Document the -c 'dump' option

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2025-01-03 12:09:14 +01:00 · 2014-12-26 11:57:24 -08:00 · 2014-12-26 11:57:24 -08:00 · 06ef7596cd
commit 06ef7596cd
parent 227db0cfa7
4 changed files with 207 additions and 193 deletions
--- a/Shorewall-lite/manpages/shorewall-lite.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.xml
@ -116,6 +116,8 @@
      <arg><option>-l</option></arg>
      <arg><option>-m</option></arg>
      <arg><option>-c</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
@ -666,6 +668,9 @@
          <para>The <emphasis role="bold">-l</emphasis> option causes the rule
          number for each Netfilter rule to be displayed.</para>
          <para>The <option>-c</option> option causes the route cache to be
          dumped in addition to the other routing information.</para>
        </listitem>
      </varlistentry>
--- a/Shorewall/manpages/shorewall.xml
+++ b/Shorewall/manpages/shorewall.xml
@ -170,6 +170,8 @@
      <arg><option>-l</option></arg>
      <arg><option>-m</option></arg>
      <arg><option>-c</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
@ -881,8 +883,7 @@
          and causes a warning message to be issued if the line current line
          contains alternative input specifications following a semicolon
          (";"). Such lines will be handled incorrectly if INLINE_MATCHES is
-          set to Yes in
+          set to Yes in <ulink
          <ulink
          url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
        </listitem>
      </varlistentry>
@ -921,20 +922,21 @@
          compile -- -</command>) to suppress the 'Compiling...' message
          normally generated by <filename>/sbin/shorewall</filename>.</para>
-          <para>When <option>-e</option> is specified, the compilation is being
+          <para>When <option>-e</option> is specified, the compilation is
-          performed on a system other than where the compiled script will run.
+          being performed on a system other than where the compiled script
-          This option disables certain configuration options that require the
+          will run. This option disables certain configuration options that
-          script to be compiled where it is to be run. The use of <option>-e</option>
+          require the script to be compiled where it is to be run. The use of
-          requires the presence of a configuration file named <filename>capabilities</filename>
+          <option>-e</option> requires the presence of a configuration file
-          which may be produced using the command <command>shorewall-lite show -f
+          named <filename>capabilities</filename> which may be produced using
-          capabilities &gt; capabilities</command> on a system with Shorewall Lite
+          the command <command>shorewall-lite show -f capabilities &gt;
          capabilities</command> on a system with Shorewall Lite
          installed</para>
          <para>The <option>-c</option> option was added in Shorewall 4.5.17
-          and causes conditional compilation of a script. The
+          and causes conditional compilation of a script. The script specified
-          script specified by <replaceable>pathname</replaceable> (or implied
+          by <replaceable>pathname</replaceable> (or implied if <emphasis
-          if <emphasis role="bold">pathname</emphasis> is omitted) is compiled
+          role="bold">pathname</emphasis> is omitted) is compiled if it
-          if it doesn't exist or if there is any file in the
+          doesn't exist or if there is any file in the
          <replaceable>directory</replaceable> or in a directory on the
          CONFIG_PATH that has a modification time later than the file to be
          compiled. When no compilation is needed, a message is issued and an
@ -951,11 +953,11 @@
          and causes a Perl stack trace to be included with each
          compiler-generated error and warning message.</para>
-          <para>The <option>-i</option> option was added in Shorewall 4.6.0 and
+          <para>The <option>-i</option> option was added in Shorewall 4.6.0
-          causes a warning message to be issued if the line current line contains
+          and causes a warning message to be issued if the line current line
-          alternative input specifications following a semicolon (";"). Such
+          contains alternative input specifications following a semicolon
-          lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
+          (";"). Such lines will be handled incorrectly if INLINE_MATCHES is
-          <ulink
+          set to Yes in <ulink
          url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
