extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-22 21:48:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code

Browse Source
This commit is contained in:
Tom Eastep 2013-05-03 12:23:40 -07:00
commit 14cf5aa0d6
68 changed files with 269 additions and 268 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall-lite/manpages/shorewall-lite.conf.xml
View File

@ -141,7 +141,7 @@
stops. Creating and removing this file allows Shorewall to work with
your distribution's initscripts. For RedHat, this should be set to
/var/lock/subsys/shorewall. For Debian, the value is
/var/state/shorewall and in LEAF it is /var/run/shorwall.</para>
/var/state/shorewall and in LEAF it is /var/run/shorewall.</para>
</listitem>
</varlistentry>

12
Shorewall-lite/manpages/shorewall-lite.xml
View File

@ -492,9 +492,9 @@
url="shorewall.conf.html">shorewall.conf</ulink>(5). Each <emphasis
role="bold">v</emphasis> adds one to the effective verbosity and each
<emphasis role="bold">q</emphasis> subtracts one from the effective
VERBOSITY. Anternately, <emphasis role="bold">v</emphasis> may be followed
VERBOSITY. Alternately, <emphasis role="bold">v</emphasis> may be followed
immediately with one of -1,0,1,2 to specify a specify VERBOSITY. There may
be no white space between <emphasis role="bold">v</emphasis> and the
be no white-space between <emphasis role="bold">v</emphasis> and the
VERBOSITY.</para>
<para>The <emphasis>options</emphasis> may also include the letter
@ -632,7 +632,7 @@
<term><emphasis role="bold">forget</emphasis></term>
<listitem>
<para>Deletes /var/lib/shorewall-lite/<emphasis>filenam</emphasis>e
<para>Deletes /var/lib/shorewall-lite/<emphasis>filename</emphasis>
and /var/lib/shorewall-lite/save. If no
<emphasis>filename</emphasis> is given then the file specified by
RESTOREFILE in <ulink
@ -690,7 +690,7 @@
and raw table PREROUTING chains.</para>
<para>The trace records are written to the kernel's log buffer with
faciility = kernel and priority = warning, and they are routed from
facility = kernel and priority = warning, and they are routed from
there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) --
Shorewall-lite has no control over where the messages go; consult
your logging daemon's documentation.</para>
@ -747,7 +747,7 @@
<para>The <replaceable>iptables match expression</replaceable> must
be one given in the <command>iptrace</command> command being
cancelled.</para>
canceled.</para>
</listitem>
</varlistentry>
@ -875,7 +875,7 @@
<term><emphasis role="bold">config</emphasis></term>
<listitem>
<para>Dispays distribution-specific defaults.</para>
<para>Displays distribution-specific defaults.</para>
</listitem>
</varlistentry>

28
Shorewall/manpages/shorewall-accounting.xml
View File

@ -136,7 +136,7 @@
</listitem>
<listitem>
<para><emphasis role="bold">accounout</emphasis> in the <emphasis
<para><emphasis role="bold">accountout</emphasis> in the <emphasis
role="bold">OUTPUT</emphasis> section</para>
</listitem>
@ -266,8 +266,8 @@
<term><replaceable>network</replaceable></term>
<listitem>
<para>is an IPv4 networ<emphasis
role="bold">k</emphasis> in CIDR notation (e.g.,
<para>is an IPv4 <emphasis
role="bold">network</emphasis> in CIDR notation (e.g.,
192.168.1.0/24). The network can be as large as a /8
(class A).</para>
</listitem>
@ -300,9 +300,9 @@
<term><emphasis role="bold">INLINE</emphasis></term>
<listitem>
<para>Added in Shorewall 4.5.16. Allows freeform iptables
<para>Added in Shorewall 4.5.16. Allows free form iptables
matches to be specified following a ';'. In the generated
iptables rule(s), the freeform matches will follow any matches
iptables rule(s), the free form matches will follow any matches
that are generated by the column contents.</para>
</listitem>
</varlistentry>
@ -344,7 +344,7 @@
<listitem>
<para>Causes each matching packet to be sent via the currently
loaded logging backend (usually nfnetlink_log) where it is
loaded logging back-end (usually nfnetlink_log) where it is
available to accounting daemons through a netlink
socket.</para>
</listitem>
@ -455,7 +455,7 @@
(136).</para>
<para>You may place a comma-separated list of port names or numbers
in this column if your kernel and iptables include multiport match
in this column if your kernel and iptables include multi-port match
support.</para>
<para>If the PROTOCOL is <emphasis role="bold">ipp2p</emphasis> then
@ -478,14 +478,14 @@
UDP (17), DCCP (33), SCTP (132) or UDPLITE (136).</para>
<para>You may place a comma-separated list of port numbers in this
column if your kernel and iptables include multiport match
column if your kernel and iptables include multi-port match
support.</para>
<para>Beginning with Shorewall 4.5.15, you may place '=' in this
column, provided that the DEST PORT(S) column is non-empty. This
causes the rule to match when either the source port or the
destination port in a packet matches one of the ports specified in
DEST PORTS(S). Use of '=' requires multiport match in your iptables
DEST PORTS(S). Use of '=' requires multi-port match in your iptables
and kernel.</para>
</listitem>
</varlistentry>
@ -608,7 +608,7 @@
<listitem>
<para>The option-list consists of a comma-separated list of options
from the following list. Only packets that will be encrypted or have
been de-crypted via an SA that matches these options will have their
been decrypted via an SA that matches these options will have their
source address changed.</para>
<variablelist>
@ -702,7 +702,7 @@
<listitem>
<para>When used by itself, causes all traffic that will be
encrypted/encapsulated or has been decrypted/un-encapsulted to
encrypted/encapsulated or has been decrypted/un-encapsulated to
match the rule.</para>
</listitem>
</varlistentry>
@ -713,7 +713,7 @@
<listitem>
<para>When used by itself, causes all traffic that will not be
encrypted/encapsulated or has been decrypted/un-encapsulted to
encrypted/encapsulated or has been decrypted/un-encapsulated to
match the rule.</para>
</listitem>
</varlistentry>
@ -770,8 +770,8 @@
role="bold">ACTION</emphasis> and <emphasis role="bold">CHAIN</emphasis>,
the values <emphasis role="bold">-</emphasis>, <emphasis
role="bold">any</emphasis> and <emphasis role="bold">all</emphasis> may be
used as wildcards. Omitted trailing columns are also treated as
wildcard.</para>
used as wildcard'gs. Omitted trailing columns are also treated as
wildcard'g.</para>
</refsect1>
<refsect1>

12
Shorewall/manpages/shorewall-arprules.xml
View File

@ -23,13 +23,13 @@
<refsect1>
<title>Description</title>
<para>This file was added in Shorwall 4.5.12 and is used to describe
<para>This file was added in Shorewall 4.5.12 and is used to describe
low-level rules managed by arptables (8). These rules only affect Address
Resolution Protocol (ARP), Reverse Address Resolution Protocol (RARP) and
Dynamic Reverse Address Resolution Protocol (DRARP) frames.</para>
<para>The columns in the file are as shown below. MAC addresses are
specified normally (6 hexidecimal numbers separated by colons).</para>
specified normally (6 hexadecimal numbers separated by colons).</para>
<variablelist>
<varlistentry>
@ -186,7 +186,7 @@
<term><replaceable>macmask</replaceable></term>
<listitem>
<para>Mask for MAC address; must be specified as 6 hexidecimal
<para>Mask for MAC address; must be specified as 6 hexadecimal
numbers separated by colons.</para>
</listitem>
</varlistentry>
@ -249,7 +249,7 @@
<term><replaceable>macmask</replaceable></term>
<listitem>
<para>Mask for MAC address; must be specified as 6 hexidecimal
<para>Mask for MAC address; must be specified as 6 hexadecimal
numbers separated by colons.</para>
</listitem>
</varlistentry>
@ -352,7 +352,7 @@
</variablelist>
<para>When '!' is specified, the test is inverted and the rule
matches frames which do not match the specifed
matches frames which do not match the specified
<replaceable>opcode</replaceable>.</para>
</listitem>
</varlistentry>
@ -362,7 +362,7 @@
<refsect1>
<title>Example</title>
<para>The eth1 interface has both a pubiic IP address and a private
<para>The eth1 interface has both a public IP address and a private
address (10.1.10.11/24). When sending ARP requests to 10.1.10.0/24, use
the private address as the IP source:</para>

6
Shorewall/manpages/shorewall-blrules.xml
View File

@ -34,7 +34,7 @@
<para>The format of rules in this file is the same as the format of rules
in <ulink url="shorewall-rules.html">shorewall-rules (5)</ulink>. The
differece in the two files lies in the ACTION (first) column.</para>
difference in the two files lies in the ACTION (first) column.</para>
<variablelist>
<varlistentry>
@ -164,7 +164,7 @@
role="bold">NFLOG</emphasis>[(<replaceable>nflog-parameters</replaceable>)]</term>
<listitem>
<para>queues matching packets to a backend logging daemon via
<para>queues matching packets to a back end logging daemon via
a netlink socket then continues to the next rule. See <ulink
url="http://www.shorewall.net/shorewall.logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.</para>
</listitem>
@ -320,7 +320,7 @@
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-hosts(5), shorewall-interfaces(5), shorewall-maclist(5),
shoewall6-netmap(5),shorewall-params(5), shorewall-policy(5),
shorewall6-netmap(5),shorewall-params(5), shorewall-policy(5),
shorewall-providers(5), shorewall-rtrules(5), shorewall-routestopped(5),
shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5),
shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),

2
Shorewall/manpages/shorewall-conntrack.xml
View File

@ -389,7 +389,7 @@
column, provided that the DEST PORT(S) column is non-empty. This
causes the rule to match when either the source port or the
destination port in a packet matches one of the ports specified in
DEST PORTS(S). Use of '=' requires multiport match in your iptables
DEST PORTS(S). Use of '=' requires multi-port match in your iptables
and kernel.</para>
</listitem>
</varlistentry>

4
Shorewall/manpages/shorewall-exclusion.xml
View File

@ -31,14 +31,14 @@
<title>Description</title>
<para>The first form of exclusion is used when you wish to exclude one or
more addresses from a definition. An exclaimation point is followed by a
more addresses from a definition. An exclamation point is followed by a
comma-separated list of addresses. The addresses may be single host
addresses (e.g., 192.168.1.4) or they may be network addresses in CIDR
format (e.g., 192.168.1.0/24). If your kernel and iptables include iprange
support, you may also specify ranges of ip addresses of the form
<emphasis>lowaddress</emphasis>-<emphasis>highaddress</emphasis></para>
<para>No embedded whitespace is allowed.</para>
<para>No embedded white-space is allowed.</para>
<para>Exclusion can appear after a list of addresses and/or address
ranges. In that case, the final list of address is formed by taking the

4
Shorewall/manpages/shorewall-hosts.xml
View File

@ -115,7 +115,7 @@
<listitem>
<para>A comma-separated list of options from the following list. The
order in which you list the options is not significant but the list
must have no embedded white space.</para>
must have no embedded white-space.</para>
<variablelist>
<varlistentry>
@ -182,7 +182,7 @@
<para>Connection requests from these hosts are compared
against the contents of <ulink
url="shorewall-maclist.html">shorewall-maclist</ulink>(5). If
this option is specified, the interface must be an ethernet
this option is specified, the interface must be an Ethernet
NIC or equivalent and must be up before Shorewall is
started.</para>
</listitem>

