extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-21 22:01:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Document the -c 'dump' option

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2014-12-26 11:57:24 -08:00
parent 227db0cfa7
commit 06ef7596cd
4 changed files with 207 additions and 193 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Shorewall-lite/manpages/shorewall-lite.xml
View File

@ -116,6 +116,8 @@
<arg><option>-l</option></arg>
<arg><option>-m</option></arg>
<arg><option>-c</option></arg>
</cmdsynopsis>
<cmdsynopsis>
@ -666,6 +668,9 @@
<para>The <emphasis role="bold">-l</emphasis> option causes the rule
number for each Netfilter rule to be displayed.</para>
<para>The <option>-c</option> option causes the route cache to be
dumped in addition to the other routing information.</para>
</listitem>
</varlistentry>

75
Shorewall/manpages/shorewall.xml
View File

@ -170,6 +170,8 @@
<arg><option>-l</option></arg>
<arg><option>-m</option></arg>
<arg><option>-c</option></arg>
</cmdsynopsis>
<cmdsynopsis>
@ -881,8 +883,7 @@
and causes a warning message to be issued if the line current line
contains alternative input specifications following a semicolon
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
set to Yes in
<ulink
set to Yes in <ulink
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</listitem>
</varlistentry>
@ -921,20 +922,21 @@
compile -- -</command>) to suppress the 'Compiling...' message
normally generated by <filename>/sbin/shorewall</filename>.</para>
<para>When <option>-e</option> is specified, the compilation is being
performed on a system other than where the compiled script will run.
This option disables certain configuration options that require the
script to be compiled where it is to be run. The use of <option>-e</option>
requires the presence of a configuration file named <filename>capabilities</filename>
which may be produced using the command <command>shorewall-lite show -f
capabilities &gt; capabilities</command> on a system with Shorewall Lite
<para>When <option>-e</option> is specified, the compilation is
being performed on a system other than where the compiled script
will run. This option disables certain configuration options that
require the script to be compiled where it is to be run. The use of
<option>-e</option> requires the presence of a configuration file
named <filename>capabilities</filename> which may be produced using
the command <command>shorewall-lite show -f capabilities &gt;
capabilities</command> on a system with Shorewall Lite
installed</para>
<para>The <option>-c</option> option was added in Shorewall 4.5.17
and causes conditional compilation of a script. The
script specified by <replaceable>pathname</replaceable> (or implied
if <emphasis role="bold">pathname</emphasis> is omitted) is compiled
if it doesn't exist or if there is any file in the
and causes conditional compilation of a script. The script specified
by <replaceable>pathname</replaceable> (or implied if <emphasis
role="bold">pathname</emphasis> is omitted) is compiled if it
doesn't exist or if there is any file in the
<replaceable>directory</replaceable> or in a directory on the
CONFIG_PATH that has a modification time later than the file to be
compiled. When no compilation is needed, a message is issued and an
@ -951,11 +953,11 @@
and causes a Perl stack trace to be included with each
compiler-generated error and warning message.</para>
<para>The <option>-i</option> option was added in Shorewall 4.6.0 and
causes a warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink
<para>The <option>-i</option> option was added in Shorewall 4.6.0
and causes a warning message to be issued if the line current line
contains alternative input specifications following a semicolon
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
set to Yes in <ulink
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</listitem>
</varlistentry>
@ -1028,6 +1030,9 @@
<para>The <emphasis role="bold">-l</emphasis> option causes the rule
number for each Netfilter rule to be displayed.</para>
<para>The <option>-c</option> option causes the route cache to be
dumped in addition to the other routing information.</para>
</listitem>
</varlistentry>
@ -1189,11 +1194,11 @@
and causes a Perl stack trace to be included with each
compiler-generated error and warning message.</para>
<para>The <option>-i</option> option was added in Shorewall 4.6.0 and
causes a warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink
<para>The <option>-i</option> option was added in Shorewall 4.6.0
and causes a warning message to be issued if the line current line
contains alternative input specifications following a semicolon
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
set to Yes in <ulink
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</listitem>
</varlistentry>
@ -1283,10 +1288,10 @@
compiler-generated error and warning message.</para>
<para>The <option>-i</option> option was added in Shorewall 4.6.0
and causes a warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink
and causes a warning message to be issued if the line current line
