"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "FAQ.xml" between
shorewall-docs-xml-5.2.3.6.tar.bz2 and shorewall-docs-xml-5.2.6.tar.bz2

About: Shorewall (The Shoreline Firewall) is an iptables based firewall (documentation; XML)

FAQ.xml  (shorewall-docs-xml-5.2.3.6.tar.bz2):FAQ.xml  (shorewall-docs-xml-5.2.6.tar.bz2)
skipping to change at line 132 skipping to change at line 132
shorewall-shell and shorewall-perl packages? Where are they?</title> shorewall-shell and shorewall-perl packages? Where are they?</title>
<para><emphasis role="bold">Answer</emphasis>:In Shorewall 4.4, the <para><emphasis role="bold">Answer</emphasis>:In Shorewall 4.4, the
<firstterm>shorewall-shell</firstterm> package was discontinued. The <firstterm>shorewall-shell</firstterm> package was discontinued. The
<firstterm>shorewall-common</firstterm> and <firstterm>shorewall-common</firstterm> and
<firstterm>shorewall-perl</firstterm> packages were combined to form a <firstterm>shorewall-perl</firstterm> packages were combined to form a
single <firstterm>shorewall</firstterm> package. In Shorewall 4.5, the single <firstterm>shorewall</firstterm> package. In Shorewall 4.5, the
<firstterm>shorewall-core</firstterm> package was added and all of the <firstterm>shorewall-core</firstterm> package was added and all of the
other packages depend on shorewall-core.</para> other packages depend on shorewall-core.</para>
</section> </section>
<section id="faq1.5">
<title>(FAQ 1.5) After installing the latest version (&gt; 5.1.10.1) of
Shorewall, when I change my configuration and 'shorewall reload' or
'shorewall restart', my changes aren't in the running ruleset. Why is
that happening?</title>
<para><emphasis role="bold">Answer: </emphasis>This happens when:</para>
<orderedlist>
<listitem>
<para>You use INCLUDE (?INCLUDE).</para>
</listitem>
<listitem>
<para>The included files are in a subdirectory of /etc/shorewall[6]
or in a separate directory.</para>
</listitem>
<listitem>
<para>You have AUTOMAKE=Yes in <ulink
url="manpages/shorewall.conf.html">shorewall[6].conf(5)</ulink>.</para
>
</listitem>
</orderedlist>
<para>When AUTOMAKE=Yes, the compiler looks for files in each directory
in CONFIG_PATH for files that are newer that the last-generated firewall
script. If none are found, the old script is used as is. Prior to
version 5.1.10.2, that search was recursive so changes in
sub-directories of /etc/shorewall[6] were automatically searched. This
had performance implications if directories on the CONFIG_PATH were
deeply nested. So, beginning with version 5.1.10.2, only the directories
themselves are searched. You can restore the pre-5.1.10.2 behavior by
setting AUTOMAKE=recursive, or
AUTOMAKE=<replaceable>integer</replaceable>, where integer specifies the
search depth. If your included files are in a separate directory, then
that directory must be added to CONFIG_PATH in order to allow AUTOMAKE
to work correctly.</para>
</section>
</section> </section>
<section id="Upgrading"> <section id="Upgrading">
<title>Upgrading Shorewall</title> <title>Upgrading Shorewall</title>
<section id="faq66"> <section id="faq66">
<title>(FAQ 66) I'm trying to upgrade to Shorewall 4.x; which of these <title>(FAQ 66) I'm trying to upgrade to Shorewall 4.x or later; which
packages do I need to install?</title> of these packages do I need to install?</title>
<para><emphasis role="bold">Answer:</emphasis> Please see the <ulink <para><emphasis role="bold">Answer:</emphasis> Please see the <ulink
url="upgrade_issues.htm">upgrade issues.</ulink></para> url="upgrade_issues.htm">upgrade issues.</ulink></para>
</section> </section>
<section id="faq34"> <section id="faq34">
<title>(FAQ 34) I am trying to upgrade to Shorewall 4.4 and I can't find <title>(FAQ 34) I am trying to upgrade to Shorewall 4.4 or later and I
the shorewall-common, shorewall-shell and shorewall-perl packages? Where can't find the shorewall-common, shorewall-shell and shorewall-perl
are they?</title> packages? Where are they?</title>
<para><emphasis role="bold">Answer</emphasis>:In Shorewall 4.4, the <para><emphasis role="bold">Answer</emphasis>:In Shorewall 4.4, the
<firstterm>shorewall-shell</firstterm> package was discontinued. The <firstterm>shorewall-shell</firstterm> package was discontinued. The
<firstterm>shorewall-common</firstterm> and <firstterm>shorewall-common</firstterm> and
<firstterm>shorewall-perl</firstterm> packages were combined to form a <firstterm>shorewall-perl</firstterm> packages were combined to form a
single <firstterm>shorewall</firstterm> package. For further single <firstterm>shorewall</firstterm> package. For further
information, please see the <ulink url="upgrade_issues.htm">upgrade information, please see the <ulink url="upgrade_issues.htm">upgrade
issues.</ulink>.</para> issues.</ulink>.</para>
</section> </section>
skipping to change at line 196 skipping to change at line 235
