"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "CompiledPrograms.xml" between
shorewall-docs-xml-5.2.3.6.tar.bz2 and shorewall-docs-xml-5.2.6.tar.bz2

About: Shorewall (The Shoreline Firewall) is an iptables based firewall (documentation; XML)

CompiledPrograms.xml  (shorewall-docs-xml-5.2.3.6.tar.bz2):CompiledPrograms.xml  (shorewall-docs-xml-5.2.6.tar.bz2)
skipping to change at line 23 skipping to change at line 23
<surname>Eastep</surname> <surname>Eastep</surname>
</author> </author>
</authorgroup> </authorgroup>
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate> <pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
<copyright> <copyright>
<year>2006-2010</year> <year>2006-2010</year>
<year>2020</year>
<holder>Thomas M. Eastep</holder> <holder>Thomas M. Eastep</holder>
</copyright> </copyright>
<legalnotice> <legalnotice>
<para>Permission is granted to copy, distribute and/or modify this <para>Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with 1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled Texts. A copy of the license is included in the section entitled
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
skipping to change at line 230 skipping to change at line 232
<listitem> <listitem>
<para>The value of CONFIG_PATH used when the script is run <para>The value of CONFIG_PATH used when the script is run
on the firewall system is on the firewall system is
"/etc/shorewall-lite:/usr/share/shorewall-lite".</para> "/etc/shorewall-lite:/usr/share/shorewall-lite".</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</listitem> </listitem>
<listitem> <listitem>
<programlisting><command>cd &lt;export directory&gt;</command> <programlisting><command>cd &lt;export directory&gt;</command>
<command>/sbin/shorewall load firewall</command></programlisting> <command>/sbin/shorewall remote-startfirewall</command></programlisting>
<para>The <ulink <para>The <ulink
url="starting_and_stopping_shorewall.htm#Load"><command>load</comm and></ulink> url="starting_and_stopping_shorewall.htm#Load"><command>remote-sta rt</command></ulink>
command compiles a firewall script from the configuration files command compiles a firewall script from the configuration files
in the current working directory (using <command>shorewall in the current working directory (using <command>shorewall
compile -e</command>), copies that file to the remote system via compile -e</command>), copies that file to the remote system via
scp and starts Shorewall Lite on the remote system via scp and starts Shorewall Lite on the remote system via
ssh.</para> ssh.</para>
<para>Example (firewall's DNS name is 'gateway'):</para> <para>Example (firewall's DNS name is 'gateway'):</para>
<para><command>/sbin/shorewall load gateway</command><note> <para><command>/sbin/shorewall remote-start
gateway</command><note>
<para>Although scp and ssh are used by default, you can use <para>Although scp and ssh are used by default, you can use
other utilities by setting RSH_COMMAND and RCP_COMMAND in other utilities by setting RSH_COMMAND and RCP_COMMAND in
<filename>/etc/shorewall/shorewall.conf</filename>.</para> <filename>/etc/shorewall/shorewall.conf</filename>.</para>
</note></para> </note></para>
<para>The first time that you issue a <command>load</command> <para>The first time that you issue a <command>load</command>
command, Shorewall will use ssh to run command, Shorewall will use ssh to run
<filename>/usr/share/shorewall-lite/shorecap</filename> on the <filename>/usr/share/shorewall-lite/shorecap</filename> on the
remote firewall to create a capabilities file in the firewall's remote firewall to create a capabilities file in the firewall's
administrative direction. See <link administrative direction. See <link
skipping to change at line 264 skipping to change at line 267
</listitem> </listitem>
</orderedlist> </orderedlist>
</listitem> </listitem>
<listitem> <listitem>
<para>If you later need to change the firewall's configuration, <para>If you later need to change the firewall's configuration,
change the appropriate files in the firewall's export directory change the appropriate files in the firewall's export directory
then:</para> then:</para>
<programlisting><command>cd &lt;export directory&gt;</command> <programlisting><command>cd &lt;export directory&gt;</command>
<command>/sbin/shorewall reload firewall</command></programlisting> <command>/sbin/shorewall remote-reload firewall</command></programlisting>
<para>The <ulink <para>The <ulink
url="manpages/shorewall.html"><command>reload</command></ulink> url="manpages/shorewall.html"><command>remote-reload</command></ulink>
command compiles a firewall script from the configuration files in command compiles a firewall script from the configuration files in
the current working directory (using <command>shorewall compile the current working directory (using <command>shorewall compile
-e</command>), copies that file to the remote system via scp and -e</command>), copies that file to the remote system via scp and
restarts Shorewall Lite on the remote system via ssh. The <emphasis restarts Shorewall Lite on the remote system via ssh. The <emphasis
role="bold">reload</emphasis> command also supports the '-c' role="bold">remote-reload</emphasis> command also supports the '-c'
option.</para> option.</para>
<para>I personally place a <filename>Makefile</filename> in each
export directory as follows:</para>
<blockquote>
<programlisting># Shorewall Packet Filtering Firewall Export Dir
ectory Makefile - V3.3
#
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.
