1
0
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-04 04:29:43 +01:00

Include full syntax in lists of CLI commands

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2015-04-07 09:23:58 -07:00
parent 23137e5e8a
commit 27c1ffc5fb
4 changed files with 472 additions and 210 deletions
Shorewall-lite/manpages
Shorewall/manpages
Shorewall6-lite/manpages
Shorewall6/manpages

View File

@ -326,8 +326,6 @@
<arg><option>-n</option></arg> <arg><option>-n</option></arg>
<arg><option>-p</option><arg><option>-C</option></arg></arg> <arg><option>-p</option><arg><option>-C</option></arg></arg>
<arg><replaceable>directory</replaceable></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
@ -613,7 +611,10 @@
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term><emphasis role="bold">add</emphasis></term> <term><emphasis role="bold">add </emphasis>{
<replaceable>interface</replaceable>[:<replaceable>host-list</replaceable>]...
<replaceable>zone</replaceable> | <replaceable>zone</replaceable>
<replaceable>host-list</replaceable> }</term>
<listitem> <listitem>
<para>Adds a list of hosts or subnets to a dynamic zone usually used <para>Adds a list of hosts or subnets to a dynamic zone usually used
@ -638,7 +639,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">allow</emphasis></term> <term><emphasis role="bold">allow
</emphasis><replaceable>address</replaceable></term>
<listitem> <listitem>
<para>Re-enables receipt of packets from hosts previously <para>Re-enables receipt of packets from hosts previously
@ -650,7 +652,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">clear</emphasis></term> <term><emphasis role="bold">clear
</emphasis>[-<option>f</option>]</term>
<listitem> <listitem>
<para>Clear will remove all rules and chains installed by <para>Clear will remove all rules and chains installed by
@ -688,7 +691,10 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">delete</emphasis></term> <term><emphasis role="bold">delete </emphasis>{
<replaceable>interface</replaceable>[:<replaceable>host-list</replaceable>]...
<replaceable>zone</replaceable> | <replaceable>zone</replaceable>
<replaceable>host-list</replaceable> }</term>
<listitem> <listitem>
<para>The delete command reverses the effect of an earlier <emphasis <para>The delete command reverses the effect of an earlier <emphasis
@ -703,7 +709,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">disable</emphasis></term> <term><emphasis role="bold">disable </emphasis>{
<replaceable>interface</replaceable> |
<replaceable>provider</replaceable> }</term>
<listitem> <listitem>
<para>Added in Shorewall 4.4.26. Disables the optional provider <para>Added in Shorewall 4.4.26. Disables the optional provider
@ -715,7 +723,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">drop</emphasis></term> <term><emphasis role="bold">drop
</emphasis><replaceable>address</replaceable></term>
<listitem> <listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es <para>Causes traffic from the listed <emphasis>address</emphasis>es
@ -724,7 +733,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">dump</emphasis></term> <term><emphasis role="bold">dump </emphasis>[-<option>x</option>]
[-<option>l</option>] [-<option>m</option>]
[-<option>c</option>]</term>
<listitem> <listitem>
<para>Produces a verbose report about the firewall configuration for <para>Produces a verbose report about the firewall configuration for
@ -745,7 +756,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">enable</emphasis></term> <term><emphasis role="bold">enable </emphasis>{
<replaceable>interface</replaceable> |
<replaceable>provider</replaceable> }</term>
<listitem> <listitem>
<para>Added in Shorewall 4.4.26. Enables the optional provider <para>Added in Shorewall 4.4.26. Enables the optional provider
@ -757,7 +770,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">forget</emphasis></term> <term><emphasis role="bold">forget </emphasis>[
<replaceable>filename</replaceable> ]</term>
<listitem> <listitem>
<para>Deletes /var/lib/shorewall-lite/<emphasis>filename</emphasis> <para>Deletes /var/lib/shorewall-lite/<emphasis>filename</emphasis>
@ -778,7 +792,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">hits</emphasis></term> <term><emphasis role="bold">hits </emphasis> [-<option>t</option>]
</term>
<listitem> <listitem>
<para>Generates several reports from Shorewall-lite log messages in <para>Generates several reports from Shorewall-lite log messages in
@ -788,7 +803,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">ipcalc</emphasis></term> <term><emphasis role="bold">ipcalc </emphasis>{ address mask |
address/vlsm }</term>
<listitem> <listitem>
<para>Ipcalc displays the network address, broadcast address, <para>Ipcalc displays the network address, broadcast address,
@ -798,7 +814,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">iprange</emphasis></term> <term><emphasis role="bold">iprange
</emphasis><replaceable>address1</replaceable>-<replaceable>address2</replaceable></term>
<listitem> <listitem>
<para>Iprange decomposes the specified range of IP addresses into <para>Iprange decomposes the specified range of IP addresses into
@ -807,7 +824,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">iptrace</emphasis></term> <term><emphasis role="bold">iptrace </emphasis><replaceable>iptables
match expression</replaceable></term>
<listitem> <listitem>
<para>This is a low-level debugging command that causes iptables <para>This is a low-level debugging command that causes iptables
@ -835,7 +853,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">logdrop</emphasis></term> <term><emphasis role="bold">logdrop
</emphasis><replaceable>address</replaceable></term>
<listitem> <listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es <para>Causes traffic from the listed <emphasis>address</emphasis>es
@ -846,7 +865,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">logwatch</emphasis></term> <term><emphasis role="bold">logwatch </emphasis>[-<option>m</option>]
[<replaceable>refresh-interval</replaceable>]</term>
<listitem> <listitem>
<para>Monitors the log file specified by the LOGFILE option in <para>Monitors the log file specified by the LOGFILE option in
@ -865,7 +885,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">logreject</emphasis></term> <term><emphasis role="bold">logreject
</emphasis><replaceable>address</replaceable></term>
<listitem> <listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es <para>Causes traffic from the listed <emphasis>address</emphasis>es
@ -885,7 +906,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">noiptrace</emphasis></term> <term><emphasis role="bold">noiptrace </emphasis><replaceable>iptables
match expression</replaceable></term>
<listitem> <listitem>
<para>This is a low-level debugging command that cancels a trace <para>This is a low-level debugging command that cancels a trace
@ -937,16 +959,30 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">reset</emphasis></term> <term><emphasis role="bold">reject</emphasis><replaceable>
address</replaceable></term>
<listitem> <listitem>
<para>All the packet and byte counters in the firewall are <para>Causes traffic from the listed <emphasis>address</emphasis>es
reset.</para> to be silently rejected.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">restart</emphasis></term> <term><emphasis role="bold">reset [<replaceable>chain</replaceable>,
...]</emphasis><acronym></acronym></term>
<listitem>
<para>Resets the packet and byte counters in the specified
<replaceable>chain</replaceable>(s). If no
<replaceable>chain</replaceable> is specified, all the packet and
byte counters in the firewall are reset.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">restart </emphasis>[-n] [-p]
[-<option>C</option>]</term>
<listitem> <listitem>
<para>Restart is similar to <emphasis role="bold">shorewall-lite <para>Restart is similar to <emphasis role="bold">shorewall-lite
@ -969,7 +1005,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">restore</emphasis></term> <term><emphasis role="bold">restore </emphasis>[-<option>n</option>]
[-<option>p</option>] [-<option>C</option>] [
<replaceable>filename</replaceable> ]</term>
<listitem> <listitem>
<para>Restore Shorewall-lite to a state saved using the <emphasis <para>Restore Shorewall-lite to a state saved using the <emphasis
@ -989,6 +1027,14 @@
different from the current values.</para> different from the current values.</para>
</caution> </caution>
<para>The <option>-n</option> option causes Shorewall to avoid
updating the routing table(s).</para>
<para>The <option>-p</option> option, added in Shorewall 4.6.5,
causes the connection tracking table to be flushed; the
<command>conntrack</command> utility must be installed to use this
option.</para>
<para>The <option>-C</option> option was added in Shorewall 4.6.5. <para>The <option>-C</option> option was added in Shorewall 4.6.5.
