mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-08 00:34:04 +01:00
Patches for shorewall manpage
Hi, here is the patch set for the shorewall6-lite man page. -Thomas >From d3fc3bd79f6313e8c940f6df49ae6ea3e05fa590 Mon Sep 17 00:00:00 2001 From: Thomas D <whissi@whissi.de> Date: Tue, 11 Nov 2014 01:23:44 +0100 Subject: [PATCH 2/2] Fixes for the "commands" section. Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
22ac37b51e
commit
2bf80ee3d9
@ -534,7 +534,7 @@
|
||||
used for debugging. See <ulink
|
||||
url="http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace">http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace</ulink>.</para>
|
||||
|
||||
<para>The nolock <option>option</option> prevents the command from
|
||||
<para>The <option>nolock</option> option prevents the command from
|
||||
attempting to acquire the shorewall6-lite lockfile. It is useful if you
|
||||
need to include <command>shorewall</command> commands in
|
||||
<filename>/etc/shorewall/started</filename>.</para>
|
||||
@ -570,19 +570,21 @@
|
||||
<para>Adds a list of hosts or subnets to a dynamic zone usually used
|
||||
with VPN's.</para>
|
||||
|
||||
<para>The <emphasis>interface</emphasis> argument names an interface
|
||||
<para>The <replaceable>interface</replaceable> argument names an interface
|
||||
defined in the <ulink
|
||||
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
|
||||
file. A <emphasis>host-list</emphasis> is comma-separated list whose
|
||||
elements are host or network addresses.<caution>
|
||||
<para>The <command>add</command> command is not very robust. If
|
||||
there are errors in the <replaceable>host-list</replaceable>,
|
||||
you may see a large number of error messages yet a subsequent
|
||||
<command>shorewall6-lite show zones</command> command will
|
||||
indicate that all hosts were added. If this happens, replace
|
||||
<command>add</command> by <command>delete</command> and run the
|
||||
same command again. Then enter the correct command.</para>
|
||||
</caution></para>
|
||||
file. A <replaceable>host-list</replaceable> is comma-separated list whose
|
||||
elements are host or network addresses.</para>
|
||||
|
||||
<caution>
|
||||
<para>The <command>add</command> command is not very robust. If
|
||||
there are errors in the <replaceable>host-list</replaceable>,
|
||||
you may see a large number of error messages yet a subsequent
|
||||
<command>shorewall6-lite show zones</command> command will
|
||||
indicate that all hosts were added. If this happens, replace
|
||||
<command>add</command> by <command>delete</command> and run the
|
||||
same command again. Then enter the correct command.</para>
|
||||
</caution>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -591,10 +593,9 @@
|
||||
|
||||
<listitem>
|
||||
<para>Re-enables receipt of packets from hosts previously
|
||||
blacklisted by a <emphasis role="bold">drop</emphasis>, <emphasis
|
||||
role="bold">logdrop</emphasis>, <emphasis
|
||||
role="bold">reject</emphasis>, or <emphasis
|
||||
role="bold">logreject</emphasis> command.</para>
|
||||
blacklisted by a <command>drop</command>, <command>logdrop</command>,
|
||||
<command>reject</command>, or <command>logreject</command>
|
||||
command.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -608,10 +609,9 @@
|
||||
the firewall is causing connection problems.</para>
|
||||
|
||||
<para>If <option>-f</option> is given, the command will be processed
|
||||
by the compiled script that executed the last successful <emphasis
|
||||
role="bold">start</emphasis>, <emphasis
|
||||
role="bold">restart</emphasis> or <emphasis
|
||||
role="bold">refresh</emphasis> command if that script exists.</para>
|
||||
by the compiled script that executed the last successful
|
||||
<command>start</command>, <command>restart</command> or
|
||||
<command>refresh</command> command if that script exists.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -619,14 +619,14 @@
|
||||
<term><emphasis role="bold">delete</emphasis></term>
|
||||
|
||||
<listitem>
|
||||
<para>The delete command reverses the effect of an earlier <emphasis
|
||||
role="bold">add</emphasis> command.</para>
|
||||
<para>The delete command reverses the effect of an earlier
|
||||
<command>add</command> command.</para>
|
||||
|
||||
<para>The <emphasis>interface</emphasis> argument names an interface
|
||||
defined in the <ulink
|
||||
<para>The <replaceable>interface</replaceable> argument names an
|
||||
interface defined in the <ulink
|
||||
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
|
||||
file. A <emphasis>host-list</emphasis> is comma-separated list whose
|
||||
elements are a host or network address.</para>
|
||||
file. A <replaceable>host-list</replaceable> is comma-separated
|
||||
list whose elements are a host or network address.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -646,7 +646,7 @@
