Finish passing through all the documentation with a spell checker.

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8670 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-07 16:24:01 +01:00 · 2008-08-15 05:03:24 +00:00 · 2008-08-15 05:03:24 +00:00 · 025e97c8bb
commit 025e97c8bb
parent aac55dbac4
49 changed files with 244 additions and 244 deletions
--- a/Shorewall-common/lib.cli
+++ b/Shorewall-common/lib.cli
@ -494,7 +494,7 @@ show_command() {
 	    ;;
 	classifiers|filters)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$PRODUCT $version Clasifiers at $HOSTNAME - $(date)"
+	    echo "$PRODUCT $version Classifiers at $HOSTNAME - $(date)"
 	    echo
 	    show_classifiers
 	    ;;
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@ -66,8 +66,8 @@
        the Shorewall Debian Maintainer:</para>
        <para><quote>For more information about Shorewall usage on Debian
-        system please look at /usr/share/doc/shorewall/README.Debian provided
+        system please look at /usr/share/doc/shorewall-common/README.Debian
-        by [the] shorewall Debian package.</quote></para>
+        provided by [the] shorewall-common Debian package.</quote></para>
      </important>
      <para>If you install using the .deb, you will find that your <filename
@ -89,7 +89,7 @@
        class="directory">/usr/share/doc/shorewall/examples/</filename>.
        Beginning with Shorewall 4.0, the samples are in the shorewall-common
        package and are installed in <filename
-        class="directory">/usr/share/doc/shorewall-common/examples</filename>/.</para>
+        class="directory">/usr/share/doc/shorewall-common/examples/</filename>.</para>
      </section>
    </section>
@ -1255,7 +1255,7 @@ teastep@ursa:~$ </programlisting>The first number determines the maximum log
        standardized and will vary by distribution and distribution version.
        But anytime you see no logging, it's time to look outside the
        Shorewall configuration for the cause. As an example, recent
-        <trademark>SuSE</trademark> releases use syslog-ng by default and
+        <trademark>SUSE</trademark> releases use syslog-ng by default and
        write Shorewall messages to
        <filename>/var/log/firewall</filename>.</para>
@ -1861,7 +1861,7 @@ iptables: Invalid argument
        <listitem>
          <para>if you don't need policy match support (you are not using the
-          IPSEC implementation built into the 2.6 kernel) then you can rename
+          IPSEC implementation builtinto the 2.6 kernel) then you can rename
          <filename>/lib/iptables/libipt_policy.so</filename>.</para>
        </listitem>
      </itemizedlist>
@ -2004,7 +2004,7 @@ iptables: Invalid argument
    <title>Traffic Shaping</title>
    <section id="faq67">
-      <title>(FAQ 67) I just configured Shorewall's built in traffic shaping
+      <title>(FAQ 67) I just configured Shorewall's builtin traffic shaping
      and now Shorewall fails to Start.</title>
      <para>The error I receive is as follows:<programlisting>RTNETLINK answers: No such file or directory
--- a/docs/Install.xml
+++ b/docs/Install.xml
@ -268,9 +268,9 @@
      to configure Shorewall, please heed the advice of Lorenzo Martignoni,
      the Shorewall Debian Maintainer:</para>
-      <para><quote>For more information about Shorewall usage on Debian system
+      <para><quote>For more information about Shorewall usage on Debian
-      please look at /usr/share/doc/shorewall/README.Debian provided by [the]
+      system please look at /usr/share/doc/shorewall-common/README.Debian
-      shorewall Debian package.</quote></para>
+      provided by [the] shorewall-common Debian package.</quote></para>
    </important>
    <para>The easiest way to install Shorewall on Debian, is to use
--- a/docs/Introduction.xml
+++ b/docs/Introduction.xml
@ -44,12 +44,12 @@
      <itemizedlist>
        <listitem>
          <para><ulink url="http://www.netfilter.org">Netfilter</ulink> - the
-          packet filter facility built into the 2.4 and later Linux
+          packet filter facility builtinto the 2.4 and later Linux
          kernels.</para>
        </listitem>
        <listitem>
-          <para>ipchains - the packet filter facility built into the 2.2 Linux
+          <para>ipchains - the packet filter facility builtinto the 2.2 Linux
          kernels. Also the name of the utility program used to configure and
          control that facility. Netfilter can be used in ipchains
          compatibility mode.</para>
--- a/docs/NAT.xml
+++ b/docs/NAT.xml
@ -137,7 +137,7 @@ ACCEPT      net        loc:10.1.1.2    tcp         80          -              13
    routers with a long ARP cache timeout. If you move a system from parallel
    to your firewall to behind your firewall with one-to-one NAT, it will
    probably be HOURS before that system can communicate with the
-    internet.</para>
+    Internet.</para>
    <para>If you sniff traffic on the firewall's external interface, you can
    see incoming traffic for the internal system(s) but the traffic is never
--- a/docs/OPENVPN.xml
+++ b/docs/OPENVPN.xml
@ -57,7 +57,7 @@
  <para>OpenVPN is a robust and highly configurable VPN (Virtual Private
  Network) daemon which can be used to securely link two or more private
-  networks using an encrypted tunnel over the internet. OpenVPN is an Open
+  networks using an encrypted tunnel over the Internet. OpenVPN is an Open
  Source project and is <ulink
  url="http://openvpn.sourceforge.net/license.html">licensed under the
  GPL</ulink>. OpenVPN can be downloaded from <ulink
@ -642,7 +642,7 @@ verb 3</programlisting>
          <listitem>
            <para>OpenVPN GUI must be run as the Administrator. In the
            Explorer, right click on the OpenVPN GUI binary and select
-            Properties-&gt;Compatibilty and select "Run this program as an
+            Properties-&gt;Compatibility and select "Run this program as an
            administrator".</para>
          </listitem>
--- a/docs/PPTP.xml
+++ b/docs/PPTP.xml
@ -255,7 +255,7 @@ esac</programlisting>
        <para>Here' a basic setup that treats your remote users as if they
        were part of your <emphasis role="bold">loc</emphasis> zone. Note that
-        if your primary internet connection uses ppp0, then be sure that
+        if your primary Internet connection uses ppp0, then be sure that
        <emphasis role="bold">loc</emphasis> follows <emphasis
        role="bold">net</emphasis> in /etc/shorewall/zones.</para>
@ -275,7 +275,7 @@ loc            ppp+</programlisting>
        <para>If you want to place your remote users in their own zone so that
        you can control connections between these users and the local network,
-        follow this example. Note that if your primary internet connection
+        follow this example. Note that if your primary Internet connection
        uses ppp0 then be sure that <emphasis role="bold">vpn</emphasis>
        follows <emphasis role="bold">net</emphasis> in /etc/shorewall/zones
        as shown below.</para>
@ -312,7 +312,7 @@ vpn            ppp+</programlisting>
        fileref="images/MultiPPTP.png" /></para>
        <para>Here's how you configure this in Shorewall. Note that if your
-        primary internet connection uses ppp0 then be sure that the <emphasis
+        primary Internet connection uses ppp0 then be sure that the <emphasis
        role="bold">vpn{1-3}</emphasis> zones follows <emphasis
        role="bold">net</emphasis> in /etc/shorewall/zones as shown
        below.</para>
@ -600,10 +600,10 @@ restart_pptp &gt; /dev/null 2&gt;&amp;1 &amp;</programlisting>
    Modem</title>
    <para>Some ADSL systems in Europe (most notably in Austria and the
-    Netherlands) feature a PPTP server built into an ADSL
+    Netherlands) feature a PPTP server builtinto an ADSL
-    <quote>Modem</quote>. In this setup, an ethernet interface is dedicated to
+    <quote>Modem</quote>. In this setup, an Ethernet interface is dedicated to
    supporting the PPTP tunnel between the firewall and the
-    <quote>Modem</quote> while the actual internet access is through PPTP
+    <quote>Modem</quote> while the actual Internet access is through PPTP
    (interface ppp0). If you have this type of setup, you need to modify the
    sample configuration that you downloaded as described in this section.
    <emphasis role="bold">These changes are in addition to those described in
--- a/docs/PacketHandling.xml
+++ b/docs/PacketHandling.xml
@ -88,7 +88,7 @@
        where <emphasis>zone</emphasis> is the zone where the request
        originated. For packets that are part of an already established
        connection, the destination rewriting takes place without any
-        involvement of a netfilter rule.</para>
+        involvement of a Netfilter rule.</para>
      </listitem>
      <listitem>
--- a/docs/PacketMarking.xml
+++ b/docs/PacketMarking.xml
@ -399,7 +399,7 @@ Blarg   1       0x100   main            eth3            206.124.146.254 track,ba
    <programlisting>#MARK   SOURCE          DEST            PROTO   PORT(S) CLIENT  USER    TEST
 #                                                       PORT(S)
-1:110   192.168.0.0/22  eth3                                            #Our internel nets get priority
+1:110   192.168.0.0/22  eth3                                            #Our internal nets get priority
                                                                        #over the server
 1:130   206.124.146.177 eth3            tcp     -       873
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/docs/ProxyARP.xml
+++ b/docs/ProxyARP.xml
@ -133,7 +133,7 @@
    network associated with this address. This is the approach <ulink
    url="XenMyWay.html">that I take with my DMZ</ulink>.</para>
-    <para>To permit internet hosts to connect to the local systems, you use
+    <para>To permit Internet hosts to connect to the local systems, you use
    ACCEPT rules. For example, if you run a web server on 130.252.100.19 which
    you have configured to be in the <emphasis role="bold">loc</emphasis> zone
    then you would need this entry in /etc/shorewall/rules:</para>
@ -192,7 +192,7 @@ iface eth1 inet static
    routers with a long ARP cache timeout. If you move a system from parallel
    to your firewall to behind your firewall with Proxy ARP, it will probably
    be <emphasis role="bold">HOURS</emphasis> before that system can
-    communicate with the internet.</para>
+    communicate with the Internet.</para>
    <para>If you sniff traffic on the firewall's external interface, you can
    see incoming traffic for the internal system(s) but the traffic is never
--- a/docs/ReleaseModel.xml
+++ b/docs/ReleaseModel.xml
@ -93,11 +93,11 @@
      <listitem>
        <para>When the level of functionality of the current development
-        release is judged adaquate, the <firstterm>Beta period</firstterm> for
+        release is judged adequate, the <firstterm>Beta period</firstterm> for
        a new Stable release will begin. Beta releases have identifications of
        the form <emphasis>x.y.0-BetaN</emphasis> where
        <emphasis>x.y</emphasis> is the number of the next Stable Release and
-        <emphasis>N</emphasis>=1,2,3... . Betas are expected to occur rougly
+        <emphasis>N</emphasis>=1,2,3... . Betas are expected to occur roughly
        once per year. Beta releases may contain new functionality not present
        in the previous beta release (e.g., 2.2.0-Beta4 may contain
        functionality not present in 2.2.0-Beta3). When I'm confident that the
@ -106,7 +106,7 @@
        identifications of the form <emphasis>x.y.0-RCn</emphasis> where
        <emphasis>x.y</emphasis> is the number of the next Stable Release and
        <emphasis>n</emphasis>=1,2,3... . Release candidates contain no new
-        functionailty -- they only contain bug fixes. When the stability of
+        functionality -- they only contain bug fixes. When the stability of
        the current release candidate is judged to be sufficient then that
        release candidate will be released as the new stable release (e.g.,
        2.2.0). At that time, the new stable release and the prior stable
@ -165,7 +165,7 @@
        <emphasis>X</emphasis>=1,b,c,... . Consequently, if a user required a
        bug fix but was not running the last minor release of the associated
        major release then it might be necessary to accept major new
-        functionailty along with the bug fix.</para>
+        functionality along with the bug fix.</para>
      </listitem>
    </orderedlist>
  </section>
--- a/docs/ScalabilityAndPerformance.xml
+++ b/docs/ScalabilityAndPerformance.xml
@ -157,7 +157,7 @@
      </listitem>
      <listitem>
-        <para>Use NONE policies whereever appropriate. This helps especially
+        <para>Use NONE policies wherever appropriate. This helps especially
        in the rules activation phase of both script compilation and
        execution.</para>
      </listitem>
--- a/docs/Shorewall-perl.xml
+++ b/docs/Shorewall-perl.xml
@ -157,7 +157,7 @@
          <para>With the shell-based compiler, extension scripts were copied
          into the compiled script and executed at run-time. In many cases,
          this approach doesn't work with Shorewall Perl because (almost) the
-          entire ruleset is built by the compiler. As a result, Shorewall-perl
+          entire rule set is built by the compiler. As a result, Shorewall-perl
          runs some extension scripts at compile-time rather than at run-time.
