diff --git a/Shorewall-lite/manpages/shorewall-lite.conf.xml b/Shorewall-lite/manpages/shorewall-lite.conf.xml index a540630bc..0d18603e5 100644 --- a/Shorewall-lite/manpages/shorewall-lite.conf.xml +++ b/Shorewall-lite/manpages/shorewall-lite.conf.xml @@ -141,7 +141,7 @@ stops. Creating and removing this file allows Shorewall to work with your distribution's initscripts. For RedHat, this should be set to /var/lock/subsys/shorewall. For Debian, the value is - /var/state/shorewall and in LEAF it is /var/run/shorwall. + /var/state/shorewall and in LEAF it is /var/run/shorewall. diff --git a/Shorewall-lite/manpages/shorewall-lite.xml b/Shorewall-lite/manpages/shorewall-lite.xml index 6f595298f..47eb8c7c6 100644 --- a/Shorewall-lite/manpages/shorewall-lite.xml +++ b/Shorewall-lite/manpages/shorewall-lite.xml @@ -492,9 +492,9 @@ url="shorewall.conf.html">shorewall.conf(5). Each v adds one to the effective verbosity and each q subtracts one from the effective - VERBOSITY. Anternately, v may be followed + VERBOSITY. Alternately, v may be followed immediately with one of -1,0,1,2 to specify a specify VERBOSITY. There may - be no white space between v and the + be no white-space between v and the VERBOSITY. The options may also include the letter @@ -632,7 +632,7 @@ forget - Deletes /var/lib/shorewall-lite/filename + Deletes /var/lib/shorewall-lite/filename and /var/lib/shorewall-lite/save. If no filename is given then the file specified by RESTOREFILE in The trace records are written to the kernel's log buffer with - faciility = kernel and priority = warning, and they are routed from + facility = kernel and priority = warning, and they are routed from there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) -- Shorewall-lite has no control over where the messages go; consult your logging daemon's documentation. @@ -747,7 +747,7 @@ The iptables match expression must be one given in the iptrace command being - cancelled. + canceled. @@ -875,7 +875,7 @@ config - Dispays distribution-specific defaults. + Displays distribution-specific defaults. diff --git a/Shorewall/manpages/shorewall-accounting.xml b/Shorewall/manpages/shorewall-accounting.xml index 368114ace..e2693f549 100644 --- a/Shorewall/manpages/shorewall-accounting.xml +++ b/Shorewall/manpages/shorewall-accounting.xml @@ -136,7 +136,7 @@ - accounout in the accountout in the OUTPUT section @@ -266,8 +266,8 @@ network - is an IPv4 network in CIDR notation (e.g., + is an IPv4 network in CIDR notation (e.g., 192.168.1.0/24). The network can be as large as a /8 (class A). @@ -300,9 +300,9 @@ INLINE - Added in Shorewall 4.5.16. Allows freeform iptables + Added in Shorewall 4.5.16. Allows free form iptables matches to be specified following a ';'. In the generated - iptables rule(s), the freeform matches will follow any matches + iptables rule(s), the free form matches will follow any matches that are generated by the column contents. @@ -344,7 +344,7 @@ Causes each matching packet to be sent via the currently - loaded logging backend (usually nfnetlink_log) where it is + loaded logging back-end (usually nfnetlink_log) where it is available to accounting daemons through a netlink socket. @@ -455,7 +455,7 @@ (136). You may place a comma-separated list of port names or numbers - in this column if your kernel and iptables include multiport match + in this column if your kernel and iptables include multi-port match support. If the PROTOCOL is ipp2p then @@ -478,14 +478,14 @@ UDP (17), DCCP (33), SCTP (132) or UDPLITE (136). You may place a comma-separated list of port numbers in this - column if your kernel and iptables include multiport match + column if your kernel and iptables include multi-port match support. Beginning with Shorewall 4.5.15, you may place '=' in this column, provided that the DEST PORT(S) column is non-empty. This causes the rule to match when either the source port or the destination port in a packet matches one of the ports specified in - DEST PORTS(S). Use of '=' requires multiport match in your iptables + DEST PORTS(S). Use of '=' requires multi-port match in your iptables and kernel. @@ -608,7 +608,7 @@ The option-list consists of a comma-separated list of options from the following list. Only packets that will be encrypted or have - been de-crypted via an SA that matches these options will have their + been decrypted via an SA that matches these options will have their source address changed. @@ -702,7 +702,7 @@ When used by itself, causes all traffic that will be - encrypted/encapsulated or has been decrypted/un-encapsulted to + encrypted/encapsulated or has been decrypted/un-encapsulated to match the rule. @@ -713,7 +713,7 @@ When used by itself, causes all traffic that will not be - encrypted/encapsulated or has been decrypted/un-encapsulted to + encrypted/encapsulated or has been decrypted/un-encapsulated to match the rule. @@ -770,8 +770,8 @@ role="bold">ACTION and CHAIN, the values -, any and all may be - used as wildcards. Omitted trailing columns are also treated as - wildcard. + used as wildcard'gs. Omitted trailing columns are also treated as + wildcard'g. diff --git a/Shorewall/manpages/shorewall-arprules.xml b/Shorewall/manpages/shorewall-arprules.xml index f3fdedbea..a83570483 100644 --- a/Shorewall/manpages/shorewall-arprules.xml +++ b/Shorewall/manpages/shorewall-arprules.xml @@ -23,13 +23,13 @@ Description - This file was added in Shorwall 4.5.12 and is used to describe + This file was added in Shorewall 4.5.12 and is used to describe low-level rules managed by arptables (8). These rules only affect Address Resolution Protocol (ARP), Reverse Address Resolution Protocol (RARP) and Dynamic Reverse Address Resolution Protocol (DRARP) frames. The columns in the file are as shown below. MAC addresses are - specified normally (6 hexidecimal numbers separated by colons). + specified normally (6 hexadecimal numbers separated by colons). @@ -186,7 +186,7 @@ macmask - Mask for MAC address; must be specified as 6 hexidecimal + Mask for MAC address; must be specified as 6 hexadecimal numbers separated by colons. @@ -249,7 +249,7 @@ macmask - Mask for MAC address; must be specified as 6 hexidecimal + Mask for MAC address; must be specified as 6 hexadecimal numbers separated by colons. @@ -352,7 +352,7 @@ When '!' is specified, the test is inverted and the rule - matches frames which do not match the specifed + matches frames which do not match the specified opcode. @@ -362,7 +362,7 @@ Example - The eth1 interface has both a pubiic IP address and a private + The eth1 interface has both a public IP address and a private address (10.1.10.11/24). When sending ARP requests to 10.1.10.0/24, use the private address as the IP source: diff --git a/Shorewall/manpages/shorewall-blrules.xml b/Shorewall/manpages/shorewall-blrules.xml index ae95ecd32..a5c55a359 100644 --- a/Shorewall/manpages/shorewall-blrules.xml +++ b/Shorewall/manpages/shorewall-blrules.xml @@ -34,7 +34,7 @@ The format of rules in this file is the same as the format of rules in shorewall-rules (5). The - differece in the two files lies in the ACTION (first) column. + difference in the two files lies in the ACTION (first) column. @@ -164,7 +164,7 @@ role="bold">NFLOG[(nflog-parameters)] - queues matching packets to a backend logging daemon via + queues matching packets to a back end logging daemon via a netlink socket then continues to the next rule. See http://www.shorewall.net/shorewall_logging.html. @@ -320,7 +320,7 @@ shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-hosts(5), shorewall-interfaces(5), shorewall-maclist(5), - shoewall6-netmap(5),shorewall-params(5), shorewall-policy(5), + shorewall6-netmap(5),shorewall-params(5), shorewall-policy(5), shorewall-providers(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), diff --git a/Shorewall/manpages/shorewall-conntrack.xml b/Shorewall/manpages/shorewall-conntrack.xml index 0b41e1f30..ae98c6b3a 100644 --- a/Shorewall/manpages/shorewall-conntrack.xml +++ b/Shorewall/manpages/shorewall-conntrack.xml @@ -389,7 +389,7 @@ column, provided that the DEST PORT(S) column is non-empty. This causes the rule to match when either the source port or the destination port in a packet matches one of the ports specified in - DEST PORTS(S). Use of '=' requires multiport match in your iptables + DEST PORTS(S). Use of '=' requires multi-port match in your iptables and kernel. diff --git a/Shorewall/manpages/shorewall-exclusion.xml b/Shorewall/manpages/shorewall-exclusion.xml index 08c21bf15..3bcd0ace7 100644 --- a/Shorewall/manpages/shorewall-exclusion.xml +++ b/Shorewall/manpages/shorewall-exclusion.xml @@ -31,14 +31,14 @@ Description The first form of exclusion is used when you wish to exclude one or - more addresses from a definition. An exclaimation point is followed by a + more addresses from a definition. An exclamation point is followed by a comma-separated list of addresses. The addresses may be single host addresses (e.g., 192.168.1.4) or they may be network addresses in CIDR format (e.g., 192.168.1.0/24). If your kernel and iptables include iprange support, you may also specify ranges of ip addresses of the form lowaddress-highaddress - No embedded whitespace is allowed. + No embedded white-space is allowed. Exclusion can appear after a list of addresses and/or address ranges. In that case, the final list of address is formed by taking the diff --git a/Shorewall/manpages/shorewall-hosts.xml b/Shorewall/manpages/shorewall-hosts.xml index 8cbf91908..e06f6b617 100644 --- a/Shorewall/manpages/shorewall-hosts.xml +++ b/Shorewall/manpages/shorewall-hosts.xml @@ -115,7 +115,7 @@ A comma-separated list of options from the following list. The order in which you list the options is not significant but the list - must have no embedded white space. + must have no embedded white-space. @@ -182,7 +182,7 @@ Connection requests from these hosts are compared against the contents of shorewall-maclist(5). If - this option is specified, the interface must be an ethernet + this option is specified, the interface must be an Ethernet NIC or equivalent and must be up before Shorewall is started. diff --git a/Shorewall/manpages/shorewall-init.xml b/Shorewall/manpages/shorewall-init.xml index c8a535742..7cc013cf9 100644 --- a/Shorewall/manpages/shorewall-init.xml +++ b/Shorewall/manpages/shorewall-init.xml @@ -143,7 +143,7 @@ - On a laptop with both ethernet and wireless interfaces, you will + On a laptop with both Ethernet and wireless interfaces, you will want to make both interfaces optional and set the REQUIRE_INTERFACE option to Yes in shorewall.conf (5) or shorewall6.conf diff --git a/Shorewall/manpages/shorewall-interfaces.xml b/Shorewall/manpages/shorewall-interfaces.xml index 45aeb0dbb..8e190b38f 100644 --- a/Shorewall/manpages/shorewall-interfaces.xml +++ b/Shorewall/manpages/shorewall-interfaces.xml @@ -187,7 +187,7 @@ loc eth2 - A comma-separated list of options from the following list. The order in which you list the options is not significant but the list - should have no embedded white space. + should have no embedded white-space. @@ -283,7 +283,7 @@ loc eth2 -