If the <option>-C</option> option was specified during <emphasis If the <option>-C</option> option was specified during <emphasis
role="bold">shorewall save</emphasis>, then the counters saved by role="bold">shorewall save</emphasis>, then the counters saved by
@ -997,7 +1043,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">run</emphasis></term> <term><emphasis role="bold">run
</emphasis><replaceable>command</replaceable> [
<replaceable>parameter</replaceable> ... ]</term>
<listitem> <listitem>
<para>Added in Shorewall 4.6.3. Executes <para>Added in Shorewall 4.6.3. Executes
@ -1014,7 +1062,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">save</emphasis></term> <term><emphasis role="bold">save </emphasis>[-<option>C</option>] [
<replaceable>filename</replaceable> ]</term>
<listitem> <listitem>
<para>The dynamic blacklist is stored in <para>The dynamic blacklist is stored in
@ -1054,7 +1103,8 @@
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term><emphasis role="bold">bl|blacklists</emphasis></term> <term><emphasis role="bold">bl|blacklists
</emphasis>[-<option>x</option>]</term>
<listitem> <listitem>
<para>Added in Shorewall 4.6.2. Displays the dynamic chain <para>Added in Shorewall 4.6.2. Displays the dynamic chain
@ -1067,7 +1117,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">capabilities</emphasis></term> <term>[-<option>f</option>] <emphasis
role="bold">capabilities</emphasis></term>
<listitem> <listitem>
<para>Displays your kernel/iptables capabilities. The <para>Displays your kernel/iptables capabilities. The
@ -1078,8 +1129,10 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>[ [ <option>chain</option> ] <emphasis>chain</emphasis>... <term>[-<option>b</option>] [-<option>x</option>]
]</term> [-<option>l</option>] [-<option>t</option>
{<option>filter</option>|<option>mangle</option>|<option>nat</option>|<option>raw</option>|<option>rawpost</option>}]
[ <emphasis>chain</emphasis>... ]</term>
<listitem> <listitem>
<para>The rules in each <emphasis>chain</emphasis> are <para>The rules in each <emphasis>chain</emphasis> are
@ -1280,7 +1333,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">start</emphasis></term> <term><emphasis role="bold">start</emphasis> [-<option>p</option>]
[-<option>n</option>] [<option>-f</option>]
[-<option>C</option>]</term>
<listitem> <listitem>
<para>Start Shorewall Lite. Existing connections through <para>Start Shorewall Lite. Existing connections through
@ -1292,7 +1347,7 @@
table to be flushed; the <command>conntrack</command> utility must table to be flushed; the <command>conntrack</command> utility must
be installed to use this option.</para> be installed to use this option.</para>
<para>The <option>-m</option> option prevents the firewall script <para>The <option>-n</option> option prevents the firewall script
from modifying the current routing configuration.</para> from modifying the current routing configuration.</para>
<para>The <option>-f</option> option was added in Shorewall 4.6.5. <para>The <option>-f</option> option was added in Shorewall 4.6.5.

View File

@ -637,8 +637,6 @@
<arg choice="req"><option>show | list | ls </option></arg> <arg choice="req"><option>show | list | ls </option></arg>
<arg>-c</arg>
<arg choice="plain"><option>event</option><arg <arg choice="plain"><option>event</option><arg
choice="plain"><replaceable>event</replaceable></arg></arg> choice="plain"><replaceable>event</replaceable></arg></arg>
</cmdsynopsis> </cmdsynopsis>
@ -859,7 +857,10 @@
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term><emphasis role="bold">add</emphasis></term> <term><emphasis role="bold">add </emphasis>{
<replaceable>interface</replaceable>[:<replaceable>host-list</replaceable>]...
<replaceable>zone</replaceable> | <replaceable>zone</replaceable>
<replaceable>host-list</replaceable> }</term>
<listitem> <listitem>
<para>Adds a list of hosts or subnets to a dynamic zone usually used <para>Adds a list of hosts or subnets to a dynamic zone usually used
@ -891,7 +892,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">allow</emphasis></term> <term><emphasis role="bold">allow</emphasis>
<replaceable>address</replaceable></term>
<listitem> <listitem>
<para>Re-enables receipt of packets from hosts previously <para>Re-enables receipt of packets from hosts previously
@ -903,7 +905,10 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">check</emphasis></term> <term><emphasis role="bold">check</emphasis> [-<option>e</option>]
[-<option>d</option>] [-<option>p</option>] [-<option>r</option>]
[-<option>T</option>] [-<option>i</option>]
[<replaceable>directory</replaceable>]</term>
<listitem> <listitem>
<para>Compiles the configuration in the specified <para>Compiles the configuration in the specified
@ -942,7 +947,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">clear</emphasis></term> <term><emphasis role="bold">clear</emphasis>
[-<option>f</option>]</term>
<listitem> <listitem>
<para>Clear will remove all rules and chains installed by Shorewall. <para>Clear will remove all rules and chains installed by Shorewall.
@ -980,7 +986,10 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">compile</emphasis></term> <term><emphasis role="bold">compile </emphasis>[-<option>e</option>]
[-<option>c</option>] [-<option>d</option>] [-<option>p</option>]
[-<option>T</option>] [-<option>i</option>] [<replaceable> directory
</replaceable>] [<replaceable> pathname</replaceable> ]</term>
<listitem> <listitem>
<para>Compiles the current configuration into the executable file <para>Compiles the current configuration into the executable file
@ -1037,7 +1046,10 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">delete</emphasis></term> <term><emphasis role="bold">delete </emphasis>{
<replaceable>interface</replaceable>[:<replaceable>host-list</replaceable>]...