          Because the compiler is written in Perl, your extension scripts from
          earlier versions will no longer work.</para>
@ -370,7 +370,7 @@ insert_rule $filter_table-&gt;{OUTPUT},     1, "-p udp --sport 1701 -j ACCEPT";
          a plus sign (+) as with the shell-based compiler.</para>
          <para>Shorewall is now out of the ipset load/reload business. With
-          scripts generated by the Perl-based Compiler, the Netfilter ruleset
+          scripts generated by the Perl-based Compiler, the Netfilter rule set
          is never cleared. That means that there is no opportunity for
          Shorewall to load/reload your ipsets since that cannot be done while
          there are any current rules using ipsets.</para>
@ -381,7 +381,7 @@ insert_rule $filter_table-&gt;{OUTPUT},     1, "-p udp --sport 1701 -j ACCEPT";
            <listitem>
              <para>Your ipsets must be loaded before Shorewall starts. You
              are free to try to do that with the following code in
-              <filename>/etc/shorewall/start (it works for me; your milage may
+              <filename>/etc/shorewall/start (it works for me; your mileage may
              vary)</filename>:</para>
              <programlisting>if [ "$COMMAND" = start ]; then
@ -437,7 +437,7 @@ fi</programlisting>
        </listitem>
        <listitem>
-          <para>DELAYBLACKLISTLOAD=Yes is not supported. The entire ruleset is
+          <para>DELAYBLACKLISTLOAD=Yes is not supported. The entire rule set is
          atomically loaded with one execution of
          <command>iptables-restore</command>.</para>
        </listitem>
@ -677,7 +677,7 @@ ACCEPT loc:eth0:192.168.1.3,eth0:192.168.1.5   $fw  tcp   22</programlisting>
      and by the compiled program will be timestamped.<simplelist>
          <member><emphasis role="bold">--debug</emphasis></member>
        </simplelist>If given, when a warning or error message is issued, it
-      is supplimented with a stack trace. Requires the Carp Perl
+      is supplemented with a stack trace. Requires the Carp Perl
      module.<simplelist>
          <member><emphasis
          role="bold">--refresh=</emphasis>&lt;<emphasis>chainlist</emphasis>&gt;</member>
@ -1055,7 +1055,7 @@ my $chainref7 = $filter_table{$name};</programlisting>Shorewall::Chains is
      <para>A companion function, <emphasis
      role="bold">ensure_manual_chain()</emphasis>, can be called when a
-      manual chain of the desired name may have alread been created. If a
+      manual chain of the desired name may have already been created. If a
      manual chain table entry with the passed name already exists, a
      reference to the chain table entry is returned. Otherwise, the function
      calls <emphasis role="bold">new_manual_chain()</emphasis> and returns
--- a/docs/Shorewall_Doesnt.xml
+++ b/docs/Shorewall_Doesnt.xml
@ -45,7 +45,7 @@
    <itemizedlist>
      <listitem>
-        <para>Act as a <quote>Personal Firewall</quote> that allows internet
+        <para>Act as a <quote>Personal Firewall</quote> that allows Internet
        access control by application. If that's what you are looking for, try
        <ulink
        url="http://tuxguardian.sourceforge.net/">TuxGuardian</ulink>.</para>
--- a/docs/Shorewall_Squid_Usage.xml
+++ b/docs/Shorewall_Squid_Usage.xml
@ -104,7 +104,7 @@ httpd_accel_uses_host_header on</programlisting>
            </listitem>
          </orderedlist>
-          <para>See your distribution's Squid documenation and <ulink
+          <para>See your distribution's Squid documentation and <ulink
          url="http://www.squid-cache.org/">http://www.squid-cache.org/</ulink>
          for details.</para>
@ -188,7 +188,7 @@ REDIRECT  loc        3128     tcp      www              -          !206.124.146.
      transparent proxy running in your local zone at 192.168.1.3 and
      listening on port 3128. Your local interface is eth1. There may also be
      a web server running on 192.168.1.3. It is assumed that web access is
-      already enabled from the local zone to the internet.</para>
+      already enabled from the local zone to the Internet.</para>
      <orderedlist>
        <listitem>
--- a/docs/Shorewall_and_Aliased_Interfaces.xml
+++ b/docs/Shorewall_and_Aliased_Interfaces.xml
@ -170,7 +170,7 @@ ACCEPT    net        $FW:206.124.146.178  tcp        22</programlisting></para>
      <para>Suppose that I had set up eth0:0 as above and I wanted to port
      forward from that virtual interface to a web server running in my local
-      zone at 192.168.1.3. That is accomplised by a single rule in the
+      zone at 192.168.1.3. That is accomplished by a single rule in the
      <filename>/etc/shorewall/rules</filename> file:</para>
      <programlisting>#ACTION   SOURCE     DEST                 PROTO      DEST PORT(S)   SOURCE    ORIGINAL
--- a/docs/Shorewall_and_Kazaa.xml
+++ b/docs/Shorewall_and_Kazaa.xml
@ -68,7 +68,7 @@
    url="http://shorewall.net/pub/shorewall/contrib/ftwall">http://shorewall.net/pub/shorewall/contrib/ftwall</ulink>.</para>
  </tip>
-  <para>Shorewall verions 2.2.0 and later also include support for the ipp2p
+  <para>Shorewall versions 2.2.0 and later also include support for the ipp2p
  match facility which can be use to control P2P traffic. See the <ulink
  url="IPP2P.html">Shorewall IPP2P documentation</ulink> for details.</para>
 </article>
--- a/docs/Shorewall_and_Routing.xml
+++ b/docs/Shorewall_and_Routing.xml
@ -216,7 +216,7 @@
    Later</title>
    <para>Beginning with Shorewall 2.3.2, support is included for multiple
-    internet connections. If you wish to use this feature, we recommend
+    Internet connections. If you wish to use this feature, we recommend
    strongly that you upgrade to version 2.4.2 or later.</para>
    <para>Shorewall multi-ISP support is now covered in a <ulink
--- a/docs/SimpleBridge.xml
+++ b/docs/SimpleBridge.xml
@ -46,7 +46,7 @@
    Interconnect (OSI) reference model, a router operates at layer 3.
    Shorewall may also be deployed on a GNU Linux System that acts as a
    <firstterm>bridge</firstterm>. Bridges are layer-2 devices in the OSI
-    model (think of a bridge as an ethernet switch).</para>
+    model (think of a bridge as an Ethernet switch).</para>
    <para>Some differences between routers and bridges are:</para>
@ -54,7 +54,7 @@
      <listitem>
        <para>Routers determine packet destination based on the destination IP
        address while bridges route traffic based on the destination MAC
-        address in the ethernet frame.</para>
+        address in the Ethernet frame.</para>
      </listitem>
      <listitem>
@ -93,9 +93,9 @@
    bridge-specific changes are restricted to the
    <filename>/etc/shorewall/interfaces</filename> file.</para>
-    <para>This example illustrates the bridging of two ethernet devices but
+    <para>This example illustrates the bridging of two Ethernet devices but
    the types of the devices really isn't important. What is shown here would
-    apply equally to bridging an ethernet device to an <ulink
+    apply equally to bridging an Ethernet device to an <ulink
    url="OPENVPN.html">OpenVPN</ulink> tap device (e.g.,
    <filename>tap0</filename>) or to a wireless device
    (<filename>ath0</filename> or <filename>wlan0</filename>).</para>
--- a/docs/SplitDNS.xml
+++ b/docs/SplitDNS.xml
@ -89,7 +89,7 @@
 # special IPv6 addresses
 ::1             localhost ipv6-localhost ipv6-loopback
-fe00::0         ipv6-localneta
+fe00::0         ipv6-localnet
 ff00::0         ipv6-mcastprefix
 ff02::1         ipv6-allnodes
--- a/docs/VPN.xml
+++ b/docs/VPN.xml
@ -135,7 +135,7 @@
      </tgroup>
    </table>
-    <para>The above may or may not work — your milage may vary. NAT Traversal
+    <para>The above may or may not work — your mileage may vary. NAT Traversal
    is definitely a better solution. To use NAT traversal:<table id="Table2">
        <title>/etc/shorewall/rules with NAT Traversal</title>
--- a/docs/XenMyWay-Routed.xml
+++ b/docs/XenMyWay-Routed.xml
@ -436,7 +436,7 @@ bootentry = 'hda2:/boot/vmlinuz-xen,/boot/initrd-xen'
      url="shorewall_setup_guide.htm">Shorewall Setup Guide</ulink> with the
      exception that I've added a fourth interface for our wireless network.
      The firewall runs a routed <ulink url="OPENVPN.html">OpenVPN
-      server</ulink> to provide roadwarrior access for our three laptops and a
+      server</ulink> to provide road warrior access for our three laptops and a
      bridged OpenVPN server for the wireless network in our home. Here is the
      firewall's view of the network:</para>
@ -912,7 +912,7 @@ $EXT_IF         30      2*full/10       6*full/10       3
        <para><filename>/etc/shorewall/tcrules</filename><programlisting>#MARK   SOURCE          DEST            PROTO   PORT(S) CLIENT  USER    TEST
 #                                                       PORT(S)
-1:110   192.168.0.0/22  $EXT_IF                                         #Our internel nets get priority
+1:110   192.168.0.0/22  $EXT_IF                                         #Our internal nets get priority
                                                                        #over the server
 1:130   206.124.146.177 $EXT_IF         tcp     -       873             #Throttle rsync traffic to the
                                                                        #Shorewall Mirrors.
@ -921,7 +921,7 @@ $EXT_IF         30      2*full/10       6*full/10       3
      <para>The <filename class="devicefile">tap0</filename> device used by
      the bridged OpenVPN server is created and bridged to <filename
-      class="devicefile">eth1</filename> using a SuSE-specific SysV init
+      class="devicefile">eth1</filename> using a SUSE-specific SysV init
      script:</para>
      <blockquote>
--- a/docs/XenMyWay.xml
+++ b/docs/XenMyWay.xml
@ -66,7 +66,7 @@
    class="devicefile">eth0</filename><footnote>
        <para>This assumes the default Xen configuration created by
        <command>xend </command>and assumes that the host system has a single
-        ethernet interface named <filename
+        Ethernet interface named <filename
        class="devicefile">eth0</filename>.</para>
      </footnote>in each domain. In Dom0, Xen also creates a bridge (<filename
    class="devicefile">xenbr0</filename>) and a number of virtual interfaces
@ -156,7 +156,7 @@
      </listitem>
    </orderedlist>
-    <para>Most of the Linux systems run <trademark>SuSE </trademark>10.1; my
+    <para>Most of the Linux systems run <trademark>SUSE </trademark>10.1; my
    personal Linux desktop system and our Linux Laptop run
    <trademark>Ubuntu</trademark> "Dapper Drake".</para>
@ -259,7 +259,7 @@
        <filename class="devicefile">eth2</filename> (PCI 00:0a.0) are
        delegated to the firewall DomU where they become <filename
        class="devicefile">eth3</filename> and <filename
-        class="devicefile">eth4</filename> respectively. The SuSE 10.1 Xen
+        class="devicefile">eth4</filename> respectively. The SUSE 10.1 Xen
        kernel compiles pciback as a module so the instructions for PCI
        delegation in the Xen Users Manual can't be followed directly (see
        <ulink
@ -292,7 +292,7 @@ extra    = "3"
 # network interface:
 vif      = [ 'mac=aa:cc:00:00:00:02, bridge=xenbr0', 'mac=aa:cc:00:00:00:03, bridge=xenbr1' ]
-# Interfaces deletgated from Dom0
+# Interfaces delegated from Dom0
 pci=[ '00:09.0' , '00:0a.0' ]
 # storage devices:
@ -357,7 +357,7 @@ disk     = [ 'phy:hda3,hda3,w' ]</programlisting>
        <para><command>ethtool -K eth0 tx off</command></para>
-        <para>Under SuSE 10.1, I placed the following in
+        <para>Under SUSE 10.1, I placed the following in
        <filename>/etc/sysconfig/network/if-up.d/resettx</filename> (that file
        is executable):</para>
@ -380,13 +380,13 @@ fi</programlisting>
      </caution>
      <caution>
-        <para>Update. Under SuSE 10.2, communication from a domU works okay
+        <para>Update. Under SUSE 10.2, communication from a domU works okay
        without running ethtool <emphasis role="bold">but traffic shaping in
        dom0 doesn't work!</emphasis> So it's a good idea to run it just to be
        safe.</para>
      </caution>
-      <para>SuSE 10.1 includes Xen 3.0.2 which supports PCI delegation. The
+      <para>SUSE 10.1 includes Xen 3.0.2 which supports PCI delegation. The
      network interfaces that connect to the net and wifi zones are delegated
      to the firewall DomU.</para>
@ -474,7 +474,7 @@ SECTION NEW
      described in the <ulink url="shorewall_setup_guide.htm">Shorewall Setup
      Guide</ulink> with the exception that I've added a fourth interface for
      our wireless network. The firewall runs a routed <ulink
-      url="OPENVPN.html">OpenVPN server</ulink> to provide roadwarrior access
+      url="OPENVPN.html">OpenVPN server</ulink> to provide road warrior access
      for our two laptops and a bridged OpenVPN server for the wireless
      network in our home. Here is the firewall's view of the network:</para>
@ -834,7 +834,7 @@ $EXT_IF         30      2*full/10       6*full/10       3
        <para><filename>/etc/shorewall/tcrules</filename><programlisting>#MARK   SOURCE          DEST            PROTO   PORT(S) CLIENT  USER    TEST
 #                                                       PORT(S)
-1:110   192.168.0.0/22  $EXT_IF                                         #Our internel nets get priority
+1:110   192.168.0.0/22  $EXT_IF                                         #Our internal nets get priority
                                                                        #over the server
 1:130   206.124.146.177 $EXT_IF         tcp     -       873             #Throttle rsync traffic to the
                                                                        #Shorewall Mirrors.
