diff --git a/docs/Actions.xml b/docs/Actions.xml index 7fe3fe23f..5defbb7c6 100644 --- a/docs/Actions.xml +++ b/docs/Actions.xml @@ -40,7 +40,7 @@ documentation for that release. -
+
What are Shorewall Actions? Shorewall actions allow a symbolic name to be associated with a @@ -112,7 +112,7 @@ ACCEPT - - tcp 135,139,445
-
+
Enabling the Use of Actions In Shorewall version 3.4 and later, to make use of any of the three @@ -188,7 +188,7 @@ Reject:REJECT #Default Action for REJECT policy
-
+
Defining your own Actions Before defining a new action, you should evaluate whether your goal @@ -445,7 +445,7 @@ Reject:REJECT #Default Action for REJECT policy LogAndAccept loc $FW tcp 22
-
+
Actions and Logging Specifying a log level in a rule that specifies a user-defined or @@ -589,7 +589,7 @@ acton:info:test $FW net one like this. - + An action to drop all broadcast packets /etc/shorewall/actionsDropBcasts diff --git a/docs/Anatomy.xml b/docs/Anatomy.xml index 38ef38ad1..c0aaf031f 100644 --- a/docs/Anatomy.xml +++ b/docs/Anatomy.xml @@ -34,7 +34,7 @@ -
+
Products Shorewall 4.0 consists of four packages. @@ -73,7 +73,7 @@
-
+
Shorewall The Shorewall product includes a large number of files which are @@ -84,7 +84,7 @@ class="directory">/var/lilb/shorewall/. These are described in the sub-sections that follow. -
+
/sbin The /sbin/shorewall shell program is use to @@ -92,7 +92,7 @@ url="manpages/shorewall.html">shorewall(8).
-
+
/usr/share/shorewall The bulk of Shorewall is installed here. @@ -175,14 +175,14 @@
-
+
/etc/shorewall This is where the modifiable configuration files are installed.
-
+
/etc/init.d or /etc/rc.d (depends on distribution) An init script is installed here. Depending on the distribution, @@ -190,7 +190,7 @@ rc.firewall.
-
+
/var/lib/shorewall Shorewall doesn't install any files in this directory but rather @@ -288,7 +288,7 @@
-
+
Shorewall-shell The Shorewall-shell product installs all of its files in @@ -318,7 +318,7 @@
-
+
Shorewall-perl The Shorewall-perl product installs all of its files in @@ -352,7 +352,7 @@
-
+
Shorewall-lite The Shorewall-lite product includes files installed in //var/lilb/shorewall/. These are described in the sub-sections that follow. -
+
/sbin The /sbin/shorewall-lite shell program is use @@ -371,7 +371,7 @@ url="manpages/shorewall-lite.html">shorewall-lite(8).
-
+
/etc/init.d or /etc/rc.d (depends on distribution) An init script is installed here. Depending on the distribution, @@ -379,14 +379,14 @@ rc.firewall.
-
+
/etc/shorewall-lite This is where the modifiable configuration files are installed.
-
+
/usr/share/shorewall-lite The bulk of Shorewall-lite is installed here. @@ -435,7 +435,7 @@
-
+
/var/lib/shorewall-lite Shorewall-lite doesn't install any files in this directory but diff --git a/docs/CompiledPrograms.xml b/docs/CompiledPrograms.xml index a667ba932..6fb7c4869 100644 --- a/docs/CompiledPrograms.xml +++ b/docs/CompiledPrograms.xml @@ -34,7 +34,7 @@ -
+
Overview Beginning with Shorewall version 3.1, Shorewall has the capability @@ -43,7 +43,7 @@ system with Shorewall Lite installed and can serve as the firewall creation script for that system. -
+
Restrictions While compiled Shorewall programs are useful in many cases, there @@ -552,7 +552,7 @@ clean: ln -sf shorewall-lite /sbin/shorewall -
+
Converting a system from Shorewall to Shorewall Lite Converting a firewall system that is currently running Shorewall @@ -822,7 +822,7 @@ MANGLE_FORWARD # Mangle table has FORWARD chain
-
+
Running compiled programs directly Compiled firewall programs are complete programs that support the @@ -864,4 +864,4 @@ MANGLE_FORWARD # Mangle table has FORWARD chain
- + \ No newline at end of file diff --git a/docs/blacklisting_support.xml b/docs/blacklisting_support.xml index ba7efcc40..507828058 100644 --- a/docs/blacklisting_support.xml +++ b/docs/blacklisting_support.xml @@ -34,7 +34,7 @@ -
+
Introduction Shorewall supports two different forms of blacklisting; static and @@ -73,7 +73,7 @@
-
+
Static Blacklisting Shorewall static blacklisting support has the following @@ -153,7 +153,7 @@ ipset -B Blacklist 206.124.146.177 -b SMTP This will blacklist SMTP traffic from host 206.124.146.177.
