diff --git a/Shorewall-lite/manpages/shorewall-lite.xml b/Shorewall-lite/manpages/shorewall-lite.xml
index 9de8835ad..4036c2d25 100644
--- a/Shorewall-lite/manpages/shorewall-lite.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.xml
@@ -11,11 +11,27 @@
shorewall-lite
- Administration tool for Shoreline Firewall Lite
- (Shorewall-lite)
+ Administration tool for Shoreline Firewall Lite (Shorewall
+ Lite)
+
+ shorewall-lite
+
+ |
+
+ -options
+
+
+
+ interface[:host-list]
+
+ zone
+
+
shorewall-lite
@@ -37,11 +53,28 @@
-options
-
+
- shorewall
+ shorewall-lite
+
+ |
+
+ -options
+
+
+
+ interface[:host-list]
+
+ zone
+
+
+
+ shorewall-lite|
@@ -50,7 +83,8 @@
- interface
+ { interface |
+ provider }
@@ -63,8 +97,7 @@
- { interface |
- provider }
+ address
@@ -78,11 +111,13 @@
+
+
- shorewall
+ shorewall-lite|
@@ -98,7 +133,8 @@
shorewall-lite
- |
+ |-options
@@ -124,7 +160,8 @@
-options
-
+
@@ -158,6 +195,19 @@
choice="plain">address1address2
+
+ shorewall-lite
+
+ |
+
+ -options
+
+
+
+ iptables match
+ expression
+
+
shorewall-lite
@@ -198,6 +248,19 @@
address
+
+ shorewall-lite
+
+ |
+
+ -options
+
+
+
+ iptables match
+ expression
+
+
shorewall-lite
@@ -219,8 +282,24 @@
-options
+
+
+
+
+ shorewall-lite
+
+ choice="opt">|
+
+ -options
+
+
+
+
+
+
+
+ directory
@@ -260,8 +339,10 @@
+
+
- {|||}
+ {|||}
chain
@@ -291,7 +372,7 @@
+ choice="req">
@@ -305,7 +386,7 @@
-
+
@@ -346,7 +427,7 @@
-
+
@@ -377,7 +458,8 @@
-options
-
+
@@ -385,7 +467,7 @@
DescriptionThe shorewall-lite utility is used to control the Shoreline Firewall
- (Shorewall) Lite.
+ Lite (Shorewall Lite).
@@ -393,12 +475,12 @@
The and options are
used for debugging. See http://www.shorewall.net/starting_and_stopping.htm#Trace.
+ url="http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace">http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace.
The nolock prevents the command from
- attempting to acquire the Shorewall Lite lockfile. It is useful if you
- need to include shorewall-lite commands in the
- started extension script.
+ attempting to acquire the Shorewall-lite lockfile. It is useful if you
+ need to include shorewall commands in
+ /etc/shorewall/started.
The options control the amount of output that
the command produces. They consist of a sequence of the letters shorewall-interfaces(5)
file. A host-list is comma-separated list whose
- elements are a host or network address.
+ elements are host or network addresses.The add command is not very robust. If
there are errors in the host-list,
you may see a large number of error messages yet a subsequent
- shorewall show zones command will indicate
- that all hosts were added. If this happens, replace
+ shorewall-lite show zones command will
+ indicate that all hosts were added. If this happens, replace
add by delete and run the
same command again. Then enter the correct command.
@@ -463,10 +545,16 @@
clear
- Clear will remove all rules and chains installed by Shorewall
- Lite. The firewall is then wide open and unprotected. Existing
- connections are untouched. Clear is often used to see if the
- firewall is causing connection problems.
+ Clear will remove all rules and chains installed by
+ Shorewall-lite. The firewall is then wide open and unprotected.
+ Existing connections are untouched. Clear is often used to see if
+ the firewall is causing connection problems.
+
+ If is given, the command will be processed
+ by the compiled script that executed the last successful start, restart or refresh command if that script exists.