contains alternative input specifications following a semicolon
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
set to Yes in <ulink
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
<para>The <option>-D</option> option was added in Shorewall 4.5.3
@ -1352,10 +1357,10 @@
compiler-generated error and warning message.</para>
<para>The <option>-i</option> option was added in Shorewall 4.6.0
and causes a warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink
and causes a warning message to be issued if the line current line
contains alternative input specifications following a semicolon
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
set to Yes in <ulink
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</listitem>
</varlistentry>
@ -1407,10 +1412,10 @@
compiler-generated error and warning message.</para>
<para>The <option>-i</option> option was added in Shorewall 4.6.0
and causes a warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink
and causes a warning message to be issued if the line current line
contains alternative input specifications following a semicolon
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
set to Yes in <ulink
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
<para>The <option>-C</option> option was added in Shorewall 4.6.5

5
Shorewall6-lite/manpages/shorewall6-lite.xml
View File

@ -116,6 +116,8 @@
<arg><option>-l</option></arg>
<arg><option>-m</option></arg>
<arg><option>-c</option></arg>
</cmdsynopsis>
<cmdsynopsis>
@ -668,6 +670,9 @@
<para>The <option>-l</option> option causes the rule number for each
Netfilter rule to be displayed.</para>
<para>The <option>-c</option> option causes the route cache to be
dumped in addition to the other routing information.</para>
</listitem>
</varlistentry>

315
Shorewall6/manpages/shorewall6.xml
View File

@ -163,6 +163,8 @@
<arg><option>-l</option></arg>
<arg><option>-m</option></arg>
<arg><option>-c</option></arg>
</cmdsynopsis>
<cmdsynopsis>
@ -782,11 +784,11 @@
<filename class="directory">/etc/shorewall6</filename> is
assumed.</para>
<para>The <option>-e</option> option causes the
compiler to look for a file named capabilities. This file is
produced using the command <command>shorewall6-lite
show -f capabilities &gt; capabilities</command> on a system with
Shorewall6 Lite installed.</para>
<para>The <option>-e</option> option causes the compiler to look for
a file named capabilities. This file is produced using the command
<command>shorewall6-lite show -f capabilities &gt;
capabilities</command> on a system with Shorewall6 Lite
installed.</para>
<para>The <option>-d</option> option causes the compiler to be run
under control of the Perl debugger.</para>
@ -804,10 +806,10 @@
compiler-generated error and warning message.</para>
<para>The <option>-i</option> option was added in Shorewall 4.6.0
and causes a warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink
and causes a warning message to be issued if the line current line
contains alternative input specifications following a semicolon
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
set to Yes in <ulink
url="/manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para>
</listitem>
</varlistentry>
@ -840,20 +842,20 @@
normally generated by <filename>/sbin/shorewall6</filename>.</para>
<para>When <option>-e</option> is specified, the compilation is
being performed on a system other than where the compiled script will
run. This option disables certain configuration options that require
the script to be compiled where it is to be run. The use of
<option>-e</option> requires the presence of a configuration file named
<filename>capabilities</filename> which may be produced using the
command <command>shorewall6-lite show -f capabilities &gt;
being performed on a system other than where the compiled script
will run. This option disables certain configuration options that
require the script to be compiled where it is to be run. The use of
<option>-e</option> requires the presence of a configuration file
named <filename>capabilities</filename> which may be produced using
the command <command>shorewall6-lite show -f capabilities &gt;
capabilities</command> on a system with Shorewall6 Lite
installed.</para>
<para>The <option>-c</option> option was added in
Shorewall 4.5.17 and causes conditional compilation of a script. The
script specified by <replaceable>pathname</replaceable> (or implied
if <emphasis role="bold">pathname</emphasis> is omitted) is compiled
if it doesn't exist or if there is any file in the
<para>The <option>-c</option> option was added in Shorewall 4.5.17
and causes conditional compilation of a script. The script specified
by <replaceable>pathname</replaceable> (or implied if <emphasis
role="bold">pathname</emphasis> is omitted) is compiled if it
doesn't exist or if there is any file in the
<replaceable>directory</replaceable> or in a directory on the
CONFIG_PATH that has a modification time later than the file to be
compiled. When no compilation is needed, a message is issued and an
@ -871,10 +873,10 @@
compiler-generated error and warning message.</para>