        </listitem>
      </varlistentry>
@ -1028,6 +1030,9 @@
          <para>The <emphasis role="bold">-l</emphasis> option causes the rule
          number for each Netfilter rule to be displayed.</para>
          <para>The <option>-c</option> option causes the route cache to be
          dumped in addition to the other routing information.</para>
        </listitem>
      </varlistentry>
@ -1189,11 +1194,11 @@
          and causes a Perl stack trace to be included with each
          compiler-generated error and warning message.</para>
-          <para>The <option>-i</option> option was added in Shorewall 4.6.0 and
+          <para>The <option>-i</option> option was added in Shorewall 4.6.0
-          causes a warning message to be issued if the line current line contains
+          and causes a warning message to be issued if the line current line
-          alternative input specifications following a semicolon (";"). Such
+          contains alternative input specifications following a semicolon
-          lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
+          (";"). Such lines will be handled incorrectly if INLINE_MATCHES is
-          <ulink
+          set to Yes in <ulink
          url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
        </listitem>
      </varlistentry>
@ -1283,10 +1288,10 @@
          compiler-generated error and warning message.</para>
          <para>The <option>-i</option> option was added in Shorewall 4.6.0
-          and causes a warning message to be issued if the line current line contains
+          and causes a warning message to be issued if the line current line
-          alternative input specifications following a semicolon (";"). Such
+          contains alternative input specifications following a semicolon
-          lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
+          (";"). Such lines will be handled incorrectly if INLINE_MATCHES is
-          <ulink
+          set to Yes in <ulink
          url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
          <para>The <option>-D</option> option was added in Shorewall 4.5.3
@ -1352,10 +1357,10 @@
          compiler-generated error and warning message.</para>
          <para>The <option>-i</option> option was added in Shorewall 4.6.0
-          and causes a warning message to be issued if the line current line contains
+          and causes a warning message to be issued if the line current line
-          alternative input specifications following a semicolon (";"). Such
+          contains alternative input specifications following a semicolon
-          lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
+          (";"). Such lines will be handled incorrectly if INLINE_MATCHES is
-          <ulink
+          set to Yes in <ulink
          url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
        </listitem>
      </varlistentry>
@ -1407,10 +1412,10 @@
          compiler-generated error and warning message.</para>
          <para>The <option>-i</option> option was added in Shorewall 4.6.0
-          and causes a warning message to be issued if the line current line contains
+          and causes a warning message to be issued if the line current line
-          alternative input specifications following a semicolon (";"). Such
+          contains alternative input specifications following a semicolon
-          lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
+          (";"). Such lines will be handled incorrectly if INLINE_MATCHES is
-          <ulink
+          set to Yes in <ulink
          url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
          <para>The <option>-C</option> option was added in Shorewall 4.6.5
--- a/Shorewall6-lite/manpages/shorewall6-lite.xml
+++ b/Shorewall6-lite/manpages/shorewall6-lite.xml
@ -116,6 +116,8 @@
      <arg><option>-l</option></arg>
      <arg><option>-m</option></arg>
      <arg><option>-c</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
@ -668,6 +670,9 @@
          <para>The <option>-l</option> option causes the rule number for each
          Netfilter rule to be displayed.</para>
          <para>The <option>-c</option> option causes the route cache to be
          dumped in addition to the other routing information.</para>
        </listitem>
      </varlistentry>
--- a/Shorewall6/manpages/shorewall6.xml
+++ b/Shorewall6/manpages/shorewall6.xml
@ -163,6 +163,8 @@
      <arg><option>-l</option></arg>
      <arg><option>-m</option></arg>
      <arg><option>-c</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
@ -782,11 +784,11 @@
          <filename class="directory">/etc/shorewall6</filename> is
          assumed.</para>