0.txt]
#
# (c) 2006 - Tom Eastep (teastep@shorewall.net)
#
# Shorewall documentation is available at http://www.shorewall.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
USA.
################################################################################
# Place this file in each export directory. Modify each copy to set HOST
# to the name of the remote firewall corresponding to the directory.
#
# To make the 'firewall' script, type "make".
#
# Once the script is compiling correctly, you can install it by
# typing "make install".
#
################################################################################
# V A R I A B L E S
#
# Files in the export directory on which the firewall script does not depend
#
IGNOREFILES = firewall% Makefile% trace% %~
#
# Remote Firewall system
#
HOST = gateway
#
# Save some typing
#
LITEDIR = /var/lib/shorewall-lite
#
# Set this if the remote system has a non-standard modules directory
#
MODULESDIR=
#
# Default target is the firewall script
#
################################################################################
# T A R G E T S
#
all: firewall
#
# Only generate the capabilities file if it doesn't already exist
#
capabilities:
ssh root@$(HOST) "MODULESDIR=$(MODULESDIR) /usr/share/shorewall-lite/sho
recap &gt; $(LITEDIR)/capabilities"
scp root@$(HOST):$(LITEDIR)/capabilities .
#
# Compile the firewall script. Using the 'wildcard' function causes "*" to be ex
panded so that
# 'filter-out' will be presented with the list of files in this directory rather
than "*"
#
firewall: $(filter-out $(IGNOREFILES) capabilities , $(wildcard *) ) capabilitie
s
shorewall compile -e . firewall
#
# Only reload on demand.
#
install: firewall
scp firewall firewall.conf root@$(HOST):$(LITEDIR)
ssh root@$(HOST) "/sbin/shorewall-lite restart"
#
# Save running configuration
#
save:
ssh root@$(HOST) "/sbin/shorewall-lite save"
#
# Remove generated files
#
clean:
rm -f capabilities firewall firewall.conf reload
</programlisting>
</blockquote>
<para>That way, after I've changed the configuration, I can simply
type <command>make</command> or <emphasis role="bold">make
install</emphasis>.</para>
<note>
<para>The above Makefile is available at <ulink
url="http://www1.shorewall.net/pub/shorewall/contrib/Shorewall-lite/
">http://www.shorewall.net/pub/shorewall/contrib/Shorewall-lite/</ulink></para>
</note>
<note>
<para>I omit trace% because I often trace compiler execution while
I'm debugging new versions of Shorewall.</para>
</note>
</listitem> </listitem>
</orderedlist> </orderedlist>
<para>There is a <filename>shorewall-lite.conf</filename> file installed <para>There is a <filename>shorewall-lite.conf</filename> file installed
as part of Shorewall Lite as part of Shorewall Lite
(<filename>/etc/shorewall-lite/shorewall-lite.conf</filename>). You can (<filename>/etc/shorewall-lite/shorewall-lite.conf</filename>). You can
use that file on the firewall system to override some of the settings use that file on the firewall system to override some of the settings
from the shorewall.conf file in the export directory.</para> from the shorewall.conf file in the export directory.</para>
<para>Settings that you can override are:</para> <para>Settings that you can override are:</para>
skipping to change at line 413 skipping to change at line 313
<member>RESTOREFILE</member> <member>RESTOREFILE</member>
</simplelist> </simplelist>
</blockquote> </blockquote>
<para>You will normally never touch <para>You will normally never touch
