mirror of
https://gitlab.com/shorewall/code.git
synced 2025-02-16 17:51:16 +01:00
Patches for Shorewall6 manpage from Thomas D
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
c4171a92f6
commit
22ac37b51e
@ -699,7 +699,7 @@
|
|||||||
used for debugging. See <ulink
|
used for debugging. See <ulink
|
||||||
url="/starting_and_stopping_shorewall.htm#Trace">http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace</ulink>.</para>
|
url="/starting_and_stopping_shorewall.htm#Trace">http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace</ulink>.</para>
|
||||||
|
|
||||||
<para>The nolock <option>option</option> prevents the command from
|
<para>The <option>nolock</option> option prevents the command from
|
||||||
attempting to acquire the Shorewall6 lockfile. It is useful if you need to
|
attempting to acquire the Shorewall6 lockfile. It is useful if you need to
|
||||||
include <command>shorewall6</command> commands in
|
include <command>shorewall6</command> commands in
|
||||||
<filename>/etc/shorewall6/started</filename>.</para>
|
<filename>/etc/shorewall6/started</filename>.</para>
|
||||||
@ -779,12 +779,13 @@
|
|||||||
<para>Compiles the configuration in the specified
|
<para>Compiles the configuration in the specified
|
||||||
<emphasis>directory</emphasis> and discards the compiled output
|
<emphasis>directory</emphasis> and discards the compiled output
|
||||||
script. If no <emphasis>directory</emphasis> is given, then
|
script. If no <emphasis>directory</emphasis> is given, then
|
||||||
/etc/shorewall6 is assumed.</para>
|
<filename class="directory">/etc/shorewall6</filename> is
|
||||||
|
assumed.</para>
|
||||||
|
|
||||||
<para>The <emphasis role="bold">-e</emphasis> option causes the
|
<para>The <option>-e</option> option causes the
|
||||||
compiler to look for a file named capabilities. This file is
|
compiler to look for a file named capabilities. This file is
|
||||||
produced using the command <emphasis role="bold">shorewall6-lite
|
produced using the command <command>shorewall6-lite
|
||||||
show -f capabilities > capabilities</emphasis> on a system with
|
show -f capabilities > capabilities</command> on a system with
|
||||||
Shorewall6 Lite installed.</para>
|
Shorewall6 Lite installed.</para>
|
||||||
|
|
||||||
<para>The <option>-d</option> option causes the compiler to be run
|
<para>The <option>-d</option> option causes the compiler to be run
|
||||||
@ -802,8 +803,8 @@
|
|||||||
and causes a Perl stack trace to be included with each
|
and causes a Perl stack trace to be included with each
|
||||||
compiler-generated error and warning message.</para>
|
compiler-generated error and warning message.</para>
|
||||||
|
|
||||||
<para>The -i option was added in Shorewall 4.6.0 and causes a
|
<para>The <option>-i</option> option was added in Shorewall 4.6.0
|
||||||
warning message to be issued if the line current line contains
|
and causes a warning message to be issued if the line current line contains
|
||||||
alternative input specifications following a semicolon (";"). Such
|
alternative input specifications following a semicolon (";"). Such
|
||||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||||
<ulink
|
<ulink
|
||||||
@ -838,17 +839,17 @@
|
|||||||
compile -- -</command>) to suppress the 'Compiling...' message
|
compile -- -</command>) to suppress the 'Compiling...' message
|
||||||
normally generated by <filename>/sbin/shorewall6</filename>.</para>
|
normally generated by <filename>/sbin/shorewall6</filename>.</para>
|
||||||
|
|
||||||
<para>When -e is specified, the compilation is being performed on a
|
<para>When <option>-e</option> is specified, the compilation is
|
||||||
system other than where the compiled script will run. This option
|
being performed on a system other than where the compiled script will
|
||||||
disables certain configuration options that require the script to be
|
run. This option disables certain configuration options that require
|
||||||
compiled where it is to be run. The use of -e requires the presence
|
the script to be compiled where it is to be run. The use of
|
||||||
of a configuration file named <filename>capabilities</filename>
|
<option>-e</option> requires the presence of a configuration file named
|
||||||
which may be produced using the command <emphasis
|
<filename>capabilities</filename> which may be produced using the
|
||||||
role="bold">shorewall6-lite show -f capabilities >
|
command <command>shorewall6-lite show -f capabilities >
|
||||||
capabilities</emphasis> on a system with Shorewall6 Lite
|
capabilities</command> on a system with Shorewall6 Lite
|
||||||
installed.</para>
|
installed.</para>
|
||||||
|
|
||||||
<para>The <emphasis role="bold">-c</emphasis> option was added in
|
<para>The <option>-c</option> option was added in
|
||||||
Shorewall 4.5.17 and causes conditional compilation of a script. The
|
Shorewall 4.5.17 and causes conditional compilation of a script. The
|
||||||
script specified by <replaceable>pathname</replaceable> (or implied
|
script specified by <replaceable>pathname</replaceable> (or implied
|
||||||
if <emphasis role="bold">pathname</emphasis> is omitted) is compiled
|
if <emphasis role="bold">pathname</emphasis> is omitted) is compiled
|
||||||
@ -869,8 +870,8 @@
|
|||||||
and causes a Perl stack trace to be included with each