2
Shorewall/manpages/shorewall-init.xml
View File

@ -143,7 +143,7 @@
</listitem>
</itemizedlist>
<para>On a laptop with both ethernet and wireless interfaces, you will
<para>On a laptop with both Ethernet and wireless interfaces, you will
want to make both interfaces optional and set the REQUIRE_INTERFACE option
to Yes in <ulink url="shorewall.conf.html">shorewall.conf </ulink>(5) or
<ulink url="../Manpages6/shorewall6.conf.html">shorewall6.conf</ulink>

8
Shorewall/manpages/shorewall-interfaces.xml
View File

@ -187,7 +187,7 @@ loc eth2 -</programlisting>
<listitem>
<para>A comma-separated list of options from the following list. The
order in which you list the options is not significant but the list
should have no embedded white space.</para>
should have no embedded white-space.</para>
<variablelist>
<varlistentry>
@ -283,7 +283,7 @@ loc eth2 -</programlisting>
<blockquote>
<para><emphasis role="bold">WARNING: The 'blacklist'
option is ignored on mult-zone
option is ignored on multi-zone
interfaces</emphasis></para>
</blockquote>
</listitem>
@ -420,7 +420,7 @@ loc eth2 -</programlisting>
<para>Connection requests from this interface are compared
against the contents of <ulink
url="shorewall-maclist.html">shorewall-maclist</ulink>(5). If
this option is specified, the interface must be an ethernet
this option is specified, the interface must be an Ethernet
NIC and must be up before Shorewall is started.</para>
</listitem>
</varlistentry>
@ -792,7 +792,7 @@ dmz eth2</programlisting>
<term>Example 3:</term>
<listitem>
<para>You have a simple dial-in system with no ethernet
<para>You have a simple dial-in system with no Ethernet
connections.</para>
<programlisting>FORMAT 2

5
Shorewall/manpages/shorewall-ipsets.xml
View File

@ -42,12 +42,13 @@
<para>Whether the set is matched against the packet source or destination
is determined by which column the set name appears (SOURCE or DEST). For
those set types that specify a tupple, two alternative syntaxes are
those set types that specify a tuple, two alternative syntaxes are
available:</para>
<simplelist>
<member>[<replaceable>number</replaceable>] - Indicates that 'src' or
'dst' should repleated number times. Example: myset[2].</member>
'dst' should be repeated <replaceable>number</replaceable> times.
Example: myset[2].</member>
<member>[<replaceable>flag</replaceable>,...] where
<replaceable>flag</replaceable> is <option>src</option> or

2
Shorewall/manpages/shorewall-maclist.xml
View File

@ -68,7 +68,7 @@
<listitem>
<para>MAC <emphasis>address</emphasis> of the host -- you do not
need to use the Shorewall format for MAC addresses here. If
<emphasis role="bold">IP ADDRESSESES</emphasis> is supplied then
<emphasis role="bold">IP ADDRESSES</emphasis> is supplied then
<emphasis role="bold">MAC</emphasis> can be supplied as a dash
(<emphasis role="bold">-</emphasis>)</para>
</listitem>

6
Shorewall/manpages/shorewall-masq.xml
View File

@ -60,7 +60,7 @@
added with that name (e.g., eth0:0). This will allow the alias to be
displayed with ifconfig. <emphasis role="bold">That is the only use
for the alias name; it may not appear in any other place in your
Shorewall configuratio</emphasis>n.</para>
Shorewall configuration.</emphasis></para>
<para>Each interface must match an entry in <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5).
@ -80,7 +80,7 @@
<programlisting> eth0(Avvanta)</programlisting>
<para>In that case, you will want to specify the interfaces's
<para>In that case, you will want to specify the interface's
address for that provider in the ADDRESS column.</para>
<para>The interface may be qualified by adding the character ":"
@ -506,7 +506,7 @@
<para>Switch settings are retained over <command>shorewall
restart</command>.</para>
<para>Beginning with Shoreawll 4.5.10, when the
<para>Beginning with Shorewall 4.5.10, when the
<replaceable>switch-name</replaceable> is followed by
<option>=0</option> or <option>=1</option>, then the switch is
initialized to off or on respectively by the

2
Shorewall/manpages/shorewall-nat.xml
View File

@ -79,7 +79,7 @@
want Shorewall to add the alias with this name (e.g., "eth0:0").
That allows you to see the alias with ifconfig. <emphasis
role="bold">That is the only thing that this name is good for -- you
cannot use it anwhere else in your Shorewall configuration.
cannot use it anywhere else in your Shorewall configuration.
</emphasis></para>
<para>Each interface must match an entry in <ulink

4
Shorewall/manpages/shorewall-netmap.xml
View File

@ -119,7 +119,7 @@
<listitem>
<para>Added in Shorewall 4.4.11. If specified, qualifies INTERFACE.
It specifies a SOURCE network for DNAT rules and a DESTINATON
It specifies a SOURCE network for DNAT rules and a DESTINATION
network for SNAT rules.</para>
</listitem>
</varlistentry>
@ -145,7 +145,7 @@
range</emphasis>s; if the protocol is <emphasis
role="bold">icmp</emphasis>, this column is interpreted as the
destination icmp-type(s). ICMP types may be specified as a numeric
type, a numberic type and code separated by a slash (e.g., 3/4), or
type, a numeric type and code separated by a slash (e.g., 3/4), or
a typename. See <ulink
url="http://www.shorewall.net/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.</para>

2
Shorewall/manpages/shorewall-providers.xml
View File

@ -148,7 +148,7 @@
<listitem>
<para>A comma-separated list selected from the following. The order
of the options is not significant but the list may contain no
embedded whitespace.</para>
embedded white-space.</para>
<variablelist>
<varlistentry>

6
Shorewall/manpages/shorewall-routestopped.xml
View File

@ -73,7 +73,7 @@
<listitem>
<para>Optional. A comma-separated list of options. The order of the
options is not important but the list can contain no embedded
whitespace. The currently-supported options are:</para>
white-space. The currently-supported options are:</para>
<variablelist>
<varlistentry>
@ -121,7 +121,7 @@
<term>notrack</term>
<listitem>
<para>The traffic will be exempted from conntection
<para>The traffic will be exempted from connection
tracking.</para>
</listitem>
</varlistentry>
@ -166,7 +166,7 @@
column, provided that the DEST PORT(S) column is non-empty. This
causes the rule to match when either the source port or the
destination port in a packet matches one of the ports specified in
DEST PORTS(S). Use of '=' requires multiport match in your iptables
DEST PORTS(S). Use of '=' requires multi-port match in your iptables
and kernel.</para>
</listitem>
</varlistentry>

48
Shorewall/manpages/shorewall-rules.xml
View File

@ -24,7 +24,7 @@
<title>Description</title>
<para>Entries in this file govern connection establishment by defining
exceptions to the policies layed out in <ulink
exceptions to the policies laid out in <ulink
url="shorewall-policy.html">shorewall-policy</ulink>(5). By default,
subsequent requests and responses are automatically allowed using
connection tracking. For any particular (source,dest) pair of zones, the
@ -146,7 +146,7 @@
role="bold">RELATED</emphasis> sections must be empty.</para>
<para>An except is made if you are running Shorewall 4.4.27 or later and
you have specified a non-defualt value for RELATED_DISPOSITION or
you have specified a non-default value for RELATED_DISPOSITION or
RELATED_LOG_LEVEL. In that case, you may have rules in the RELATED
section of this file.</para>
</warning>
@ -243,7 +243,7 @@
<para>Added in Shorewall 4.4.12. Causes addresses and/or port
numbers to be added to the named
<replaceable>ipset</replaceable>. The
<replaceable>flags</replaceable> specify the address or tupple
<replaceable>flags</replaceable> specify the address or tuple
to be added to the set and must match the type of ipset
involved. For example, for an iphash ipset, either the SOURCE
or DESTINATION address can be added using
@ -360,10 +360,10 @@
<listitem>
<para>Added in Shorewall 4.4.12. Causes an entry to be deleted
from the named <replaceable>ipset</replaceable>. The
<replaceable>flags</replaceable> specify the address or tupple
<replaceable>flags</replaceable> specify the address or tuple
to be deleted from the set and must match the type of ipset
involved. For example, for an iphash ipset, either the SOURCE
or DESTINATION address can be deletec using
or DESTINATION address can be deleted using
<replaceable>flags</replaceable> <emphasis
role="bold">src</emphasis> or <emphasis
role="bold">dst</emphasis> respectively (see the -D command in
@ -508,7 +508,7 @@
<listitem>
<para>Added in Shorewall 4.5.9.3. Queues matching packets to a
backend logging daemon via a netlink socket then continues to
back end logging daemon via a netlink socket then continues to
the next rule. See <ulink
url="http://www.shorewall.net/shorewall.logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.</para>
@ -621,7 +621,7 @@
<listitem>
<para>Added in Shorewall 4.5.10. Queues matching packets to a
backend logging daemon via a netlink socket then continues to
back end logging daemon via a netlink socket then continues to
the next rule. See <ulink
url="http://www.shorewall.net/shorewall.logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.</para>
@ -706,7 +706,7 @@
<para>Beginning with Shorewall 4.4.13, you may use a
<replaceable>zone-list </replaceable>which consists of a
comma-separated list of zones declared in <ulink
url="shorewall-zones.html">shorewall-zones</ulink> (5). Ths
url="shorewall-zones.html">shorewall-zones</ulink> (5). This
<replaceable>zone-list</replaceable> may be optionally followed by
"+" to indicate that the rule is to apply to intra-zone traffic as
well as inter-zone traffic.</para>
@ -762,8 +762,8 @@
bindings to be matched.</para>
<para>Beginning with Shorewall 4.4.17, the primary IP address of a
firewall interface can be specified by an apersand ('&amp;')
followed by the logican name of the interface as found in the
firewall interface can be specified by an ampersand ('&amp;')
followed by the logical name of the interface as found in the
INTERFACE column of <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>
(5).</para>
@ -880,7 +880,7 @@
<para>Beginning with Shorewall 4.4.13, you may use a
<replaceable>zone-list </replaceable>which consists of a
comma-separated list of zones declared in <ulink
url="shorewall-zones.html">shorewall-zones</ulink> (5). Ths
url="shorewall-zones.html">shorewall-zones</ulink> (5). This
<replaceable>zone-list</replaceable> may be optionally followed by
"+" to indicate that the rule is to apply to intra-zone traffic as
well as inter-zone traffic.</para>
@ -965,7 +965,7 @@
name.</para>
<para>Beginning with Shorewall 4.4.17, the primary IP address of a
firewall interface can be specified by an apersand ('&amp;')
firewall interface can be specified by an ampersand ('&amp;')
followed by the logical name of the interface as found in the
INTERFACE column of <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>
@ -973,7 +973,7 @@
<para>The <replaceable>port</replaceable> that the server is
listening on may be included and separated from the server's IP
address by ":". If omitted, the firewall will not modifiy the
address by ":". If omitted, the firewall will not modify the
destination port. A destination port may only be included if the
<emphasis role="bold">ACTION</emphasis> is <emphasis
role="bold">DNAT</emphasis> or <emphasis
@ -1043,11 +1043,11 @@
names (from services(5)), port numbers or port ranges; if the
protocol is <emphasis role="bold">icmp</emphasis>, this column is
interpreted as the destination icmp-type(s). ICMP types may be
specified as a numeric type, a numberic type and code separated by a
specified as a numeric type, a numeric type and code separated by a
slash (e.g., 3/4), or a typename. See <ulink
url="http://www.shorewall.net/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.
Note that prior to Shorewall 4.4.19, only a single ICMP type may be
listsed.</para>
listed.</para>
<para>If the protocol is <emphasis role="bold">ipp2p</emphasis>,
this column is interpreted as an ipp2p option without the leading
@ -1071,7 +1071,7 @@
<para>1. There are 15 or less ports listed.</para>
<para>2. No port ranges are included or your kernel and iptables
contain extended multiport match support.</para>
contain extended multi-port match support.</para>
</listitem>
</varlistentry>
@ -1090,7 +1090,7 @@
column, provided that the DEST PORT(S) column is non-empty. This
causes the rule to match when either the source port or the
destination port in a packet matches one of the ports specified in
DEST PORTS(S). Use of '=' requires multiport match in your iptables
DEST PORTS(S). Use of '=' requires multi-port match in your iptables
and kernel.</para>
<warning>
@ -1111,7 +1111,7 @@
<para>1. There are 15 or less ports listed.</para>
<para>2. No port ranges are included or your kernel and iptables
contain extended multiport match support.</para>
contain extended multi-port match support.</para>
</listitem>
</varlistentry>
@ -1139,7 +1139,7 @@
not match any of the addresses listed.</para>
<para>Beginning with Shorewall 4.4.17, the primary IP address of a
firewall interface can be specified by an apersand ('&amp;')
firewall interface can be specified by an ampersand ('&amp;')
followed by the logical name of the interface as found in the
INTERFACE column of <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>
@ -1187,7 +1187,7 @@
interval (<emphasis role="bold">sec</emphasis> or <emphasis
role="bold">min</emphasis>) and <emphasis>burst</emphasis> is the
largest burst permitted. If no <emphasis>burst</emphasis> is given,
a value of 5 is assumed. There may be no no whitespace embedded in
a value of 5 is assumed. There may be no no white-space embedded in
the specification.</para>
<para>Example: <emphasis role="bold">10/sec:20</emphasis></para>
@ -1338,7 +1338,7 @@
<varlistentry>
<term><emphasis role="bold">TIME</emphasis> -
<emphasis>timeelement</emphasis>[&amp;<emphasis>timelement</emphasis>...]</term>
<emphasis>timeelement</emphasis>[&amp;<emphasis>timeelement</emphasis>...]</term>
<listitem>
<para>May be used to limit the rule to a particular time period each
@ -1482,7 +1482,7 @@
<para>Switch settings are retained over <command>shorewall
restart</command>.</para>
<para>Beginning with Shoreawll 4.5.10, when the
<para>Beginning with Shorewall 4.5.10, when the
<replaceable>switch-name</replaceable> is followed by
<option>=0</option> or <option>=1</option>, then the switch is
initialized to off or on respectively by the
@ -1707,7 +1707,7 @@
<term>Example 10:</term>
<listitem>
<para>Add the tupple (source IP, dest port, dest IP) of an incoming
<para>Add the tuple (source IP, dest port, dest IP) of an incoming
SSH connection to the ipset S:</para>
<programlisting> #ACTION SOURCE DEST PROTO DEST
@ -1800,7 +1800,7 @@
url="http://www.shorewall.net/shorewall_logging.html">http://www.shorewall.net/shorewall_logging.html</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorweall-blrules(5), shorewall-hosts(5),
shorewall-blacklist(5), shorewall-blrules(5), shorewall-hosts(5),
shorewall_interfaces(5), shorewall-ipsets(5), shorewall-maclist(5),
shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5),
shorewall-params(5), shorewall-policy(5), shorewall-providers(5),

