extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-08 00:34:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Include full syntax in lists of CLI commands

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2015-04-07 09:23:58 -07:00
parent 23137e5e8a
commit 27c1ffc5fb
4 changed files with 472 additions and 210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
Shorewall-lite/manpages/shorewall-lite.xml
View File

@ -326,8 +326,6 @@
<arg><option>-n</option></arg>
<arg><option>-p</option><arg><option>-C</option></arg></arg>
<arg><replaceable>directory</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
@ -613,7 +611,10 @@
<variablelist>
<varlistentry>
<term><emphasis role="bold">add</emphasis></term>
<term><emphasis role="bold">add </emphasis>{
<replaceable>interface</replaceable>[:<replaceable>host-list</replaceable>]...
<replaceable>zone</replaceable> | <replaceable>zone</replaceable>
<replaceable>host-list</replaceable> }</term>
<listitem>
<para>Adds a list of hosts or subnets to a dynamic zone usually used
@ -638,7 +639,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">allow</emphasis></term>
<term><emphasis role="bold">allow
</emphasis><replaceable>address</replaceable></term>
<listitem>
<para>Re-enables receipt of packets from hosts previously
@ -650,7 +652,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">clear</emphasis></term>
<term><emphasis role="bold">clear
</emphasis>[-<option>f</option>]</term>
<listitem>
<para>Clear will remove all rules and chains installed by
@ -688,7 +691,10 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">delete</emphasis></term>
<term><emphasis role="bold">delete </emphasis>{
<replaceable>interface</replaceable>[:<replaceable>host-list</replaceable>]...
<replaceable>zone</replaceable> | <replaceable>zone</replaceable>
<replaceable>host-list</replaceable> }</term>
<listitem>
<para>The delete command reverses the effect of an earlier <emphasis
@ -703,7 +709,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">disable</emphasis></term>
<term><emphasis role="bold">disable </emphasis>{
<replaceable>interface</replaceable> |
<replaceable>provider</replaceable> }</term>
<listitem>
<para>Added in Shorewall 4.4.26. Disables the optional provider
@ -715,7 +723,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">drop</emphasis></term>
<term><emphasis role="bold">drop
</emphasis><replaceable>address</replaceable></term>
<listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es
@ -724,7 +733,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">dump</emphasis></term>
<term><emphasis role="bold">dump </emphasis>[-<option>x</option>]
[-<option>l</option>] [-<option>m</option>]
[-<option>c</option>]</term>
<listitem>
<para>Produces a verbose report about the firewall configuration for
@ -745,7 +756,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">enable</emphasis></term>
<term><emphasis role="bold">enable </emphasis>{
<replaceable>interface</replaceable> |
<replaceable>provider</replaceable> }</term>
<listitem>
<para>Added in Shorewall 4.4.26. Enables the optional provider
@ -757,7 +770,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">forget</emphasis></term>
<term><emphasis role="bold">forget </emphasis>[
<replaceable>filename</replaceable> ]</term>
<listitem>
<para>Deletes /var/lib/shorewall-lite/<emphasis>filename</emphasis>
@ -778,7 +792,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">hits</emphasis></term>
<term><emphasis role="bold">hits </emphasis> [-<option>t</option>]
</term>
<listitem>
<para>Generates several reports from Shorewall-lite log messages in
@ -788,7 +803,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">ipcalc</emphasis></term>
<term><emphasis role="bold">ipcalc </emphasis>{ address mask |
address/vlsm }</term>
<listitem>
<para>Ipcalc displays the network address, broadcast address,
@ -798,7 +814,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">iprange</emphasis></term>
<term><emphasis role="bold">iprange
</emphasis><replaceable>address1</replaceable>-<replaceable>address2</replaceable></term>
<listitem>
<para>Iprange decomposes the specified range of IP addresses into
@ -807,7 +824,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">iptrace</emphasis></term>
<term><emphasis role="bold">iptrace </emphasis><replaceable>iptables
match expression</replaceable></term>
<listitem>
<para>This is a low-level debugging command that causes iptables
@ -835,7 +853,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">logdrop</emphasis></term>
<term><emphasis role="bold">logdrop
</emphasis><replaceable>address</replaceable></term>
<listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es
@ -846,7 +865,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">logwatch</emphasis></term>
<term><emphasis role="bold">logwatch </emphasis>[-<option>m</option>]
[<replaceable>refresh-interval</replaceable>]</term>
<listitem>
<para>Monitors the log file specified by the LOGFILE option in
@ -865,7 +885,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">logreject</emphasis></term>
<term><emphasis role="bold">logreject
</emphasis><replaceable>address</replaceable></term>
<listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es
@ -885,7 +906,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">noiptrace</emphasis></term>
<term><emphasis role="bold">noiptrace </emphasis><replaceable>iptables
match expression</replaceable></term>
<listitem>
<para>This is a low-level debugging command that cancels a trace
@ -937,16 +959,30 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">reset</emphasis></term>
<term><emphasis role="bold">reject</emphasis><replaceable>
address</replaceable></term>
<listitem>
<para>All the packet and byte counters in the firewall are
reset.</para>
<para>Causes traffic from the listed <emphasis>address</emphasis>es
to be silently rejected.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">restart</emphasis></term>
<term><emphasis role="bold">reset [<replaceable>chain</replaceable>,
...]</emphasis><acronym></acronym></term>
<listitem>
<para>Resets the packet and byte counters in the specified
<replaceable>chain</replaceable>(s). If no
<replaceable>chain</replaceable> is specified, all the packet and
byte counters in the firewall are reset.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">restart </emphasis>[-n] [-p]
[-<option>C</option>]</term>
<listitem>
<para>Restart is similar to <emphasis role="bold">shorewall-lite
@ -969,7 +1005,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">restore</emphasis></term>
<term><emphasis role="bold">restore </emphasis>[-<option>n</option>]
[-<option>p</option>] [-<option>C</option>] [
<replaceable>filename</replaceable> ]</term>
<listitem>
<para>Restore Shorewall-lite to a state saved using the <emphasis
@ -989,6 +1027,14 @@
different from the current values.</para>
</caution>
<para>The <option>-n</option> option causes Shorewall to avoid
updating the routing table(s).</para>
<para>The <option>-p</option> option, added in Shorewall 4.6.5,
causes the connection tracking table to be flushed; the
<command>conntrack</command> utility must be installed to use this
option.</para>
<para>The <option>-C</option> option was added in Shorewall 4.6.5.
