mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-22 15:43:30 +01:00
Patches for Shorewall6 manpage from Thomas D
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
c4171a92f6
commit
22ac37b51e
@ -699,7 +699,7 @@
|
||||
used for debugging. See <ulink
|
||||
url="/starting_and_stopping_shorewall.htm#Trace">http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace</ulink>.</para>
|
||||
|
||||
<para>The nolock <option>option</option> prevents the command from
|
||||
<para>The <option>nolock</option> option prevents the command from
|
||||
attempting to acquire the Shorewall6 lockfile. It is useful if you need to
|
||||
include <command>shorewall6</command> commands in
|
||||
<filename>/etc/shorewall6/started</filename>.</para>
|
||||
@ -779,12 +779,13 @@
|
||||
<para>Compiles the configuration in the specified
|
||||
<emphasis>directory</emphasis> and discards the compiled output
|
||||
script. If no <emphasis>directory</emphasis> is given, then
|
||||
/etc/shorewall6 is assumed.</para>
|
||||
<filename class="directory">/etc/shorewall6</filename> is
|
||||
assumed.</para>
|
||||
|
||||
<para>The <emphasis role="bold">-e</emphasis> option causes the
|
||||
<para>The <option>-e</option> option causes the
|
||||
compiler to look for a file named capabilities. This file is
|
||||
produced using the command <emphasis role="bold">shorewall6-lite
|
||||
show -f capabilities > capabilities</emphasis> on a system with
|
||||
produced using the command <command>shorewall6-lite
|
||||
show -f capabilities > capabilities</command> on a system with
|
||||
Shorewall6 Lite installed.</para>
|
||||
|
||||
<para>The <option>-d</option> option causes the compiler to be run
|
||||
@ -802,8 +803,8 @@
|
||||
and causes a Perl stack trace to be included with each
|
||||
compiler-generated error and warning message.</para>
|
||||
|
||||
<para>The -i option was added in Shorewall 4.6.0 and causes a
|
||||
warning message to be issued if the line current line contains
|
||||
<para>The <option>-i</option> option was added in Shorewall 4.6.0
|
||||
and causes a warning message to be issued if the line current line contains
|
||||
alternative input specifications following a semicolon (";"). Such
|
||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||
<ulink
|
||||
@ -838,17 +839,17 @@
|
||||
compile -- -</command>) to suppress the 'Compiling...' message
|
||||
normally generated by <filename>/sbin/shorewall6</filename>.</para>
|
||||
|
||||
<para>When -e is specified, the compilation is being performed on a
|
||||
system other than where the compiled script will run. This option
|
||||
disables certain configuration options that require the script to be
|
||||
compiled where it is to be run. The use of -e requires the presence
|
||||
of a configuration file named <filename>capabilities</filename>
|
||||
which may be produced using the command <emphasis
|
||||
role="bold">shorewall6-lite show -f capabilities >
|
||||
capabilities</emphasis> on a system with Shorewall6 Lite
|
||||
<para>When <option>-e</option> is specified, the compilation is
|
||||
being performed on a system other than where the compiled script will
|
||||
run. This option disables certain configuration options that require
|
||||
the script to be compiled where it is to be run. The use of
|
||||
<option>-e</option> requires the presence of a configuration file named
|
||||
<filename>capabilities</filename> which may be produced using the
|
||||
command <command>shorewall6-lite show -f capabilities >
|
||||
capabilities</command> on a system with Shorewall6 Lite
|
||||
installed.</para>
|
||||
|
||||
<para>The <emphasis role="bold">-c</emphasis> option was added in
|
||||
<para>The <option>-c</option> option was added in
|
||||
Shorewall 4.5.17 and causes conditional compilation of a script. The
|
||||
script specified by <replaceable>pathname</replaceable> (or implied
|
||||
if <emphasis role="bold">pathname</emphasis> is omitted) is compiled
|
||||
@ -869,8 +870,8 @@
|
||||
and causes a Perl stack trace to be included with each