WARNING: The 'blacklist' - option is ignored on mult-zone + option is ignored on multi-zone interfaces
@@ -420,7 +420,7 @@ loc eth2 - Connection requests from this interface are compared against the contents of shorewall-maclist(5). If - this option is specified, the interface must be an ethernet + this option is specified, the interface must be an Ethernet NIC and must be up before Shorewall is started. @@ -792,7 +792,7 @@ dmz eth2 Example 3: - You have a simple dial-in system with no ethernet + You have a simple dial-in system with no Ethernet connections. FORMAT 2 diff --git a/Shorewall/manpages/shorewall-ipsets.xml b/Shorewall/manpages/shorewall-ipsets.xml index 2db093066..9131d10f1 100644 --- a/Shorewall/manpages/shorewall-ipsets.xml +++ b/Shorewall/manpages/shorewall-ipsets.xml @@ -42,12 +42,13 @@ Whether the set is matched against the packet source or destination is determined by which column the set name appears (SOURCE or DEST). For - those set types that specify a tupple, two alternative syntaxes are + those set types that specify a tuple, two alternative syntaxes are available: [number] - Indicates that 'src' or - 'dst' should repleated number times. Example: myset[2]. + 'dst' should be repeated number times. + Example: myset[2]. [flag,...] where flag is or diff --git a/Shorewall/manpages/shorewall-maclist.xml b/Shorewall/manpages/shorewall-maclist.xml index b4f8fc96a..cb4f798fd 100644 --- a/Shorewall/manpages/shorewall-maclist.xml +++ b/Shorewall/manpages/shorewall-maclist.xml @@ -68,7 +68,7 @@ MAC address of the host -- you do not need to use the Shorewall format for MAC addresses here. If - IP ADDRESSESES is supplied then + IP ADDRESSES is supplied then MAC can be supplied as a dash (-) diff --git a/Shorewall/manpages/shorewall-masq.xml b/Shorewall/manpages/shorewall-masq.xml index 2c45db006..f6168775e 100644 --- a/Shorewall/manpages/shorewall-masq.xml +++ b/Shorewall/manpages/shorewall-masq.xml @@ -60,7 +60,7 @@ added with that name (e.g., eth0:0). This will allow the alias to be displayed with ifconfig. That is the only use for the alias name; it may not appear in any other place in your - Shorewall configuration. + Shorewall configuration. Each interface must match an entry in shorewall-interfaces(5). @@ -80,7 +80,7 @@ eth0(Avvanta) - In that case, you will want to specify the interfaces's + In that case, you will want to specify the interface's address for that provider in the ADDRESS column. The interface may be qualified by adding the character ":" @@ -506,7 +506,7 @@ Switch settings are retained over shorewall restart. - Beginning with Shoreawll 4.5.10, when the + Beginning with Shorewall 4.5.10, when the switch-name is followed by or , then the switch is initialized to off or on respectively by the diff --git a/Shorewall/manpages/shorewall-nat.xml b/Shorewall/manpages/shorewall-nat.xml index 8fb43551b..03d3e506e 100644 --- a/Shorewall/manpages/shorewall-nat.xml +++ b/Shorewall/manpages/shorewall-nat.xml @@ -79,7 +79,7 @@ want Shorewall to add the alias with this name (e.g., "eth0:0"). That allows you to see the alias with ifconfig. That is the only thing that this name is good for -- you - cannot use it anwhere else in your Shorewall configuration. + cannot use it anywhere else in your Shorewall configuration. Each interface must match an entry in Added in Shorewall 4.4.11. If specified, qualifies INTERFACE. - It specifies a SOURCE network for DNAT rules and a DESTINATON + It specifies a SOURCE network for DNAT rules and a DESTINATION network for SNAT rules. @@ -145,7 +145,7 @@ ranges; if the protocol is icmp, this column is interpreted as the destination icmp-type(s). ICMP types may be specified as a numeric - type, a numberic type and code separated by a slash (e.g., 3/4), or + type, a numeric type and code separated by a slash (e.g., 3/4), or a typename. See http://www.shorewall.net/configuration_file_basics.htm#ICMP. diff --git a/Shorewall/manpages/shorewall-providers.xml b/Shorewall/manpages/shorewall-providers.xml index 526ef7f65..65abff752 100644 --- a/Shorewall/manpages/shorewall-providers.xml +++ b/Shorewall/manpages/shorewall-providers.xml @@ -148,7 +148,7 @@ A comma-separated list selected from the following. The order of the options is not significant but the list may contain no - embedded whitespace. + embedded white-space. diff --git a/Shorewall/manpages/shorewall-routestopped.xml b/Shorewall/manpages/shorewall-routestopped.xml index ce2cd3087..745f5eae8 100644 --- a/Shorewall/manpages/shorewall-routestopped.xml +++ b/Shorewall/manpages/shorewall-routestopped.xml @@ -73,7 +73,7 @@ Optional. A comma-separated list of options. The order of the options is not important but the list can contain no embedded - whitespace. The currently-supported options are: + white-space. The currently-supported options are: @@ -121,7 +121,7 @@ notrack - The traffic will be exempted from conntection + The traffic will be exempted from connection tracking. @@ -166,7 +166,7 @@ column, provided that the DEST PORT(S) column is non-empty. This causes the rule to match when either the source port or the destination port in a packet matches one of the ports specified in - DEST PORTS(S). Use of '=' requires multiport match in your iptables + DEST PORTS(S). Use of '=' requires multi-port match in your iptables and kernel. diff --git a/Shorewall/manpages/shorewall-rules.xml b/Shorewall/manpages/shorewall-rules.xml index 9437ad9bb..d9c3d6992 100644 --- a/Shorewall/manpages/shorewall-rules.xml +++ b/Shorewall/manpages/shorewall-rules.xml @@ -24,7 +24,7 @@ Description Entries in this file govern connection establishment by defining - exceptions to the policies layed out in shorewall-policy(5). By default, subsequent requests and responses are automatically allowed using connection tracking. For any particular (source,dest) pair of zones, the @@ -146,7 +146,7 @@ role="bold">RELATED sections must be empty. An except is made if you are running Shorewall 4.4.27 or later and - you have specified a non-defualt value for RELATED_DISPOSITION or + you have specified a non-default value for RELATED_DISPOSITION or RELATED_LOG_LEVEL. In that case, you may have rules in the RELATED section of this file. @@ -243,7 +243,7 @@ Added in Shorewall 4.4.12. Causes addresses and/or port numbers to be added to the named ipset. The - flags specify the address or tupple + flags specify the address or tuple to be added to the set and must match the type of ipset involved. For example, for an iphash ipset, either the SOURCE or DESTINATION address can be added using @@ -360,10 +360,10 @@ Added in Shorewall 4.4.12. Causes an entry to be deleted from the named ipset. The - flags specify the address or tupple + flags specify the address or tuple to be deleted from the set and must match the type of ipset involved. For example, for an iphash ipset, either the SOURCE - or DESTINATION address can be deletec using + or DESTINATION address can be deleted using flags src or dst respectively (see the -D command in @@ -508,7 +508,7 @@ Added in Shorewall 4.5.9.3. Queues matching packets to a - backend logging daemon via a netlink socket then continues to + back end logging daemon via a netlink socket then continues to the next rule. See http://www.shorewall.net/shorewall_logging.html. @@ -621,7 +621,7 @@ Added in Shorewall 4.5.10. Queues matching packets to a - backend logging daemon via a netlink socket then continues to + back end logging daemon via a netlink socket then continues to the next rule. See http://www.shorewall.net/shorewall_logging.html. @@ -706,7 +706,7 @@ Beginning with Shorewall 4.4.13, you may use a zone-list which consists of a comma-separated list of zones declared in shorewall-zones (5). Ths + url="shorewall-zones.html">shorewall-zones (5). This zone-list may be optionally followed by "+" to indicate that the rule is to apply to intra-zone traffic as well as inter-zone traffic. @@ -762,8 +762,8 @@ bindings to be matched. Beginning with Shorewall 4.4.17, the primary IP address of a - firewall interface can be specified by an apersand ('&') - followed by the logican name of the interface as found in the + firewall interface can be specified by an ampersand ('&') + followed by the logical name of the interface as found in the INTERFACE column of shorewall-interfaces (5). @@ -880,7 +880,7 @@ Beginning with Shorewall 4.4.13, you may use a zone-list which consists of a comma-separated list of zones declared in shorewall-zones (5). Ths + url="shorewall-zones.html">shorewall-zones (5). This zone-list may be optionally followed by "+" to indicate that the rule is to apply to intra-zone traffic as well as inter-zone traffic. @@ -965,7 +965,7 @@ name. Beginning with Shorewall 4.4.17, the primary IP address of a - firewall interface can be specified by an apersand ('&') + firewall interface can be specified by an ampersand ('&') followed by the logical name of the interface as found in the INTERFACE column of shorewall-interfaces @@ -973,7 +973,7 @@ The port that the server is listening on may be included and separated from the server's IP - address by ":". If omitted, the firewall will not modifiy the + address by ":". If omitted, the firewall will not modify the destination port. A destination port may only be included if the ACTION is DNAT or icmp, this column is interpreted as the destination icmp-type(s). ICMP types may be - specified as a numeric type, a numberic type and code separated by a + specified as a numeric type, a numeric type and code separated by a slash (e.g., 3/4), or a typename. See http://www.shorewall.net/configuration_file_basics.htm#ICMP. Note that prior to Shorewall 4.4.19, only a single ICMP type may be - listsed. + listed. If the protocol is ipp2p, this column is interpreted as an ipp2p option without the leading @@ -1071,7 +1071,7 @@ 1. There are 15 or less ports listed. 2. No port ranges are included or your kernel and iptables - contain extended multiport match support. + contain extended multi-port match support. @@ -1090,7 +1090,7 @@ column, provided that the DEST PORT(S) column is non-empty. This causes the rule to match when either the source port or the destination port in a packet matches one of the ports specified in - DEST PORTS(S). Use of '=' requires multiport match in your iptables + DEST PORTS(S). Use of '=' requires multi-port match in your iptables and kernel. @@ -1111,7 +1111,7 @@ 1. There are 15 or less ports listed. 