If the <option>-C</option> option was specified during <emphasis
role="bold">shorewall save</emphasis>, then the counters saved by
@ -997,7 +1043,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">run</emphasis></term>
<term><emphasis role="bold">run
</emphasis><replaceable>command</replaceable> [
<replaceable>parameter</replaceable> ... ]</term>
<listitem>
<para>Added in Shorewall 4.6.3. Executes
@ -1014,7 +1062,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">save</emphasis></term>
<term><emphasis role="bold">save </emphasis>[-<option>C</option>] [
<replaceable>filename</replaceable> ]</term>
<listitem>
<para>The dynamic blacklist is stored in
@ -1054,7 +1103,8 @@
<variablelist>
<varlistentry>
<term><emphasis role="bold">bl|blacklists</emphasis></term>
<term><emphasis role="bold">bl|blacklists
</emphasis>[-<option>x</option>]</term>
<listitem>
<para>Added in Shorewall 4.6.2. Displays the dynamic chain
@ -1067,7 +1117,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">capabilities</emphasis></term>
<term>[-<option>f</option>] <emphasis
role="bold">capabilities</emphasis></term>
<listitem>
<para>Displays your kernel/iptables capabilities. The
@ -1078,8 +1129,10 @@
</varlistentry>
<varlistentry>
<term>[ [ <option>chain</option> ] <emphasis>chain</emphasis>...
]</term>
<term>[-<option>b</option>] [-<option>x</option>]
[-<option>l</option>] [-<option>t</option>
{<option>filter</option>|<option>mangle</option>|<option>nat</option>|<option>raw</option>|<option>rawpost</option>}]
[ <emphasis>chain</emphasis>... ]</term>
<listitem>
<para>The rules in each <emphasis>chain</emphasis> are
@ -1280,7 +1333,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">start</emphasis></term>
<term><emphasis role="bold">start</emphasis> [-<option>p</option>]
[-<option>n</option>] [<option>-f</option>]
[-<option>C</option>]</term>
<listitem>
<para>Start Shorewall Lite. Existing connections through
@ -1292,7 +1347,7 @@
table to be flushed; the <command>conntrack</command> utility must
be installed to use this option.</para>
<para>The <option>-m</option> option prevents the firewall script
<para>The <option>-n</option> option prevents the firewall script
from modifying the current routing configuration.</para>
<para>The <option>-f</option> option was added in Shorewall 4.6.5.

183
Shorewall/manpages/shorewall.xml
View File

@ -637,8 +637,6 @@
<arg choice="req"><option>show | list | ls </option></arg>
<arg>-c</arg>
<arg choice="plain"><option>event</option><arg
choice="plain"><replaceable>event</replaceable></arg></arg>
</cmdsynopsis>
@ -859,7 +857,10 @@
<variablelist>
<varlistentry>
<term><emphasis role="bold">add</emphasis></term>
<term><emphasis role="bold">add </emphasis>{
<replaceable>interface</replaceable>[:<replaceable>host-list</replaceable>]...
<replaceable>zone</replaceable> | <replaceable>zone</replaceable>
<replaceable>host-list</replaceable> }</term>
<listitem>
<para>Adds a list of hosts or subnets to a dynamic zone usually used
@ -891,7 +892,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">allow</emphasis></term>
<term><emphasis role="bold">allow</emphasis>
<replaceable>address</replaceable></term>
<listitem>
<para>Re-enables receipt of packets from hosts previously
@ -903,7 +905,10 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">check</emphasis></term>
<term><emphasis role="bold">check</emphasis> [-<option>e</option>]
[-<option>d</option>] [-<option>p</option>] [-<option>r</option>]
[-<option>T</option>] [-<option>i</option>]
[<replaceable>directory</replaceable>]</term>
<listitem>
<para>Compiles the configuration in the specified
@ -942,7 +947,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">clear</emphasis></term>
<term><emphasis role="bold">clear</emphasis>
[-<option>f</option>]</term>
<listitem>
<para>Clear will remove all rules and chains installed by Shorewall.
@ -980,7 +986,10 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">compile</emphasis></term>
<term><emphasis role="bold">compile </emphasis>[-<option>e</option>]
[-<option>c</option>] [-<option>d</option>] [-<option>p</option>]
[-<option>T</option>] [-<option>i</option>] [<replaceable> directory
</replaceable>] [<replaceable> pathname</replaceable> ]</term>
<listitem>
<para>Compiles the current configuration into the executable file
@ -1037,7 +1046,10 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">delete</emphasis></term>
<term><emphasis role="bold">delete </emphasis>{
<replaceable>interface</replaceable>[:<replaceable>host-list</replaceable>]...
