From 1b6c4e3fc43c8344c44bc21f352f00d3d570aee5 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 8 Feb 2012 13:23:53 -0800 Subject: [PATCH] Update the -lite manpages (long overdue) Signed-off-by: Tom Eastep --- Shorewall-lite/manpages/shorewall-lite.xml | 369 +++++++++++---- Shorewall6-lite/manpages/shorewall6-lite.xml | 473 +++++++++++++++---- 2 files changed, 661 insertions(+), 181 deletions(-) diff --git a/Shorewall-lite/manpages/shorewall-lite.xml b/Shorewall-lite/manpages/shorewall-lite.xml index 9de8835ad..4036c2d25 100644 --- a/Shorewall-lite/manpages/shorewall-lite.xml +++ b/Shorewall-lite/manpages/shorewall-lite.xml @@ -11,11 +11,27 @@ shorewall-lite - Administration tool for Shoreline Firewall Lite - (Shorewall-lite) + Administration tool for Shoreline Firewall Lite (Shorewall + Lite) + + shorewall-lite + + | + + -options + + + + interface[:host-list] + + zone + + shorewall-lite @@ -37,11 +53,28 @@ -options - + - shorewall + shorewall-lite + + | + + -options + + + + interface[:host-list] + + zone + + + + shorewall-lite | @@ -50,7 +83,8 @@ - interface + { interface | + provider } @@ -63,8 +97,7 @@ - { interface | - provider } + address @@ -78,11 +111,13 @@ + + - shorewall + shorewall-lite | @@ -98,7 +133,8 @@ shorewall-lite - | + | -options @@ -124,7 +160,8 @@ -options - + @@ -158,6 +195,19 @@ choice="plain">address1address2 + + shorewall-lite + + | + + -options + + + + iptables match + expression + + shorewall-lite @@ -198,6 +248,19 @@ address + + shorewall-lite + + | + + -options + + + + iptables match + expression + + shorewall-lite @@ -219,8 +282,24 @@ -options + + + + + shorewall-lite + + choice="opt">| + + -options + + + + + + + + directory @@ -260,8 +339,10 @@ + + - {|||} + {|||} chain @@ -291,7 +372,7 @@ + choice="req"> @@ -305,7 +386,7 @@ - + @@ -346,7 +427,7 @@ - + @@ -377,7 +458,8 @@ -options - + @@ -385,7 +467,7 @@ Description The shorewall-lite utility is used to control the Shoreline Firewall - (Shorewall) Lite. + Lite (Shorewall Lite). @@ -393,12 +475,12 @@ The and options are used for debugging. See http://www.shorewall.net/starting_and_stopping.htm#Trace. + url="http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace">http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace. The nolock prevents the command from - attempting to acquire the Shorewall Lite lockfile. It is useful if you - need to include shorewall-lite commands in the - started extension script. + attempting to acquire the Shorewall-lite lockfile. It is useful if you + need to include shorewall commands in + /etc/shorewall/started. The options control the amount of output that the command produces. They consist of a sequence of the letters shorewall-interfaces(5) file. A host-list is comma-separated list whose - elements are a host or network address. + elements are host or network addresses. The add command is not very robust. If there are errors in the host-list, you may see a large number of error messages yet a subsequent - shorewall show zones command will indicate - that all hosts were added. If this happens, replace + shorewall-lite show zones command will + indicate that all hosts were added. If this happens, replace add by delete and run the same command again. Then enter the correct command. @@ -463,10 +545,16 @@ clear - Clear will remove all rules and chains installed by Shorewall - Lite. The firewall is then wide open and unprotected. Existing - connections are untouched. Clear is often used to see if the - firewall is causing connection problems. + Clear will remove all rules and chains installed by + Shorewall-lite. The firewall is then wide open and unprotected. + Existing connections are untouched. Clear is often used to see if + the firewall is causing connection problems. + + If is given, the command will be processed + by the compiled script that executed the last successful start, restart or refresh command if that script exists. @@ -516,8 +604,11 @@ The -x option causes actual packet and byte counts to be displayed. Without that option, these counts are abbreviated. The -m - option causes any MAC addresses included in Shorewall Lite log + option causes any MAC addresses included in Shorewall-lite log messages to be displayed. + + The -l option causes the rule + number for each Netfilter rule to be displayed. @@ -541,7 +632,7 @@ and /var/lib/shorewall-lite/save. If no filename is given then the file specified by RESTOREFILE in shorewall-lite.conf(5) is + url="shorewall.conf.html">shorewall.conf(5) is assumed. @@ -558,8 +649,9 @@ hits - Generates several reports from Shorewall Lite log messages in - the current log file. + Generates several reports from Shorewall-lite log messages in + the current log file. If the option is included, + the reports are restricted to log messages generated today. @@ -582,12 +674,33 @@ + + iptrace + + + This is a low-level debugging command that causes iptables + TRACE log records to be created. See iptables(8) for details. + + The iptables match expression must + be one or more matches that may appear in both the raw table OUTPUT + and raw table PREROUTING chains. + + The trace records are written to the kernel's log buffer with + faciility = kernel and priority = warning, and they are routed from + there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) -- + Shorewall-lite has no control over where the messages go; consult + your logging daemon's documentation. + + + logdrop Causes traffic from the listed addresses - to be logged then discarded. + to be logged then discarded. Logging occurs at the log level + specified by the BLACKLIST_LOGLEVEL setting in shorewall.conf (5). @@ -595,9 +708,9 @@ logwatch - Monitors the log file specified by theLOGFILE option in shorewall-lite.conf(5) and - produces an audible alarm when new Shorewall Lite messages are + Monitors the log file specified by the LOGFILE option in + shorewall.conf(5) and + produces an audible alarm when new Shorewall-lite messages are logged. The -m option causes the MAC address of each packet source to be displayed if that information is available. The @@ -615,7 +728,22 @@ Causes traffic from the listed addresses - to be logged then rejected. + to be logged then rejected. Logging occurs at the log level + specified by the BLACKLIST_LOGLEVEL setting in shorewall.conf (5). + + + + + noiptrace + + + This is a low-level debugging command that cancels a trace + started by a preceding iptrace command. + + The iptables match expression must + be one given in the iptrace command being + cancelled. @@ -633,10 +761,10 @@ Restart is similar to shorewall-lite - start but assumes that the firewall is already started. - Existing connections are maintained. + start except that it assumes that the firewall is already + started. Existing connections are maintained. - The option causes Shorewall to avoid + The option causes Shorewall-lite to avoid updating the routing table(s). The option causes the connection tracking @@ -649,14 +777,14 @@ restore - Restore Shorewall Lite to a state saved using the Restore Shorewall-lite to a state saved using the shorewall-lite save command. Existing connections are maintained. The filename names a restore file in /var/lib/shorewall-lite created using shorewall-lite save; if no - filename is given then Shorewall Lite will be + filename is given then Shorewall-lite will be restored from the file specified by the RESTOREFILE option in shorewall-lite.conf(5). + url="shorewall.conf.html">shorewall.conf(5). @@ -667,11 +795,10 @@ The dynamic blacklist is stored in /var/lib/shorewall-lite/save. The state of the firewall is stored in /var/lib/shorewall-lite/filename for use by the - shorewall-lite restore and - shorewall-lite -f start commands. - If filename is not given then the state is - saved in the file specified by the RESTOREFILE option in shorewall-lite.conf(5). + shorewall-lite restore. If + filename is not given then the state is saved + in the file specified by the RESTOREFILE option in shorewall.conf(5). @@ -683,15 +810,6 @@ arguments: - - actions - - - Produces a report about the available actions (built-in, - standard and user-defined). - - - capabilities @@ -704,8 +822,8 @@ - [ [ ] chain - ... ] + [ [ ] chain... + ] The rules in each chain are @@ -721,20 +839,25 @@ Netfilter table to display. The default is filter. + The -l option causes + the rule number for each Netfilter rule to be + displayed. + If the t option and the keyword are both omitted and any of the listed chains do not exist, a usage - message will be displayed. + message is displayed. - classifiers + classifiers|filters Displays information about the packet classifiers - defined on the system 10-080213-8397as a result of traffic - shaping configuration. + defined on the system as a result of traffic shaping + configuration. @@ -756,15 +879,44 @@ - mangle + ip - Displays the Netfilter mangle table using the command - iptables -t mangle -L -n - -v.The -x option - is passed directly through to iptables and causes actual - packet and byte counts to be displayed. Without