diff --git a/manpages6/shorewall-masq.xml b/manpages6/shorewall-masq.xml
deleted file mode 100644
index e185a4a81..000000000
--- a/manpages6/shorewall-masq.xml
+++ /dev/null
@@ -1,502 +0,0 @@
-
-
-
-
- shorewall-masq
-
- 5
-
-
-
- masq
-
- Shorewall Masquerade/SNAT definition file
-
-
-
-
- /etc/shorewall/masq
-
-
-
-
- Description
-
- Use this file to define dynamic NAT (Masquerading) and to define
- Source NAT (SNAT).
-
-
- The entries in this file are order-sensitive. The first entry that
- matches a particular connection will be the one that is used.
-
-
-
- If you have more than one ISP, adding entries to this file will
- *not* force connections to go out through a particular ISP. You must use
- PREROUTING entries in shorewall-tcrules(5) to do
- that.
-
-
- The columns in the file are as follows.
-
-
-
- INTERFACE - [+]interfacelist[:[digit]][:[address[,address]...[exclusion]]
-
-
- Outgoing interfacelist. Prior to
- Shorewall 4.1.4, this must be a single interface name; in 4.1.4 and
- later, this may be a comma-separated list of interface names. This
- is usually your internet interface. If ADD_SNAT_ALIASES=Yes in
- shorewall.conf(5), you may
- add ":" and a digit to indicate that you want
- the alias added with that name (e.g., eth0:0). This will allow the
- alias to be displayed with ifconfig. That is
- the only use for the alias name; it may not appear in any other
- place in your Shorewall configuration.
-
- Each interface must match an entry in shorewall-interfaces(5).
- Prior to Shorewall 4.1.4, this must be an exact match.
- Shorewall-perl 4.1.4 and later allow loose matches to wildcard
- entries in shorewall-interfaces(5). For
- example, ppp0 in this file
- will match a shorewall-interfaces(5)
- entry that defines ppp+.
-
- The interface may be qualified by adding the character ":"
- followed by a comma-separated list of destination host or subnet
- addresses to indicate that you only want to change the source IP
- address for packets being sent to those particular destinations.
- Exclusion is allowed (see shorewall-exclusion(5)).
-
- If you wish to inhibit the action of ADD_SNAT_ALIASES for this
- entry then include the ":" but omit the digit:
-
- eth0:
- eth2::192.0.2.32/27
-
- Normally Masq/SNAT rules are evaluated after those for
- one-to-one NAT (defined in shorewall-nat(5)). If you want the
- rule to be applied before one-to-one NAT rules, prefix the interface
- name with "+":
-
- +eth0
- +eth0:192.0.2.32/27
- +eth0:2
-
- This feature should only be required if you need to insert
- rules in this file that preempt entries in shorewall-nat(5).
-
-
-
-
- SOURCE (Formerly called SUBNET)
- -
- {interface[[:]exclusion]|address[,address][exclusion]}
-
-
- Set of hosts that you wish to masquerade. You can specify this
- as an address (net or host) or as an
- interface. If you give the name of an
- interface, the interface must be up before you start the firewall
- (Shorewall will use your main routing table to determine the
- appropriate addresses to masquerade).
-
- In order to exclude a address of the specified SOURCE, you may
- append an exclusion ("!" and a comma-separated
- list of IP addresses (host or net) that you wish to exclude (see
- shorewall-exclusion(5))).
- Note that with Shorewall-perl, a colon (":") must appear between an
- interface name and the
- exclusion;
-
- Example (shorewall-shell):
- eth1!192.168.1.4,192.168.32.0/27
-
- Example (shorewall-perl):
- eth1:!192.168.1.4,192.168.32.0/27
-
- In that example traffic from eth1 would be masqueraded unless
- it came from 192.168.1.4 or 196.168.32.0/27
-
-
-
-
- ADDRESS (Optional) - [-|NONAT|[SAME:[nodst:]][address-or-address-range[,address-or-address-range]...][:lowport-highport][:random]|detect|random]
-
-
- If you specify an address here, SNAT will be used and this
- will be the source address. If ADD_SNAT_ALIASES is set to Yes or yes
- in shorewall.conf(5) then
- Shorewall will automatically add this address to the INTERFACE named
- in the first column.
