Add links from config files to associated man pages

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4966 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/accounting

@@ -1,7 +1,7 @@
 #
 # Shorewall version 3.3 - Accounting File
 #
-# The columns in this file are described in /etc/shorewall/Documentation.
+# For information about this file, type "man shorewall-accounting"
 #
 # Please see http://shorewall.net/Accounting.html for examples and
 # additional information about how to use this file.

Shorewall/actions

@@ -3,19 +3,7 @@
 #
 # /etc/shorewall/actions
 #
-#	This file allows you to define new ACTIONS for use in rules
-#	(/etc/shorewall/rules). You define the iptables rules to
-#	be performed in an ACTION in
-#	/etc/shorewall/action.<action-name>.
-#
-#	ACTION names should begin with an upper-case letter to
-#	distinguish them from Shorewall-generated chain names and
-#	they must meet the requirements of a Netfilter chain. If
-#	you intend to log from the action then the name must be
-#	no longer than 11 character in length. Names must also
-#	meet the requirements for a Bourne Shell identifier (must
-#	begin with a letter and be composed of letters, digits and
-#	underscore characters).
+# For information about this file, type "man shorewall-actions"
 #
 # Please see http://shorewall.net/Actions.html for additional information.
 #

Shorewall/blacklist

@@ -1,7 +1,7 @@
 #
 # Shorewall version 3.3 - Blacklist File
 #
-# The columns in this file are described in /etc/shorewall/Documentation.
+# For information about this file, type "man shorewall-blacklist"
 #
 # Please see http://shorewall.net/blacklisting_support.htm for additional
 # information.

Shorewall/compiler

@@ -839,13 +839,13 @@ setup_ecn() # $1 = file name
 
 	    for interface in $interfaces; do
 		chain=$(ecn_chain $interface)
-		    if havemanglechain $chain; then
-			flushmangle $chain
-		    else
-			createmanglechain $chain
-			run_iptables -t mangle -A POSTROUTING -p tcp -o $interface -j $chain
-			run_iptables -t mangle -A OUTPUT      -p tcp -o $interface -j $chain
-		    fi
+		if havemanglechain $chain; then
+		    flushmangle $chain
+		else
+		    createmanglechain $chain
+		    run_iptables -t mangle -A POSTROUTING -p tcp -o $interface -j $chain
+		    run_iptables -t mangle -A OUTPUT      -p tcp -o $interface -j $chain
+		fi
 	    done
 
 	    for host in $hosts; do

Shorewall/ecn

@@ -1,7 +1,7 @@
 #
 # Shorewall version 3.3 - Ecn File
 #
-# The columns in this file are described in /etc/shorewall/Documentation.
+# For information about this file, type "man shorewall-ecn"
 #
 # For additional information, see http://shorewall.net/Documentation.htm#ECN
 #

Shorewall/hosts

@@ -1,7 +1,7 @@
 #
 # Shorewall version 3.3 - Hosts file
 #
-# The columns in this file are described in /etc/shorewall/Documentation.
+# For information about this file, type "man shorewall-hosts"
 #
 # For additional information, see http://shorewall.net/Documentation.htm#Hosts
 #

Shorewall/interfaces

@@ -1,7 +1,7 @@
 #
 # Shorewall version 3.3 - Interfaces File
 #
-# The columns in this file are described in /etc/shorewall/Documentation.
+# For information on file, type "man shorewall-interfaces"
 #
 # For additional information, see
 # http://shorewall.net/Documentation.htm#Interfaces

Shorewall/maclist

@@ -1,7 +1,7 @@
 #
 # Shorewall version 3.3 - Maclist file
 #
-# The columns in this file are described in /etc/shorewall/Documentation.
+# For information about this file, type "man shorewall-maclist"
 #
 # For additional information, see http://shorewall.net/MAC_Validation.html
 #