@ -842,7 +842,7 @@ $EXT_IF         30      2*full/10       6*full/10       3
      </blockquote>
      <para>The tap0 device used by the bridged OpenVPN server is bridged to
-      eth0 using a SuSE-specific SysV init script:</para>
+      eth0 using a SUSE-specific SysV init script:</para>
      <blockquote>
        <programlisting>#!/bin/sh
--- a/docs/bridge-Shorewall-perl.xml
+++ b/docs/bridge-Shorewall-perl.xml
@ -49,7 +49,7 @@
    Interconnect (OSI) reference model, a router operates at layer 3,
    Shorewall may also be deployed on a GNU Linux System that acts as a
    <firstterm>bridge</firstterm>. Bridges are layer 2 devices in the OSI
-    model (think of a bridge as an ethernet switch).</para>
+    model (think of a bridge as an Ethernet switch).</para>
    <para>Some differences between routers and bridges are:</para>
@ -57,7 +57,7 @@
      <listitem>
        <para>Routers determine packet destination based on the destination IP
        address, while bridges route traffic based on the destination MAC
-        address in the ethernet frame.</para>
+        address in the Ethernet frame.</para>
      </listitem>
      <listitem>
@ -142,7 +142,7 @@
    <itemizedlist>
      <listitem>
        <para>The Shorewall system (the Bridge/Firewall) has only a single IP
-        address even though it has two ethernet interfaces! The IP address is
+        address even though it has two Ethernet interfaces! The IP address is
        configured on the bridge itself, rather than on either of the network
        cards.</para>
      </listitem>
@ -454,7 +454,7 @@ ifconfig most 192.168.1.31 netmask 255.255.255.0 up
                                           #you don't use rc.inet1
 #########################
-3) I made rc.brige executable and added the following line to /etc/rc.d/rc.local
+3) I made rc.bridge executable and added the following line to /etc/rc.d/rc.local
 /etc/rc.d/rc.bridge </programlisting>
    </blockquote>
@ -563,7 +563,7 @@ rc-update add bridge boot
    <filename>shorewall.conf</filename>.</para>
    <para>In the scenario pictured above, there would probably be two BP zones
-    defined -- one for the internet and one for the local LAN so in
+    defined -- one for the Internet and one for the local LAN so in
    <filename>/etc/shorewall/zones</filename>:</para>
    <programlisting>#ZONE           TYPE            OPTIONS
--- a/docs/configuration_file_basics.xml
+++ b/docs/configuration_file_basics.xml
@ -203,7 +203,7 @@
        <listitem>
          <para><filename>/etc/shorewall/vardir</filename> - (Added in
-          Shoreall 4.0.0-RC2) - Determines the directory where Shorewall
+          Shorewall 4.0.0-RC2) - Determines the directory where Shorewall
          maintains its state.</para>
        </listitem>
@ -590,7 +590,7 @@ use Shorewall::Config qw/shorewall/;</programlisting>
    the name to one or more IP addresses and inserts those addresses into the
    rule. So changes in the DNS-&gt;IP address relationship that occur after
    the firewall has started have absolutely no effect on the firewall's
-    ruleset.</para>
+    rule set.</para>
    <para>If your firewall rules include DNS names then:</para>
--- a/docs/fallback.xml
+++ b/docs/fallback.xml
@ -95,12 +95,12 @@
  <section id="Shell-Perl">
    <title>Shorewall-shell and Shorewall-perl</title>
-    <para>Shorewall-shell and Shoreall-perl have no configuration files and
+    <para>Shorewall-shell and Shorewall-perl have no configuration files and
    all of their released files are installed in a single directory. To
    fallback to a prior release of one of these products using the tarballs,
    simple re-install the older version.</para>
-    <para>To uninstal these products when they have been installed using the
+    <para>To uninstall these products when they have been installed using the
    tarballs:</para>
    <itemizedlist>
--- a/docs/ipsets.xml
+++ b/docs/ipsets.xml
@ -37,7 +37,7 @@
  <section id="Ipsets">
    <title>What are Ipsets?</title>
-    <para>Ipsets are an extention to Netfilter/iptables that are currently
+    <para>Ipsets are an extension to Netfilter/iptables that are currently
    available in Patch-O-Matic-ng (<ulink
    url="http://www.netfilter.org">http://www.netfilter.org</ulink>). Using
    ipsets requires that you patch your kernel and iptables and that you build
@ -50,7 +50,7 @@
    <orderedlist>
      <listitem>
-        <para>Blacklists. Ipsets provide an effecient way to represent large
+        <para>Blacklists. Ipsets provide an efficient way to represent large
        sets of addresses and you can maintain the lists without the need to
        restart or even refresh your Shorewall configuration.</para>
      </listitem>
@ -90,7 +90,7 @@
      <listitem>
        <para>a series of "src" and "dst" options separated by commas and
-        inclosed in square brackets ([]). These will be passed directly to
+        enclosed in square brackets ([]). These will be passed directly to
        iptables in the generated --set clause. See the ipset documentation
        for details.</para>
--- a/docs/kernel.xml
+++ b/docs/kernel.xml
@ -363,9 +363,9 @@ CONFIG_IP_NF_ARP_MANGLE=m
    (Ubuntu inexplicably includes connmark match support but not CONNTRACK
    target support).<graphic align="center"
    fileref="images/kernel-2.6.20-2.png" />The next graphic shows the IP
-    Netfilter Configuration -- these are the standard Ubuntu settions.<graphic
+    Netfilter Configuration -- these are the standard Ubuntu settings.<graphic
    align="center" fileref="images/kernel-2.6.20-3.png" />Here is the
-    corresponding CONFIG file exerpt.<programlisting>CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
+    corresponding CONFIG file excerpt.<programlisting>CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
 CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
 CONFIG_NETFILTER_XT_TARGET_DSCP=m
 CONFIG_NETFILTER_XT_TARGET_MARK=m
--- a/docs/netmap.xml
+++ b/docs/netmap.xml
@ -26,7 +26,7 @@
    </copyright>
    <legalnotice>
-      <para>Permission is granted to copy, distribute and/or mify this
+      <para>Permission is granted to copy, distribute and/or modify this
      document under the terms of the GNU Free Documentation License, Version
      1.2 or any later version published by the Free Software Foundation; with
      no Invariant Sections, with no Front-Cover, and with no Back-Cover
@ -232,7 +232,7 @@ SNAT  192.168.1.0/24 vpn              10.10.10.0/24        #RULE 2B</programlist
              </row>
              <row>
-                <entry>Filrewall 2</entry>
+                <entry>Firewall 2</entry>
                <entry>192.168.1.27 in lower cloud</entry>
--- a/docs/ping.xml
+++ b/docs/ping.xml
@ -48,7 +48,7 @@
  <section id="Ping">
    <title>'Ping' Management</title>
-    <para>In Shorewall , ICMP echo-request's are treated just like any other
+    <para>In Shorewall , ICMP echo-requests are treated just like any other
    connection request.</para>
    <para>In order to accept ping requests from zone z1 to zone z2 where the
@ -85,7 +85,7 @@ Ping/DROP     z1        z2</programlisting>
    <example id="Example2">
      <title>Silently drop pings from the Internet</title>
-      <para>To drop ping from the internet, you would need this rule in
+      <para>To drop ping from the Internet, you would need this rule in
      <filename>/etc/shorewall/rules</filename>:</para>
      <programlisting>#ACTION    SOURCE    DEST     PROTO    DEST PORT(S)
--- a/docs/ports.xml
+++ b/docs/ports.xml
@ -227,7 +227,7 @@ ICQ/ACCEPT  <emphasis>&lt;source&gt;</emphasis>  net</programlisting>
    <title>IMAP</title>
    <caution>
-      <para>When accessing your mail from the internet,use <emphasis
+      <para>When accessing your mail from the Internet, use <emphasis
      role="bold">only</emphasis> <emphasis role="bold">IMAP over
      SSL.</emphasis></para>
    </caution>
@ -281,7 +281,7 @@ LDAPS/ACCEPT     <emphasis><emphasis>&lt;source&gt;</emphasis>  <emphasis>     &
      role="bold">severe security risk</emphasis>.</para>
      <para><emphasis role="bold">DO NOT USE THIS </emphasis>if you don't know
-      how to deal with the consecuences, you have been warned.</para>
+      how to deal with the consequences, you have been warned.</para>
    </caution>
    <programlisting>#ACTION          SOURCE           DESTINATION      PROTO      DEST PORT(S)
@ -542,7 +542,7 @@ Whois/ACCEPT     <emphasis>&lt;source&gt;</emphasis>  <emphasis>&lt;destination&
  <section id="X">
    <title>X/XDMCP</title>
-    <para>Assume that the Choser and/or X Server are running at
+    <para>Assume that the Chooser and/or X Server are running at
    &lt;<emphasis>chooser</emphasis>&gt; and the Display Manager/X
    applications are running at &lt;<emphasis>apps</emphasis>&gt;.</para>
--- a/docs/quotes.xml
+++ b/docs/quotes.xml
@ -163,7 +163,7 @@
      classified by the national government as secret, our security doesn't
      stop by putting a fence around our company. Information security is a
      hot issue. We also make use of checkpoint firewalls, but not all of the
-      internet servers are guarded by checkpoint, some of them are
+      Internet servers are guarded by checkpoint, some of them are
      running....Shorewall.</emphasis></para>
    </blockquote>
@ -172,7 +172,7 @@
      <para><emphasis>thanx for all your efforts you put into shorewall - this
      product stands out against a lot of commercial stuff i´ve been working
-      with in terms of flexibillity, quality &amp; support</emphasis></para>
+      with in terms of flexibility, quality &amp; support</emphasis></para>
    </blockquote>
    <blockquote>
@ -184,7 +184,7 @@
    </blockquote>
    <blockquote>
-      <attribution>RP, Guatamala</attribution>
+      <attribution>RP, Guatemala</attribution>
      <para><emphasis>My respects... I've just found and installed Shorewall
      1.3.3-1 and it is a wonderful piece of software. I've just sent out an
@ -193,7 +193,7 @@
      <para><emphasis>While I had previously taken the time (maybe 40 hours)
      to really understand ipchains, then spent at least an hour per server
      customizing and carefully scrutinizing firewall rules, I've got
-      shorewall running on my home firewall, with rulesets and policies that I
+      shorewall running on my home firewall, with rule sets and policies that I
      know make sense, in under 20 minutes.</emphasis></para>
    </blockquote>
  </section>
--- a/docs/shorewall_extension_scripts.xml
+++ b/docs/shorewall_extension_scripts.xml
@ -169,7 +169,7 @@ esac</programlisting><caution>
            ADMINISABSENTMINDED=Yes.</para>
            <para>The firewall state when this script is invoked is
-            indeterminent. So if you have ADMINISABSENTMINDED=No in <ulink
+            indeterminate. So if you have ADMINISABSENTMINDED=No in <ulink
            url="manpages/shorewall.conf.html">shorewall.conf</ulink>(8) and
            output on an interface is not allowed by <ulink
            url="manpages/shorewall.conf.html">routestopped</ulink>(8) then
@ -495,7 +495,7 @@ esac</programlisting><caution>
      <para>The 'continue' script has been eliminated because it no longer
      make any sense under Shorewall-perl. That script was designed to allow
      you to add special temporary rules during [re]start. Shorewall-perl
-      doesn't need such rules since the ruleset is instantianted atomically by
+      doesn't need such rules since the rule set is instantiated atomically by
      table.</para>
    </section>
  </section>
--- a/docs/shorewall_logging.xml
+++ b/docs/shorewall_logging.xml
@ -50,7 +50,7 @@
    <orderedlist>
      <listitem>
-        <para>The packet is part of an established connecection. While the
+        <para>The packet is part of an established connection. While the
        packet can be logged using LOG rules in the ESTABLISHED section of
        <ulink
        url="manpages/shorewall-rules.html">/etc/shorewall/rules</ulink>, that
@ -100,7 +100,7 @@
    <title>Where the Traffic is Logged and How to Change the
    Destination</title>
-    <para>By default, Shorewall directs NetFilter to log using syslog (8).