-          <para>The <option>-e</option> option causes the
+          <para>The <option>-e</option> option causes the compiler to look for
-          compiler to look for a file named capabilities. This file is
+          a file named capabilities. This file is produced using the command
-          produced using the command <command>shorewall6-lite
+          <command>shorewall6-lite show -f capabilities &gt;
-          show -f capabilities &gt; capabilities</command> on a system with
+          capabilities</command> on a system with Shorewall6 Lite
-          Shorewall6 Lite installed.</para>
+          installed.</para>
          <para>The <option>-d</option> option causes the compiler to be run
          under control of the Perl debugger.</para>
@ -804,10 +806,10 @@
          compiler-generated error and warning message.</para>
          <para>The <option>-i</option> option was added in Shorewall 4.6.0
-          and causes a warning message to be issued if the line current line contains
+          and causes a warning message to be issued if the line current line
-          alternative input specifications following a semicolon (";"). Such
+          contains alternative input specifications following a semicolon
-          lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
+          (";"). Such lines will be handled incorrectly if INLINE_MATCHES is
-          <ulink
+          set to Yes in <ulink
          url="/manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para>
        </listitem>
      </varlistentry>
@ -840,20 +842,20 @@
          normally generated by <filename>/sbin/shorewall6</filename>.</para>
          <para>When <option>-e</option> is specified, the compilation is
-          being performed on a system other than where the compiled script will
+          being performed on a system other than where the compiled script
-          run. This option disables certain configuration options that require
+          will run. This option disables certain configuration options that
-          the script to be compiled where it is to be run. The use of
+          require the script to be compiled where it is to be run. The use of
-          <option>-e</option> requires the presence of a configuration file named
+          <option>-e</option> requires the presence of a configuration file
-          <filename>capabilities</filename> which may be produced using the
+          named <filename>capabilities</filename> which may be produced using
-          command <command>shorewall6-lite show -f capabilities &gt;
+          the command <command>shorewall6-lite show -f capabilities &gt;
          capabilities</command> on a system with Shorewall6 Lite
          installed.</para>
-          <para>The <option>-c</option> option was added in
+          <para>The <option>-c</option> option was added in Shorewall 4.5.17
-          Shorewall 4.5.17 and causes conditional compilation of a script. The
+          and causes conditional compilation of a script. The script specified
-          script specified by <replaceable>pathname</replaceable> (or implied
+          by <replaceable>pathname</replaceable> (or implied if <emphasis
-          if <emphasis role="bold">pathname</emphasis> is omitted) is compiled
+          role="bold">pathname</emphasis> is omitted) is compiled if it
-          if it doesn't exist or if there is any file in the
+          doesn't exist or if there is any file in the
          <replaceable>directory</replaceable> or in a directory on the
          CONFIG_PATH that has a modification time later than the file to be
          compiled. When no compilation is needed, a message is issued and an
@ -871,10 +873,10 @@
          compiler-generated error and warning message.</para>
          <para>The <option>-i</option> option was added in Shorewall 4.6.0
-          and causes a warning message to be issued if the line current line contains
+          and causes a warning message to be issued if the line current line
-          alternative input specifications following a semicolon (";"). Such
+          contains alternative input specifications following a semicolon
-          lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
+          (";"). Such lines will be handled incorrectly if INLINE_MATCHES is
-          <ulink
+          set to Yes in <ulink
          url="/manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para>
        </listitem>
      </varlistentry>
@ -939,15 +941,18 @@
          <para>Produces a verbose report about the firewall configuration for
          the purpose of problem analysis.</para>
-          <para>The <option>-x</option> option causes actual