<replaceable>zone</replaceable> | <replaceable>zone</replaceable>
<replaceable>host-list</replaceable> }</term>
<listitem> <listitem>
<para>The delete command reverses the effect of an earlier <emphasis <para>The delete command reverses the effect of an earlier <emphasis
@ -1061,7 +1073,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">disable</emphasis></term> <term><emphasis role="bold">disable </emphasis>{
<replaceable>interface</replaceable> |
<replaceable>provider</replaceable> }</term>
<listitem> <listitem>
<para>Added in Shorewall 4.4.26. Disables the optional provider <para>Added in Shorewall 4.4.26. Disables the optional provider
@ -1080,7 +1094,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">drop</emphasis></term> <term><emphasis role="bold">drop</emphasis>
<replaceable>address</replaceable></term>
<listitem> <listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es <para>Causes traffic from the listed <emphasis>address</emphasis>es
@ -1089,7 +1104,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">dump</emphasis></term> <term><emphasis role="bold">dump </emphasis> [-<option>x</option>]
[-<option>l</option>] [-<option>m</option>]
[-<option>c</option>]</term>
<listitem> <listitem>
<para>Produces a verbose report about the firewall configuration for <para>Produces a verbose report about the firewall configuration for
@ -1111,7 +1128,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">enable</emphasis></term> <term><emphasis role="bold">enable </emphasis>{
<replaceable>interface</replaceable> |
<replaceable>provider</replaceable> }</term>
<listitem> <listitem>
<para>Added in Shorewall 4.4.26. Enables the optional provider <para>Added in Shorewall 4.4.26. Enables the optional provider
@ -1132,7 +1151,10 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">export</emphasis></term> <term><emphasis role="bold">export </emphasis>[<replaceable>
directory1</replaceable> ] [<replaceable>
user</replaceable>@]<replaceable>system</replaceable>[:<replaceable>directory2</replaceable>
]</term>
<listitem> <listitem>
<para>If <emphasis>directory1</emphasis> is omitted, the current <para>If <emphasis>directory1</emphasis> is omitted, the current
@ -1156,7 +1178,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">forget</emphasis></term> <term><emphasis role="bold">forget</emphasis> [
<replaceable>filename</replaceable> ]</term>
<listitem> <listitem>
<para>Deletes /var/lib/shorewall/<emphasis>filename</emphasis> and <para>Deletes /var/lib/shorewall/<emphasis>filename</emphasis> and
@ -1176,7 +1199,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">hits</emphasis></term> <term><emphasis role="bold">hits</emphasis> [-<option>t</option>]
</term>
<listitem> <listitem>
<para>Generates several reports from Shorewall log messages in the <para>Generates several reports from Shorewall log messages in the
@ -1186,7 +1210,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">ipcalc</emphasis></term> <term><emphasis role="bold">ipcalc</emphasis> { address mask |
address/vlsm }</term>
<listitem> <listitem>
<para>Ipcalc displays the network address, broadcast address, <para>Ipcalc displays the network address, broadcast address,
@ -1196,7 +1221,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">iprange</emphasis></term> <term><emphasis role="bold">iprange
</emphasis><replaceable>address1</replaceable>-<replaceable>address2</replaceable></term>
<listitem> <listitem>
<para>Iprange decomposes the specified range of IP addresses into <para>Iprange decomposes the specified range of IP addresses into
@ -1205,7 +1231,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">iptrace</emphasis></term> <term><emphasis role="bold">iptrace</emphasis> <replaceable>iptables
match expression</replaceable></term>
<listitem> <listitem>
<para>This is a low-level debugging command that causes iptables <para>This is a low-level debugging command that causes iptables
@ -1232,7 +1259,11 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">load</emphasis></term> <term><emphasis role="bold">load</emphasis> [-<option>s</option>]
[-<option>c</option>] [-<option>r</option>
<replaceable>root-user-name</replaceable>] [-<option>T</option>]
[-<option>i</option>] [ <replaceable>directory</replaceable> ]
<replaceable>system</replaceable></term>
<listitem> <listitem>
<para>If <emphasis>directory</emphasis> is omitted, the current <para>If <emphasis>directory</emphasis> is omitted, the current
@ -1287,7 +1318,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">logdrop</emphasis></term> <term><emphasis role="bold">logdrop</emphasis>
<replaceable>address</replaceable></term>
<listitem> <listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es <para>Causes traffic from the listed <emphasis>address</emphasis>es
@ -1299,7 +1331,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">logwatch</emphasis></term> <term><emphasis role="bold">logwatch </emphasis>[-<option>m</option>]
[<replaceable> refresh-interval </replaceable>]</term>
<listitem> <listitem>
<para>Monitors the log file specified by the LOGFILE option in <para>Monitors the log file specified by the LOGFILE option in
@ -1317,7 +1350,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">logreject</emphasis></term> <term><emphasis role="bold">logreject</emphasis><replaceable>
address</replaceable></term>
<listitem> <listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es <para>Causes traffic from the listed <emphasis>address</emphasis>es
@ -1338,7 +1372,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">noiptrace</emphasis></term> <term><emphasis role="bold">noiptrace </emphasis><replaceable>iptables
match expression</replaceable></term>
<listitem> <listitem>
<para>This is a low-level debugging command that cancels a trace <para>This is a low-level debugging command that cancels a trace
@ -1390,7 +1425,10 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">refresh</emphasis></term> <term><emphasis role="bold">refresh </emphasis> [-<option>n</option>]
[-<option>d</option>] [-<option>T</option>] [-i] [-<option>D
</option><replaceable>directory</replaceable> ] [
<replaceable>chain</replaceable>... ]</term>
<listitem> <listitem>
<para>All steps performed by <command>restart</command> are <para>All steps performed by <command>restart</command> are
@ -1442,7 +1480,21 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">reload</emphasis></term> <term><emphasis role="bold">reject</emphasis><replaceable>
address</replaceable></term>
<listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es
to be silently rejected.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">reload </emphasis>[-<option>s</option>]
[-<option>c</option>] [-<option>r</option>
<replaceable>root-user-name</replaceable>] [-<option>T</option>]
[-<option>i</option>] [ <replaceable>directory</replaceable> ]
<replaceable>system</replaceable></term>
<listitem> <listitem>
<para>If <emphasis>directory</emphasis> is omitted, the current <para>If <emphasis>directory</emphasis> is omitted, the current
@ -1497,16 +1549,22 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">reset</emphasis></term> <term><emphasis role="bold">reset [<replaceable>chain</replaceable>,
...]</emphasis><acronym></acronym></term>
<listitem> <listitem>
<para>All the packet and byte counters in the firewall are <para>Resets the packet and byte counters in the specified
reset.</para> <replaceable>chain</replaceable>(s). If no
<replaceable>chain</replaceable> is specified, all the packet and
byte counters in the firewall are reset.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">restart</emphasis></term> <term><emphasis role="bold">restart </emphasis>[-<option>n</option>]
[-<option>p</option>] [-<option>d</option>] [-<option>f</option>]
[-<option>c</option>] [-<option>T</option>] [-<option>i</option>]
[-<option>C</option>] [ <replaceable>directory</replaceable> ]</term>
<listitem> <listitem>