<filename>/etc/shorewall-lite/shorewall-lite.conf</filename> unless you <filename>/etc/shorewall-lite/shorewall-lite.conf</filename> unless you
run Debian or one of its derivatives (see <link run Debian or one of its derivatives (see <link
linkend="Debian">above</link>).</para> linkend="Debian">above</link>).</para>
<para>The <filename>/sbin/shorewall-lite</filename> program included <para>The <filename>/sbin/shorewall-lite</filename> program (which is a
symbolic link pointing to <filename>/sbin/shorewall</filename>) included
with Shorewall Lite supports the same set of commands as the with Shorewall Lite supports the same set of commands as the
<filename>/sbin/shorewall</filename> program in a full Shorewall <filename>/sbin/shorewall</filename> program in a full Shorewall
installation with the following exceptions:</para> installation with the following exceptions:</para>
<blockquote> <blockquote>
<simplelist> <simplelist>
<member>add</member> <member>action</member>
<member>actions</member>
<member>check</member>
<member>compile</member> <member>compile</member>
<member>delete</member> <member>export</member>
<member>refresh</member> <member>macro</member>
<member>reload</member> <member>macros</member>
<member>try</member> <member>remote-getrc</member>
<member>safe-start</member> <member>remote-getcaps</member>
<member>safe-restart</member> <member>remote-reload</member>
<member>show actions</member> <member>remote-restart</member>
<member>show macros</member> <member>remote-start</member>
</simplelist>
</blockquote>
<para>On systems with only Shorewall Lite installed, I recommend that <member>safe-reload</member>
you create a symbolic link <filename>/sbin/shorewall</filename> and
point it at <filename>/sbin/shorewall-lite</filename>. That way, you can
use <command>shorewall</command> as the command regardless of which
product is installed.</para>
<blockquote> <member>safe-restart</member>
<programlisting><command>ln -sf shorewall-lite /sbin/shorewall</command>
</programlisting> <member>safe-start</member>
<member>try</member>
<member>update</member>
</simplelist>
</blockquote> </blockquote>
<section> <section>
<title>Module Loading</title> <title>Module Loading</title>
<para>As with a normal Shorewall configuration, the shorewall.conf <para>Normally, the <filename>helpers</filename> file on the firewall
file can specify LOAD_HELPERS_ONLY which determines if the system is used. If you want to specify modules at compile time on the
<filename>modules</filename> file (LOAD_HELPERS_ONLY=No) or Administrative System, then you must place a copy of the
<filename>helpers</filename> file (LOAD_HELPERS_ONLY=Yes) is used. <filename>helpers</filename> file in the firewall's configuration
Normally, the file on the firewall system is used. If you want to directory before compilation.</para>
specify modules at compile time on the Administrative System, then you
must place a copy of the appropriate file
(<filename>modules</filename> or <filename>helpers</filename>) in the
firewall's configuration directory before compilation.</para>
<para>In Shorewall 4.4.17, the EXPORTMODULES option was added to <para>In Shorewall 4.4.17, the EXPORTMODULES option was added to
shorewall.conf (and shorewall6.conf). When EXPORTMODULES=Yes, any shorewall.conf (and shorewall6.conf). When EXPORTMODULES=Yes, any
<filename>modules</filename> or <filename>helpers</filename> file <filename>helpers</filename> file found on the CONFIG_PATH on the
found on the CONFIG_PATH on the Administrative System during Administrative System during compilation will be used.</para>