@@ -516,8 +604,11 @@
The -x option causes actual
packet and byte counts to be displayed. Without that option, these
counts are abbreviated. The -m
- option causes any MAC addresses included in Shorewall Lite log
+ option causes any MAC addresses included in Shorewall-lite log
messages to be displayed.
+
+ The -l option causes the rule
+ number for each Netfilter rule to be displayed.
@@ -541,7 +632,7 @@
and /var/lib/shorewall-lite/save. If no
filename is given then the file specified by
RESTOREFILE in shorewall-lite.conf(5) is
+ url="shorewall.conf.html">shorewall.conf(5) is
assumed.
@@ -558,8 +649,9 @@
hits
- Generates several reports from Shorewall Lite log messages in
- the current log file.
+ Generates several reports from Shorewall-lite log messages in
+ the current log file. If the option is included,
+ the reports are restricted to log messages generated today.
@@ -582,12 +674,33 @@
+
+ iptrace
+
+
+ This is a low-level debugging command that causes iptables
+ TRACE log records to be created. See iptables(8) for details.
+
+ The iptables match expression must
+ be one or more matches that may appear in both the raw table OUTPUT
+ and raw table PREROUTING chains.
+
+ The trace records are written to the kernel's log buffer with
+ faciility = kernel and priority = warning, and they are routed from
+ there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) --
+ Shorewall-lite has no control over where the messages go; consult
+ your logging daemon's documentation.
+
+
+
logdropCauses traffic from the listed addresses
- to be logged then discarded.
+ to be logged then discarded. Logging occurs at the log level
+ specified by the BLACKLIST_LOGLEVEL setting in shorewall.conf (5).
@@ -595,9 +708,9 @@
logwatch
- Monitors the log file specified by theLOGFILE option in shorewall-lite.conf(5) and
- produces an audible alarm when new Shorewall Lite messages are
+ Monitors the log file specified by the LOGFILE option in
+ shorewall.conf(5) and
+ produces an audible alarm when new Shorewall-lite messages are
logged. The -m option causes the
MAC address of each packet source to be displayed if that
information is available. The
@@ -615,7 +728,22 @@
Causes traffic from the listed addresses
- to be logged then rejected.
+ to be logged then rejected. Logging occurs at the log level
+ specified by the BLACKLIST_LOGLEVEL setting in shorewall.conf (5).
+
+
+
+
+ noiptrace
+
+
+ This is a low-level debugging command that cancels a trace
+ started by a preceding iptrace command.
+
+ The iptables match expression must
+ be one given in the iptrace command being
+ cancelled.
@@ -633,10 +761,10 @@
Restart is similar to shorewall-lite
- start but assumes that the firewall is already started.
- Existing connections are maintained.
+ start except that it assumes that the firewall is already
+ started. Existing connections are maintained.
- The option causes Shorewall to avoid
+ The option causes Shorewall-lite to avoid
updating the routing table(s).The option causes the connection tracking
@@ -649,14 +777,14 @@
restore
- Restore Shorewall Lite to a state saved using the Restore Shorewall-lite to a state saved using the shorewall-lite save command. Existing
connections are maintained. The filename names
a restore file in /var/lib/shorewall-lite created using shorewall-lite save; if no
- filename is given then Shorewall Lite will be
+ filename is given then Shorewall-lite will be
restored from the file specified by the RESTOREFILE option in shorewall-lite.conf(5).
+ url="shorewall.conf.html">shorewall.conf(5).
@@ -667,11 +795,10 @@
The dynamic blacklist is stored in
/var/lib/shorewall-lite/save. The state of the firewall is stored in
/var/lib/shorewall-lite/filename for use by the
- shorewall-lite restore and
- shorewall-lite -f start commands.
- If filename is not given then the state is
- saved in the file specified by the RESTOREFILE option in shorewall-lite.conf(5).
+ shorewall-lite restore. If
+ filename is not given then the state is saved
+ in the file specified by the RESTOREFILE option in shorewall.conf(5).