+          <para>The <option>-x</option> option causes actual packet and byte
-          packet and byte counts to be displayed. Without that option, these
+          counts to be displayed. Without that option, these counts are
-          counts are abbreviated.</para>
+          abbreviated.</para>
          <para>The <option>-m</option> option causes any MAC addresses
          included in Shorewall6 log messages to be displayed.</para>
-          <para>The <option>-l</option> option causes the rule
+          <para>The <option>-l</option> option causes the rule number for each
-          number for each Netfilter rule to be displayed.</para>
+          Netfilter rule to be displayed.</para>
          <para>The <option>-c</option> option causes the route cache to be
          dumped in addition to the other routing information.</para>
        </listitem>
      </varlistentry>
@ -1002,8 +1007,8 @@
        <listitem>
          <para>Deletes <filename>/var/lib/shorewall6/<replaceable>filename
          </replaceable></filename> and <filename>/var/lib/shorewall6/save
-          </filename>. If no <emphasis>filename</emphasis> is
+          </filename>. If no <emphasis>filename</emphasis> is given then the
-          given then the file specified by RESTOREFILE in <ulink
+          file specified by RESTOREFILE in <ulink
          url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) is
          assumed.</para>
        </listitem>
@ -1062,15 +1067,15 @@
          Shorewall6 Lite on <replaceable>system</replaceable> is started via
          ssh.</para>
-          <para>If <option>-s</option> is specified and the
+          <para>If <option>-s</option> is specified and the <emphasis
-          <emphasis role="bold">start</emphasis> command succeeds, then the
+          role="bold">start</emphasis> command succeeds, then the remote
-          remote Shorewall6-lite configuration is saved by executing
+          Shorewall6-lite configuration is saved by executing
          <command>shorewall6-lite save</command> via ssh.</para>
-          <para>if <option>-c</option> is included, the
+          <para>if <option>-c</option> is included, the command
-          command <command>shorewall6-lite show capabilities -f
+          <command>shorewall6-lite show capabilities -f &gt;
-          &gt; /var/lib/shorewall6-lite/capabilities</command> is executed
+          /var/lib/shorewall6-lite/capabilities</command> is executed via ssh
-          via ssh then the generated file is copied to
+          then the generated file is copied to
          <replaceable>directory</replaceable> using scp. This step is
          performed before the configuration is compiled.</para>
@ -1083,10 +1088,10 @@
          compiler-generated error and warning message.</para>
          <para>The <option>-i</option> option was added in Shorewall 4.6.0
-          and causes a warning message to be issued if the line current line contains
+          and causes a warning message to be issued if the line current line
-          alternative input specifications following a semicolon (";"). Such
+          contains alternative input specifications following a semicolon
-          lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
+          (";"). Such lines will be handled incorrectly if INLINE_MATCHES is
-          <ulink
+          set to Yes in <ulink
          url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
        </listitem>
      </varlistentry>
@ -1111,14 +1116,13 @@
          <ulink
          url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) and
          produces an audible alarm when new Shorewall6 messages are logged.
-          The <option>-m</option> option causes the MAC
+          The <option>-m</option> option causes the MAC address of each packet
-          address of each packet source to be displayed if that information is
+          source to be displayed if that information is available. The
-          available. The <replaceable>refresh-interval</replaceable> specifies
+          <replaceable>refresh-interval</replaceable> specifies the time in
-          the time in seconds between screen refreshes. You can enter a
+          seconds between screen refreshes. You can enter a negative number by
-          negative number by preceding the number with "--" (e.g.,
+          preceding the number with "--" (e.g., <command>shorewall6 logwatch
-          <command>shorewall6 logwatch -- -30</command>). In this case, when a
+          -- -30</command>). In this case, when a packet count changes, you
-          packet count changes, you will be prompted to hit any key to resume
+          will be prompted to hit any key to resume screen refreshes.</para>