|
||||
compiler-generated error and warning message.</para>
|
||||
|
||||
<para>The -i option was added in Shorewall 4.6.0 and causes a
|
||||
warning message to be issued if the line current line contains
|
||||
<para>The <option>-i</option> option was added in Shorewall 4.6.0
|
||||
and causes a warning message to be issued if the line current line contains
|
||||
alternative input specifications following a semicolon (";"). Such
|
||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||
<ulink
|
||||
@ -938,13 +939,14 @@
|
||||
<para>Produces a verbose report about the firewall configuration for
|
||||
the purpose of problem analysis.</para>
|
||||
|
||||
<para>The <emphasis role="bold">-x</emphasis> option causes actual
|
||||
<para>The <option>-x</option> option causes actual
|
||||
packet and byte counts to be displayed. Without that option, these
|
||||
counts are abbreviated. The <emphasis role="bold">-m</emphasis>
|
||||
option causes any MAC addresses included in Shorewall6 log messages
|
||||
to be displayed.</para>
|
||||
counts are abbreviated.</para>
|
||||
|
||||
<para>The <emphasis role="bold">-l</emphasis> option causes the rule
|
||||
<para>The <option>-m</option> option causes any MAC addresses
|
||||
included in Shorewall6 log messages to be displayed.</para>
|
||||
|
||||
<para>The <option>-l</option> option causes the rule
|
||||
number for each Netfilter rule to be displayed.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -998,8 +1000,9 @@
|
||||
<term><emphasis role="bold">forget</emphasis></term>
|
||||
|
||||
<listitem>
|
||||
<para>Deletes /var/lib/shorewall6/<emphasis>filename</emphasis> and
|
||||
/var/lib/shorewall6/save. If no <emphasis>filename</emphasis> is
|
||||
<para>Deletes <filename>/var/lib/shorewall6/<replaceable>filename
|
||||
</replaceable></filename> and <filename>/var/lib/shorewall6/save
|
||||
</filename>. If no <emphasis>filename</emphasis> is
|
||||
given then the file specified by RESTOREFILE in <ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) is
|
||||
assumed.</para>
|
||||
@ -1059,14 +1062,14 @@
|
||||
Shorewall6 Lite on <replaceable>system</replaceable> is started via
|
||||
ssh.</para>
|
||||
|
||||
<para>If <emphasis role="bold">-s</emphasis> is specified and the
|
||||
<para>If <option>-s</option> is specified and the
|
||||
<emphasis role="bold">start</emphasis> command succeeds, then the
|
||||
remote Shorewall6-lite configuration is saved by executing <emphasis
|
||||
role="bold">shorewall6-lite save</emphasis> via ssh.</para>
|
||||
remote Shorewall6-lite configuration is saved by executing
|
||||
<command>shorewall6-lite save</command> via ssh.</para>
|
||||
|
||||
<para>if <emphasis role="bold">-c</emphasis> is included, the
|
||||
command <emphasis role="bold">shorewall6-lite show capabilities -f
|
||||
> /var/lib/shorewall6-lite/capabilities</emphasis> is executed
|
||||
<para>if <option>-c</option> is included, the
|
||||
command <command>shorewall6-lite show capabilities -f
|
||||
> /var/lib/shorewall6-lite/capabilities</command> is executed
|
||||
via ssh then the generated file is copied to
|
||||
<replaceable>directory</replaceable> using scp. This step is
|
||||
performed before the configuration is compiled.</para>
|
||||
@ -1079,8 +1082,8 @@
|
||||
and causes a Perl stack trace to be included with each
|
||||
compiler-generated error and warning message.</para>
|
||||
|
||||
<para>The -i option was added in Shorewall 4.6.0 and causes a
|
||||
warning message to be issued if the line current line contains
|
||||
<para>The <option>-i</option> option was added in Shorewall 4.6.0
|
||||
and causes a warning message to be issued if the line current line contains
|
||||
alternative input specifications following a semicolon (";"). Such
|
||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||
<ulink
|
||||
@ -1108,7 +1111,7 @@
|
||||
<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) and
|
||||
produces an audible alarm when new Shorewall6 messages are logged.