|
and causes a Perl stack trace to be included with each
|
||||||
compiler-generated error and warning message.</para>
|
compiler-generated error and warning message.</para>
|
||||||
|
|
||||||
<para>The -i option was added in Shorewall 4.6.0 and causes a
|
<para>The <option>-i</option> option was added in Shorewall 4.6.0
|
||||||
warning message to be issued if the line current line contains
|
and causes a warning message to be issued if the line current line contains
|
||||||
alternative input specifications following a semicolon (";"). Such
|
alternative input specifications following a semicolon (";"). Such
|
||||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||||
<ulink
|
<ulink
|
||||||
@ -938,13 +939,14 @@
|
|||||||
<para>Produces a verbose report about the firewall configuration for
|
<para>Produces a verbose report about the firewall configuration for
|
||||||
the purpose of problem analysis.</para>
|
the purpose of problem analysis.</para>
|
||||||
|
|
||||||
<para>The <emphasis role="bold">-x</emphasis> option causes actual
|
<para>The <option>-x</option> option causes actual
|
||||||
packet and byte counts to be displayed. Without that option, these
|
packet and byte counts to be displayed. Without that option, these
|
||||||
counts are abbreviated. The <emphasis role="bold">-m</emphasis>
|
counts are abbreviated.</para>
|
||||||
option causes any MAC addresses included in Shorewall6 log messages
|
|
||||||
to be displayed.</para>
|
|
||||||
|
|
||||||
<para>The <emphasis role="bold">-l</emphasis> option causes the rule
|
<para>The <option>-m</option> option causes any MAC addresses
|
||||||
|
included in Shorewall6 log messages to be displayed.</para>
|
||||||
|
|
||||||
|
<para>The <option>-l</option> option causes the rule
|
||||||
number for each Netfilter rule to be displayed.</para>
|
number for each Netfilter rule to be displayed.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
@ -998,8 +1000,9 @@
|
|||||||
<term><emphasis role="bold">forget</emphasis></term>
|
<term><emphasis role="bold">forget</emphasis></term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Deletes /var/lib/shorewall6/<emphasis>filename</emphasis> and
|
<para>Deletes <filename>/var/lib/shorewall6/<replaceable>filename
|
||||||
/var/lib/shorewall6/save. If no <emphasis>filename</emphasis> is
|
</replaceable></filename> and <filename>/var/lib/shorewall6/save
|
||||||
|
</filename>. If no <emphasis>filename</emphasis> is
|
||||||
given then the file specified by RESTOREFILE in <ulink
|
given then the file specified by RESTOREFILE in <ulink
|
||||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) is
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) is
|
||||||
assumed.</para>
|
assumed.</para>
|
||||||
@ -1059,14 +1062,14 @@
|
|||||||
Shorewall6 Lite on <replaceable>system</replaceable> is started via
|
Shorewall6 Lite on <replaceable>system</replaceable> is started via
|
||||||
ssh.</para>
|
ssh.</para>
|
||||||
|
|
||||||
<para>If <emphasis role="bold">-s</emphasis> is specified and the
|
<para>If <option>-s</option> is specified and the
|
||||||
<emphasis role="bold">start</emphasis> command succeeds, then the
|
<emphasis role="bold">start</emphasis> command succeeds, then the
|
||||||
remote Shorewall6-lite configuration is saved by executing <emphasis
|
remote Shorewall6-lite configuration is saved by executing
|
||||||
role="bold">shorewall6-lite save</emphasis> via ssh.</para>
|
<command>shorewall6-lite save</command> via ssh.</para>
|
||||||
|
|
||||||
<para>if <emphasis role="bold">-c</emphasis> is included, the
|
<para>if <option>-c</option> is included, the
|
||||||
command <emphasis role="bold">shorewall6-lite show capabilities -f
|
command <command>shorewall6-lite show capabilities -f
|
||||||
> /var/lib/shorewall6-lite/capabilities</emphasis> is executed
|
> /var/lib/shorewall6-lite/capabilities</command> is executed
|
||||||
via ssh then the generated file is copied to
|
via ssh then the generated file is copied to
|
||||||
<replaceable>directory</replaceable> using scp. This step is
|
<replaceable>directory</replaceable> using scp. This step is
|
||||||
performed before the configuration is compiled.</para>
|
performed before the configuration is compiled.</para>
|
||||||
@ -1079,8 +1082,8 @@
|
|||||||
and causes a Perl stack trace to be included with each
|
and causes a Perl stack trace to be included with each
|
||||||
compiler-generated error and warning message.</para>
|
compiler-generated error and warning message.</para>
|
||||||
|
|
||||||
<para>The -i option was added in Shorewall 4.6.0 and causes a
|
<para>The <option>-i</option> option was added in Shorewall 4.6.0
|
||||||
warning message to be issued if the line current line contains
|
and causes a warning message to be issued if the line current line contains
|
||||||
alternative input specifications following a semicolon (";"). Such
|
alternative input specifications following a semicolon (";"). Such
|
||||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||||
<ulink
|
<ulink
|
||||||
@ -1108,7 +1111,7 @@
|
|||||||
<ulink
|
<ulink
|
||||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) and
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) and
|
||||||
produces an audible alarm when new Shorewall6 messages are logged.
