diff --git a/Shorewall-docs2/ErrorMessages.xml b/Shorewall-docs2/ErrorMessages.xml
index 24ad29755..adfd51848 100644
--- a/Shorewall-docs2/ErrorMessages.xml
+++ b/Shorewall-docs2/ErrorMessages.xml
@@ -15,7 +15,7 @@
- 2005-10-02
+ 2005-10-03
2004
@@ -167,6 +167,145 @@
generated by this program are listed below.
+
+ ERROR: Invalid nested zone syntax: :<parent-zone>
+
+
+ The zone name in the ZONE column of
+ /etc/shorewall/zones may not start with a colon
+ (":").
+
+
+
+
+ ERROR: Sub-zones of the firewall zone are not allowed
+
+
+ The firewall zone may not be defined to have zones nested
+ within it.
+
+
+
+
+ ERROR: Parent zone not defined: <parent-zone>
+
+
+ When defining nested zones in
+ /etc/shorewall/zones, the parent zone must be
+ defined before any zones nested inside of it.
+
+
+
+
+ ERROR: Zone name longer than 5 characters: <zone>
+
+
+ Zone names are restricted to 5 characters or less in
+ length.
+
+
+
+
+ ERROR: Illegal zone name "<zone>" in zones file
+
+
+ The zone name quoted in the error message begins with a digit
+ -- zone names must begin with an alphabetic character.
+
+
+
+
+ ERROR: Reserved zone name "<zone>" in zones file
+
+
+ The names "none" and "all" are reserved and may not be used as
+ zone names in /etc/shorewall/zones.
+
+
+
+
+ ERROR: Zone <zone> is defined more than once
+
+
+ There are two records in
+ /etc/shorewall/zones that define the named
+ zone.
+
+
+
+
+ ERROR: Your kernel and/or iptables does not support policy
+ match
+
+
+ You have defined a zone of type ipsec in
+ /etc/shorewall/zones or have specified the
+ ipsec option in an /etc/shorewall/hosts record
+ but your kernel and/or iptables don't include policy match support
+ -- see this article for
+ details.
+
+
+
+
+ ERROR: The firewall zone may not be nested
+
+
+ You have defined a zone of type firewall to be nested inside another zone.
+ Shorewall does not support such nesting.
+
+
+
+
+ ERROR: OPTIONS not allowed on the firewall zone
+
+
+ The zone of type firewall may
+ not have any options specified in the OPTIONS, IN OPTIONS or OUT
+ OPTIONS columns of /etc/shorewall/zones.
+
+
+
+
+ ERROR: Only one firewall zone may be defined
+
+
+ You may have only one record in
+ /etc/shorewall/zones that has type firewall.
+
+
+
+
+ ERROR: No ipv4 or ipsec Zones Defined
+
+
+ You must define at least one ipv4 or ipsec zone in
+ /etc/shorewall/zones.
+
+
+
+
+ ERROR: No Firewall Zone Defined
+
+
+ You must define one (and only one) zone if type firewall in
+ /etc/shorewall/zones.
+
+
+
+
+ ERROR: Invalid Mark or Mask value: <number>
+
+
+ Shorewall-assigned packet and connection marks are limited to
+ the range 1-255.
+
+
+
ERROR: Invalid zone definition for zone <zone>
@@ -190,6 +329,29 @@
+
+ ERROR: The routeback option may not be specified on a multi-zone
+ interface
+
+
+ The ZONE column of a record in
+ /etc/shorewall/interfaces was empty ("-"). Such
+ interfaces may not specify the routeback option.
+
+
+
+
+ ERROR: The "detectnets" option may not be used with a wild-card
+ interface
+
+
+ The interface name in the INTERFACE column is a wild-card
+ (ends with "+"). Such interfaces may not specify the detectnets option.
+
+
+
ERROR: Duplicate Interface <interface>
@@ -210,6 +372,19 @@
+
+ ERROR: The 'norfc1918' option may not be specified on an
+ interface with an RFC 1918 address. Interface:
+ <interface>
+
+
+ The <interface> named in the message is configured with
+ an IP address that is reserved by RFC 1918 -- that address is
+ incompatible with the norfc1918
+ interface option.
+
+
+
ERROR: Unknown interface (<interface>) in record
"<record>"
@@ -222,6 +397,19 @@
+
+ ERROR: Invalid HOST(S) column contents: <hosts>
+
+
+ The contests of the HOST(S) column in a record from
+ /etc/shorewall/hosts does not follow the proper
+ syntax for that column in that it doesn't contain at least one colon
+ (":"). See the /etc/shorewall/hosts
+ documentation.
+
+
+
ERROR: Bridged interfaces may not be defined in
/etc/shorewall/interfaces: <interface>[:<address>]
@@ -233,19 +421,6 @@
-
- ERROR: Your kernel and/or iptables does not support policy
- match: ipsec
-
-
- You have specified the ipsec
- option in an /etc/shorewall/hosts record but
- your kernel and/or iptables is missing policy match support. That
- support in turn requires a set of ipsec-netfilter patches in order
- to work correctly.
-
-
-
ERROR: Undefined zone <zone>
@@ -281,18 +456,6 @@
-
- ERROR: Your kernel and/or iptables does not support policy
- match
-
-
- Your /etc/shorewall/ipsec file is non-empty but your kernel
- and/or iptables do not include policy match support. That support in
- turn requires a set of ipsec-netfilter patches in order to work
- correctly.
-
-
-
ERROR: No hosts on <interface> have the maclist option
specified
@@ -568,7 +731,7 @@
If you need help understanding that warning message then you
- probably need to take up another hobby or line of work.
+ probably need to take up another hobby or line of work.