4
Shorewall/manpages/shorewall-secmarks.xml
View File

@ -100,7 +100,7 @@
{P|I|F|O|T}[:{N|I|U|IU|NI|NU|NIU|NUI:E|ER}]</emphasis></term>
<listitem>
<para>This column determines the CHAIN where the SElinux context is
<para>This column determines the CHAIN where the SELinux context is
to be applied:</para>
<simplelist>
@ -249,7 +249,7 @@
<emphasis>port range</emphasis>s; if the protocol is <emphasis
role="bold">icmp</emphasis>, this column is interpreted as the
destination icmp-type(s). ICMP types may be specified as a numeric
type, a numberic type and code separated by a slash (e.g., 3/4), or
type, a numeric type and code separated by a slash (e.g., 3/4), or
a typename. See <ulink
url="http://www.shorewall.net/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.</para>

6
Shorewall/manpages/shorewall-stoppedrules.xml
View File

@ -64,7 +64,7 @@
IP/subnet addresses. If your kernel and iptables include iprange
match support, IP address ranges are also allowed. Ipsets and
exclusion are also supported. When <option>$FW</option> or interface
are specified, the list must be preceeded by a colon (":").</para>
are specified, the list must be preceded by a colon (":").</para>
<para>If left empty or supplied as "-", 0.0.0.0/0 is assumed.</para>
</listitem>
@ -84,7 +84,7 @@
IP/subnet addresses. If your kernel and iptables include iprange
match support, IP address ranges are also allowed. Ipsets and
exclusion are also supported. When <option>$FW</option> or interface
are specified, the list must be preceeded by a colon (":").</para>
are specified, the list must be preceded by a colon (":").</para>
<para>If left empty or supplied as "-", 0.0.0.0/0 is assumed.</para>
</listitem>
@ -130,7 +130,7 @@
column, provided that the DEST PORT(S) column is non-empty. This
causes the rule to match when either the source port or the
destination port in a packet matches one of the ports specified in
DEST PORTS(S). Use of '=' requires multiport match in your iptables
DEST PORTS(S). Use of '=' requires multi-port match in your iptables
and kernel.</para>
</listitem>
</varlistentry>

14
Shorewall/manpages/shorewall-tcclasses.xml
View File

@ -187,13 +187,13 @@
<replaceable>dmax</replaceable>, the maximum delay in milliseconds
that the first queued packet for this class should experience. May
be expressed as an integer, optionally followed by 'ms' with no
intervening white space (e.g., 10ms).</para>
intervening white-space (e.g., 10ms).</para>
<para>HFSC leaf classes may also specify
<replaceable>umax</replaceable>, the largest packet expected in this
class. May be expressed as an integer. The unit of measure is
<emphasis>bytes</emphasis> and the integer may be optionally
followed by 'b' with no intervening white space (e.g., 800b).
followed by 'b' with no intervening white-space (e.g., 800b).
<replaceable>umax</replaceable> may only be given if
<replaceable>dmax</replaceable> is also given.</para>
@ -436,7 +436,7 @@
than a system having only a single active connection. The
<option>flow</option> classifier (module cls_flow) works
around this by letting you define what a 'flow' is. The
clasifier must be used carefully or it can block off all
classifier must be used carefully or it can block off all
traffic on an interface! The flow option can be specified for
an HTB leaf class (one that has no sub-classes). We recommend
that you use the following:</para>
@ -473,7 +473,7 @@
<term>pfifo</term>
<listitem>
<para>When specified for a leaf class, the pfifo queing
<para>When specified for a leaf class, the pfifo queuing
discipline is applied to the class rather than the sfq queuing
discipline.</para>
</listitem>
@ -687,7 +687,7 @@
<listitem>
<para>can be used to mark packets instead of dropping
them. If ecn has been enabled, noecn can be used to turn
it off and vice-a-versa. By default, ecn is
it off and vice-versa. By default, ecn is
enabled.</para>
</listitem>
</varlistentry>
@ -719,8 +719,8 @@
minimum of 100kbps and always be serviced first (because of the low
priority number, giving less delay) and will be granted excess
bandwidth (up to 180kbps, the class ceiling) first, before any other
traffic. A single VOIP stream, depending upon codecs, after
encapsulation, can take up to 80kbps on a PPOE/DSL link, so we pad a
traffic. A single VoIP stream, depending upon codecs, after
encapsulation, can take up to 80kbps on a PPPoE/DSL link, so we pad a
little bit just in case. (TOS byte values 0xb8 and 0x68 are DiffServ
classes EF and AFF3-1 respectively and are often used by VOIP
devices).</para>

2
Shorewall/manpages/shorewall-tcdevices.xml
View File

@ -149,7 +149,7 @@
<para>What is described above creates a rate/burst policing filter.
Beginning with Shorewall 4.4.25, a rate-estimated policing filter
may be configured instead. Rate-estimated filters should be used
with ethernet adapters that have Generic Receive Offload enabled by
with Ethernet adapters that have Generic Receive Offload enabled by
default. See <ulink
url="http://www.shorewall.net/FAQ.htm#faq97a">Shorewall FAQ
97a</ulink>.</para>

2
Shorewall/manpages/shorewall-tcfilters.xml
View File

@ -153,7 +153,7 @@
</listitem>
<listitem>
<para><option>tos-maximuze-throughput</option></para>
<para><option>tos-maximize-throughput</option></para>
</listitem>
<listitem>

2
Shorewall/manpages/shorewall-tcinterfaces.xml
View File

@ -168,7 +168,7 @@
<para>What is described above creates a rate/burst policing filter.
Beginning with Shorewall 4.4.25, a rate-estimated policing filter
may be configured instead. Rate-estimated filters should be used
with ethernet adapters that have Generic Receive Offload enabled by
with Ethernet adapters that have Generic Receive Offload enabled by
default. See <ulink
url="http://www.shorewall.net/FAQ.htm#faq97a">Shorewall FAQ
97a</ulink>.</para>

2
Shorewall/manpages/shorewall-tcpri.xml
View File

@ -131,7 +131,7 @@
[<replaceable>helper</replaceable>]</term>
<listitem>
<para>Optional. Names a Netfiler protocol helper module such as ftp,
<para>Optional. Names a Netfilter protocol helper module such as ftp,
sip, amanda, etc. A packet will match if it was accepted by the
named helper module. You can also append "-" and a port number to
the helper module name (e.g., ftp-21) to specify the port number