<para>The <option>-i</option> option was added in Shorewall 4.6.0
and causes a warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink
and causes a warning message to be issued if the line current line
contains alternative input specifications following a semicolon
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
set to Yes in <ulink
url="/manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para>
</listitem>
</varlistentry>
@ -939,15 +941,18 @@
<para>Produces a verbose report about the firewall configuration for
the purpose of problem analysis.</para>
<para>The <option>-x</option> option causes actual
packet and byte counts to be displayed. Without that option, these
counts are abbreviated.</para>
<para>The <option>-x</option> option causes actual packet and byte
counts to be displayed. Without that option, these counts are
abbreviated.</para>
<para>The <option>-m</option> option causes any MAC addresses
included in Shorewall6 log messages to be displayed.</para>
<para>The <option>-l</option> option causes the rule
number for each Netfilter rule to be displayed.</para>
<para>The <option>-l</option> option causes the rule number for each
Netfilter rule to be displayed.</para>
<para>The <option>-c</option> option causes the route cache to be
dumped in addition to the other routing information.</para>
</listitem>
</varlistentry>
@ -1002,8 +1007,8 @@
<listitem>
<para>Deletes <filename>/var/lib/shorewall6/<replaceable>filename
</replaceable></filename> and <filename>/var/lib/shorewall6/save
</filename>. If no <emphasis>filename</emphasis> is
given then the file specified by RESTOREFILE in <ulink
</filename>. If no <emphasis>filename</emphasis> is given then the
file specified by RESTOREFILE in <ulink
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) is
assumed.</para>
</listitem>
@ -1062,15 +1067,15 @@
Shorewall6 Lite on <replaceable>system</replaceable> is started via
ssh.</para>
<para>If <option>-s</option> is specified and the
<emphasis role="bold">start</emphasis> command succeeds, then the
remote Shorewall6-lite configuration is saved by executing
<para>If <option>-s</option> is specified and the <emphasis
role="bold">start</emphasis> command succeeds, then the remote
Shorewall6-lite configuration is saved by executing
<command>shorewall6-lite save</command> via ssh.</para>
<para>if <option>-c</option> is included, the
command <command>shorewall6-lite show capabilities -f
&gt; /var/lib/shorewall6-lite/capabilities</command> is executed
via ssh then the generated file is copied to
<para>if <option>-c</option> is included, the command
<command>shorewall6-lite show capabilities -f &gt;
/var/lib/shorewall6-lite/capabilities</command> is executed via ssh
then the generated file is copied to
<replaceable>directory</replaceable> using scp. This step is
performed before the configuration is compiled.</para>
@ -1083,10 +1088,10 @@
compiler-generated error and warning message.</para>
<para>The <option>-i</option> option was added in Shorewall 4.6.0
and causes a warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink
and causes a warning message to be issued if the line current line
contains alternative input specifications following a semicolon
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
set to Yes in <ulink
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
</listitem>
</varlistentry>
@ -1111,14 +1116,13 @@
<ulink
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) and
produces an audible alarm when new Shorewall6 messages are logged.
The <option>-m</option> option causes the MAC
address of each packet source to be displayed if that information is
available. The <replaceable>refresh-interval</replaceable> specifies
the time in seconds between screen refreshes. You can enter a
negative number by preceding the number with "--" (e.g.,
<command>shorewall6 logwatch -- -30</command>). In this case, when a
packet count changes, you will be prompted to hit any key to resume
screen refreshes.</para>
The <option>-m</option> option causes the MAC address of each packet
source to be displayed if that information is available. The
<replaceable>refresh-interval</replaceable> specifies the time in
seconds between screen refreshes. You can enter a negative number by
preceding the number with "--" (e.g., <command>shorewall6 logwatch
-- -30</command>). In this case, when a packet count changes, you
will be prompted to hit any key to resume screen refreshes.</para>
</listitem>
</varlistentry>
@ -1156,10 +1160,10 @@
<command>refresh</command> only recreates the chains specified in
the command while <command>restart</command> recreates the entire
Netfilter ruleset.When no chain name is given to the
<command>refresh</command> command, the mangle table is
refreshed along with the blacklist chain (if any). This allows you
to modify <filename>/etc/shorewall6/tcrules</filename>and install
the changes using <command>refresh</command>.</para>
<command>refresh</command> command, the mangle table is refreshed
along with the blacklist chain (if any). This allows you to modify
<filename>/etc/shorewall6/tcrules</filename>and install the changes
using <command>refresh</command>.</para>