this option, - those counts are abbreviated. + Displays the system's IPv4 configuration. + + + + + ipa + + + Added in Shorewall 4.4.17. Displays the per-IP + accounting counters (shorewall-accounting + (5)). + + + + + log + + + Displays the last 20 Shorewall-lite messages from the + log file specified by the LOGFILE option in shorewall.conf(5). The + -m option causes the MAC + address of each packet source to be displayed if that + information is available. + + + + + marks + + + Added in Shorewall 4.4.26. Displays the various fields + in packet marks giving the min and max value (in both decimal + and hex) and the applicable mask (in hex). @@ -781,6 +933,39 @@ + + policies + + + Added in Shorewall 4.4.4. Displays the applicable policy + between each pair of zones. Note that implicit intrazone + ACCEPT policies are not displayed for zones associated with a + single network where that network doesn't specify + . + + + + + routing + + + Displays the system's IPv4 routing configuration. + + + + + raw + + + Displays the Netfilter raw table using the command + iptables -t raw -L -n -v.The + -x option is passed directly + through to iptables and causes actual packet and byte counts + to be displayed. Without this option, those counts are + abbreviated. + + + tc @@ -794,8 +979,8 @@ zones - Displays the current composition of the Shorewall Lite - zones on the system. + Displays the current composition of the Shorewall zones + on the system. @@ -806,17 +991,10 @@ start - Start shorewall Lite. Existing connections through + Start Shorewall Lite. Existing connections through shorewall-lite managed interfaces are untouched. New connections will be allowed only if they are allowed by the firewall rules or - policies. If -f is specified, the - saved configuration specified by the RESTOREFILE option in shorewall-lite.conf(5) will - be restored if that saved configuration exists and has been modified - more recently than the files in /etc/shorewall. - - The option causes Shorewall to avoid - updating the routing table(s). + policies. The option causes the connection tracking table to be flushed; the conntrack utility must @@ -831,11 +1009,18 @@ Stops the firewall. All existing connections, except those listed in shorewall-routestopped(5) - or permitted by the ADMINISABSENTMINDED option in shorewall.conf(5), - are taken down. The only new traffic permitted through the firewall - is from systems listed in shorewall.conf(5), are taken down. + The only new traffic permitted through the firewall is from systems + listed in shorewall-routestopped(5) or by ADMINISABSENTMINDED. + + If is given, the command will be processed + by the compiled script that executed the last successful start, restart or refresh command if that script exists. @@ -852,7 +1037,9 @@ version - Displays Shorewall-lite's version. + Displays Shorewall's version. The option + is included for compatibility with earlier Shorewall releases and is + ignored. @@ -871,13 +1058,13 @@ url="http://www.shorewall.net/starting_and_stopping_shorewall.htm">http://www.shorewall.net/starting_and_stopping_shorewall.htm shorewall-accounting(5), shorewall-actions(5), - shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5), - shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5), + shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), + shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), - shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5), - shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5), - shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5), - shorewall-zones(5) + shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5), + shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), + shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), + shorewall-tunnels(5), shorewall-zones(5) diff --git a/Shorewall6-lite/manpages/shorewall6-lite.xml b/Shorewall6-lite/manpages/shorewall6-lite.xml index 6195168c4..7155a7282 100644 --- a/Shorewall6-lite/manpages/shorewall6-lite.xml +++ b/Shorewall6-lite/manpages/shorewall6-lite.xml @@ -11,11 +11,27 @@ shorewall6-lite - Administration tool for Shoreline Firewall 6 Lite - (Shorewall6-lite) + Administration tool for Shoreline 6 Firewall Lite (Shorewall6 + Lite) + + shorewall6-lite + + | + + -options + + + + interface[:host-list] + + zone + + shorewall6-lite @@ -37,11 +53,28 @@ -options - + - shorewall + shorewall6-lite + + | + + -options + + + + interface[:host-list] + + zone + + + + shorewall6-lite | @@ -78,11 +111,13 @@ + + - shorewall + shorewall6-lite | @@ -98,7 +133,8 @@ shorewall6-lite - | + | -options @@ -124,7 +160,52 @@ -options - + + + + + shorewall6-lite + + | + + -options + + + + + address + mask + + address/vlsm + + + + + shorewall6-lite + + | + + -options + + + + address1address2 + + + + shorewall6-lite + + | + + -options + + + + iptables match + expression @@ -167,6 +248,19 @@ address + + shorewall6-lite + + | + + -options + + + + iptables match + expression + + shorewall6-lite @@ -188,8 +282,24 @@ -options + + + + + shorewall6-lite + + choice="opt">| + + -options + + + + + + + + directory @@ -229,8 +339,10 @@ + + - {||} + {|||} chain @@ -260,7 +372,7 @@ + choice="req"> @@ -274,7 +386,7 @@ - + @@ -311,8 +423,11 @@ -options - --- + + + + + @@ -343,7 +458,8 @@ -options - + @@ -351,7 +467,7 @@ Description The shorewall6-lite utility is used to control the Shoreline - Firewall 6 (Shorewall6) Lite. + Firewall Lite (Shorewall Lite). @@ -359,19 +475,19 @@ The and options are used for debugging. See http://www.shorewall.net/starting_and_stopping.htm#Trace. + url="http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace">http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace. The nolock prevents the command from - attempting to acquire the Shorewall6 Lite lockfile. It is useful if you - need to include shorewall6-lite commands in the - started extension script. + attempting to acquire the shorewall6-lite lockfile. It is useful if you + need to include shorewall commands in + /etc/shorewall/started. The options control the amount of output that the command produces. They consist of a sequence of the letters v and q. If the options are omitted, the amount of output is determined by the setting of the VERBOSITY parameter in shorewall6.conf(5). Each shorewall6.conf(5). Each v adds one to the effective verbosity and each q subtracts one from the effective VERBOSITY. Anternately, v may be followed @@ -390,6 +506,29 @@ The available commands are listed below. + + add + + + Adds a list of hosts or subnets to a dynamic zone usually used + with VPN's. + + The interface argument names an interface + defined in the shorewall-interfaces(5) + file. A host-list is comma-separated list whose + elements are host or network addresses. + The add command is not very robust. If + there are errors in the host-list, + you may see a large number of error messages yet a subsequent + shorewall6-lite show zones command will + indicate that all hosts were added. If this happens, replace + add by delete and run the + same command again. Then enter the correct command. + + + + allow @@ -406,10 +545,31 @@ clear - Clear will remove all rules and chains installed by Shorewall6 - Lite. The firewall is then wide open and unprotected. Existing - connections are untouched. Clear is often used to see if the - firewall is causing connection problems. + Clear will remove all rules and chains installed by + shorewall6-lite. The firewall is then wide open and unprotected. + Existing connections are untouched. Clear is often used to see if + the firewall is causing connection problems. + + If is given, the command will be processed + by the compiled script that executed the last successful start, restart or refresh command if that script exists. + + + + + delete + + + The delete command reverses the effect of an earlier add command. + + The interface argument names an interface + defined in the shorewall-interfaces(5) + file. A host-list is comma-separated list whose + elements are a host or network address. @@ -444,8 +604,11 @@ The -x option causes actual packet and byte counts to be displayed. Without that option, these counts are abbreviated. The -m - option causes any MAC addresses included in Shorewall6 Lite log + option causes any MAC addresses included in shorewall6-lite log messages to be displayed. + + The -l option causes the rule + number for each Netfilter rule to be displayed. @@ -469,7 +632,7 @@ and /var/lib/shorewall6-lite/save. If no filename is given then the file specified by RESTOREFILE in shorewall6-lite.conf(5) is + url="shorewall.conf.html">shorewall6.conf(5) is assumed. @@ -486,8 +649,47 @@ hits - Generates several reports from Shorewall6 Lite log messages in - the current log file. + Generates several reports from shorewall6-lite log messages in + the current log file. If the option is included, + the reports are restricted to log messages generated today. + + + + + ipcalc + + + Ipcalc displays the network address, broadcast address, + network in CIDR notation and netmask