<replaceable>zone</replaceable> | <replaceable>zone</replaceable>
<replaceable>host-list</replaceable> }</term>
<listitem>
<para>The delete command reverses the effect of an earlier <emphasis
@ -1061,7 +1073,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">disable</emphasis></term>
<term><emphasis role="bold">disable </emphasis>{
<replaceable>interface</replaceable> |
<replaceable>provider</replaceable> }</term>
<listitem>
<para>Added in Shorewall 4.4.26. Disables the optional provider
@ -1080,7 +1094,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">drop</emphasis></term>
<term><emphasis role="bold">drop</emphasis>
<replaceable>address</replaceable></term>
<listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es
@ -1089,7 +1104,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">dump</emphasis></term>
<term><emphasis role="bold">dump </emphasis> [-<option>x</option>]
[-<option>l</option>] [-<option>m</option>]
[-<option>c</option>]</term>
<listitem>
<para>Produces a verbose report about the firewall configuration for
@ -1111,7 +1128,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">enable</emphasis></term>
<term><emphasis role="bold">enable </emphasis>{
<replaceable>interface</replaceable> |
<replaceable>provider</replaceable> }</term>
<listitem>
<para>Added in Shorewall 4.4.26. Enables the optional provider
@ -1132,7 +1151,10 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">export</emphasis></term>
<term><emphasis role="bold">export </emphasis>[<replaceable>
directory1</replaceable> ] [<replaceable>
user</replaceable>@]<replaceable>system</replaceable>[:<replaceable>directory2</replaceable>
]</term>
<listitem>
<para>If <emphasis>directory1</emphasis> is omitted, the current
@ -1156,7 +1178,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">forget</emphasis></term>
<term><emphasis role="bold">forget</emphasis> [
<replaceable>filename</replaceable> ]</term>
<listitem>
<para>Deletes /var/lib/shorewall/<emphasis>filename</emphasis> and
@ -1176,7 +1199,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">hits</emphasis></term>
<term><emphasis role="bold">hits</emphasis> [-<option>t</option>]
</term>
<listitem>
<para>Generates several reports from Shorewall log messages in the
@ -1186,7 +1210,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">ipcalc</emphasis></term>
<term><emphasis role="bold">ipcalc</emphasis> { address mask |
address/vlsm }</term>
<listitem>
<para>Ipcalc displays the network address, broadcast address,
@ -1196,7 +1221,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">iprange</emphasis></term>
<term><emphasis role="bold">iprange
</emphasis><replaceable>address1</replaceable>-<replaceable>address2</replaceable></term>
<listitem>
<para>Iprange decomposes the specified range of IP addresses into
@ -1205,7 +1231,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">iptrace</emphasis></term>
<term><emphasis role="bold">iptrace</emphasis> <replaceable>iptables
match expression</replaceable></term>
<listitem>
<para>This is a low-level debugging command that causes iptables
@ -1232,7 +1259,11 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">load</emphasis></term>
<term><emphasis role="bold">load</emphasis> [-<option>s</option>]
[-<option>c</option>] [-<option>r</option>
<replaceable>root-user-name</replaceable>] [-<option>T</option>]
[-<option>i</option>] [ <replaceable>directory</replaceable> ]
<replaceable>system</replaceable></term>
<listitem>
<para>If <emphasis>directory</emphasis> is omitted, the current
@ -1287,7 +1318,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">logdrop</emphasis></term>
<term><emphasis role="bold">logdrop</emphasis>
<replaceable>address</replaceable></term>
<listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es
@ -1299,7 +1331,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">logwatch</emphasis></term>
<term><emphasis role="bold">logwatch </emphasis>[-<option>m</option>]
[<replaceable> refresh-interval </replaceable>]</term>
<listitem>
<para>Monitors the log file specified by the LOGFILE option in
@ -1317,7 +1350,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">logreject</emphasis></term>
<term><emphasis role="bold">logreject</emphasis><replaceable>
address</replaceable></term>
<listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es
@ -1338,7 +1372,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">noiptrace</emphasis></term>
<term><emphasis role="bold">noiptrace </emphasis><replaceable>iptables
match expression</replaceable></term>
<listitem>
<para>This is a low-level debugging command that cancels a trace
@ -1390,7 +1425,10 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">refresh</emphasis></term>
<term><emphasis role="bold">refresh </emphasis> [-<option>n</option>]
[-<option>d</option>] [-<option>T</option>] [-i] [-<option>D
</option><replaceable>directory</replaceable> ] [
<replaceable>chain</replaceable>... ]</term>
<listitem>
<para>All steps performed by <command>restart</command> are
@ -1442,7 +1480,21 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">reload</emphasis></term>
<term><emphasis role="bold">reject</emphasis><replaceable>
address</replaceable></term>
<listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es
to be silently rejected.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">reload </emphasis>[-<option>s</option>]
[-<option>c</option>] [-<option>r</option>
<replaceable>root-user-name</replaceable>] [-<option>T</option>]
[-<option>i</option>] [ <replaceable>directory</replaceable> ]
<replaceable>system</replaceable></term>
<listitem>
<para>If <emphasis>directory</emphasis> is omitted, the current
@ -1497,16 +1549,22 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">reset</emphasis></term>
<term><emphasis role="bold">reset [<replaceable>chain</replaceable>,
...]</emphasis><acronym></acronym></term>
<listitem>
<para>All the packet and byte counters in the firewall are
reset.</para>
<para>Resets the packet and byte counters in the specified
<replaceable>chain</replaceable>(s). If no
<replaceable>chain</replaceable> is specified, all the packet and
byte counters in the firewall are reset.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">restart</emphasis></term>
<term><emphasis role="bold">restart </emphasis>[-<option>n</option>]
[-<option>p</option>] [-<option>d</option>] [-<option>f</option>]
[-<option>c</option>] [-<option>T</option>] [-<option>i</option>]
[-<option>C</option>] [ <replaceable>directory</replaceable> ]</term>
<listitem>
<para>Restart is similar to <emphasis role="bold">shorewall
@ -1560,7 +1618,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">restore</emphasis></term>
<term><emphasis role="bold">restore </emphasis> [-<option>n</option>]
[-<option>p</option>] [-<option>C</option>] [
<replaceable>filename</replaceable> ]</term>
<listitem>
<para>Restore Shorewall to a state saved using the <emphasis
@ -1596,7 +1656,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">run</emphasis></term>
<term><emphasis role="bold">run
</emphasis><replaceable>command</replaceable> [
<replaceable>parameter</replaceable> ... ]</term>
<listitem>
<para>Added in Shorewall 4.6.3. Executes
@ -1622,7 +1684,10 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">safe-restart</emphasis></term>
<term><emphasis role="bold">safe-restart
</emphasis>[-<option>d</option>] [-<option>p</option>] [-<option>t
</option><replaceable>timeout</replaceable> ] [
<replaceable>directory</replaceable> ]</term>
<listitem>
<para>Only allowed if Shorewall is running. The current
@ -1647,7 +1712,10 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">safe-start</emphasis></term>
<term><emphasis role="bold">safe-start</emphasis><emphasis
role="bold"> </emphasis>[-<option>d</option>] [-<option>p</option>]
[-<option>t</option><replaceable>timeout</replaceable> ] [
<replaceable>directory</replaceable> ]</term>
<listitem>
<para>Shorewall is started normally. You will then be prompted
@ -1669,7 +1737,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">save</emphasis></term>
<term><emphasis role="bold">save </emphasis> [-<option>C</option>] [
<replaceable>filename</replaceable> ]</term>
<listitem>
<para>The dynamic blacklist is stored in /var/lib/shorewall/save.