Shorewall/masq

@@ -1,7 +1,7 @@
 #
 # Shorewall version 3.3 - Masq file
 #
-# The columns in this file are described in /etc/shorewall/Documentation.
+# For information about this file, type "man shorewall-masq"
 #
 # For additional information, see http://shorewall.net/Documentation.htm#Masq
 #

Shorewall/nat

@@ -1,7 +1,7 @@
 #
 # Shorewall version 3.3 - Nat File
 #
-# The columns in this file are described in /etc/shorewall/Documentation.
+# For information about this file, type "man shorewall-nat"
 #
 # For additional information, see http://shorewall.net/NAT.htm
 #

Shorewall/netmap

@@ -1,7 +1,7 @@
 #
 # Shorewall version 3.3	 - Netmap File
 #
-# The columns in this file are described in /etc/shorewall/Documentation.
+# For information about this file, type "man shorewall-netmap"
 #
 # See http://shorewall.net/netmap.html for an example and usage
 # information.

Shorewall/policy

@@ -1,7 +1,7 @@
 #
 # Shorewall version 3.3 - Policy File
 #
-# The columns in this file are described in /etc/shorewall/Documentation.
+# For information about this file, type "man shorewall-policy"
 #
 # See http://shorewall.net/Documentation.htm#Policy for additional information.
 #

Shorewall/providers

@@ -1,7 +1,7 @@
 #
 # Shorewall version 3.3 - Providers File
 #
-# The columns in this file are described in /etc/shorewall/Documentation.
+# For information about this file, type "man shorewall-providers"
 #
 # For additional information, see http://shorewall.net/MultiISP.html
 #

Shorewall/proxyarp

@@ -1,7 +1,7 @@
 #
 # Shorewall version  3.3 - Proxyarp File
 #
-# The columns in this file are described in /etc/shorewall/Documentation.
+# For information about this file, type "man shorewall-proxyarp"
 #
 # See http://shorewall.net/ProxyARP.htm for additional information.
 #

Shorewall/route_rules

@@ -1,6 +1,8 @@
 #
 # Shorewall version 3.3 - route_rules File
 #
+# For information about this file, type "man shorewall-route_rules"
+#
 # For additional information, see http://www.shorewall.net/MultiISP.html
 ##############################################################################
 #SOURCE			DEST			PROVIDER	PRIORITY

Shorewall/routestopped

@@ -1,7 +1,7 @@
 #
 # Shorewall version 3.3 - Routestopped File
 #
-# The columns in this file are described in /etc/shorewall/Documentation.
+# For information about this file, type "man shorewall-routestopped"
 #
 # See http://shorewall.net/Documentation.htm#Routestopped and
 # http://shorewall.net/starting_and_stopping_shorewall.htm for additional

Shorewall/rules

@@ -1,7 +1,7 @@
 #
 # Shorewall version 3.3 - Rules File
 #
-# The columns in this file are described in /etc/shorewall/Documentation.
+# For information on the settings in this file, type "man shorewall-rules"
 #
 # See http://shorewall.net/Documentation.htm#Rules for additional information.
 #

Shorewall/shorewall.conf

@@ -7,6 +7,8 @@
 #  This file should be placed in /etc/shorewall
 #
 #  (c) 1999,2000,2001,2002,2003,2004,2005 - Tom Eastep (teastep@shorewall.net)
+#
+#  For information about the settings in this file, type "man shorewall.conf"
 ###############################################################################
 #		       S T A R T U P   E N A B L E D
 ###############################################################################

Shorewall/shorewall.spec

@@ -226,6 +226,7 @@ fi
 %attr(0444,root,root) %{_mandir}/man5/shorewall-actions.5.gz
 %attr(0444,root,root) %{_mandir}/man5/shorewall-blacklist.5.gz
 %attr(0444,root,root) %{_mandir}/man5/shorewall.conf.5.gz
+%attr(0444,root,root) %{_mandir}/man5/shorewall-ecn.5.gz
 %attr(0444,root,root) %{_mandir}/man5/shorewall-hosts.5.gz
 %attr(0444,root,root) %{_mandir}/man5/shorewall-interfaces.5.gz
 %attr(0444,root,root) %{_mandir}/man5/shorewall-maclist.5.gz