-
- You may also specify a range of up to 256 IP addresses if you
- want the SNAT address to be assigned from that range in a
- round-robin fashion by connection. The range is specified by
- first.ip.in.range-last.ip.in.range.
- Beginning with Shorewall 4.0.6, you may follow the port range
- with :random in which case
- assignment of ports from the list will be random. random may also be specified by itself in
- this column in which case random local port assignments are made for
- the outgoing connections.
-
- Example: 206.124.146.177-206.124.146.180
-
- You may also use the special value "detect" which causes
- Shorewall to determine the IP addresses configured on the interface
- named in the INTERFACES column and substitute them in this
- column.
-
- Finally, you may also specify a comma-separated list of ranges
- and/or addresses in this column.
-
- This column may not contain DNS Names.
-
- Normally, Netfilter will attempt to retain the source port
- number. You may cause netfilter to remap the source port by
- following an address or range (if any) by ":" and a port range with
- the format
- lowport-highport. If this
- is done, you must specify "tcp" or "udp" in the PROTO column.
-
- Examples:
-
- 192.0.2.4:5000-6000
- :4000-5000
-
- You can invoke the SAME target rather than the SNAT target by
- prefixing the column contents with .
-
- SAME works like SNAT with the exception that the same local IP
- address is assigned to each connection from a local address to a
- given remote address.
-
- If the option is included, then the
- same source address is used for a given internal system regardless
- of which remote system is involved.
- Support for the SAME target is scheduled for removal from
- the Linux kernel in 2008.
-
-
- If you simply place NONAT in
- this column, no rewriting of the source IP address or port number
- will be performed. This is useful if you want particular traffic to
- be exempt from the entries that follow in the file.
-
- If you want to leave this column empty but you need to specify
- the next column then place a hyphen ("-") here.
-
-
-
-
- PROTO (Optional) - {-|protocol-name|protocol-number}
-
-
- If you wish to restrict this entry to a particular protocol
- then enter the protocol name (from protocols(5)) or number
- here.
-
-
-
-
- PORT(S) (Optional) -
- [port-name-or-number[,port-name-or-number]...]
-
-
- If the PROTO column specifies TCP (protocol 6) or UDP
- (protocol 17) then you may list one or more port numbers (or names
- from services(5)) separated by commas or you may list a single port
- range
- (lowport:highport).
-
- Where a comma-separated list is given, your kernel and
- iptables must have multiport match support and a maximum of 15 ports
- may be listed.
-
-
-
-
- IPSEC (Optional) -
- [option[,option]...]
-
-
- If you specify a value other than "-" in this column, you must
- be running kernel 2.6 and your kernel and iptables must include
- policy match support.
-
- Comma-separated list of options from the following. Only
- packets that will be encrypted via an SA that matches these options
- will have their source address changed.
-
-
-
- reqid=number
-
-
- where number is specified using
- setkey(8) using the 'unique:number option
- for the SPD level.
-
-
-
-
- spi=<number>
-
-
- where number is the SPI of the SA
- used to encrypt/decrypt packets.
-
-
-
-
- proto=ah|esp|ipcomp
-
-
- IPSEC Encapsulation Protocol
-
-
-
-
- mss=number
-
-
- sets the MSS field in TCP packets
-
-
-
-
- mode=transport|tunnel
-
-
- IPSEC mode
-
-
-
-
- tunnel-src=address[/mask]
-
-
- only available with mode=tunnel
-
-
-
-
- tunnel-dst=address[/mask]
-
-
- only available with mode=tunnel
-
-
-
-
- strict
-
-
- Means that packets must match all rules.
-
-
-
-
- next
-
-
- Separates rules; can only be used with strict
-
-
-
-
-
-
-
- MARK - [!]value[/mask][:C]
-
-
- Defines a test on the existing packet or connection mark. The
- rule will match only if the test returns true.
-
- If you don't want to define a test but need to specify
- anything in the following columns, place a "-" in this field.
-
-
-
- !
-
-
- Inverts the test (not equal)
-
-
-
-
- value
-
-
- Value of the packet or connection mark.
-
-
-
-
- mask
-
-
- A mask to be applied to the mark before testing.
-
-
-
-
- :C
-
-
- Designates a connection mark. If omitted, the packet
- mark's value is tested. This option is only supported by
- Shorewall-perl.