<para>Restart is similar to <emphasis role="bold">shorewall <para>Restart is similar to <emphasis role="bold">shorewall
@ -1560,7 +1618,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">restore</emphasis></term> <term><emphasis role="bold">restore </emphasis> [-<option>n</option>]
[-<option>p</option>] [-<option>C</option>] [
<replaceable>filename</replaceable> ]</term>
<listitem> <listitem>
<para>Restore Shorewall to a state saved using the <emphasis <para>Restore Shorewall to a state saved using the <emphasis
@ -1596,7 +1656,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">run</emphasis></term> <term><emphasis role="bold">run
</emphasis><replaceable>command</replaceable> [
<replaceable>parameter</replaceable> ... ]</term>
<listitem> <listitem>
<para>Added in Shorewall 4.6.3. Executes <para>Added in Shorewall 4.6.3. Executes
@ -1622,7 +1684,10 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">safe-restart</emphasis></term> <term><emphasis role="bold">safe-restart
</emphasis>[-<option>d</option>] [-<option>p</option>] [-<option>t
</option><replaceable>timeout</replaceable> ] [
<replaceable>directory</replaceable> ]</term>
<listitem> <listitem>
<para>Only allowed if Shorewall is running. The current <para>Only allowed if Shorewall is running. The current
@ -1647,7 +1712,10 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">safe-start</emphasis></term> <term><emphasis role="bold">safe-start</emphasis><emphasis
role="bold"> </emphasis>[-<option>d</option>] [-<option>p</option>]
[-<option>t</option><replaceable>timeout</replaceable> ] [
<replaceable>directory</replaceable> ]</term>
<listitem> <listitem>
<para>Shorewall is started normally. You will then be prompted <para>Shorewall is started normally. You will then be prompted
@ -1669,7 +1737,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">save</emphasis></term> <term><emphasis role="bold">save </emphasis> [-<option>C</option>] [
<replaceable>filename</replaceable> ]</term>
<listitem> <listitem>
<para>The dynamic blacklist is stored in /var/lib/shorewall/save. <para>The dynamic blacklist is stored in /var/lib/shorewall/save.
@ -1719,7 +1788,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">bl|blacklists</emphasis></term> <term><emphasis role="bold">bl|blacklists</emphasis>
[-<option>x</option>]</term>
<listitem> <listitem>
<para>Added in Shorewall 4.6.2. Displays the dynamic chain <para>Added in Shorewall 4.6.2. Displays the dynamic chain
@ -1732,7 +1802,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">capabilities</emphasis></term> <term>[-<option>f</option>] <emphasis
role="bold">capabilities</emphasis></term>
<listitem> <listitem>
<para>Displays your kernel/iptables capabilities. The <para>Displays your kernel/iptables capabilities. The
@ -1743,8 +1814,10 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>[ [ <option>chain</option> ] <emphasis>chain</emphasis>... <term>[-<option>b</option>] [-<option>x</option>]
]</term> [-<option>l</option>] [-<option>t</option>
{<option>filter</option>|<option>mangle</option>|<option>nat</option>|<option>raw</option>|<option>rawpost</option>}]
[ <emphasis>chain</emphasis>... ]</term>
<listitem> <listitem>
<para>The rules in each <emphasis>chain</emphasis> are <para>The rules in each <emphasis>chain</emphasis> are
@ -1886,7 +1959,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">nat</emphasis></term> <term>[-<option>x</option>] <emphasis
role="bold">nat</emphasis></term>
<listitem> <listitem>
<para>Displays the Netfilter nat table using the command <para>Displays the Netfilter nat table using the command
@ -1921,7 +1995,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">routing</emphasis></term> <term>[-<option>c</option>]<emphasis role="bold">
routing</emphasis></term>
<listitem> <listitem>
<para>Displays the system's IPv4 routing configuration. <para>Displays the system's IPv4 routing configuration.
@ -1931,7 +2006,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">raw</emphasis></term> <term>[-<option>x</option>] <emphasis
role="bold">raw</emphasis></term>
<listitem> <listitem>
<para>Displays the Netfilter raw table using the command <para>Displays the Netfilter raw table using the command
@ -1965,7 +2041,11 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">start</emphasis></term> <term><emphasis role="bold">start </emphasis><emphasis role="bold">
</emphasis>[-<option>n</option>] [-<option>p</option>]
[-<option>d</option>] [-<option>f</option>] [-<option>c</option>]
[-<option>T</option>] [-<option>i</option>] [-<option>C</option>] [
<replaceable>directory</replaceable> ]</term>
<listitem> <listitem>
<para>Start shorewall. Existing connections through shorewall <para>Start shorewall. Existing connections through shorewall
@ -2025,7 +2105,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">stop</emphasis></term> <term><emphasis role="bold">stop</emphasis>
[-<option>f</option>]</term>
<listitem> <listitem>
<para>Stops the firewall. All existing connections, except those <para>Stops the firewall. All existing connections, except those
@ -2047,7 +2128,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">status</emphasis></term> <term><emphasis role="bold">status</emphasis>
[-<option>i</option>]</term>
<listitem> <listitem>
<para>Produces a short report about the state of the <para>Produces a short report about the state of the
@ -2060,7 +2142,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">try</emphasis></term> <term><emphasis role="bold">try</emphasis>
<replaceable>directory</replaceable> [
<replaceable>timeout</replaceable> ]</term>
<listitem> <listitem>
<para>If Shorewall is started then the firewall state is saved to a <para>If Shorewall is started then the firewall state is saved to a
@ -2095,7 +2179,11 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">update</emphasis></term> <term><emphasis role="bold">update </emphasis> [-<option>b</option>]
[-<option>d</option>] [-<option>r</option>] [-<option>T</option>]
[-<option>a</option>] [-<option>D</option>] [-<option>i</option>]
[-<option>t</option>] [-<option>A</option>] [
<replaceable>directory</replaceable> ]</term>
<listitem> <listitem>
<para>Added in Shorewall 4.4.21 and causes the compiler to update <para>Added in Shorewall 4.4.21 and causes the compiler to update
@ -2187,7 +2275,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">version</emphasis></term> <term><emphasis role="bold">version</emphasis>
[-<option>a</option>]</term>
<listitem> <listitem>
<para>Displays Shorewall's version. The <option>-a</option> option <para>Displays Shorewall's version. The <option>-a</option> option

View File

@ -197,37 +197,6 @@
choice="plain"><option>hits</option><arg><option>-t</option></arg></arg> choice="plain"><option>hits</option><arg><option>-t</option></arg></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis>
<command>shorewall6-lite</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>ipcalc</option></arg>
<group choice="req">
<arg choice="plain"><replaceable>address</replaceable>
<replaceable>mask</replaceable></arg>
<arg
choice="plain"><replaceable>address</replaceable>/<replaceable>vlsm</replaceable></arg>
</group>
</cmdsynopsis>
<cmdsynopsis>
<command>shorewall6-lite</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>iprange</option></arg>
<arg
choice="plain"><replaceable>address1</replaceable><option>-</option><replaceable>address2</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
<command>shorewall6-lite</command> <command>shorewall6-lite</command>
@ -347,8 +316,6 @@
<arg><option>-p</option></arg> <arg><option>-p</option></arg>
<arg><option>-C</option></arg> <arg><option>-C</option></arg>
<arg><replaceable>directory</replaceable></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
@ -635,7 +602,10 @@
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term><emphasis role="bold">add</emphasis></term> <term><emphasis role="bold">add </emphasis>{
<replaceable>interface</replaceable>[:<replaceable>host-list</replaceable>]...