|
produces an audible alarm when new Shorewall6 messages are logged.
|
||||||
The <emphasis role="bold">-m</emphasis> option causes the MAC
|
The <option>-m</option> option causes the MAC
|
||||||
address of each packet source to be displayed if that information is
|
address of each packet source to be displayed if that information is
|
||||||
available. The <replaceable>refresh-interval</replaceable> specifies
|
available. The <replaceable>refresh-interval</replaceable> specifies
|
||||||
the time in seconds between screen refreshes. You can enter a
|
the time in seconds between screen refreshes. You can enter a
|
||||||
@ -1152,11 +1155,11 @@
|
|||||||
performed by <command>refresh</command> with the exception that
|
performed by <command>refresh</command> with the exception that
|
||||||
<command>refresh</command> only recreates the chains specified in
|
<command>refresh</command> only recreates the chains specified in
|
||||||
the command while <command>restart</command> recreates the entire
|
the command while <command>restart</command> recreates the entire
|
||||||
Netfilter ruleset.When no chain name is given to the <emphasis
|
Netfilter ruleset.When no chain name is given to the
|
||||||
role="bold">refresh</emphasis> command, the mangle table is
|
<command>refresh</command> command, the mangle table is
|
||||||
refreshed along with the blacklist chain (if any). This allows you
|
refreshed along with the blacklist chain (if any). This allows you
|
||||||
to modify <filename>/etc/shorewall6/tcrules</filename>and install
|
to modify <filename>/etc/shorewall6/tcrules</filename>and install
|
||||||
the changes using <emphasis role="bold">refresh</emphasis>.</para>
|
the changes using <command>refresh</command>.</para>
|
||||||
|
|
||||||
<para>The listed chains are assumed to be in the filter table. You
|
<para>The listed chains are assumed to be in the filter table. You
|
||||||
can refresh chains in other tables by prefixing the chain name with
|
can refresh chains in other tables by prefixing the chain name with
|
||||||
@ -1168,15 +1171,15 @@
|
|||||||
<para>The <option>-n</option> option was added in Shorewall 4.5.3
|
<para>The <option>-n</option> option was added in Shorewall 4.5.3
|
||||||
causes Shorewall to avoid updating the routing table(s).</para>
|
causes Shorewall to avoid updating the routing table(s).</para>
|
||||||
|
|
||||||
<para>The <option>-d </option>option was added in Shorewall 4.5.3
|
<para>The <option>-d</option> option was added in Shorewall 4.5.3
|
||||||
causes the compiler to run under the Perl debugger.</para>
|
causes the compiler to run under the Perl debugger.</para>
|
||||||
|
|
||||||
<para>The <option>-T</option> option was added in Shorewall 4.5.3
|
<para>The <option>-T</option> option was added in Shorewall 4.5.3
|
||||||
and causes a Perl stack trace to be included with each
|
and causes a Perl stack trace to be included with each
|
||||||
compiler-generated error and warning message.</para>
|
compiler-generated error and warning message.</para>
|
||||||
|
|
||||||
<para>The -i option was added in Shorewall 4.6.0 and causes a
|
<para>The <option>-i</option> option was added in Shorewall 4.6.0
|
||||||
warning message to be issued if the line current line contains
|
and causes a warning message to be issued if the line current line contains
|
||||||
alternative input specifications following a semicolon (";"). Such
|
alternative input specifications following a semicolon (";"). Such
|
||||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||||
<ulink
|
<ulink
|
||||||
@ -1186,7 +1189,12 @@
|
|||||||
and causes Shorewall to look in the given
|
and causes Shorewall to look in the given
|
||||||
<emphasis>directory</emphasis> first for configuration files.</para>
|
<emphasis>directory</emphasis> first for configuration files.</para>
|
||||||
|
|
||||||
<para>Example:<programlisting><command>shorewall6 refresh net2fw nat:net_dnat</command> #Refresh the 'net2loc' chain in the filter table and the 'net_dnat' chain in the nat table</programlisting></para>
|
<example>
|
||||||
|
<title>Refresh the 'net-fw' chain in the filter table and the
|
||||||
|
'net_dnat' chain in the nat table</title>
|
||||||
|
<programlisting><command>shorewall6 refresh net-fw nat:net_dnat
|
||||||
|
</command></programlisting>
|
||||||
|
</example>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1216,14 +1224,14 @@
|
|||||||
Shorewall6 Lite on <emphasis>system</emphasis> is restarted via
|