@@ -683,15 +810,6 @@
arguments:
-
- actions
-
-
- Produces a report about the available actions (built-in,
- standard and user-defined).
-
-
-
capabilities
@@ -704,8 +822,8 @@
- [ [ ] chain
- ... ]
+ [ [ ] chain...
+ ]The rules in each chain are
@@ -721,20 +839,25 @@
Netfilter table to display. The default is filter.
+ The -l option causes
+ the rule number for each Netfilter rule to be
+ displayed.
+
If the t option and the
keyword are both omitted and any of the
listed chains do not exist, a usage
- message will be displayed.
+ message is displayed.
- classifiers
+ classifiers|filtersDisplays information about the packet classifiers
- defined on the system 10-080213-8397as a result of traffic
- shaping configuration.
+ defined on the system as a result of traffic shaping
+ configuration.
@@ -756,15 +879,44 @@
- mangle
+ ip
- Displays the Netfilter mangle table using the command
- iptables -t mangle -L -n
- -v.The -x option
- is passed directly through to iptables and causes actual
- packet and byte counts to be displayed. Without this option,
- those counts are abbreviated.
+ Displays the system's IPv4 configuration.
+
+
+
+
+ ipa
+
+
+ Added in Shorewall 4.4.17. Displays the per-IP
+ accounting counters (shorewall-accounting
+ (5)).
+
+
+
+
+ log
+
+
+ Displays the last 20 Shorewall-lite messages from the
+ log file specified by the LOGFILE option in shorewall.conf(5). The
+ -m option causes the MAC
+ address of each packet source to be displayed if that
+ information is available.
+
+
+
+
+ marks
+
+
+ Added in Shorewall 4.4.26. Displays the various fields
+ in packet marks giving the min and max value (in both decimal
+ and hex) and the applicable mask (in hex).
@@ -781,6 +933,39 @@
+
+ policies
+
+
+ Added in Shorewall 4.4.4. Displays the applicable policy
+ between each pair of zones. Note that implicit intrazone
+ ACCEPT policies are not displayed for zones associated with a
+ single network where that network doesn't specify
+ .
+
+
+
+
+ routing
+
+
+ Displays the system's IPv4 routing configuration.
+
+
+
+
+ raw
+
+
+ Displays the Netfilter raw table using the command
+ iptables -t raw -L -n -v.The
+ -x option is passed directly
+ through to iptables and causes actual packet and byte counts
+ to be displayed. Without this option, those counts are
+ abbreviated.
+
+
+
tc
@@ -794,8 +979,8 @@
zones
- Displays the current composition of the Shorewall Lite
- zones on the system.
+ Displays the current composition of the Shorewall zones
+ on the system.
@@ -806,17 +991,10 @@
start
- Start shorewall Lite. Existing connections through
+ Start Shorewall Lite. Existing connections through
shorewall-lite managed interfaces are untouched. New connections
will be allowed only if they are allowed by the firewall rules or
- policies. If -f is specified, the
- saved configuration specified by the RESTOREFILE option in shorewall-lite.conf(5) will
- be restored if that saved configuration exists and has been modified
- more recently than the files in /etc/shorewall.
-
- The option causes Shorewall to avoid
- updating the routing table(s).
+ policies.The option causes the connection tracking
table to be flushed; the conntrack utility must
@@ -831,11 +1009,18 @@
Stops the firewall. All existing connections, except those
listed in shorewall-routestopped(5)
- or permitted by the ADMINISABSENTMINDED option in shorewall.conf(5),
- are taken down. The only new traffic permitted through the firewall
- is from systems listed in shorewall.conf(5), are taken down.
+ The only new traffic permitted through the firewall is from systems
+ listed in shorewall-routestopped(5)
or by ADMINISABSENTMINDED.
+
+ If is given, the command will be processed
+ by the compiled script that executed the last successful start, restart or refresh command if that script exists.