<replaceable>zone</replaceable> | <replaceable>zone</replaceable>
<replaceable>host-list</replaceable> }</term>
<listitem> <listitem>
<para>Adds a list of hosts or subnets to a dynamic zone usually used <para>Adds a list of hosts or subnets to a dynamic zone usually used
@ -660,7 +630,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">allow</emphasis></term> <term><emphasis role="bold">allow
</emphasis><replaceable>address</replaceable></term>
<listitem> <listitem>
<para>Re-enables receipt of packets from hosts previously <para>Re-enables receipt of packets from hosts previously
@ -671,7 +642,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">clear</emphasis></term> <term><emphasis role="bold">clear </emphasis><emphasis role="bold">
</emphasis>[-<option>f</option>]</term>
<listitem> <listitem>
<para>Clear will remove all rules and chains installed by <para>Clear will remove all rules and chains installed by
@ -708,7 +680,10 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">delete</emphasis></term> <term><emphasis role="bold">delete </emphasis>{
<replaceable>interface</replaceable>[:<replaceable>host-list</replaceable>]...
<replaceable>zone</replaceable> | <replaceable>zone</replaceable>
<replaceable>host-list</replaceable> }</term>
<listitem> <listitem>
<para>The delete command reverses the effect of an earlier <para>The delete command reverses the effect of an earlier
@ -723,7 +698,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">disable</emphasis></term> <term><emphasis role="bold">disable </emphasis>{
<replaceable>interface</replaceable> |
<replaceable>provider</replaceable> }</term>
<listitem> <listitem>
<para>Added in Shorewall 4.4.26. Disables the optional provider <para>Added in Shorewall 4.4.26. Disables the optional provider
@ -735,7 +712,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">drop</emphasis></term> <term><emphasis role="bold">drop
</emphasis><replaceable>address</replaceable></term>
<listitem> <listitem>
<para>Causes traffic from the listed <para>Causes traffic from the listed
@ -744,7 +722,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">dump</emphasis></term> <term><emphasis role="bold">dump </emphasis>[-<option>x</option>]
[-<option>l</option>] [-<option>m</option>]
[-<option>c</option>]</term>
<listitem> <listitem>
<para>Produces a verbose report about the firewall configuration for <para>Produces a verbose report about the firewall configuration for
@ -766,7 +746,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">enable</emphasis></term> <term><emphasis role="bold">enable </emphasis>{
<replaceable>interface</replaceable> |
<replaceable>provider</replaceable> }</term>
<listitem> <listitem>
<para>Added in Shorewall 4.4.26. Enables the optional provider <para>Added in Shorewall 4.4.26. Enables the optional provider
@ -778,7 +760,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">forget</emphasis></term> <term><emphasis role="bold">forget </emphasis>[
<replaceable>filename</replaceable> ]</term>
<listitem> <listitem>
<para>Deletes <para>Deletes
@ -810,26 +793,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">ipcalc</emphasis></term> <term><emphasis role="bold">iptrace </emphasis><replaceable>ip6tables
match expression</replaceable></term>
<listitem>
<para>Ipcalc displays the network address, broadcast address,
network in CIDR notation and netmask corresponding to the
input[s].</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">iprange</emphasis></term>
<listitem>
<para>Iprange decomposes the specified range of IP addresses into
the equivalent list of network/host addresses.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">iptrace</emphasis></term>
<listitem> <listitem>
<para>This is a low-level debugging command that causes iptables <para>This is a low-level debugging command that causes iptables
@ -857,7 +822,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">logdrop</emphasis></term> <term><emphasis role="bold">logdrop
</emphasis><replaceable>address</replaceable></term>
<listitem> <listitem>
<para>Causes traffic from the listed <para>Causes traffic from the listed
@ -869,7 +835,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">logwatch</emphasis></term> <term><emphasis role="bold">logwatch </emphasis>[-<option>m</option>]
[<replaceable>refresh-interval</replaceable>]</term>
<listitem> <listitem>
<para>Monitors the log file specified by the LOGFILE option in <para>Monitors the log file specified by the LOGFILE option in
@ -891,7 +858,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">logreject</emphasis></term> <term><emphasis role="bold">logreject
</emphasis><replaceable>address</replaceable></term>
<listitem> <listitem>
<para>Causes traffic from the listed <para>Causes traffic from the listed
@ -912,13 +880,15 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">noiptrace</emphasis></term> <term><emphasis role="bold">noiptrace
</emphasis><replaceable>ip6tables match
expression</replaceable></term>
<listitem> <listitem>
<para>This is a low-level debugging command that cancels a trace <para>This is a low-level debugging command that cancels a trace
started by a preceding <command>iptrace</command> command.</para> started by a preceding <command>iptrace</command> command.</para>
<para>The <replaceable>iptables match expression</replaceable> must <para>The <replaceable>ip6tables match expression</replaceable> must
be one given in the <command>iptrace</command> command being be one given in the <command>iptrace</command> command being
canceled.</para> canceled.</para>
</listitem> </listitem>
@ -964,16 +934,30 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">reset</emphasis></term> <term><emphasis role="bold">reject</emphasis><replaceable>
address</replaceable></term>
<listitem> <listitem>
<para>All the packet and byte counters in the firewall are <para>Causes traffic from the listed <emphasis>address</emphasis>es
reset.</para> to be silently rejected.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">restart</emphasis></term> <term><emphasis role="bold">reset [<replaceable>chain</replaceable>,
...]</emphasis><acronym></acronym></term>
<listitem>
<para>Resets the packet and byte counters in the specified
<replaceable>chain</replaceable>(s). If no
<replaceable>chain</replaceable> is specified, all the packet and
byte counters in the firewall are reset.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">restart </emphasis>[-n] [-p]
[-<option>C</option>]</term>
<listitem> <listitem>
<para>Restart is similar to <command>shorewall6-lite start</command> <para>Restart is similar to <command>shorewall6-lite start</command>
@ -1004,7 +988,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">restore</emphasis></term> <term><emphasis role="bold">restore </emphasis>[-<option>n</option>]
[-<option>p</option>] [-<option>C</option>] [
<replaceable>filename</replaceable> ]</term>
<listitem> <listitem>
<para>Restore shorewall6-lite to a state saved using the <para>Restore shorewall6-lite to a state saved using the
@ -1026,7 +1012,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">run</emphasis></term> <term><emphasis role="bold">run
</emphasis><replaceable>command</replaceable> [
<replaceable>parameter</replaceable> ... ]</term>
<listitem> <listitem>