-
+
Dynamic Blacklisting Dynamic blacklisting doesn't use any configuration parameters but is @@ -216,7 +216,7 @@ ipset -B Blacklist 206.124.146.177 -b SMTP blacklist option in /etc/shorewall/interfaces. - + Ignore packets from a pair of systems shorewall[-lite] drop 192.0.2.124 192.0.2.125 @@ -224,7 +224,7 @@ ipset -B Blacklist 206.124.146.177 -b SMTP Drops packets from hosts 192.0.2.124 and 192.0.2.125 - + Re-enable packets from a system shorewall[-lite] allow 192.0.2.125 diff --git a/docs/bridge-Shorewall-perl.xml b/docs/bridge-Shorewall-perl.xml index 243354faf..7963ca3d1 100644 --- a/docs/bridge-Shorewall-perl.xml +++ b/docs/bridge-Shorewall-perl.xml @@ -41,7 +41,7 @@ documentation for that release. -
+
Background Systems where Shorewall runs normally function as @@ -78,7 +78,7 @@
-
+
Requirements Note that if you need a bridge but do not need to restrict the @@ -123,7 +123,7 @@
-
+
Application The following diagram shows a typical application of a @@ -183,7 +183,7 @@ fileref="images/bridge3.png" />
-
+
Configuring the Bridge Configuring the bridge itself is quite simple and uses the @@ -502,7 +502,7 @@ rc-update add bridge boot can post it here.
-
+
Configuring Shorewall As described above, Shorewall bridge support requires the @@ -715,7 +715,7 @@ ACCEPT $FW $DMZ tcp 53
-
+
Limitations Bridging doesn't work with some wireless cards — see - + Comments in a Configuration File # This is a comment @@ -335,7 +335,7 @@ gateway:~ # backslash (\) followed immediately by a new line character (Enter key). - + Line Continuation ACCEPT net $FW tcp \↵ @@ -372,7 +372,7 @@ smtp,www,pop3,imap #Services running on the firewall params file. - + Use of INCLUDE shorewall/params.mgmt: @@ -478,7 +478,7 @@ smtp,www,pop3,imap #Services running on the firewall Shorewall to insure backward compatibility with existing configuration files. - + Valid DNS Names @@ -492,7 +492,7 @@ smtp,www,pop3,imap #Services running on the firewall - + Invalid DNS Names @@ -650,7 +650,7 @@ DNAT net loc:192.168.1.3 tcp 4000:4100 omit the high port number, a value of 65535 is assumed.
-
+
Port Lists In most cases where a port or port range may appear, a @@ -795,7 +795,7 @@ DNAT net loc:192.168.1.3 tcp 4000:4100 In GNU/Linux, MAC addresses are usually written as a series of 6 hex numbers separated by colons. - + MAC Address of an Ethernet Controller      [root@gateway root]# ifconfig eth0 @@ -859,7 +859,7 @@ DNAT net loc:192.168.1.3 tcp 4000:4100
-
+
Saved Configurations Shorewall allows you to save the diff --git a/docs/dhcp.xml b/docs/dhcp.xml index 95ee91b43..39c559c48 100644 --- a/docs/dhcp.xml +++ b/docs/dhcp.xml @@ -50,7 +50,7 @@ Shorewall-generated Netfilter logging rules. -
+
If you want to Run a DHCP Server on your firewall @@ -77,7 +77,7 @@
-
+
If a Firewall Interface gets its IP Address via DHCP @@ -122,7 +122,7 @@
-
+
If you wish to pass DHCP requests and responses through a bridge @@ -137,7 +137,7 @@
-
+
Running dhcrelay on the firewall @@ -155,4 +155,4 @@
- + \ No newline at end of file