@@ -852,7 +1037,9 @@
version
- Displays Shorewall-lite's version.
+ Displays Shorewall's version. The option
+ is included for compatibility with earlier Shorewall releases and is
+ ignored.
@@ -871,13 +1058,13 @@
url="http://www.shorewall.net/starting_and_stopping_shorewall.htm">http://www.shorewall.net/starting_and_stopping_shorewall.htm
shorewall-accounting(5), shorewall-actions(5),
- shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
- shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
+ shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
+ shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5),
shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
- shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5),
- shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
- shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
- shorewall-zones(5)
+ shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5),
+ shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5),
+ shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),
+ shorewall-tunnels(5), shorewall-zones(5)
diff --git a/Shorewall6-lite/manpages/shorewall6-lite.xml b/Shorewall6-lite/manpages/shorewall6-lite.xml
index 6195168c4..7155a7282 100644
--- a/Shorewall6-lite/manpages/shorewall6-lite.xml
+++ b/Shorewall6-lite/manpages/shorewall6-lite.xml
@@ -11,11 +11,27 @@
shorewall6-lite
- Administration tool for Shoreline Firewall 6 Lite
- (Shorewall6-lite)
+ Administration tool for Shoreline 6 Firewall Lite (Shorewall6
+ Lite)
+
+ shorewall6-lite
+
+ |
+
+ -options
+
+
+
+ interface[:host-list]
+
+ zone
+
+
shorewall6-lite
@@ -37,11 +53,28 @@
-options
-
+
- shorewall
+ shorewall6-lite
+
+ |
+
+ -options
+
+
+
+ interface[:host-list]
+
+ zone
+
+
+
+ shorewall6-lite|
@@ -78,11 +111,13 @@
+
+
- shorewall
+ shorewall6-lite|
@@ -98,7 +133,8 @@
shorewall6-lite
- |
+ |-options
@@ -124,7 +160,52 @@
-options
-
+
+
+
+
+ shorewall6-lite
+
+ |
+
+ -options
+
+
+
+
+ address
+ mask
+
+ address/vlsm
+
+
+
+
+ shorewall6-lite
+
+ |
+
+ -options
+
+
+
+ address1address2
+
+
+
+ shorewall6-lite
+
+ |
+
+ -options
+
+
+
+ iptables match
+ expression
@@ -167,6 +248,19 @@
address
+
+ shorewall6-lite
+
+ |
+
+ -options
+
+
+
+ iptables match
+ expression
+
+
shorewall6-lite
@@ -188,8 +282,24 @@
-options
+
+
+
+
+ shorewall6-lite
+
+ choice="opt">|
+
+ -options
+
+
+
+
+
+
+
+ directory
@@ -229,8 +339,10 @@
+
+
- {||}
+ {|||}
chain
@@ -260,7 +372,7 @@
+ choice="req">
@@ -274,7 +386,7 @@
-
+
@@ -311,8 +423,11 @@
-options
- ---
+
+
+
+
+
@@ -343,7 +458,8 @@
-options
-
+
@@ -351,7 +467,7 @@
DescriptionThe shorewall6-lite utility is used to control the Shoreline
- Firewall 6 (Shorewall6) Lite.
+ Firewall Lite (Shorewall Lite).
@@ -359,19 +475,19 @@
The and options are
used for debugging. See http://www.shorewall.net/starting_and_stopping.htm#Trace.
+ url="http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace">http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace.
The nolock prevents the command from
- attempting to acquire the Shorewall6 Lite lockfile. It is useful if you
- need to include shorewall6-lite commands in the
- started extension script.
+ attempting to acquire the shorewall6-lite lockfile. It is useful if you
+ need to include shorewall commands in
+ /etc/shorewall/started.