corresponding to the + input[s]. + + + + + iprange + + + Iprange decomposes the specified range of IP addresses into + the equivalent list of network/host addresses. + + + + + iptrace + + + This is a low-level debugging command that causes iptables + TRACE log records to be created. See iptables(8) for details. + + The iptables match expression must + be one or more matches that may appear in both the raw table OUTPUT + and raw table PREROUTING chains. + + The trace records are written to the kernel's log buffer with + faciility = kernel and priority = warning, and they are routed from + there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) -- + shorewall6-lite has no control over where the messages go; consult + your logging daemon's documentation. @@ -496,7 +698,9 @@ Causes traffic from the listed addresses - to be logged then discarded. + to be logged then discarded. Logging occurs at the log level + specified by the BLACKLIST_LOGLEVEL setting in shorewall6.conf (5). @@ -504,9 +708,9 @@ logwatch - Monitors the log file specified by theLOGFILE option in shorewall6-lite.conf(5) and - produces an audible alarm when new Shorewall6 Lite messages are + Monitors the log file specified by the LOGFILE option in + shorewall6.conf(5) and + produces an audible alarm when new shorewall6-lite messages are logged. The -m option causes the MAC address of each packet source to be displayed if that information is available. The @@ -524,7 +728,22 @@ Causes traffic from the listed addresses - to be logged then rejected. + to be logged then rejected. Logging occurs at the log level + specified by the BLACKLIST_LOGLEVEL setting in shorewall6.conf (5). + + + + + noiptrace + + + This is a low-level debugging command that cancels a trace + started by a preceding iptrace command. + + The iptables match expression must + be one given in the iptrace command being + cancelled. @@ -542,10 +761,10 @@ Restart is similar to shorewall6-lite - stop followed by shorewall6-lite - start. Existing connections are maintained. + start except that it assumes that the firewall is already + started. Existing connections are maintained. - The option causes Shorewall6 to avoid + The option causes shorewall6-lite to avoid updating the routing table(s). The option causes the connection tracking @@ -558,14 +777,14 @@ restore - Restore Shorewall6 Lite to a state saved using the Restore shorewall6-lite to a state saved using the shorewall6-lite save command. Existing connections are maintained. The filename names a restore file in /var/lib/shorewall6-lite created using shorewall6-lite save; if no - filename is given then Shorewall6 Lite will be + filename is given then shorewall6-lite will be restored from the file specified by the RESTOREFILE option in shorewall6-lite.conf(5). + url="shorewall.conf.html">shorewall6.conf(5). @@ -576,11 +795,10 @@ The dynamic blacklist is stored in /var/lib/shorewall6-lite/save. The state of the firewall is stored in /var/lib/shorewall6-lite/filename for use by - the shorewall6-lite restore and - shorewall6-lite -f start commands. - If filename is not given then the state is - saved in the file specified by the RESTOREFILE option in shorewall6-lite.conf(5). + the shorewall6-lite restore. If + filename is not given then the state is saved + in the file specified by the RESTOREFILE option in shorewall6.conf(5). @@ -592,15 +810,6 @@ arguments: - - actions - - - Produces a report about the available actions (built-in, - standard and user-defined). - - - capabilities @@ -613,12 +822,12 @@ - [ [ ] chain - ... ] + [ [ ] chain... + ] The rules in each chain are - displayed using the ip6tables + displayed using the iptables -L chain -n -v command. If no chain is given, all of the chains in the @@ -630,15 +839,20 @@ Netfilter table to display. The default is filter. + The -l option causes + the rule number for each Netfilter rule to be + displayed. + If the t option and the keyword are both omitted and any of the listed chains do not exist, a usage - message will be displayed. + message is displayed. - classifiers + classifiers|filters Displays information about the packet classifiers @@ -659,21 +873,96 @@ connections - Displays the IPv6 connections currently being tracked by + Displays the IP connections currently being tracked by the firewall. - mangle + ip - Displays the Netfilter mangle table using the command - ip6tables -t mangle -L -n - -v.The -x option - is passed directly through to iptables and causes actual - packet and byte counts to be displayed. Without