More manpage updates for 4.4.13

2025-08-10 08:04:12 +02:00 · 2010-09-14 16:47:45 -07:00
parent 94cdc73ec2
commit 10a9ae496a
5 changed files with 75 additions and 33 deletions
--- a/manpages6/shorewall6-interfaces.xml
+++ b/manpages6/shorewall6-interfaces.xml
@ -120,13 +120,16 @@ loc     eth2            -</programlisting>

              <listitem>
                <para>The value may be specified when running Shorewall 4.4.13
-                or later and can have a value in the range 1-2</para>
+                or later and can have a value in the range 1-2. Specifying no
+                value is equivalent to blacklist=1.</para>

                <orderedlist>
                  <listitem>
-                    <para>Input blacklisting (default if no value given).
-                    Traffic entering this interface are passed against the
-                    entries in <ulink
+                    <para>Input blacklisting (default if no value given). This
+                    setting is intended for Internet-facing interfaces.</para>
+
+                    <para>Traffic entering this interface is passed against
+                    the entries in <ulink
                    url="shorewall6-blacklist.html">shorewall6-blacklist</ulink>(5)
                    that have the <emphasis role="bold">from</emphasis> option
                    (specified or defaulted). Traffic originating on the
@ -138,8 +141,11 @@ loc     eth2            -</programlisting>
                  </listitem>

                  <listitem>
-                    <para>Output blacklisting. Traffic entering on this
-                    interface is passed against the entries in <ulink
+                    <para>Output blacklisting. This setting is intended for
+                    internal interfaces.</para>
+
+                    <para>Traffic entering on this interface is passed against
+                    the entries in <ulink
                    url="shorewall6-blacklist.html">shorewall6-blacklist</ulink>(5)
                    that have the <emphasis role="bold">to</emphasis>
                    option.</para>
@ -382,8 +388,8 @@ dmz     eth2      -</programlisting>
    shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-maclist(5),
    shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5),
    shorewall6-route_rules(5), shorewall6-routestopped(5),
-    shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5),
-    shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5),
-    shorewall6-tunnels(5), shorewall6-zones(5)</para>
+    shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5),
+    shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),
+    shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)</para>
  </refsect1>
 </refentry>
--- a/manpages6/shorewall6-modules.xml
+++ b/manpages6/shorewall6-modules.xml
@ -18,14 +18,23 @@
    <cmdsynopsis>
      <command>/usr/share/shorewall6/modules</command>
    </cmdsynopsis>
+
+    <cmdsynopsis>
+      <command>/usr/share/shorewall6/helpers</command>
+    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

-    <para>This file specifies which kernel modules shorewall6 will load before
-    trying to determine your ip6tables/kernel's capabilities. Each record in
-    the file has the following format:</para>
+    <para>These files specify which kernel modules shorewall6 will load before
+    trying to determine your ip6tables/kernel's capabilities. The
+    <filename>modules</filename> file is used when LOAD_HELPERS_ONLY=No in
+    <ulink url="shorewall6.conf.html">shorewall6.conf</ulink>(8); the
+    <filename>helpers</filename> file is used when
+    LOAD_HELPERS_ONLY=Yes.</para>
+
+    <para>Each record in the files has the following format:</para>

    <cmdsynopsis>
      <command>loadmodule</command>
@ -45,7 +54,8 @@

    <para>The /usr/share/shorewall6/modules file contains a large number of
    modules. Users are encouraged to copy the file to /etc/shorewall6/modules
-    and modify the copy to load only the modules required.<note>
+    and modify the copy to load only the modules required or use
+    LOAD_HELPERS_ONLY=Yes.<note>
        <para>If you build monolithic kernels and have not installed
        module-init-tools, then create an empty /etc/shorewall6/modules file;
        that will prevent shorewall6 from trying to load modules at
@ -64,7 +74,11 @@

    <para>/usr/share/shorewall6/modules</para>

+    <para>/usr/share/shorewall6/helpers</para>
+
    <para>/etc/shorewall6/modules</para>
+
+    <para>/etc/shorewall6/helpers</para>
  </refsect1>

  <refsect1>
@ -74,8 +88,9 @@
    shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
    shorewall6-maclist(5), shorewall6-params(5), shorewall6-policy(5),
    shorewall6-providers(5), shorewall6-route_rules(5),
-    shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5),
-    shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),
-    shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)</para>
+    shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
+    shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),
+    shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5),
+    shorewall6-zones(5)</para>
  </refsect1>
 </refentry>