16
Shorewall/manpages/shorewall-tcrules.xml
View File

@ -171,7 +171,7 @@
<term>CT</term>
<listitem>
<para>Mark the connecdtion in the POSTROUTING chain</para>
<para>Mark the connection in the POSTROUTING chain</para>
</listitem>
</varlistentry>
@ -273,7 +273,7 @@
<term>CT</term>
<listitem>
<para>Mark the connecdtion in the POSTROUTING chain</para>
<para>Mark the connection in the POSTROUTING chain</para>
</listitem>
</varlistentry>
@ -388,7 +388,7 @@
<para><emphasis role="bold">DIVERT</emphasis></para>
<para>Added in Shorewall 4.5.4 and only available when FORMAT is
2. Two DIVERT rule should preceed the TPROXY rule and should
2. Two DIVERT rule should precede the TPROXY rule and should
select DEST PORT tcp 80 and SOURCE PORT tcp 80 respectively
(assuming that tcp port 80 is being proxied). DIVERT avoids
sending packets to the TPROXY target once a socket connection to
@ -565,7 +565,7 @@
to produce class IDs 1:1 through 1:6. But 1:1 is an invalid
class ID since the <replaceable>major</replaceable> and
<replaceable>minor</replaceable> classes are equal. So you might
chose instent to use IPMARK(src,0xFF,0x10100) as in the example
choose instead to use IPMARK(src,0xFF,0x10100) as in the example
above so that all of your <replaceable>minor</replaceable>
classes will have a value &gt; 256.</para>
</listitem>
@ -903,7 +903,7 @@ Normal-Service =&gt; 0x00</programlisting>
<emphasis>port range</emphasis>s; if the protocol is <emphasis
role="bold">icmp</emphasis>, this column is interpreted as the
destination icmp-type(s). ICMP types may be specified as a numeric
type, a numberic type and code separated by a slash (e.g., 3/4), or
type, a numeric type and code separated by a slash (e.g., 3/4), or
a typename. See <ulink
url="http://www.shorewall.net/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.</para>
@ -938,7 +938,7 @@ Normal-Service =&gt; 0x00</programlisting>
column, provided that the DEST PORT(S) column is non-empty. This
causes the rule to match when either the source port or the
destination port in a packet matches one of the ports specified in
DEST PORTS(S). Use of '=' requires multiport match in your iptables
DEST PORTS(S). Use of '=' requires multi-port match in your iptables
and kernel.</para>
</listitem>
</varlistentry>
@ -1139,7 +1139,7 @@ Normal-Service =&gt; 0x00</programlisting>
</emphasis><emphasis>helper</emphasis></term>
<listitem>
<para>Names a Netfiler protocol <firstterm>helper</firstterm> module
<para>Names a Netfilter protocol <firstterm>helper</firstterm> module
such as <option>ftp</option>, <option>sip</option>,
<option>amanda</option>, etc. A packet will match if it was accepted
by the named helper module.</para>
@ -1233,7 +1233,7 @@ Normal-Service =&gt; 0x00</programlisting>
4:T 0.0.0.0/0 0.0.0.0/0 ipp2p:all
SAVE:T 0.0.0.0/0 0.0.0.0/0 all - - - !0</programlisting>
<para>If a packet hasn't been classifed (packet mark is 0), copy the
<para>If a packet hasn't been classified (packet mark is 0), copy the
connection mark to the packet mark. If the packet mark is set, we're
done. If the packet is P2P, set the packet mark to 4. If the packet
mark has been set, save it to the connection mark.</para>

6
Shorewall/manpages/shorewall-zones.xml
View File

@ -136,7 +136,7 @@ c:a,b ipv4</programlisting>
default if you leave this column empty or if you enter "-" in
the column. Communication with some zone hosts may be
encrypted. Encrypted hosts are designated using the
'ipsec'option in <ulink
'ipsec' option in <ulink
url="shorewall-hosts.html">shorewall-hosts</ulink>(5).</para>
</listitem>
</varlistentry>
@ -213,8 +213,8 @@ c:a,b ipv4</programlisting>
<para>When specified in the IN_OPTIONS column, causes all
traffic from this zone to be passed against the <emphasis
role="bold">src</emphasis> entries in s<ulink
url="shorewall-blacklist.html">horewall-blacklist</ulink>(5).</para>
role="bold">src</emphasis> entries in <ulink
url="shorewall-blacklist.html">shorewall-blacklist</ulink>(5).</para>
<para>When specified in the OUT_OPTIONS column, causes all
traffic to this zone to be passed against the <emphasis

30
Shorewall/manpages/shorewall.conf.xml
View File

@ -28,7 +28,7 @@
<para>The file consists of Shell comments (lines beginning with '#'),
blank lines and assignment statements
(<emphasis>variable</emphasis>=<emphasis>value</emphasis>). If the
<emphasis>value</emphasis> contains shell metacharacters or white-space,
<emphasis>value</emphasis> contains shell meta characters or white-space,
then it must be enclosed in quotes. Example:
MACLIST_LOG_LEVEL="NFLOG(1,0,1)".</para>
</refsect1>
@ -455,7 +455,7 @@
<para>When set to <emphasis role="bold">No</emphasis> or <emphasis
role="bold">no</emphasis>, blacklists are consulted for every packet
(will slow down your firewall noticably if you have large
(will slow down your firewall noticeably if you have large
blacklists). If the BLACKLISTNEWONLY option is not set or is set to
the empty value then BLACKLISTNEWONLY=No is assumed.</para>
@ -771,7 +771,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
the 'net' zone, ESTABLISHED/RELATED packets are ACCEPTED in the
'loc2net' chain.</para>
<para>If you set FASTACCEPT=Yes, then ESTABLISHED/RELEATED packets
<para>If you set FASTACCEPT=Yes, then ESTABLISHED/RELATED packets
are accepted early in the INPUT, FORWARD and OUTPUT chains. If you
set FASTACCEPT=Yes then you may not include rules in the ESTABLISHED
or RELATED sections of <ulink
@ -1177,7 +1177,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<filename>/etc/shorewall</filename> are compare with that of
<filename>/var/lib/shorewall/restore)</filename>. If set to No, then
the times are compared with that of /var/lib/shorewall/firewall,
which is consistant with the way that <command>restart -f</command>
which is consistent with the way that <command>restart -f</command>
works.</para>
</listitem>
</varlistentry>
@ -1712,7 +1712,7 @@ LOG:info:,bar net fw</programlisting>
<listitem>
<para>Added in Shorewall 4.5.7. Specifies the pathname of the nfacct
utiliity. If not specified, Shorewall will use the PATH settting to
utility. If not specified, Shorewall will use the PATH setting to
find the program.</para>
</listitem>
</varlistentry>
@ -1780,7 +1780,7 @@ LOG:info:,bar net fw</programlisting>
<para>Optimization category 2 - Added in Shorewall 4.4.7. When
set, suppresses superfluous ACCEPT rules in a policy chain that
implements an ACCEPT policy. Any ACCEPT rules that immediately
preceed the final blanket ACCEPT rule in the chain are now
precede the final blanket ACCEPT rule in the chain are now
omitted.</para>
</listitem>
@ -1875,7 +1875,7 @@ LOG:info:,bar net fw</programlisting>
compatible if they differ only in their destination ports and
comments.</para>
<para>A sequence of combatible rules is often generated when
<para>A sequence of compatible rules is often generated when
macros are invoked in sequence.</para>
<para>The ability to combine adjacent rules is limited by two
@ -1890,12 +1890,12 @@ LOG:info:,bar net fw</programlisting>
<listitem>
<para>Rules may only be combined until the length of their
concatinated comment reaches 255 characters.</para>
concatenated comment reaches 255 characters.</para>
</listitem>
</itemizedlist>
<para>When either of these limits would be exceeded, the current
combined rule is emitted and the compiler attemts to combine
combined rule is emitted and the compiler attempts to combine
rules beginning with the one that would have exceeded the limit.
Adjacent combined comments are separated by ', '. Empty comments
at the front of a group of combined comments are replaced by
@ -1927,7 +1927,7 @@ LOG:info:,bar net fw</programlisting>
<listitem>
<para>Rules with comments &lt;empty&gt;, "FOO" and "BAR"
would reult in the combined comment "Others and FOO, BAR".
would result in the combined comment "Others and FOO, BAR".
Note: Optimize level 16 requires "Extended Multi-port
Match" in your iptables and kernel.</para>
</listitem>
@ -2018,7 +2018,7 @@ LOG:info:,bar net fw</programlisting>
role="bold">"</emphasis></term>
<listitem>
<para>Eariler generations of Shorewall Lite required that remote
<para>Earlier generations of Shorewall Lite required that remote
root login via ssh be enabled in order to use the
<command>load</command> and <command>reload</command> commands.
Beginning with release 3.9.5, you may define an alternative means
@ -2034,7 +2034,7 @@ LOG:info:,bar net fw</programlisting>
<member>RCP_COMMAND: scp ${files}
${root}@${system}:${destination}</member>
</simplelist>Shell variables that will be set when the commands
are envoked are as follows:<simplelist>
are invoked are as follows:<simplelist>
<member><replaceable>root</replaceable> - root user. Normally
<option>root</option> but may be overridden using the '-r'
option.</member>
@ -2359,7 +2359,7 @@ LOG:info:,bar net fw</programlisting>
stops. Creating and removing this file allows Shorewall to work with
your distribution's initscripts. For RedHat and OpenSuSE, this
should be set to /var/lock/subsys/shorewall. For Debian, the value
is /var/lock/shorewall and in LEAF it is /var/run/shorwall.</para>
is /var/lock/shorewall and in LEAF it is /var/run/shorewall.</para>
</listitem>
</varlistentry>
@ -2600,7 +2600,7 @@ LOG:info:,bar net fw</programlisting>
<para><emphasis role="bold">detect</emphasis> may be
specified for interfaces whose configuration is managed by
dhcpcd. Shorewall will use dhcpcd's database to find the
interfaces's gateway.</para>
interface's gateway.</para>
</note></para>
</listitem>
@ -2625,7 +2625,7 @@ LOG:info:,bar net fw</programlisting>
<listitem>
<para>Added in Shorewall 4.4.27. Normally, when Shorewall creates a
Netfilter chain that relates to an interface, it uses the
interfaces's logical name as the base of the chain name. For
interface's logical name as the base of the chain name. For
example, if the logical name for an interface is OAKLAND, then the
input chain for traffic arriving on that interface would be
'OAKLAND_in'. If this option is set to Yes, then the physical name

18
Shorewall/manpages/shorewall.xml
View File

@ -720,7 +720,7 @@
<emphasis role="bold">q</emphasis> subtracts one from the effective
VERBOSITY. Alternatively, <emphasis role="bold">v</emphasis> may be
followed immediately with one of -1,0,1,2 to specify a specify VERBOSITY.
There may be no white space between <emphasis role="bold">v</emphasis> and
There may be no white-space between <emphasis role="bold">v</emphasis> and
the VERBOSITY.</para>
<para>The <emphasis>options</emphasis> may also include the letter
@ -782,7 +782,7 @@
<term><emphasis role="bold">check</emphasis></term>
<listitem>
<para>Compiles the configuraton in the specified
<para>Compiles the configuration in the specified
<emphasis>directory</emphasis> and discards the compiled output
script. If no <emphasis>directory</emphasis> is given, then
/etc/shorewall is assumed.</para>
@ -846,7 +846,7 @@
<para>When -e is specified, the compilation is being performed on a
system other than where the compiled script will run. This option
disables certain configuration options that require the script to be
compiled where it is to be run. The use of -e requires the presense
compiled where it is to be run. The use of -e requires the presence
of a configuration file named <filename>capabilities</filename>
which may be produced using the command <emphasis
role="bold">shorewall-lite show -f capabilities &gt;
@ -984,7 +984,7 @@
<term><emphasis role="bold">forget</emphasis></term>
<listitem>
<para>Deletes /var/lib/shorewall/<emphasis>filenam</emphasis>e and
<para>Deletes /var/lib/shorewall/<emphasis>filename</emphasis> and
/var/lib/shorewall/save. If no <emphasis>filename</emphasis> is
given then the file specified by RESTOREFILE in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5) is
@ -1041,7 +1041,7 @@
and raw table PREROUTING chains.</para>
<para>The trace records are written to the kernel's log buffer with
faciility = kernel and priority = warning, and they are routed from
facility = kernel and priority = warning, and they are routed from
there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) --
Shorewall has no control over where the messages go; consult your
logging daemon's documentation.</para>
@ -1145,7 +1145,7 @@
<para>The <replaceable>iptables match expression</replaceable> must
be one given in the <command>iptrace</command> command being
cancelled.</para>
canceled.</para>
</listitem>
</varlistentry>
@ -1445,7 +1445,7 @@
<term><emphasis role="bold">config</emphasis></term>
<listitem>
<para>Dispays distribution-specific defaults.</para>
<para>Displays distribution-specific defaults.</para>
</listitem>
</varlistentry>
@ -1606,7 +1606,7 @@
<para>Update: In Shorewall 4.4.20, a new LEGACY_FASTSTART option was
added to <ulink url="shorewall.conf.html">shorewall.conf</ulink>(5).
When LEGACY_FASTSTART=No, the modificaiotn times of files in
When LEGACY_FASTSTART=No, the modification times of files in
/etc/shorewall are compared with that of /var/lib/shorewall/firewall
(the compiled script that last started/restarted the
firewall).</para>
@ -1674,7 +1674,7 @@
<replaceable>directory</replaceable>; otherwise, a <emphasis
role="bold">start</emphasis> command is performed using the
specified configuration <replaceable>directory</replaceable>. if an
error occurs during the compliation phase of the <emphasis
error occurs during the compilation phase of the <emphasis
role="bold">restart</emphasis> or <emphasis
role="bold">start</emphasis>, the command terminates without
changing the Shorewall state. If an error occurs during the