-
-
-
-
-
-
-
-
-
- Examples
-
-
-
- Example 1:
-
-
- You have a simple masquerading setup where eth0 connects to a
- DSL or cable modem and eth1 connects to your local network with
- subnet 192.168.0.0/24.
-
- Your entry in the file can be either:
-
- #INTERFACE SOURCE
- eth0 eth1
-
- or
-
- #INTERFACE SOURCE
- eth0 192.168.0.0/24
-
-
-
-
- Example 2:
-
-
- You add a router to your local network to connect subnet
- 192.168.1.0/24 which you also want to masquerade. You then add a
- second entry for eth0 to this file:
-
- #INTERFACE SOURCE
- eth0 192.168.1.0/24
-
-
-
-
- Example 3:
-
-
- You have an IPSEC tunnel through ipsec0 and you want to
- masquerade packets coming from 192.168.1.0/24 but only if these
- packets are destined for hosts in 10.1.1.0/24:
-
- #INTERFACE SOURCE
- ipsec0:10.1.1.0/24 196.168.1.0/24
-
-
-
-
- Example 4:
-
-
- You want all outgoing traffic from 192.168.1.0/24 through eth0
- to use source address 206.124.146.176 which is NOT the primary
- address of eth0. You want 206.124.146.176 to be added to eth0 with
- name eth0:0.
-
- #INTERFACE SOURCE ADDRESS
- eth0:0 192.168.1.0/24 206.124.146.176
-
-
-
-
- Example 5:
-
-
- You want all outgoing SMTP traffic entering the firewall on
- eth1 to be sent from eth0 with source IP address 206.124.146.177.
- You want all other outgoing traffic from eth1 to be sent from eth0
- with source IP address 206.124.146.176.
-
- #INTERFACE SOURCE ADDRESS PROTO PORT(S)
- eth0 eth1 206.124.146.177 tcp smtp
- eth0 eth1 206.124.146.176
-
-
- The order of the above two rules is significant!
-
-
-
-
-
-
-
- FILES
-
- /etc/shorewall/masq
-
-
-
- See ALSO
-
- shorewall(8), shorewall-accounting(5), shorewall-actions(5),
- shorewall-blacklist(5), shorewall-exclusion(5), shorewall-hosts(5),
- shorewall-interfaces(5), shorewall-ipsec(5), shorewall-maclist(5),
- shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
- shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
- shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5),
- shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
- shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
- shorewall-zones(5)
-
-
diff --git a/manpages6/shorewall-nat.xml b/manpages6/shorewall-nat.xml
deleted file mode 100644
index b2045e118..000000000
--- a/manpages6/shorewall-nat.xml
+++ /dev/null
@@ -1,154 +0,0 @@
-
-
-
- shorewall-nat
-
- 5
-
-
-
- nat
-
- Shorewall one-to-one NAT file
-
-
-
-
- /etc/shorewall/nat
-
-
-
-
- Description
-
- This file is used to define one-to-one Network Address Translation
- (NAT).
-
-
- If all you want to do is simple port forwarding, do NOT use this
- file. See http://www.shorewall.net/FAQ.htm#faq1.
- Also, in many cases, Proxy ARP (shorewall-proxyarp(5)) is a better
- solution that one-to-one NAT.
-
-
- The columns in the file are as follows.
-
-
-
- EXTERNAL -
- address
-
-
- External IP Address - this should NOT be the primary IP
- address of the interface named in the next column and must not be a
- DNS Name.
-
- If you put COMMENT in this column, the rest of the line will
- be attached as a comment to the Netfilter rule(s) generated by the
- following entries in the file. The comment will appear delimited by
- "/* ... */" in the output of "shorewall show nat"
-
- To stop the comment from being attached to further rules,
- simply include COMMENT on a line by itself.
-
-
-
-
- INTERFACE -
- interfacelist[:[digit]]
-
-
- Interfacees that have the EXTERNAL address. If ADD_IP_ALIASES=Yes in
- shorewall.conf(5),
- Shorewall will automatically add the EXTERNAL address to this
- interface. Also if ADD_IP_ALIASES=Yes, you may follow the interface
- name with ":" and a digit to indicate that you
- want Shorewall to add the alias with this name (e.g., "eth0:0").
- That allows you to see the alias with ifconfig. That is the only thing that this name is good for -- you
- cannot use it anwhere else in your Shorewall configuration.