2. No port ranges are included or your kernel and iptables - contain extended multiport match support. + contain extended multi-port match support. @@ -1139,7 +1139,7 @@ not match any of the addresses listed. Beginning with Shorewall 4.4.17, the primary IP address of a - firewall interface can be specified by an apersand ('&') + firewall interface can be specified by an ampersand ('&') followed by the logical name of the interface as found in the INTERFACE column of shorewall-interfaces @@ -1187,7 +1187,7 @@ interval (sec or min) and burst is the largest burst permitted. If no burst is given, - a value of 5 is assumed. There may be no no whitespace embedded in + a value of 5 is assumed. There may be no no white-space embedded in the specification. Example: 10/sec:20 @@ -1338,7 +1338,7 @@ TIME - - timeelement[&timelement...] + timeelement[&timeelement...] May be used to limit the rule to a particular time period each @@ -1482,7 +1482,7 @@ Switch settings are retained over shorewall restart. - Beginning with Shoreawll 4.5.10, when the + Beginning with Shorewall 4.5.10, when the switch-name is followed by or , then the switch is initialized to off or on respectively by the @@ -1707,7 +1707,7 @@ Example 10: - Add the tupple (source IP, dest port, dest IP) of an incoming + Add the tuple (source IP, dest port, dest IP) of an incoming SSH connection to the ipset S: #ACTION SOURCE DEST PROTO DEST @@ -1800,7 +1800,7 @@ url="http://www.shorewall.net/shorewall_logging.html">http://www.shorewall.net/shorewall_logging.html shorewall(8), shorewall-accounting(5), shorewall-actions(5), - shorewall-blacklist(5), shorweall-blrules(5), shorewall-hosts(5), + shorewall-blacklist(5), shorewall-blrules(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), shorewall-providers(5), diff --git a/Shorewall/manpages/shorewall-secmarks.xml b/Shorewall/manpages/shorewall-secmarks.xml index 4dd094212..f78b275f8 100644 --- a/Shorewall/manpages/shorewall-secmarks.xml +++ b/Shorewall/manpages/shorewall-secmarks.xml @@ -100,7 +100,7 @@ {P|I|F|O|T}[:{N|I|U|IU|NI|NU|NIU|NUI:E|ER}] - This column determines the CHAIN where the SElinux context is + This column determines the CHAIN where the SELinux context is to be applied: @@ -249,7 +249,7 @@ port ranges; if the protocol is icmp, this column is interpreted as the destination icmp-type(s). ICMP types may be specified as a numeric - type, a numberic type and code separated by a slash (e.g., 3/4), or + type, a numeric type and code separated by a slash (e.g., 3/4), or a typename. See http://www.shorewall.net/configuration_file_basics.htm#ICMP. diff --git a/Shorewall/manpages/shorewall-stoppedrules.xml b/Shorewall/manpages/shorewall-stoppedrules.xml index a3532accb..fcde9dc13 100644 --- a/Shorewall/manpages/shorewall-stoppedrules.xml +++ b/Shorewall/manpages/shorewall-stoppedrules.xml @@ -64,7 +64,7 @@ IP/subnet addresses. If your kernel and iptables include iprange match support, IP address ranges are also allowed. Ipsets and exclusion are also supported. When or interface - are specified, the list must be preceeded by a colon (":"). + are specified, the list must be preceded by a colon (":"). If left empty or supplied as "-", 0.0.0.0/0 is assumed. @@ -84,7 +84,7 @@ IP/subnet addresses. If your kernel and iptables include iprange match support, IP address ranges are also allowed. Ipsets and exclusion are also supported. When or interface - are specified, the list must be preceeded by a colon (":"). + are specified, the list must be preceded by a colon (":"). If left empty or supplied as "-", 0.0.0.0/0 is assumed. @@ -130,7 +130,7 @@ column, provided that the DEST PORT(S) column is non-empty. This causes the rule to match when either the source port or the destination port in a packet matches one of the ports specified in - DEST PORTS(S). Use of '=' requires multiport match in your iptables + DEST PORTS(S). Use of '=' requires multi-port match in your iptables and kernel. diff --git a/Shorewall/manpages/shorewall-tcclasses.xml b/Shorewall/manpages/shorewall-tcclasses.xml index 01a8813e8..32881a297 100644 --- a/Shorewall/manpages/shorewall-tcclasses.xml +++ b/Shorewall/manpages/shorewall-tcclasses.xml @@ -187,13 +187,13 @@ dmax, the maximum delay in milliseconds that the first queued packet for this class should experience. May be expressed as an integer, optionally followed by 'ms' with no - intervening white space (e.g., 10ms). + intervening white-space (e.g., 10ms). HFSC leaf classes may also specify umax, the largest packet expected in this class. May be expressed as an integer. The unit of measure is bytes and the integer may be optionally - followed by 'b' with no intervening white space (e.g., 800b). + followed by 'b' with no intervening white-space (e.g., 800b). umax may only be given if dmax is also given. @@ -436,7 +436,7 @@ than a system having only a single active connection. The classifier (module cls_flow) works around this by letting you define what a 'flow' is. The - clasifier must be used carefully or it can block off all + classifier must be used carefully or it can block off all traffic on an interface! The flow option can be specified for an HTB leaf class (one that has no sub-classes). We recommend that you use the following: @@ -473,7 +473,7 @@ pfifo - When specified for a leaf class, the pfifo queing + When specified for a leaf class, the pfifo queuing discipline is applied to the class rather than the sfq queuing discipline. @@ -687,7 +687,7 @@ can be used to mark packets instead of dropping them. If ecn has been enabled, noecn can be used to turn - it off and vice-a-versa. By default, ecn is + it off and vice-versa. By default, ecn is enabled. @@ -719,8 +719,8 @@ minimum of 100kbps and always be serviced first (because of the low priority number, giving less delay) and will be granted excess bandwidth (up to 180kbps, the class ceiling) first, before any other - traffic. A single VOIP stream, depending upon codecs, after - encapsulation, can take up to 80kbps on a PPOE/DSL link, so we pad a + traffic. A single VoIP stream, depending upon codecs, after + encapsulation, can take up to 80kbps on a PPPoE/DSL link, so we pad a little bit just in case. (TOS byte values 0xb8 and 0x68 are DiffServ classes EF and AFF3-1 respectively and are often used by VOIP devices). diff --git a/Shorewall/manpages/shorewall-tcdevices.xml b/Shorewall/manpages/shorewall-tcdevices.xml index 965436117..b89937460 100644 --- a/Shorewall/manpages/shorewall-tcdevices.xml +++ b/Shorewall/manpages/shorewall-tcdevices.xml @@ -149,7 +149,7 @@ What is described above creates a rate/burst policing filter. Beginning with Shorewall 4.4.25, a rate-estimated policing filter may be configured instead. Rate-estimated filters should be used - with ethernet adapters that have Generic Receive Offload enabled by + with Ethernet adapters that have Generic Receive Offload enabled by default. See Shorewall FAQ 97a. diff --git a/Shorewall/manpages/shorewall-tcfilters.xml b/Shorewall/manpages/shorewall-tcfilters.xml index 29e2c80f0..ba9c5d53e 100644 --- a/Shorewall/manpages/shorewall-tcfilters.xml +++ b/Shorewall/manpages/shorewall-tcfilters.xml @@ -153,7 +153,7 @@ - + diff --git a/Shorewall/manpages/shorewall-tcinterfaces.xml b/Shorewall/manpages/shorewall-tcinterfaces.xml index b9933b7b8..16b28d808 100644 --- a/Shorewall/manpages/shorewall-tcinterfaces.xml +++ b/Shorewall/manpages/shorewall-tcinterfaces.xml @@ -168,7 +168,7 @@ What is described above creates a rate/burst policing filter. Beginning with Shorewall 4.4.25, a rate-estimated policing filter may be configured instead. Rate-estimated filters should be used - with ethernet adapters that have Generic Receive Offload enabled by + with Ethernet adapters that have Generic Receive Offload enabled by default. See Shorewall FAQ 97a. diff --git a/Shorewall/manpages/shorewall-tcpri.xml b/Shorewall/manpages/shorewall-tcpri.xml index a25e69472..1ae5c72f7 100644 --- a/Shorewall/manpages/shorewall-tcpri.xml +++ b/Shorewall/manpages/shorewall-tcpri.xml @@ -131,7 +131,7 @@ [helper] - Optional. Names a Netfiler protocol helper module such as ftp, + Optional. Names a Netfilter protocol helper module such as ftp, sip, amanda, etc. A packet will match if it was accepted by the named helper module. You can also append "-" and a port number to the helper module name (e.g., ftp-21) to specify the port number diff --git a/Shorewall/manpages/shorewall-tcrules.xml b/Shorewall/manpages/shorewall-tcrules.xml index fa3e5bd7b..5f0117363 100644 --- a/Shorewall/manpages/shorewall-tcrules.xml +++ b/Shorewall/manpages/shorewall-tcrules.xml @@ -171,7 +171,7 @@ CT - Mark the connecdtion in the POSTROUTING chain + Mark the connection in the POSTROUTING chain @@ -273,7 +273,7 @@ CT - Mark the connecdtion in the POSTROUTING chain + Mark the connection in the POSTROUTING chain @@ -388,7 +388,7 @@ DIVERT Added in Shorewall 4.5.4 and only available when FORMAT is - 2. Two DIVERT rule should preceed the TPROXY rule and should + 2. Two DIVERT rule should precede the TPROXY rule and should select DEST PORT tcp 80 and SOURCE PORT tcp 80 respectively (assuming that tcp port 80 is being proxied). DIVERT avoids sending packets to the TPROXY target once a socket connection to @@ -565,7 +565,7 @@ to produce class IDs 1:1 through 1:6. But 1:1 is an invalid class ID since the major and minor classes are equal. So you might - chose instent to use IPMARK(src,0xFF,0x10100) as in the example + choose instead to use IPMARK(src,0xFF,0x10100) as in the example above so that all of your minor classes will have a value > 256. @@ -903,7 +903,7 @@ Normal-Service => 0x00 port ranges; if the protocol is icmp, this column is interpreted as the destination icmp-type(s). ICMP types may be specified as a numeric - type, a numberic type and code separated by a slash (e.g., 3/4), or + type, a numeric type and code separated by a slash (e.g., 3/4), or a typename. See http://www.shorewall.net/configuration_file_basics.htm#ICMP. @@ -938,7 +938,7 @@ Normal-Service => 0x00 column, provided that the DEST PORT(S) column is non-empty. This causes the rule to match when either the source port or the destination port in a packet matches one of the ports specified in - DEST PORTS(S). Use of '=' requires multiport match in your iptables + DEST PORTS(S). Use of '=' requires multi-port match in your iptables and kernel. @@ -1139,7 +1139,7 @@ Normal-Service => 0x00 helper - Names a Netfiler protocol helper module + Names a Netfilter protocol helper module such as , , , etc. A packet will match if it was accepted by the named helper module. @@ -1233,7 +1233,7 @@ Normal-Service => 0x00 4:T 0.0.0.0/0 0.0.0.0/0 ipp2p:all SAVE:T 0.0.0.0/0 0.0.0.0/0 all - - - !0 - If a packet hasn't been classifed (packet mark is 0), copy the + If a packet hasn't been classified (packet mark is 0), copy the connection mark to the packet mark. If the packet mark is set, we're done. If the packet is P2P, set the packet mark to 4. If the packet mark has been set, save it to the connection mark. diff --git a/Shorewall/manpages/shorewall-zones.xml b/Shorewall/manpages/shorewall-zones.xml index 4e0f31771..d9056ca7b 100644 --- a/Shorewall/manpages/shorewall-zones.xml +++ b/Shorewall/manpages/shorewall-zones.xml @@ -136,7 +136,7 @@ c:a,b ipv4 default if you leave this column empty or if you enter "-" in the column. Communication with some zone hosts may be encrypted. Encrypted hosts are designated using the - 'ipsec'option in shorewall-hosts(5). @@ -213,8 +213,8 @@ c:a,b ipv4 When specified in the IN_OPTIONS column, causes all traffic from this zone to be passed against the src entries in shorewall-blacklist(5). + role="bold">src entries in shorewall-blacklist(5). When specified in the OUT_OPTIONS column, causes all traffic to this zone to be passed against the The file consists of Shell comments (lines beginning with '#'), blank lines and assignment statements (variable=value). If the - value contains shell metacharacters or white-space, + value contains shell meta characters or white-space, then it must be enclosed in quotes. Example: MACLIST_LOG_LEVEL="NFLOG(1,0,1)". @@ -455,7 +455,7 @@ When set to No or no, blacklists are consulted for every packet - (will slow down your firewall noticably if you have large + (will slow down your firewall noticeably if you have large blacklists). If the BLACKLISTNEWONLY option is not set or is set to the empty value then BLACKLISTNEWONLY=No is assumed. @@ -771,7 +771,7 @@ net all DROP infothen the chain name is 'net2all' the 'net' zone, ESTABLISHED/RELATED packets are ACCEPTED in the 'loc2net' chain. - If you set FASTACCEPT=Yes, then ESTABLISHED/RELEATED packets + If you set FASTACCEPT=Yes, then ESTABLISHED/RELATED packets are accepted early in the INPUT, FORWARD and OUTPUT chains. If you set FASTACCEPT=Yes then you may not include rules in the ESTABLISHED or RELATED sections of then the chain name is 'net2all' /etc/shorewall are compare with that of /var/lib/shorewall/restore). If set to No, then the times are compared with that of /var/lib/shorewall/firewall, - which is consistant with the way that restart -f + which is consistent with the way that restart -f works. @@ -1712,7 +1712,7 @@ LOG:info:,bar net fw Added in Shorewall 4.5.7. Specifies the pathname of the nfacct - utiliity. If not specified, Shorewall will use the PATH settting to + utility. If not specified, Shorewall will use the PATH setting to find the program. @@ -1780,7 +1780,7 @@ LOG:info:,bar net fw Optimization category 2 - Added in Shorewall 4.4.7. When set, suppresses superfluous ACCEPT rules in a policy chain that implements an ACCEPT policy. Any ACCEPT rules that immediately - preceed the final blanket ACCEPT rule in the chain are now + precede the final blanket ACCEPT rule in the chain are now omitted. @@ -1875,7 +1875,7 @@ LOG:info:,bar net fw compatible if they differ only in their destination ports and comments. - A sequence of combatible rules is often generated when + A sequence of compatible rules is often generated when macros are invoked in sequence. The ability to combine adjacent rules is limited by two @@ -1890,12 +1890,12 @@ LOG:info:,bar net fw Rules may only be combined until the length of their - concatinated comment reaches 255 characters. + concatenated comment reaches 255 characters. When either of these limits would be exceeded, the current - combined rule is emitted and the compiler attemts to combine + combined rule is emitted and the compiler attempts to combine rules beginning with the one that would have exceeded the limit. Adjacent combined comments are separated by ', '. Empty comments at the front of a group of combined comments are replaced by @@ -1927,7 +1927,7 @@ LOG:info:,bar net fw Rules with comments <empty>, "FOO" and "BAR" - would reult in the combined comment "Others and FOO, BAR". + would result in the combined comment "Others and FOO, BAR". Note: Optimize level 16 requires "Extended Multi-port Match" in your iptables and kernel. @@ -2018,7 +2018,7 @@ LOG:info:,bar net fw role="bold">" - Eariler generations of Shorewall Lite required that remote + Earlier generations of Shorewall Lite required that remote root login via ssh be enabled in order to use the load and reload commands. Beginning with release 3.9.5, you may define an alternative means @@ -2034,7 +2034,7 @@ LOG:info:,bar net fw RCP_COMMAND: scp ${files} ${root}@${system}:${destination} Shell variables that will be set when the commands - are envoked are as follows: + are invoked are as follows: root - root user. Normally but may be overridden using the '-r' option. @@ -2359,7 +2359,7 @@ LOG:info:,bar net fw stops. Creating and removing this file allows Shorewall to work with your distribution's initscripts. For RedHat and OpenSuSE, this should be set to /var/lock/subsys/shorewall. For Debian, the value - is /var/lock/shorewall and in LEAF it is /var/run/shorwall. + is /var/lock/shorewall and in LEAF it is /var/run/shorewall. @@ -2600,7 +2600,7 @@ LOG:info:,bar net fw detect may be specified for interfaces whose configuration is managed by dhcpcd. Shorewall will use dhcpcd's database to find the - interfaces's gateway. + interface's gateway. @@ -2625,7 +2625,7 @@ LOG:info:,bar net fw Added in Shorewall 4.4.27. Normally, when Shorewall creates a Netfilter chain that relates to an interface, it uses the - interfaces's logical name as the base of the chain name. For + interface's logical name as the base of the chain name. For example, if the logical name for an interface is OAKLAND, then the input chain for traffic arriving on that interface would be 'OAKLAND_in'. If this option is set to Yes, then the physical name diff --git a/Shorewall/manpages/shorewall.xml b/Shorewall/manpages/shorewall.xml index e3d5daeb2..04a946e12 100644 --- a/Shorewall/manpages/shorewall.xml +++ b/Shorewall/manpages/shorewall.xml @@ -720,7 +720,7 @@ q subtracts one from the effective VERBOSITY. Alternatively, v may be followed immediately with one of -1,0,1,2 to specify a specify VERBOSITY. - There may be no white space between v and + There may be no white-space between v and the VERBOSITY. The options may also include the letter @@ -782,7 +782,7 @@ check - Compiles the configuraton in the specified + Compiles the configuration in the specified directory and discards the compiled output script. If no directory is given, then /etc/shorewall is assumed. @@ -846,7 +846,7 @@ When -e is specified, the compilation is being performed on a system other than where the compiled script will run. This option disables certain configuration options that require the script to be - compiled where it is to be run. The use of -e requires the presense + compiled where it is to be run. The use of -e requires the presence of a configuration file named capabilities which may be produced using the command shorewall-lite show -f capabilities > @@ -984,7 +984,7 @@ forget - Deletes /var/lib/shorewall/filename and + Deletes /var/lib/shorewall/filename and /var/lib/shorewall/save. If no filename is given then the file specified by RESTOREFILE in shorewall.conf(5) is @@ -1041,7 +1041,7 @@ and raw table PREROUTING chains. The trace records are written to the kernel's log buffer with - faciility = kernel and priority = warning, and they are routed from + facility = kernel and priority = warning, and they are routed from there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) -- Shorewall has no control over where the messages go; consult your logging daemon's documentation. @@ -1145,7 +1145,7 @@ The iptables match expression must be one given in the iptrace command being - cancelled. + canceled. @@ -1445,7 +1445,7 @@ config - Dispays distribution-specific defaults. + Displays distribution-specific defaults. @@ -1606,7 +1606,7 @@ Update: In Shorewall 4.4.20, a new LEGACY_FASTSTART option was added to shorewall.conf(5). - When LEGACY_FASTSTART=No, the modificaiotn times of files in + When LEGACY_FASTSTART=No, the modification times of files in /etc/shorewall are compared with that of /var/lib/shorewall/firewall (the compiled script that last started/restarted the firewall). @@ -1674,7 +1674,7 @@ directory; otherwise, a start command is performed using the specified configuration directory. if an - error occurs during the compliation phase of the restart or start, the command terminates without changing the Shorewall state. If an error occurs during the diff --git a/Shorewall6-lite/manpages/shorewall6-lite.conf.xml b/Shorewall6-lite/manpages/shorewall6-lite.conf.xml index f7c693117..7b7bbabad 100644 --- a/Shorewall6-lite/manpages/shorewall6-lite.conf.xml +++ b/Shorewall6-lite/manpages/shorewall6-lite.conf.xml @@ -141,7 +141,7 @@ stops. Creating and removing this file allows Shorewall6 to work with your distribution's initscripts. For RedHat, this should be set to /var/lock/subsys/shorewall6. For Debian, the value is - /var/state/shorewall6 and in LEAF it is /var/run/shorwall. + /var/state/shorewall6 and in LEAF it is /var/run/shorewall. diff --git a/Shorewall6-lite/manpages/shorewall6-lite.xml b/Shorewall6-lite/manpages/shorewall6-lite.xml index e62854c8b..f4c66d0ca 100644 --- a/Shorewall6-lite/manpages/shorewall6-lite.xml +++ b/Shorewall6-lite/manpages/shorewall6-lite.xml @@ -492,9 +492,9 @@ url="shorewall.conf.html">shorewall6.conf(5). Each v adds one to the effective verbosity and each q subtracts one from the effective - VERBOSITY. Anternately, v may be followed + VERBOSITY. Alternately, v may be followed immediately with one of -1,0,1,2 to specify a specify VERBOSITY. There may - be no white space between v and the + be no white-space between v and the VERBOSITY. The options may also include the letter @@ -630,7 +630,7 @@ forget - Deletes /var/lib/shorewall6-lite/filename + Deletes /var/lib/shorewall6-lite/filename and /var/lib/shorewall6-lite/save. If no filename is given then the file specified by RESTOREFILE in The trace records are written to the kernel's log buffer with - faciility = kernel and priority = warning, and they are routed from + facility = kernel and priority = warning, and they are routed from there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) -- shorewall6-lite has no control over where the messages go; consult your logging daemon's documentation. @@ -745,7 +745,7 @@ The iptables match expression must be one given in the iptrace command being - cancelled. + canceled. @@ -873,7 +873,7 @@ config - Dispays distribution-specific defaults. + Displays distribution-specific defaults. diff --git a/Shorewall6/manpages/shorewall6-accounting.xml b/Shorewall6/manpages/shorewall6-accounting.xml index 52c0852f7..58e02883a 100644 --- a/Shorewall6/manpages/shorewall6-accounting.xml +++ b/Shorewall6/manpages/shorewall6-accounting.xml @@ -136,7 +136,7 @@ - accounout in the accountout in the OUTPUT section @@ -242,9 +242,9 @@ INLINE - Added in Shorewall 4.5.16. Allows freeform ip6tables + Added in Shorewall 4.5.16. Allows free form ip6tables matches to be specified following a ';'. In the generated - ip6tables rule(s), the freeform matches will follow any + ip6tables rule(s), the free form matches will follow any matches that are generated by the column contents. @@ -286,7 +286,7 @@ Causes each matching packet to be sent via the currently - loaded logging backend (usually nfnetlink_log) where it is + loaded logging back end (usually nfnetlink_log) where it is available to accounting daemons through a netlink socket. @@ -396,7 +396,7 @@ (136). You may place a comma-separated list of port names or numbers - in this column if your kernel and ip6tables include multiport match + in this column if your kernel and ip6tables include multi-port match support. If the PROTOCOL is ipp2p then @@ -419,14 +419,14 @@ UDP (17), DCCP (33), SCTP (132) or UDPLITE (136). You may place a comma-separated list of port numbers in this - column if your kernel and ip6tables include multiport match + column if your kernel and ip6tables include multi-port match support. Beginning with Shorewall 4.5.15, you may place '=' in this column, provided that the DEST PORT(S) column is non-empty. This causes the rule to match when either the source port or the destination port in a packet matches one of the ports specified in - DEST PORTS(S). Use of '=' requires multiport match in your iptables + DEST PORTS(S). Use of '=' requires multi-port match in your iptables and kernel. @@ -549,7 +549,7 @@ The option-list consists of a comma-separated list of options from the following list. Only packets that will be encrypted or have - been de-crypted via an SA that matches these options will have their + been decrypted via an SA that matches these options will have their source address changed. May only be specified when sections are used. @@ -644,7 +644,7 @@ When used by itself, causes all traffic that will be - encrypted/encapsulated or has been decrypted/un-encapsulted to + encrypted/encapsulated or has been decrypted/un-encapsulated to match the rule. @@ -655,7 +655,7 @@ When used by itself, causes all traffic that will not be - encrypted/encapsulated or has been decrypted/un-encapsulted to + encrypted/encapsulated or has been decrypted/un-encapsulated to match the rule. @@ -831,7 +831,7 @@ shorewall6(8), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), - shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), + shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), diff --git a/Shorewall6/manpages/shorewall6-actions.xml b/Shorewall6/manpages/shorewall6-actions.xml index cafe9da88..ae4c579a1 100644 --- a/Shorewall6/manpages/shorewall6-actions.xml +++ b/Shorewall6/manpages/shorewall6-actions.xml @@ -137,7 +137,7 @@ shorewall6(8), shorewall6-accounting(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), - shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), + shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), diff --git a/Shorewall6/manpages/shorewall6-blacklist.xml b/Shorewall6/manpages/shorewall6-blacklist.xml index 1eb9144a7..2d839cbf1 100644 --- a/Shorewall6/manpages/shorewall6-blacklist.xml +++ b/Shorewall6/manpages/shorewall6-blacklist.xml @@ -204,7 +204,7 @@ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), - shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), + shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), diff --git a/Shorewall6/manpages/shorewall6-blrules.xml b/Shorewall6/manpages/shorewall6-blrules.xml index b2f4ea2ad..e3fd69e72 100644 --- a/Shorewall6/manpages/shorewall6-blrules.xml +++ b/Shorewall6/manpages/shorewall6-blrules.xml @@ -35,7 +35,7 @@ The format of rules in this file is the same as the format of rules in shorewall6-rules (5). The - differece in the two files lies in the ACTION (first) column. + difference in the two files lies in the ACTION (first) column. @@ -165,7 +165,7 @@ role="bold">NFLOG[(nflog-parameters)] - queues matching packets to a backend logging daemon via + queues matching packets to a back end logging daemon via a netlink socket then continues to the next rule. See http://www.shorewall.net/shorewall_logging.html. @@ -321,7 +321,7 @@ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), - shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), + shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), diff --git a/Shorewall6/manpages/shorewall6-conntrack.xml b/Shorewall6/manpages/shorewall6-conntrack.xml index f504252a7..2e88a89f0 100644 --- a/Shorewall6/manpages/shorewall6-conntrack.xml +++ b/Shorewall6/manpages/shorewall6-conntrack.xml @@ -392,7 +392,7 @@ DROP:PO - 2001:1.2.3::4 shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), - shorewall6-ipsec(5), shoewall6-netmap(5),shorewall6-params(5), + shorewall6-ipsec(5), shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-proxyarp(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), diff --git a/Shorewall6/manpages/shorewall6-exclusion.xml b/Shorewall6/manpages/shorewall6-exclusion.xml index aa6874ea4..3fcd7ffd0 100644 --- a/Shorewall6/manpages/shorewall6-exclusion.xml +++ b/Shorewall6/manpages/shorewall6-exclusion.xml @@ -31,14 +31,14 @@ Description Exclusion is used when you wish to exclude one or more addresses - from a definition. An exclaimation point is followed by a comma-separated + from a definition. An exclamation point is followed by a comma-separated list of addresses. The addresses may be single host addresses (e.g., fe80::2a0:ccff:fedb:31c4) or they may be network addresses in CIDR format (e.g., fe80::2a0:ccff:fedb:31c4/64). If your kernel and ip6tables include iprange support, you may also specify ranges of ip addresses of the form lowaddress-highaddress - No embedded whitespace is allowed. + No embedded white-space is allowed. Exclusion can appear after a list of addresses and/or address ranges. In that case, the final list of address is formed by taking the @@ -103,7 +103,7 @@ ACCEPT all!z2 net tcp 22 shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), - shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), + shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5), diff --git a/Shorewall6/manpages/shorewall6-hosts.xml b/Shorewall6/manpages/shorewall6-hosts.xml index dfc5c8663..2c6cc8d56 100644 --- a/Shorewall6/manpages/shorewall6-hosts.xml +++ b/Shorewall6/manpages/shorewall6-hosts.xml @@ -117,7 +117,7 @@ An optional comma-separated list of options from the following list. The order in which you list the options is not significant but - the list must have no embedded white space. + the list must have no embedded white-space. @@ -199,7 +199,7 @@ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-interfaces(5), shorewall6-maclist(5), - shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), + shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), diff --git a/Shorewall6/manpages/shorewall6-interfaces.xml b/Shorewall6/manpages/shorewall6-interfaces.xml index 1876a3a4d..05363e71b 100644 --- a/Shorewall6/manpages/shorewall6-interfaces.xml +++ b/Shorewall6/manpages/shorewall6-interfaces.xml @@ -145,7 +145,7 @@ loc eth2 - A comma-separated list of options from the following list. The order in which you list the options is not significant but the list - should have no embedded white space. + should have no embedded white-space. @@ -214,7 +214,7 @@ loc eth2 -
WARNING: The 'blacklist' - option is ignored on mult-zone + option is ignored on multi-zone interfaces
@@ -568,7 +568,7 @@ dmz eth2 - shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-maclist(5), - shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), + shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), diff --git a/Shorewall6/manpages/shorewall6-ipsets.xml b/Shorewall6/manpages/shorewall6-ipsets.xml index 1555164d8..1063977c0 100644 --- a/Shorewall6/manpages/shorewall6-ipsets.xml +++ b/Shorewall6/manpages/shorewall6-ipsets.xml @@ -42,12 +42,12 @@ Whether the set is matched against the packet source or destination is determined by which column the set name appears (SOURCE or DEST). For - those set types that specify a tupple, two alternative syntaxes are + those set types that specify a tuple, two alternative syntaxes are available: [number] - Indicates that 'src' or - 'dst' should repleated number times. Example: myset[2]. + 'dst' should repeated number times. Example: myset[2]. [flag,...] where flag is or @@ -62,7 +62,7 @@ - In a DEST column, the following paris are equivalent: + In a DEST column, the following pairs are equivalent: @@ -130,7 +130,7 @@ shorewall6(8), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), - shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), + shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), diff --git a/Shorewall6/manpages/shorewall6-maclist.xml b/Shorewall6/manpages/shorewall6-maclist.xml index c56a8a0f6..fccbde1f2 100644 --- a/Shorewall6/manpages/shorewall6-maclist.xml +++ b/Shorewall6/manpages/shorewall6-maclist.xml @@ -66,7 +66,7 @@ MAC address of the host -- you do not need to use the shorewall6 format for MAC addresses here. If - IP ADDRESSESES is supplied then + IP ADDRESSES is supplied then MAC can be supplied as a dash (-) @@ -106,7 +106,7 @@ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), - shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), + shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), diff --git a/Shorewall6/manpages/shorewall6-masq.xml b/Shorewall6/manpages/shorewall6-masq.xml index 2877ffa56..fb22d4c6f 100644 --- a/Shorewall6/manpages/shorewall6-masq.xml +++ b/Shorewall6/manpages/shorewall6-masq.xml @@ -73,7 +73,7 @@ eth0(Avvanta) - In that case, you will want to specify the interfaces's + In that case, you will want to specify the interface's address for that provider in the ADDRESS column. The interface may be qualified by adding the character ":" @@ -457,7 +457,7 @@ Switch settings are retained over shorewall restart. - Beginning with Shoreawll 4.5.10, when the + Beginning with Shorewall 4.5.10, when the switch-name is followed by or , then the switch is initialized to off or on respectively by the diff --git a/Shorewall6/manpages/shorewall6-modules.xml b/Shorewall6/manpages/shorewall6-modules.xml index 6e7a2320e..d0fb70a38 100644 --- a/Shorewall6/manpages/shorewall6-modules.xml +++ b/Shorewall6/manpages/shorewall6-modules.xml @@ -86,7 +86,7 @@ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), - shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), + shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), diff --git a/Shorewall6/manpages/shorewall6-nesting.xml b/Shorewall6/manpages/shorewall6-nesting.xml index 38c0c49bd..016a3cace 100644 --- a/Shorewall6/manpages/shorewall6-nesting.xml +++ b/Shorewall6/manpages/shorewall6-nesting.xml @@ -109,7 +109,7 @@ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), - shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), + shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5), diff --git a/Shorewall6/manpages/shorewall6-netmap.xml b/Shorewall6/manpages/shorewall6-netmap.xml index f22e170c8..e2a63620a 100644 --- a/Shorewall6/manpages/shorewall6-netmap.xml +++ b/Shorewall6/manpages/shorewall6-netmap.xml @@ -24,7 +24,7 @@ Description This file is