2
Shorewall6-lite/manpages/shorewall6-lite.conf.xml
View File

@ -141,7 +141,7 @@
stops. Creating and removing this file allows Shorewall6 to work
with your distribution's initscripts. For RedHat, this should be set
to /var/lock/subsys/shorewall6. For Debian, the value is
/var/state/shorewall6 and in LEAF it is /var/run/shorwall.</para>
/var/state/shorewall6 and in LEAF it is /var/run/shorewall.</para>
</listitem>
</varlistentry>

12
Shorewall6-lite/manpages/shorewall6-lite.xml
View File

@ -492,9 +492,9 @@
url="shorewall.conf.html">shorewall6.conf</ulink>(5). Each <emphasis
role="bold">v</emphasis> adds one to the effective verbosity and each
<emphasis role="bold">q</emphasis> subtracts one from the effective
VERBOSITY. Anternately, <emphasis role="bold">v</emphasis> may be followed
VERBOSITY. Alternately, <emphasis role="bold">v</emphasis> may be followed
immediately with one of -1,0,1,2 to specify a specify VERBOSITY. There may
be no white space between <emphasis role="bold">v</emphasis> and the
be no white-space between <emphasis role="bold">v</emphasis> and the
VERBOSITY.</para>
<para>The <emphasis>options</emphasis> may also include the letter
@ -630,7 +630,7 @@
<term><emphasis role="bold">forget</emphasis></term>
<listitem>
<para>Deletes /var/lib/shorewall6-lite/<emphasis>filenam</emphasis>e
<para>Deletes /var/lib/shorewall6-lite/<emphasis>filename</emphasis>
and /var/lib/shorewall6-lite/save. If no
<emphasis>filename</emphasis> is given then the file specified by
RESTOREFILE in <ulink
@ -688,7 +688,7 @@
and raw table PREROUTING chains.</para>
<para>The trace records are written to the kernel's log buffer with
faciility = kernel and priority = warning, and they are routed from
facility = kernel and priority = warning, and they are routed from
there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) --
shorewall6-lite has no control over where the messages go; consult
your logging daemon's documentation.</para>
@ -745,7 +745,7 @@
<para>The <replaceable>iptables match expression</replaceable> must
be one given in the <command>iptrace</command> command being
cancelled.</para>
canceled.</para>
</listitem>
</varlistentry>
@ -873,7 +873,7 @@
<term><emphasis role="bold">config</emphasis></term>
<listitem>
<para>Dispays distribution-specific defaults.</para>
<para>Displays distribution-specific defaults.</para>
</listitem>
</varlistentry>

22
Shorewall6/manpages/shorewall6-accounting.xml
View File

@ -136,7 +136,7 @@
</listitem>
<listitem>
<para><emphasis role="bold">accounout</emphasis> in the <emphasis
<para><emphasis role="bold">accountout</emphasis> in the <emphasis
role="bold">OUTPUT</emphasis> section</para>
</listitem>
@ -242,9 +242,9 @@
<term><emphasis role="bold">INLINE</emphasis></term>
<listitem>
<para>Added in Shorewall 4.5.16. Allows freeform ip6tables
<para>Added in Shorewall 4.5.16. Allows free form ip6tables
matches to be specified following a ';'. In the generated
ip6tables rule(s), the freeform matches will follow any
ip6tables rule(s), the free form matches will follow any
matches that are generated by the column contents.</para>
</listitem>
</varlistentry>
@ -286,7 +286,7 @@
<listitem>
<para>Causes each matching packet to be sent via the currently
loaded logging backend (usually nfnetlink_log) where it is
loaded logging back end (usually nfnetlink_log) where it is
available to accounting daemons through a netlink
socket.</para>
</listitem>
@ -396,7 +396,7 @@
(136).</para>
<para>You may place a comma-separated list of port names or numbers
in this column if your kernel and ip6tables include multiport match
in this column if your kernel and ip6tables include multi-port match
support.</para>
<para>If the PROTOCOL is <emphasis role="bold">ipp2p</emphasis> then
@ -419,14 +419,14 @@
UDP (17), DCCP (33), SCTP (132) or UDPLITE (136).</para>
<para>You may place a comma-separated list of port numbers in this
column if your kernel and ip6tables include multiport match
column if your kernel and ip6tables include multi-port match
support.</para>
<para>Beginning with Shorewall 4.5.15, you may place '=' in this
column, provided that the DEST PORT(S) column is non-empty. This
causes the rule to match when either the source port or the
destination port in a packet matches one of the ports specified in
DEST PORTS(S). Use of '=' requires multiport match in your iptables
DEST PORTS(S). Use of '=' requires multi-port match in your iptables
and kernel.</para>
</listitem>
</varlistentry>
@ -549,7 +549,7 @@
<listitem>
<para>The option-list consists of a comma-separated list of options
from the following list. Only packets that will be encrypted or have
been de-crypted via an SA that matches these options will have their
been decrypted via an SA that matches these options will have their
source address changed. May only be specified when sections are
used.</para>
@ -644,7 +644,7 @@
<listitem>
<para>When used by itself, causes all traffic that will be
encrypted/encapsulated or has been decrypted/un-encapsulted to
encrypted/encapsulated or has been decrypted/un-encapsulated to
match the rule.</para>
</listitem>
</varlistentry>
@ -655,7 +655,7 @@
<listitem>
<para>When used by itself, causes all traffic that will not be
encrypted/encapsulated or has been decrypted/un-encapsulted to
encrypted/encapsulated or has been decrypted/un-encapsulated to
match the rule.</para>
</listitem>
</varlistentry>
@ -831,7 +831,7 @@
<para>shorewall6(8), shorewall6-actions(5), shorewall6-blacklist(5),
shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),
shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),

2
Shorewall6/manpages/shorewall6-actions.xml
View File

@ -137,7 +137,7 @@
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-blacklist(5),
shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),
shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),

2
Shorewall6/manpages/shorewall6-blacklist.xml
View File

@ -204,7 +204,7 @@
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),
shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),

6
Shorewall6/manpages/shorewall6-blrules.xml
View File

@ -35,7 +35,7 @@
<para>The format of rules in this file is the same as the format of rules
in <ulink url="shorewall6-rules.html">shorewall6-rules (5)</ulink>. The
differece in the two files lies in the ACTION (first) column.</para>
difference in the two files lies in the ACTION (first) column.</para>
<variablelist>
<varlistentry>
@ -165,7 +165,7 @@
role="bold">NFLOG</emphasis>[(<replaceable>nflog-parameters</replaceable>)]</term>
<listitem>
<para>queues matching packets to a backend logging daemon via
<para>queues matching packets to a back end logging daemon via
a netlink socket then continues to the next rule. See <ulink
url="http://www.shorewall.net/shorewall.logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.</para>
</listitem>
@ -321,7 +321,7 @@
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),
shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),

2
Shorewall6/manpages/shorewall6-conntrack.xml
View File

@ -392,7 +392,7 @@ DROP:PO - 2001:1.2.3::4
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-ipsec(5), shoewall6-netmap(5),shorewall6-params(5),
shorewall6-ipsec(5), shorewall6-netmap(5),shorewall6-params(5),
shorewall6-policy(5), shorewall6-providers(5), shorewall6-proxyarp(5),
shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5),
shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5),

6
Shorewall6/manpages/shorewall6-exclusion.xml
View File

@ -31,14 +31,14 @@
<title>Description</title>
<para>Exclusion is used when you wish to exclude one or more addresses
from a definition. An exclaimation point is followed by a comma-separated
from a definition. An exclamation point is followed by a comma-separated
list of addresses. The addresses may be single host addresses (e.g.,
fe80::2a0:ccff:fedb:31c4) or they may be network addresses in CIDR format
(e.g., fe80::2a0:ccff:fedb:31c4/64). If your kernel and ip6tables include
iprange support, you may also specify ranges of ip addresses of the form
<emphasis>lowaddress</emphasis>-<emphasis>highaddress</emphasis></para>
<para>No embedded whitespace is allowed.</para>
<para>No embedded white-space is allowed.</para>
<para>Exclusion can appear after a list of addresses and/or address
ranges. In that case, the final list of address is formed by taking the
@ -103,7 +103,7 @@ ACCEPT all!z2 net tcp 22</programlisting>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5),
shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),

4
Shorewall6/manpages/shorewall6-hosts.xml
View File

@ -117,7 +117,7 @@
<listitem>
<para>An optional comma-separated list of options from the following
list. The order in which you list the options is not significant but
the list must have no embedded white space.</para>
the list must have no embedded white-space.</para>
<variablelist>
<varlistentry>
@ -199,7 +199,7 @@
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-interfaces(5), shorewall6-maclist(5),
shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),

6
Shorewall6/manpages/shorewall6-interfaces.xml
View File

@ -145,7 +145,7 @@ loc eth2 -</programlisting>
<listitem>
<para>A comma-separated list of options from the following list. The
order in which you list the options is not significant but the list
should have no embedded white space.</para>
should have no embedded white-space.</para>
<variablelist>
<varlistentry>
@ -214,7 +214,7 @@ loc eth2 -</programlisting>
<blockquote>
<para><emphasis role="bold">WARNING: The 'blacklist'
option is ignored on mult-zone
option is ignored on multi-zone
interfaces</emphasis></para>
</blockquote>
</listitem>
@ -568,7 +568,7 @@ dmz eth2 -</programlisting>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-maclist(5),
shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),

8
Shorewall6/manpages/shorewall6-ipsets.xml
View File

@ -42,12 +42,12 @@
<para>Whether the set is matched against the packet source or destination
is determined by which column the set name appears (SOURCE or DEST). For
those set types that specify a tupple, two alternative syntaxes are
those set types that specify a tuple, two alternative syntaxes are
available:</para>
<simplelist>
<member>[<replaceable>number</replaceable>] - Indicates that 'src' or
'dst' should repleated number times. Example: myset[2].</member>
'dst' should repeated number times. Example: myset[2].</member>
<member>[<replaceable>flag</replaceable>,...] where
<replaceable>flag</replaceable> is <option>src</option> or
@ -62,7 +62,7 @@
</listitem>
</itemizedlist>
<para>In a DEST column, the following paris are equivalent:</para>
<para>In a DEST column, the following pairs are equivalent:</para>
<itemizedlist>
<listitem>
@ -130,7 +130,7 @@
<para>shorewall6(8), shorewall6-actions(5), shorewall6-blacklist(5),
shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),
shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),

4
Shorewall6/manpages/shorewall6-maclist.xml
View File

@ -66,7 +66,7 @@
<listitem>
<para>MAC <emphasis>address</emphasis> of the host -- you do not
need to use the shorewall6 format for MAC addresses here. If
<emphasis role="bold">IP ADDRESSESES</emphasis> is supplied then
<emphasis role="bold">IP ADDRESSES</emphasis> is supplied then
<emphasis role="bold">MAC</emphasis> can be supplied as a dash
(<emphasis role="bold">-</emphasis>)</para>
</listitem>
@ -106,7 +106,7 @@
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),

