc/shorewall/masq
files.</para></listitem><listitem><para><filename>/etc/shorewall/zones</filename>
- partition the firewall&#39;s view of the world into zones.</para></listitem><listitem><para><filename>/etc/shorewall/policy</filename>
- establishes firewall high-level policy.</para></listitem><listitem><para><filename>/etc/shorewall/interfaces</filename>
- describes the interfaces on the firewall system.</para></listitem><listitem><para><filename>/etc/shorewall/hosts</filename>
- allows defining zones in terms of individual hosts and subnetworks.</para></listitem><listitem><para><filename>/etc/shorewall/masq</filename>
- directs the firewall where to use many-to-one (dynamic) Network Address
Translation (a.k.a. Masquerading) and Source Network Address Translation
(SNAT).</para></listitem><listitem><para>/etc/shorewall/modules - directs
the firewall to load kernel modules.</para></listitem><listitem><para>/etc/shorewall/rules
(SNAT).</para></listitem><listitem><para><filename>/etc/shorewall/modules</filename>
- directs the firewall to load kernel modules.</para></listitem><listitem><para><filename>/etc/shorewall/rules</filename>
- defines rules that are exceptions to the overall policies established in
/etc/shorewall/policy.</para></listitem><listitem><para>/etc/shorewall/nat
- defines one-to-one NAT rules.</para></listitem><listitem><para>/etc/shorewall/proxyarp
- defines use of Proxy ARP.</para></listitem><listitem><para>/etc/shorewall/routestopped
/etc/shorewall/policy.</para></listitem><listitem><para><filename>/etc/shorewall/nat</filename>
- defines one-to-one NAT rules.</para></listitem><listitem><para><filename>/etc/shorewall/proxyarp</filename>
- defines use of Proxy ARP.</para></listitem><listitem><para><filename>/etc/shorewall/routestopped</filename>
(Shorewall 1.3.4 and later) - defines hosts accessible when Shorewall is
stopped.</para></listitem><listitem><para>/etc/shorewall/tcrules - defines
marking of packets for later use by traffic control/shaping or policy
routing.</para></listitem><listitem><para>/etc/shorewall/tos - defines
rules for setting the TOS field in packet headers.</para></listitem><listitem><para>/etc/shorewall/tunnels
stopped.</para></listitem><listitem><para><filename>/etc/shorewall/tcrules
</filename>- defines marking of packets for later use by traffic
control/shaping or policy routing.</para></listitem><listitem><para><filename>/etc/shorewall/tos</filename>
- defines rules for setting the TOS field in packet headers.</para></listitem><listitem><para><filename>/etc/shorewall/tunnels</filename>
- defines IPSEC, GRE and IPIP tunnels with end-points on the firewall
system.</para></listitem><listitem><para>/etc/shorewall/blacklist - lists
blacklisted IP/subnet/MAC addresses.</para></listitem><listitem><para>/etc/shorewall/init
system.</para></listitem><listitem><para><filename>/etc/shorewall/blacklist</filename>
- lists blacklisted IP/subnet/MAC addresses.</para></listitem><listitem><para><filename>/etc/shorewall/init</filename>
- commands that you wish to execute at the beginning of a <quote>shorewall
start</quote> or <quote>shorewall restart</quote>.</para></listitem><listitem><para>/etc/shorewall/start
start</quote> or <quote>shorewall restart</quote>.</para></listitem><listitem><para><filename>/etc/shorewall/start</filename>
- commands that you wish to execute at the completion of a <quote>shorewall
start</quote> or <quote>shorewall restart</quote></para></listitem><listitem><para>/etc/shorewall/stop
- commands that you wish to execute at the beginning of a <quote>shorewall
stop</quote>.</para></listitem><listitem><para>/etc/shorewall/stopped -
commands that you wish to execute at the completion of a <quote>shorewall
stop</quote>.</para></listitem><listitem><para>/etc/shorewall/ecn -
disable Explicit Congestion Notification (ECN - RFC 3168) to remote hosts
or networks.</para></listitem><listitem><para>/etc/shorewall/accounting -
define IP traffic accounting rules</para></listitem><listitem><para>/etc/shorewall/usersets
start</quote> or <quote>shorewall restart</quote></para></listitem><listitem><para><filename>/etc/shorewall/stop
</filename>- commands that you wish to execute at the beginning of a
<quote>shorewall stop</quote>.</para></listitem><listitem><para><filename>/etc/shorewall/stopped</filename>
- commands that you wish to execute at the completion of a <quote>shorewall