          screen refreshes.</para>
        </listitem>
      </varlistentry>
@ -1156,10 +1160,10 @@
          <command>refresh</command> only recreates the chains specified in
          the command while <command>restart</command> recreates the entire
          Netfilter ruleset.When no chain name is given to the
-          <command>refresh</command> command, the mangle table is
+          <command>refresh</command> command, the mangle table is refreshed
-          refreshed along with the blacklist chain (if any). This allows you
+          along with the blacklist chain (if any). This allows you to modify
-          to modify <filename>/etc/shorewall6/tcrules</filename>and install
+          <filename>/etc/shorewall6/tcrules</filename>and install the changes
-          the changes using <command>refresh</command>.</para>
+          using <command>refresh</command>.</para>
          <para>The listed chains are assumed to be in the filter table. You
          can refresh chains in other tables by prefixing the chain name with
@ -1179,10 +1183,10 @@
          compiler-generated error and warning message.</para>
          <para>The <option>-i</option> option was added in Shorewall 4.6.0
-          and causes a warning message to be issued if the line current line contains
+          and causes a warning message to be issued if the line current line
-          alternative input specifications following a semicolon (";"). Such
+          contains alternative input specifications following a semicolon
-          lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
+          (";"). Such lines will be handled incorrectly if INLINE_MATCHES is
-          <ulink
+          set to Yes in <ulink
          url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
          <para>The -<option>D</option> option was added in Shorewall 4.5.3
@ -1192,6 +1196,7 @@
          <example>
            <title>Refresh the 'net-fw' chain in the filter table and the
            'net_dnat' chain in the nat table</title>
            <programlisting><command>shorewall6 refresh net-fw nat:net_dnat
            </command></programlisting>
          </example>
@ -1225,16 +1230,16 @@
          ssh.</para>
          <para>If <option>-s</option> is specified and the
-          <command>restart</command> command succeeds, then the
+          <command>restart</command> command succeeds, then the remote
-          remote Shorewall6-lite configuration is saved by executing
+          Shorewall6-lite configuration is saved by executing
          <command>shorewall6-lite save</command> via ssh.</para>
-          <para>if <option>-c</option> is included, the
+          <para>if <option>-c</option> is included, the command
-          command <command>shorewall6-lite show capabilities -f
+          <command>shorewall6-lite show capabilities -f &gt;
-          &gt; /var/lib/shorewall6-lite/capabilities</command> is executed
+          /var/lib/shorewall6-lite/capabilities</command> is executed via ssh
-          via ssh then the generated file is copied to
+          then the generated file is copied to <emphasis>directory</emphasis>
-          <emphasis>directory</emphasis> using scp. This step is performed
+          using scp. This step is performed before the configuration is
-          before the configuration is compiled.</para>
+          compiled.</para>
          <para>If <option>-r</option> is included, it specifies that the root
          user on <replaceable>system</replaceable> is named
@ -1245,10 +1250,10 @@
          compiler-generated error and warning message.</para>
          <para>The <option>-i</option> option was added in Shorewall 4.6.0
-          and causes a warning message to be issued if the line current line contains
+          and causes a warning message to be issued if the line current line
-          alternative input specifications following a semicolon (";"). Such
+          contains alternative input specifications following a semicolon
-          lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
+          (";"). Such lines will be handled incorrectly if INLINE_MATCHES is
-          <ulink
+          set to Yes in <ulink
          url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
        </listitem>
      </varlistentry>
@ -1269,9 +1274,9 @@
        <term><emphasis role="bold">restart</emphasis></term>
        <listitem>
-          <para>Restart is similar to <command>shorewall6
+          <para>Restart is similar to <command>shorewall6 start</command>
-          start</command> except that it assumes that the firewall is already
+          except that it assumes that the firewall is already started.