4
Shorewall6/manpages/shorewall6-masq.xml
View File

@ -73,7 +73,7 @@
<programlisting> eth0(Avvanta)</programlisting>
<para>In that case, you will want to specify the interfaces's
<para>In that case, you will want to specify the interface's
address for that provider in the ADDRESS column.</para>
<para>The interface may be qualified by adding the character ":"
@ -457,7 +457,7 @@
<para>Switch settings are retained over <command>shorewall
restart</command>.</para>
<para>Beginning with Shoreawll 4.5.10, when the
<para>Beginning with Shorewall 4.5.10, when the
<replaceable>switch-name</replaceable> is followed by
<option>=0</option> or <option>=1</option>, then the switch is
initialized to off or on respectively by the

2
Shorewall6/manpages/shorewall6-modules.xml
View File

@ -86,7 +86,7 @@
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),

2
Shorewall6/manpages/shorewall6-nesting.xml
View File

@ -109,7 +109,7 @@
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5),
shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),

6
Shorewall6/manpages/shorewall6-netmap.xml
View File

@ -24,7 +24,7 @@
<title>Description</title>
<para>This file is used to map addresses in one network to corresponding
addresses in a second network. It was added in Shorewall6 iin
addresses in a second network. It was added in Shorewall6
4.4.23.3.</para>
<warning>
@ -121,7 +121,7 @@
<listitem>
<para>Optional - added in Shorewall 4.4.11. If specified, qualifies
INTERFACE. It specifies a SOURCE network for DNAT rules and a
DESTINATON network for SNAT rules.</para>
DESTINATION network for SNAT rules.</para>
</listitem>
</varlistentry>
@ -145,7 +145,7 @@
<emphasis>port range</emphasis>s; if the protocol is <emphasis
role="bold">icmp</emphasis>, this column is interpreted as the
destination icmp-type(s). ICMP types may be specified as a numeric
type, a numberic type and code separated by a slash (e.g., 3/4), or
type, a numeric type and code separated by a slash (e.g., 3/4), or
a typename. See <ulink
url="http://www.shorewall.net/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.</para>

2
Shorewall6/manpages/shorewall6-params.xml
View File

@ -3,7 +3,7 @@
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<refentry>
<refmeta>
<refentrytitle>shoewall6-netmap(5),shorewall6-params</refentrytitle>
<refentrytitle>shorewall6-netmap(5),shorewall6-params</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>

2
Shorewall6/manpages/shorewall6-policy.xml
View File

@ -316,7 +316,7 @@
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-ipsec(5), shorewall6-maclist(5), shorewall6-masq(5),
shorewall6-nat(5), shorewall6-netmap(5),
shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-providers(5), shorewall6-proxyarp(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),

4
Shorewall6/manpages/shorewall6-providers.xml
View File

@ -137,7 +137,7 @@
<listitem>
<para>A comma-separated list selected from the following. The order
of the options is not significant but the list may contain no
embedded whitespace.</para>
embedded white-space.</para>
<variablelist>
<varlistentry>
@ -333,7 +333,7 @@
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5),
shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5),
shorewall6-policy(5), shorewall6-rtrules(5), shorewall6-routestopped(5),
shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5),
shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),

4
Shorewall6/manpages/shorewall6-proxyndp.xml
View File

@ -23,7 +23,7 @@
<refsect1>
<title>Description</title>
<para>This file was added in Shoreall 4.4.16 and is used to define Proxy
<para>This file was added in Shorewall 4.4.16 and is used to define Proxy
NDP. There is one entry in this file for each IPv6 address to be
proxied.</para>
@ -138,7 +138,7 @@
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-exclusion(5), shorewall6-hosts(5),
shorewall6-interfaces(5), shorewall6-maclist(5), shorewall6-nesting(5),
shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),

2
Shorewall6/manpages/shorewall6-routes.xml
View File

@ -96,7 +96,7 @@
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),
shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),

4
Shorewall6/manpages/shorewall6-routestopped.xml
View File

@ -69,7 +69,7 @@
<listitem>
<para>An optional comma-separated list of options. The order of the
options is not important but the list can contain no embedded
whitespace. The currently-supported options are:</para>
white-space. The currently-supported options are:</para>
<variablelist>
<varlistentry>
@ -188,7 +188,7 @@
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5),
shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5),
shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5),
shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),

2
Shorewall6/manpages/shorewall6-rtrules.xml
View File

@ -168,7 +168,7 @@
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5),
shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5),
shorewall6-policy(5), shorewall6-providers(5), shorewall6-routestopped(5),
shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5),
shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),

42
Shorewall6/manpages/shorewall6-rules.xml
View File

@ -24,7 +24,7 @@
<title>Description</title>
<para>Entries in this file govern connection establishment by defining
exceptions to the policies layed out in <ulink
exceptions to the policies laid out in <ulink
url="shorewall6-policy.html">shorewall6-policy</ulink>(5). By default,
subsequent requests and responses are automatically allowed using
connection tracking. For any particular (source,dest) pair of zones, the
@ -138,7 +138,7 @@
role="bold">RELATED</emphasis> sections must be empty.</para>
<para>An except is made if you are running Shorewall 4.4.27 or later and
you have specified a non-defualt value for RELATED_DISPOSITION or
you have specified a non-default value for RELATED_DISPOSITION or
RELATED_LOG_LEVEL. In that case, you may have rules in the RELATED
section of this file.</para>
</warning>
@ -216,7 +216,7 @@
<para>Added in Shorewall 4.4.12. Causes addresses and/or port
numbers to be added to the named
<replaceable>ipset</replaceable>. The
<replaceable>flags</replaceable> specify the address or tupple
<replaceable>flags</replaceable> specify the address or tuple
to be added to the set and must match the type of ipset
involved. For example, for an iphash ipset, either the SOURCE
or DESTINATION address can be added using
@ -333,10 +333,10 @@
<listitem>
<para>Added in Shorewall 4.4.12. Causes an entry to be deleted
from the named <replaceable>ipset</replaceable>. The
<replaceable>flags</replaceable> specify the address or tupple
<replaceable>flags</replaceable> specify the address or tuple
to be deleted from the set and must match the type of ipset
involved. For example, for an iphash ipset, either the SOURCE
or DESTINATION address can be deletec using
or DESTINATION address can be deleted using
<replaceable>flags</replaceable> <emphasis
role="bold">src</emphasis> or <emphasis
role="bold">dst</emphasis> respectively (see the -D command in
@ -482,7 +482,7 @@
<listitem>
<para>Added in Shorewall 4.5.9.3. Queues matching packets to a
backend logging daemon via a netlink socket then continues to
back end logging daemon via a netlink socket then continues to
the next rule. See <ulink
url="http://www.shorewall.net/shorewall.logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.</para>
@ -662,7 +662,7 @@
<para>Beginning with Shorewall 4.4.13, you may use a
<replaceable>zone-list </replaceable>which consists of a
comma-separated list of zones declared in <ulink
url="shorewall-zones.html">shorewall-zones</ulink> (5). Ths
url="shorewall-zones.html">shorewall-zones</ulink> (5). This
<replaceable>zone-list</replaceable> may be optionally followed by
"+" to indicate that the rule is to apply to intra-zone traffic as
well as inter-zone traffic.</para>
@ -711,8 +711,8 @@
bindings to be matched.</para>
<para>Beginning with Shorewall6 4.4.17, the primary IP address of a
firewall interface can be specified by an apersand ('&amp;')
followed by the logican name of the interface as found in the
firewall interface can be specified by an ampersand ('&amp;')
followed by the logical name of the interface as found in the
INTERFACE column of <ulink
url="shorewall-interfaces.html">shorewall6-interfaces</ulink>
(5).</para>
@ -846,8 +846,8 @@
url="shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5).</para>
<para>Beginning with Shorewall6 4.4.17, the primary IP address of a
firewall interface can be specified by an apersand ('&amp;')
followed by the logican name of the interface as found in the
firewall interface can be specified by an ampersand ('&amp;')
followed by the logical name of the interface as found in the
INTERFACE column of <ulink
url="shorewall-interfaces.html">shorewall6-interfaces</ulink>
(5).</para>
@ -915,7 +915,7 @@
<para>The <replaceable>port</replaceable> that the server is
listening on may be included and separated from the server's IP
address by ":". If omitted, the firewall will not modifiy the
address by ":". If omitted, the firewall will not modify the
destination port. A destination port may only be included if the
<emphasis role="bold">ACTION</emphasis> is <emphasis
role="bold">DNAT</emphasis> or <emphasis
@ -996,11 +996,11 @@
names (from services(5)), port numbers or port ranges; if the
protocol is <emphasis role="bold">icmp</emphasis>, this column is
interpreted as the destination icmp-type(s). ICMP types may be
specified as a numeric type, a numberic type and code separated by a
specified as a numeric type, a numeric type and code separated by a
slash (e.g., 3/4), or a typename. See <ulink
url="http://www.shorewall.net/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.
Note that prior to Shorewall6 4.4.19, only a single ICMP type may be
listsed.</para>
listed.</para>
<para>If the protocol is <emphasis role="bold">ipp2p</emphasis>,
this column is interpreted as an ipp2p option without the leading
@ -1024,7 +1024,7 @@
<para>1. There are 15 or less ports listed.</para>
<para>2. No port ranges are included or your kernel and ip6tables
contain extended multiport match support.</para>
contain extended multi-port match support.</para>
</listitem>
</varlistentry>
@ -1043,7 +1043,7 @@
column, provided that the DEST PORT(S) column is non-empty. This
causes the rule to match when either the source port or the
destination port in a packet matches one of the ports specified in
DEST PORTS(S). Use of '=' requires multiport match in your iptables
DEST PORTS(S). Use of '=' requires multi-port match in your iptables
and kernel.</para>
<warning>
@ -1063,7 +1063,7 @@
<para>1. There are 15 or less ports listed.</para>
<para>2. No port ranges are included or your kernel and ip6tables
contain extended multiport match support.</para>
contain extended multi-port match support.</para>
</listitem>
</varlistentry>
@ -1095,7 +1095,7 @@
interval (<emphasis role="bold">sec</emphasis> or <emphasis
role="bold">min</emphasis>) and <emphasis>burst</emphasis> is the
largest burst permitted. If no <emphasis>burst</emphasis> is given,
a value of 5 is assumed. There may be no no whitespace embedded in
a value of 5 is assumed. There may be no no white-space embedded in
the specification.</para>
<para>Example: <emphasis role="bold">10/sec:20</emphasis></para>
@ -1244,7 +1244,7 @@
<varlistentry>
<term><emphasis role="bold">TIME</emphasis> -
<emphasis>timeelement</emphasis>[&amp;<emphasis>timelement</emphasis>...]</term>
<emphasis>timeelement</emphasis>[&amp;<emphasis>timeelement</emphasis>...]</term>
<listitem>
<para>May be used to limit the rule to a particular time period each
@ -1472,7 +1472,7 @@
<para>Switch settings are retained over <command>shorewall6
restart</command>.</para>
<para>Beginning with Shoreawll 4.5.10, when the
<para>Beginning with Shorewall 4.5.10, when the
<replaceable>switch-name</replaceable> is followed by
<option>=0</option> or <option>=1</option>, then the switch is
initialized to off or on respectively by the
@ -1645,7 +1645,7 @@
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-blrules(5), shorewall6-hosts(5),
shorewall6-interfaces(5), shorewall6-maclist(5),
shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6.conf(5), shorewall6-secmarks(5),
shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),