compilation will be used.</para>
</section> </section>
<section id="Converting"> <section id="Converting">
<title>Converting a system from Shorewall to Shorewall Lite</title> <title>Converting a system from Shorewall to Shorewall Lite</title>
<para>Converting a firewall system that is currently running Shorewall <para>Converting a firewall system that is currently running Shorewall
to run Shorewall Lite instead is straight-forward.</para> to run Shorewall Lite instead is straight-forward.</para>
<orderedlist numeration="loweralpha"> <orderedlist numeration="loweralpha">
<listitem> <listitem>
skipping to change at line 506 skipping to change at line 406
<filename>stoppedrules</filename> file.</para> <filename>stoppedrules</filename> file.</para>
<programlisting><command>shorewall stop</command></programlisting> <programlisting><command>shorewall stop</command></programlisting>
<para><emphasis role="bold">We recommend that you uninstall <para><emphasis role="bold">We recommend that you uninstall
Shorewall at this point.</emphasis></para> Shorewall at this point.</emphasis></para>
</listitem> </listitem>
<listitem> <listitem>
<para>Install Shorewall Lite on the firewall system.</para> <para>Install Shorewall Lite on the firewall system.</para>
<para>If you are running Debian or one of its derivatives like
Ubuntu then edit <filename>/etc/default/shorewall-lite</filename>
and set startup=1.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>On the administrative system:</para> <para>On the administrative system:</para>
<para>It's a good idea to include the IP address of the <para>It's a good idea to include the IP address of the
administrative system in the firewall system's <ulink administrative system in the firewall system's <ulink
url="manpages/shorewall-stoppedrules.html"><filename>stoppedrules</f ilename> url="manpages/shorewall-stoppedrules.html"><filename>stoppedrules</f ilename>
file</ulink>.</para> file</ulink>.</para>
skipping to change at line 756 skipping to change at line 652
<section id="Shorecap"> <section id="Shorecap">
<title>The /etc/shorewall/capabilities file and the shorecap <title>The /etc/shorewall/capabilities file and the shorecap
program</title> program</title>
<para>As mentioned above, the <para>As mentioned above, the
<filename>/etc/shorewall/capabilities</filename> file specifies that <filename>/etc/shorewall/capabilities</filename> file specifies that
kernel/iptables capabilities of the target system. Here is a sample kernel/iptables capabilities of the target system. Here is a sample
file:</para> file:</para>
<blockquote> <programlisting>
<programlisting># # Shorewall 5.2.3.3 detected the following iptables/netfilter capabilities - Mon
# Shorewall detected the following iptables/netfilter capabilities - Tue Jul 15 16 Sep 2019 01:32:20 PM PDT
07:28:12 PDT 2008
# #
NAT_ENABLED=Yes ACCOUNT_TARGET=
MANGLE_ENABLED=Yes ADDRTYPE=Yes
MULTIPORT=Yes AMANDA_HELPER=
XMULTIPORT=Yes ARPTABLESJF=
AUDIT_TARGET=Yes
BASIC_EMATCH=Yes
BASIC_FILTER=Yes
CAPVERSION=50200
CHECKSUM_TARGET=Yes
CLASSIFY_TARGET=Yes
COMMENTS=Yes
CONDITION_MATCH=
CONNLIMIT_MATCH=Yes
CONNMARK_MATCH=Yes
CONNMARK=Yes
CONNTRACK_MATCH=Yes CONNTRACK_MATCH=Yes
POLICY_MATCH=Yes CPU_FANOUT=Yes
PHYSDEV_MATCH=Yes CT_TARGET=Yes
PHYSDEV_BRIDGE=Yes DSCP_MATCH=Yes
LENGTH_MATCH=Yes DSCP_TARGET=Yes
EMULTIPORT=Yes
ENHANCED_REJECT=Yes
EXMARK=Yes
FLOW_FILTER=Yes
FTP0_HELPER=
FTP_HELPER=Yes
FWMARK_RT_MASK=Yes
GEOIP_MATCH=
GOTO_TARGET=Yes
H323_HELPER=
HASHLIMIT_MATCH=Yes
HEADER_MATCH=
HELPER_MATCH=Yes
IFACE_MATCH=
