forked from extern/shorewall_code
Minor tweak to scalability doc
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8718 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
fbf1b8db12
commit
f869d3d18b
26
docs/FAQ.xml
26
docs/FAQ.xml
@ -1959,6 +1959,19 @@ iptables: Invalid argument
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
</section>
|
||||
|
||||
<section id="faq78">
|
||||
<title>(FAQ 78) After restart and bootup of my Debian firewall, all
|
||||
traffic is blocked for hosts behind the firewall trying to connect out
|
||||
onto the net or through the vpn (although i can reach the internal
|
||||
firewall interface and obtain dumps etc). Once I issue 'shorewall clear'
|
||||
followed by 'shorewall restart' it then works, despite the config not
|
||||
changing</title>
|
||||
|
||||
<para><emphasis role="bold">Answer:</emphasis> Set IP_FORWARDING=On in
|
||||
<filename><ulink
|
||||
url="manpages/shorewall.conf.html">/etc/shorewall/shorewall.conf</ulink></filename>.</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section id="MultiISP">
|
||||
@ -1998,19 +2011,6 @@ iptables: Invalid argument
|
||||
will have mark = 1 and will be sent via ISP1. That will work whether
|
||||
<emphasis role="bold">balance</emphasis> is specified or not!</para>
|
||||
</section>
|
||||
|
||||
<section id="faq78">
|
||||
<title>(FAQ 78) After restart and bootup of my Debian firewall, all
|
||||
traffic is blocked for hosts behind the firewall trying to connect out
|
||||
onto the net or through the vpn (although i can reach the internal
|
||||
firewall interface and obtain dumps etc). Once I issue 'shorewall clear'
|
||||
followed by 'shorewall restart' it then works, despite the config not
|
||||
changing</title>
|
||||
|
||||
<para><emphasis role="bold">Answer:</emphasis> Set IP_FORWARDING=On in
|
||||
<filename><ulink
|
||||
url="manpages/shorewall.conf.html">/etc/shorewall/shorewall.conf</ulink></filename>.</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section id="TC">
|
||||
|
@ -109,11 +109,11 @@
|
||||
<section id="Shorewall">
|
||||
<title>Scaling within the Shorewall Code</title>
|
||||
|
||||
<para>Shorewall is written entirely in Bourne Shell. While this allows
|
||||
Shorewall to run on a wide range of distributions (included embedded
|
||||
ones), the shell programming environment is not ideal for writing the
|
||||
compiler portion of Shorewall. As a consequence, the code must repeatedly
|
||||
perform sequential searches of lists. If a list has <emphasis
|
||||
<para>Shorewall-shell is written entirely in Bourne Shell. While this
|
||||
allows Shorewall to run on a wide range of distributions (included
|
||||
embedded ones), the shell programming environment is not ideal for writing
|
||||
the compiler portion of Shorewall. As a consequence, the code must
|
||||
repeatedly perform sequential searches of lists. If a list has <emphasis
|
||||
role="bold">N</emphasis> elements and a sequential search is made for each
|
||||
of those elements, then the number of comparisons is 1 + 2 + 3 + .... +
|
||||
<emphasis role="bold">N</emphasis> = <emphasis role="bold">N</emphasis> *
|
||||
@ -157,8 +157,8 @@
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Use NONE policies wherever appropriate. This helps especially
|
||||
in the rules activation phase of both script compilation and
|
||||
<para>Use NONE policies wherever appropriate. This helps especially in
|
||||
the rules activation phase of both script compilation and
|
||||
execution.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
@ -209,4 +209,4 @@ ACCEPT $HOSTS </programlisting>
|
||||
# PORT PORT(S) DEST LIMIT GROUP
|
||||
AcceptHosts net $FW tcp 22 </programlisting>
|
||||
</section>
|
||||
</article>
|
||||
</article>
|
Loading…
Reference in New Issue
Block a user