"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "Shorewall-Lite.xml" between
shorewall-docs-xml-5.2.3.6.tar.bz2 and shorewall-docs-xml-5.2.6.tar.bz2

About: Shorewall (The Shoreline Firewall) is an iptables based firewall (documentation; XML)

Shorewall-Lite.xml  (shorewall-docs-xml-5.2.3.6.tar.bz2):Shorewall-Lite.xml  (shorewall-docs-xml-5.2.6.tar.bz2)
skipping to change at line 251 skipping to change at line 251
from the administrative system, then the export directory from the administrative system, then the export directory
should contain a copy of the remote system's shorewallrc should contain a copy of the remote system's shorewallrc
file (normally found in file (normally found in
/usr/share/shorewall/shorewallrc).</para> /usr/share/shorewall/shorewallrc).</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</listitem> </listitem>
<listitem> <listitem>
<programlisting><command>cd &lt;export directory&gt;</command> <programlisting><command>cd &lt;export directory&gt;</command>
<command>/sbin/shorewall load firewall</command></programlisting> <command>/sbin/shorewall remote-start firewall</command></programlisting>
<para>The <ulink <para>The <ulink
url="starting_and_stopping_shorewall.htm#Load"><command>load</comm and></ulink> url="starting_and_stopping_shorewall.htm#Load"><command>remote-sta rt</command></ulink>
command compiles a firewall script from the configuration files command compiles a firewall script from the configuration files
in the current working directory (using <command>shorewall in the current working directory (using <command>shorewall
compile -e</command>), copies that file to the remote system via compile -e</command>), copies that file to the remote system via
scp and starts Shorewall Lite on the remote system via scp and starts Shorewall Lite on the remote system via
ssh.</para> ssh.</para>
<para>Example (firewall's DNS name is 'gateway'):</para> <para>Example (firewall's DNS name is 'gateway'):</para>
<para><command>/sbin/shorewall load gateway</command><note> <para><command>/sbin/shorewall remote-start
gateway</command><note>
<para>Although scp and ssh are used by default, you can use <para>Although scp and ssh are used by default, you can use
other utilities by setting RSH_COMMAND and RCP_COMMAND in other utilities by setting RSH_COMMAND and RCP_COMMAND in
<filename>/etc/shorewall/shorewall.conf</filename>.</para> <filename>/etc/shorewall/shorewall.conf</filename>.</para>
</note></para> </note></para>
<para>The first time that you issue a <command>load</command> <para>The first time that you issue a <command>load</command>
command, Shorewall will use ssh to run command, Shorewall will use ssh to run
<filename>/usr/share/shorewall-lite/shorecap</filename> on the <filename>/usr/share/shorewall-lite/shorecap</filename> on the
remote firewall to create a capabilities file in the firewall's remote firewall to create a capabilities file in the firewall's
administrative direction. It also uses scp to copy the administrative direction. It also uses scp to copy the
skipping to change at line 286 skipping to change at line 287
</listitem> </listitem>
</orderedlist> </orderedlist>
</listitem> </listitem>
<listitem> <listitem>
<para>If you later need to change the firewall's configuration, <para>If you later need to change the firewall's configuration,
change the appropriate files in the firewall's export directory change the appropriate files in the firewall's export directory
then:</para> then:</para>
<programlisting><command>cd &lt;export directory&gt;</command> <programlisting><command>cd &lt;export directory&gt;</command>
<command>/sbin/shorewall reload firewall</command></programlisting> <command>/sbin/shorewall remote-reload firewall</command></programlisting>
<para>The <ulink <para>The <ulink
url="manpages/shorewall.html"><command>reload</command></ulink> url="manpages/shorewall.html"><command>remote-reload</command></ulink>
command compiles a firewall script from the configuration files in command compiles a firewall script from the configuration files in
the current working directory (using <command>shorewall compile the current working directory (using <command>shorewall compile
-e</command>), copies that file to the remote system via scp and -e</command>), copies that file to the remote system via scp and
restarts Shorewall Lite on the remote system via ssh. The <emphasis reloads Shorewall Lite on the remote system via ssh. The <emphasis
role="bold">reload</emphasis> command also supports the '-c' role="bold">remote-reload</emphasis> command also supports the '-c'
option.</para> option.</para>
</listitem> </listitem>
</orderedlist> </orderedlist>
<para>There is a <filename>shorewall-lite.conf</filename> file installed <para>There is a <filename>shorewall-lite.conf</filename> file installed
as part of Shorewall Lite as part of Shorewall Lite
(<filename>/etc/shorewall-lite/shorewall-lite.conf</filename>). You can (<filename>/etc/shorewall-lite/shorewall-lite.conf</filename>). You can
use that file on the firewall system to override some of the settings use that file on the firewall system to override some of the settings
from the shorewall.conf file in the export directory.</para> from the shorewall.conf file in the export directory.</para>
skipping to change at line 494 skipping to change at line 495
<para>The <command>shorewall-lite call</command> command allows <para>The <command>shorewall-lite call</command> command allows