used to map addresses in one network to corresponding - addresses in a second network. It was added in Shorewall6 iin + addresses in a second network. It was added in Shorewall6 4.4.23.3. @@ -121,7 +121,7 @@ Optional - added in Shorewall 4.4.11. If specified, qualifies INTERFACE. It specifies a SOURCE network for DNAT rules and a - DESTINATON network for SNAT rules. + DESTINATION network for SNAT rules. @@ -145,7 +145,7 @@ port ranges; if the protocol is icmp, this column is interpreted as the destination icmp-type(s). ICMP types may be specified as a numeric - type, a numberic type and code separated by a slash (e.g., 3/4), or + type, a numeric type and code separated by a slash (e.g., 3/4), or a typename. See http://www.shorewall.net/configuration_file_basics.htm#ICMP. diff --git a/Shorewall6/manpages/shorewall6-params.xml b/Shorewall6/manpages/shorewall6-params.xml index 8a663d4ad..6af7e81c8 100644 --- a/Shorewall6/manpages/shorewall6-params.xml +++ b/Shorewall6/manpages/shorewall6-params.xml @@ -3,7 +3,7 @@ "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"> - shoewall6-netmap(5),shorewall6-params + shorewall6-netmap(5),shorewall6-params 5 diff --git a/Shorewall6/manpages/shorewall6-policy.xml b/Shorewall6/manpages/shorewall6-policy.xml index 115dd6324..bbeb6d8fa 100644 --- a/Shorewall6/manpages/shorewall6-policy.xml +++ b/Shorewall6/manpages/shorewall6-policy.xml @@ -316,7 +316,7 @@ shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-ipsec(5), shorewall6-maclist(5), shorewall6-masq(5), shorewall6-nat(5), shorewall6-netmap(5), - shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), + shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-proxyarp(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), diff --git a/Shorewall6/manpages/shorewall6-providers.xml b/Shorewall6/manpages/shorewall6-providers.xml index a838a4255..f4eb2117a 100644 --- a/Shorewall6/manpages/shorewall6-providers.xml +++ b/Shorewall6/manpages/shorewall6-providers.xml @@ -137,7 +137,7 @@ A comma-separated list selected from the following. The order of the options is not significant but the list may contain no - embedded whitespace. + embedded white-space. @@ -333,7 +333,7 @@ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), - shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), + shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5), diff --git a/Shorewall6/manpages/shorewall6-proxyndp.xml b/Shorewall6/manpages/shorewall6-proxyndp.xml index 6d5ce16db..face3e91c 100644 --- a/Shorewall6/manpages/shorewall6-proxyndp.xml +++ b/Shorewall6/manpages/shorewall6-proxyndp.xml @@ -23,7 +23,7 @@ Description - This file was added in Shoreall 4.4.16 and is used to define Proxy + This file was added in Shorewall 4.4.16 and is used to define Proxy NDP. There is one entry in this file for each IPv6 address to be proxied. @@ -138,7 +138,7 @@ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-exclusion(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), shorewall6-nesting(5), - shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), + shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), diff --git a/Shorewall6/manpages/shorewall6-routes.xml b/Shorewall6/manpages/shorewall6-routes.xml index 21c905621..0a107734e 100644 --- a/Shorewall6/manpages/shorewall6-routes.xml +++ b/Shorewall6/manpages/shorewall6-routes.xml @@ -96,7 +96,7 @@ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), - shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), + shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), diff --git a/Shorewall6/manpages/shorewall6-routestopped.xml b/Shorewall6/manpages/shorewall6-routestopped.xml index 13b60fde9..a9f89dd9e 100644 --- a/Shorewall6/manpages/shorewall6-routestopped.xml +++ b/Shorewall6/manpages/shorewall6-routestopped.xml @@ -69,7 +69,7 @@ An optional comma-separated list of options. The order of the options is not important but the list can contain no embedded - whitespace. The currently-supported options are: + white-space. The currently-supported options are: @@ -188,7 +188,7 @@ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), - shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), + shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5), diff --git a/Shorewall6/manpages/shorewall6-rtrules.xml b/Shorewall6/manpages/shorewall6-rtrules.xml index fbcea5a52..3ffa107de 100644 --- a/Shorewall6/manpages/shorewall6-rtrules.xml +++ b/Shorewall6/manpages/shorewall6-rtrules.xml @@ -168,7 +168,7 @@ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), - shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), + shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5), diff --git a/Shorewall6/manpages/shorewall6-rules.xml b/Shorewall6/manpages/shorewall6-rules.xml index 57df5143d..3271ebde9 100644 --- a/Shorewall6/manpages/shorewall6-rules.xml +++ b/Shorewall6/manpages/shorewall6-rules.xml @@ -24,7 +24,7 @@ Description Entries in this file govern connection establishment by defining - exceptions to the policies layed out in shorewall6-policy(5). By default, subsequent requests and responses are automatically allowed using connection tracking. For any particular (source,dest) pair of zones, the @@ -138,7 +138,7 @@ role="bold">RELATED sections must be empty. An except is made if you are running Shorewall 4.4.27 or later and - you have specified a non-defualt value for RELATED_DISPOSITION or + you have specified a non-default value for RELATED_DISPOSITION or RELATED_LOG_LEVEL. In that case, you may have rules in the RELATED section of this file. @@ -216,7 +216,7 @@ Added in Shorewall 4.4.12. Causes addresses and/or port numbers to be added to the named ipset. The - flags specify the address or tupple + flags specify the address or tuple to be added to the set and must match the type of ipset involved. For example, for an iphash ipset, either the SOURCE or DESTINATION address can be added using @@ -333,10 +333,10 @@ Added in Shorewall 4.4.12. Causes an entry to be deleted from the named ipset. The - flags specify the address or tupple + flags specify the address or tuple to be deleted from the set and must match the type of ipset involved. For example, for an iphash ipset, either the SOURCE - or DESTINATION address can be deletec using + or DESTINATION address can be deleted using flags src or dst respectively (see the -D command in @@ -482,7 +482,7 @@ Added in Shorewall 4.5.9.3. Queues matching packets to a - backend logging daemon via a netlink socket then continues to + back end logging daemon via a netlink socket then continues to the next rule. See http://www.shorewall.net/shorewall_logging.html. @@ -662,7 +662,7 @@ Beginning with Shorewall 4.4.13, you may use a zone-list which consists of a comma-separated list of zones declared in shorewall-zones (5). Ths + url="shorewall-zones.html">shorewall-zones (5). This zone-list may be optionally followed by "+" to indicate that the rule is to apply to intra-zone traffic as well as inter-zone traffic. @@ -711,8 +711,8 @@ bindings to be matched. Beginning with Shorewall6 4.4.17, the primary IP address of a - firewall interface can be specified by an apersand ('&') - followed by the logican name of the interface as found in the + firewall interface can be specified by an ampersand ('&') + followed by the logical name of the interface as found in the INTERFACE column of shorewall6-interfaces (5). @@ -846,8 +846,8 @@ url="shorewall6-exclusion.html">shorewall6-exclusion(5). Beginning with Shorewall6 4.4.17, the primary IP address of a - firewall interface can be specified by an apersand ('&') - followed by the logican name of the interface as found in the + firewall interface can be specified by an ampersand ('&') + followed by the logical name of the interface as found in the INTERFACE column of shorewall6-interfaces (5). @@ -915,7 +915,7 @@ The port that the server is listening on may be included and separated from the server's IP - address by ":". If omitted, the firewall will not modifiy the + address by ":". If omitted, the firewall will not modify the destination port. A destination port may only be included if the ACTION is DNAT or icmp, this column is interpreted as the destination icmp-type(s). ICMP types may be - specified as a numeric type, a numberic type and code separated by a + specified as a numeric type, a numeric type and code separated by a slash (e.g., 3/4), or a typename. See http://www.shorewall.net/configuration_file_basics.htm#ICMP. Note that prior to Shorewall6 4.4.19, only a single ICMP type may be - listsed. + listed. If the protocol is ipp2p, this column is interpreted as an ipp2p option without the leading @@ -1024,7 +1024,7 @@ 1. There are 15 or less ports listed. 2. No port ranges are included or your kernel and ip6tables - contain extended multiport match support. + contain extended multi-port match support. @@ -1043,7 +1043,7 @@ column, provided that the DEST PORT(S) column is non-empty. This causes the rule to match when either the source port or the destination port in a packet matches one of the ports specified in - DEST PORTS(S). Use of '=' requires multiport match in your iptables + DEST PORTS(S). Use of '=' requires multi-port match in your iptables and kernel. @@ -1063,7 +1063,7 @@ 1. There are 15 or less ports listed. 2. No port ranges are included or your kernel and ip6tables - contain extended multiport match support. + contain extended multi-port match support. @@ -1095,7 +1095,7 @@ interval (sec or min) and burst is the largest burst permitted. If no burst is given, - a value of 5 is assumed. There may be no no whitespace embedded in + a value of 5 is assumed. There may be no no white-space embedded in the specification. Example: 10/sec:20 @@ -1244,7 +1244,7 @@ TIME - - timeelement[&timelement...] + timeelement[&timeelement...] May be used to limit the rule to a particular time period each @@ -1472,7 +1472,7 @@ Switch settings are retained over shorewall6 restart. - Beginning with Shoreawll 4.5.10, when the + Beginning with Shorewall 4.5.10, when the switch-name is followed by or , then the switch is initialized to off or on respectively by the @@ -1645,7 +1645,7 @@ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-blrules(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), - shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), + shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5), diff --git a/Shorewall6/manpages/shorewall6-secmarks.xml b/Shorewall6/manpages/shorewall6-secmarks.xml index ec6d36b83..cbc542431 100644 --- a/Shorewall6/manpages/shorewall6-secmarks.xml +++ b/Shorewall6/manpages/shorewall6-secmarks.xml @@ -100,7 +100,7 @@ {P|I|F|O|T}[:{N|I|U|IU|NI|NU|NIU|NUI:E|ER}] - This column determines the CHAIN where the SElinux context is + This column determines the CHAIN where the SELinux context is to be applied: @@ -243,7 +243,7 @@ port ranges; if the protocol is icmp, this column is interpreted as the