The options control the amount of output that
the command produces. They consist of a sequence of the letters v and q. If the
options are omitted, the amount of output is determined by the setting of
the VERBOSITY parameter in shorewall6.conf(5). Each shorewall6.conf(5). Each v adds one to the effective verbosity and each
q subtracts one from the effective
VERBOSITY. Anternately, v may be followed
@@ -390,6 +506,29 @@
The available commands are listed below.
+
+ add
+
+
+ Adds a list of hosts or subnets to a dynamic zone usually used
+ with VPN's.
+
+ The interface argument names an interface
+ defined in the shorewall-interfaces(5)
+ file. A host-list is comma-separated list whose
+ elements are host or network addresses.
+ The add command is not very robust. If
+ there are errors in the host-list,
+ you may see a large number of error messages yet a subsequent
+ shorewall6-lite show zones command will
+ indicate that all hosts were added. If this happens, replace
+ add by delete and run the
+ same command again. Then enter the correct command.
+
+
+
+
allow
@@ -406,10 +545,31 @@
clear
- Clear will remove all rules and chains installed by Shorewall6
- Lite. The firewall is then wide open and unprotected. Existing
- connections are untouched. Clear is often used to see if the
- firewall is causing connection problems.
+ Clear will remove all rules and chains installed by
+ shorewall6-lite. The firewall is then wide open and unprotected.
+ Existing connections are untouched. Clear is often used to see if
+ the firewall is causing connection problems.
+
+ If is given, the command will be processed
+ by the compiled script that executed the last successful start, restart or refresh command if that script exists.
+
+
+
+
+ delete
+
+
+ The delete command reverses the effect of an earlier add command.
+
+ The interface argument names an interface
+ defined in the shorewall-interfaces(5)
+ file. A host-list is comma-separated list whose
+ elements are a host or network address.
@@ -444,8 +604,11 @@
The -x option causes actual
packet and byte counts to be displayed. Without that option, these
counts are abbreviated. The -m
- option causes any MAC addresses included in Shorewall6 Lite log
+ option causes any MAC addresses included in shorewall6-lite log
messages to be displayed.
+
+ The -l option causes the rule
+ number for each Netfilter rule to be displayed.
@@ -469,7 +632,7 @@
and /var/lib/shorewall6-lite/save. If no
filename is given then the file specified by
RESTOREFILE in shorewall6-lite.conf(5) is
+ url="shorewall.conf.html">shorewall6.conf(5) is
assumed.
@@ -486,8 +649,47 @@
hits
- Generates several reports from Shorewall6 Lite log messages in
- the current log file.
+ Generates several reports from shorewall6-lite log messages in
+ the current log file. If the option is included,
+ the reports are restricted to log messages generated today.
+
+
+
+
+ ipcalc
+
+
+ Ipcalc displays the network address, broadcast address,
+ network in CIDR notation and netmask corresponding to the
+ input[s].
+
+
+
+
+ iprange
+
+
+ Iprange decomposes the specified range of IP addresses into
+ the equivalent list of network/host addresses.
+
+
+
+
+ iptrace
+
+
+ This is a low-level debugging command that causes iptables
+ TRACE log records to be created. See iptables(8) for details.
+
+ The iptables match expression must
+ be one or more matches that may appear in both the raw table OUTPUT
+ and raw table PREROUTING chains.
+
+ The trace records are written to the kernel's log buffer with
+ faciility = kernel and priority = warning, and they are routed from
+ there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) --
+ shorewall6-lite has no control over where the messages go; consult
+ your logging daemon's documentation.
@@ -496,7 +698,9 @@
Causes traffic from the listed addresses
- to be logged then discarded.
+ to be logged then discarded. Logging occurs at the log level
+ specified by the BLACKLIST_LOGLEVEL setting in shorewall6.conf (5).
@@ -504,9 +708,9 @@
logwatch
- Monitors the log file specified by theLOGFILE option in shorewall6-lite.conf(5) and
- produces an audible alarm when new Shorewall6 Lite messages are
+ Monitors the log file specified by the LOGFILE option in
+ shorewall6.conf(5) and
+ produces an audible alarm when new shorewall6-lite messages are
logged. The -m option causes the
MAC address of each packet source to be displayed if that
information is available. The
@@ -524,7 +728,22 @@
Causes traffic from the listed addresses
- to be logged then rejected.
