From 1905003b4ee3d1c99fa1514a3fcf1dd7b585d0a2 Mon Sep 17 00:00:00 2001 From: teastep Date: Thu, 11 Dec 2008 00:06:00 +0000 Subject: [PATCH] Delete files that don't apply to 6 git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8983 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- manpages6/shorewall-masq.xml | 502 ------------------------------- manpages6/shorewall-nat.xml | 154 ---------- manpages6/shorewall-netmap.xml | 114 ------- manpages6/shorewall-proxyarp.xml | 141 --------- manpages6/shorewall-rfc1918.xml | 100 ------ 5 files changed, 1011 deletions(-) delete mode 100644 manpages6/shorewall-masq.xml delete mode 100644 manpages6/shorewall-nat.xml delete mode 100644 manpages6/shorewall-netmap.xml delete mode 100644 manpages6/shorewall-proxyarp.xml delete mode 100644 manpages6/shorewall-rfc1918.xml diff --git a/manpages6/shorewall-masq.xml b/manpages6/shorewall-masq.xml deleted file mode 100644 index e185a4a81..000000000 --- a/manpages6/shorewall-masq.xml +++ /dev/null @@ -1,502 +0,0 @@ - - - - - shorewall-masq - - 5 - - - - masq - - Shorewall Masquerade/SNAT definition file - - - - - /etc/shorewall/masq - - - - - Description - - Use this file to define dynamic NAT (Masquerading) and to define - Source NAT (SNAT). - - - The entries in this file are order-sensitive. The first entry that - matches a particular connection will be the one that is used. - - - - If you have more than one ISP, adding entries to this file will - *not* force connections to go out through a particular ISP. You must use - PREROUTING entries in shorewall-tcrules(5) to do - that. - - - The columns in the file are as follows. - - - - INTERFACE - [+]interfacelist[:[digit]][:[address[,address]...[exclusion]] - - - Outgoing interfacelist. Prior to - Shorewall 4.1.4, this must be a single interface name; in 4.1.4 and - later, this may be a comma-separated list of interface names. This - is usually your internet interface. If ADD_SNAT_ALIASES=Yes in - shorewall.conf(5), you may - add ":" and a digit to indicate that you want - the alias added with that name (e.g., eth0:0). This will allow the - alias to be displayed with ifconfig. That is - the only use for the alias name; it may not appear in any other - place in your Shorewall configuration. - - Each interface must match an entry in shorewall-interfaces(5). - Prior to Shorewall 4.1.4, this must be an exact match. - Shorewall-perl 4.1.4 and later allow loose matches to wildcard - entries in shorewall-interfaces(5). For - example, ppp0 in this file - will match a shorewall-interfaces(5) - entry that defines ppp+. - - The interface may be qualified by adding the character ":" - followed by a comma-separated list of destination host or subnet - addresses to indicate that you only want to change the source IP - address for packets being sent to those particular destinations. - Exclusion is allowed (see shorewall-exclusion(5)). - - If you wish to inhibit the action of ADD_SNAT_ALIASES for this - entry then include the ":" but omit the digit: - - eth0: - eth2::192.0.2.32/27 - - Normally Masq/SNAT rules are evaluated after those for - one-to-one NAT (defined in shorewall-nat(5)). If you want the - rule to be applied before one-to-one NAT rules, prefix the interface - name with "+": - - +eth0 - +eth0:192.0.2.32/27 - +eth0:2 - - This feature should only be required if you need to insert - rules in this file that preempt entries in shorewall-nat(5). - - - - - SOURCE (Formerly called SUBNET) - - - {interface[[:]exclusion]|address[,address][exclusion]} - - - Set of hosts that you wish to masquerade. You can specify this - as an address (net or host) or as an - interface. If you give the name of an - interface, the interface must be up before you start the firewall - (Shorewall will use your main routing table to determine the - appropriate addresses to masquerade). - - In order to exclude a address of the specified SOURCE, you may - append an exclusion ("!" and a comma-separated - list of IP addresses (host or net) that you wish to exclude (see - shorewall-exclusion(5))). - Note that with Shorewall-perl, a colon (":") must appear between an - interface name and the - exclusion; - - Example (shorewall-shell): - eth1!192.168.1.4,192.168.32.0/27 - - Example (shorewall-perl): - eth1:!192.168.1.4,192.168.32.0/27 - - In that example traffic from eth1 would be masqueraded unless - it came from 192.168.1.4 or 196.168.32.0/27 - - - - - ADDRESS (Optional) - [-|NONAT|[SAME:[nodst:]][address-or-address-range[,address-or-address-range]...][:lowport-highport][:random]|detect|random] - - - If you specify an address here, SNAT will be used and this - will be the source address. If ADD_SNAT_ALIASES is set to Yes or yes - in shorewall.conf(5) then - Shorewall will automatically add this address to the INTERFACE named - in the first column. - - You may also specify a range of up to 256 IP addresses if you - want the SNAT address to be assigned from that range in a - round-robin fashion by connection. The range is specified by - first.ip.in.range-last.ip.in.range. - Beginning with Shorewall 4.0.6, you may follow the port range - with :random in which case - assignment of ports from the list will be random. random may also be specified by itself in - this column in which case random local port assignments are made for - the outgoing connections. - - Example: 206.124.146.177-206.124.146.180 - - You may also use the special value "detect" which causes - Shorewall to determine the IP addresses configured on the interface - named in the INTERFACES column and substitute them in this - column. - - Finally, you may also specify a comma-separated list of ranges - and/or addresses in this column. - - This column may not contain DNS Names. - - Normally, Netfilter will attempt to retain the source port - number. You may cause netfilter to remap the source port by - following an address or range (if any) by ":" and a port range with - the format - lowport-highport. If this - is done, you must specify "tcp" or "udp" in the PROTO column. - - Examples: - - 192.0.2.4:5000-6000 - :4000-5000 - - You can invoke the SAME target rather than the SNAT target by - prefixing the column contents with . - - SAME works like SNAT with the exception that the same local IP - address is assigned to each connection from a local address to a - given remote address. - - If the option is included, then the - same source address is used for a given internal system regardless - of which remote system is involved. - Support for the SAME target is scheduled for removal from - the Linux kernel in 2008. - - - If you simply place NONAT in - this column, no rewriting of the source IP address or port number - will be performed. This is useful if you want particular traffic to - be exempt from the entries that follow in the file. - - If you want to leave this column empty but you need to specify - the next column then place a hyphen ("-") here. - - - - - PROTO (Optional) - {-|protocol-name|protocol-number} - - - If you wish to restrict this entry to a particular protocol - then enter the protocol name (from protocols(5)) or number - here. - - - - - PORT(S) (Optional) - - [port-name-or-number[,port-name-or-number]...] - - - If the PROTO column specifies TCP (protocol 6) or UDP - (protocol 17) then you may list one or more port numbers (or names - from services(5)) separated by commas or you may list a single port - range - (lowport:highport). - - Where a comma-separated list is given, your kernel and - iptables must have multiport match support and a maximum of 15 ports - may be listed. - - - - - IPSEC (Optional) - - [option[,option]...] - - - If you specify a value other than "-" in this column, you must - be running kernel 2.6 and your kernel and iptables must include - policy match support. - - Comma-separated list of options from the following. Only - packets that will be encrypted via an SA that matches these options - will have their source address changed. - - - - reqid=number - - - where number is specified using - setkey(8) using the 'unique:number option - for the SPD level. - - - - - spi=<number> - - - where number is the SPI of the SA - used to encrypt/decrypt packets. - - - - - proto=ah|esp|ipcomp - - - IPSEC Encapsulation Protocol - - - - - mss=number - - - sets the MSS field in TCP packets - - - - - mode=transport|tunnel - - - IPSEC mode - - - - - tunnel-src=address[/mask] - - - only available with mode=tunnel - - - - - tunnel-dst=address[/mask] - - - only available with mode=tunnel - - - - - strict - - - Means that