-          started. Existing connections are maintained. If a
+          Existing connections are maintained. If a
          <emphasis>directory</emphasis> is included in the command,
          Shorewall6 will look in that <emphasis>directory</emphasis> first
          for configuration files.</para>
@ -1289,8 +1294,8 @@
          <para>The <option>-f</option> option suppresses the compilation step
          and simply reused the compiled script which last started/restarted
          Shorewall, provided that <filename class="directory">/etc/shorewall6
-          </filename> and its contents have not
+          </filename> and its contents have not been modified since the last
-          been modified since the last start/restart.</para>
+          start/restart.</para>
          <para>The <option>-c</option> option was added in Shorewall 4.4.20
          and performs the compilation step unconditionally, overriding the
@ -1304,10 +1309,10 @@
          compiler-generated error and warning message.</para>
          <para>The <option>-i</option> option was added in Shorewall 4.6.0
-          and causes a warning message to be issued if the line current line contains
+          and causes a warning message to be issued if the line current line
-          alternative input specifications following a semicolon (";"). Such
+          contains alternative input specifications following a semicolon
-          lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
+          (";"). Such lines will be handled incorrectly if INLINE_MATCHES is
-          <ulink
+          set to Yes in <ulink
          url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
          <para>The <option>-C</option> option was added in Shorewall 4.6.5
@ -1325,11 +1330,11 @@
        <listitem>
          <para>Restore Shorewall6 to a state saved using the
-          <command>shorewall6 save</command> command. Existing connections
+          <command>shorewall6 save</command> command. Existing connections are
-          are maintained. The <emphasis>filename</emphasis> names a restore
+          maintained. The <emphasis>filename</emphasis> names a restore file
-          file in <filename class="directory">/var/lib/shorewall6</filename>
+          in <filename class="directory">/var/lib/shorewall6</filename>
-          created using <command>shorewall6 save</command>;
+          created using <command>shorewall6 save</command>; if no
-          if no <emphasis>filename</emphasis> is given then Shorewall6 will be
+          <emphasis>filename</emphasis> is given then Shorewall6 will be
          restored from the file specified by the RESTOREFILE option in <ulink
          url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
@ -1343,8 +1348,8 @@
          <para>The <option>-C</option> option was added in Shorewall 4.6.5.
          If the <option>-C</option> option was specified during
-          <command>shorewall6 save</command>, then the counters saved by
+          <command>shorewall6 save</command>, then the counters saved by that
-          that operation will be restored.</para>
+          operation will be restored.</para>
        </listitem>
      </varlistentry>
@ -1365,8 +1370,7 @@
          <para>If there are files in the CONFIG_PATH that were modified after
          the current firewall script was generated, the following warning
-          message is issued before the script's run command is
+          message is issued before the script's run command is executed:
          executed:
          <screen>WARNING: /var/lib/shorewall6/firewall is not up to
          date</screen></para>
        </listitem>
@ -1378,15 +1382,15 @@
        <listitem>
          <para>Only allowed if Shorewall6 is running. The current
          configuration is saved in <filename>/var/lib/shorewall6/safe-restart
-          </filename> (see the <emphasis role="bold">save</emphasis>
+          </filename> (see the <emphasis role="bold">save</emphasis> command
-          command below) then a <command>shorewall6 restart</command> is
+          below) then a <command>shorewall6 restart</command> is done. You
-          done. You will then be prompted asking if you
+          will then be prompted asking if you want to accept the new
-          want to accept the new configuration or not. If you answer "n" or if
+          configuration or not. If you answer "n" or if you fail to answer
-          you fail to answer within 60 seconds (such as when your new
+          within 60 seconds (such as when your new configuration has disabled
-          configuration has disabled communication with your terminal), the
+          communication with your terminal), the configuration is restored
-          configuration is restored from the saved configuration. If a
+          from the saved configuration. If a directory is given, then
-          directory is given, then Shorewall6 will look in that directory
+          Shorewall6 will look in that directory first when opening
-          first when opening configuration files.</para>
+          configuration files.</para>
          <para>Beginning with Shorewall 4.5.0, you may specify a different
          <replaceable>timeout</replaceable> value using the
@ -1425,8 +1429,8 @@
        <listitem>
          <para>The dynamic blacklist is stored in <filename>
-          /var/lib/shorewall6/save</filename>.