Shorewall6 Lite on <emphasis>system</emphasis> is restarted via
|
||||||
ssh.</para>
|
ssh.</para>
|
||||||
|
|
||||||
<para>If <emphasis role="bold">-s</emphasis> is specified and the
|
<para>If <option>-s</option> is specified and the
|
||||||
<emphasis role="bold">restart</emphasis> command succeeds, then the
|
<command>restart</command> command succeeds, then the
|
||||||
remote Shorewall6-lite configuration is saved by executing <emphasis
|
remote Shorewall6-lite configuration is saved by executing
|
||||||
role="bold">shorewall6-lite save</emphasis> via ssh.</para>
|
<command>shorewall6-lite save</command> via ssh.</para>
|
||||||
|
|
||||||
<para>if <emphasis role="bold">-c</emphasis> is included, the
|
<para>if <option>-c</option> is included, the
|
||||||
command <emphasis role="bold">shorewall6-lite show capabilities -f
|
command <command>shorewall6-lite show capabilities -f
|
||||||
> /var/lib/shorewall6-lite/capabilities</emphasis> is executed
|
> /var/lib/shorewall6-lite/capabilities</command> is executed
|
||||||
via ssh then the generated file is copied to
|
via ssh then the generated file is copied to
|
||||||
<emphasis>directory</emphasis> using scp. This step is performed
|
<emphasis>directory</emphasis> using scp. This step is performed
|
||||||
before the configuration is compiled.</para>
|
before the configuration is compiled.</para>
|
||||||
@ -1236,8 +1244,8 @@
|
|||||||
and causes a Perl stack trace to be included with each
|
and causes a Perl stack trace to be included with each
|
||||||
compiler-generated error and warning message.</para>
|
compiler-generated error and warning message.</para>
|
||||||
|
|
||||||
<para>The -i option was added in Shorewall 4.6.0 and causes a
|
<para>The <option>-i</option> option was added in Shorewall 4.6.0
|
||||||
warning message to be issued if the line current line contains
|
and causes a warning message to be issued if the line current line contains
|
||||||
alternative input specifications following a semicolon (";"). Such
|
alternative input specifications following a semicolon (";"). Such
|
||||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||||
<ulink
|
<ulink
|
||||||
@ -1261,8 +1269,8 @@
|
|||||||
<term><emphasis role="bold">restart</emphasis></term>
|
<term><emphasis role="bold">restart</emphasis></term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Restart is similar to <emphasis role="bold">shorewall6
|
<para>Restart is similar to <command>shorewall6
|
||||||
start</emphasis> except that it assumes that the firewall is already
|
start</command> except that it assumes that the firewall is already
|
||||||
started. Existing connections are maintained. If a
|
started. Existing connections are maintained. If a
|
||||||
<emphasis>directory</emphasis> is included in the command,
|
<emphasis>directory</emphasis> is included in the command,
|
||||||
Shorewall6 will look in that <emphasis>directory</emphasis> first
|
Shorewall6 will look in that <emphasis>directory</emphasis> first
|
||||||
@ -1275,27 +1283,28 @@
|
|||||||
table to be flushed; the <command>conntrack</command> utility must
|
table to be flushed; the <command>conntrack</command> utility must
|
||||||
be installed to use this option.</para>
|
be installed to use this option.</para>
|
||||||
|
|
||||||
<para>The <option>-d </option>option causes the compiler to run
|
<para>The <option>-d</option> option causes the compiler to run
|
||||||
under the Perl debugger.</para>
|
under the Perl debugger.</para>
|
||||||
|
|
||||||
<para>The <option>-f</option> option suppresses the compilation step
|
<para>The <option>-f</option> option suppresses the compilation step
|
||||||
and simply reused the compiled script which last started/restarted
|
and simply reused the compiled script which last started/restarted
|
||||||
Shorewall, provided that /etc/shorewall6 and its contents have not
|
Shorewall, provided that <filename class="directory">/etc/shorewall6
|
||||||
|
</filename> and its contents have not
|
||||||
been modified since the last start/restart.</para>
|
been modified since the last start/restart.</para>
|
||||||
|
|
||||||
<para>The <option>-c</option> option was added in Shorewall 4.4.20
|
<para>The <option>-c</option> option was added in Shorewall 4.4.20
|
||||||
and performs the compilation step unconditionally, overriding the
|
and performs the compilation step unconditionally, overriding the
|
||||||
AUTOMAKE setting in <ulink
|
AUTOMAKE setting in <ulink
|
||||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).