|
||||
The <emphasis role="bold">-m</emphasis> option causes the MAC
|
||||
The <option>-m</option> option causes the MAC
|
||||
address of each packet source to be displayed if that information is
|
||||
available. The <replaceable>refresh-interval</replaceable> specifies
|
||||
the time in seconds between screen refreshes. You can enter a
|
||||
@ -1152,11 +1155,11 @@
|
||||
performed by <command>refresh</command> with the exception that
|
||||
<command>refresh</command> only recreates the chains specified in
|
||||
the command while <command>restart</command> recreates the entire
|
||||
Netfilter ruleset.When no chain name is given to the <emphasis
|
||||
role="bold">refresh</emphasis> command, the mangle table is
|
||||
Netfilter ruleset.When no chain name is given to the
|
||||
<command>refresh</command> command, the mangle table is
|
||||
refreshed along with the blacklist chain (if any). This allows you
|
||||
to modify <filename>/etc/shorewall6/tcrules</filename>and install
|
||||
the changes using <emphasis role="bold">refresh</emphasis>.</para>
|
||||
the changes using <command>refresh</command>.</para>
|
||||
|
||||
<para>The listed chains are assumed to be in the filter table. You
|
||||
can refresh chains in other tables by prefixing the chain name with
|
||||
@ -1168,15 +1171,15 @@
|
||||
<para>The <option>-n</option> option was added in Shorewall 4.5.3
|
||||
causes Shorewall to avoid updating the routing table(s).</para>
|
||||
|
||||
<para>The <option>-d </option>option was added in Shorewall 4.5.3
|
||||
<para>The <option>-d</option> option was added in Shorewall 4.5.3
|
||||
causes the compiler to run under the Perl debugger.</para>
|
||||
|
||||
<para>The <option>-T</option> option was added in Shorewall 4.5.3
|
||||
and causes a Perl stack trace to be included with each
|
||||
compiler-generated error and warning message.</para>
|
||||
|
||||
<para>The -i option was added in Shorewall 4.6.0 and causes a
|
||||
warning message to be issued if the line current line contains
|
||||
<para>The <option>-i</option> option was added in Shorewall 4.6.0
|
||||
and causes a warning message to be issued if the line current line contains
|
||||
alternative input specifications following a semicolon (";"). Such
|
||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||
<ulink
|
||||
@ -1186,7 +1189,12 @@
|
||||
and causes Shorewall to look in the given
|
||||
<emphasis>directory</emphasis> first for configuration files.</para>
|
||||
|
||||
<para>Example:<programlisting><command>shorewall6 refresh net2fw nat:net_dnat</command> #Refresh the 'net2loc' chain in the filter table and the 'net_dnat' chain in the nat table</programlisting></para>
|
||||
<example>
|
||||
<title>Refresh the 'net-fw' chain in the filter table and the
|
||||
'net_dnat' chain in the nat table</title>
|
||||
<programlisting><command>shorewall6 refresh net-fw nat:net_dnat
|
||||
</command></programlisting>
|
||||
</example>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1216,14 +1224,14 @@
|
||||
Shorewall6 Lite on <emphasis>system</emphasis> is restarted via
|
||||
ssh.</para>
|
||||
|
||||
<para>If <emphasis role="bold">-s</emphasis> is specified and the
|
||||
<emphasis role="bold">restart</emphasis> command succeeds, then the
|
||||
remote Shorewall6-lite configuration is saved by executing <emphasis
|
||||
role="bold">shorewall6-lite save</emphasis> via ssh.</para>
|
||||
<para>If <option>-s</option> is specified and the
|
||||
<command>restart</command> command succeeds, then the
|
||||
remote Shorewall6-lite configuration is saved by executing
|
||||
<command>shorewall6-lite save</command> via ssh.</para>
|
||||
|
||||
<para>if <emphasis role="bold">-c</emphasis> is included, the
|
||||
command <emphasis role="bold">shorewall6-lite show capabilities -f
|
||||
> /var/lib/shorewall6-lite/capabilities</emphasis> is executed
|
||||
<para>if <option>-c</option> is included, the
|
||||
command <command>shorewall6-lite show capabilities -f
|
||||
> /var/lib/shorewall6-lite/capabilities</command> is executed
|
||||
via ssh then the generated file is copied to
|
||||
<emphasis>directory</emphasis> using scp. This step is performed
|