@ -1719,7 +1788,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">bl|blacklists</emphasis></term>
<term><emphasis role="bold">bl|blacklists</emphasis>
[-<option>x</option>]</term>
<listitem>
<para>Added in Shorewall 4.6.2. Displays the dynamic chain
@ -1732,7 +1802,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">capabilities</emphasis></term>
<term>[-<option>f</option>] <emphasis
role="bold">capabilities</emphasis></term>
<listitem>
<para>Displays your kernel/iptables capabilities. The
@ -1743,8 +1814,10 @@
</varlistentry>
<varlistentry>
<term>[ [ <option>chain</option> ] <emphasis>chain</emphasis>...
]</term>
<term>[-<option>b</option>] [-<option>x</option>]
[-<option>l</option>] [-<option>t</option>
{<option>filter</option>|<option>mangle</option>|<option>nat</option>|<option>raw</option>|<option>rawpost</option>}]
[ <emphasis>chain</emphasis>... ]</term>
<listitem>
<para>The rules in each <emphasis>chain</emphasis> are
@ -1886,7 +1959,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">nat</emphasis></term>
<term>[-<option>x</option>] <emphasis
role="bold">nat</emphasis></term>
<listitem>
<para>Displays the Netfilter nat table using the command
@ -1921,7 +1995,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">routing</emphasis></term>
<term>[-<option>c</option>]<emphasis role="bold">
routing</emphasis></term>
<listitem>
<para>Displays the system's IPv4 routing configuration.
@ -1931,7 +2006,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">raw</emphasis></term>
<term>[-<option>x</option>] <emphasis
role="bold">raw</emphasis></term>
<listitem>
<para>Displays the Netfilter raw table using the command
@ -1965,7 +2041,11 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">start</emphasis></term>
<term><emphasis role="bold">start </emphasis><emphasis role="bold">
</emphasis>[-<option>n</option>] [-<option>p</option>]
[-<option>d</option>] [-<option>f</option>] [-<option>c</option>]
[-<option>T</option>] [-<option>i</option>] [-<option>C</option>] [
<replaceable>directory</replaceable> ]</term>
<listitem>
<para>Start shorewall. Existing connections through shorewall
@ -2025,7 +2105,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">stop</emphasis></term>
<term><emphasis role="bold">stop</emphasis>
[-<option>f</option>]</term>
<listitem>
<para>Stops the firewall. All existing connections, except those
@ -2047,7 +2128,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">status</emphasis></term>
<term><emphasis role="bold">status</emphasis>
[-<option>i</option>]</term>
<listitem>
<para>Produces a short report about the state of the
@ -2060,7 +2142,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">try</emphasis></term>
<term><emphasis role="bold">try</emphasis>
<replaceable>directory</replaceable> [
<replaceable>timeout</replaceable> ]</term>
<listitem>
<para>If Shorewall is started then the firewall state is saved to a
@ -2095,7 +2179,11 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">update</emphasis></term>
<term><emphasis role="bold">update </emphasis> [-<option>b</option>]
[-<option>d</option>] [-<option>r</option>] [-<option>T</option>]
[-<option>a</option>] [-<option>D</option>] [-<option>i</option>]
[-<option>t</option>] [-<option>A</option>] [
<replaceable>directory</replaceable> ]</term>
<listitem>
<para>Added in Shorewall 4.4.21 and causes the compiler to update
@ -2187,7 +2275,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">version</emphasis></term>
<term><emphasis role="bold">version</emphasis>
[-<option>a</option>]</term>
<listitem>
<para>Displays Shorewall's version. The <option>-a</option> option

190
Shorewall6-lite/manpages/shorewall6-lite.xml
View File

@ -197,37 +197,6 @@
choice="plain"><option>hits</option><arg><option>-t</option></arg></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>shorewall6-lite</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>ipcalc</option></arg>
<group choice="req">
<arg choice="plain"><replaceable>address</replaceable>
<replaceable>mask</replaceable></arg>
<arg
choice="plain"><replaceable>address</replaceable>/<replaceable>vlsm</replaceable></arg>
</group>
</cmdsynopsis>
<cmdsynopsis>
<command>shorewall6-lite</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>iprange</option></arg>
<arg
choice="plain"><replaceable>address1</replaceable><option>-</option><replaceable>address2</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>shorewall6-lite</command>
@ -347,8 +316,6 @@
<arg><option>-p</option></arg>
<arg><option>-C</option></arg>
<arg><replaceable>directory</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
@ -635,7 +602,10 @@
<variablelist>
<varlistentry>
<term><emphasis role="bold">add</emphasis></term>
<term><emphasis role="bold">add </emphasis>{
<replaceable>interface</replaceable>[:<replaceable>host-list</replaceable>]...