|
||||||
When both <option>-f</option> and <option>-c </option>are present,
|
When both <option>-f</option> and <option>-c</option> are present,
|
||||||
the result is determined by the option that appears last.</para>
|
the result is determined by the option that appears last.</para>
|
||||||
|
|
||||||
<para>The <option>-T</option> option was added in Shorewall 4.5.3
|
<para>The <option>-T</option> option was added in Shorewall 4.5.3
|
||||||
and causes a Perl stack trace to be included with each
|
and causes a Perl stack trace to be included with each
|
||||||
compiler-generated error and warning message.</para>
|
compiler-generated error and warning message.</para>
|
||||||
|
|
||||||
<para>The -i option was added in Shorewall 4.6.0 and causes a
|
<para>The <option>-i</option> option was added in Shorewall 4.6.0
|
||||||
warning message to be issued if the line current line contains
|
and causes a warning message to be issued if the line current line contains
|
||||||
alternative input specifications following a semicolon (";"). Such
|
alternative input specifications following a semicolon (";"). Such
|
||||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||||
<ulink
|
<ulink
|
||||||
@ -1315,12 +1324,12 @@
|
|||||||
<term><emphasis role="bold">restore</emphasis></term>
|
<term><emphasis role="bold">restore</emphasis></term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Restore Shorewall6 to a state saved using the <emphasis
|
<para>Restore Shorewall6 to a state saved using the
|
||||||
role="bold">shorewall6 save</emphasis> command. Existing connections
|
<command>shorewall6 save</command> command. Existing connections
|
||||||
are maintained. The <emphasis>filename</emphasis> names a restore
|
are maintained. The <emphasis>filename</emphasis> names a restore
|
||||||
file in /var/lib/shorewall6 created using <emphasis
|
file in <filename class="directory">/var/lib/shorewall6</filename>
|
||||||
role="bold">shorewall6 save</emphasis>; if no
|
created using <command>shorewall6 save</command>;
|
||||||
<emphasis>filename</emphasis> is given then Shorewall6 will be
|
if no <emphasis>filename</emphasis> is given then Shorewall6 will be
|
||||||
restored from the file specified by the RESTOREFILE option in <ulink
|
restored from the file specified by the RESTOREFILE option in <ulink
|
||||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
|
||||||
|
|
||||||
@ -1333,8 +1342,8 @@
|
|||||||
</caution>
|
</caution>
|
||||||
|
|
||||||
<para>The <option>-C</option> option was added in Shorewall 4.6.5.
|
<para>The <option>-C</option> option was added in Shorewall 4.6.5.
|
||||||
If the <option>-C</option> option was specified during <emphasis
|
If the <option>-C</option> option was specified during
|
||||||
role="bold">shorewall6 save</emphasis>, then the counters saved by
|
<command>shorewall6 save</command>, then the counters saved by
|
||||||
that operation will be restored.</para>
|
that operation will be restored.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
@ -1357,12 +1366,9 @@
|
|||||||
<para>If there are files in the CONFIG_PATH that were modified after
|
<para>If there are files in the CONFIG_PATH that were modified after
|
||||||
the current firewall script was generated, the following warning
|
the current firewall script was generated, the following warning
|
||||||
message is issued before the script's run command is
|
message is issued before the script's run command is
|
||||||
executed:</para>
|
executed:
|
||||||
|
<screen>WARNING: /var/lib/shorewall6/firewall is not up to
|
||||||
<simplelist>
|
date</screen></para>
|
||||||
<member>WARNING: /var/lib/shorewall6/firewall is not up to
|
|
||||||
date</member>
|
|
||||||
</simplelist>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1371,9 +1377,10 @@
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Only allowed if Shorewall6 is running. The current
|
<para>Only allowed if Shorewall6 is running. The current
|
||||||
configuration is saved in /var/lib/shorewall6/safe-restart (see the
|
configuration is saved in <filename>/var/lib/shorewall6/safe-restart
|
||||||
save command below) then a <emphasis role="bold">shorewall6
|
</filename> (see the <emphasis role="bold">save</emphasis>
|
||||||
restart</emphasis> is done. You will then be prompted asking if you
|
command below) then a <command>shorewall6 restart</command> is
|
||||||
|
done. You will then be prompted asking if you
|
||||||
want to accept the new configuration or not. If you answer "n" or if
|
want to accept the new configuration or not. If you answer "n" or if
|
||||||
you fail to answer within 60 seconds (such as when your new
|
you fail to answer within 60 seconds (such as when your new
|
||||||
configuration has disabled communication with your terminal), the
|
configuration has disabled communication with your terminal), the
|
||||||
@ -1417,13 +1424,14 @@
|
|||||||
<term><emphasis role="bold">save</emphasis></term>
|
<term><emphasis role="bold">save</emphasis></term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>The dynamic blacklist is stored in /var/lib/shorewall6/save.
|
<para>The dynamic blacklist is stored in <filename>
|
||||||
The state of the firewall is stored in
|
/var/lib/shorewall6/save</filename>.