net access from a local network) usually means that <filename><ulink net access from a local network) usually means that <filename><ulink
url="manpages/shorewall.conf.html">/etc/shorewall/shorewall.conf</ulink></ filename> url="manpages/shorewall.conf.html">/etc/shorewall/shorewall.conf</ulink></ filename>
contains the default setting IP_FORWARDING=Keep; it should be contains the default setting IP_FORWARDING=Keep; it should be
IP_FORWARDING=On.</para> IP_FORWARDING=On.</para>
<para><emphasis role="bold">Update</emphasis>: Beginning with Shorewall <para><emphasis role="bold">Update</emphasis>: Beginning with Shorewall
4.4.21, there is a <emphasis role="bold">shorewall update</emphasis> 4.4.21, there is a <emphasis role="bold">shorewall update</emphasis>
command that does a smart merge of your existing shorewall.conf and the command that does a smart merge of your existing shorewall.conf and the
new one.</para> new one.</para>
</section> </section>
<section id="faq2.6">
<title>(FAQ 2 .6) After upgrading to the latest version (&gt; 5.1.10.1)
of Shorewall, when I change my configuration and 'shorewall reload' or
'shorewall restart', my changes aren't in the running ruleset. Why is
that happening?</title>
<para><emphasis role="bold">Answer: </emphasis>See<link
linkend="faq1.5"> FAQ 1.5</link>.</para>
</section>
</section> </section>
<section id="PortForwarding"> <section id="PortForwarding">
<title>Port Forwarding (Port Redirection)</title> <title>Port Forwarding (Port Redirection)</title>
<section id="faq1"> <section id="faq1">
<title>(FAQ 1) I want to forward UDP port 7777 to my personal PC with IP <title>(FAQ 1) I want to forward UDP port 7777 to my personal PC with IP
address 192.168.1.5. I've looked everywhere and can't find how to do address 192.168.1.5. I've looked everywhere and can't find how to do
it.</title> it.</title>
skipping to change at line 1223 skipping to change at line 1272
establishment of new connections. Once a connection is established establishment of new connections. Once a connection is established
through the firewall it will be usable until disconnected (tcp) or through the firewall it will be usable until disconnected (tcp) or
until it times out (other protocols). If you stop telnet and try to until it times out (other protocols). If you stop telnet and try to
establish a new session your firewall will block that attempt.</para> establish a new session your firewall will block that attempt.</para>
</section> </section>
<section id="faq4c"> <section id="faq4c">
<title>(FAQ 4c) How do I use Shorewall with PortSentry?</title> <title>(FAQ 4c) How do I use Shorewall with PortSentry?</title>
<para><ulink <para><ulink
url="http://www.shorewall.net/pub/shorewall/contrib/PortsentryHOWTO.txt" ><emphasis url="https://shorewall.org/pub/shorewall/contrib/PortsentryHOWTO.txt"><e mphasis
role="bold">Answer:</emphasis> Here's a writeup</ulink> describing a role="bold">Answer:</emphasis> Here's a writeup</ulink> describing a
nice integration of Shorewall and PortSentry.</para> nice integration of Shorewall and PortSentry.</para>
</section> </section>
</section> </section>
</section> </section>
<section id="Connections"> <section id="Connections">
<title>Connection Problems</title> <title>Connection Problems</title>
<section id="pseudofaq17"> <section id="pseudofaq17">
skipping to change at line 1432 skipping to change at line 1481
file</ulink>.</para> file</ulink>.</para>
<section id="faq6a"> <section id="faq6a">
<title>(FAQ 6a) Are there any log parsers that work with <title>(FAQ 6a) Are there any log parsers that work with
Shorewall?</title> Shorewall?</title>
<para><emphasis role="bold">Answer:</emphasis> Here are several links <para><emphasis role="bold">Answer:</emphasis> Here are several links
that may be helpful:</para> that may be helpful:</para>
<literallayout> <literallayout>
<ulink url="http://www.shorewall.net/pub/shorewall/parsefw/">http://ww w.shorewall.net/pub/shorewall/parsefw/</ulink> <ulink url="https://shorewall.org/pub/shorewall/parsefw/">https://shor ewall.org/pub/shorewall/parsefw/</ulink>
<ulink url="http://aaron.marasco.com/linux.html">http://aaron.marasco. com/linux.html</ulink> <ulink url="http://aaron.marasco.com/linux.html">http://aaron.marasco. com/linux.html</ulink>
<ulink url="http://cert.uni-stuttgart.de/projects/fwlogwatch">http://c ert.uni-stuttgart.de/projects/fwlogwatch</ulink> <ulink url="http://cert.uni-stuttgart.de/projects/fwlogwatch">http://c ert.uni-stuttgart.de/projects/fwlogwatch</ulink>
<ulink url="http://www.logwatch.org">http://www.logwatch.org</ulink> <ulink url="http://www.logwatch.org">http://www.logwatch.org</ulink>
</literallayout> </literallayout>
<para>I personally use <ulink <para>I personally use <ulink
url="http://www.cert.uni-stuttgart.de.projects/fwlogwatch">fwlogwatch</u link>. url="http://www.cert.uni-stuttgart.de.projects/fwlogwatch">fwlogwatch</u link>.