IMQ_TARGET=
IPMARK_TARGET=
IPP2P_MATCH=
IPRANGE_MATCH=Yes IPRANGE_MATCH=Yes
RECENT_MATCH=Yes IPSET_MATCH_COUNTERS=Yes
OWNER_MATCH=Yes IPSET_MATCH_NOMATCH=Yes
IPSET_MATCH=Yes IPSET_MATCH=Yes
CONNMARK=Yes IPSET_V5=Yes
XCONNMARK=Yes IPTABLES_S=Yes
CONNMARK_MATCH=Yes IRC0_HELPER=
XCONNMARK_MATCH=Yes IRC_HELPER=Yes
RAW_TABLE=Yes KERNELVERSION=41900
IPP2P_MATCH=
CLASSIFY_TARGET=Yes
ENHANCED_REJECT=Yes
KLUDGEFREE=Yes KLUDGEFREE=Yes
MARK=Yes LENGTH_MATCH=Yes
XMARK=Yes LOGMARK_TARGET=
LOG_TARGET=Yes
MANGLE_ENABLED=Yes
MANGLE_FORWARD=Yes MANGLE_FORWARD=Yes
COMMENTS=Yes MARK_ANYWHERE=Yes
ADDRTYPE=Yes MARK=Yes
TCPMSS_MATCH=Yes MASQUERADE_TGT=Yes
HASHLIMIT_MATCH=Yes MULTIPORT=Yes
NAT_ENABLED=Yes
NAT_INPUT_CHAIN=Yes
NETBIOS_NS_HELPER=
NETMAP_TARGET=Yes
NEW_CONNTRACK_MATCH=Yes
NEW_TOS_MATCH=Yes
NFACCT_MATCH=Yes
NFLOG_SIZE=Yes
NFLOG_TARGET=Yes
NFQUEUE_TARGET=Yes NFQUEUE_TARGET=Yes
OLD_CONNTRACK_MATCH=
OLD_HL_MATCH=
OLD_IPP2P_MATCH=
OLD_IPSET_MATCH=
OWNER_MATCH=Yes
OWNER_NAME_MATCH=Yes
PERSISTENT_SNAT=Yes
PHYSDEV_BRIDGE=Yes
PHYSDEV_MATCH=Yes
POLICY_MATCH=Yes
PPTP_HELPER=
RAW_TABLE=Yes
REALM_MATCH=Yes REALM_MATCH=Yes
CAPVERSION=40190</programlisting> REAP_OPTION=Yes
</blockquote> RECENT_MATCH=Yes
RESTORE_WAIT_OPTION=Yes
RPFILTER_MATCH=Yes
SANE0_HELPER=
SANE_HELPER=
SIP0_HELPER=
SIP_HELPER=
SNMP_HELPER=
STATISTIC_MATCH=Yes
TARPIT_TARGET=
TCPMSS_MATCH=Yes
TCPMSS_TARGET=Yes
TFTP0_HELPER=
TFTP_HELPER=
TIME_MATCH=Yes
TPROXY_TARGET=Yes
UDPLITEREDIRECT=
ULOG_TARGET=
WAIT_OPTION=Yes
XCONNMARK_MATCH=Yes
XCONNMARK=Yes
XMARK=Yes
XMULTIPORT=Yes</programlisting>
<para>As you can see, the file contains a simple list of shell variable <para>As you can see, the file contains a simple list of shell variable
assignments — the variables correspond to the capabilities listed by the assignments — the variables correspond to the capabilities listed by the
<command>shorewall show capabilities</command> command and they appear in <command>shorewall show capabilities</command> command and they appear in
the same order as the output of that command.</para> the same order as the output of that command.</para>
<para>To aid in creating this file, Shorewall Lite includes a <para>The capabilities file can be generated automatically from the
<command>shorecap</command> program. The program is installed in the administrative system by using the <command>remote-getcaps</command>
<filename class="directory">/usr/share/shorewall-lite/</filename> command. Should that option fail for any reason, the file can be generated
manually on the remote firewall.</para>
<para>To aid in creating this file on the remote firewall, Shorewall Lite
includes a <command>shorecap</command> program. The program is installed
in the <filename class="directory">/usr/share/shorewall-lite/</filename>
directory and may be run as follows:</para> directory and may be run as follows:</para>
<blockquote> <blockquote>
<para><command>[ IPTABLES=&lt;iptables binary&gt; ] [ <para><command>[ IPTABLES=&lt;iptables binary&gt; ] [
MODULESDIR=&lt;kernel modules directory&gt; ] MODULESDIR=&lt;kernel modules directory&gt; ]
/usr/share/shorewall-lite/shorecap &gt; capabilities</command></para> /usr/share/shorewall-lite/shorecap &gt; capabilities</command></para>
</blockquote> </blockquote>
<para>The IPTABLES and MODULESDIR options have their <ulink <para>The IPTABLES and MODULESDIR options have their <ulink
url="manpages/shorewall.conf.html">usual Shorewall default url="manpages/shorewall.conf.html">usual Shorewall default
skipping to change at line 828 skipping to change at line 798