Shorewall/tcclasses

@@ -1,7 +1,7 @@
 #
 # Shorewall version 3.3 - Tcclasses File
 #
-# The columns in this file are described in /etc/shorewall/Documentation.
+# For information about this file, type "man shorewall-tcclasses"
 #
 # See http://shorewall.net/traffic_shaping.htm for additional information.
 #

Shorewall/tcdevices

@@ -1,7 +1,7 @@
 #
 # Shorewall version 3.3 - Tcdevices File
 #
-# The columns in this file are described in /etc/shorewall/Documentation.
+# For information about this file, type "man shorewall-tcdevices"
 #
 # See http://shorewall.net/traffic_shaping.htm for additional information.
 #

Shorewall/tcrules

@@ -1,7 +1,7 @@
 #
 # Shorewall version 3.3 - Tcrules File
 #
-# The columns in this file are described in /etc/shorewall/Documentation.
+# For information about this file, type "man shorewall-tcrules"
 #
 # See http://shorewall.net/traffic_shaping.htm for additional information.
 # For usage in selecting among multiple ISPs, see

Shorewall/tos

@@ -1,6 +1,8 @@
 #
 # Shorewall version 3.3 - Tos File
 #
+# For information about this file, type "man shorewall-tos"
+#
 ###############################################################################
 #SOURCE		DEST		PROTOCOL	SOURCE	DEST	TOS
 #						PORTS	PORTS

Shorewall/tunnels

@@ -1,6 +1,8 @@
 #
 # Shorewall version 3.3 - Tunnels File
 #
+# For information about this file, type "man shorewall-tunnels"
+#
 # See http://shorewall.net/Documentation.htm#Tunnels for additional
 # information.
 #

Shorewall/zones

@@ -1,6 +1,8 @@
 #
 # Shorewall version 3.3 - Zones File
 #
+# For information about this file, type "man shorewall-zones"
+#
 # For more information, see http://www.shorewall.net/Documentation.htm#Zones
 #
 ###############################################################################

manpages/shorewall-ecn.xml

@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<refentry>
+  <refmeta>
+    <refentrytitle>shorewall-ecn</refentrytitle>
+
+    <manvolnum>5</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>ecn</refname>
+
+    <refpurpose>Shorewall ECN file</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>/etc/shorewall/ecn</command>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para>Use this file to list the destinations for which you want to disable
+    ECN.</para>
+
+    <para>The columns in the file are as follows.</para>
+
+    <variablelist>
+      <varlistentry>
+        <term><emphasis role="bold">INTERFACE</emphasis></term>
+
+        <listitem>
+          <para>Interface through which host(s) communicate with the
+          firewall</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><emphasis role="bold">HOST(S)</emphasis> (Optional)</term>
+
+        <listitem>
+          <para> Comma-separated list of host and/or network addresses. If
+          left empty or supplied as "-", 0.0.0.0/0 is assumed. If your kernel
+          and iptables include iprange match support then IP address ranges
+          are also permitted.</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1>
+    <title>FILES</title>
+
+    <para>/etc/shorewall/ecn</para>
+  </refsect1>
+
+  <refsect1>
+    <title>See ALSO</title>
+
+    <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
+    shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
+    shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
+    shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
+    shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
+    shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5),
+    shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
+    shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
+    shorewall-zones(5)</para>
+  </refsect1>
+</refentry>

manpages/shorewall.conf.xml

@@ -187,9 +187,12 @@
         <listitem>
           <para>This parameter determines whether Shorewall automatically adds
           the SNAT ADDRESS in /etc/shorewall/masq. If the variable is set to
-          “Yes” or “yes” then Shorewall automatically adds these addresses. If
-          it is set to “No” or “no”, you must add these addresses yourself
-          using your distribution's network configuration tools.</para>
+          <emphasis role="bold">Yes</emphasis> or <emphasis
+          role="bold">yes</emphasis> then Shorewall automatically adds these
+          addresses. If it is set to <emphasis role="bold">No</emphasis> or
+          <emphasis role="bold">no</emphasis>, you must add these addresses
+          yourself using your distribution's network configuration
+          tools.</para>
 