<replaceable>zone</replaceable> | <replaceable>zone</replaceable>
<replaceable>host-list</replaceable> }</term>
<listitem>
<para>Adds a list of hosts or subnets to a dynamic zone usually used
@ -660,7 +630,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">allow</emphasis></term>
<term><emphasis role="bold">allow
</emphasis><replaceable>address</replaceable></term>
<listitem>
<para>Re-enables receipt of packets from hosts previously
@ -671,7 +642,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">clear</emphasis></term>
<term><emphasis role="bold">clear </emphasis><emphasis role="bold">
</emphasis>[-<option>f</option>]</term>
<listitem>
<para>Clear will remove all rules and chains installed by
@ -708,7 +680,10 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">delete</emphasis></term>
<term><emphasis role="bold">delete </emphasis>{
<replaceable>interface</replaceable>[:<replaceable>host-list</replaceable>]...
<replaceable>zone</replaceable> | <replaceable>zone</replaceable>
<replaceable>host-list</replaceable> }</term>
<listitem>
<para>The delete command reverses the effect of an earlier
@ -723,7 +698,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">disable</emphasis></term>
<term><emphasis role="bold">disable </emphasis>{
<replaceable>interface</replaceable> |
<replaceable>provider</replaceable> }</term>
<listitem>
<para>Added in Shorewall 4.4.26. Disables the optional provider
@ -735,7 +712,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">drop</emphasis></term>
<term><emphasis role="bold">drop
</emphasis><replaceable>address</replaceable></term>
<listitem>
<para>Causes traffic from the listed
@ -744,7 +722,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">dump</emphasis></term>
<term><emphasis role="bold">dump </emphasis>[-<option>x</option>]
[-<option>l</option>] [-<option>m</option>]
[-<option>c</option>]</term>
<listitem>
<para>Produces a verbose report about the firewall configuration for
@ -766,7 +746,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">enable</emphasis></term>
<term><emphasis role="bold">enable </emphasis>{
<replaceable>interface</replaceable> |
<replaceable>provider</replaceable> }</term>
<listitem>
<para>Added in Shorewall 4.4.26. Enables the optional provider
@ -778,7 +760,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">forget</emphasis></term>
<term><emphasis role="bold">forget </emphasis>[
<replaceable>filename</replaceable> ]</term>
<listitem>
<para>Deletes
@ -810,26 +793,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">ipcalc</emphasis></term>
<listitem>
<para>Ipcalc displays the network address, broadcast address,
network in CIDR notation and netmask corresponding to the
input[s].</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">iprange</emphasis></term>
<listitem>
<para>Iprange decomposes the specified range of IP addresses into
the equivalent list of network/host addresses.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">iptrace</emphasis></term>
<term><emphasis role="bold">iptrace </emphasis><replaceable>ip6tables
match expression</replaceable></term>
<listitem>
<para>This is a low-level debugging command that causes iptables
@ -857,7 +822,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">logdrop</emphasis></term>
<term><emphasis role="bold">logdrop
</emphasis><replaceable>address</replaceable></term>
<listitem>
<para>Causes traffic from the listed
@ -869,7 +835,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">logwatch</emphasis></term>
<term><emphasis role="bold">logwatch </emphasis>[-<option>m</option>]
[<replaceable>refresh-interval</replaceable>]</term>
<listitem>
<para>Monitors the log file specified by the LOGFILE option in
@ -891,7 +858,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">logreject</emphasis></term>
<term><emphasis role="bold">logreject
</emphasis><replaceable>address</replaceable></term>
<listitem>
<para>Causes traffic from the listed
@ -912,13 +880,15 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">noiptrace</emphasis></term>
<term><emphasis role="bold">noiptrace
</emphasis><replaceable>ip6tables match
expression</replaceable></term>
<listitem>
<para>This is a low-level debugging command that cancels a trace
started by a preceding <command>iptrace</command> command.</para>
<para>The <replaceable>iptables match expression</replaceable> must
<para>The <replaceable>ip6tables match expression</replaceable> must
be one given in the <command>iptrace</command> command being
canceled.</para>
</listitem>
@ -964,16 +934,30 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">reset</emphasis></term>
<term><emphasis role="bold">reject</emphasis><replaceable>
address</replaceable></term>
<listitem>
<para>All the packet and byte counters in the firewall are
reset.</para>
<para>Causes traffic from the listed <emphasis>address</emphasis>es
to be silently rejected.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">restart</emphasis></term>
<term><emphasis role="bold">reset [<replaceable>chain</replaceable>,
...]</emphasis><acronym></acronym></term>
<listitem>
<para>Resets the packet and byte counters in the specified
<replaceable>chain</replaceable>(s). If no
<replaceable>chain</replaceable> is specified, all the packet and
byte counters in the firewall are reset.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">restart </emphasis>[-n] [-p]
[-<option>C</option>]</term>
<listitem>
<para>Restart is similar to <command>shorewall6-lite start</command>
@ -1004,7 +988,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">restore</emphasis></term>
<term><emphasis role="bold">restore </emphasis>[-<option>n</option>]
[-<option>p</option>] [-<option>C</option>] [
<replaceable>filename</replaceable> ]</term>
<listitem>
<para>Restore shorewall6-lite to a state saved using the
@ -1026,7 +1012,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">run</emphasis></term>
<term><emphasis role="bold">run
</emphasis><replaceable>command</replaceable> [
<replaceable>parameter</replaceable> ... ]</term>
<listitem>
<para>Added in Shorewall 4.6.3. Executes
@ -1043,7 +1031,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">save</emphasis></term>
<term><emphasis role="bold">save </emphasis>[-<option>C</option>] [
<replaceable>filename</replaceable> ]</term>
<listitem>
<para>The dynamic blacklist is stored in
@ -1084,7 +1073,8 @@
<variablelist>
<varlistentry>
<term><emphasis role="bold">bl|blacklists</emphasis></term>
<term>[-<option>x</option>] <emphasis
role="bold">bl|blacklists</emphasis></term>
<listitem>
<para>Added in Shorewall 4.6.2. Displays the dynamic chain
@ -1097,7 +1087,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">capabilities</emphasis></term>
<term>[-<option>f</option>] <emphasis
role="bold">capabilities</emphasis></term>
<listitem>
<para>Displays your kernel/iptables capabilities. The
@ -1108,8 +1099,10 @@
</varlistentry>
<varlistentry>
<term>[ [ <option>chain</option> ] <emphasis>chain</emphasis>...