|
||||||
/var/lib/shorewall6/<emphasis>filename</emphasis> for use by the
|
The state of the firewall is stored in <filename>
|
||||||
<emphasis role="bold">shorewall6 restore</emphasis> and <emphasis
|
/var/lib/shorewall6/<replaceable>filename</replaceable></filename>
|
||||||
role="bold">shorewall6 -f start</emphasis> commands. If
|
for use by the <command>shorewall6 restore</command> and <command>
|
||||||
<emphasis>filename</emphasis> is not given then the state is saved
|
shorewall6 -f start</command> commands. If <emphasis>filename
|
||||||
in the file specified by the RESTOREFILE option in <ulink
|
</emphasis> is not given then the state is saved in the file
|
||||||
|
specified by the RESTOREFILE option in <ulink
|
||||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
|
||||||
|
|
||||||
<para>The <option>-C</option> option, added in Shorewall 4.6.5,
|
<para>The <option>-C</option> option, added in Shorewall 4.6.5,
|
||||||
@ -1455,7 +1463,7 @@
|
|||||||
<listitem>
|
<listitem>
|
||||||
<para>Added in Shorewall 4.6.2. Displays the dynamic chain
|
<para>Added in Shorewall 4.6.2. Displays the dynamic chain
|
||||||
along with any chains produced by entries in
|
along with any chains produced by entries in
|
||||||
shorewall-blrules(5).The <emphasis role="bold">-x</emphasis>
|
shorewall-blrules(5).The <option>-x</option>
|
||||||
option is passed directly through to ip6tables and causes
|
option is passed directly through to ip6tables and causes
|
||||||
actual packet and byte counts to be displayed. Without this
|
actual packet and byte counts to be displayed. Without this
|
||||||
option, those counts are abbreviated.</para>
|
option, those counts are abbreviated.</para>
|
||||||
@ -1467,9 +1475,9 @@
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Displays your kernel/ip6tables capabilities. The
|
<para>Displays your kernel/ip6tables capabilities. The
|
||||||
<emphasis role="bold">-f</emphasis> option causes the display
|
<option>-f</option> option causes the display
|
||||||
to be formatted as a capabilities file for use with <emphasis
|
to be formatted as a capabilities file for use with
|
||||||
role="bold">compile -e</emphasis>.</para>
|
<command>shorewall6 compile -e</command>.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1479,29 +1487,29 @@
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>The rules in each <emphasis>chain</emphasis> are
|
<para>The rules in each <emphasis>chain</emphasis> are
|
||||||
displayed using the <emphasis role="bold">ip6tables
|
displayed using the <command>ip6tables
|
||||||
-L</emphasis> <emphasis>chain</emphasis> <emphasis
|
-L</command> <emphasis>chain</emphasis> <emphasis
|
||||||
role="bold">-n -v</emphasis> command. If no
|
role="bold">-n -v</emphasis> command. If no
|
||||||
<emphasis>chain</emphasis> is given, all of the chains in the
|
<emphasis>chain</emphasis> is given, all of the chains in the
|
||||||
filter table are displayed. The <emphasis
|
filter table are displayed. The <option>-x</option> option is
|
||||||
role="bold">-x</emphasis> option is passed directly through to
|
passed directly through to ip6tables and causes actual packet
|
||||||
ip6tables and causes actual packet and byte counts to be
|
and byte counts to be displayed. Without this option, those
|
||||||
displayed. Without this option, those counts are abbreviated.
|
counts are abbreviated.
|
||||||
The <emphasis role="bold">-t</emphasis> option specifies the
|
The <option>-t</option> option specifies the
|
||||||
Netfilter table to display. The default is <emphasis
|
Netfilter table to display. The default is <emphasis
|
||||||
role="bold">filter</emphasis>.</para>
|
role="bold">filter</emphasis>.</para>
|
||||||
|
|
||||||
<para>The <emphasis role="bold">-b</emphasis> ('brief') option
|
<para>The <option>-b</option> ('brief') option
|
||||||
causes rules which have not been used (i.e. which have zero
|
causes rules which have not been used (i.e. which have zero
|
||||||
packet and byte counts) to be omitted from the output. Chains
|
packet and byte counts) to be omitted from the output. Chains
|
||||||
with no rules displayed are also omitted from the
|
with no rules displayed are also omitted from the
|
||||||
output.</para>
|
output.</para>
|
||||||
|
|
||||||
<para>The <emphasis role="bold">-l</emphasis> option causes
|
<para>The <option>-l</option> option causes
|
||||||
the rule number for each Netfilter rule to be
|
the rule number for each Netfilter rule to be
|
||||||
displayed.</para>
|
displayed.</para>
|
||||||
|
|
||||||
<para>If the <emphasis role="bold">-t</emphasis> option and
|
<para>If the <option>-t</option> option and
|
||||||
the <option>chain</option> keyword are both omitted and any of
|
the <option>chain</option> keyword are both omitted and any of
|
||||||
the listed <replaceable>chain</replaceable>s do not exist, a
|
the listed <replaceable>chain</replaceable>s do not exist, a
|
||||||
usage message is displayed.</para>
|
usage message is displayed.</para>
|
||||||
@ -1569,7 +1577,7 @@
|
|||||||
<para>Displays the last 20 Shorewall6 messages from the log
|
<para>Displays the last 20 Shorewall6 messages from the log
|
||||||
file specified by the LOGFILE option in <ulink
|
file specified by the LOGFILE option in <ulink
|
||||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).