this option, - those counts are abbreviated. + Displays the system's IPv4 configuration. + + + + + ipa + + + Added in Shorewall 4.4.17. Displays the per-IP + accounting counters (shorewall-accounting + (5)). + + + + + log + + + Displays the last 20 shorewall6-lite messages from the + log file specified by the LOGFILE option in shorewall6.conf(5). The + -m option causes the MAC + address of each packet source to be displayed if that + information is available. + + + + + marks + + + Added in Shorewall 4.4.26. Displays the various fields + in packet marks giving the min and max value (in both decimal + and hex) and the applicable mask (in hex). + + + + + nat + + + Displays the Netfilter nat table using the command + iptables -t nat -L -n -v.The + -x option is passed directly + through to iptables and causes actual packet and byte counts + to be displayed. Without this option, those counts are + abbreviated. + + + + + policies + + + Added in Shorewall 4.4.4. Displays the applicable policy + between each pair of zones. Note that implicit intrazone + ACCEPT policies are not displayed for zones associated with a + single network where that network doesn't specify + . + + + + + routing + + + Displays the system's IPv4 routing configuration. + + + + + raw + + + Displays the Netfilter raw table using the command + iptables -t raw -L -n -v.The + -x option is passed directly + through to iptables and causes actual packet and byte counts + to be displayed. Without this option, those counts are + abbreviated. @@ -690,8 +979,8 @@ zones - Displays the current composition of the Shorewall6 Lite - zones on the system. + Displays the current composition of the Shorewall zones + on the system. @@ -702,17 +991,10 @@ start - Start shorewall6 Lite. Existing connections through + Start Shorewall Lite. Existing connections through shorewall6-lite managed interfaces are untouched. New connections will be allowed only if they are allowed by the firewall rules or - policies. If -f is specified, the - saved configuration specified by the RESTOREFILE option in shorewall6-lite.conf(5) will - be restored if that saved configuration exists and has been modified - more recently than the files in /etc/shorewall6. - - The option causes Shorewall6 to avoid - updating the routing table(s). + policies. The option causes the connection tracking table to be flushed; the conntrack utility must @@ -726,12 +1008,19 @@ Stops the firewall. All existing connections, except those listed in shorewall6-routestopped(5) - or permitted by the ADMINISABSENTMINDED option in - shorewall6.conf(5), are taken down. The only new traffic permitted - through the firewall is from systems listed in shorewall6-routestopped(5) + url="shorewall-routestopped.html">shorewall-routestopped(5) + or permitted by the ADMINISABSENTMINDED option in shorewall6.conf(5), are taken + down. The only new traffic permitted through the firewall is from + systems listed in shorewall-routestopped(5) or by ADMINISABSENTMINDED. + + If is given, the command will be processed + by the compiled script that executed the last successful start, restart or refresh command if that script exists. @@ -740,7 +1029,7 @@ Produces a short report about the state of the - Shorewall6-configured firewall. + Shorewall-configured firewall. @@ -748,7 +1037,9 @@ version - Displays Shorewall6-lite's version. + Displays Shorewall's version. The option + is included for compatibility with earlier Shorewall releases and is + ignored. @@ -764,14 +1055,16 @@ See ALSO http://www.shorewall.net/starting_and_stopping_shorewall.htm + url="http://www.shorewall.net/starting_and_stopping_shorewall.htm">http://www.shorewall.net/starting_and_stopping_shorewall.htm shorewall6-accounting(5), shorewall6-actions(5), - shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), - shorewall6-maclist(5), shorewall6-params(5), shorewall6-policy(5), - shorewall6-providers(5), shorewall6-route_rules(5), + shorewall6-blacklist(5), shorewall6-hosts(5), shorewall_interfaces(5), + shorewall6-ipsets(5), shorewall6-maclist(5), shorewall6-masq(5), + shorewall6-netmap(5), shorewall6-params(5), shorewall6-policy(5), + shorewall6-providers(5), shorewall6-proxyarp(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), - shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5), - shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5) + shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), + shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5), + shorewall6-zones(5)