||||
before the configuration is compiled.</para>
|
||||
@ -1236,8 +1244,8 @@
|
||||
and causes a Perl stack trace to be included with each
|
||||
compiler-generated error and warning message.</para>
|
||||
|
||||
<para>The -i option was added in Shorewall 4.6.0 and causes a
|
||||
warning message to be issued if the line current line contains
|
||||
<para>The <option>-i</option> option was added in Shorewall 4.6.0
|
||||
and causes a warning message to be issued if the line current line contains
|
||||
alternative input specifications following a semicolon (";"). Such
|
||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||
<ulink
|
||||
@ -1261,8 +1269,8 @@
|
||||
<term><emphasis role="bold">restart</emphasis></term>
|
||||
|
||||
<listitem>
|
||||
<para>Restart is similar to <emphasis role="bold">shorewall6
|
||||
start</emphasis> except that it assumes that the firewall is already
|
||||
<para>Restart is similar to <command>shorewall6
|
||||
start</command> except that it assumes that the firewall is already
|
||||
started. Existing connections are maintained. If a
|
||||
<emphasis>directory</emphasis> is included in the command,
|
||||
Shorewall6 will look in that <emphasis>directory</emphasis> first
|
||||
@ -1275,27 +1283,28 @@
|
||||
table to be flushed; the <command>conntrack</command> utility must
|
||||
be installed to use this option.</para>
|
||||
|
||||
<para>The <option>-d </option>option causes the compiler to run
|
||||
<para>The <option>-d</option> option causes the compiler to run
|
||||
under the Perl debugger.</para>
|
||||
|
||||
<para>The <option>-f</option> option suppresses the compilation step
|
||||
and simply reused the compiled script which last started/restarted
|
||||
Shorewall, provided that /etc/shorewall6 and its contents have not
|
||||
Shorewall, provided that <filename class="directory">/etc/shorewall6
|
||||
</filename> and its contents have not
|
||||
been modified since the last start/restart.</para>
|
||||
|
||||
<para>The <option>-c</option> option was added in Shorewall 4.4.20
|
||||
and performs the compilation step unconditionally, overriding the
|
||||
AUTOMAKE setting in <ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).
|
||||
When both <option>-f</option> and <option>-c </option>are present,
|
||||
When both <option>-f</option> and <option>-c</option> are present,
|
||||
the result is determined by the option that appears last.</para>
|
||||
|
||||
<para>The <option>-T</option> option was added in Shorewall 4.5.3
|
||||
and causes a Perl stack trace to be included with each
|
||||
compiler-generated error and warning message.</para>
|
||||
|
||||
<para>The -i option was added in Shorewall 4.6.0 and causes a
|
||||
warning message to be issued if the line current line contains
|
||||
<para>The <option>-i</option> option was added in Shorewall 4.6.0
|
||||
and causes a warning message to be issued if the line current line contains
|
||||
alternative input specifications following a semicolon (";"). Such
|
||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||
<ulink
|
||||
@ -1315,12 +1324,12 @@
|
||||
<term><emphasis role="bold">restore</emphasis></term>
|
||||
|
||||
<listitem>
|
||||
<para>Restore Shorewall6 to a state saved using the <emphasis
|
||||
role="bold">shorewall6 save</emphasis> command. Existing connections
|
||||
<para>Restore Shorewall6 to a state saved using the
|
||||
<command>shorewall6 save</command> command. Existing connections
|
||||
are maintained. The <emphasis>filename</emphasis> names a restore
|
||||
file in /var/lib/shorewall6 created using <emphasis
|
||||
role="bold">shorewall6 save</emphasis>; if no
|
||||
<emphasis>filename</emphasis> is given then Shorewall6 will be
|
||||
file in <filename class="directory">/var/lib/shorewall6</filename>
|
||||
created using <command>shorewall6 save</command>;
|
||||
if no <emphasis>filename</emphasis> is given then Shorewall6 will be
|
||||
restored from the file specified by the RESTOREFILE option in <ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
|
||||
|
||||
@ -1333,8 +1342,8 @@
|
||||
</caution>
|
||||
|
||||
<para>The <option>-C</option> option was added in Shorewall 4.6.5.