+ to be logged then rejected. Logging occurs at the log level
+ specified by the BLACKLIST_LOGLEVEL setting in shorewall6.conf (5).
+
+
+
+
+ noiptrace
+
+
+ This is a low-level debugging command that cancels a trace
+ started by a preceding iptrace command.
+
+ The iptables match expression must
+ be one given in the iptrace command being
+ cancelled.
@@ -542,10 +761,10 @@
Restart is similar to shorewall6-lite
- stop followed by shorewall6-lite
- start. Existing connections are maintained.
+ start except that it assumes that the firewall is already
+ started. Existing connections are maintained.
- The option causes Shorewall6 to avoid
+ The option causes shorewall6-lite to avoid
updating the routing table(s).The option causes the connection tracking
@@ -558,14 +777,14 @@
restore
- Restore Shorewall6 Lite to a state saved using the Restore shorewall6-lite to a state saved using the shorewall6-lite save command. Existing
connections are maintained. The filename names
a restore file in /var/lib/shorewall6-lite created using shorewall6-lite save; if no
- filename is given then Shorewall6 Lite will be
+ filename is given then shorewall6-lite will be
restored from the file specified by the RESTOREFILE option in shorewall6-lite.conf(5).
+ url="shorewall.conf.html">shorewall6.conf(5).
@@ -576,11 +795,10 @@
The dynamic blacklist is stored in
/var/lib/shorewall6-lite/save. The state of the firewall is stored
in /var/lib/shorewall6-lite/filename for use by
- the shorewall6-lite restore and
- shorewall6-lite -f start commands.
- If filename is not given then the state is
- saved in the file specified by the RESTOREFILE option in shorewall6-lite.conf(5).
+ the shorewall6-lite restore. If
+ filename is not given then the state is saved
+ in the file specified by the RESTOREFILE option in shorewall6.conf(5).
@@ -592,15 +810,6 @@
arguments:
-
- actions
-
-
- Produces a report about the available actions (built-in,
- standard and user-defined).
-
-
-
capabilities
@@ -613,12 +822,12 @@
- [ [ ] chain
- ... ]
+ [ [ ] chain...
+ ]The rules in each chain are
- displayed using the ip6tables
+ displayed using the iptables
-Lchain-n -v command. If no
chain is given, all of the chains in the
@@ -630,15 +839,20 @@
Netfilter table to display. The default is filter.
+ The -l option causes
+ the rule number for each Netfilter rule to be
+ displayed.
+
If the t option and the
keyword are both omitted and any of the
listed chains do not exist, a usage
- message will be displayed.
+ message is displayed.
- classifiers
+ classifiers|filtersDisplays information about the packet classifiers
@@ -659,21 +873,96 @@
connections
- Displays the IPv6 connections currently being tracked by
+ Displays the IP connections currently being tracked by
the firewall.
- mangle
+ ip
- Displays the Netfilter mangle table using the command
- ip6tables -t mangle -L -n
- -v.The -x option
- is passed directly through to iptables and causes actual
- packet and byte counts to be displayed. Without this option,
- those counts are abbreviated.
+ Displays the system's IPv4 configuration.
+
+
+
+
+ ipa
+
+
+ Added in Shorewall 4.4.17. Displays the per-IP
+ accounting counters (shorewall-accounting
+ (5)).
+
+
+
+
+ log
+
+
+ Displays the last 20 shorewall6-lite messages from the
+ log file specified by the LOGFILE option in shorewall6.conf(5). The
+ -m option causes the MAC
+ address of each packet source to be displayed if that
+ information is available.
