Add links from config files to associated man pages

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4966 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-08-16 19:56:48 +02:00 · 2006-11-21 18:45:12 +00:00
parent 81c2847db6
commit 118c3f166a
27 changed files with 136 additions and 59 deletions
--- a/manpages/shorewall-ecn.xml
+++ b/manpages/shorewall-ecn.xml
@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<refentry>
+  <refmeta>
+    <refentrytitle>shorewall-ecn</refentrytitle>
+
+    <manvolnum>5</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>ecn</refname>
+
+    <refpurpose>Shorewall ECN file</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>/etc/shorewall/ecn</command>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para>Use this file to list the destinations for which you want to disable
+    ECN.</para>
+
+    <para>The columns in the file are as follows.</para>
+
+    <variablelist>
+      <varlistentry>
+        <term><emphasis role="bold">INTERFACE</emphasis></term>
+
+        <listitem>
+          <para>Interface through which host(s) communicate with the
+          firewall</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><emphasis role="bold">HOST(S)</emphasis> (Optional)</term>
+
+        <listitem>
+          <para> Comma-separated list of host and/or network addresses. If
+          left empty or supplied as "-", 0.0.0.0/0 is assumed. If your kernel
+          and iptables include iprange match support then IP address ranges
+          are also permitted.</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1>
+    <title>FILES</title>
+
+    <para>/etc/shorewall/ecn</para>
+  </refsect1>
+
+  <refsect1>
+    <title>See ALSO</title>
+
+    <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
+    shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
+    shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
+    shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
+    shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
+    shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5),
+    shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
+    shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
+    shorewall-zones(5)</para>
+  </refsect1>
+</refentry>
--- a/manpages/shorewall.conf.xml
+++ b/manpages/shorewall.conf.xml
@ -187,9 +187,12 @@
        <listitem>
          <para>This parameter determines whether Shorewall automatically adds
          the SNAT ADDRESS in /etc/shorewall/masq. If the variable is set to
-          “Yes” or “yes” then Shorewall automatically adds these addresses. If
-          it is set to “No” or “no”, you must add these addresses yourself
-          using your distribution's network configuration tools.</para>
+          <emphasis role="bold">Yes</emphasis> or <emphasis
+          role="bold">yes</emphasis> then Shorewall automatically adds these
+          addresses. If it is set to <emphasis role="bold">No</emphasis> or
+          <emphasis role="bold">no</emphasis>, you must add these addresses
+          yourself using your distribution's network configuration
+          tools.</para>

          <para>If this variable is not set or is given an empty value
          (ADD_SNAT_ALIASES="") then ADD_SNAT_ALIASES=No is assumed.</para>
@ -253,7 +256,8 @@
        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>

        <listitem>
-          <para>When set to Yes or yes, enables Shorewall Bridging
+          <para>When set to <emphasis role="bold">Yes</emphasis> or <emphasis
+          role="bold">yes</emphasis>, enables Shorewall Bridging
          support.</para>
        </listitem>
      </varlistentry>
@ -289,15 +293,16 @@
        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>

        <listitem>
-          <para>If this option is set to “No” then Shorewall won't clear the
-          current traffic control rules during [re]start. This setting is
-          intended for use by people that prefer to configure traffic shaping
-          when the network interfaces come up rather than when the firewall is
-          started. If that is what you want to do, set TC_ENABLED=Yes and
-          CLEAR_TC=No and do not supply an /etc/shorewall/tcstart file. That
-          way, your traffic shaping rules can still use the “fwmark”
-          classifier based on packet marking defined in shorewall-tcrules(5).
-          If not specified, CLEAR_TC=Yes is assumed.</para>
+          <para>If this option is set to <emphasis role="bold">No</emphasis>
+          then Shorewall won't clear the current traffic control rules during
+          [re]start. This setting is intended for use by people that prefer to
+          configure traffic shaping when the network interfaces come up rather
+          than when the firewall is started. If that is what you want to do,
+          set TC_ENABLED=Yes and CLEAR_TC=No and do not supply an
+          /etc/shorewall/tcstart file. That way, your traffic shaping rules
+          can still use the “fwmark” classifier based on packet marking
+          defined in shorewall-tcrules(5). If not specified, CLEAR_TC=Yes is
+          assumed.</para>
        </listitem>
      </varlistentry>

@ -341,13 +346,14 @@

        <listitem>
          <para>Users with a large static black list (shorewall-blacklist(5))
-          may want to set the DELAYBLACKLISTLOAD option to Yes. When
-          DELAYBLACKLISTLOAD=Yes, Shorewall will enable new connections before
-          loading the blacklist rules. While this may allow connections from
-          blacklisted hosts to slip by during construction of the blacklist,
-          it can substantially reduce the time that all new connections are
-          disabled during <emphasis role="bold">shorewall</emphasis>
-          [<emphasis role="bold">re</emphasis>]<emphasis
+          may want to set the DELAYBLACKLISTLOAD option to <emphasis
+          role="bold">Yes</emphasis>. When DELAYBLACKLISTLOAD=Yes, Shorewall
+          will enable new connections before loading the blacklist rules.
+          While this may allow connections from blacklisted hosts to slip by
+          during construction of the blacklist, it can substantially reduce
+          the time that all new connections are disabled during <emphasis
+          role="bold">shorewall</emphasis> [<emphasis
+          role="bold">re</emphasis>]<emphasis
          role="bold">start</emphasis>.</para>
        </listitem>
      </varlistentry>
@ -446,8 +452,9 @@
        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>

        <listitem>
-          <para>When this option is set to "Yes", it causes subzones to be
-          treated differently with respect to policies.</para>
+          <para>When this option is set to <emphasis
+          role="bold">Yes</emphasis>, it causes subzones to be treated
+          differently with respect to policies.</para>

          <para>Subzones are defined by following their name with ":" and a
          list of parent zones (in /etc/shorewall/zones). Normally, you want