|
||||||
The <emphasis role="bold">-m</emphasis> option causes the MAC
|
The <option>-m</option> option causes the MAC
|
||||||
address of each packet source to be displayed if that
|
address of each packet source to be displayed if that
|
||||||
information is available.</para>
|
information is available.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
@ -1589,8 +1597,8 @@
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Displays the Netfilter mangle table using the command
|
<para>Displays the Netfilter mangle table using the command
|
||||||
<emphasis role="bold">ip6tables -t mangle -L -n
|
<command>ip6tables -t mangle -L -n
|
||||||
-v</emphasis>.The <emphasis role="bold">-x</emphasis> option
|
-v</command>.The <option>-x</option> option
|
||||||
is passed directly through to ip6tables and causes actual
|
is passed directly through to ip6tables and causes actual
|
||||||
packet and byte counts to be displayed. Without this option,
|
packet and byte counts to be displayed. Without this option,
|
||||||
those counts are abbreviated.</para>
|
those counts are abbreviated.</para>
|
||||||
@ -1657,22 +1665,24 @@
|
|||||||
only if they are allowed by the firewall rules or policies. If a
|
only if they are allowed by the firewall rules or policies. If a
|
||||||
<replaceable>directory</replaceable> is included in the command,
|
<replaceable>directory</replaceable> is included in the command,
|
||||||
Shorewall6 will look in that <emphasis>directory</emphasis> first
|
Shorewall6 will look in that <emphasis>directory</emphasis> first
|
||||||
for configuration files. If <emphasis role="bold">-f</emphasis> is
|
for configuration files. If <option>-f</option> is
|
||||||
specified, the saved configuration specified by the RESTOREFILE
|
specified, the saved configuration specified by the RESTOREFILE
|
||||||
option in <ulink
|
option in <ulink
|
||||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)
|
||||||
will be restored if that saved configuration exists and has been
|
will be restored if that saved configuration exists and has been
|
||||||
modified more recently than the files in /etc/shorewall6. When
|
modified more recently than the files in <filename
|
||||||
<emphasis role="bold">-f</emphasis> is given, a
|
class="directory">/etc/shorewall6</filename>. When <option>-f
|
||||||
<replaceable>directory</replaceable> may not be specified.</para>
|
</option> is given, a <replaceable>directory</replaceable> may
|
||||||
|
not be specified.</para>
|
||||||
|
|
||||||
<para>Update: In Shorewall6 4.4.20, a new LEGACY_FASTSTART option
|
<para>Update: In Shorewall6 4.4.20, a new LEGACY_FASTSTART option
|
||||||
was added to <ulink
|
was added to <ulink
|
||||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).
|
||||||
When LEGACY_FASTSTART=No, the modification times of files in
|
When LEGACY_FASTSTART=No, the modification times of files in
|
||||||
/etc/shorewall6 are compared with that of
|
<filename class="directory">/etc/shorewall6</filename> are
|
||||||
/var/lib/shorewall6/firewall (the compiled script that last
|
compared with that of <filename>/var/lib/shorewall6/firewall
|
||||||
started/restarted the firewall).</para>
|
</filename> (the compiled script that last started/restarted the
|
||||||
|
firewall).</para>
|
||||||
|
|
||||||
<para>The <option>-n</option> option causes Shorewall6 to avoid
|
<para>The <option>-n</option> option causes Shorewall6 to avoid
|
||||||
updating the routing table(s).</para>
|
updating the routing table(s).</para>
|
||||||
@ -1681,15 +1691,15 @@
|
|||||||
and performs the compilation step unconditionally, overriding the
|
and performs the compilation step unconditionally, overriding the
|
||||||
AUTOMAKE setting in <ulink
|
AUTOMAKE setting in <ulink
|
||||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).