+    <para>By default, Shorewall directs Netfilter to log using syslog (8).
    Syslog classifies log messages by a <emphasis>facility</emphasis> and a
    <emphasis>priority</emphasis> (using the notation
    <emphasis>facility.priority</emphasis>).</para>
@ -111,7 +111,7 @@
    <para>Throughout the Shorewall documentation, I will use the term
    <emphasis>level</emphasis> rather than <emphasis>priority </emphasis>since
-    <emphasis>level</emphasis> is the term used by NetFilter. The syslog
+    <emphasis>level</emphasis> is the term used by Netfilter. The syslog
    documentation uses the term <emphasis>priority</emphasis>.</para>
    <section id="Levels">
@ -150,7 +150,7 @@
      </simplelist>
      <para>For most Shorewall logging, a level of 6 (info) is appropriate.
-      Shorewall log messages are generated by NetFilter and are logged using
+      Shorewall log messages are generated by Netfilter and are logged using
      the <emphasis>kern</emphasis> facility and the level that you specify.
      If you are unsure of the level to choose, 6 (info) is a safe bet. You
      may specify levels by name or by number.</para>
@ -180,14 +180,14 @@
        <listitem>
          <para>All kernel.info messages will go to that destination and not
-          just those from NetFilter.</para>
+          just those from Netfilter.</para>
        </listitem>
      </orderedlist>
      <para>Beginning with Shorewall version 1.3.12, if your kernel has ULOG
      target support (and most vendor-supplied kernels do), you may also
      specify a log level of ULOG (must be all caps). When ULOG is used,
-      Shorewall will direct netfilter to log the related messages via the ULOG
+      Shorewall will direct Netfilter to log the related messages via the ULOG
      target which will send them to a process called <quote>ulogd</quote>.
      The ulogd program is included in most distributions and is also
      available from <ulink
@ -276,7 +276,7 @@ ACCEPT:NFLOG(1,0,1) vpn        fw       tcp       ssh,time,631,8080 </programlis
    <para><ulink
    url="http://marc.theaimsgroup.com/?l=gentoo-security&amp;amp;m=106040714910563&amp;amp;w=2">Here</ulink>
    is a post describing configuring syslog-ng to work with Shorewall. Recent
-    <trademark>SuSE</trademark> releases come preconfigured with syslog-ng
+    <trademark>SUSE</trademark> releases come preconfigured with syslog-ng
    with Netfilter messages (including Shorewall's) are written to
    <filename>/var/log/firewall</filename>.</para>
  </section>
--- a/docs/shorewall_prerequisites.xml
+++ b/docs/shorewall_prerequisites.xml
@ -45,7 +45,7 @@
    <itemizedlist>
      <listitem>
        <para>A <emphasis role="bold">Linux</emphasis> kernel that supports
-        netfilter (No, it won't work on BSD or Solaris). I've tested with
+        Netfilter (No, it won't work on BSD or Solaris). I've tested with
        2.4.2 - 2.6.16. Check <ulink url="kernel.htm">here</ulink> for kernel
        configuration information.</para>
      </listitem>
--- a/docs/shorewall_setup_guide.xml
+++ b/docs/shorewall_setup_guide.xml
@ -109,14 +109,14 @@
        class="directory">/etc/shorewall</filename> directory is empty. This
        is intentional. The released configuration file skeletons may be found
        on your system in the directory <filename
-        class="directory">/usr/share/doc/shorewall/default-config</filename>.
+        class="directory">/usr/share/doc/shorewall-common/default-config</filename>.
        Simply copy the files you need from that directory to <filename
        class="directory">/etc/shorewall</filename> and modify the
        copies.</para>
        <para>Note that you must copy <filename
-        class="directory">/usr/share/doc/shorewall/default-config/shorewall.conf</filename>
+        class="directory">/usr/share/doc/shorewall-common/default-config/shorewall.conf</filename>
-        and /usr/share/doc/shorewall/default-config/modules to <filename
+        and /usr/share/doc/shorewall-common/default-config/modules to <filename
        class="directory">/etc/shorewall</filename> even if you do not modify
        those files.</para>
      </warning></para>
@ -192,7 +192,7 @@ dmz     ipv4</programlisting>
    assigned to the firewall zone, Shorewall attaches absolutely no meaning to
    zone names. Zones are entirely what YOU make of them. That means that you
    should not expect Shorewall to do something special <quote>because this is
-    the internet zone</quote> or <quote>because that is the
+    the Internet zone</quote> or <quote>because that is the
    DMZ</quote>.</para>
    <para><inlinegraphic fileref="images/BD21298_.gif" /></para>
@ -286,11 +286,11 @@ all              all                 REJECT     info</programlisting>
    <orderedlist>
      <listitem>
        <para>allow all connection requests from your local network to the
-        internet</para>
+        Internet</para>
      </listitem>
      <listitem>
-        <para>drop (ignore) all connection requests from the internet to your
+        <para>drop (ignore) all connection requests from the Internet to your
        firewall or local network and log a message at the info level (<ulink
        url="shorewall_logging.html">here is a description of log
        levels</ulink>).</para>
@ -322,7 +322,7 @@ all              all                 REJECT     info</programlisting>
    <itemizedlist>
      <listitem>
        <para>The DMZ Zone consists of systems DMZ 1 and DMZ 2. A DMZ is used
-        to isolate your internet-accessible servers from your local systems so
+        to isolate your Internet-accessible servers from your local systems so
        that if one of those servers is compromised, you still have the
        firewall between the compromised system and your local systems.</para>
      </listitem>
@ -508,7 +508,7 @@ loc      eth2           detect</programlisting>
      Class C address 192.0.2.14, the network number is hex C00002 and the
      host number is hex 0E.</para>
-      <para>As the internet grew, it became clear that such a gross
+      <para>As the Internet grew, it became clear that such a gross
      partitioning of the 32-bit address space was going to be very limiting
      (early on, large corporations and universities were assigned their own
      class A network!). After some false starts, the current technique of
@ -1067,7 +1067,7 @@ Destination     Gateway         Genmask         Flgs MSS Win irtt Iface
      <para>One more thing needs to be emphasized -- all outgoing packet are
      sent using the routing table and reply packets are not a special case.
-      There seems to be a common mis-conception whereby people think that
+      There seems to be a common misconception whereby people think that
      request packets are like salmon and contain a genetic code that is
      magically transferred to reply packets so that the replies follow the
      reverse route taken by the request. That isn't the case; the replies may
@ -1132,7 +1132,7 @@ tcpdump: listening on eth2
      <para>The leading question marks are a result of my having specified the
      <quote>n</quote> option (Windows <quote>arp</quote> doesn't allow that
-      option) which causes the <quote>arp</quote> program to forego IP-&gt;DNS
+      option) which causes the <quote>arp</quote> program to forgo IP-&gt;DNS
      name translation. Had I not given that option, the question marks would
      have been replaced with the FQDN corresponding to each IP address.
      Notice that the last entry in the table records the information we saw
@ -1167,7 +1167,7 @@ tcpdump: listening on eth2
      somewhat unfortunate because it leads people to the erroneous conclusion
      that traffic destined for one of these addresses can't be sent through a
      router. This is definitely not true; private routers (including your
-      Shorewall-based firewall) can forward RFC 1918 addresed traffic just
+      Shorewall-based firewall) can forward RFC 1918 addressed traffic just
      fine.</para>
      <para>When selecting addresses from these ranges, there's a couple of
@ -1349,7 +1349,7 @@ Destination    Gateway     Genmask         Flags MSS Window irtt Iface
        <para>With SNAT, an internal LAN segment is configured using RFC 1918
        addresses. When a host <emphasis role="bold">A</emphasis> on this
        internal segment initiates a connection to host <emphasis
-        role="bold">B</emphasis> on the internet, the firewall/router rewrites
+        role="bold">B</emphasis> on the Internet, the firewall/router rewrites
        the IP header in the request to use one of your public IP addresses as
        the source address. When <emphasis role="bold">B</emphasis> responds
        and the response is received by the firewall, the firewall changes the
@ -1359,7 +1359,7 @@ Destination    Gateway     Genmask         Flags MSS Window irtt Iface
        <para>Let's suppose that you decide to use SNAT on your local zone and
        use public address 192.0.2.176 as both your firewall's external IP
-        address and the source IP address of internet requests sent from that
+        address and the source IP address of Internet requests sent from that
        zone.</para>
        <graphic align="center" fileref="images/dmz5.png" />
@ -1396,16 +1396,16 @@ eth0           192.168.201.0/29     192.0.2.176</programlisting>
      <section id="dnat">
        <title>DNAT</title>
-        <para>When SNAT is used, it is impossible for hosts on the internet to
+        <para>When SNAT is used, it is impossible for hosts on the Internet to
        initiate a connection to one of the internal systems since those
        systems do not have a public IP address. DNAT provides a way to allow
-        selected connections from the internet.</para>
+        selected connections from the Internet.</para>
        <para><inlinegraphic fileref="images/BD21298_.gif" /></para>
        <para>Suppose that your daughter wants to run a web server on her
        system <quote>Local 3</quote>. You could allow connections to the
-        internet to her server by adding the following entry in
+        Internet to her server by adding the following entry in
        <filename><ulink
        url="manpages/shorewall-rules.html">/etc/shorewall/rules</ulink></filename>:</para>
@ -1489,12 +1489,12 @@ DNAT     net     loc:192.168.201.4  tcp    www</programlisting>
        url="ProxyARP.htm"><filename>/etc/shorewall/proxyarp</filename></ulink>
        file.</para>
-        <programlisting>#ADDRESS     INTERFACE    EXTERNAL      HAVE ROUTE           PERSISTANT
+        <programlisting>#ADDRESS     INTERFACE    EXTERNAL      HAVE ROUTE           PERSISTENT
 192.0.2.177  eth2         eth0          No
 192.0.2.178  eth2         eth0          No</programlisting>
        <para>Because the HAVE ROUTE column contains No, Shorewall will add
-        host routes thru eth2 to 192.0.2.177 and 192.0.2.178. The ethernet
+        host routes thru eth2 to 192.0.2.177 and 192.0.2.178. The Ethernet
        interfaces on DMZ 1 and DMZ 2 should be configured to have the IP
        addresses shown but should have the same default gateway as the
        firewall itself -- namely 192.0.2.254. In other words, they should be
@ -1511,7 +1511,7 @@ DNAT     net     loc:192.168.201.4  tcp    www</programlisting>
        their routers with a long ARP cache timeout. If you move a system from
        parallel to your firewall to behind your firewall with Proxy ARP, it
        will probably be HOURS before that system can communicate with the
-        internet. There are a couple of things that you can try:</para>
+        Internet. There are a couple of things that you can try:</para>
        <orderedlist>
          <listitem>
@ -1630,7 +1630,7 @@ ACCEPT   net     loc:192.168.201.4  tcp    www</programlisting>
        their routers with a long ARP cache timeout. If you move a system from
        parallel to your firewall to behind your firewall with one-to-one NAT,
        it will probably be HOURS before that system can communicate with the
-        internet. There are a couple of things that you can try:</para>
+        Internet. There are a couple of things that you can try:</para>
        <orderedlist>
          <listitem>
@ -1711,7 +1711,7 @@ ACCEPT   net     loc:192.168.201.4  tcp    www</programlisting>
      <para><inlinegraphic fileref="images/BD21298_.gif" /></para>
      <para>With the default policies described earlier in this document, your
-      local systems (Local 1-3) can access any server on the internet and the
+      local systems (Local 1-3) can access any server on the Internet and the
      DMZ can't access any other host (including the firewall). With the
      exception of DNAT rules which cause address translation and allow the
      translated connection request to pass through the firewall, the way to
@ -1929,7 +1929,7 @@ options {
        max-transfer-time-in 60;
 allow-transfer {
-        // Servers allowed to request zone tranfers 
+        // Servers allowed to request zone transfers 
       &lt;secondary NS IP&gt;; };
 };
@ -2078,7 +2078,7 @@ view "external" {
    <para>Here are the files in <filename
    class="directory">/var/named</filename> (those not shown are usually
-    included in your bind disbribution).</para>
+    included in your bind distribution).</para>
    <para><filename>db.192.0.2.176</filename> - This is the reverse zone for
    the firewall's external interface</para>
@ -2101,7 +2101,7 @@ view "external" {
@        604800  IN NS   &lt;name of secondary ns&gt;.