packets must match all rules. - - - - - next - - - Separates rules; can only be used with strict - - - - - - - - MARK - [!]value[/mask][:C] - - - Defines a test on the existing packet or connection mark. The - rule will match only if the test returns true. - - If you don't want to define a test but need to specify - anything in the following columns, place a "-" in this field. - - - - ! - - - Inverts the test (not equal) - - - - - value - - - Value of the packet or connection mark. - - - - - mask - - - A mask to be applied to the mark before testing. - - - - - :C - - - Designates a connection mark. If omitted, the packet - mark's value is tested. This option is only supported by - Shorewall-perl. - - - - - - - - - - Examples - - - - Example 1: - - - You have a simple masquerading setup where eth0 connects to a - DSL or cable modem and eth1 connects to your local network with - subnet 192.168.0.0/24. - - Your entry in the file can be either: - - #INTERFACE SOURCE - eth0 eth1 - - or - - #INTERFACE SOURCE - eth0 192.168.0.0/24 - - - - - Example 2: - - - You add a router to your local network to connect subnet - 192.168.1.0/24 which you also want to masquerade. You then add a - second entry for eth0 to this file: - - #INTERFACE SOURCE - eth0 192.168.1.0/24 - - - - - Example 3: - - - You have an IPSEC tunnel through ipsec0 and you want to - masquerade packets coming from 192.168.1.0/24 but only if these - packets are destined for hosts in 10.1.1.0/24: - - #INTERFACE SOURCE - ipsec0:10.1.1.0/24 196.168.1.0/24 - - - - - Example 4: - - - You want all outgoing traffic from 192.168.1.0/24 through eth0 - to use source address 206.124.146.176 which is NOT the primary - address of eth0. You want 206.124.146.176 to be added to eth0 with - name eth0:0. - - #INTERFACE SOURCE ADDRESS - eth0:0 192.168.1.0/24 206.124.146.176 - - - - - Example 5: - - - You want all outgoing SMTP traffic entering the firewall on - eth1 to be sent from eth0 with source IP address 206.124.146.177. - You want all other outgoing traffic from eth1 to be sent from eth0 - with source IP address 206.124.146.176. - - #INTERFACE SOURCE ADDRESS PROTO PORT(S) - eth0 eth1 206.124.146.177 tcp smtp - eth0 eth1 206.124.146.176 - - - The order of the above two rules is significant! - - - - - - - - FILES - - /etc/shorewall/masq - - - - See ALSO - - shorewall(8), shorewall-accounting(5), shorewall-actions(5), - shorewall-blacklist(5), shorewall-exclusion(5), shorewall-hosts(5), - shorewall-interfaces(5), shorewall-ipsec(5), shorewall-maclist(5), - shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), - shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), - shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5), - shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5), - shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5), - shorewall-zones(5) - - diff --git a/manpages6/shorewall-nat.xml b/manpages6/shorewall-nat.xml deleted file mode 100644 index b2045e118..000000000 --- a/manpages6/shorewall-nat.xml +++ /dev/null @@ -1,154 +0,0 @@ - - - - shorewall-nat - - 5 - - - - nat - - Shorewall one-to-one NAT file - - - - - /etc/shorewall/nat - - - - - Description - - This file is used to define one-to-one Network Address Translation - (NAT). - - - If all you want to do is simple port forwarding, do NOT use this - file. See http://www.shorewall.net/FAQ.htm#faq1. - Also, in many cases, Proxy ARP (shorewall-proxyarp(5)) is a better - solution that one-to-one NAT. - - - The columns in the file are as follows. - - - - EXTERNAL - - address - - - External IP Address - this should NOT be the primary IP - address of the interface named in the next column and must not be a - DNS Name. - - If you put COMMENT in this column, the rest of the line will - be attached as a comment to the Netfilter rule(s) generated by the - following entries in the file. The comment will appear delimited by - "/* ... */" in the output of "shorewall show nat" - - To stop the comment from being attached to further rules, - simply include COMMENT on a line by itself. - - - - - INTERFACE - - interfacelist[:[digit]] - - - Interfacees that have the EXTERNAL address. If ADD_IP_ALIASES=Yes in - shorewall.conf(5), - Shorewall will automatically add the EXTERNAL address to this - interface. Also if ADD_IP_ALIASES=Yes, you may follow the interface - name with ":" and a digit to indicate that you - want Shorewall to add the alias with this name (e.g., "eth0:0"). - That allows you to see the alias with ifconfig. That is the only thing that this name is good for -- you - cannot use it anwhere else in your Shorewall configuration. - - - Each interface must match an entry in shorewall-interfaces(5). - Prior to Shorewall 4.1.4, this must be an exact match. - Shorewall-perl 4.1.4 and later allow loose matches to wildcard - entries in shorewall-interfaces(5). For - example, ppp0 in this file - will match a shorewall-interfaces(5) - entry that defines ppp+. - - Prior to Shorewall 4.1.4, - interfacelist must be a single interface - name. Beginning with Shorewall-perl 4.1.4, Shorewall-perl users may - specify a comma-separated list of interfaces. - - If you want to override ADD_IP_ALIASES=Yes for a particular - entry, follow the interface name with ":" and no digit (e.g., - "eth0:"). - - - - - INTERNAL - - address - - - Internal Address (must not be a DNS Name). - - - - - ALL INTERFACES - [Yes|No] - - - If Yes or yes, NAT will be effective from all hosts. If No or - no (or left empty) then NAT will be effective only through the - interface named in the INTERFACE - column. - - - - - LOCAL - [Yes|No] - - - If Yes or yes, NAT will be effective from the firewall - system - - - - - - - FILES - - /etc/shorewall/nat - - - - See ALSO - - http://shorewall.net/NAT.htm - - shorewall(8), shorewall-accounting(5), shorewall-actions(5), - shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5), - shorewall-maclist(5), shorewall-masq(5), shorewall-netmap(5), - shorewall-params(5), shorewall-policy(5), shorewall-providers(5), - shorewall-proxyarp(5), shorewall-route_rules(5), - shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), - shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), - shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5) - - \ No newline at end of file diff --git a/manpages6/shorewall-netmap.xml b/manpages6/shorewall-netmap.xml deleted file mode 100644 index a2955a13d..000000000 --- a/manpages6/shorewall-netmap.xml +++ /dev/null @@ -1,114 +0,0 @@ - - - - shorewall-netmap - - 5 - - - - netmap - - Shorewall NETMAP definition file - - - - - /etc/shorewall/netmap - - - - - Description - - This file is used to map addresses in one network to corresponding - addresses in a second network. - - - To use this file, your kernel and iptables must have NETMAP - support included. - - - The columns in the file are as follows. - - - - TYPE - DNAT|SNAT - - - Must be DNAT or SNAT. - - If DNAT, traffic entering INTERFACE and addressed to NET1 has - it's destination address rewritten to the corresponding address in - NET2. - - If SNAT, traffic leaving INTERFACE with a source address in - NET1 has it's source address rewritten to the corresponding address - in NET2. - - - - - NET1 - - network-address - - - Network in CIDR format (e.g., 192.168.1.0/24). - - - - - INTERFACE - - interface - - - The name of a network interface. The interface must be defined - in shorewall-interfaces(5) - Prior to Shorewall 4.1.4, this must be an exact match. - Shorewall-perl 4.1.4 and later allow loose matches to wildcard - entries in shorewall-interfaces(5). For - example, ppp0 in this file - will match a shorewall-interfaces(8) - entry that defines ppp+. - - - - - NET2 - - network-address - - - Network in CIDR format - - - - - - - FILES - - /etc/shorewall/netmap - - - - See ALSO - - http://shorewall.net/netmap.html - - shorewall(8), shorewall-accounting(5), shorewall-actions(5), - shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5), - shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5), - shorewall-nat(5), shorewall-params(5), shorewall-policy(5), - shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_rules(5), - shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), - shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), - shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5) - - \ No newline at end of file diff --git a/manpages6/shorewall-proxyarp.xml b/manpages6/shorewall-proxyarp.xml deleted file mode 100644 index 99f17e01c..000000000 --- a/manpages6/shorewall-proxyarp.xml +++ /dev/null @@ -1,141 +0,0 @@ - - - - shorewall-proxyarp - - 5 - - - - proxyarp - - Shorewall Proxy ARP file - - - - - /etc/shorewall/proxyarp - - - - - Description - - This file is used to define Proxy ARP. There is one entry in this - file for each IP address to be proxied. - - The columns in the file are as follows. - - - - ADDRESS - - address - - - IP Address. - - - - - INTERFACE - - interface - - - Local interface where system with the ip address in ADDRESS is - connected. - - - - - EXTERNAL - - interface - - - External Interface to be used to access this system from the - Internet. - - - - - HAVEROUTE - [-|Yes|No] - - - If there is already a route from the firewall to the host - whose address is given, enter Yes - or yes in this column. Otherwise, - enter no or No or leave the column empty and Shorewall - will add the route for you. If Shorewall adds the route,the route - will be persistent if the PERSISTENT column contains Yes; otherwise, shorewall stop or shorewall clear will delete the route. - - - - - PERSISTENT - [-|Yes|No] - - - If HAVEROUTE is No or - no, then the value of this column - determines if the route added by Shorewall persists after a - shorewall stop or a shorewall clear. If this column contains - Yes or yes then the route persists; If the column is - empty or contains No or no then the route is deleted by - shorewall stop or shorewall - clear. - - - - - - - Example - - - - Example 1: - - - Host with IP 155.186.235.6 is connected to interface eth1 and - we want hosts attached via eth0 to be able to access it using that - address. - - #ADDRESS INTERFACE EXTERNAL - 155.186.235.6 eth1 eth0 - - - - - - - FILES - - /etc/shorewall/proxyarp - - - - See ALSO - - http://shorewall.net/ProxyARP.htm - - shorewall(8), shorewall-accounting(5), shorewall-actions(5), - shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5), - shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5), - shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), - shorewall-policy(5), shorewall-providers(5), shorewall-route_rules(5), - shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), - shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), - shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5) - - \ No newline at end of file diff --git a/manpages6/shorewall-rfc1918.xml b/manpages6/shorewall-rfc1918.xml deleted file mode 100644 index a3bf4dcc8..000000000 --- a/manpages6/shorewall-rfc1918.xml +++ /dev/null @@ -1,100 +0,0 @@ - - - - shorewall-rfc1918 - - 5 - - - - rfc1918 - - Shorewall file - - - - - /usr/share/shorewall/rfc1918 - - - - - Description - - The rfc1918 file determines the handling of connections under the - norfc1918 option in shorewall-interfaces(5). Do not - modify /usr/share/shorewall/rfc1918; if you need to - change norfc1918 handling, then copy - /usr/share/shorewall/rfc1918 to - /etc/shorewall/rfc1918 and modify the copy. - - The released version of this file logs and drops packets from the - three address ranges reserved by RFC 1918: - -
- 10.0.0.0/8 -172.16.0.0/12 -192.168.0.0/16 -
- - The columns in the file are as follows. - - - - SUBNET - - address - - - Subnet address in CIDR format. - - - - - TARGET - {RETURN|DROP|logdrop} - - - RETURN causes packets to/from - the specified subnet to be processed normally by the applicable - rules and policies. - - DROP causes packets from the - specified subnet to be silently dropped. - - logdrop causes packets from - the specified subnet to be logged at the level specified by the - RFC1918_LOG_LEVEL option in shorewall.conf(5). - - - - - Also, please see the RFC1918_STRICT option in shorewall.conf(5). - - - - FILES - - /usr/share/shorewall/rfc1918 - - /etc/shorewall/rfc1918 - - - - See ALSO - - shorewall(8), shorewall-accounting(5), shorewall-actions(5), - shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5), - shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5), - shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), - shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), - shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5), - shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5), - shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5), - shorewall-zones(5) - - \ No newline at end of file