-
-
- Each interface must match an entry in shorewall-interfaces(5).
- Prior to Shorewall 4.1.4, this must be an exact match.
- Shorewall-perl 4.1.4 and later allow loose matches to wildcard
- entries in shorewall-interfaces(5). For
- example, ppp0 in this file
- will match a shorewall-interfaces(5)
- entry that defines ppp+.
-
- Prior to Shorewall 4.1.4,
- interfacelist must be a single interface
- name. Beginning with Shorewall-perl 4.1.4, Shorewall-perl users may
- specify a comma-separated list of interfaces.
-
- If you want to override ADD_IP_ALIASES=Yes for a particular
- entry, follow the interface name with ":" and no digit (e.g.,
- "eth0:").
-
-
-
-
- INTERNAL -
- address
-
-
- Internal Address (must not be a DNS Name).
-
-
-
-
- ALL INTERFACES - [Yes|No]
-
-
- If Yes or yes, NAT will be effective from all hosts. If No or
- no (or left empty) then NAT will be effective only through the
- interface named in the INTERFACE
- column.
-
-
-
-
- LOCAL - [Yes|No]
-
-
- If Yes or yes, NAT will be effective from the firewall
- system
-
-
-
-
-
-
- FILES
-
- /etc/shorewall/nat
-
-
-
- See ALSO
-
- http://shorewall.net/NAT.htm
-
- shorewall(8), shorewall-accounting(5), shorewall-actions(5),
- shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
- shorewall-maclist(5), shorewall-masq(5), shorewall-netmap(5),
- shorewall-params(5), shorewall-policy(5), shorewall-providers(5),
- shorewall-proxyarp(5), shorewall-route_rules(5),
- shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
- shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
- shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)
-
-
\ No newline at end of file
diff --git a/manpages6/shorewall-netmap.xml b/manpages6/shorewall-netmap.xml
deleted file mode 100644
index a2955a13d..000000000
--- a/manpages6/shorewall-netmap.xml
+++ /dev/null
@@ -1,114 +0,0 @@
-
-
-
- shorewall-netmap
-
- 5
-
-
-
- netmap
-
- Shorewall NETMAP definition file
-
-
-
-
- /etc/shorewall/netmap
-
-
-
-
- Description
-
- This file is used to map addresses in one network to corresponding
- addresses in a second network.
-
-
- To use this file, your kernel and iptables must have NETMAP
- support included.
-
-
- The columns in the file are as follows.
-
-
-
- TYPE - DNAT|SNAT
-
-
- Must be DNAT or SNAT.
-
- If DNAT, traffic entering INTERFACE and addressed to NET1 has
- it's destination address rewritten to the corresponding address in
- NET2.
-
- If SNAT, traffic leaving INTERFACE with a source address in
- NET1 has it's source address rewritten to the corresponding address
- in NET2.
-
-
-
-
- NET1 -
- network-address
-
-
- Network in CIDR format (e.g., 192.168.1.0/24).
-
-
-
-
- INTERFACE -
- interface
-
-
- The name of a network interface. The interface must be defined
- in shorewall-interfaces(5)
- Prior to Shorewall 4.1.4, this must be an exact match.
- Shorewall-perl 4.1.4 and later allow loose matches to wildcard
- entries in shorewall-interfaces(5). For
- example, ppp0 in this file
- will match a shorewall-interfaces(8)
- entry that defines ppp+.
-
-
-
-
- NET2 -
- network-address
-
-
- Network in CIDR format
-
-
-
-
-
-
- FILES
-
- /etc/shorewall/netmap
-
-
-
- See ALSO
-
- http://shorewall.net/netmap.html
-
- shorewall(8), shorewall-accounting(5), shorewall-actions(5),
- shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
- shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
- shorewall-nat(5), shorewall-params(5), shorewall-policy(5),
- shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_rules(5),
- shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
- shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
- shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)
-
-
\ No newline at end of file
diff --git a/manpages6/shorewall-proxyarp.xml b/manpages6/shorewall-proxyarp.xml
deleted file mode 100644
index 99f17e01c..000000000
--- a/manpages6/shorewall-proxyarp.xml
+++ /dev/null
@@ -1,141 +0,0 @@
-
-
-
- shorewall-proxyarp
-
- 5
-
-
-
- proxyarp
-
- Shorewall Proxy ARP file
-
-
-
-
- /etc/shorewall/proxyarp
-
-
-
-
- Description
-
- This file is used to define Proxy ARP. There is one entry in this
- file for each IP address to be proxied.