 ;
 ; ############################################################
-; Iverse Address Arpa Records (PTR's) 
+; Inverse Address Arpa Records (PTR's) 
 ; ############################################################
 176.2.0.192.in-addr.arpa. 86400 IN PTR firewall.foobar.net.</programlisting>
@ -2125,7 +2125,7 @@ view "external" {
@        604800  IN NS   &lt;name of secondary ns&gt;.
 ;
 ; ############################################################
-; Iverse Address Arpa Records (PTR's) 
+; Inverse Address Arpa Records (PTR's) 
 ; ############################################################
 177.2.0.192.in-addr.arpa. 86400 IN PTR www.foobar.net.</programlisting>
@ -2150,7 +2150,7 @@ view "external" {
@        604800  IN NS   &lt;name of secondary ns&gt;.
 ;
 ; ############################################################
-; Iverse Address Arpa Records (PTR's) 
+; Inverse Address Arpa Records (PTR's) 
 ; ############################################################
 178.2.0.192.in-addr.arpa. 86400 IN PTR mail.foobar.net.</programlisting>
@ -2175,7 +2175,7 @@ view "external" {
@        604800  IN NS   &lt;name of secondary ns&gt;.
 ;
 ; ############################################################
-; Iverse Address Arpa Records (PTR's) 
+; Inverse Address Arpa Records (PTR's) 
 ; ############################################################
 179.2.0.192.in-addr.arpa. 86400 IN PTR nod.foobar.net.</programlisting>
@ -2198,7 +2198,7 @@ view "external" {
@     604800          IN NS   ns1.foobar.net.
 ; ############################################################
-; Iverse Address Arpa Records (PTR's)
+; Inverse Address Arpa Records (PTR's)
 ; ############################################################
 1       86400           IN PTR  localhost.foobar.net.</programlisting>
@ -2221,7 +2221,7 @@ view "external" {
 ; ############################################################
@       604800          IN NS   ns1.foobar.net.
 ; ############################################################
-; Iverse Address Arpa Records (PTR's)
+; Inverse Address Arpa Records (PTR's)
 ; ############################################################
 1       86400           IN PTR  gateway.foobar.net.
 2       86400           IN PTR  winken.foobar.net.
@ -2248,7 +2248,7 @@ view "external" {
@             604800  IN NS   ns1.foobar.net.
 ; ############################################################
-; Iverse Address Arpa Records (PTR's)
+; Inverse Address Arpa Records (PTR's)
 ; ############################################################
 1               86400 IN PTR  dmz.foobar.net.</programlisting>
@ -2416,7 +2416,7 @@ foobar.net.      86400   IN A    192.0.2.177
    firewall when it is stopped.</para>
    <caution>
-      <para>If you are connected to your firewall from the internet, do not
+      <para>If you are connected to your firewall from the Internet, do not
      issue a <quote>shorewall stop</quote> command unless you have added an
      entry for the IP address that you are connected from to <filename><ulink
      url="manpages/shorewall-routestopped.html">/etc/shorewall/routestopped</ulink></filename>.
--- a/docs/standalone.xml
+++ b/docs/standalone.xml
@ -201,7 +201,7 @@
      class="directory">/etc/shorewall</filename> directory is empty. This is
      intentional. The released configuration file skeletons may be found on
      your system in the directory <filename
-      class="directory">/usr/share/doc/shorewall/default-config</filename>.
+      class="directory">/usr/share/doc/shorewall-common/default-config</filename>.
      Simply copy the files you need from that directory to <filename
      class="directory">/etc/shorewall</filename> and modify the
      copies.</para>
@ -262,11 +262,11 @@ net     ipv4</programlisting>
    <filename><filename>/etc/shorewall/rules</filename></filename> file. If no
    rule in that file matches the connection request then the first policy in
    <filename>/etc/shorewall/policy</filename> that matches the request is
-    applied. If there is a <ulink url="shorewall_extension_scripts.htm">comon
+    applied. If there is a <ulink url="shorewall_extension_scripts.htm">common
    action</ulink> defined for the policy in
    <filename>/etc/shorewall/actions</filename> or
    <filename>/usr/share/shorewall/actions.std</filename> then that action is
-    peformed before the policy is applied. The purpose of the common action is
+    performed before the policy is applied. The purpose of the common action is
    two-fold:</para>
    <itemizedlist>
@ -295,11 +295,11 @@ all            all                REJECT   info</programlisting>
    <orderedlist>
      <listitem>
        <para>allow all connection requests from the firewall to the
-        internet</para>
+        Internet</para>
      </listitem>
      <listitem>
-        <para>drop (ignore) all connection requests from the internet to your
+        <para>drop (ignore) all connection requests from the Internet to your
        firewall</para>
      </listitem>
@ -310,9 +310,9 @@ all            all                REJECT   info</programlisting>
    </orderedlist>
    <para>The word <firstterm>info</firstterm> in the LOG LEVEL column for the
-    last two policies indicates that packets droped or rejected under those
+    last two policies indicates that packets dropped or rejected under those
    policies should be <ulink url="shorewall_logging.html">logged at that
-    leve</ulink>l.</para>
+    level</ulink>.</para>
    <para>At this point, edit your <filename>/etc/shorewall/policy</filename>
    and make any changes that you wish.</para>
@ -324,7 +324,7 @@ all            all                REJECT   info</programlisting>
    <para>The firewall has a single network interface. Where Internet
    connectivity is through a cable or <acronym>DSL</acronym>
    <quote>Modem</quote>, the <emphasis>External Interface</emphasis> will be
-    the ethernet adapter (<filename class="devicefile">eth0</filename>) that
+    the Ethernet adapter (<filename class="devicefile">eth0</filename>) that
    is connected to that <quote>Modem</quote> <emphasis
    role="underline">unless</emphasis> you connect via
    <emphasis>Point-to-Point Protocol over Ethernet</emphasis>
@ -412,7 +412,7 @@ root@lists:~# </programlisting>
    <acronym>ISP</acronym>s are assigning these addresses then using
    <emphasis>Network Address Translation</emphasis> <emphasis>-
    </emphasis><acronym>NAT</acronym>) to rewrite packet headers when
-    forwarding to/from the internet.</para>
+    forwarding to/from the Internet.</para>
    <para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
@ -453,7 +453,7 @@ root@lists:~# </programlisting>
    <itemizedlist>
      <listitem>
        <para><command>shorewall show log</command> (Displays the last 20
-        netfilter log messages)</para>
+        Netfilter log messages)</para>
      </listitem>
      <listitem>
@ -476,12 +476,12 @@ root@lists:~# </programlisting>
    <para>Most commonly, Netfilter messages are logged to
    <filename>/var/log/messages</filename>. Recent
    <trademark>SuSE/OpenSuSE</trademark> releases come preconfigured with
-    syslog-ng and log netfilter messages to
+    syslog-ng and log Netfilter messages to
    <filename>/var/log/firewall</filename>.</para>
    <para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
-    <para>If you are running a distribution that logs netfilter messages to a
+    <para>If you are running a distribution that logs Netfilter messages to a
    log other than <filename>/var/log/messages</filename>, then modify the
    LOGFILE setting in <filename>/etc/shorewall/shorewall.conf</filename> to
    specify the name of your log.</para>
@ -501,7 +501,7 @@ root@lists:~# </programlisting>
    in your version of Shorewall using the command <command>ls
    <filename>/usr/share/shorewall/macro.*</filename></command>.</para>
-    <para>If you wish to enable connections from the internet to your firewall
+    <para>If you wish to enable connections from the Internet to your firewall
    and you find an appropriate macro in
    <filename>/etc/shorewall/macro.*</filename>, the general format of a rule
    in <filename>/etc/shorewall/rules</filename> is:</para>
@ -544,9 +544,9 @@ ACCEPT    net       $FW             tcp          143</programlisting></para>
    uses, see <ulink url="ports.htm">here</ulink>.</para>
    <important>
-      <para>I don't recommend enabling telnet to/from the internet because it
+      <para>I don't recommend enabling telnet to/from the Internet because it
      uses clear text (even for login!). If you want shell access to your
-      firewall from the internet, use <acronym>SSH</acronym>:</para>
+      firewall from the Internet, use <acronym>SSH</acronym>:</para>
      <programlisting>#ACTION     SOURCE    DESTINATION     PROTO       DEST PORT(S)
 SSH/ACCEPT  net       $FW           </programlisting>
@ -594,7 +594,7 @@ SSH/ACCEPT  net       $FW           </programlisting>
    <quote><command>shorewall clear</command></quote>.</para>
    <warning>
-      <para>If you are connected to your firewall from the internet, do not
+      <para>If you are connected to your firewall from the Internet, do not
      issue a <quote><command>shorewall stop</command></quote> command unless
      you have added an entry for the IP address that you are connected from
      to <ulink
@ -641,4 +641,4 @@ SSH/ACCEPT  net       $FW           </programlisting>
    page</ulink> -- it contains helpful tips about Shorewall features than
    make administering your firewall easier.</para>
  </section>
-</article>
+</article>
--- a/docs/standalone_ru.xml
+++ b/docs/standalone_ru.xml
@ -169,15 +169,15 @@
        директория <filename class="directory">/etc/shorewall</filename>
        пуста. Это сделано специально. Поставляемые шаблоны файлов
        конфигурации Вы найдете на вашей системе в директории <filename
-        class="directory">/usr/share/doc/shorewall/default-config</filename>.
+        class="directory">/usr/share/doc/shorewall-common/default-config</filename>.
        Просто скопируйте нужные Вам файлы из этой директории в <filename
        class="directory">/etc/shorewall</filename> и отредактируйте
        копии.</para>
        <para>Заметьте, что Вы должны скопировать <filename
-        class="directory">/usr/share/doc/shorewall/default-config/shorewall.conf</filename>
+        class="directory">/usr/share/doc/shorewall-common/default-config/shorewall.conf</filename>
        и <filename
-        class="directory">/usr/share/doc/shorewall/default-config/modules</filename>
+        class="directory">/usr/share/doc/shorewall-common/default-config/modules</filename>
        в <filename class="directory">/etc/shorewall</filename> даже если Вы
        не будете изменять эти файлы.</para>
      </warning><inlinegraphic fileref="images/BD21298_.gif"
@ -215,7 +215,7 @@
      <listitem>
        <para>Если же Вы пользовались пакетом .deb, примеры находятся в
        директории <filename
-        class="directory">/usr/share/doc/shorewall/examples/one-interface</filename>.</para>
+        class="directory">/usr/share/doc/shorewall-common/examples/one-interface</filename>.</para>
      </listitem>
    </orderedlist>
--- a/docs/starting_and_stopping_shorewall.xml
+++ b/docs/starting_and_stopping_shorewall.xml
@ -148,7 +148,7 @@
        <important>
          <para>The <command>shorewall stop</command> command does not remove
-          all netfilter rules and open your firewall for all traffic to pass.
+          all Netfilter rules and open your firewall for all traffic to pass.