|
||||||
When both <option>-f</option> and <option>-c </option>are present,
|
When both <option>-f</option> and <option>-c</option> are present,
|
||||||
the result is determined by the option that appears last.</para>
|
the result is determined by the option that appears last.</para>
|
||||||
|
|
||||||
<para>The <option>-T</option> option was added in Shorewall 4.5.3
|
<para>The <option>-T</option> option was added in Shorewall 4.5.3
|
||||||
and causes a Perl stack trace to be included with each
|
and causes a Perl stack trace to be included with each
|
||||||
compiler-generated error and warning message.</para>
|
compiler-generated error and warning message.</para>
|
||||||
|
|
||||||
<para>The -i option was added in Shorewall 4.6.0 and causes a
|
<para>The <option>-i</option> option was added in Shorewall 4.6.0
|
||||||
warning message to be issued if the line current line contains
|
and causes a warning message to be issued if the line current line contains
|
||||||
alternative input specifications following a semicolon (";"). Such
|
alternative input specifications following a semicolon (";"). Such
|
||||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||||
<ulink
|
<ulink
|
||||||
@ -1698,8 +1708,8 @@
|
|||||||
<para>The <option>-C</option> option was added in Shorewall 4.6.5
|
<para>The <option>-C</option> option was added in Shorewall 4.6.5
|
||||||
and is only meaningful when the <option>-f</option> option is also
|
and is only meaningful when the <option>-f</option> option is also
|
||||||
specified. If the previously-saved configuration is restored, and if
|
specified. If the previously-saved configuration is restored, and if
|
||||||
the <option>-C</option> option was also specified in the <emphasis
|
the <option>-C</option> option was also specified in the
|
||||||
role="bold">save</emphasis> command, then the packet and byte
|
<command>save</command> command, then the packet and byte
|
||||||
counters will be restored along with the chains and rules.</para>
|
counters will be restored along with the chains and rules.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
@ -1727,7 +1737,7 @@
|
|||||||
<para>Produces a short report about the state of the
|
<para>Produces a short report about the state of the
|
||||||
Shorewall6-configured firewall.</para>
|
Shorewall6-configured firewall.</para>
|
||||||
|
|
||||||
<para>The <option>-i </option>option was added in Shorewall 4.6.2
|
<para>The <option>-i</option> option was added in Shorewall 4.6.2
|
||||||
and causes the status of each optional or provider interface to be
|
and causes the status of each optional or provider interface to be
|
||||||
displayed.</para>
|
displayed.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
@ -1746,19 +1756,18 @@
|
|||||||
role="bold">start</emphasis> command is performed using the
|
role="bold">start</emphasis> command is performed using the
|
||||||
specified configuration <replaceable>directory</replaceable>. if an
|
specified configuration <replaceable>directory</replaceable>. if an
|
||||||
error occurs during the compilation phase of the <emphasis
|
error occurs during the compilation phase of the <emphasis
|
||||||
role="bold">restart</emphasis> or <emphasis
|
role="bold">restart</emphasis> or <emphasis role="bold">start
|
||||||
role="bold">start</emphasis>, the command terminates without
|
</emphasis>, the command terminates without changing the Shorewall6
|
||||||
changing the Shorewall6 state. If an error occurs during the
|
state. If an error occurs during the <emphasis role="bold">restart
|
||||||
<emphasis role="bold">restart</emphasis> phase, then a <emphasis
|
</emphasis> phase, then a <command>shorewall6 restore</command> is
|
||||||
role="bold">shorewall6 restore</emphasis> is performed using the
|
performed using the saved configuration. If an error occurs during
|
||||||
saved configuration. If an error occurs during the <emphasis
|
the <emphasis role="bold">start</emphasis> phase, then Shorewall6
|
||||||
role="bold">start</emphasis> phase, then Shorewall6 is cleared. If
|
is cleared. If the <emphasis role="bold">start</emphasis>/
|
||||||
the <emphasis role="bold">start</emphasis>/<emphasis
|
<emphasis role="bold">restart</emphasis> succeeds and a
|
||||||
role="bold">restart</emphasis> succeeds and a
|
|
||||||
<replaceable>timeout</replaceable> is specified then a <emphasis
|
<replaceable>timeout</replaceable> is specified then a <emphasis
|
||||||
role="bold">clear</emphasis> or <emphasis
|
role="bold">clear</emphasis> or <emphasis role="bold">restore
|
||||||
role="bold">restore</emphasis> is performed after
|
</emphasis> is performed after <replaceable>timeout</replaceable>
|
||||||
<replaceable>timeout</replaceable> seconds.</para>
|
seconds.</para>
|
||||||
|
|
||||||
<para>Beginning with Shorewall 4.5.0, the numeric
|
<para>Beginning with Shorewall 4.5.0, the numeric
|
||||||
<replaceable>timeout</replaceable> may optionally be followed by an
|
<replaceable>timeout</replaceable> may optionally be followed by an
|
||||||
@ -1779,7 +1788,7 @@
|
|||||||
options with non-defaults to a deprecated options section at the
|
options with non-defaults to a deprecated options section at the
|
||||||
bottom of the file. Your existing
|
bottom of the file. Your existing
|
||||||
<filename>shorewall6.conf</filename> file is renamed
|
<filename>shorewall6.conf</filename> file is renamed
|
||||||
<filename>shorewall6.conf.bak.</filename></para>
|
<filename>shorewall6.conf.bak</filename>.</para>
|
||||||
|
|
||||||
<para>The <option>-a</option> option causes the updated
|
<para>The <option>-a</option> option causes the updated
|
||||||
<filename>shorewall6.conf</filename> file to be annotated with
|
<filename>shorewall6.conf</filename> file to be annotated with
|
||||||
@ -1805,8 +1814,8 @@
|
|||||||
updated, the original is saved in a .bak file in the same
|
updated, the original is saved in a .bak file in the same
|
||||||
directory.</para>
|
directory.</para>
|
||||||
|
|
||||||
<para>The -i option was added in Shorewall 4.6.0 and causes a
|
<para>The <option>-i</option> option was added in Shorewall 4.6.0
|
||||||
warning message to be issued if the line current line contains
|
and causes a warning message to be issued if the line current line contains
|
||||||
alternative input specifications following a semicolon (";"). Such
|
alternative input specifications following a semicolon (";"). Such
|
||||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||||
<ulink
|
<ulink
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user