diff --git a/docs/CompiledPrograms.xml b/docs/CompiledPrograms.xml
index 72fdd262b..0f4f0d736 100644
--- a/docs/CompiledPrograms.xml
+++ b/docs/CompiledPrograms.xml
@@ -263,7 +263,8 @@
On the administrative system, for each firewall system you do
- the following (this may be done by a non-root user):
+ the following (this may be done by a non-root user who has root ssh
+ access to the firewall system):
@@ -284,7 +285,7 @@
cd <configuration directory>
-/sbin/shorewall load . firewall
+/sbin/shorewall load firewall
The load
@@ -292,9 +293,28 @@
the current working directory, copies that file to the remote
system via scp and starts Shorewall Lite on the remote system via
ssh.
+
+ Example (firewall's DNS name is 'gateway'):
+
+ /sbin/shorewall load gateway
+
+
+ If you later need to change the firewall's configuration, change
+ the appropriate files in the firewall's configuration directory
+ then:
+
+ cd <configuration directory>
+/sbin/shorewall reload firewall
+
+ The reload
+ command compiles a firewall script from the configuration files in the
+ current working directory, copies that file to the remote system via
+ scp and restarts Shorewall Lite on the remote system via ssh.
+
The /sbin/shorewall-lite program included with
@@ -342,7 +362,7 @@
Converting a firewall system that is currently running Shorewall
to run Shorewall Lite instead is straight-forward.
-
+
On the administrative system, create a configuration directory
for the firewall system.
@@ -394,8 +414,9 @@
Also, edit the shorewall.conf file in the firewall's
configuration directory and change the CONFIG_PATH setting to remove
- /etc/shorewall. You can replace it with
- /usr/share/shorewall/configfiles if you
+ /etc/shorewall. You can
+ replace it with /usr/share/shorewall/configfiles if you
like.
Example:
@@ -410,6 +431,10 @@
CONFIG_PATH=/usr/share/shorewall/configfiles:/usr/share/shorewall
+ Changing CONFIG_PATH will ensure that subsequent compilations
+ using the configuration directory will not include any files from
+ /etc/shorewall.
+
After having made the above changes to the firewall's
configuration directory, execute the following commands:
@@ -417,7 +442,7 @@
/sbin/shorewall load <firewall system>
- Example:
+ Example (firewall's DNS name is 'gateway'):
/sbin/shorewall load gateway
@@ -428,6 +453,22 @@
via scp and starts Shorewall Lite on the remote system via
ssh.
+
+
+ If you later need to change the firewall's configuration,
+ change the appropriate files in the firewall's configuration
+ directory then:
+
+ cd <configuration directory>
+/sbin/shorewall reload firewall
+
+ The reload
+ command compiles a firewall script from the configuration files in
+ the current working directory, copies that file to the remote system
+ via scp and restarts Shorewall Lite on the remote system via
+ ssh.
+