]</term>
<term>[-<option>b</option>] [-<option>x</option>]
[-<option>l</option>] [-<option>t</option>
{<option>filter</option>|<option>mangle</option>|<option>nat</option>|<option>raw</option>|<option>rawpost</option>}][
<emphasis>chain</emphasis>... ]</term>
<listitem>
<para>The rules in each <emphasis>chain</emphasis> are
@ -1243,11 +1236,12 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">nat</emphasis></term>
<term>[-<option>x</option>] <emphasis
role="bold">nat</emphasis></term>
<listitem>
<para>Displays the Netfilter nat table using the command
<command>iptables -t nat -L -n -v</command>.The
<command>ip6tables -t nat -L -n -v</command>.The
<option>-x</option> option is passed directly through to
iptables and causes actual packet and byte counts to be
displayed. Without this option, those counts are
@ -1268,17 +1262,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">routing</emphasis></term>
<listitem>
<para>Displays the system's IPv4 routing configuration. The -c
option causes the route cache to be displayed in addition to
the other routing information.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">raw</emphasis></term>
<term>[-<option>x</option>] <emphasis
role="bold">raw</emphasis></term>
<listitem>
<para>Displays the Netfilter raw table using the command
@ -1290,6 +1275,17 @@
</listitem>
</varlistentry>
<varlistentry>
<term>[-<option>c</option>]<emphasis role="bold">
</emphasis><emphasis role="bold">routing</emphasis></term>
<listitem>
<para>Displays the system's IPv4 routing configuration. The -c
option causes the route cache to be displayed in addition to
the other routing information.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">tc</emphasis></term>
@ -1312,7 +1308,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">start</emphasis></term>
<term><emphasis role="bold">start </emphasis>[-<option>p</option>]
[-<option>n</option>] [<option>-f</option>]
[-<option>C</option>]</term>
<listitem>
<para>Start Shorewall6 Lite. Existing connections through
@ -1324,7 +1322,7 @@
table to be flushed; the <command>conntrack</command> utility must
be installed to use this option.</para>
<para>The <option>-m</option> option prevents the firewall script
<para>The <option>-n</option> option prevents the firewall script
from modifying the current routing configuration.</para>
<para>The <option>-f</option> option was added in Shorewall 4.6.5.
@ -1343,7 +1341,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">stop</emphasis></term>
<term><emphasis role="bold">stop </emphasis><emphasis role="bold">
</emphasis>[-<option>f</option>]</term>
<listitem>
<para>Stops the firewall. All existing connections, except those
@ -1377,7 +1376,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">version</emphasis></term>
<term><emphasis role="bold">version
</emphasis>[-<option>a</option>]</term>
<listitem>
<para>Displays Shorewall's version. The <option>-a</option> option

190
Shorewall6/manpages/shorewall6.xml
View File

@ -799,7 +799,10 @@
<variablelist>
<varlistentry>
<term><emphasis role="bold">add</emphasis></term>
<term><emphasis role="bold">add </emphasis>{
<replaceable>interface</replaceable>[:<replaceable>host-list</replaceable>]...
<replaceable>zone</replaceable> | <replaceable>zone</replaceable>
<replaceable>host-list</replaceable> }</term>
<listitem>
<para>Added in Shorewall 4.4.21. Adds a list of hosts or subnets to
@ -831,7 +834,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">allow</emphasis></term>
<term><emphasis role="bold">allow
</emphasis><replaceable>address</replaceable></term>
<listitem>
<para>Re-enables receipt of packets from hosts previously
@ -843,7 +847,10 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">check</emphasis></term>
<term><emphasis role="bold">check </emphasis>[-<option>e</option>]
[-<option>d</option>] [-<option>p</option>] [-<option>r</option>]
[-<option>T</option>] [-<option>i</option>]
[<replaceable>directory</replaceable>]</term>
<listitem>
<para>Compiles the configuration in the specified
@ -883,7 +890,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">clear</emphasis></term>
<term><emphasis role="bold">clear
</emphasis>[-<option>f</option>]</term>
<listitem>
<para>Clear will remove all rules and chains installed by
@ -915,7 +923,11 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">compile</emphasis></term>
<term><emphasis role="bold">compile </emphasis>[-<option>e</option>]
[-<option>c</option>] [-<option>d</option>] [-<option>p</option>]
[-<option>T</option>] [-<option>i</option>]
[<replaceable>directory</replaceable>]
[<replaceable>pathname</replaceable> ]</term>
<listitem>
<para>Compiles the current configuration into the executable file
@ -971,7 +983,10 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">delete</emphasis></term>
<term><emphasis role="bold">delete </emphasis>{
<replaceable>interface</replaceable>[:<replaceable>host-list</replaceable>]...