8
Shorewall6/manpages/shorewall6-secmarks.xml
View File

@ -100,7 +100,7 @@
{P|I|F|O|T}[:{N|I|U|IU|NI|NU|NIU|NUI:E|ER}]</emphasis></term>
<listitem>
<para>This column determines the CHAIN where the SElinux context is
<para>This column determines the CHAIN where the SELinux context is
to be applied:</para>
<simplelist>
@ -243,7 +243,7 @@
<emphasis>port range</emphasis>s; if the protocol is <emphasis
role="bold">icmp</emphasis>, this column is interpreted as the
destination icmp-type(s). ICMP types may be specified as a numeric
type, a numberic type and code separated by a slash (e.g., 3/4), or
type, a numeric type and code separated by a slash (e.g., 3/4), or
a typename. See <ulink
url="http://www.shorewall.net/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.</para>
@ -274,7 +274,7 @@
column, provided that the DEST PORT(S) column is non-empty. This
causes the rule to match when either the source port or the
destination port in a packet matches one of the ports specified in
DEST PORTS(S). Use of '=' requires multiport match in your iptables
DEST PORTS(S). Use of '=' requires multi-port match in your iptables
and kernel.</para>
</listitem>
</varlistentry>
@ -416,7 +416,7 @@ RESTORE I:ER</programlisting>
<para>shorewall6(8), shorewall6-actions(5), shorewall6-blacklist(5),
shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),
shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),

6
Shorewall6/manpages/shorewall6-stoppedrules.xml
View File

@ -64,7 +64,7 @@
IP/subnet addresses. If your kernel and iptables include iprange
match support, IP address ranges are also allowed. Ipsets and
exclusion are also supported. When <option>$FW</option> or interface
are specified, the list must be preceeded by a colon (":").</para>
are specified, the list must be preceded by a colon (":").</para>
<para>If left empty or supplied as "-", ::/0 is assumed.</para>
</listitem>
@ -84,7 +84,7 @@
IP/subnet addresses. If your kernel and iptables include iprange
match support, IP address ranges are also allowed. Ipsets and
exclusion are also supported. When <option>$FW</option> or interface
are specified, the list must be preceeded by a colon (":").</para>
are specified, the list must be preceded by a colon (":").</para>
<para>If left empty or supplied as "-", ::/0 is assumed.</para>
</listitem>
@ -130,7 +130,7 @@
column, provided that the DEST PORT(S) column is non-empty. This
causes the rule to match when either the source port or the
destination port in a packet matches one of the ports specified in
DEST PORTS(S). Use of '=' requires multiport match in your iptables
DEST PORTS(S). Use of '=' requires multi-port match in your iptables
and kernel.</para>
</listitem>
</varlistentry>

14
Shorewall6/manpages/shorewall6-tcclasses.xml
View File

@ -184,13 +184,13 @@
<replaceable>dmax</replaceable>, the maximum delay in milliseconds
that the first queued packet for this class should experience. May
be expressed as an integer, optionally followed by 'ms' with no
intervening white space (e.g., 10ms).</para>
intervening white-space (e.g., 10ms).</para>
<para>HFSC leaf classes may also specify
<replaceable>umax</replaceable>, the largest packet expected in this
class. May be expressed as an integer. The unit of measure is
<emphasis>bytes</emphasis> and the integer may be optionally
followed by 'b' with no intervening white space (e.g., 800b).
followed by 'b' with no intervening white-space (e.g., 800b).
<replaceable>umax</replaceable> may only be given if
<replaceable>dmax</replaceable> is also given.</para>
@ -388,7 +388,7 @@
than a system having only a single active connection. The
<option>flow</option> classifier (module cls_flow) works
around this by letting you define what a 'flow' is. The
clasifier must be used carefully or it can block off all
classifier must be used carefully or it can block off all
traffic on an interface! The flow option can be specified for
an HTB leaf class (one that has no sub-classes). We recommend
that you use the following:</para>
@ -425,7 +425,7 @@
<term>pfifo</term>
<listitem>
<para>When specified for a leaf class, the pfifo queing
<para>When specified for a leaf class, the pfifo queuing
discipline is applied to the class rather than the sfq queuing
discipline.</para>
</listitem>
@ -671,8 +671,8 @@
minimum of 100kbps and always be serviced first (because of the low
priority number, giving less delay) and will be granted excess
bandwidth (up to 180kbps, the class ceiling) first, before any other
traffic. A single VOIP stream, depending upon codecs, after
encapsulation, can take up to 80kbps on a PPOE/DSL link, so we pad a
traffic. A single VoIP stream, depending upon codecs, after
encapsulation, can take up to 80kbps on a PPPoE/DSL link, so we pad a
little bit just in case. (TOS byte values 0xb8 and 0x68 are DiffServ
classes EF and AFF3-1 respectively and are often used by VOIP
devices).</para>
@ -725,7 +725,7 @@
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5),
shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5),
shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-secmarks(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),

4
Shorewall6/manpages/shorewall6-tcdevices.xml
View File

@ -150,7 +150,7 @@
<para>What is described above creates a rate/burst policing filter.
Beginning with Shorewall 4.4.25, a rate-estimated policing filter
may be configured instead. Rate-estimated filters should be used
with ethernet adapters that have Generic Receive Offload enabled by
with Ethernet adapters that have Generic Receive Offload enabled by
default. See <ulink
url="http://www.shorewall.net/FAQ.htm#faq97a">Shorewall FAQ
97a</ulink>.</para>
@ -292,7 +292,7 @@
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5),
shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5),
shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcrules(5),

2
Shorewall6/manpages/shorewall6-tcfilters.xml
View File

@ -149,7 +149,7 @@
</listitem>
<listitem>
<para><option>tos-maximuze-throughput</option></para>
<para><option>tos-maximize-throughput</option></para>
</listitem>
<listitem>

6
Shorewall6/manpages/shorewall6-tcinterfaces.xml
View File

@ -155,7 +155,7 @@
<para>If you don't want any traffic to be dropped, set this to a
value to zero in which case Shorewall will not create an ingress
qdisc.Must be set to zero if the REDIRECTED INTERFACES column is
qdisc. Must be set to zero if the REDIRECTED INTERFACES column is
non-empty.</para>
<para>The optional burst option was added in Shorewall 4.4.18. The
@ -168,7 +168,7 @@
<para>What is described above creates a rate/burst policing filter.
Beginning with Shorewall 4.4.25, a rate-estimated policing filter
may be configured instead. Rate-estimated filters should be used
with ethernet adapters that have Generic Receive Offload enabled by
with Ethernet adapters that have Generic Receive Offload enabled by
default. See <ulink
url="http://www.shorewall.net/FAQ.htm#faq97a">Shorewall FAQ
97a</ulink>.</para>
@ -221,7 +221,7 @@
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-maclist(5),
shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-secmarks(5), shorewall6-tcpri, shorewall6-tos(5),

4
Shorewall6/manpages/shorewall6-tcpri.xml
View File

@ -131,7 +131,7 @@
[<replaceable>helper</replaceable>]</term>
<listitem>
<para>Optional. Names a Netfiler protocol helper module such as ftp,
<para>Optional. Names a Netfilter protocol helper module such as ftp,
sip, amanda, etc. A packet will match if it was accepted by the
named helper module. You can also append "-" and a port number to
the helper module name (e.g., ftp-21) to specify the port number
@ -152,7 +152,7 @@
<para>PRIO(8), shorewall6(8), shorewall6-accounting(5),
shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5),
shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5),
shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5),
shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-secmarks(5), shorewall6-tcinterfaces(5), shorewall6-tos(5),

16
Shorewall6/manpages/shorewall6-tcrules.xml
View File

@ -279,7 +279,7 @@
<term>CT</term>
<listitem>
<para>Mark the connecdtion in the POSTROUTING chain</para>
<para>Mark the connection in the POSTROUTING chain</para>
</listitem>
</varlistentry>
@ -393,7 +393,7 @@
<listitem>
<para><emphasis role="bold">DIVERT</emphasis></para>
<para>Added in Shorewall 4.5.3. Two DIVERT rule should preceed
<para>Added in Shorewall 4.5.3. Two DIVERT rule should precede
the TPROXY rule and should select DEST PORT tcp 80 and SOURCE
PORT tcp 80 respectively (assuming that tcp port 80 is being
proxied). DIVERT avoids sending packets to the TPROXY target
@ -731,7 +731,7 @@ Normal-Service =&gt; 0x00</programlisting>
iprange match support, IP address ranges are also allowed. List
elements may also consist of an interface name followed by ":" and
an address (e.g., eth1:&lt;2002:ce7c:92b4::/48&gt;). If the
<emphasis role="bold">ACTION</emphasis> column specificies a
<emphasis role="bold">ACTION</emphasis> column specifies a
classification of the form
<emphasis>major</emphasis>:<emphasis>minor</emphasis> then this
column may also contain an interface name.</para>
@ -779,7 +779,7 @@ Normal-Service =&gt; 0x00</programlisting>
<emphasis>port range</emphasis>s; if the protocol is <emphasis
role="bold">ipv6-icmp</emphasis>, this column is interpreted as the
destination icmp-type(s). ICMP types may be specified as a numeric
type, a numberic type and code separated by a slash (e.g., 3/4), or
type, a numeric type and code separated by a slash (e.g., 3/4), or
a typename. See <ulink
url="http://www.shorewall.net/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.</para>
@ -814,7 +814,7 @@ Normal-Service =&gt; 0x00</programlisting>
column, provided that the DEST PORT(S) column is non-empty. This
causes the rule to match when either the source port or the
destination port in a packet matches one of the ports specified in
DEST PORTS(S). Use of '=' requires multiport match in your iptables
DEST PORTS(S). Use of '=' requires multi-port match in your iptables
and kernel.</para>
</listitem>
</varlistentry>
@ -1001,7 +1001,7 @@ Normal-Service =&gt; 0x00</programlisting>
</emphasis><emphasis>helper</emphasis></term>
<listitem>
<para>Optional. Names a Netfiler protocol
<para>Optional. Names a Netfilter protocol
<firstterm>helper</firstterm> module such as <option>ftp</option>,
<option>sip</option>, <option>amanda</option>, etc. A packet will
match if it was accepted by the named helper module.</para>
@ -1151,7 +1151,7 @@ Normal-Service =&gt; 0x00</programlisting>
4 ::/0 ::/0 ipp2p:all
SAVE ::/0 ::/0 all - - - !0</programlisting>
<para>If a packet hasn't been classifed (packet mark is 0), copy the
<para>If a packet hasn't been classified (packet mark is 0), copy the
connection mark to the packet mark. If the packet mark is set, we're
done. If the packet is P2P, set the packet mark to 4. If the packet
mark has been set, save it to the connection mark.</para>
@ -1184,7 +1184,7 @@ Normal-Service =&gt; 0x00</programlisting>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-ecn(5), shorewall6-exclusion(5),
shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),
shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),

2
Shorewall6/manpages/shorewall6-template.xml
View File

@ -54,7 +54,7 @@
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-exclusion(5), shorewall6-hosts(5),
shorewall6-interfaces(5), shorewall6-maclist(5), shorewall6-nesting(5),
shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5),
shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5),
shorewall6-rtrules(5), shorewall6-routestopped(5),
shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5),
shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5),