It emails me a report each day from my various systems with each It emails me a report each day from my various systems with each
report summarizing the logged activity on the corresponding system; report summarizing the logged activity on the corresponding system;
here's a sample:</para> here's a sample:</para>
skipping to change at line 2942 skipping to change at line 2991
<section> <section>
<title>(FAQ 40) I have an interface that gets its IPv6 configuration <title>(FAQ 40) I have an interface that gets its IPv6 configuration
from radvd. When I start Shorewall6, I immediately loose my default from radvd. When I start Shorewall6, I immediately loose my default
route. Why?</title> route. Why?</title>
<para><emphasis role="bold">Answer</emphasis>: You have configured <para><emphasis role="bold">Answer</emphasis>: You have configured
forwarding on the interface which disables autoconfiguration of the forwarding on the interface which disables autoconfiguration of the
interface. To retain autoconfiguration on the interface when Shorewall6 interface. To retain autoconfiguration on the interface when Shorewall6
starts, specify <emphasis role="bold">forwarding=0</emphasis> in the starts, specify <emphasis role="bold">forwarding=0</emphasis> in the
OPTIONS column on the interface's entry in <ulink OPTIONS column on the interface's entry in <ulink
url="manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink> url="manpages/shorewall-interfaces.html">shorewall6-interfaces</ulink>
(5).</para> (5).</para>
</section> </section>
<section> <section>
<title id="faq96">(FAQ 96) I am starting to use ipv6, but on my ipv4 FW, <title id="faq96">(FAQ 96) I am starting to use ipv6, but on my ipv4 FW,
when restarting Shorewall . it puts in ip6tables rules. How do i when restarting Shorewall . it puts in ip6tables rules. How do i
dissable that ?</title> dissable that ?</title>
<para>Answer: This is a two-step process.</para> <para>Answer: This is a two-step process.</para>
skipping to change at line 3303 skipping to change at line 3352
</itemizedlist> </itemizedlist>
</section> </section>
<section> <section>
<title id="faq93">(FAQ 93) I'm not able to use Shorewall to manage a <title id="faq93">(FAQ 93) I'm not able to use Shorewall to manage a
bridge. I get the following error: ERROR: BRIDGING=Yes is not supported bridge. I get the following error: ERROR: BRIDGING=Yes is not supported
by Shorewall 4.4.13.3.</title> by Shorewall 4.4.13.3.</title>
<para><emphasis role="bold">Answer:</emphasis> If you want to apply <para><emphasis role="bold">Answer:</emphasis> If you want to apply
firewall rules to the traffic passing between bridge ports, see <ulink firewall rules to the traffic passing between bridge ports, see <ulink
url="bridge-Shorewall-perl.html">http://www.shorewall.net/bridge-Shorewall -perl.html</ulink>. url="bridge-Shorewall-perl.html">https://shorewall.org/bridge-Shorewall-pe rl.html</ulink>.
If you simply want to allow all traffic between ports, then see <ulink If you simply want to allow all traffic between ports, then see <ulink
url="SimpleBridge.html">http://www.shorewall.net/SimpleBridge.html</ulink> .</para> url="SimpleBridge.html">https://shorewall.org/SimpleBridge.html</ulink>.</ para>
</section> </section>
<section id="faq95"> <section id="faq95">
<title>(FAQ 95) What is this $FW that I see in the configuration files <title>(FAQ 95) What is this $FW that I see in the configuration files
and documentation?</title> and documentation?</title>
<para><emphasis role="bold">Answer: FW</emphasis> is a <ulink <para><emphasis role="bold">Answer: FW</emphasis> is a <ulink
url="configuration_file_basics.htm#Variables">shell variable</ulink> url="configuration_file_basics.htm#Variables">shell variable</ulink>
that expands to the name that you gave to the firewall zone in <ulink that expands to the name that you gave to the firewall zone in <ulink
url="manpages/shorewall-zones.html">shorewall-zones</ulink>(5). The url="manpages/shorewall-zones.html">shorewall-zones</ulink>(5). The
 End of changes. 9 change blocks. 
10 lines changed or deleted 60 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)