forked from extern/shorewall_code
Add a few Shorewall-perl FAQs
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7362 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
8f152d554a
commit
f9e5b21339
59
docs/FAQ.xml
59
docs/FAQ.xml
@ -2155,6 +2155,65 @@ eth0 eth1 # eth1 = interface to local netwo
|
|||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section id="Perl">
|
||||||
|
<title>Shorewall-Perl</title>
|
||||||
|
|
||||||
|
<section id="faq70">
|
||||||
|
<title>(FAQ 70) What is Shorewall-Perl?</title>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Answer</emphasis>: Shorewall-perl is a
|
||||||
|
re-implementation of the Shorewall configuration compiler written in
|
||||||
|
Perl.</para>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section id="faq71">
|
||||||
|
<title>(FAQ 71) What are the advantages of using Shorewall-perl?</title>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Answer</emphasis>:</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>The Shorewall-perl compiler is much faster than the
|
||||||
|
Shorewall-shell compiler.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>The script generated by the Shorewall-perl compiler uses
|
||||||
|
<command>iptables-restore</command> to instantiate the Netfilter
|
||||||
|
configuration. So it runs much faster than the script generated by
|
||||||
|
the Shorewall-shell compiler and doesn't disable new connections
|
||||||
|
during ruleset installation.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>The Shorewall-perl compiler does more thorough checking of the
|
||||||
|
configuration than the Shorewall-shell compiler does.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>The error messages produced by the Shorewall-perl compiler are
|
||||||
|
better, more consistent and always include the file name and line
|
||||||
|
number where the error was detected.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Going forward, the Shorewall-perl compiler will get all
|
||||||
|
enhancements; the Shorewall-shell compiler will only get those
|
||||||
|
enhancements that are easy to retrofit.</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section id="faq72">
|
||||||
|
<title>(FAQ 72) Can I switch to using Shorewall-perl without changing my
|
||||||
|
Shorewall configuration?</title>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Answer</emphasis>: Probably not. See the
|
||||||
|
<ulink url="???">Shorewall Perl article</ulink> for a list of the
|
||||||
|
incompatibilities between Shorewall-shell and Shorewall-perl.</para>
|
||||||
|
</section>
|
||||||
|
</section>
|
||||||
|
|
||||||
<section id="Misc">
|
<section id="Misc">
|
||||||
<title>Miscellaneous</title>
|
<title>Miscellaneous</title>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user