<para>The listed chains are assumed to be in the filter table. You
can refresh chains in other tables by prefixing the chain name with
@ -1179,10 +1183,10 @@
compiler-generated error and warning message.</para>
<para>The <option>-i</option> option was added in Shorewall 4.6.0
and causes a warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink
and causes a warning message to be issued if the line current line
contains alternative input specifications following a semicolon
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
set to Yes in <ulink
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
<para>The -<option>D</option> option was added in Shorewall 4.5.3
@ -1192,6 +1196,7 @@
<example>
<title>Refresh the 'net-fw' chain in the filter table and the
'net_dnat' chain in the nat table</title>
<programlisting><command>shorewall6 refresh net-fw nat:net_dnat
</command></programlisting>
</example>
@ -1225,16 +1230,16 @@
ssh.</para>
<para>If <option>-s</option> is specified and the
<command>restart</command> command succeeds, then the
remote Shorewall6-lite configuration is saved by executing
<command>restart</command> command succeeds, then the remote
Shorewall6-lite configuration is saved by executing
<command>shorewall6-lite save</command> via ssh.</para>
<para>if <option>-c</option> is included, the
command <command>shorewall6-lite show capabilities -f
&gt; /var/lib/shorewall6-lite/capabilities</command> is executed
via ssh then the generated file is copied to
<emphasis>directory</emphasis> using scp. This step is performed
before the configuration is compiled.</para>
<para>if <option>-c</option> is included, the command
<command>shorewall6-lite show capabilities -f &gt;
/var/lib/shorewall6-lite/capabilities</command> is executed via ssh
then the generated file is copied to <emphasis>directory</emphasis>
using scp. This step is performed before the configuration is
compiled.</para>
<para>If <option>-r</option> is included, it specifies that the root
user on <replaceable>system</replaceable> is named
@ -1245,10 +1250,10 @@
compiler-generated error and warning message.</para>
<para>The <option>-i</option> option was added in Shorewall 4.6.0
and causes a warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink
and causes a warning message to be issued if the line current line
contains alternative input specifications following a semicolon
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
set to Yes in <ulink
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
</listitem>
</varlistentry>
@ -1269,9 +1274,9 @@
<term><emphasis role="bold">restart</emphasis></term>
<listitem>
<para>Restart is similar to <command>shorewall6
start</command> except that it assumes that the firewall is already
started. Existing connections are maintained. If a
<para>Restart is similar to <command>shorewall6 start</command>
except that it assumes that the firewall is already started.
Existing connections are maintained. If a
<emphasis>directory</emphasis> is included in the command,
Shorewall6 will look in that <emphasis>directory</emphasis> first
for configuration files.</para>
@ -1289,8 +1294,8 @@
<para>The <option>-f</option> option suppresses the compilation step
and simply reused the compiled script which last started/restarted
Shorewall, provided that <filename class="directory">/etc/shorewall6
</filename> and its contents have not
been modified since the last start/restart.</para>
</filename> and its contents have not been modified since the last
start/restart.</para>
<para>The <option>-c</option> option was added in Shorewall 4.4.20
and performs the compilation step unconditionally, overriding the
@ -1304,10 +1309,10 @@
compiler-generated error and warning message.</para>
<para>The <option>-i</option> option was added in Shorewall 4.6.0
and causes a warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink
and causes a warning message to be issued if the line current line
contains alternative input specifications following a semicolon
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
set to Yes in <ulink
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
<para>The <option>-C</option> option was added in Shorewall 4.6.5
@ -1325,11 +1330,11 @@
<listitem>
<para>Restore Shorewall6 to a state saved using the
<command>shorewall6 save</command> command. Existing connections
are maintained. The <emphasis>filename</emphasis> names a restore
file in <filename class="directory">/var/lib/shorewall6</filename>
created using <command>shorewall6 save</command>;
if no <emphasis>filename</emphasis> is given then Shorewall6 will be
<command>shorewall6 save</command> command. Existing connections are
maintained. The <emphasis>filename</emphasis> names a restore file
in <filename class="directory">/var/lib/shorewall6</filename>
created using <command>shorewall6 save</command>; if no
<emphasis>filename</emphasis> is given then Shorewall6 will be
restored from the file specified by the RESTOREFILE option in <ulink
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
@ -1343,8 +1348,8 @@
<para>The <option>-C</option> option was added in Shorewall 4.6.5.
