holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Update the Shorewall-Lite article

Browse Source 
- Mention shorewallrc
- Mention that /etc/shorewall/shorewall.conf is no longer read when the
  configuration directory has a shorewall.conf file.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-09-02 09:10:19 -07:00
parent 9c6d4f90fb
commit f5e1a42ac9
1 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
docs/Shorewall-Lite.xml
View File

@ -248,7 +248,8 @@
command, Shorewall will use ssh to run command, Shorewall will use ssh to run
<filename>/usr/share/shorewall-lite/shorecap</filename> on the <filename>/usr/share/shorewall-lite/shorecap</filename> on the
remote firewall to create a capabilities file in the firewall's remote firewall to create a capabilities file in the firewall's
administrative direction. See <link administrative direction. It also uses scp to copy the
shorewallrc file from the remote firewall system. See <link
linkend="Shorecap">below</link>.</para> linkend="Shorecap">below</link>.</para>
</listitem> </listitem>
</orderedlist> </orderedlist>
@ -592,8 +593,9 @@
command:</para> command:</para>
<blockquote> <blockquote>
<para><command>shorewall compile [ -e ] [ &lt;directory name&gt; ] [ <para><command>shorewall compile [ -e ] [ <replaceable>&lt;directory
&lt;path name&gt; ]</command></para> name&gt;</replaceable> ] [ <replaceable>&lt;path name&gt;</replaceable>
]</command></para>
</blockquote> </blockquote>
<para>where</para> <para>where</para>
@ -615,6 +617,11 @@
supports. It rather reads those capabilities from supports. It rather reads those capabilities from
<filename>/etc/shorewall/capabilities</filename>. See below for <filename>/etc/shorewall/capabilities</filename>. See below for
details.</para> details.</para>
<para>Also, when <option>-e</option> is specified you should have
a copy of the remote firewall's <filename>shorewallrc</filename>
file in the the directory specified by <replaceable>&lt;directory
name&gt;</replaceable>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -626,12 +633,19 @@
before those directories listed in the CONFIG_PATH variable in before those directories listed in the CONFIG_PATH variable in
<filename>shorewall.conf</filename>.</para> <filename>shorewall.conf</filename>.</para>
<para>When -e &lt;directory-name&gt; is included, only the <para>When -e <replaceable>&lt;directory-name&gt;</replaceable> is
SHOREWALL_SHELL and VERBOSITY settings from included, only the SHOREWALL_SHELL and VERBOSITY settings from
<filename>/etc/shorewall/shorewall.conf</filename> are used and <filename>/etc/shorewall/shorewall.conf</filename> are used and
these apply only to the compiler itself. The settings used by the these apply only to the compiler itself. The settings used by the
compiled firewall script are determined by the contents of compiled firewall script are determined by the contents of
<filename>&lt;directory name&gt;/shorewall.conf</filename>.</para> <filename>&lt;directory name&gt;/shorewall.conf</filename>.</para>
<note>
<para>Beginning with Shorewall 4.5.7.2,
<filename>/etc/shorewall/shorewall.conf</filename> is not read
if there is a <filename>shorewall.conf</filename> file in the
specified configuration directory.</para>
</note>
</listitem> </listitem>
</varlistentry> </varlistentry>