+          /var/lib/shorewall6/save</filename>. The state of the firewall is
-          The state of the firewall is stored in <filename>
+          stored in <filename>
          /var/lib/shorewall6/<replaceable>filename</replaceable></filename>
          for use by the <command>shorewall6 restore</command> and <command>
          shorewall6 -f start</command> commands. If <emphasis>filename
@ -1463,10 +1467,10 @@
              <listitem>
                <para>Added in Shorewall 4.6.2. Displays the dynamic chain
                along with any chains produced by entries in
-                shorewall-blrules(5).The <option>-x</option>
+                shorewall-blrules(5).The <option>-x</option> option is passed
-                option is passed directly through to ip6tables and causes
+                directly through to ip6tables and causes actual packet and
-                actual packet and byte counts to be displayed. Without this
+                byte counts to be displayed. Without this option, those counts
-                option, those counts are abbreviated.</para>
+                are abbreviated.</para>
              </listitem>
            </varlistentry>
@ -1475,9 +1479,9 @@
              <listitem>
                <para>Displays your kernel/ip6tables capabilities. The
-                <option>-f</option> option causes the display
+                <option>-f</option> option causes the display to be formatted
-                to be formatted as a capabilities file for use with
+                as a capabilities file for use with <command>shorewall6
-                <command>shorewall6 compile -e</command>.</para>
+                compile -e</command>.</para>
              </listitem>
            </varlistentry>
@ -1487,32 +1491,29 @@
              <listitem>
                <para>The rules in each <emphasis>chain</emphasis> are
-                displayed using the <command>ip6tables
+                displayed using the <command>ip6tables -L</command>
-                -L</command> <emphasis>chain</emphasis> <emphasis
+                <emphasis>chain</emphasis> <emphasis role="bold">-n
-                role="bold">-n -v</emphasis> command. If no
+                -v</emphasis> command. If no <emphasis>chain</emphasis> is
-                <emphasis>chain</emphasis> is given, all of the chains in the
+                given, all of the chains in the filter table are displayed.
-                filter table are displayed. The <option>-x</option> option is
+                The <option>-x</option> option is passed directly through to
-                passed directly through to ip6tables and causes actual packet
+                ip6tables and causes actual packet and byte counts to be
-                and byte counts to be displayed. Without this option, those
+                displayed. Without this option, those counts are abbreviated.
-                counts are abbreviated.
+                The <option>-t</option> option specifies the Netfilter table
-                The <option>-t</option> option specifies the
+                to display. The default is <emphasis
                Netfilter table to display. The default is <emphasis
                role="bold">filter</emphasis>.</para>
-                <para>The <option>-b</option> ('brief') option
+                <para>The <option>-b</option> ('brief') option causes rules
-                causes rules which have not been used (i.e. which have zero
+                which have not been used (i.e. which have zero packet and byte
-                packet and byte counts) to be omitted from the output. Chains
+                counts) to be omitted from the output. Chains with no rules
-                with no rules displayed are also omitted from the
+                displayed are also omitted from the output.</para>
                output.</para>
-                <para>The <option>-l</option> option causes
+                <para>The <option>-l</option> option causes the rule number
-                the rule number for each Netfilter rule to be
+                for each Netfilter rule to be displayed.</para>
                displayed.</para>
-                <para>If the <option>-t</option> option and
+                <para>If the <option>-t</option> option and the
-                the <option>chain</option> keyword are both omitted and any of
+                <option>chain</option> keyword are both omitted and any of the
-                the listed <replaceable>chain</replaceable>s do not exist, a
+                listed <replaceable>chain</replaceable>s do not exist, a usage
-                usage message is displayed.</para>
+                message is displayed.</para>
              </listitem>
            </varlistentry>
@ -1577,9 +1578,9 @@
                <para>Displays the last 20 Shorewall6 messages from the log
                file specified by the LOGFILE option in <ulink
                url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).