          It rather places your firewall in a safe state defined by the
          contents of your <ulink
          url="manpages/shorewall-routestopped.html">/etc/shorewall/routestopped</ulink>
@ -179,7 +179,7 @@
    <para>Because of the different requirements of distribution packaging
    systems, the behavior of <filename>/etc/init.d/shorewall</filename> and
    <filename>/etc/init.d/shorewall-lite</filename> is not consistent between
-    distributions. As an example, when using the distributon Shorewall
+    distributions. As an example, when using the distribution Shorewall
    packages on <trademark>Debian</trademark> and
    <trademark>Ubuntu</trademark> systems, running
    <command>/etc/init.d/shorewall stop</command> will actually execute the
@ -617,7 +617,7 @@
  <section id="State">
    <title>Shorewall State Diagram</title>
-    <para>The Shorewall State Diargram is depicted below.</para>
+    <para>The Shorewall State Diagram is depicted below.</para>
    <para><graphic align="center" fileref="images/State_Diagram.png" /></para>
--- a/docs/support.xml
+++ b/docs/support.xml
@ -274,9 +274,9 @@ State:Stopped (Thu Mar 30 14:08:11 PDT 2006)</programlisting>
        <para>If Shorewall is starting successfully and your problem is that
        some set of <emphasis role="bold">connections</emphasis> to/from or
        through your firewall <emphasis role="bold">isn't working</emphasis>
-        (examples: local systems can't access the internet, you can't send
+        (examples: local systems can't access the Internet, you can't send
        email through the firewall, you can't surf the web from the firewall,
-        connections that you are certain should be rejected are mysterously
+        connections that you are certain should be rejected are mysteriously
        accepted, etc.) or <emphasis role="bold">you are having problems with
        traffic shaping</emphasis> then please perform the following six
        steps:</para>
@ -313,7 +313,7 @@ State:Stopped (Thu Mar 30 14:08:11 PDT 2006)</programlisting>
      <listitem>
        <para>Otherwise:</para>
-        <para>Shorewall is starting successfuly and you have <emphasis
+        <para>Shorewall is starting successfully and you have <emphasis
        role="bold">no connection problems</emphasis> and you have <emphasis
        role="bold">no traffic shaping problems</emphasis>. Your problem is
        with performance, logging, etc. Please include the following:</para>
@ -409,7 +409,7 @@ State:Stopped (Thu Mar 30 14:08:11 PDT 2006)</programlisting>
      </listitem>
      <listitem>
-        <para>The author gratefully acknowleges that the above list was
+        <para>The author gratefully acknowledges that the above list was
        heavily plagiarized from the excellent LEAF document by <emphasis>Ray
        Olszewski</emphasis> found <ulink
        url="http://leaf-project.org/index.php?module=pagemaster&amp;PAGE_user_op=view_page&amp;PAGE_id=6&amp;MMN_position=21:21">here</ulink>.</para>
--- a/docs/three-interface.xml
+++ b/docs/three-interface.xml
@ -76,7 +76,7 @@
      </listitem>
      <listitem>
-        <para>DMZ connected to a separate ethernet interface. The purpose of a
+        <para>DMZ connected to a separate Ethernet interface. The purpose of a
        DMZ is to isolate those servers that are exposed to the Internet from
        your local systems so that if one of those servers is compromised
        there is still a firewall between the hacked server and your local
@ -185,7 +185,7 @@
        class="directory">/etc/shorewall</filename> directory is empty. This
        is intentional. The released configuration file skeletons may be found
        on your system in the directory <filename
-        class="directory">/usr/share/doc/shorewall/default-config</filename>.
+        class="directory">/usr/share/doc/shorewall-common/default-config</filename>.
        Simply copy the files you need from that directory to <filename
        class="directory">/etc/shorewall</filename> and modify the
        copies.</para>
@ -286,10 +286,10 @@ dmz     ipv4</programlisting>Zone names are defined in
    If no rule in that file matches the connection request then the first
    policy in <filename>/etc/shorewall/policy</filename> that matches the
    request is applied. If there is a <ulink
-    url="shorewall_extension_scripts.htm">comon action</ulink> defined for the
+    url="shorewall_extension_scripts.htm">common action</ulink> defined for the
    policy in <filename>/etc/shorewall/actions</filename> or
    <filename>/usr/share/shorewall/actions.std</filename> then that action is
-    peformed before the action is applied. The purpose of the common action is
+    performed before the action is applied. The purpose of the common action is
    two-fold:</para>
    <itemizedlist>
@ -316,7 +316,7 @@ all        all         REJECT      info</programlisting>
    <important>
      <para>In the three-interface sample, the line below is included but
      commented out. If you want your firewall system to have full access to
-      servers on the internet, uncomment that line.</para>
+      servers on the Internet, uncomment that line.</para>
      <programlisting>#SOURCE    DEST        POLICY      LOG LEVEL    LIMIT:BURST
 $FW        net         ACCEPT</programlisting>
@ -327,17 +327,17 @@ $FW        net         ACCEPT</programlisting>
    <orderedlist>
      <listitem>
        <para>allow all connection requests from your local network to the
-        internet</para>
+        Internet</para>
      </listitem>
      <listitem>
-        <para>drop (ignore) all connection requests from the internet to your
+        <para>drop (ignore) all connection requests from the Internet to your
        firewall or local network</para>
      </listitem>
      <listitem>
        <para>optionally accept all connection requests from the firewall to
-        the internet (if you uncomment the additional policy)</para>
+        the Internet (if you uncomment the additional policy)</para>
      </listitem>
      <listitem>
@ -346,9 +346,9 @@ $FW        net         ACCEPT</programlisting>
    </orderedlist>
    <para>The word <firstterm>info</firstterm> in the LOG LEVEL column for the
-    DROP and REJECT policies indicates that packets droped or rejected under
+    DROP and REJECT policies indicates that packets dropped or rejected under
    those policies should be <ulink url="shorewall_logging.html">logged at
-    that leve</ulink>l.</para>
+    that level</ulink>.</para>
    <para>It is important to note that Shorewall policies (and rules) refer to
    <emphasis role="bold">connections</emphasis> and not packet flow. With the
@ -379,7 +379,7 @@ $FW        net         ACCEPT</programlisting>
    <para>The firewall has three network interfaces. Where Internet
    connectivity is through a cable or DSL <quote>Modem</quote>, the External
-    Interface will be the ethernet adapter that is connected to that
+    Interface will be the Ethernet adapter that is connected to that
    <quote>Modem</quote> (e.g., <filename class="devicefile">eth0</filename>)
    unless you connect via <emphasis>Point-to-Point Protocol</emphasis> over
    Ethernet (PPPoE) or <emphasis>Point-to-Point Tunneling Protocol</emphasis>
@ -424,7 +424,7 @@ root@lists:~# </programlisting>
    <varname>CLAMPMSS=yes</varname> in
    <filename>/etc/shorewall/shorewall.conf</filename>.</emphasis></para>
-    <para>Your Local Interface will be an ethernet adapter (<filename
+    <para>Your Local Interface will be an Ethernet adapter (<filename
    class="devicefile">eth0</filename>, <filename
    class="devicefile">eth1</filename> or <filename
    class="devicefile">eth2</filename>) and will be connected to a hub or
@ -432,7 +432,7 @@ root@lists:~# </programlisting>
    If you have only a single local system, you can connect the firewall
    directly to the computer using a cross-over cable).</para>
-    <para>Your DMZ Interface will also be an ethernet adapter (<filename
+    <para>Your DMZ Interface will also be an Ethernet adapter (<filename
    class="devicefile">eth0</filename>, <filename
    class="devicefile">eth1</filename> or <filename
    class="devicefile">eth2</filename>) and will be connected to a hub or
@ -604,7 +604,7 @@ root@lists:~# </programlisting>
    Routing</quote>, Thomas A. Maufer, Prentice-Hall, 1999, ISBN
    0-13-975483-0.</para>
-    <para>The remainder of this quide will assume that you have configured
+    <para>The remainder of this guide will assume that you have configured
    your network as shown here:</para>
    <figure id="Figure3">
@ -641,14 +641,14 @@ root@lists:~# </programlisting>
    <para>The addresses reserved by RFC 1918 are sometimes referred to as
    non-routable because the Internet backbone routers don't forward packets
    which have an RFC-1918 destination address. When one of your local systems
-    (let's assume local computer 1) sends a connection request to an internet
+    (let's assume local computer 1) sends a connection request to an Internet
    host, the firewall must perform Network Address Translation (NAT). The
    firewall rewrites the source address in the packet to be the address of
    the firewall's external interface; in other words, the firewall makes it
    look as if the firewall itself is initiating the connection. This is
    necessary so that the destination host will be able to route return
    packets back to the firewall (remember that packets whose destination
-    address is reserved by RFC 1918 can't be routed accross the internet).
+    address is reserved by RFC 1918 can't be routed across the Internet).
    When the firewall receives a return packet, it rewrites the destination
    address back to 10.10.10.1 and forwards the packet on to local computer
    1.</para>
@ -736,7 +736,7 @@ DNAT      net       dmz:<emphasis>&lt;server local IP address&gt;</emphasis>[:<e
    <important>
      <para>Be sure to add your rules after the line that reads <emphasis
-      role="bold">SECTON NEW.</emphasis></para>
+      role="bold">SECTION NEW.</emphasis></para>
    </important>
    <example id="Example1">
@ -975,7 +975,7 @@ ACCEPT    net       $FW                 tcp        80       </programlisting><it
    <itemizedlist>
      <listitem>
        <para><command>shorewall show log</command> (Displays the last 20
-        netfilter log messages)</para>
+        Netfilter log messages)</para>
      </listitem>
      <listitem>
--- a/docs/three-interface_ru.xml
+++ b/docs/three-interface_ru.xml
@ -185,15 +185,15 @@
        директория <filename class="directory">/etc/shorewall</filename>
        пуста. Это сделано специально. Поставляемые шаблоны файлов
        конфигурации Вы найдете на вашей системе в директории <filename
-        class="directory">/usr/share/doc/shorewall/default-config</filename>.
+        class="directory">/usr/share/doc/shorewall-common/default-config</filename>.
        Просто скопируйте нужные Вам файлы из этой директории в <filename
        class="directory">/etc/shorewall</filename> и отредактируйте
        копии.</para>
        <para>Заметьте, что Вы должны скопировать <filename
-        class="directory">/usr/share/doc/shorewall/default-config/shorewall.conf</filename>
+        class="directory">/usr/share/doc/shorewall-common/default-config/shorewall.conf</filename>
        и <filename
-        class="directory">/usr/share/doc/shorewall/default-config/modules</filename>
+        class="directory">/usr/share/doc/shorewall-common/default-config/modules</filename>
        в <filename class="directory">/etc/shorewall</filename> даже если Вы
        не будете изменять эти файлы.</para>
      </warning><inlinegraphic fileref="images/BD21298_.gif"
@ -233,7 +233,7 @@
      <listitem>
        <para>Если же Вы пользовались пакетом .deb, примеры находятся в
        директории<filename
-        class="directory">/usr/share/doc/shorewall/examples/three-interface</filename>.</para>
+        class="directory">/usr/share/doc/shorewall-common/examples/three-interface</filename>.</para>
      </listitem>
    </orderedlist>
--- a/docs/traffic_shaping.xml
+++ b/docs/traffic_shaping.xml
@ -48,7 +48,7 @@
  <important>
    <para>Traffic shaping is complex and the Shorewall community is not well
-    equiped to answer traffic shaping questions. So if you are the type of
+    equipped to answer traffic shaping questions. So if you are the type of
    person who needs "insert tab A into slot B" instructions for everything
    that you do, then please don't try to implement traffic shaping using
    Shorewall. You will just frustrate yourself and we won't be able to help
@ -92,7 +92,7 @@
    traffic shaping and control. Before this version, the support was quite
    limited. You were able to use your own tcstart script (and you still are),
    but besides the tcrules file it was not possible to define classes or
-    queueing discplines inside the Shorewall config files.</para>
+    queuing disciplines inside the Shorewall config files.</para>
    <para>The support for traffic shaping and control still does not cover all
    options available (and especially all algorithms that can be used to queue
@ -108,7 +108,7 @@
    <title>Linux traffic shaping and control</title>
    <para>This section gives a brief introduction of how controlling traffic
-    with the linux kernel works. Although this might be enough for configuring
+    with the Linux kernel works. Although this might be enough for configuring
    it in the Shorewall configuration files, we strongly recommend that you
    take a deeper look into the <ulink url="http://lartc.org/howto/">Linux
    Advanced Routing and Shaping HOWTO</ulink>. At the time of writing this,
@ -119,7 +119,7 @@
    traffic before it leaves an interface. The standard one is called pfifo
    and is (as the name suggests) of the type First In First out. This means,
    that it does not shape anything, if you have a connection that eats up all
-    your bandwidth, this qeueing algorithm will not stop it from doing
+    your bandwidth, this queuing algorithm will not stop it from doing
    so.</para>
    <para>For Shorewall traffic shaping we use two algorithms, one is called
@ -127,9 +127,9 @@
    is easy to explain: it just tries to track your connections (tcp or udp
    streams) and balances the traffic between them. This normally works well.