If the <option>-C</option> option was specified during
<command>shorewall6 save</command>, then the counters saved by
that operation will be restored.</para>
<command>shorewall6 save</command>, then the counters saved by that
operation will be restored.</para>
</listitem>
</varlistentry>
@ -1365,8 +1370,7 @@
<para>If there are files in the CONFIG_PATH that were modified after
the current firewall script was generated, the following warning
message is issued before the script's run command is
executed:
message is issued before the script's run command is executed:
<screen>WARNING: /var/lib/shorewall6/firewall is not up to
date</screen></para>
</listitem>
@ -1378,15 +1382,15 @@
<listitem>
<para>Only allowed if Shorewall6 is running. The current
configuration is saved in <filename>/var/lib/shorewall6/safe-restart
</filename> (see the <emphasis role="bold">save</emphasis>
command below) then a <command>shorewall6 restart</command> is
done. You will then be prompted asking if you
want to accept the new configuration or not. If you answer "n" or if
you fail to answer within 60 seconds (such as when your new
configuration has disabled communication with your terminal), the
configuration is restored from the saved configuration. If a
directory is given, then Shorewall6 will look in that directory
first when opening configuration files.</para>
</filename> (see the <emphasis role="bold">save</emphasis> command
below) then a <command>shorewall6 restart</command> is done. You
will then be prompted asking if you want to accept the new
configuration or not. If you answer "n" or if you fail to answer
within 60 seconds (such as when your new configuration has disabled
communication with your terminal), the configuration is restored
from the saved configuration. If a directory is given, then
Shorewall6 will look in that directory first when opening
configuration files.</para>
<para>Beginning with Shorewall 4.5.0, you may specify a different
<replaceable>timeout</replaceable> value using the
@ -1425,8 +1429,8 @@
<listitem>
<para>The dynamic blacklist is stored in <filename>
/var/lib/shorewall6/save</filename>.
The state of the firewall is stored in <filename>
/var/lib/shorewall6/save</filename>. The state of the firewall is
stored in <filename>
/var/lib/shorewall6/<replaceable>filename</replaceable></filename>
for use by the <command>shorewall6 restore</command> and <command>
shorewall6 -f start</command> commands. If <emphasis>filename
@ -1463,10 +1467,10 @@
<listitem>
<para>Added in Shorewall 4.6.2. Displays the dynamic chain
along with any chains produced by entries in
shorewall-blrules(5).The <option>-x</option>
option is passed directly through to ip6tables and causes
actual packet and byte counts to be displayed. Without this
option, those counts are abbreviated.</para>
shorewall-blrules(5).The <option>-x</option> option is passed
directly through to ip6tables and causes actual packet and
byte counts to be displayed. Without this option, those counts
are abbreviated.</para>
</listitem>
</varlistentry>
@ -1475,9 +1479,9 @@
<listitem>
<para>Displays your kernel/ip6tables capabilities. The
<option>-f</option> option causes the display
to be formatted as a capabilities file for use with
<command>shorewall6 compile -e</command>.</para>
<option>-f</option> option causes the display to be formatted
as a capabilities file for use with <command>shorewall6
compile -e</command>.</para>
</listitem>
</varlistentry>
@ -1487,32 +1491,29 @@
<listitem>
<para>The rules in each <emphasis>chain</emphasis> are
displayed using the <command>ip6tables
-L</command> <emphasis>chain</emphasis> <emphasis
role="bold">-n -v</emphasis> command. If no
<emphasis>chain</emphasis> is given, all of the chains in the
filter table are displayed. The <option>-x</option> option is
passed directly through to ip6tables and causes actual packet
and byte counts to be displayed. Without this option, those
counts are abbreviated.
The <option>-t</option> option specifies the
Netfilter table to display. The default is <emphasis
displayed using the <command>ip6tables -L</command>
<emphasis>chain</emphasis> <emphasis role="bold">-n
-v</emphasis> command. If no <emphasis>chain</emphasis> is
given, all of the chains in the filter table are displayed.
The <option>-x</option> option is passed directly through to
ip6tables and causes actual packet and byte counts to be
displayed. Without this option, those counts are abbreviated.
The <option>-t</option> option specifies the Netfilter table
to display. The default is <emphasis
role="bold">filter</emphasis>.</para>
<para>The <option>-b</option> ('brief') option
causes rules which have not been used (i.e. which have zero
packet and byte counts) to be omitted from the output. Chains
with no rules displayed are also omitted from the
output.</para>
<para>The <option>-b</option> ('brief') option causes rules
which have not been used (i.e. which have zero packet and byte
counts) to be omitted from the output. Chains with no rules
displayed are also omitted from the output.</para>
<para>The <option>-l</option> option causes
the rule number for each Netfilter rule to be
displayed.</para>
<para>The <option>-l</option> option causes the rule number
for each Netfilter rule to be displayed.</para>
<para>If the <option>-t</option> option and
the <option>chain</option> keyword are both omitted and any of
the listed <replaceable>chain</replaceable>s do not exist, a
usage message is displayed.</para>
<para>If the <option>-t</option> option and the
<option>chain</option> keyword are both omitted and any of the
listed <replaceable>chain</replaceable>s do not exist, a usage
message is displayed.</para>
</listitem>
</varlistentry>
@ -1577,9 +1578,9 @@
<para>Displays the last 20 Shorewall6 messages from the log
file specified by the LOGFILE option in <ulink
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).