<para>Added in Shorewall 4.6.3. Executes <para>Added in Shorewall 4.6.3. Executes
@ -1043,7 +1031,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">save</emphasis></term> <term><emphasis role="bold">save </emphasis>[-<option>C</option>] [
<replaceable>filename</replaceable> ]</term>
<listitem> <listitem>
<para>The dynamic blacklist is stored in <para>The dynamic blacklist is stored in
@ -1084,7 +1073,8 @@
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term><emphasis role="bold">bl|blacklists</emphasis></term> <term>[-<option>x</option>] <emphasis
role="bold">bl|blacklists</emphasis></term>
<listitem> <listitem>
<para>Added in Shorewall 4.6.2. Displays the dynamic chain <para>Added in Shorewall 4.6.2. Displays the dynamic chain
@ -1097,7 +1087,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">capabilities</emphasis></term> <term>[-<option>f</option>] <emphasis
role="bold">capabilities</emphasis></term>
<listitem> <listitem>
<para>Displays your kernel/iptables capabilities. The <para>Displays your kernel/iptables capabilities. The
@ -1108,8 +1099,10 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>[ [ <option>chain</option> ] <emphasis>chain</emphasis>... <term>[-<option>b</option>] [-<option>x</option>]
]</term> [-<option>l</option>] [-<option>t</option>
{<option>filter</option>|<option>mangle</option>|<option>nat</option>|<option>raw</option>|<option>rawpost</option>}][
<emphasis>chain</emphasis>... ]</term>
<listitem> <listitem>
<para>The rules in each <emphasis>chain</emphasis> are <para>The rules in each <emphasis>chain</emphasis> are
@ -1243,11 +1236,12 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">nat</emphasis></term> <term>[-<option>x</option>] <emphasis
role="bold">nat</emphasis></term>
<listitem> <listitem>
<para>Displays the Netfilter nat table using the command <para>Displays the Netfilter nat table using the command
<command>iptables -t nat -L -n -v</command>.The <command>ip6tables -t nat -L -n -v</command>.The
<option>-x</option> option is passed directly through to <option>-x</option> option is passed directly through to
iptables and causes actual packet and byte counts to be iptables and causes actual packet and byte counts to be
displayed. Without this option, those counts are displayed. Without this option, those counts are
@ -1268,17 +1262,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">routing</emphasis></term> <term>[-<option>x</option>] <emphasis
role="bold">raw</emphasis></term>
<listitem>
<para>Displays the system's IPv4 routing configuration. The -c
option causes the route cache to be displayed in addition to
the other routing information.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">raw</emphasis></term>
<listitem> <listitem>
<para>Displays the Netfilter raw table using the command <para>Displays the Netfilter raw table using the command
@ -1290,6 +1275,17 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>[-<option>c</option>]<emphasis role="bold">
</emphasis><emphasis role="bold">routing</emphasis></term>
<listitem>
<para>Displays the system's IPv4 routing configuration. The -c
option causes the route cache to be displayed in addition to
the other routing information.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">tc</emphasis></term> <term><emphasis role="bold">tc</emphasis></term>
@ -1312,7 +1308,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">start</emphasis></term> <term><emphasis role="bold">start </emphasis>[-<option>p</option>]
[-<option>n</option>] [<option>-f</option>]
[-<option>C</option>]</term>
<listitem> <listitem>
<para>Start Shorewall6 Lite. Existing connections through <para>Start Shorewall6 Lite. Existing connections through
@ -1324,7 +1322,7 @@
table to be flushed; the <command>conntrack</command> utility must table to be flushed; the <command>conntrack</command> utility must
be installed to use this option.</para> be installed to use this option.</para>
<para>The <option>-m</option> option prevents the firewall script <para>The <option>-n</option> option prevents the firewall script
from modifying the current routing configuration.</para> from modifying the current routing configuration.</para>
<para>The <option>-f</option> option was added in Shorewall 4.6.5. <para>The <option>-f</option> option was added in Shorewall 4.6.5.
@ -1343,7 +1341,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">stop</emphasis></term> <term><emphasis role="bold">stop </emphasis><emphasis role="bold">
</emphasis>[-<option>f</option>]</term>
<listitem> <listitem>
<para>Stops the firewall. All existing connections, except those <para>Stops the firewall. All existing connections, except those
@ -1377,7 +1376,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">version</emphasis></term> <term><emphasis role="bold">version
</emphasis>[-<option>a</option>]</term>
<listitem> <listitem>
<para>Displays Shorewall's version. The <option>-a</option> option <para>Displays Shorewall's version. The <option>-a</option> option

View File

@ -799,7 +799,10 @@
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term><emphasis role="bold">add</emphasis></term> <term><emphasis role="bold">add </emphasis>{
<replaceable>interface</replaceable>[:<replaceable>host-list</replaceable>]...
<replaceable>zone</replaceable> | <replaceable>zone</replaceable>
<replaceable>host-list</replaceable> }</term>
<listitem> <listitem>
<para>Added in Shorewall 4.4.21. Adds a list of hosts or subnets to <para>Added in Shorewall 4.4.21. Adds a list of hosts or subnets to
@ -831,7 +834,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">allow</emphasis></term> <term><emphasis role="bold">allow
</emphasis><replaceable>address</replaceable></term>
<listitem> <listitem>
<para>Re-enables receipt of packets from hosts previously <para>Re-enables receipt of packets from hosts previously
@ -843,7 +847,10 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">check</emphasis></term> <term><emphasis role="bold">check </emphasis>[-<option>e</option>]
[-<option>d</option>] [-<option>p</option>] [-<option>r</option>]
[-<option>T</option>] [-<option>i</option>]
[<replaceable>directory</replaceable>]</term>
<listitem> <listitem>
<para>Compiles the configuration in the specified <para>Compiles the configuration in the specified
@ -883,7 +890,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">clear</emphasis></term> <term><emphasis role="bold">clear
</emphasis>[-<option>f</option>]</term>
<listitem> <listitem>
<para>Clear will remove all rules and chains installed by <para>Clear will remove all rules and chains installed by
@ -915,7 +923,11 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">compile</emphasis></term> <term><emphasis role="bold">compile </emphasis>[-<option>e</option>]
[-<option>c</option>] [-<option>d</option>] [-<option>p</option>]
[-<option>T</option>] [-<option>i</option>]
[<replaceable>directory</replaceable>]
[<replaceable>pathname</replaceable> ]</term>
<listitem> <listitem>
<para>Compiles the current configuration into the executable file <para>Compiles the current configuration into the executable file
@ -971,7 +983,10 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">delete</emphasis></term> <term><emphasis role="bold">delete </emphasis>{
<replaceable>interface</replaceable>[:<replaceable>host-list</replaceable>]...
