<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<article>
<!--$Id$-->
<articleinfo>
<title>Shorewall Documentation</title>
<authorgroup>
<author>
<firstname>Tom</firstname>
<surname>Eastep</surname>
</author>
</authorgroup>
<pubdate>2005-01-19</pubdate>
<copyright>
<year>2001-2005</year>
<holder>Thomas M. Eastep</holder>
</copyright>
<edition>2.2.0</edition>
<legalnotice>
<para>Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation
License</ulink></quote>.</para>
</legalnotice>
</articleinfo>
<note>
<para>The complete Shorewall Documentation is <ulink
url="http://www.shorewall.net/download.htm">available for download</ulink>
in both Docbook XML and HTML formats.</para>
</note>
<caution>
<para>Are you running Shorewall on <ulink
url="http://www.mandrakesoft.com"><trademark>Mandrake</trademark>
Linux</ulink> with a two-interface setup?</para>
<para>If so and if you configured your system while running a Mandrake
release earlier than 10.0 final then this documentation will not apply
directly to your environment. If you want to use the documentation that
you find here, you will want to consider uninstalling what you have and
installing a configuration that matches this documentation. See the <ulink
url="two-interface.htm">Two-interface QuickStart Guide</ulink> for
details.</para>
</caution>
<itemizedlist>
<listitem>
<para><ulink url="Introduction.html">Introduction to
Shorewall</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_quickstart_guide.htm">QuickStart Guides
(HOWTOS)</ulink></para>
</listitem>
</itemizedlist>
<para>The remainder of the Documentation supplements the QuickStart Guides.
Please review the appropriate guide before trying to use this documentation
directly.</para>
<orderedlist>
<listitem>
<para><ulink url="Kernel2.6.html">2.6 Kernel</ulink></para>
</listitem>
<listitem>
<para><ulink url="Accounting.html">Accounting</ulink></para>
</listitem>
<listitem>
<para><ulink url="Actions.html">Actions</ulink></para>
</listitem>
<listitem>
<para><ulink url="Shorewall_and_Aliased_Interfaces.html">Aliased
(virtual) Interfaces (e.g., eth0:0)</ulink></para>
</listitem>
<listitem>
<para><ulink url="traffic_shaping.htm">Bandwidth Control</ulink></para>
</listitem>
<listitem>
<para><ulink url="blacklisting_support.htm">Blacklisting</ulink></para>
<itemizedlist>
<listitem>
<para>Static Blacklisting using /etc/shorewall/blacklist</para>
</listitem>
<listitem>
<para>Dynamic Blacklisting using /sbin/shorewall</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><ulink url="bridge.html">Bridge/Firewall</ulink></para>
</listitem>
<listitem>
<para><ulink url="starting_and_stopping_shorewall.htm">Commands</ulink>
(Description of all /sbin/shorewall commands)</para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm">Common configuration
file features </ulink><itemizedlist>
<listitem>
<para><ulink url="configuration_file_basics.htm#Comments">Comments
in configuration files</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#Continuation">Line
Continuation</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#INCLUDE">INCLUDE
Directive</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#Ports">Port
Numbers/Service
Names</ulink>configuration_file_basics.htm#Ports</para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#Ranges">Port
Ranges</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#Variables">Using
Shell Variables</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#dnsnames">Using
DNS Names</ulink></para>
</listitem>
<listitem>
<para><ulink
url="configuration_file_basics.htm#Compliment">Complementing an IP
address or Subnet</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#Levels">Shorewall
Configurations (making a test configuration)</ulink></para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm#MAC">Using MAC
Addresses in Shorewall</ulink></para>
</listitem>
</itemizedlist></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm">Configuration File Reference Manual
</ulink><itemizedlist>
<listitem>
<para><ulink
url="Documentation.htm#Variables">params</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#Zones">zones</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#Interfaces">interfaces</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#Hosts">hosts</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#Policy">policy</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#Rules">rules</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#Masq">masq</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#ProxyArp">proxyarp</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#NAT">nat</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#Tunnels">tunnels</ulink></para>