-
- The columns in the file are as follows.
-
-
-
- ADDRESS -
- address
-
-
- IP Address.
-
-
-
-
- INTERFACE -
- interface
-
-
- Local interface where system with the ip address in ADDRESS is
- connected.
-
-
-
-
- EXTERNAL -
- interface
-
-
- External Interface to be used to access this system from the
- Internet.
-
-
-
-
- HAVEROUTE - [-|Yes|No]
-
-
- If there is already a route from the firewall to the host
- whose address is given, enter Yes
- or yes in this column. Otherwise,
- enter no or No or leave the column empty and Shorewall
- will add the route for you. If Shorewall adds the route,the route
- will be persistent if the PERSISTENT column contains Yes; otherwise, shorewall stop or shorewall clear will delete the route.
-
-
-
-
- PERSISTENT - [-|Yes|No]
-
-
- If HAVEROUTE is No or
- no, then the value of this column
- determines if the route added by Shorewall persists after a
- shorewall stop or a shorewall clear. If this column contains
- Yes or yes then the route persists; If the column is
- empty or contains No or no then the route is deleted by
- shorewall stop or shorewall
- clear.
-
-
-
-
-
-
- Example
-
-
-
- Example 1:
-
-
- Host with IP 155.186.235.6 is connected to interface eth1 and
- we want hosts attached via eth0 to be able to access it using that
- address.
-
- #ADDRESS INTERFACE EXTERNAL
- 155.186.235.6 eth1 eth0
-
-
-
-
-
-
- FILES
-
- /etc/shorewall/proxyarp
-
-
-
- See ALSO
-
- http://shorewall.net/ProxyARP.htm
-
- shorewall(8), shorewall-accounting(5), shorewall-actions(5),
- shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
- shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
- shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
- shorewall-policy(5), shorewall-providers(5), shorewall-route_rules(5),
- shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
- shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
- shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)
-
-
\ No newline at end of file
diff --git a/manpages6/shorewall-rfc1918.xml b/manpages6/shorewall-rfc1918.xml
deleted file mode 100644
index a3bf4dcc8..000000000
--- a/manpages6/shorewall-rfc1918.xml
+++ /dev/null
@@ -1,100 +0,0 @@
-
-
-
- shorewall-rfc1918
-
- 5
-
-
-
- rfc1918
-
- Shorewall file
-
-
-
-
- /usr/share/shorewall/rfc1918
-
-
-
-
- Description
-
- The rfc1918 file determines the handling of connections under the
- norfc1918 option in shorewall-interfaces(5). Do not
- modify /usr/share/shorewall/rfc1918; if you need to
- change norfc1918 handling, then copy
- /usr/share/shorewall/rfc1918 to
- /etc/shorewall/rfc1918 and modify the copy.
-
- The released version of this file logs and drops packets from the
- three address ranges reserved by RFC 1918:
-
-
- 10.0.0.0/8
-172.16.0.0/12
-192.168.0.0/16
-
-
- The columns in the file are as follows.
-
-
-
- SUBNET -
- address
-
-
- Subnet address in CIDR format.
-
-
-
-
- TARGET - {RETURN|DROP|logdrop}
-
-
- RETURN causes packets to/from
- the specified subnet to be processed normally by the applicable
- rules and policies.
-
- DROP causes packets from the
- specified subnet to be silently dropped.
-
- logdrop causes packets from
- the specified subnet to be logged at the level specified by the
- RFC1918_LOG_LEVEL option in shorewall.conf(5).
-
-
-
-
- Also, please see the RFC1918_STRICT option in shorewall.conf(5).
-
-
-
- FILES
-
- /usr/share/shorewall/rfc1918
-
- /etc/shorewall/rfc1918
-
-
-
- See ALSO
-
- shorewall(8), shorewall-accounting(5), shorewall-actions(5),
- shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
- shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
- shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
- shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
- shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5),
- shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
- shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
- shorewall-zones(5)
-
-
\ No newline at end of file