<replaceable>zone</replaceable> | <replaceable>zone</replaceable>
<replaceable>host-list</replaceable> }</term>
<listitem> <listitem>
<para>Added in Shorewall 4.4.21. The delete command reverses the <para>Added in Shorewall 4.4.21. The delete command reverses the
@ -996,7 +1011,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">disable</emphasis></term> <term><emphasis role="bold">disable </emphasis><emphasis role="bold">
</emphasis>{ <replaceable>interface</replaceable> |
<replaceable>provider</replaceable> }</term>
<listitem> <listitem>
<para>Added in Shorewall 4.4.26. Disables the optional provider <para>Added in Shorewall 4.4.26. Disables the optional provider
@ -1015,7 +1032,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">drop</emphasis></term> <term><emphasis role="bold">drop
</emphasis><replaceable>address</replaceable></term>
<listitem> <listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es <para>Causes traffic from the listed <emphasis>address</emphasis>es
@ -1024,7 +1042,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">dump</emphasis></term> <term><emphasis role="bold">dump </emphasis>[-<option>x</option>]
[-<option>l</option>] [-<option>m</option>]
[-<option>c</option>]</term>
<listitem> <listitem>
<para>Produces a verbose report about the firewall configuration for <para>Produces a verbose report about the firewall configuration for
@ -1046,7 +1066,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">enable</emphasis></term> <term><emphasis role="bold">enable </emphasis>{
<replaceable>interface</replaceable> |
<replaceable>provider</replaceable> }</term>
<listitem> <listitem>
<para>Added in Shorewall 4.4.26. Enables the optional provider <para>Added in Shorewall 4.4.26. Enables the optional provider
@ -1067,7 +1089,10 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">export</emphasis></term> <term><emphasis role="bold">export
</emphasis>[<replaceable>directory1</replaceable> ]
[<replaceable>user</replaceable>@]<replaceable>system</replaceable>[:<replaceable>directory2</replaceable>
]</term>
<listitem> <listitem>
<para>If <emphasis>directory1</emphasis> is omitted, the current <para>If <emphasis>directory1</emphasis> is omitted, the current
@ -1091,7 +1116,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">forget</emphasis></term> <term><emphasis role="bold">forget </emphasis>[
<replaceable>filename</replaceable> ]</term>
<listitem> <listitem>
<para>Deletes <filename>/var/lib/shorewall6/<replaceable>filename <para>Deletes <filename>/var/lib/shorewall6/<replaceable>filename
@ -1112,7 +1138,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">iptrace</emphasis></term> <term><emphasis role="bold">iptrace </emphasis><replaceable>ip6tables
match expression</replaceable></term>
<listitem> <listitem>
<para>This is a low-level debugging command that causes iptables <para>This is a low-level debugging command that causes iptables
@ -1140,7 +1167,11 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">load</emphasis></term> <term><emphasis role="bold">load </emphasis> [-<option>s</option>]
[-<option>c</option>] [-<option>r</option>
<replaceable>root-user-name</replaceable>] [-<option>T</option>]
[-<option>i</option>] [ <replaceable>directory</replaceable> ]
<replaceable>system</replaceable></term>
<listitem> <listitem>
<para>If <emphasis>directory</emphasis> is omitted, the current <para>If <emphasis>directory</emphasis> is omitted, the current
@ -1195,7 +1226,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">logdrop</emphasis></term> <term><emphasis role="bold">logdrop
</emphasis><replaceable>address</replaceable></term>
<listitem> <listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es <para>Causes traffic from the listed <emphasis>address</emphasis>es
@ -1207,7 +1239,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">logwatch</emphasis></term> <term><emphasis role="bold">logwatch </emphasis>[-<option>m</option>]
[<replaceable>refresh-interval</replaceable>]</term>
<listitem> <listitem>
<para>Monitors the log file specified by the LOGFILE option in <para>Monitors the log file specified by the LOGFILE option in
@ -1225,7 +1258,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">logreject</emphasis></term> <term><emphasis role="bold">logreject</emphasis>
<replaceable>address</replaceable></term>
<listitem> <listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es <para>Causes traffic from the listed <emphasis>address</emphasis>es
@ -1246,7 +1280,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">noiptrace</emphasis></term> <term><emphasis role="bold">noiptrace
</emphasis><replaceable>ip6tables match
expression</replaceable></term>
<listitem> <listitem>
<para>This is a low-level debugging command that cancels a trace <para>This is a low-level debugging command that cancels a trace
@ -1298,7 +1334,10 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">refresh</emphasis></term> <term><emphasis role="bold">refresh </emphasis>[-<option>n</option>]
[-<option>d</option>] [-<option>T</option>] [-i]
[-<option>D</option><replaceable>directory</replaceable> ] [
<replaceable>chain</replaceable>... ]</term>
<listitem> <listitem>
<para>All steps performed by <command>restart</command> are <para>All steps performed by <command>restart</command> are
@ -1350,7 +1389,21 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">reload</emphasis></term> <term><emphasis role="bold">reject</emphasis><replaceable>
address</replaceable></term>
<listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es
to be silently rejected.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">reload </emphasis>[-<option>s</option>]
[-<option>c</option>] [-<option>r</option>
<replaceable>root-user-name</replaceable>] [-<option>T</option>]
[-<option>i</option>] [ <replaceable>directory</replaceable> ]
<replaceable>system</replaceable></term>
<listitem> <listitem>
<para>If <emphasis>directory</emphasis> is omitted, the current <para>If <emphasis>directory</emphasis> is omitted, the current
@ -1417,7 +1470,10 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">restart</emphasis></term> <term><emphasis role="bold">restart </emphasis>[-<option>n</option>]
[-<option>p</option>] [-<option>d</option>] [-<option>f</option>]
[-<option>c</option>] [-<option>T</option>] [-<option>i</option>]
[-<option>C</option>] [ <replaceable>directory</replaceable> ]</term>
<listitem> <listitem>
<para>Restart is similar to <command>shorewall6 start</command> <para>Restart is similar to <command>shorewall6 start</command>
@ -1472,7 +1528,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">restore</emphasis></term> <term><emphasis role="bold">restore </emphasis>[-<option>n</option>]
[-<option>p</option>] [-<option>C</option>] [
<replaceable>filename</replaceable> ]</term>
<listitem> <listitem>
<para>Restore Shorewall6 to a state saved using the <para>Restore Shorewall6 to a state saved using the