|
||||
If the <option>-C</option> option was specified during <emphasis
|
||||
role="bold">shorewall6 save</emphasis>, then the counters saved by
|
||||
If the <option>-C</option> option was specified during
|
||||
<command>shorewall6 save</command>, then the counters saved by
|
||||
that operation will be restored.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -1357,12 +1366,9 @@
|
||||
<para>If there are files in the CONFIG_PATH that were modified after
|
||||
the current firewall script was generated, the following warning
|
||||
message is issued before the script's run command is
|
||||
executed:</para>
|
||||
|
||||
<simplelist>
|
||||
<member>WARNING: /var/lib/shorewall6/firewall is not up to
|
||||
date</member>
|
||||
</simplelist>
|
||||
executed:
|
||||
<screen>WARNING: /var/lib/shorewall6/firewall is not up to
|
||||
date</screen></para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1371,9 +1377,10 @@
|
||||
|
||||
<listitem>
|
||||
<para>Only allowed if Shorewall6 is running. The current
|
||||
configuration is saved in /var/lib/shorewall6/safe-restart (see the
|
||||
save command below) then a <emphasis role="bold">shorewall6
|
||||
restart</emphasis> is done. You will then be prompted asking if you
|
||||
configuration is saved in <filename>/var/lib/shorewall6/safe-restart
|
||||
</filename> (see the <emphasis role="bold">save</emphasis>
|
||||
command below) then a <command>shorewall6 restart</command> is
|
||||
done. You will then be prompted asking if you
|
||||
want to accept the new configuration or not. If you answer "n" or if
|
||||
you fail to answer within 60 seconds (such as when your new
|
||||
configuration has disabled communication with your terminal), the
|
||||
@ -1417,13 +1424,14 @@
|
||||
<term><emphasis role="bold">save</emphasis></term>
|
||||
|
||||
<listitem>
|
||||
<para>The dynamic blacklist is stored in /var/lib/shorewall6/save.
|
||||
The state of the firewall is stored in
|
||||
/var/lib/shorewall6/<emphasis>filename</emphasis> for use by the
|
||||
<emphasis role="bold">shorewall6 restore</emphasis> and <emphasis
|
||||
role="bold">shorewall6 -f start</emphasis> commands. If
|
||||
<emphasis>filename</emphasis> is not given then the state is saved
|
||||
in the file specified by the RESTOREFILE option in <ulink
|
||||
<para>The dynamic blacklist is stored in <filename>
|
||||
/var/lib/shorewall6/save</filename>.
|
||||
The state of the firewall is stored in <filename>
|
||||
/var/lib/shorewall6/<replaceable>filename</replaceable></filename>
|
||||
for use by the <command>shorewall6 restore</command> and <command>
|
||||
shorewall6 -f start</command> commands. If <emphasis>filename
|
||||
</emphasis> is not given then the state is saved in the file
|
||||
specified by the RESTOREFILE option in <ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
|
||||
|
||||
<para>The <option>-C</option> option, added in Shorewall 4.6.5,
|
||||
@ -1455,7 +1463,7 @@
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.6.2. Displays the dynamic chain
|
||||
along with any chains produced by entries in
|
||||
shorewall-blrules(5).The <emphasis role="bold">-x</emphasis>
|
||||
shorewall-blrules(5).The <option>-x</option>
|
||||
option is passed directly through to ip6tables and causes
|
||||
actual packet and byte counts to be displayed. Without this
|
||||
option, those counts are abbreviated.</para>
|
||||
@ -1467,9 +1475,9 @@
|
||||
|
||||
<listitem>
|
||||
<para>Displays your kernel/ip6tables capabilities. The
|
||||
<emphasis role="bold">-f</emphasis> option causes the display
|
||||
to be formatted as a capabilities file for use with <emphasis
|
||||
role="bold">compile -e</emphasis>.</para>
|
||||
<option>-f</option> option causes the display
|
||||
to be formatted as a capabilities file for use with
|
||||
<command>shorewall6 compile -e</command>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1479,29 +1487,29 @@
|
||||
|
||||
<listitem>
|
||||
<para>The rules in each <emphasis>chain</emphasis> are
|
||||
displayed using the <emphasis role="bold">ip6tables
|
||||
-L</emphasis> <emphasis>chain</emphasis> <emphasis
|
||||
displayed using the <command>ip6tables
|
||||
-L</command> <emphasis>chain</emphasis> <emphasis
|
||||
role="bold">-n -v</emphasis> command. If no
|
||||
<emphasis>chain</emphasis> is given, all of the chains in the
|
||||
filter table are displayed. The <emphasis
|
||||
role="bold">-x</emphasis> option is passed directly through to
|
||||
ip6tables and causes actual packet and byte counts to be
|
||||
displayed. Without this option, those counts are abbreviated.
|
||||
The <emphasis role="bold">-t</emphasis> option specifies the
|
||||
filter table are displayed. The <option>-x</option> option is
|
||||
passed directly through to ip6tables and causes actual packet
|
||||
and byte counts to be displayed. Without this option, those
|
||||
counts are abbreviated.