destination icmp-type(s). ICMP types may be specified as a numeric - type, a numberic type and code separated by a slash (e.g., 3/4), or + type, a numeric type and code separated by a slash (e.g., 3/4), or a typename. See http://www.shorewall.net/configuration_file_basics.htm#ICMP. @@ -274,7 +274,7 @@ column, provided that the DEST PORT(S) column is non-empty. This causes the rule to match when either the source port or the destination port in a packet matches one of the ports specified in - DEST PORTS(S). Use of '=' requires multiport match in your iptables + DEST PORTS(S). Use of '=' requires multi-port match in your iptables and kernel. @@ -416,7 +416,7 @@ RESTORE I:ER shorewall6(8), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), - shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), + shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5), diff --git a/Shorewall6/manpages/shorewall6-stoppedrules.xml b/Shorewall6/manpages/shorewall6-stoppedrules.xml index c129d1d13..00c6d338d 100644 --- a/Shorewall6/manpages/shorewall6-stoppedrules.xml +++ b/Shorewall6/manpages/shorewall6-stoppedrules.xml @@ -64,7 +64,7 @@ IP/subnet addresses. If your kernel and iptables include iprange match support, IP address ranges are also allowed. Ipsets and exclusion are also supported. When or interface - are specified, the list must be preceeded by a colon (":"). + are specified, the list must be preceded by a colon (":"). If left empty or supplied as "-", ::/0 is assumed. @@ -84,7 +84,7 @@ IP/subnet addresses. If your kernel and iptables include iprange match support, IP address ranges are also allowed. Ipsets and exclusion are also supported. When or interface - are specified, the list must be preceeded by a colon (":"). + are specified, the list must be preceded by a colon (":"). If left empty or supplied as "-", ::/0 is assumed. @@ -130,7 +130,7 @@ column, provided that the DEST PORT(S) column is non-empty. This causes the rule to match when either the source port or the destination port in a packet matches one of the ports specified in - DEST PORTS(S). Use of '=' requires multiport match in your iptables + DEST PORTS(S). Use of '=' requires multi-port match in your iptables and kernel. diff --git a/Shorewall6/manpages/shorewall6-tcclasses.xml b/Shorewall6/manpages/shorewall6-tcclasses.xml index 8955c5e9c..cffe47206 100644 --- a/Shorewall6/manpages/shorewall6-tcclasses.xml +++ b/Shorewall6/manpages/shorewall6-tcclasses.xml @@ -184,13 +184,13 @@ dmax, the maximum delay in milliseconds that the first queued packet for this class should experience. May be expressed as an integer, optionally followed by 'ms' with no - intervening white space (e.g., 10ms). + intervening white-space (e.g., 10ms). HFSC leaf classes may also specify umax, the largest packet expected in this class. May be expressed as an integer. The unit of measure is bytes and the integer may be optionally - followed by 'b' with no intervening white space (e.g., 800b). + followed by 'b' with no intervening white-space (e.g., 800b). umax may only be given if dmax is also given. @@ -388,7 +388,7 @@ than a system having only a single active connection. The classifier (module cls_flow) works around this by letting you define what a 'flow' is. The - clasifier must be used carefully or it can block off all + classifier must be used carefully or it can block off all traffic on an interface! The flow option can be specified for an HTB leaf class (one that has no sub-classes). We recommend that you use the following: @@ -425,7 +425,7 @@ pfifo - When specified for a leaf class, the pfifo queing + When specified for a leaf class, the pfifo queuing discipline is applied to the class rather than the sfq queuing discipline. @@ -671,8 +671,8 @@ minimum of 100kbps and always be serviced first (because of the low priority number, giving less delay) and will be granted excess bandwidth (up to 180kbps, the class ceiling) first, before any other - traffic. A single VOIP stream, depending upon codecs, after - encapsulation, can take up to 80kbps on a PPOE/DSL link, so we pad a + traffic. A single VoIP stream, depending upon codecs, after + encapsulation, can take up to 80kbps on a PPPoE/DSL link, so we pad a little bit just in case. (TOS byte values 0xb8 and 0x68 are DiffServ classes EF and AFF3-1 respectively and are often used by VOIP devices). @@ -725,7 +725,7 @@ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), - shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), + shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcdevices(5), shorewall6-tcrules(5), diff --git a/Shorewall6/manpages/shorewall6-tcdevices.xml b/Shorewall6/manpages/shorewall6-tcdevices.xml index 613ebd905..f1a463a91 100644 --- a/Shorewall6/manpages/shorewall6-tcdevices.xml +++ b/Shorewall6/manpages/shorewall6-tcdevices.xml @@ -150,7 +150,7 @@ What is described above creates a rate/burst policing filter. Beginning with Shorewall 4.4.25, a rate-estimated policing filter may be configured instead. Rate-estimated filters should be used - with ethernet adapters that have Generic Receive Offload enabled by + with Ethernet adapters that have Generic Receive Offload enabled by default. See Shorewall FAQ 97a. @@ -292,7 +292,7 @@ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), - shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), + shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcrules(5), diff --git a/Shorewall6/manpages/shorewall6-tcfilters.xml b/Shorewall6/manpages/shorewall6-tcfilters.xml index c2b5ee9ae..0b81c2be5 100644 --- a/Shorewall6/manpages/shorewall6-tcfilters.xml +++ b/Shorewall6/manpages/shorewall6-tcfilters.xml @@ -149,7 +149,7 @@ - + diff --git a/Shorewall6/manpages/shorewall6-tcinterfaces.xml b/Shorewall6/manpages/shorewall6-tcinterfaces.xml index 297265484..1c2f3603f 100644 --- a/Shorewall6/manpages/shorewall6-tcinterfaces.xml +++ b/Shorewall6/manpages/shorewall6-tcinterfaces.xml @@ -155,7 +155,7 @@ If you don't want any traffic to be dropped, set this to a value to zero in which case Shorewall will not create an ingress - qdisc.Must be set to zero if the REDIRECTED INTERFACES column is + qdisc. Must be set to zero if the REDIRECTED INTERFACES column is non-empty. The optional burst option was added in Shorewall 4.4.18. The @@ -168,7 +168,7 @@ What is described above creates a rate/burst policing filter. Beginning with Shorewall 4.4.25, a rate-estimated policing filter may be configured instead. Rate-estimated filters should be used - with ethernet adapters that have Generic Receive Offload enabled by + with Ethernet adapters that have Generic Receive Offload enabled by default. See Shorewall FAQ 97a. @@ -221,7 +221,7 @@ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-maclist(5), - shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), + shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcpri, shorewall6-tos(5), diff --git a/Shorewall6/manpages/shorewall6-tcpri.xml b/Shorewall6/manpages/shorewall6-tcpri.xml index 143aa89f4..ea84ae6c9 100644 --- a/Shorewall6/manpages/shorewall6-tcpri.xml +++ b/Shorewall6/manpages/shorewall6-tcpri.xml @@ -131,7 +131,7 @@ [helper] - Optional. Names a Netfiler protocol helper module such as ftp, + Optional. Names a Netfilter protocol helper module such as ftp, sip, amanda, etc. A packet will match if it was accepted by the named helper module. You can also append "-" and a port number to the helper module name (e.g., ftp-21) to specify the port number @@ -152,7 +152,7 @@ PRIO(8), shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), - shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), + shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcinterfaces(5), shorewall6-tos(5), diff --git a/Shorewall6/manpages/shorewall6-tcrules.xml b/Shorewall6/manpages/shorewall6-tcrules.xml index f40b27337..6c30ff652 100644 --- a/Shorewall6/manpages/shorewall6-tcrules.xml +++ b/Shorewall6/manpages/shorewall6-tcrules.xml @@ -279,7 +279,7 @@ CT - Mark the connecdtion in the POSTROUTING chain + Mark the connection in the POSTROUTING chain @@ -393,7 +393,7 @@ DIVERT - Added in Shorewall 4.5.3. Two DIVERT rule should preceed + Added in Shorewall 4.5.3. Two DIVERT rule should precede the TPROXY rule and should select DEST PORT tcp 80 and SOURCE PORT tcp 80 respectively (assuming that tcp port 80 is being proxied). DIVERT avoids sending packets to the TPROXY target @@ -731,7 +731,7 @@ Normal-Service => 0x00 iprange match support, IP address ranges are also allowed. List elements may also consist of an interface name followed by ":" and an address (e.g., eth1:<2002:ce7c:92b4::/48>). If the - ACTION column specificies a + ACTION column specifies a classification of the form major:minor then this column may also contain an interface name. @@ -779,7 +779,7 @@ Normal-Service => 0x00 port ranges; if the protocol is ipv6-icmp, this column is interpreted as the destination icmp-type(s). ICMP types may be specified as a numeric - type, a numberic type and code separated by a slash (e.g., 3/4), or + type, a numeric type and code separated by a slash (e.g., 3/4), or a typename. See http://www.shorewall.net/configuration_file_basics.htm#ICMP. @@ -814,7 +814,7 @@ Normal-Service => 0x00 column, provided that the DEST PORT(S) column is non-empty. This causes the rule to match when either the source port or the destination port in a packet matches one of the ports specified in - DEST PORTS(S). Use of '=' requires multiport match in your iptables + DEST PORTS(S). Use of '=' requires multi-port match in your iptables and kernel. @@ -1001,7 +1001,7 @@ Normal-Service => 0x00 helper - Optional. Names a Netfiler protocol + Optional. Names a Netfilter protocol helper module such as , , , etc. A packet will match if it was accepted by the named helper module. @@ -1151,7 +1151,7 @@ Normal-Service => 0x00 4 ::/0 ::/0 ipp2p:all SAVE ::/0 ::/0 all - - - !0 - If a packet hasn't been classifed (packet mark is 0), copy the + If a packet hasn't been classified (packet mark is 0), copy the connection mark to the packet mark. If the packet mark is set, we're done. If the packet is P2P, set the packet mark to 4. If the packet mark has been set, save it to the connection mark. @@ -1184,7 +1184,7 @@ Normal-Service => 0x00 shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-ecn(5), shorewall6-exclusion(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), - shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), + shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), diff --git a/Shorewall6/manpages/shorewall6-template.xml b/Shorewall6/manpages/shorewall6-template.xml index 51b01fabe..f8ec28a42 100644 --- a/Shorewall6/manpages/shorewall6-template.xml +++ b/Shorewall6/manpages/shorewall6-template.xml @@ -54,7 +54,7 @@ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-exclusion(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), shorewall6-nesting(5), - shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), + shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5), diff --git a/Shorewall6/manpages/shorewall6-tos.xml b/Shorewall6/manpages/shorewall6-tos.xml index eadc1d234..24f852858 100644 --- a/Shorewall6/manpages/shorewall6-tos.xml +++ b/Shorewall6/manpages/shorewall6-tos.xml @@ -170,7 +170,7 @@ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), - shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), + shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), diff --git a/Shorewall6/manpages/shorewall6-tunnels.xml b/Shorewall6/manpages/shorewall6-tunnels.xml index 052b93c10..d4452af10 100644 --- a/Shorewall6/manpages/shorewall6-tunnels.xml +++ b/Shorewall6/manpages/shorewall6-tunnels.xml @@ -244,7 +244,7 @@ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), - shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), + shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), diff --git a/Shorewall6/manpages/shorewall6-vardir.xml b/Shorewall6/manpages/shorewall6-vardir.xml index 9752e8833..064245aeb 100644 --- a/Shorewall6/manpages/shorewall6-vardir.xml +++ b/Shorewall6/manpages/shorewall6-vardir.xml @@ -55,7 +55,7 @@ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), - shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), + shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5), diff --git a/Shorewall6/manpages/shorewall6-zones.xml b/Shorewall6/manpages/shorewall6-zones.xml index 23c93b365..ab40949cc 100644 --- a/Shorewall6/manpages/shorewall6-zones.xml +++ b/Shorewall6/manpages/shorewall6-zones.xml @@ -134,7 +134,7 @@ c:a,b ipv6 default if you leave this column empty or if you enter "-" in the column. Communication with some zone hosts may be encrypted. Encrypted hosts are designated using the - 'ipsec'option in shorewall6-hosts(5). @@ -211,8 +211,8 @@ c:a,b ipv6 When specified in the IN_OPTIONS column, causes all traffic from this zone to be passed against the src entries in shorewall6-blacklist(5). + role="bold">src entries in shorewall6-blacklist(5). When specified in the OUT_OPTIONS column, causes all traffic to this zone to be passed against the shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), shorewall6-nesting(8), - shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), + shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), diff --git a/Shorewall6/manpages/shorewall6.conf.xml b/Shorewall6/manpages/shorewall6.conf.xml index 474ada7f8..8e1792818 100644 --- a/Shorewall6/manpages/shorewall6.conf.xml +++ b/Shorewall6/manpages/shorewall6.conf.xml @@ -28,7 +28,7 @@ The file consists of Shell comments (lines beginning with '#'), blank lines and assignment statements (variable=value). If the - value contains shell metacharacters or white-space, + value contains shell meta characters or white-space, then it must be enclosed in quotes. Example: LOG_LEVEL="NFLOG(1,0,1)". @@ -59,7 +59,7 @@ For most Shorewall6 logging, a level of 6 (info) is appropriate. Shorewall6 log messages are generated by NetFilter and are logged using - facility 'kern' and the level that you specifify. If you are unsure of the + facility 'kern' and the level that you specify. If you are unsure of the level to choose, 6 (info) is a safe bet. You may specify levels by name or by number. @@ -385,7 +385,7 @@ When set to No or no, blacklists are consulted for every packet - (will slow down your firewall noticably if you have large + (will slow down your firewall noticeably if you have large blacklists). If the BLACKLISTNEWONLY option is not set or is set to the empty value then BLACKLISTNEWONLY=No is assumed. @@ -660,7 +660,7 @@ net all DROP infothen the chain name is 'net2all' the 'net' zone, ESTABLISHED/RELATED packets are ACCEPTED in the 'loc2net' chain. - If you set FASTACCEPT=Yes, then ESTABLISHED/RELEATED packets + If you set FASTACCEPT=Yes, then ESTABLISHED/RELATED packets are accepted early in the INPUT, FORWARD and OUTPUT chains. If you set FASTACCEPT=Yes then you may not include rules in the ESTABLISHED or RELATED sections of then the chain name is 'net2all' /etc/shorewall6 are compare with that of /var/lib/shorewall6/restore). If set to No, then the times are compared with that of - /var/lib/shorewall6/firewall, which is consistant with the way that + /var/lib/shorewall6/firewall, which is consistent with the way that restart -f works. @@ -1501,7 +1501,7 @@ LOG:info:,bar net fw Added in Shorewall 4.5.7. Specifies the pathname of the nfacct - utiliity. If not specified, Shorewall will use the PATH settting to + utility. If not specified, Shorewall will use the PATH setting to find the program. @@ -1541,7 +1541,7 @@ LOG:info:,bar net fw Optimization category 2 - Added in Shorewall 4.4.7. When set, suppresses superfluous ACCEPT rules in a policy chain that implements an ACCEPT policy. Any ACCEPT rules that immediately - preceed the final blanket ACCEPT rule in the chain are now + precede the final blanket ACCEPT rule in the chain are now omitted. @@ -1628,7 +1628,7 @@ LOG:info:,bar net fw compatible if they differ only in their destination ports and comments. - A sequence of combatible rules is often generated when + A sequence of compatible rules is often generated when macros are invoked in sequence. The ability to combine adjacent rules is limited by two @@ -1643,12 +1643,12 @@ LOG:info:,bar net fw Rules may only be combined until the length of their - concatinated comment reaches 255 characters. + concatenated comment reaches 255 characters. When either of these limits would be exceeded, the current - combined rule is emitted and the compiler attemts to combine + combined rule is emitted and the compiler attempts to combine rules beginning with the one that would have exceeded the limit. Adjacent combined comments are separated by ', '. Empty comments at the front of a group of combined comments are replaced by @@ -1680,7 +1680,7 @@ LOG:info:,bar net fw Rules with comments <empty>, "FOO" and "BAR" - would reult in the combined comment "Others and FOO, BAR". + would result in the combined comment "Others and FOO, BAR". Note: Optimize level 16 requires "Extended Multi-port Match" in your iptables and kernel. @@ -1771,7 +1771,7 @@ LOG:info:,bar net fw role="bold">" - Eariler generations of Shorewall6 Lite required that remote + Earlier generations of Shorewall6 Lite required that remote root login via ssh be enabled in order to use the load and reload commands. Beginning with release 3.9.5, you may define an alternative means @@ -1787,7 +1787,7 @@ LOG:info:,bar net fw RCP_COMMAND: scp ${files} ${root}@${system}:${destination} Shell variables that will be set when the commands - are envoked are as follows: + are invoked are as follows: root - root user. Normally but may be overridden using the '-r' option. @@ -2020,7 +2020,7 @@ LOG:info:,bar net fw stops. Creating and removing this file allows Shorewall6 to work with your distribution's initscripts. For RedHat, this should be set to /var/lock/subsys/shorewall6. For Debian, the value is - /var/lock/shorewall6 and in LEAF it is /var/run/shorwall. + /var/lock/shorewall6 and in LEAF it is /var/run/shorewall. @@ -2281,7 +2281,7 @@ LOG:info:,bar net fw Added in Shorewall 4.4.27. Normally, when Shorewall creates a Netfilter chain that relates to an interface, it uses the - interfaces's logical name as the base of the chain name. For + interface's logical name as the base of the chain name. For example, if the logical name for an interface is OAKLAND, then the input chain for traffic arriving on that interface would be 'OAKLAND_in'. If this option is set to Yes, then the physical name @@ -2415,7 +2415,7 @@ LOG:info:,bar net fw shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-ipsec(5), shorewall6-maclist(5), shorewall6-masq(5), shorewall6-nat(5), shorewall6-netmap(5), - shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), + shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-proxyarp(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5), diff --git a/Shorewall6/manpages/shorewall6.xml b/Shorewall6/manpages/shorewall6.xml index 201830323..3048f2fcc 100644 --- a/Shorewall6/manpages/shorewall6.xml +++ b/Shorewall6/manpages/shorewall6.xml @@ -637,7 +637,7 @@ q subtracts one from the effective VERBOSITY. Alternatively, v may be followed immediately with one of -1,0,1,2 to specify a specify VERBOSITY. - There may be no white space between v and + There may be no white-space between v and the VERBOSITY. The options may also include the letter @@ -699,7 +699,7 @@ check - Compiles the configuraton in the specified + Compiles the configuration in the specified directory and discards the compiled output script. If no directory is given, then /etc/shorewall6 is assumed. @@ -757,7 +757,7 @@ When -e is specified, the compilation is being performed on a system other than where the compiled script will run. This option disables certain configuration options that require the script to be - compiled where it is to be run. The use of -e requires the presense + compiled where it is to be run. The use of -e requires the presence of a configuration file named capabilities which may be produced using the command shorewall6-lite show -f capabilities > @@ -897,7 +897,7 @@ forget - Deletes /var/lib/shorewall6/filename and + Deletes /var/lib/shorewall6/filename and /var/lib/shorewall6/save. If no filename is given then the file specified by RESTOREFILE in shorewall6.conf(5) is @@ -926,7 +926,7 @@ and raw table PREROUTING chains. The trace records are written to the kernel's log buffer with - faciility = kernel and priority = warning, and they are routed from + facility = kernel and priority = warning, and they are routed from there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) -- Shorewall has no control over where the messages go; consult your logging daemon's documentation. @@ -1030,7 +1030,7 @@ The iptables match expression must be one given in the iptrace command being - cancelled. + canceled. @@ -1327,7 +1327,7 @@ config - Dispays distribution-specific defaults. + Displays distribution-specific defaults. @@ -1455,7 +1455,7 @@ Update: In Shorewall6 4.4.20, a new LEGACY_FASTSTART option was added to shorewall6.conf(5). When - LEGACY_FASTSTART=No, the modificaiotn times of files in + LEGACY_FASTSTART=No, the modification times of files in /etc/shorewall6 are compared with that of /var/lib/shorewall6/firewall (the compiled script that last started/restarted the firewall). @@ -1513,7 +1513,7 @@ directory; otherwise, a start command is performed using the specified configuration directory. if an - error occurs during the compliation phase of the restart or start, the command terminates without changing the Shorewall6 state. If an error occurs during the @@ -1602,7 +1602,7 @@ shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), - shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), + shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),