@ -1500,7 +1558,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">run</emphasis></term> <term><emphasis role="bold">run</emphasis><emphasis role="bold">
</emphasis><replaceable>command</replaceable> [
<replaceable>parameter</replaceable> ... ]</term>
<listitem> <listitem>
<para>Added in Shorewall 4.6.3. Executes <para>Added in Shorewall 4.6.3. Executes
@ -1523,7 +1583,10 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">safe-restart</emphasis></term> <term><emphasis role="bold">safe-restart
</emphasis>[-<option>d</option>] [-<option>p</option>]
[-<option>t</option><replaceable>timeout</replaceable> ] [
<replaceable>directory</replaceable> ]</term>
<listitem> <listitem>
<para>Only allowed if Shorewall6 is running. The current <para>Only allowed if Shorewall6 is running. The current
@ -1549,7 +1612,10 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">safe-start</emphasis></term> <term><emphasis role="bold">safe-start
</emphasis>[-<option>d</option>] [-<option>p</option>]
[-<option>t</option><replaceable>timeout</replaceable> ] [
<replaceable>directory</replaceable> ]</term>
<listitem> <listitem>
<para>Shorewall6 is started normally. You will then be prompted <para>Shorewall6 is started normally. You will then be prompted
@ -1571,7 +1637,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">save</emphasis></term> <term><emphasis role="bold">save </emphasis>[-<option>C</option>] [
<replaceable>filename</replaceable> ]</term>
<listitem> <listitem>
<para>The dynamic blacklist is stored in <filename> <para>The dynamic blacklist is stored in <filename>
@ -1622,7 +1689,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">bl|blacklists</emphasis></term> <term>[-<option>x</option>] <emphasis role="bold">bl|blacklists
</emphasis></term>
<listitem> <listitem>
<para>Added in Shorewall 4.6.2. Displays the dynamic chain <para>Added in Shorewall 4.6.2. Displays the dynamic chain
@ -1635,7 +1703,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">capabilities</emphasis></term> <term>[-<option>f</option>] <emphasis
role="bold">capabilities</emphasis></term>
<listitem> <listitem>
<para>Displays your kernel/ip6tables capabilities. The <para>Displays your kernel/ip6tables capabilities. The
@ -1646,8 +1715,10 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>[ [ <option>chain</option> ] <emphasis>chain</emphasis>... <term>[-<option>b</option>] [-<option>x</option>]
]</term> [-<option>l</option>] [-<option>t</option>
{<option>filter</option>|<option>mangle</option>|<option>nat</option>|<option>raw</option>|<option>rawpost</option>}][
<emphasis>chain</emphasis>... ]</term>
<listitem> <listitem>
<para>The rules in each <emphasis>chain</emphasis> are <para>The rules in each <emphasis>chain</emphasis> are
@ -1776,6 +1847,20 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>[-<option>x</option>] <emphasis
role="bold">nat</emphasis></term>
<listitem>
<para>Displays the Netfilter nat table using the command
<emphasis role="bold">ip6tables -t nat -L -n -v</emphasis>.
The <emphasis role="bold">-x</emphasis> option is passed
directly through to ip6tables and causes actual packet and
byte counts to be displayed. Without this option, those counts
are abbreviated.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">opens</emphasis></term> <term><emphasis role="bold">opens</emphasis></term>
@ -1799,7 +1884,22 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">routing</emphasis></term> <term>[-<option>x</option>] <emphasis
role="bold">raw</emphasis></term>
<listitem>
<para>Displays the Netfilter raw table using the command
<emphasis role="bold">ip6tables -t raw -L -n -v</emphasis>.
The <emphasis role="bold">-x</emphasis> option is passed
directly through to ip6tables and causes actual packet and
byte counts to be displayed. Without this option, those counts
are abbreviated.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">[-<option>c</option>]<emphasis
role="bold"> </emphasis>routing</emphasis></term>
<listitem> <listitem>
<para>Displays the system's IPv6 routing configuration. The -c <para>Displays the system's IPv6 routing configuration. The -c
@ -1830,7 +1930,11 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">start</emphasis></term> <term><emphasis role="bold">start </emphasis><emphasis role="bold">
</emphasis>[-<option>n</option>] [-<option>p</option>]
[-<option>d</option>] [-<option>f</option>] [-<option>c</option>]
[-<option>T</option>] [-<option>i</option>] [-<option>C</option>] [
<replaceable>directory</replaceable> ]</term>
<listitem> <listitem>
<para>Start shorewall6. Existing connections through shorewall6 <para>Start shorewall6. Existing connections through shorewall6
@ -1886,7 +1990,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">stop</emphasis></term> <term><emphasis role="bold">stop
</emphasis>[-<option>f</option>]</term>
<listitem> <listitem>
<para>Stops the firewall. All existing connections, except those <para>Stops the firewall. All existing connections, except those
@ -1898,6 +2003,12 @@
is from systems listed in <ulink is from systems listed in <ulink
url="/manpages6/shorewall6-routestopped.html">shorewall6-routestopped</ulink>(5) url="/manpages6/shorewall6-routestopped.html">shorewall6-routestopped</ulink>(5)
or by ADMINISABSENTMINDED.</para> or by ADMINISABSENTMINDED.</para>
<para>If <option>-f</option> is given, the command will be processed
by the compiled script that executed the last successful <emphasis
role="bold">start</emphasis>, <emphasis
role="bold">restart</emphasis> or <emphasis
role="bold">refresh</emphasis> command if that script exists.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1915,7 +2026,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">try</emphasis></term> <term><emphasis role="bold">try
</emphasis><replaceable>directory</replaceable> [
<replaceable>timeout</replaceable> ]</term>
<listitem> <listitem>
<para>If Shorewall6 is started then the firewall state is saved to a <para>If Shorewall6 is started then the firewall state is saved to a
@ -1949,7 +2062,11 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">update</emphasis></term> <term><emphasis role="bold">update </emphasis>[-<option>b</option>]
[-<option>d</option>] [-<option>r</option>] [-<option>T</option>]
[-<option>a</option>] [-<option>D</option>] [-<option>i</option>]
[-<option>t</option>] [-<option>A</option>] [
<replaceable>directory</replaceable> ]</term>
<listitem> <listitem>
<para>Added in Shorewall 4.4.21 and causes the compiler to update <para>Added in Shorewall 4.4.21 and causes the compiler to update
@ -2041,7 +2158,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">version</emphasis></term> <term><emphasis role="bold">version
[-<option>a</option>]</emphasis></term>
<listitem> <listitem>
<para>Displays Shorewall6's version. If the <option>-a</option> <para>Displays Shorewall6's version. If the <option>-a</option>