|
||||
The <option>-t</option> option specifies the
|
||||
Netfilter table to display. The default is <emphasis
|
||||
role="bold">filter</emphasis>.</para>
|
||||
|
||||
<para>The <emphasis role="bold">-b</emphasis> ('brief') option
|
||||
<para>The <option>-b</option> ('brief') option
|
||||
causes rules which have not been used (i.e. which have zero
|
||||
packet and byte counts) to be omitted from the output. Chains
|
||||
with no rules displayed are also omitted from the
|
||||
output.</para>
|
||||
|
||||
<para>The <emphasis role="bold">-l</emphasis> option causes
|
||||
<para>The <option>-l</option> option causes
|
||||
the rule number for each Netfilter rule to be
|
||||
displayed.</para>
|
||||
|
||||
<para>If the <emphasis role="bold">-t</emphasis> option and
|
||||
<para>If the <option>-t</option> option and
|
||||
the <option>chain</option> keyword are both omitted and any of
|
||||
the listed <replaceable>chain</replaceable>s do not exist, a
|
||||
usage message is displayed.</para>
|
||||
@ -1569,7 +1577,7 @@
|
||||
<para>Displays the last 20 Shorewall6 messages from the log
|
||||
file specified by the LOGFILE option in <ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).
|
||||
The <emphasis role="bold">-m</emphasis> option causes the MAC
|
||||
The <option>-m</option> option causes the MAC
|
||||
address of each packet source to be displayed if that
|
||||
information is available.</para>
|
||||
</listitem>
|
||||
@ -1589,8 +1597,8 @@
|
||||
|
||||
<listitem>
|
||||
<para>Displays the Netfilter mangle table using the command
|
||||
<emphasis role="bold">ip6tables -t mangle -L -n
|
||||
-v</emphasis>.The <emphasis role="bold">-x</emphasis> option
|
||||
<command>ip6tables -t mangle -L -n
|
||||
-v</command>.The <option>-x</option> option
|
||||
is passed directly through to ip6tables and causes actual
|
||||
packet and byte counts to be displayed. Without this option,
|
||||
those counts are abbreviated.</para>
|
||||
@ -1657,22 +1665,24 @@
|
||||
only if they are allowed by the firewall rules or policies. If a
|
||||
<replaceable>directory</replaceable> is included in the command,
|
||||
Shorewall6 will look in that <emphasis>directory</emphasis> first
|
||||
for configuration files. If <emphasis role="bold">-f</emphasis> is
|
||||
for configuration files. If <option>-f</option> is
|
||||
specified, the saved configuration specified by the RESTOREFILE
|
||||
option in <ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)
|
||||
will be restored if that saved configuration exists and has been
|
||||
modified more recently than the files in /etc/shorewall6. When
|
||||
<emphasis role="bold">-f</emphasis> is given, a
|
||||
<replaceable>directory</replaceable> may not be specified.</para>
|
||||
modified more recently than the files in <filename
|
||||
class="directory">/etc/shorewall6</filename>. When <option>-f
|
||||
</option> is given, a <replaceable>directory</replaceable> may
|
||||
not be specified.</para>
|
||||
|
||||
<para>Update: In Shorewall6 4.4.20, a new LEGACY_FASTSTART option
|
||||
was added to <ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).
|
||||
When LEGACY_FASTSTART=No, the modification times of files in
|
||||
/etc/shorewall6 are compared with that of
|
||||
/var/lib/shorewall6/firewall (the compiled script that last
|
||||
started/restarted the firewall).</para>
|
||||
<filename class="directory">/etc/shorewall6</filename> are
|
||||
compared with that of <filename>/var/lib/shorewall6/firewall
|
||||
</filename> (the compiled script that last started/restarted the
|
||||
firewall).</para>
|
||||
|
||||
<para>The <option>-n</option> option causes Shorewall6 to avoid
|
||||
updating the routing table(s).</para>
|
||||
@ -1681,15 +1691,15 @@
|
||||
and performs the compilation step unconditionally, overriding the
|
||||
AUTOMAKE setting in <ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).