stop</quote>.</para></listitem><listitem><para><filename>/etc/shorewall/ecn</filename>
- disable Explicit Congestion Notification (ECN - RFC 3168) to remote
hosts or networks.</para></listitem><listitem><para><filename>/etc/shorewall/accounting</filename>
- define IP traffic accounting rules</para></listitem><listitem><para><filename>/etc/shorewall/usersets</filename>
and /etc/shorewall/users - define sets of users/groups with similar access
rights</para></listitem><listitem><para>/etc/shorewall/actions and
/etc/shorewall/action.template - define your own actions for rules in
/etc/shorewall/rules (shorewall 1.4.9 and later).</para></listitem></itemizedlist></para>
rights</para></listitem><listitem><para><filename>/etc/shorewall/actions</filename>
and <filename>/etc/shorewall/action.template</filename> - define your own
actions for rules in /etc/shorewall/rules (shorewall 1.4.9 and later).</para></listitem></itemizedlist></para>
</section>
<section id="Comments">
@ -199,13 +199,13 @@ smtp,www,pop3,imap #Services running on the firewall</programlisting>
<itemizedlist>
<listitem>
<para>If your /etc/resolv.conf is wrong then your firewall won&#39;t
start.</para>
<para>If your <filename>/etc/resolv.conf </filename>is wrong then your
firewall won&#39;t start.</para>
</listitem>
<listitem>
<para>If your /etc/nsswitch.conf is wrong then your firewall won&#39;t
start.</para>
<para>If your <filename>/etc/nsswitch.conf</filename> is wrong then
your firewall won&#39;t start.</para>
</listitem>
<listitem>
@ -274,7 +274,7 @@ smtp,www,pop3,imap #Services running on the firewall</programlisting>
</listitem>
<listitem>
<para>In the /etc/shorewall/nat file.</para>
<para>In the <filename>/etc/shorewall/nat</filename> file.</para>
</listitem>
</itemizedlist>
@ -299,8 +299,7 @@ smtp,www,pop3,imap #Services running on the firewall</programlisting>
<itemizedlist>
<listitem>
<para>Must not have any embedded white space.<programlisting> Valid: routefilter,dhcp,norfc1918
Invalid: routefilter,&#x00A0;&#x00A0;&#x00A0;&#x00A0; dhcp,&#x00A0;&#x00A0;&#x00A0;&#x00A0; norfc1818
</programlisting></para>
Invalid: routefilter,&#x00A0;&#x00A0;&#x00A0;&#x00A0; dhcp,&#x00A0;&#x00A0;&#x00A0;&#x00A0; norfc1818</programlisting></para>
</listitem>
<listitem>
@ -330,45 +329,8 @@ smtp,www,pop3,imap #Services running on the firewall</programlisting>
want to forward the range of tcp ports 4000 through 4100 to local host
192.168.1.3, the entry in /etc/shorewall/rules is:</para>
<informaltable>
<tgroup cols="7">
<thead>
<row>
<entry align="center">ACTION</entry>
<entry align="center">SOURCE</entry>
<entry align="center">DESTINATION</entry>
<entry align="center">PROTOCOL</entry>
<entry align="center">PORT(S)</entry>
<entry align="center">SOURCE PORT(S)</entry>
<entry align="center">ORIGINAL DEST</entry>
</row>
</thead>
<tbody>
<row>
<entry>DNAT</entry>
<entry>net</entry>
<entry>loc:192.168.1.3 tcp</entry>
<entry>tcp</entry>
<entry>4000:4100</entry>
<entry></entry>
<entry></entry>
</row>
</tbody>
</tgroup>
</informaltable>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORTS(S)
DNAT net loc:192.168.1.3 tcp 4000:4100</programlisting>
<para>If you omit the low port number, a value of zero is assumed; if you
omit the high port number, a value of 65535 is assumed.</para>
@ -423,7 +385,7 @@ smtp,www,pop3,imap #Services running on the firewall</programlisting>
<example>
<title>MAC Address of a NIC</title>
<programlisting> &#x00A0;&#x00A0;&#x00A0;&#x00A0; [root@gateway root]# ifconfig eth0
<programlisting> &#x00A0;&#x00A0;&#x00A0;&#x00A0; [root@gateway root]# <command>ifconfig eth0</command>
&#x00A0;&#x00A0;&#x00A0;&#x00A0; eth0 Link encap:Ethernet HWaddr <emphasis
role="bold">02:00:08:E3:FA:55</emphasis>
&#x00A0;&#x00A0;&#x00A0;&#x00A0; inet addr:206.124.146.176 Bcast:206.124.146.255 Mask:255.255.255.0
@ -444,7 +406,8 @@ role="bold">02:00:08:E3:FA:55</emphasis>
<note>
<para>It is not necessary to use the special Shorewall notation in the
<ulink url="MAC_Validation.html">/etc/shorewall/maclist</ulink> file.</para>
<filename><ulink url="MAC_Validation.html">/etc/shorewall/maclist</ulink></filename>
file.</para>
</note>
</section>
@ -452,12 +415,13 @@ role="bold">02:00:08:E3:FA:55</emphasis>
<title>Shorewall Configurations</title>
<para>Shorewall allows you to have configuration directories other than
/etc/shorewall. The shorewall check, start and restart commands allow you
to specify an alternate configuration directory and Shorewall will use the