    HTB allows you to define a set of classes, and you can put the traffic you
-    want into these classes. You can define minimum and maximum bandwitdh
+    want into these classes. You can define minimum and maximum bandwidth
-    settings for those classes and order them hierachically (the less
+    settings for those classes and order them hierarchically (the less
-    priorized classes only get bandwitdth if the more important have what they
+    prioritized classes only get bandwidth if the more important have what they
    need). Shorewall builtin traffic shaping allows you to define these
    classes (and their bandwidth limits), and it uses SFQ inside these classes
    to make sure, that different data streams are handled equally.</para>
@ -148,7 +148,7 @@
        outgoing interface as fast as possible.</para>
        <para>There is one exception, though. Limiting incoming traffic to a
-        value a bit slower than your actual line speed will avoid queueing on
+        value a bit slower than your actual line speed will avoid queuing on
        the other end of that connection. This is mostly useful if you don't
        have access to traffic control on the other side and if this other
        side has a faster network connection than you do (the line speed
@ -160,16 +160,16 @@
        has not (but the protocol over UDP might recognize it , if there is
        any).</para>
-        <para>The reason why queing is bad in these cases is, that you might
+        <para>The reason why queuing is bad in these cases is, that you might
-        have packets which need to be priorized over others, e.g. VoIP or ssh.
+        have packets which need to be prioritized over others, e.g. VoIP or ssh.
        For this type of connections it is important that packets arrive in a
-        certain amount of time. For others like http downloads, it does not
+        certain amount of time. For others like HTTP downloads, it does not
        really matter if it takes a few seconds more.</para>
        <para>If you have a large queue on the other side and the router there
        does not care about QoS or the QoS bits are not set properly, your
        important packets will go into the same queue as your less
-        timecritical download packets which will result in a large
+        time critical download packets which will result in a large
        delay.</para>
      </blockquote></para>
@ -211,7 +211,7 @@
        <para>RATE - The minimum bandwidth this class should get, when the
        traffic load rises. Classes with a higher priority (lower PRIORITY
        value) are served even if there are others that have a guaranteed
-        bandwith but have a lower priority (higher PRIORITY value).</para>
+        bandwidth but have a lower priority (higher PRIORITY value).</para>
      </listitem>
      <listitem>
@ -338,7 +338,7 @@
    the facility. Again, please see the links at top of this article.</para>
    <para>For defining bandwidths (for either devices or classes) please use
-    kbit or kbps(for Kilobytes per second) and make sure there is <emphasis
+    kbit or kbps (for Kilobytes per second) and make sure there is <emphasis
    role="bold">NO</emphasis> space between the number and the unit (it is
    100kbit <emphasis role="bold">not</emphasis> 100 kbit). Using mbit, mbps
    or a raw number (which means bytes) could be used, but note that only
@ -414,7 +414,7 @@
        </listitem>
        <listitem>
-          <para>OUT-BANDWIDTH - Specifiy the outgoing bandwidth of that
+          <para>OUT-BANDWIDTH - Specify the outgoing bandwidth of that
          interface. This is the maximum speed your connection can handle. It
          is also the speed you can refer as "full" if you define the tc
          classes. Outgoing traffic above this rate will be dropped.</para>
@ -488,7 +488,7 @@ ppp0           6000kbit         500kbit</programlisting>
        <listitem>
          <para>MARK - The mark value which is an integer in the range 1-255.
          You define these marks in the tcrules file, marking the traffic you
-          want to go into the queueing classes defined in here. You can use
+          want to go into the queuing classes defined in here. You can use
          the same marks for different Interfaces. You must specify "-' in
          this column if the device specified in the INTERFACE column has the
          <emphasis role="bold">classify</emphasis> option in
@ -499,7 +499,7 @@ ppp0           6000kbit         500kbit</programlisting>
          <para>RATE - The minimum bandwidth this class should get, when the
          traffic load rises. Please note that first the classes which equal
          or a lesser priority value are served even if there are others that
-          have a guaranteed bandwith but a lower priority. <emphasis
+          have a guaranteed bandwidth but a lower priority. <emphasis
          role="bold">If the sum of the RATEs for all classes assigned to an
          INTERFACE exceed that interfaces's OUT-BANDWIDTH, then the
          OUT-BANDWIDTH limit will not be honored.</emphasis></para>
@ -517,7 +517,7 @@ ppp0           6000kbit         500kbit</programlisting>
        <listitem>
          <para>PRIORITY - you have to define a priority for the class.
          packets in a class with a higher priority (=lesser value) are
-          handled before less priorized onces. You can just define the mark
+          handled before less prioritized ones. You can just define the mark
          value here also, if you are increasing the mark values with lesser
          priority.</para>
        </listitem>
@ -749,7 +749,7 @@ ppp0           6000kbit         500kbit</programlisting>
          iprange match support, IP address ranges are also allowed. List
          elements may also consist of an interface name followed by ":" and
          an address (e.g., eth1:192.168.1.0/24). If the MARK column
-          specificies a classification of the form &lt;major&gt;:&lt;minor&gt;
+          specifies a classification of the form &lt;major&gt;:&lt;minor&gt;
          then this column may also contain an interface name.</para>
        </listitem>
@ -791,7 +791,7 @@ ppp0           6000kbit         500kbit</programlisting>
          <para>[!][&lt;user name or number&gt;]:[&lt;group name or
          number&gt;][+&lt;program name&gt;]</para>
-          <para>The colon is optionnal when specifying only a user.</para>
+          <para>The colon is optional when specifying only a user.</para>
          <para>Examples:</para>
@ -833,7 +833,7 @@ ppp0           6000kbit         500kbit</programlisting>
          match.</para>
          <para>You must have iptables length support for this to work. If you
-          let it empy or place an "-" here, no length match will be
+          let it empty or place an "-" here, no length match will be
          done.</para>
          <para>Examples: 1024, 64:1500, :100</para>
@ -861,7 +861,7 @@ ppp0           6000kbit         500kbit</programlisting>
        <listitem>
          <para>HELPER (Optional, added in Shorewall version 4.2.0 Beta 2).
-          Names one of the Netfiler protocol helper modules such as
+          Names one of the Netfilter protocol helper modules such as
          <emphasis>ftp</emphasis>, <emphasis>sip</emphasis>,
          <emphasis>amanda</emphasis>, etc.</para>
        </listitem>
@ -939,7 +939,7 @@ SAVE     0.0.0.0/0      0.0.0.0/0       all        -             -        -
        <para>The last four rules can be translated as:</para>
        <blockquote>
-          <para>"If a packet hasn't been classifed (packet mark is 0), copy
+          <para>"If a packet hasn't been classified (packet mark is 0), copy
          the connection mark to the packet mark. If the packet mark is set,
          we're done. If the packet is P2P, set the packet mark to 4. If the
          packet mark has been set, save it to the connection mark."</para>
@ -966,10 +966,10 @@ SAVE     0.0.0.0/0      0.0.0.0/0       all        -             -        -
    <section id="ppp">
      <title>ppp devices</title>
-      <para>If you use ppp/pppoe/pppoa) to connect to your internet provider
+      <para>If you use ppp/pppoe/pppoa) to connect to your Internet provider
      and you use traffic shaping you need to restart shorewall traffic
      shaping. The reason for this is, that if the ppp connection gets
-      restarted (and it usally does this at least daily), all
+      restarted (and it usually does this at least daily), all
      <quote>tc</quote> filters/qdiscs related to that interface are
      deleted.</para>
@ -994,7 +994,7 @@ SAVE     0.0.0.0/0      0.0.0.0/0       all        -             -        -
        url="http://www1.shorewall.net/pub/shorewall/Samples/tc4shorewall/">"http://www1.shorewall.net/pub/shorewall/Samples/tc4shorewall/</ulink>.
        Please note that they are just examples and need to be adjusted to
        work for you. In this example it is assumed that your interface for
-        you internet connection is ppp0 (for DSL), if you use another
+        your Internet connection is ppp0 (for DSL), if you use another
        connection type, you have to change it. You also need to change the
        settings in the tcdevices.wondershaper file to reflect your line
        speed. The relevant lines of the config files follow here. Please note
@ -1071,7 +1071,7 @@ NOPRIOPORTDST="6662 6663"  </programlisting>
      <section id="simiple">
        <title>A simple setup</title>
-        <para>This is a simple setup for people sharing an internet connection
+        <para>This is a simple setup for people sharing an Internet connection
        and using different computers for this. It just basically shapes
        between 2 hosts which have the ip addresses 192.168.2.23 and
        192.168.2.42</para>
@ -1167,7 +1167,7 @@ ppp0            4       90kbit          200kbit         3           default</pro
    <itemizedlist>
      <listitem>
-        <para>Traffic being forwarded from the internet</para>
+        <para>Traffic being forwarded from the Internet</para>
      </listitem>
      <listitem>
@ -1687,4 +1687,4 @@ class htb 1:120 parent 1:1 leaf 120: prio 2 quantum 1900 rate 76000bit ceil 2300
    <para>At least one Shorewall user has found this tool helpful: <ulink
    url="http://e2epi.internet2.edu/network-performance-toolkit.html">http://e2epi.internet2.edu/network-performance-toolkit.html</ulink></para>
  </section>
-</article>
+</article>
--- a/docs/troubleshoot.xml
+++ b/docs/troubleshoot.xml
@ -140,7 +140,7 @@ gateway:~/test # </programlisting>This information is useful to Shorewall
      <para>The end of the compile phase is signaled by a message such as the
      following:<programlisting>Shorewall configuration compiled to /var/lib/shorewall/.restart</programlisting>Errors
-      occuring past that point are said to occur at
+      occurring past that point are said to occur at
      <firstterm>run-time</firstterm> because they occur during the running of
      the compiled firewall script (/var/lib/shorewall/.restart in the case of
      the above message).</para>
--- a/docs/two-interface.xml
+++ b/docs/two-interface.xml
@ -164,7 +164,7 @@
        class="directory">/etc/shorewall</filename> directory is empty. This
        is intentional. The released configuration file skeletons may be found
        on your system in the directory <filename
-        class="directory">/usr/share/doc/shorewall/default-config</filename>.
+        class="directory">/usr/share/doc/shorewall-common/default-config</filename>.