|
||||
When both <option>-f</option> and <option>-c </option>are present,
|
||||
When both <option>-f</option> and <option>-c</option> are present,
|
||||
the result is determined by the option that appears last.</para>
|
||||
|
||||
<para>The <option>-T</option> option was added in Shorewall 4.5.3
|
||||
and causes a Perl stack trace to be included with each
|
||||
compiler-generated error and warning message.</para>
|
||||
|
||||
<para>The -i option was added in Shorewall 4.6.0 and causes a
|
||||
warning message to be issued if the line current line contains
|
||||
<para>The <option>-i</option> option was added in Shorewall 4.6.0
|
||||
and causes a warning message to be issued if the line current line contains
|
||||
alternative input specifications following a semicolon (";"). Such
|
||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||
<ulink
|
||||
@ -1698,8 +1708,8 @@
|
||||
<para>The <option>-C</option> option was added in Shorewall 4.6.5
|
||||
and is only meaningful when the <option>-f</option> option is also
|
||||
specified. If the previously-saved configuration is restored, and if
|
||||
the <option>-C</option> option was also specified in the <emphasis
|
||||
role="bold">save</emphasis> command, then the packet and byte
|
||||
the <option>-C</option> option was also specified in the
|
||||
<command>save</command> command, then the packet and byte
|
||||
counters will be restored along with the chains and rules.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -1727,7 +1737,7 @@
|
||||
<para>Produces a short report about the state of the
|
||||
Shorewall6-configured firewall.</para>
|
||||
|
||||
<para>The <option>-i </option>option was added in Shorewall 4.6.2
|
||||
<para>The <option>-i</option> option was added in Shorewall 4.6.2
|
||||
and causes the status of each optional or provider interface to be
|
||||
displayed.</para>
|
||||
</listitem>
|
||||
@ -1746,19 +1756,18 @@
|
||||
role="bold">start</emphasis> command is performed using the
|
||||
specified configuration <replaceable>directory</replaceable>. if an
|
||||
error occurs during the compilation phase of the <emphasis
|
||||
role="bold">restart</emphasis> or <emphasis
|
||||
role="bold">start</emphasis>, the command terminates without
|
||||
changing the Shorewall6 state. If an error occurs during the
|
||||
<emphasis role="bold">restart</emphasis> phase, then a <emphasis
|
||||
role="bold">shorewall6 restore</emphasis> is performed using the
|
||||
saved configuration. If an error occurs during the <emphasis
|
||||
role="bold">start</emphasis> phase, then Shorewall6 is cleared. If
|
||||
the <emphasis role="bold">start</emphasis>/<emphasis
|
||||
role="bold">restart</emphasis> succeeds and a
|
||||
role="bold">restart</emphasis> or <emphasis role="bold">start
|
||||
</emphasis>, the command terminates without changing the Shorewall6
|
||||
state. If an error occurs during the <emphasis role="bold">restart
|
||||
</emphasis> phase, then a <command>shorewall6 restore</command> is
|
||||
performed using the saved configuration. If an error occurs during
|
||||
the <emphasis role="bold">start</emphasis> phase, then Shorewall6
|
||||
is cleared. If the <emphasis role="bold">start</emphasis>/
|
||||
<emphasis role="bold">restart</emphasis> succeeds and a
|
||||
<replaceable>timeout</replaceable> is specified then a <emphasis
|
||||
role="bold">clear</emphasis> or <emphasis
|
||||
role="bold">restore</emphasis> is performed after
|
||||
<replaceable>timeout</replaceable> seconds.</para>
|
||||
role="bold">clear</emphasis> or <emphasis role="bold">restore
|
||||
</emphasis> is performed after <replaceable>timeout</replaceable>
|
||||
seconds.</para>
|
||||
|
||||
<para>Beginning with Shorewall 4.5.0, the numeric
|
||||
<replaceable>timeout</replaceable> may optionally be followed by an
|
||||
@ -1779,7 +1788,7 @@
|
||||
options with non-defaults to a deprecated options section at the
|
||||
bottom of the file. Your existing
|
||||
<filename>shorewall6.conf</filename> file is renamed
|
||||
<filename>shorewall6.conf.bak.</filename></para>
|
||||
<filename>shorewall6.conf.bak</filename>.</para>
|
||||
|
||||
<para>The <option>-a</option> option causes the updated
|
||||
<filename>shorewall6.conf</filename> file to be annotated with
|
||||
@ -1805,8 +1814,8 @@
|
||||
updated, the original is saved in a .bak file in the same
|
||||
directory.</para>
|
||||
|
||||
<para>The -i option was added in Shorewall 4.6.0 and causes a
|
||||
warning message to be issued if the line current line contains
|
||||
<para>The <option>-i</option> option was added in Shorewall 4.6.0
|
||||
and causes a warning message to be issued if the line current line contains
|
||||
alternative input specifications following a semicolon (";"). Such
|
||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||
<ulink
|
||||
|
Loading…
Reference in New Issue
Block a user