-                The <option>-m</option> option causes the MAC
+                The <option>-m</option> option causes the MAC address of each
-                address of each packet source to be displayed if that
+                packet source to be displayed if that information is
-                information is available.</para>
+                available.</para>
              </listitem>
            </varlistentry>
@ -1597,11 +1598,11 @@
              <listitem>
                <para>Displays the Netfilter mangle table using the command
-                <command>ip6tables -t mangle -L -n
+                <command>ip6tables -t mangle -L -n -v</command>.The
-                -v</command>.The <option>-x</option> option
+                <option>-x</option> option is passed directly through to
-                is passed directly through to ip6tables and causes actual
+                ip6tables and causes actual packet and byte counts to be
-                packet and byte counts to be displayed. Without this option,
+                displayed. Without this option, those counts are
-                those counts are abbreviated.</para>
+                abbreviated.</para>
              </listitem>
            </varlistentry>
@ -1665,24 +1666,22 @@
          only if they are allowed by the firewall rules or policies. If a
          <replaceable>directory</replaceable> is included in the command,
          Shorewall6 will look in that <emphasis>directory</emphasis> first
-          for configuration files. If <option>-f</option> is
+          for configuration files. If <option>-f</option> is specified, the
-          specified, the saved configuration specified by the RESTOREFILE
+          saved configuration specified by the RESTOREFILE option in <ulink
          option in <ulink
          url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)
          will be restored if that saved configuration exists and has been
          modified more recently than the files in <filename
          class="directory">/etc/shorewall6</filename>. When <option>-f
-          </option> is given, a <replaceable>directory</replaceable> may
+          </option> is given, a <replaceable>directory</replaceable> may not
-          not be specified.</para>
+          be specified.</para>
          <para>Update: In Shorewall6 4.4.20, a new LEGACY_FASTSTART option
          was added to <ulink
          url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).
          When LEGACY_FASTSTART=No, the modification times of files in
-          <filename class="directory">/etc/shorewall6</filename> are
+          <filename class="directory">/etc/shorewall6</filename> are compared
-          compared with that of <filename>/var/lib/shorewall6/firewall
+          with that of <filename>/var/lib/shorewall6/firewall </filename> (the
-          </filename> (the compiled script that last started/restarted the
+          compiled script that last started/restarted the firewall).</para>
          firewall).</para>
          <para>The <option>-n</option> option causes Shorewall6 to avoid
          updating the routing table(s).</para>
@ -1699,18 +1698,18 @@
          compiler-generated error and warning message.</para>
          <para>The <option>-i</option> option was added in Shorewall 4.6.0
-          and causes a warning message to be issued if the line current line contains
+          and causes a warning message to be issued if the line current line
-          alternative input specifications following a semicolon (";"). Such
+          contains alternative input specifications following a semicolon
-          lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
+          (";"). Such lines will be handled incorrectly if INLINE_MATCHES is
-          <ulink
+          set to Yes in <ulink
          url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
          <para>The <option>-C</option> option was added in Shorewall 4.6.5
          and is only meaningful when the <option>-f</option> option is also
          specified. If the previously-saved configuration is restored, and if
          the <option>-C</option> option was also specified in the
-          <command>save</command> command, then the packet and byte
+          <command>save</command> command, then the packet and byte counters
-          counters will be restored along with the chains and rules.</para>
+          will be restored along with the chains and rules.</para>
        </listitem>
      </varlistentry>
@ -1761,9 +1760,9 @@
          state. If an error occurs during the <emphasis role="bold">restart
          </emphasis> phase, then a <command>shorewall6 restore</command> is
          performed using the saved configuration. If an error occurs during
-          the <emphasis role="bold">start</emphasis> phase, then Shorewall6
+          the <emphasis role="bold">start</emphasis> phase, then Shorewall6 is
-          is cleared. If the <emphasis role="bold">start</emphasis>/
+          cleared. If the <emphasis role="bold">start</emphasis>/ <emphasis
-          <emphasis role="bold">restart</emphasis> succeeds and a
+          role="bold">restart</emphasis> succeeds and a
          <replaceable>timeout</replaceable> is specified then a <emphasis
          role="bold">clear</emphasis> or <emphasis role="bold">restore
          </emphasis> is performed after <replaceable>timeout</replaceable>
@ -1815,10 +1814,10 @@
          directory.</para>
          <para>The <option>-i</option> option was added in Shorewall 4.6.0
-          and causes a warning message to be issued if the line current line contains
+          and causes a warning message to be issued if the line current line
-          alternative input specifications following a semicolon (";"). Such
+          contains alternative input specifications following a semicolon
-          lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
+          (";"). Such lines will be handled incorrectly if INLINE_MATCHES is
-          <ulink
+          set to Yes in <ulink
          url="/manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para>
          <para>The <option>-t</option> option was added in Shorewall 4.6.0.