        Simply copy the files you need from that directory to <filename
        class="directory">/etc/shorewall</filename> and modify the
        copies.</para>
@ -269,10 +269,10 @@ loc     ipv4</programlisting>Zones are defined in the <ulink
    first policy in <filename
    class="directory">/etc/shorewall/</filename><filename>policy</filename>
    that matches the request is applied. If there is a <ulink
-    url="shorewall_extension_scripts.htm">comon action</ulink> defined for the
+    url="shorewall_extension_scripts.htm">common action</ulink> defined for the
    policy in <filename>/etc/shorewall/actions</filename> or
    <filename>/usr/share/shorewall/actions.std</filename> then that action is
-    peformed before the action is applied. The purpose of the common action is
+    performed before the action is applied. The purpose of the common action is
    two-fold:</para>
    <itemizedlist>
@ -296,32 +296,32 @@ loc        net         ACCEPT
 net        all         DROP        info
 all        all         REJECT      info</programlisting>In the two-interface
    sample, the line below is included but commented out. If you want your
-    firewall system to have full access to servers on the internet, uncomment
+    firewall system to have full access to servers on the Internet, uncomment
    that line. <programlisting>#SOURCE    DEST        POLICY      LOG LEVEL    LIMIT:BURST
 $FW        net         ACCEPT</programlisting> The above policy will:
    <itemizedlist>
        <listitem>
          <para>Allow all connection requests from your local network to the
-          internet</para>
+          Internet</para>
        </listitem>
        <listitem>
-          <para>Drop (ignore) all connection requests from the internet to
+          <para>Drop (ignore) all connection requests from the Internet to
          your firewall or local network</para>
        </listitem>
        <listitem>
          <para>Optionally accept all connection requests from the firewall to
-          the internet (if you uncomment the additional policy)</para>
+          the Internet (if you uncomment the additional policy)</para>
        </listitem>
        <listitem>
          <para>reject all other connection requests.</para>
        </listitem>
      </itemizedlist> The word <firstterm>info</firstterm> in the LOG LEVEL
-    column for the DROP and REJECT policies indicates that packets droped or
+    column for the DROP and REJECT policies indicates that packets dropped or
    rejected under those policies should be <ulink
-    url="shorewall_logging.html">logged at that leve</ulink>l.</para>
+    url="shorewall_logging.html">logged at that level</ulink>.</para>
    <para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
@ -349,7 +349,7 @@ $FW        net         ACCEPT</programlisting> The above policy will:
    <para>The firewall has two network interfaces. Where Internet connectivity
    is through a cable or <acronym>DSL</acronym> <quote>Modem</quote>, the
-    <emphasis>External Interface</emphasis> will be the ethernet adapter that
+    <emphasis>External Interface</emphasis> will be the Ethernet adapter that
    is connected to that <quote>Modem</quote> (e.g., <filename
    class="devicefile">eth0</filename>) unless you connect via
    <emphasis>Point-to-Point Protocol</emphasis> over Ethernet
@ -395,7 +395,7 @@ root@lists:~# </programlisting>
    <varname>CLAMPMSS=yes</varname> in <filename
    class="directory">/etc/shorewall/</filename><filename>shorewall.conf</filename></emphasis>.</para>
-    <para>Your <emphasis>Internal Interface</emphasis> will be an ethernet
+    <para>Your <emphasis>Internal Interface</emphasis> will be an Ethernet
    adapter (<filename class="devicefile">eth1</filename> or <filename
    class="devicefile">eth0</filename>) and will be connected to a hub or
    switch. Your other computers will be connected to the same hub/switch
@ -565,7 +565,7 @@ root@lists:~# </programlisting>
    (<ulink
    url="http://www.phptr.com/browse/product.asp?product_id={58D4F6D4-54C5-48BA-8EDD-86EBD7A42AF6}">link</ulink>).</para>
-    <para id="Diagram">The remainder of this quide will assume that you have
+    <para id="Diagram">The remainder of this guide will assume that you have
    configured your network as shown here: <mediaobject>
        <imageobject>
          <imagedata align="center" fileref="images/basics1.png" format="PNG" />
@ -588,14 +588,14 @@ root@lists:~# </programlisting>
    don't forward packets which have an RFC-1918 destination address. When one
    of your local systems (let's assume computer 1 in the <link
    linkend="Diagram">above diagram</link>) sends a connection request to an
-    internet host, the firewall must perform <emphasis>Network Address
+    Internet host, the firewall must perform <emphasis>Network Address
    Translation</emphasis> (<acronym>NAT</acronym>). The firewall rewrites the
    source address in the packet to be the address of the firewall's external
    interface; in other words, the firewall makes it appear to the destination
-    internet host as if the firewall itself is initiating the connection. This
+    Internet host as if the firewall itself is initiating the connection. This
    is necessary so that the destination host will be able to route return
    packets back to the firewall (remember that packets whose destination
-    address is reserved by RFC 1918 can't be routed across the internet so the
+    address is reserved by RFC 1918 can't be routed across the Internet so the
    remote host can't address its response to computer 1). When the firewall
    receives a return packet, it rewrites the destination address back to
    <systemitem class="ipaddress">10.10.10.1</systemitem> and forwards the
@ -662,7 +662,7 @@ root@lists:~# </programlisting>
    <para>One of your goals may be to run one or more servers on your local
    computers. Because these computers have RFC-1918 addresses, it is not
-    possible for clients on the internet to connect directly to them. It is
+    possible for clients on the Internet to connect directly to them. It is
    rather necessary for those clients to address their connection requests to
    the firewall who rewrites the destination address to the address of your
    server and forwards the packet to that server. When your server responds,
@ -682,7 +682,7 @@ root@lists:~# </programlisting>
    <programlisting>#ACTION   SOURCE    DEST                                          PROTO      DEST PORT(S)
 DNAT      net       loc:<emphasis>&lt;server local ip address&gt;</emphasis>[:<emphasis>&lt;server port&gt;</emphasis>] <emphasis>&lt;protocol&gt;</emphasis> <emphasis>&lt;port&gt;</emphasis></programlisting><important>
        <para>Be sure to add your rules after the line that reads <emphasis
-        role="bold">SECTON NEW.</emphasis></para>
+        role="bold">SECTION NEW.</emphasis></para>
      </important><important>
        <para>The server must have a static IP address. If you assign IP
        addresses to your local system using DHCP, you need to configure your
@ -822,7 +822,7 @@ DNS/ACCEPT  $FW       net</programlisting>This rule allows
    <acronym>DNS</acronym> access from your firewall and may be removed if you
    uncommented the line in <filename
    class="directory">/etc/shorewall/</filename><filename>policy</filename>
-    allowing all connections from the firewall to the internet.</para>
+    allowing all connections from the firewall to the Internet.</para>
    <para>In the rule shown above, <quote>DNS/ACCEPT</quote> is an example of
    a <emphasis>macro invocation</emphasis>. Shorewall includes a number of
@ -863,8 +863,8 @@ Web/ACCEPT  loc       $FW       </programlisting>Those two rules would of
      </example> If you don't know what port and protocol a particular
    application uses, look <ulink url="ports.htm">here</ulink>. <important>
        <para>I don't recommend enabling <command>telnet</command> to/from the
-        internet because it uses clear text (even for login!). If you want
+        Internet because it uses clear text (even for login!). If you want
-        shell access to your firewall from the internet, use
+        shell access to your firewall from the Internet, use
        <acronym>SSH</acronym>:</para>
        <programlisting>#ACTION      SOURCE    DEST               PROTO     DEST PORT(S)
@ -1022,7 +1022,7 @@ ACCEPT     loc       $FW     tcp       80          #Allow Weblet to work</progra
    access to/from other hosts, change <filename
    class="directory">/etc/shorewall/</filename><filename>routestopped</filename>
    accordingly. <warning>
-        <para>If you are connected to your firewall from the internet, do not
+        <para>If you are connected to your firewall from the Internet, do not
        issue a <quote><command>shorewall stop</command></quote> command
        unless you have added an entry for the <acronym>IP</acronym> address
        that you are connected from to <filename
@ -1073,11 +1073,11 @@ ACCEPT     loc       $FW     tcp       80          #Allow Weblet to work</progra
    <para>Once you have the two-interface setup working, the next logical step
    is to add a Wireless Network. The first step involves adding an additional
-    network card to your firewall, either a Wireless card or an ethernet card
+    network card to your firewall, either a Wireless card or an Ethernet card
    that is connected to a Wireless Access Point.<caution>
        <para>When you add a network card, it won't necessarily be detected as
-        the next highest ethernet interface. For example, if you have two
+        the next highest Ethernet interface. For example, if you have two
-        ethernet cards in your system (<filename
+        Ethernet cards in your system (<filename
        class="devicefile">eth0</filename> and <filename
        class="devicefile">eth1</filename>) and you add a third card that uses
        the same driver as one of the other two, that third card won't
@ -1130,7 +1130,7 @@ loc       wlan0           detect             maclist</programlisting>
        url="MAC_Validation.html">maclist option</ulink> for the wireless
        segment. By adding entries for computers 3 and 4 in
        <filename>/etc/shorewall/maclist</filename>, you help ensure that your
-        neighbors aren't getting a free ride on your internet connection.
+        neighbors aren't getting a free ride on your Internet connection.
        Start by omitting that option; when you have everything working, then
        add the option and configure your
        <filename>/etc/shorewall/maclist</filename> file.</para>
@ -1139,7 +1139,7 @@ loc       wlan0           detect             maclist</programlisting>
      <listitem>
        <para>You need to add an entry to the
        <filename>/etc/shorewall/masq</filename> file to masquerade traffic
-        from the wireless network to the internet. If your internet interface
+        from the wireless network to the Internet. If your Internet interface
        is <filename class="devicefile">eth0</filename> and your wireless
        interface is <filename class="devicefile">wlan0</filename>, the entry
        would be:</para>
--- a/docs/two-interface_ru.xml
+++ b/docs/two-interface_ru.xml
@ -173,15 +173,15 @@
        директория <filename class="directory">/etc/shorewall</filename>
        пуста. Это сделано специально. Поставляемые шаблоны файлов
        конфигурации Вы найдете на вашей системе в директории <filename
-        class="directory">/usr/share/doc/shorewall/default-config</filename>.
+        class="directory">/usr/share/doc/shorewall-common/default-config</filename>.
        Просто скопируйте нужные Вам файлы из этой директории в <filename
        class="directory">/etc/shorewall</filename> и отредактируйте
        копии.</para>
        <para>Заметьте, что Вы должны скопировать <filename
-        class="directory">/usr/share/doc/shorewall/default-config/shorewall.conf</filename>
+        class="directory">/usr/share/doc/shorewall-common/default-config/shorewall.conf</filename>
        и <filename
-        class="directory">/usr/share/doc/shorewall/default-config/modules</filename>
+        class="directory">/usr/share/doc/shorewall=common/default-config/modules</filename>
        в <filename class="directory">/etc/shorewall</filename> даже если Вы
        не будете изменять эти файлы.</para>
      </warning><inlinegraphic fileref="images/BD21298_.gif"
@ -221,7 +221,7 @@
      <listitem>
        <para>Если же Вы пользовались пакетом .deb, примеры находятся в
        директории<filename
-        class="directory">/usr/share/doc/shorewall/examples/two-interface</filename>.</para>
+        class="directory">/usr/share/doc/shorewall-common/examples/two-interface</filename>.</para>
      </listitem>
    </orderedlist>
@ -1068,4 +1068,4 @@ eth0                 wlan0</programlisting>
    Вашем файерволе потребует правил, перечисленных в <ulink
    url="samba.htm">документации Shorewall/Samba</ulink>.</para>
  </section>
-</article>
+</article>
--- a/docs/upgrade_issues.xml
+++ b/docs/upgrade_issues.xml
@ -167,7 +167,7 @@ shorewall restart</command></programlisting> The RPMs are set up so that if
            <para>Insure correct operation. Default actions can also avoid
            common pitfalls like dropping connection requests on TCP port 113.
            If these connections are dropped (rather than rejected) then you
-            may encounter problems connecting to internet services that
+            may encounter problems connecting to Internet services that
            utilize the AUTH protocol of client authentication.</para>
          </listitem>
        </orderedlist>
@ -485,7 +485,7 @@ all             all             REJECT:MyReject info</programlisting>
      <listitem>
        <para>Beginning with this release, the way in which packet marking in
-        the PREROUTING chain interracts with the 'track' option in
+        the PREROUTING chain interacts with the 'track' option in
        /etc/shorewall/providers has changed in two ways:</para>
        <orderedlist numeration="loweralpha">
--- a/docs/useful_links.xml
+++ b/docs/useful_links.xml
@ -42,7 +42,7 @@
        </row>
        <row rowsep="0" valign="middle">
-          <entry align="left">NetFilter Site: <ulink
+          <entry align="left">Netfilter Site: <ulink
          url="http://www.netfilter.org/">http://www.netfilter.org/</ulink></entry>
        </row>
@ -79,7 +79,7 @@
        <row rowsep="0" valign="middle">
          <entry>Debian apt-get sources for Shorewall: <ulink
-          url="http://idea.sec.dico.unimi.it/~lorenzo/index.html#Debian">http://idea.sec.dico.unimi.it/~lorenzo/index.html#Debian</ulink></entry>
+          url="http://people.connexer.com/~roberto/debian/"></ulink>http://people.connexer.com/~roberto/debian/</entry>
        </row>
        <row rowsep="0" valign="middle">
--- a/docs/whitelisting_under_shorewall.xml
+++ b/docs/whitelisting_under_shorewall.xml
@ -42,7 +42,7 @@
    </listitem>
    <listitem>
-      <para>The local network uses <acronym>SNAT</acronym> to the internet and
+      <para>The local network uses <acronym>SNAT</acronym> to the Internet and
      is comprised of the Class B network <literal>10.10.0.0/16</literal>
      (Note: While this example uses an RFC 1918 local network, the technique
      described here in no way depends on that or on <acronym>SNAT</acronym>.
@ -90,7 +90,7 @@ dmz        ipv4</programlisting>
  <bridgehead renderas="sect4">Interfaces File</bridgehead>
-  <programlisting>#ZONE      INTERFACE        BROACAST        OPTIONS
+  <programlisting>#ZONE      INTERFACE        BROADCAST        OPTIONS
 net        eth0             &lt;whatever&gt;      ...
 dmz        eth1             &lt;whatever&gt;      ...
 -          eth2             10.10.255.255</programlisting>