The <option>-m</option> option causes the MAC
address of each packet source to be displayed if that
information is available.</para>
The <option>-m</option> option causes the MAC address of each
packet source to be displayed if that information is
available.</para>
</listitem>
</varlistentry>
@ -1597,11 +1598,11 @@
<listitem>
<para>Displays the Netfilter mangle table using the command
<command>ip6tables -t mangle -L -n
-v</command>.The <option>-x</option> option
is passed directly through to ip6tables and causes actual
packet and byte counts to be displayed. Without this option,
those counts are abbreviated.</para>
<command>ip6tables -t mangle -L -n -v</command>.The
<option>-x</option> option is passed directly through to
ip6tables and causes actual packet and byte counts to be
displayed. Without this option, those counts are
abbreviated.</para>
</listitem>
</varlistentry>
@ -1665,24 +1666,22 @@
only if they are allowed by the firewall rules or policies. If a
<replaceable>directory</replaceable> is included in the command,
Shorewall6 will look in that <emphasis>directory</emphasis> first
for configuration files. If <option>-f</option> is
specified, the saved configuration specified by the RESTOREFILE
option in <ulink
for configuration files. If <option>-f</option> is specified, the
saved configuration specified by the RESTOREFILE option in <ulink
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)
will be restored if that saved configuration exists and has been
modified more recently than the files in <filename
class="directory">/etc/shorewall6</filename>. When <option>-f
</option> is given, a <replaceable>directory</replaceable> may
not be specified.</para>
</option> is given, a <replaceable>directory</replaceable> may not
be specified.</para>
<para>Update: In Shorewall6 4.4.20, a new LEGACY_FASTSTART option
was added to <ulink
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).
When LEGACY_FASTSTART=No, the modification times of files in
<filename class="directory">/etc/shorewall6</filename> are
compared with that of <filename>/var/lib/shorewall6/firewall
</filename> (the compiled script that last started/restarted the
firewall).</para>
<filename class="directory">/etc/shorewall6</filename> are compared
with that of <filename>/var/lib/shorewall6/firewall </filename> (the
compiled script that last started/restarted the firewall).</para>
<para>The <option>-n</option> option causes Shorewall6 to avoid
updating the routing table(s).</para>
@ -1699,18 +1698,18 @@
compiler-generated error and warning message.</para>
<para>The <option>-i</option> option was added in Shorewall 4.6.0
and causes a warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink
and causes a warning message to be issued if the line current line
contains alternative input specifications following a semicolon
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
set to Yes in <ulink
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
<para>The <option>-C</option> option was added in Shorewall 4.6.5
and is only meaningful when the <option>-f</option> option is also
specified. If the previously-saved configuration is restored, and if
the <option>-C</option> option was also specified in the
<command>save</command> command, then the packet and byte
counters will be restored along with the chains and rules.</para>
<command>save</command> command, then the packet and byte counters
will be restored along with the chains and rules.</para>
</listitem>
</varlistentry>
@ -1761,9 +1760,9 @@
state. If an error occurs during the <emphasis role="bold">restart
</emphasis> phase, then a <command>shorewall6 restore</command> is
performed using the saved configuration. If an error occurs during
the <emphasis role="bold">start</emphasis> phase, then Shorewall6
is cleared. If the <emphasis role="bold">start</emphasis>/
<emphasis role="bold">restart</emphasis> succeeds and a
the <emphasis role="bold">start</emphasis> phase, then Shorewall6 is
cleared. If the <emphasis role="bold">start</emphasis>/ <emphasis
role="bold">restart</emphasis> succeeds and a
<replaceable>timeout</replaceable> is specified then a <emphasis
role="bold">clear</emphasis> or <emphasis role="bold">restore
</emphasis> is performed after <replaceable>timeout</replaceable>
@ -1815,10 +1814,10 @@
directory.</para>
<para>The <option>-i</option> option was added in Shorewall 4.6.0
and causes a warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink
and causes a warning message to be issued if the line current line
contains alternative input specifications following a semicolon
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
set to Yes in <ulink
url="/manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para>
<para>The <option>-t</option> option was added in Shorewall 4.6.0.