<replaceable>zone</replaceable> | <replaceable>zone</replaceable>
<replaceable>host-list</replaceable> }</term>
<listitem>
<para>Added in Shorewall 4.4.21. The delete command reverses the
@ -996,7 +1011,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">disable</emphasis></term>
<term><emphasis role="bold">disable </emphasis><emphasis role="bold">
</emphasis>{ <replaceable>interface</replaceable> |
<replaceable>provider</replaceable> }</term>
<listitem>
<para>Added in Shorewall 4.4.26. Disables the optional provider
@ -1015,7 +1032,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">drop</emphasis></term>
<term><emphasis role="bold">drop
</emphasis><replaceable>address</replaceable></term>
<listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es
@ -1024,7 +1042,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">dump</emphasis></term>
<term><emphasis role="bold">dump </emphasis>[-<option>x</option>]
[-<option>l</option>] [-<option>m</option>]
[-<option>c</option>]</term>
<listitem>
<para>Produces a verbose report about the firewall configuration for
@ -1046,7 +1066,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">enable</emphasis></term>
<term><emphasis role="bold">enable </emphasis>{
<replaceable>interface</replaceable> |
<replaceable>provider</replaceable> }</term>
<listitem>
<para>Added in Shorewall 4.4.26. Enables the optional provider
@ -1067,7 +1089,10 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">export</emphasis></term>
<term><emphasis role="bold">export
</emphasis>[<replaceable>directory1</replaceable> ]
[<replaceable>user</replaceable>@]<replaceable>system</replaceable>[:<replaceable>directory2</replaceable>
]</term>
<listitem>
<para>If <emphasis>directory1</emphasis> is omitted, the current
@ -1091,7 +1116,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">forget</emphasis></term>
<term><emphasis role="bold">forget </emphasis>[
<replaceable>filename</replaceable> ]</term>
<listitem>
<para>Deletes <filename>/var/lib/shorewall6/<replaceable>filename
@ -1112,7 +1138,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">iptrace</emphasis></term>
<term><emphasis role="bold">iptrace </emphasis><replaceable>ip6tables
match expression</replaceable></term>
<listitem>
<para>This is a low-level debugging command that causes iptables
@ -1140,7 +1167,11 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">load</emphasis></term>
<term><emphasis role="bold">load </emphasis> [-<option>s</option>]
[-<option>c</option>] [-<option>r</option>
<replaceable>root-user-name</replaceable>] [-<option>T</option>]
[-<option>i</option>] [ <replaceable>directory</replaceable> ]
<replaceable>system</replaceable></term>
<listitem>
<para>If <emphasis>directory</emphasis> is omitted, the current
@ -1195,7 +1226,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">logdrop</emphasis></term>
<term><emphasis role="bold">logdrop
</emphasis><replaceable>address</replaceable></term>
<listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es
@ -1207,7 +1239,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">logwatch</emphasis></term>
<term><emphasis role="bold">logwatch </emphasis>[-<option>m</option>]
[<replaceable>refresh-interval</replaceable>]</term>
<listitem>
<para>Monitors the log file specified by the LOGFILE option in
@ -1225,7 +1258,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">logreject</emphasis></term>
<term><emphasis role="bold">logreject</emphasis>
<replaceable>address</replaceable></term>
<listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es
@ -1246,7 +1280,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">noiptrace</emphasis></term>
<term><emphasis role="bold">noiptrace
</emphasis><replaceable>ip6tables match
expression</replaceable></term>
<listitem>
<para>This is a low-level debugging command that cancels a trace
@ -1298,7 +1334,10 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">refresh</emphasis></term>
<term><emphasis role="bold">refresh </emphasis>[-<option>n</option>]
[-<option>d</option>] [-<option>T</option>] [-i]
[-<option>D</option><replaceable>directory</replaceable> ] [
<replaceable>chain</replaceable>... ]</term>
<listitem>
<para>All steps performed by <command>restart</command> are
@ -1350,7 +1389,21 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">reload</emphasis></term>
<term><emphasis role="bold">reject</emphasis><replaceable>
address</replaceable></term>
<listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es
to be silently rejected.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">reload </emphasis>[-<option>s</option>]
[-<option>c</option>] [-<option>r</option>
<replaceable>root-user-name</replaceable>] [-<option>T</option>]
[-<option>i</option>] [ <replaceable>directory</replaceable> ]
<replaceable>system</replaceable></term>
<listitem>
<para>If <emphasis>directory</emphasis> is omitted, the current
@ -1417,7 +1470,10 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">restart</emphasis></term>
<term><emphasis role="bold">restart </emphasis>[-<option>n</option>]
[-<option>p</option>] [-<option>d</option>] [-<option>f</option>]
[-<option>c</option>] [-<option>T</option>] [-<option>i</option>]
[-<option>C</option>] [ <replaceable>directory</replaceable> ]</term>
<listitem>
<para>Restart is similar to <command>shorewall6 start</command>
@ -1472,7 +1528,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">restore</emphasis></term>
<term><emphasis role="bold">restore </emphasis>[-<option>n</option>]
[-<option>p</option>] [-<option>C</option>] [
<replaceable>filename</replaceable> ]</term>
<listitem>
<para>Restore Shorewall6 to a state saved using the