+
+
+
+
+ marks
+
+
+ Added in Shorewall 4.4.26. Displays the various fields
+ in packet marks giving the min and max value (in both decimal
+ and hex) and the applicable mask (in hex).
+
+
+
+
+ nat
+
+
+ Displays the Netfilter nat table using the command
+ iptables -t nat -L -n -v.The
+ -x option is passed directly
+ through to iptables and causes actual packet and byte counts
+ to be displayed. Without this option, those counts are
+ abbreviated.
+
+
+
+
+ policies
+
+
+ Added in Shorewall 4.4.4. Displays the applicable policy
+ between each pair of zones. Note that implicit intrazone
+ ACCEPT policies are not displayed for zones associated with a
+ single network where that network doesn't specify
+ .
+
+
+
+
+ routing
+
+
+ Displays the system's IPv4 routing configuration.
+
+
+
+
+ raw
+
+
+ Displays the Netfilter raw table using the command
+ iptables -t raw -L -n -v.The
+ -x option is passed directly
+ through to iptables and causes actual packet and byte counts
+ to be displayed. Without this option, those counts are
+ abbreviated.
@@ -690,8 +979,8 @@
zones
- Displays the current composition of the Shorewall6 Lite
- zones on the system.
+ Displays the current composition of the Shorewall zones
+ on the system.
@@ -702,17 +991,10 @@
start
- Start shorewall6 Lite. Existing connections through
+ Start Shorewall Lite. Existing connections through
shorewall6-lite managed interfaces are untouched. New connections
will be allowed only if they are allowed by the firewall rules or
- policies. If -f is specified, the
- saved configuration specified by the RESTOREFILE option in shorewall6-lite.conf(5) will
- be restored if that saved configuration exists and has been modified
- more recently than the files in /etc/shorewall6.
-
- The option causes Shorewall6 to avoid
- updating the routing table(s).
+ policies.The option causes the connection tracking
table to be flushed; the conntrack utility must
@@ -726,12 +1008,19 @@
Stops the firewall. All existing connections, except those
listed in shorewall6-routestopped(5)
- or permitted by the ADMINISABSENTMINDED option in
- shorewall6.conf(5), are taken down. The only new traffic permitted
- through the firewall is from systems listed in shorewall6-routestopped(5)
+ url="shorewall-routestopped.html">shorewall-routestopped(5)
+ or permitted by the ADMINISABSENTMINDED option in shorewall6.conf(5), are taken
+ down. The only new traffic permitted through the firewall is from
+ systems listed in shorewall-routestopped(5)
or by ADMINISABSENTMINDED.
+
+ If is given, the command will be processed
+ by the compiled script that executed the last successful start, restart or refresh command if that script exists.
@@ -740,7 +1029,7 @@
Produces a short report about the state of the
- Shorewall6-configured firewall.
+ Shorewall-configured firewall.
@@ -748,7 +1037,9 @@
version
- Displays Shorewall6-lite's version.
+ Displays Shorewall's version. The option
+ is included for compatibility with earlier Shorewall releases and is
+ ignored.
@@ -764,14 +1055,16 @@
See ALSOhttp://www.shorewall.net/starting_and_stopping_shorewall.htm
+ url="http://www.shorewall.net/starting_and_stopping_shorewall.htm">http://www.shorewall.net/starting_and_stopping_shorewall.htm
shorewall6-accounting(5), shorewall6-actions(5),
- shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
- shorewall6-maclist(5), shorewall6-params(5), shorewall6-policy(5),
- shorewall6-providers(5), shorewall6-route_rules(5),
+ shorewall6-blacklist(5), shorewall6-hosts(5), shorewall_interfaces(5),
+ shorewall6-ipsets(5), shorewall6-maclist(5), shorewall6-masq(5),
+ shorewall6-netmap(5), shorewall6-params(5), shorewall6-policy(5),
+ shorewall6-providers(5), shorewall6-proxyarp(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
- shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),
- shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)
+ shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),
+ shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5),
+ shorewall6-zones(5)