           <para>If this variable is not set or is given an empty value
           (ADD_SNAT_ALIASES="") then ADD_SNAT_ALIASES=No is assumed.</para>
@@ -253,7 +256,8 @@
         role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
 
         <listitem>
-          <para>When set to Yes or yes, enables Shorewall Bridging
+          <para>When set to <emphasis role="bold">Yes</emphasis> or <emphasis
+          role="bold">yes</emphasis>, enables Shorewall Bridging
           support.</para>
         </listitem>
       </varlistentry>
@@ -289,15 +293,16 @@
         role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
 
         <listitem>
-          <para>If this option is set to “No” then Shorewall won't clear the
-          current traffic control rules during [re]start. This setting is
-          intended for use by people that prefer to configure traffic shaping
-          when the network interfaces come up rather than when the firewall is
-          started. If that is what you want to do, set TC_ENABLED=Yes and
-          CLEAR_TC=No and do not supply an /etc/shorewall/tcstart file. That
-          way, your traffic shaping rules can still use the “fwmark”
-          classifier based on packet marking defined in shorewall-tcrules(5).
-          If not specified, CLEAR_TC=Yes is assumed.</para>
+          <para>If this option is set to <emphasis role="bold">No</emphasis>
+          then Shorewall won't clear the current traffic control rules during
+          [re]start. This setting is intended for use by people that prefer to
+          configure traffic shaping when the network interfaces come up rather
+          than when the firewall is started. If that is what you want to do,
+          set TC_ENABLED=Yes and CLEAR_TC=No and do not supply an
+          /etc/shorewall/tcstart file. That way, your traffic shaping rules
+          can still use the “fwmark” classifier based on packet marking
+          defined in shorewall-tcrules(5). If not specified, CLEAR_TC=Yes is
+          assumed.</para>
         </listitem>
       </varlistentry>
 
@@ -341,13 +346,14 @@
 
         <listitem>
           <para>Users with a large static black list (shorewall-blacklist(5))
-          may want to set the DELAYBLACKLISTLOAD option to Yes. When
-          DELAYBLACKLISTLOAD=Yes, Shorewall will enable new connections before
-          loading the blacklist rules. While this may allow connections from
-          blacklisted hosts to slip by during construction of the blacklist,
-          it can substantially reduce the time that all new connections are
-          disabled during <emphasis role="bold">shorewall</emphasis>
-          [<emphasis role="bold">re</emphasis>]<emphasis
+          may want to set the DELAYBLACKLISTLOAD option to <emphasis
+          role="bold">Yes</emphasis>. When DELAYBLACKLISTLOAD=Yes, Shorewall
+          will enable new connections before loading the blacklist rules.
+          While this may allow connections from blacklisted hosts to slip by
+          during construction of the blacklist, it can substantially reduce
+          the time that all new connections are disabled during <emphasis
+          role="bold">shorewall</emphasis> [<emphasis
+          role="bold">re</emphasis>]<emphasis
           role="bold">start</emphasis>.</para>
         </listitem>
       </varlistentry>
@@ -446,8 +452,9 @@
         role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
 
         <listitem>
-          <para>When this option is set to "Yes", it causes subzones to be
-          treated differently with respect to policies.</para>
+          <para>When this option is set to <emphasis
+          role="bold">Yes</emphasis>, it causes subzones to be treated
+          differently with respect to policies.</para>
 
           <para>Subzones are defined by following their name with ":" and a
           list of parent zones (in /etc/shorewall/zones). Normally, you want