@ -1500,7 +1558,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">run</emphasis></term>
<term><emphasis role="bold">run</emphasis><emphasis role="bold">
</emphasis><replaceable>command</replaceable> [
<replaceable>parameter</replaceable> ... ]</term>
<listitem>
<para>Added in Shorewall 4.6.3. Executes
@ -1523,7 +1583,10 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">safe-restart</emphasis></term>
<term><emphasis role="bold">safe-restart
</emphasis>[-<option>d</option>] [-<option>p</option>]
[-<option>t</option><replaceable>timeout</replaceable> ] [
<replaceable>directory</replaceable> ]</term>
<listitem>
<para>Only allowed if Shorewall6 is running. The current
@ -1549,7 +1612,10 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">safe-start</emphasis></term>
<term><emphasis role="bold">safe-start
</emphasis>[-<option>d</option>] [-<option>p</option>]
[-<option>t</option><replaceable>timeout</replaceable> ] [
<replaceable>directory</replaceable> ]</term>
<listitem>
<para>Shorewall6 is started normally. You will then be prompted
@ -1571,7 +1637,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">save</emphasis></term>
<term><emphasis role="bold">save </emphasis>[-<option>C</option>] [
<replaceable>filename</replaceable> ]</term>
<listitem>
<para>The dynamic blacklist is stored in <filename>
@ -1622,7 +1689,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">bl|blacklists</emphasis></term>
<term>[-<option>x</option>] <emphasis role="bold">bl|blacklists
</emphasis></term>
<listitem>
<para>Added in Shorewall 4.6.2. Displays the dynamic chain
@ -1635,7 +1703,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">capabilities</emphasis></term>
<term>[-<option>f</option>] <emphasis
role="bold">capabilities</emphasis></term>
<listitem>
<para>Displays your kernel/ip6tables capabilities. The
@ -1646,8 +1715,10 @@
</varlistentry>
<varlistentry>
<term>[ [ <option>chain</option> ] <emphasis>chain</emphasis>...
]</term>
<term>[-<option>b</option>] [-<option>x</option>]
[-<option>l</option>] [-<option>t</option>
{<option>filter</option>|<option>mangle</option>|<option>nat</option>|<option>raw</option>|<option>rawpost</option>}][
<emphasis>chain</emphasis>... ]</term>
<listitem>
<para>The rules in each <emphasis>chain</emphasis> are
@ -1776,6 +1847,20 @@
</listitem>
</varlistentry>
<varlistentry>
<term>[-<option>x</option>] <emphasis
role="bold">nat</emphasis></term>
<listitem>
<para>Displays the Netfilter nat table using the command
<emphasis role="bold">ip6tables -t nat -L -n -v</emphasis>.
The <emphasis role="bold">-x</emphasis> option is passed
directly through to ip6tables and causes actual packet and
byte counts to be displayed. Without this option, those counts
are abbreviated.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">opens</emphasis></term>
@ -1799,7 +1884,22 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">routing</emphasis></term>
<term>[-<option>x</option>] <emphasis
role="bold">raw</emphasis></term>
<listitem>
<para>Displays the Netfilter raw table using the command
<emphasis role="bold">ip6tables -t raw -L -n -v</emphasis>.
The <emphasis role="bold">-x</emphasis> option is passed
directly through to ip6tables and causes actual packet and
byte counts to be displayed. Without this option, those counts
are abbreviated.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">[-<option>c</option>]<emphasis
role="bold"> </emphasis>routing</emphasis></term>
<listitem>
<para>Displays the system's IPv6 routing configuration. The -c
@ -1830,7 +1930,11 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">start</emphasis></term>
<term><emphasis role="bold">start </emphasis><emphasis role="bold">
</emphasis>[-<option>n</option>] [-<option>p</option>]
[-<option>d</option>] [-<option>f</option>] [-<option>c</option>]
[-<option>T</option>] [-<option>i</option>] [-<option>C</option>] [
<replaceable>directory</replaceable> ]</term>
<listitem>
<para>Start shorewall6. Existing connections through shorewall6
@ -1886,7 +1990,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">stop</emphasis></term>
<term><emphasis role="bold">stop
</emphasis>[-<option>f</option>]</term>
<listitem>
<para>Stops the firewall. All existing connections, except those
@ -1898,6 +2003,12 @@
is from systems listed in <ulink
url="/manpages6/shorewall6-routestopped.html">shorewall6-routestopped</ulink>(5)
or by ADMINISABSENTMINDED.</para>
<para>If <option>-f</option> is given, the command will be processed
by the compiled script that executed the last successful <emphasis
role="bold">start</emphasis>, <emphasis
role="bold">restart</emphasis> or <emphasis
role="bold">refresh</emphasis> command if that script exists.</para>
</listitem>
</varlistentry>
@ -1915,7 +2026,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">try</emphasis></term>
<term><emphasis role="bold">try
</emphasis><replaceable>directory</replaceable> [
<replaceable>timeout</replaceable> ]</term>
<listitem>
<para>If Shorewall6 is started then the firewall state is saved to a
@ -1949,7 +2062,11 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">update</emphasis></term>
<term><emphasis role="bold">update </emphasis>[-<option>b</option>]
[-<option>d</option>] [-<option>r</option>] [-<option>T</option>]
[-<option>a</option>] [-<option>D</option>] [-<option>i</option>]
[-<option>t</option>] [-<option>A</option>] [
<replaceable>directory</replaceable> ]</term>
<listitem>
<para>Added in Shorewall 4.4.21 and causes the compiler to update
@ -2041,7 +2158,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">version</emphasis></term>
<term><emphasis role="bold">version
[-<option>a</option>]</emphasis></term>
<listitem>
<para>Displays Shorewall6's version. If the <option>-a</option>