2
Shorewall6/manpages/shorewall6-tos.xml
View File

@ -170,7 +170,7 @@
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5),
shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5),
shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),

2
Shorewall6/manpages/shorewall6-tunnels.xml
View File

@ -244,7 +244,7 @@
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5),
shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5),
shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),

2
Shorewall6/manpages/shorewall6-vardir.xml
View File

@ -55,7 +55,7 @@
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5),
shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),

8
Shorewall6/manpages/shorewall6-zones.xml
View File

@ -134,7 +134,7 @@ c:a,b ipv6</programlisting>
default if you leave this column empty or if you enter "-" in
the column. Communication with some zone hosts may be
encrypted. Encrypted hosts are designated using the
'ipsec'option in <ulink
'ipsec' option in <ulink
url="shorewall6-hosts.html">shorewall6-hosts</ulink>(5).</para>
</listitem>
</varlistentry>
@ -211,8 +211,8 @@ c:a,b ipv6</programlisting>
<para>When specified in the IN_OPTIONS column, causes all
traffic from this zone to be passed against the <emphasis
role="bold">src</emphasis> entries in s<ulink
url="shorewall6-blacklist.html">horewall6-blacklist</ulink>(5).</para>
role="bold">src</emphasis> entries in <ulink
url="shorewall6-blacklist.html">shorewall6-blacklist</ulink>(5).</para>
<para>When specified in the OUT_OPTIONS column, causes all
traffic to this zone to be passed against the <emphasis
@ -358,7 +358,7 @@ c:a,b ipv6</programlisting>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-maclist(5), shorewall6-nesting(8),
shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),

32
Shorewall6/manpages/shorewall6.conf.xml
View File

@ -28,7 +28,7 @@
<para>The file consists of Shell comments (lines beginning with '#'),
blank lines and assignment statements
(<emphasis>variable</emphasis>=<emphasis>value</emphasis>). If the
<emphasis>value</emphasis> contains shell metacharacters or white-space,
<emphasis>value</emphasis> contains shell meta characters or white-space,
then it must be enclosed in quotes. Example:
LOG_LEVEL="NFLOG(1,0,1)".</para>
</refsect1>
@ -59,7 +59,7 @@
<para>For most Shorewall6 logging, a level of 6 (info) is appropriate.
Shorewall6 log messages are generated by NetFilter and are logged using
facility 'kern' and the level that you specifify. If you are unsure of the
facility 'kern' and the level that you specify. If you are unsure of the
level to choose, 6 (info) is a safe bet. You may specify levels by name or
by number.</para>
@ -385,7 +385,7 @@
<para>When set to <emphasis role="bold">No</emphasis> or <emphasis
role="bold">no</emphasis>, blacklists are consulted for every packet
(will slow down your firewall noticably if you have large
(will slow down your firewall noticeably if you have large
blacklists). If the BLACKLISTNEWONLY option is not set or is set to
the empty value then BLACKLISTNEWONLY=No is assumed.</para>
@ -660,7 +660,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
the 'net' zone, ESTABLISHED/RELATED packets are ACCEPTED in the
'loc2net' chain.</para>
<para>If you set FASTACCEPT=Yes, then ESTABLISHED/RELEATED packets
<para>If you set FASTACCEPT=Yes, then ESTABLISHED/RELATED packets
are accepted early in the INPUT, FORWARD and OUTPUT chains. If you
set FASTACCEPT=Yes then you may not include rules in the ESTABLISHED
or RELATED sections of <ulink
@ -1033,7 +1033,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<filename>/etc/shorewall6</filename> are compare with that of
<filename>/var/lib/shorewall6/restore</filename>). If set to No,
then the times are compared with that of
/var/lib/shorewall6/firewall, which is consistant with the way that
/var/lib/shorewall6/firewall, which is consistent with the way that
<command>restart -f</command> works.</para>
</listitem>
</varlistentry>
@ -1501,7 +1501,7 @@ LOG:info:,bar net fw</programlisting>
<listitem>
<para>Added in Shorewall 4.5.7. Specifies the pathname of the nfacct
utiliity. If not specified, Shorewall will use the PATH settting to
utility. If not specified, Shorewall will use the PATH setting to
find the program.</para>
</listitem>
</varlistentry>
@ -1541,7 +1541,7 @@ LOG:info:,bar net fw</programlisting>
<para>Optimization category 2 - Added in Shorewall 4.4.7. When
set, suppresses superfluous ACCEPT rules in a policy chain that
implements an ACCEPT policy. Any ACCEPT rules that immediately
preceed the final blanket ACCEPT rule in the chain are now
precede the final blanket ACCEPT rule in the chain are now
omitted.</para>
</listitem>
@ -1628,7 +1628,7 @@ LOG:info:,bar net fw</programlisting>
compatible if they differ only in their destination ports and
comments.</para>
<para>A sequence of combatible rules is often generated when
<para>A sequence of compatible rules is often generated when
macros are invoked in sequence.</para>
<para>The ability to combine adjacent rules is limited by two
@ -1643,12 +1643,12 @@ LOG:info:,bar net fw</programlisting>
<listitem>
<para>Rules may only be combined until the length of their
concatinated comment reaches 255 characters.</para>
concatenated comment reaches 255 characters.</para>
</listitem>
</itemizedlist>
<para>When either of these limits would be exceeded, the current
combined rule is emitted and the compiler attemts to combine
combined rule is emitted and the compiler attempts to combine
rules beginning with the one that would have exceeded the limit.
Adjacent combined comments are separated by ', '. Empty comments
at the front of a group of combined comments are replaced by
@ -1680,7 +1680,7 @@ LOG:info:,bar net fw</programlisting>
<listitem>
<para>Rules with comments &lt;empty&gt;, "FOO" and "BAR"
would reult in the combined comment "Others and FOO, BAR".
would result in the combined comment "Others and FOO, BAR".
Note: Optimize level 16 requires "Extended Multi-port
Match" in your iptables and kernel.</para>
</listitem>
@ -1771,7 +1771,7 @@ LOG:info:,bar net fw</programlisting>
role="bold">"</emphasis></term>
<listitem>
<para>Eariler generations of Shorewall6 Lite required that remote
<para>Earlier generations of Shorewall6 Lite required that remote
root login via ssh be enabled in order to use the
<command>load</command> and <command>reload</command> commands.
Beginning with release 3.9.5, you may define an alternative means
@ -1787,7 +1787,7 @@ LOG:info:,bar net fw</programlisting>
<member>RCP_COMMAND: scp ${files}
${root}@${system}:${destination}</member>
</simplelist>Shell variables that will be set when the commands
are envoked are as follows:<simplelist>
are invoked are as follows:<simplelist>
<member><replaceable>root</replaceable> - root user. Normally
<option>root</option> but may be overridden using the '-r'
option.</member>
@ -2020,7 +2020,7 @@ LOG:info:,bar net fw</programlisting>
stops. Creating and removing this file allows Shorewall6 to work
with your distribution's initscripts. For RedHat, this should be set
to /var/lock/subsys/shorewall6. For Debian, the value is
/var/lock/shorewall6 and in LEAF it is /var/run/shorwall.</para>
/var/lock/shorewall6 and in LEAF it is /var/run/shorewall.</para>
</listitem>
</varlistentry>
@ -2281,7 +2281,7 @@ LOG:info:,bar net fw</programlisting>
<listitem>
<para>Added in Shorewall 4.4.27. Normally, when Shorewall creates a
Netfilter chain that relates to an interface, it uses the
interfaces's logical name as the base of the chain name. For
interface's logical name as the base of the chain name. For
example, if the logical name for an interface is OAKLAND, then the
input chain for traffic arriving on that interface would be
'OAKLAND_in'. If this option is set to Yes, then the physical name
@ -2415,7 +2415,7 @@ LOG:info:,bar net fw</programlisting>
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-ipsec(5), shorewall6-maclist(5), shorewall6-masq(5),
shorewall6-nat(5), shorewall6-netmap(5),
shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-providers(5), shorewall6-proxyarp(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6-tcclasses(5),
shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5),

20
Shorewall6/manpages/shorewall6.xml
View File

@ -637,7 +637,7 @@
<emphasis role="bold">q</emphasis> subtracts one from the effective
VERBOSITY. Alternatively, <emphasis role="bold">v</emphasis> may be
followed immediately with one of -1,0,1,2 to specify a specify VERBOSITY.
There may be no white space between <emphasis role="bold">v</emphasis> and
There may be no white-space between <emphasis role="bold">v</emphasis> and
the VERBOSITY.</para>
<para>The <emphasis>options</emphasis> may also include the letter
@ -699,7 +699,7 @@
<term><emphasis role="bold">check</emphasis></term>
<listitem>
<para>Compiles the configuraton in the specified
<para>Compiles the configuration in the specified
<emphasis>directory</emphasis> and discards the compiled output
script. If no <emphasis>directory</emphasis> is given, then
/etc/shorewall6 is assumed.</para>
@ -757,7 +757,7 @@
<para>When -e is specified, the compilation is being performed on a
system other than where the compiled script will run. This option
disables certain configuration options that require the script to be
compiled where it is to be run. The use of -e requires the presense
compiled where it is to be run. The use of -e requires the presence
of a configuration file named <filename>capabilities</filename>
which may be produced using the command <emphasis
role="bold">shorewall6-lite show -f capabilities &gt;
@ -897,7 +897,7 @@
<term><emphasis role="bold">forget</emphasis></term>
<listitem>
<para>Deletes /var/lib/shorewall6/<emphasis>filenam</emphasis>e and
<para>Deletes /var/lib/shorewall6/<emphasis>filename</emphasis> and
/var/lib/shorewall6/save. If no <emphasis>filename</emphasis> is
given then the file specified by RESTOREFILE in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5) is
@ -926,7 +926,7 @@
and raw table PREROUTING chains.</para>
<para>The trace records are written to the kernel's log buffer with
faciility = kernel and priority = warning, and they are routed from
facility = kernel and priority = warning, and they are routed from
there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) --
Shorewall has no control over where the messages go; consult your
logging daemon's documentation.</para>
@ -1030,7 +1030,7 @@
<para>The <replaceable>iptables match expression</replaceable> must
be one given in the <command>iptrace</command> command being
cancelled.</para>
canceled.</para>
</listitem>
</varlistentry>
@ -1327,7 +1327,7 @@
<term><emphasis role="bold">config</emphasis></term>
<listitem>
<para>Dispays distribution-specific defaults.</para>
<para>Displays distribution-specific defaults.</para>
</listitem>
</varlistentry>
@ -1455,7 +1455,7 @@
<para>Update: In Shorewall6 4.4.20, a new LEGACY_FASTSTART option
was added to <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5). When
LEGACY_FASTSTART=No, the modificaiotn times of files in
LEGACY_FASTSTART=No, the modification times of files in
/etc/shorewall6 are compared with that of
/var/lib/shorewall6/firewall (the compiled script that last
started/restarted the firewall).</para>
@ -1513,7 +1513,7 @@
<replaceable>directory</replaceable>; otherwise, a <emphasis
role="bold">start</emphasis> command is performed using the
specified configuration <replaceable>directory</replaceable>. if an
error occurs during the compliation phase of the <emphasis
error occurs during the compilation phase of the <emphasis
role="bold">restart</emphasis> or <emphasis
role="bold">start</emphasis>, the command terminates without
changing the Shorewall6 state. If an error occurs during the
@ -1602,7 +1602,7 @@
<para>shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5),
shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5),
shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),