Shorewall Documentation
Tom
Eastep
2004-09-23
2001-2004
Thomas M. Eastep
2.0.3
Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled
GNU Free Documentation
License
.
The complete Shorewall Documentation is available for download
in both Docbook XML and HTML formats.
Are you running Shorewall on Mandrake
Linux with a two-interface setup?
If so and if you configured your system while running a Mandrake
release earlier than 10.0 final then this documentation will not apply
directly to your environment. If you want to use the documentation that
you find here, you will want to consider uninstalling what you have and
installing a configuration that matches this documentation. See the Two-interface QuickStart Guide for
details.
Introduction to
Shorewall
QuickStart Guides
(HOWTOS)
The remainder of the Documentation supplements the QuickStart Guides.
Please review the appropriate guide before trying to use this documentation
directly.
2.6 Kernel
Accounting
Aliased
(virtual) Interfaces (e.g., eth0:0)
Bandwidth Control
Blacklisting
Static Blacklisting using /etc/shorewall/blacklist
Dynamic Blacklisting using /sbin/shorewall
Bridge/Firewall
Commands
(Description of all /sbin/shorewall commands)
Common configuration
file features
Comments
in configuration files
Line
Continuation
INCLUDE
Directive
Port
Numbers/Service
Namesconfiguration_file_basics.htm#Ports
Port
Ranges
Using
Shell Variables
Using
DNS Names
Complementing an IP
address or Subnet
Shorewall
Configurations (making a test configuration)
Using MAC
Addresses in Shorewall
Configuration File Reference Manual
params
zones
interfaces
hosts
policy
rules
masq
proxyarp
nat
tunnels
tcrules
shorewall.conf
modules
tos
blacklist
rfc1918
routestopped
accounting
usersets and users
maclist
actions and
action.template
bogons
netmap
Corporate Network Example
(Contributed by a Graeme Boyle)
DHCP
ECN Disabling by host or
subnet
Errata
Extension
Scripts (How to extend Shorewall without modifying Shorewall
code through the use of files in /etc/shorewall -- /etc/shorewall/start,
/etc/shorewall/stopped, etc.)
Fallback/Uninstall
FAQs
Features
Forwarding Traffic on the Same
Interface
FTP and Shorewall
Getting help or answers to
questions
Installation/Upgrade
IPSEC
Kazaa
Filtering
Kernel Configuration
Logging
MAC Verification
Multiple Zones Through One
Interface
My Shorewall Configuration (How I
personally use Shorewall)
Netfilter
Overview
Network Mapping
One-to-one NAT (Static NAT)
OpenVPN
Operating
Shorewall
Packet Processing in a
Shorewall-based Firewall
'Ping' Management
Port Information
Which applications use which ports
Ports used by Trojans
PPTP
Proxy ARP
Release Model
Requirements
Routing on One
Interface
Samba
Shorewall Setup
Guide
Introduction
Shorewall
Concepts
Network
Interfaces
Addressing, Subnets and
Routing
IP
Addresses
Subnets
Routing
Address
Resolution Protocol (ARP)
RFC
1918
Setting up
your Network
Routed
Non-routed
SNAT
DNAT
Proxy
ARP
One-to-one
NAT
Rules
Odds
and Ends
DNS
Starting
and Stopping the Firewall
SMB
Starting/stopping
the Firewall
Description of all /sbin/shorewall commands
How to safely test a Shorewall configuration change
Squid with
Shorewall
Static (one-to-one) NAT
Traffic Accounting
Traffic
Shaping/QOS
Troubleshooting (Things to
try if it doesn't work)
User-defined
Actions
UID/GID Based Rules
Upgrade Issues
VPN
IPSEC
GRE and IPIP
OpenVPN
PPTP
6to4
IPSEC/PPTP passthrough from a system
behind your firewall to a remote network
Other VPN
types
White List
Creation