<para>The <filename>capabilities</filename> file may also be creating <para>The <filename>capabilities</filename> file may also be creating
using <filename>/sbin/shorewall-lite</filename>:<blockquote> using <filename>/sbin/shorewall-lite</filename>:<blockquote>
<para><command>shorewall-lite show -f capabilities &gt; <para><command>shorewall-lite show -f capabilities &gt;
capabilities</command></para> capabilities</command></para>
</blockquote></para> </blockquote></para>
<para>Note that unlike the <command>shorecap</command> program, the <para>Note that unlike the <command>shorecap</command> program, the
<command>show capabilities</command> command shows the kernel's current <command>show capabilities</command> command shows the kernel's current
capabilities; it does not attempt to load additional kernel capabilities; it does not attempt to load additional kernel
modules.</para> modules.</para>
<para>Once generated, the file can be copied manually to the
administrative system.</para>
</section> </section>
<section id="Running"> <section id="Running">
<title>Running compiled programs directly</title> <title>Running compiled programs directly</title>
<para>Compiled firewall programs are complete shell programs that support <para>Compiled firewall programs are complete shell programs that may be
the following command line forms:</para> run directly. Here is the output from the program's help command
(Shorewall version 5.2.4)</para>
<blockquote>
<simplelist> <programlisting>&lt;program&gt; [ options ] &lt;command&gt;
<member><command>&lt;program&gt; [ -q ] [ -v ] [ -n ]
start</command></member> &lt;command&gt; is one of:
start
<member><command>&lt;program&gt; [ -q ] [ -v ] [ -n ] stop
stop</command></member> clear
disable &lt;interface&gt;
<member><command>&lt;program&gt; [ -q ] [ -v ] [ -n ] down &lt;interface&gt;
clear</command></member> enable &lt;interface&gt;
reset
<member><command>&lt;program&gt; [ -q ] [ -v ] [ -n ] reenable &lt;interface&gt;
refresh</command></member> refresh
reload
<member><command>&lt;program&gt; [ -q ] [ -v ] [ -n ] restart
reset</command></member> run &lt;command&gt; [ &lt;parameter&gt; ... ]
status
<member><command>&lt;program&gt; [ -q ] [ -v ] [ -n ] up &lt;interface&gt;
restart</command></member> savesets &lt;file&gt;
call &lt;function&gt; [ &lt;parameter&gt; ... ]
<member><command>&lt;program&gt; [ -q ] [ -v ] [ -n ] help
status</command></member> version
info
<member><command>&lt;program&gt; [ -q ] [ -v ] [ -n ]
version</command></member> Options are:
</simplelist>
</blockquote> -v and -q Standard Shorewall verbosity controls
-n Don't update routing configuration
-p Purge Conntrack Table
-t Timestamp progress Messages
-c Save/restore iptables counters
-V &lt;verbosity&gt; Set verbosity explicitly
-R &lt;file&gt; Override RESTOREFILE setting
-T Trace execution
</programlisting>
<para>The options have the same meanings as when they are passed to <para>The options have the same meanings as when they are passed to
<filename>/sbin/shorewall</filename> itself. The default VERBOSITY level <filename>/sbin/shorewall</filename> itself. The default VERBOSITY level
is the level specified in the <filename>shorewall.conf</filename> file is the level specified in the <filename>shorewall.conf</filename> file
used when the program was compiled.</para> used when the program was compiled.</para>
</section> </section>
</article> </article>
 End of changes. 35 change blocks. 
216 lines changed or deleted 188 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)