you to to call interactively any Shorewall function that you can you to to call interactively any Shorewall function that you can
call in an extension script.</para> call in an extension script.</para>
<para>After having made the above changes to the firewall's export <para>After having made the above changes to the firewall's export
directory, execute the following commands.</para> directory, execute the following commands.</para>
<blockquote> <blockquote>
<programlisting><command>cd &lt;export directory&gt;</command> <programlisting><command>cd &lt;export directory&gt;</command>
<command>/sbin/shorewall load &lt;firewall system&gt;</command> <command>/sbin/shorewall remote-start &lt;firewall system&gt;</command>
</programlisting> </programlisting>
<para>Example (firewall's DNS name is 'gateway'):</para> <para>Example (firewall's DNS name is 'gateway'):</para>
<para><command>/sbin/shorewall load gateway</command></para> <para><command>/sbin/shorewall remote-start
gateway</command></para>
</blockquote> </blockquote>
<para>The first time that you issue a <command>load</command> <para>The first time that you issue a
command, Shorewall will use ssh to run <command>remote-start</command> command, Shorewall will use ssh to
<filename>/usr/share/shorewall-lite/shorecap</filename> on the run <filename>/usr/share/shorewall-lite/shorecap</filename> on the
remote firewall to create a capabilities file in the firewall's remote firewall to create a capabilities file in the firewall's
administrative direction. See <link administrative direction. See <link
linkend="Shorecap">below</link>.</para> linkend="Shorecap">below</link>.</para>
<para>The <ulink <para>The <ulink
url="starting_and_stopping_shorewall.htm#Load"><command>load</comman d></ulink> url="starting_and_stopping_shorewall.htm#Load"><command>load</comman d></ulink>
command compiles a firewall script from the configuration files in command compiles a firewall script from the configuration files in
the current working directory (using <command>shorewall compile the current working directory (using <command>shorewall compile
-e</command>), copies that file to the remote system via -e</command>), copies that file to the remote system via
<command>scp</command> and starts Shorewall Lite on the remote <command>scp</command> and starts Shorewall Lite on the remote
system via <command>ssh</command>.</para> system via <command>ssh</command>.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>If you later need to change the firewall's configuration, <para>If you later need to change the firewall's configuration,
change the appropriate files in the firewall's export directory change the appropriate files in the firewall's export directory
then:</para> then:</para>
<programlisting><command>cd &lt;export directory&gt;</command> <programlisting><command>cd &lt;export directory&gt;</command>
<command>/sbin/shorewall reload firewall</command></programlisting> <command>/sbin/shorewall remote-reload firewall</command></programlisting>
<para>The <ulink <para>The <ulink
url="starting_and_stopping_shorewall.htm#Reload"><command>reload</co mmand></ulink> url="starting_and_stopping_shorewall.htm#Reload"><command>reload</co mmand></ulink>
command compiles a firewall script from the configuration files in command compiles a firewall script from the configuration files in
the current working directory (using <command>shorewall compile the current working directory (using <command>shorewall compile
-e</command>), copies that file to the remote system via -e</command>), copies that file to the remote system via
<command>scp</command> and restarts Shorewall Lite on the remote <command>scp</command> and restarts Shorewall Lite on the remote
system via <command>ssh</command>.</para> system via <command>ssh</command>.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>If the kernel/iptables configuration on the firewall later <para>If the kernel/iptables configuration on the firewall later
changes and you need to create a new changes and you need to create a new
<filename>capabilities</filename> file, do the following on the <filename>capabilities</filename> file, do the following on the
firewall system:</para> firewall system:</para>
<programlisting><command>/usr/share/shorewall-lite/shorecap &gt; cap abilities</command> <programlisting><command>/usr/share/shorewall-lite/shorecap &gt; cap abilities</command>
<command>scp capabilities &lt;admin system&gt;:&lt;this system's config dir&gt;< /command></programlisting> <command>scp capabilities &lt;admin system&gt;:&lt;this system's config dir&gt;< /command></programlisting>
<para>Or simply use the -c option the next time that you use the <para>Or simply use the -c option the next time that you use the
<command>reload</command> command (e.g., <command>shorewall reload <command>remote-reload</command> command (e.g., <command>shorewall
-c gateway</command>).</para> remote-reload -c gateway</command>).</para>
</listitem> </listitem>
</orderedlist> </orderedlist>
</section> </section>
</section> </section>
<section id="Restrictions"> <section id="Restrictions">
<title>Restrictions</title> <title>Restrictions</title>
<para>While compiled Shorewall programs (as are used in Shorewall Lite) <para>While compiled Shorewall programs (as are used in Shorewall Lite)
are useful in many cases, there are some important restrictions that you are useful in many cases, there are some important restrictions that you
 End of changes. 11 change blocks. 
15 lines changed or deleted 17 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)