</listitem>
<listitem>
<para><ulink
url="traffic_shaping.htm#tcrules">tcrules</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#Conf">shorewall.conf</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#modules">modules</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#TOS">tos</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#Blacklist">blacklist</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#rfc1918">rfc1918</ulink></para>
</listitem>
<listitem>
<para><ulink
url="Documentation.htm#Routestopped">routestopped</ulink></para>
</listitem>
<listitem>
<para><ulink url="Accounting.html">accounting</ulink></para>
</listitem>
<listitem>
<para><ulink url="UserSets.html">usersets and users</ulink></para>
</listitem>
<listitem>
<para><ulink url="MAC_Validation.html">maclist</ulink></para>
</listitem>
<listitem>
<para><ulink url="Actions.html">actions and
action.template</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#Bogons">bogons</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#Netmap">netmap</ulink></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm#Ipsec">ipsec</ulink></para>
</listitem>
</itemizedlist></para>
</listitem>
<listitem>
<para><ulink url="CorpNetwork.htm">Corporate Network Example</ulink>
(Contributed by a Graeme Boyle)</para>
</listitem>
<listitem>
<para><ulink url="dhcp.htm">DHCP</ulink></para>
</listitem>
<listitem>
<para><ulink url="ECN.html">ECN Disabling by host or
subnet</ulink></para>
</listitem>
<listitem>
<para><ulink url="errata.htm">Errata</ulink></para>
</listitem>
<listitem>
<para><ulink url="ErrorMessages.html">Error Messages</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_extension_scripts.htm">Extension
Scripts</ulink> (How to extend Shorewall without modifying Shorewall
code through the use of files in /etc/shorewall -- /etc/shorewall/start,
/etc/shorewall/stopped, etc.)</para>
</listitem>
<listitem>
<para><ulink url="fallback.htm">Fallback/Uninstall</ulink></para>
</listitem>
<listitem>
<para><ulink url="FAQ.htm">FAQs</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_features.htm">Features</ulink></para>
</listitem>
<listitem>
<para><ulink url="Multiple_Zones.html">Forwarding Traffic on the Same
Interface</ulink></para>
</listitem>
<listitem>
<para><ulink url="FTP.html">FTP and Shorewall</ulink></para>
</listitem>
<listitem>
<para><ulink url="support.htm">Getting help or answers to
questions</ulink></para>
</listitem>
<listitem>
<para><ulink url="Install.htm">Installation/Upgrade</ulink></para>
</listitem>
<listitem>
<para><ulink url="IPP2P.html">IPP2P</ulink></para>
</listitem>
<listitem>
<para><ulink url="IPSEC.htm">IPSEC</ulink></para>
</listitem>
<listitem>
<para><ulink url="IPSEC-2.6.html">IPSEC using Kernel 2.6 and Shorewall
2.1 or Later</ulink>.</para>
</listitem>
<listitem>
<para><ulink url="Shorewall_and_Kazaa.html">Kazaa
Filtering</ulink></para>
</listitem>
<listitem>
<para><ulink url="kernel.htm">Kernel Configuration</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_logging.html">Logging</ulink></para>
</listitem>
<listitem>
<para><ulink url="MAC_Validation.html">MAC Verification</ulink></para>
</listitem>
<listitem>
<para><ulink url="Multiple_Zones.html">Multiple Zones Through One
Interface</ulink></para>
</listitem>
<listitem>
<para><ulink url="myfiles.htm">My Shorewall Configuration</ulink> (How I
personally use Shorewall)</para>
</listitem>
<listitem>
<para><ulink url="NetfilterOverview.html">Netfilter
Overview</ulink></para>
</listitem>
<listitem>
<para><ulink url="netmap.html">Network Mapping</ulink></para>
</listitem>
<listitem>
<para><ulink url="NAT.htm">One-to-one NAT</ulink> (Static NAT)</para>
</listitem>
<listitem>
<para><ulink url="OPENVPN.html">OpenVPN</ulink></para>
</listitem>
<listitem>
<para><ulink url="starting_and_stopping_shorewall.htm">Operating
Shorewall</ulink></para>
</listitem>
<listitem>
<para><ulink url="PacketHandling.html">Packet Processing in a
Shorewall-based Firewall</ulink></para>
</listitem>
<listitem>
<para><ulink url="ping.html">'Ping' Management</ulink></para>
</listitem>
<listitem>
<para><ulink url="ports.htm">Port Information</ulink></para>
<itemizedlist>
<listitem>
<para>Which applications use which ports</para>
</listitem>
<listitem>
<para>Ports used by Trojans</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><ulink url="PPTP.htm">PPTP</ulink></para>