files in the alternate directory rather than the corresponding files in
/etc/shorewall. The alternate directory need not contain a complete
configuration; those files not in the alternate directory will be read
from /etc/shorewall.</para>
<filename class="directory">/etc/shorewall</filename>. The shorewall
check, start and restart commands allow you to specify an alternate
configuration directory and Shorewall will use the files in the alternate
directory rather than the corresponding files in /etc/shorewall. The
alternate directory need not contain a complete configuration; those files
not in the alternate directory will be read from <filename
class="directory">/etc/shorewall</filename>.</para>
<para>This facility permits you to easily create a test or temporary
configuration by</para>
@ -474,8 +438,8 @@ role="bold">02:00:08:E3:FA:55</emphasis>
<listitem>
<para>specifying the separate directory in a shorewall start or
shorewall restart command (e.g., <emphasis role="bold">shorewall -c
/etc/testconfig restart</emphasis> )</para>
shorewall restart command (e.g., <command>shorewall -c /etc/testconfig
restart</command> )</para>
</listitem>
</orderedlist>

11
Shorewall-docs/dhcp.xml
View File

@ -41,14 +41,15 @@
<itemizedlist>
<listitem>
<para>Specify the <quote>dhcp</quote> option on each interface to be
served by your server in the /etc/shorewall/interfaces file. This will
generate rules that will allow DHCP to and from your firewall system.</para>
served by your server in the <filename>/etc/shorewall/interfaces</filename>
file. This will generate rules that will allow DHCP to and from your
firewall system.</para>
</listitem>
<listitem>
<para>When starting <quote>dhcpd</quote>, you need to list those
interfaces on the run line. On a RedHat system, this is done by
modifying /etc/sysconfig/dhcpd.</para>
modifying <filename>/etc/sysconfig/dhcpd</filename>.</para>
</listitem>
</itemizedlist>
</section>
@ -59,7 +60,7 @@
<itemizedlist>
<listitem>
<para>Specify the <quote>dhcp</quote> option for this interface in the
<ulink url="Documentation.htm#Interfaces">/etc/shorewall/interfaces</ulink>
<ulink url="Documentation.htm#Interfaces"><filename>/etc/shorewall/interfaces</filename></ulink>
file.&#x00A0;This will generate rules that will allow DHCP to and from
your firewall system.</para>
</listitem>
@ -74,7 +75,7 @@
<listitem>
<para>If you don&#39;t know the subnet address in advance, you should
specify <quote>detect</quote> for the interface&#39;s subnet address
in the <ulink url="Documentation.htm#Interfaces">/etc/shorewall/interfaces</ulink>
in the <ulink url="Documentation.htm#Interfaces"><filename>/etc/shorewall/interfaces</filename></ulink>
file and start Shorewall after the interface has started.</para>
</listitem>

15
Shorewall-docs/troubleshoot.xml
View File

@ -13,7 +13,7 @@
<surname>Eastep</surname>
</author>
<pubdate>2004-01-01</pubdate>
<pubdate>2004-01-06</pubdate>
<copyright>
<year>2001-2004</year>
@ -51,6 +51,14 @@
sure that there isn&#39;t an update that you are missing for your
version of the firewall.</para>
</section>
<section>
<title>Try Searching the Shorewall Site and Mailing List Archives</title>
<para>The <ulink url="http://lists.shorewall.net/htdig/search.html">Site
and Mailing List Archives search facility</ulink> can locate documents
and posts about similar problems.</para>
</section>
</section>
<section>
@ -347,8 +355,9 @@ DROP net fw icmp echo-request</programlist
<appendix>
<title>Revision History</title>
<para><revhistory><revision><revnumber>1.2</revnumber><date>2004-01-01</date><authorinitials>TE</authorinitials><revremark>Added
information about eliminating ping-generated log messages.</revremark></revision><revision><revnumber>1.1</revnumber><date>2003-12-22</date><authorinitials>TE</authorinitials><revremark>Initial
<para><revhistory><revision><revnumber>1.6</revnumber><date>2005-01-06</date><authorinitials>TE</authorinitials><revremark>Add
pointer to Site and Mailing List Archives Searches.</revremark></revision><revision><revnumber>1.5</revnumber><date>2004-01-01</date><authorinitials>TE</authorinitials><revremark>Added
information about eliminating ping-generated log messages.</revremark></revision><revision><revnumber>1.4</revnumber><date>2003-12-22</date><authorinitials>TE</authorinitials><revremark>Initial
Docbook Conversion</revremark></revision></revhistory></para>
</appendix>
</article>