</listitem>
<listitem>
<para><ulink url="ProxyARP.htm">Proxy ARP</ulink></para>
</listitem>
<listitem>
<para><ulink url="ReleaseModel.html">Release Model</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_prerequisites.htm">Requirements</ulink></para>
</listitem>
<listitem>
<para><ulink url="Multiple_Zones.html">Routing on One
Interface</ulink></para>
</listitem>
<listitem>
<para><ulink url="samba.htm">Samba</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_setup_guide.htm">Shorewall Setup
Guide</ulink><itemizedlist>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#Introduction">Introduction</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_setup_guide.htm#Concepts">Shorewall
Concepts</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_setup_guide.htm#Interfaces">Network
Interfaces</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#Addressing">Addressing, Subnets and
Routing</ulink></para>
<itemizedlist>
<listitem>
<para><ulink url="shorewall_setup_guide.htm#Addresses">IP
Addresses</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#Subnets">Subnets</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#Routing">Routing</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_setup_guide.htm#ARP">Address
Resolution Protocol (ARP)</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_setup_guide.htm#RFC1918">RFC
1918</ulink></para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><ulink url="shorewall_setup_guide.htm#Options">Setting up
your Network</ulink></para>
<itemizedlist>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#Routed">Routed</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#NonRouted">Non-routed</ulink></para>
<itemizedlist>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#SNAT">SNAT</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#DNAT">DNAT</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#ProxyARP">Proxy
ARP</ulink></para>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#NAT">One-to-one
NAT</ulink></para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#Rules">Rules</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_setup_guide.htm#OddsAndEnds">Odds
and Ends</ulink></para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><ulink
url="shorewall_setup_guide.htm#DNS">DNS</ulink></para>
</listitem>
<listitem>
<para><ulink url="starting_and_stopping_shorewall.htm">Starting
and Stopping the Firewall</ulink></para>
</listitem>
</itemizedlist></para>
</listitem>
<listitem>
<para><ulink url="samba.htm">SMB</ulink></para>
</listitem>
<listitem>
<para><ulink url="starting_and_stopping_shorewall.htm">Starting/stopping
the Firewall</ulink><itemizedlist>
<listitem>
<para>Description of all /sbin/shorewall commands</para>
</listitem>
<listitem>
<para>How to safely test a Shorewall configuration change</para>
</listitem>
</itemizedlist></para>
</listitem>
<listitem>
<para><ulink url="Shorewall_Squid_Usage.html">Squid with
Shorewall</ulink></para>
</listitem>
<listitem>
<para><ulink url="NAT.htm">Static (one-to-one) NAT</ulink></para>
</listitem>
<listitem>
<para><ulink url="Accounting.html">Traffic Accounting</ulink></para>
</listitem>
<listitem>
<para><ulink url="traffic_shaping.htm">Traffic
Shaping/QOS</ulink></para>
</listitem>
<listitem>
<para><ulink url="troubleshoot.htm">Troubleshooting</ulink> (Things to
try if it doesn't work)</para>
</listitem>
<listitem>
<para><ulink url="UserSets.html">UID/GID Based Rules</ulink></para>
</listitem>
<listitem>
<para><ulink url="upgrade_issues.htm">Upgrade Issues</ulink></para>
</listitem>
<listitem>
<para>VPN</para>
<itemizedlist>
<listitem>
<para><ulink url="VPNBasics.html">Basics</ulink></para>
</listitem>
<listitem>
<para><ulink url="IPSEC.htm">IPSEC</ulink></para>
</listitem>
<listitem>
<para><ulink url="IPIP.htm">GRE and IPIP</ulink></para>
</listitem>
<listitem>
<para><ulink url="OPENVPN.html">OpenVPN</ulink></para>
</listitem>
<listitem>
<para><ulink url="PPTP.htm">PPTP</ulink></para>
</listitem>
<listitem>
<para><ulink url="6to4.htm">6to4</ulink></para>
</listitem>
<listitem>
<para><ulink url="VPN.htm">IPSEC/PPTP passthrough from a system
behind your firewall to a remote network</ulink></para>
</listitem>
<listitem>
<para><ulink url="GenericTunnels.html">Other VPN
types</ulink></para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><ulink url="whitelisting_under_shorewall.htm">White List
Creation</ulink></para>
</listitem>
</orderedlist>
</article>