|
||||
<term><emphasis role="bold">drop</emphasis></term>
|
||||
|
||||
<listitem>
|
||||
<para>Causes traffic from the listed <emphasis>address</emphasis>es
|
||||
<para>Causes traffic from the listed <replaceable>address</replaceable>es
|
||||
to be silently dropped.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -658,13 +658,14 @@
|
||||
<para>Produces a verbose report about the firewall configuration for
|
||||
the purpose of problem analysis.</para>
|
||||
|
||||
<para>The <emphasis role="bold">-x</emphasis> option causes actual
|
||||
<para>The <option>-x</option> option causes actual
|
||||
packet and byte counts to be displayed. Without that option, these
|
||||
counts are abbreviated. The <emphasis role="bold">-m</emphasis>
|
||||
option causes any MAC addresses included in shorewall6-lite log
|
||||
messages to be displayed.</para>
|
||||
counts are abbreviated.</para>
|
||||
|
||||
<para>The <option>-m</option> option causes any MAC addresses
|
||||
included in shorewall6-lite log messages to be displayed.</para>
|
||||
|
||||
<para>The <emphasis role="bold">-l</emphasis> option causes the rule
|
||||
<para>The <option>-l</option> option causes the rule
|
||||
number for each Netfilter rule to be displayed.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -685,9 +686,9 @@
|
||||
<term><emphasis role="bold">forget</emphasis></term>
|
||||
|
||||
<listitem>
|
||||
<para>Deletes /var/lib/shorewall6-lite/<emphasis>filename</emphasis>
|
||||
and /var/lib/shorewall6-lite/save. If no
|
||||
<emphasis>filename</emphasis> is given then the file specified by
|
||||
<para>Deletes <filename>/var/lib/shorewall6-lite/<replaceable>filename</replaceable></filename>
|
||||
and <filename>/var/lib/shorewall6-lite/save</filename>. If no
|
||||
<replaceable>filename</replaceable> is given then the file specified by
|
||||
RESTOREFILE in <ulink
|
||||
url="shorewall.conf.html">shorewall6.conf</ulink>(5) is
|
||||
assumed.</para>
|
||||
@ -754,7 +755,7 @@
|
||||
<term><emphasis role="bold">logdrop</emphasis></term>
|
||||
|
||||
<listitem>
|
||||
<para>Causes traffic from the listed <emphasis>address</emphasis>es
|
||||
<para>Causes traffic from the listed <replaceable>address</replaceable>es
|
||||
to be logged then discarded. Logging occurs at the log level
|
||||
specified by the BLACKLIST_LOGLEVEL setting in <ulink
|
||||
url="shorewall.conf.html">shorewall6.conf</ulink> (5).</para>
|
||||
@ -768,15 +769,18 @@
|
||||
<para>Monitors the log file specified by the LOGFILE option in
|
||||
<ulink url="shorewall.conf.html">shorewall6.conf</ulink>(5) and
|
||||
produces an audible alarm when new shorewall6-lite messages are
|
||||
logged. The <emphasis role="bold">-m</emphasis> option causes the
|
||||
logged.</para>
|
||||
|
||||
<para>The <option>-m</option> option causes the
|
||||
MAC address of each packet source to be displayed if that
|
||||
information is available. The
|
||||
<replaceable>refresh-interval</replaceable> specifies the time in
|
||||
seconds between screen refreshes. You can enter a negative number by
|
||||
preceding the number with "--" (e.g., <command>shorewall6-lite
|
||||
logwatch -- -30</command>). In this case, when a packet count
|
||||
changes, you will be prompted to hit any key to resume screen
|
||||
refreshes.</para>
|
||||
information is available.</para>
|
||||
|
||||
<para>The <replaceable>refresh-interval</replaceable> specifies
|
||||
the time in seconds between screen refreshes. You can enter a
|
||||
negative number by preceding the number with "--" (e.g.,
|
||||
<command>shorewall6-lite logwatch -- -30</command>). In this
|
||||
case, when a packet count changes, you will be prompted to hit
|
||||
any key to resume screen refreshes.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -784,7 +788,7 @@
|
||||
<term><emphasis role="bold">logreject</emphasis></term>
|
||||
|
||||
<listitem>
|
||||
<para>Causes traffic from the listed <emphasis>address</emphasis>es
|
||||
<para>Causes traffic from the listed <replaceable>address</replaceable>es
|
||||
to be logged then rejected. Logging occurs at the log level
|
||||
specified by the BLACKLIST_LOGLEVEL setting in <ulink
|
||||
url="shorewall.conf.html">shorewall6.conf</ulink> (5).</para>
|
||||
@ -817,8 +821,8 @@
|
||||
<term><emphasis role="bold">restart</emphasis></term>
|
||||
|
||||
<listitem>
|
||||
<para>Restart is similar to <emphasis role="bold">shorewall6-lite
|
||||
start</emphasis> except that it assumes that the firewall is already
|
||||
<para>Restart is similar to <command>shorewall6-lite start</command>
|
||||
except that it assumes that the firewall is already
|
||||
started. Existing connections are maintained.</para>
|
||||
|
||||
<caution>
|
||||
@ -848,19 +852,19 @@
|
||||
<term><emphasis role="bold">restore</emphasis></term>
|
||||
|
||||
<listitem>
|
||||
<para>Restore shorewall6-lite to a state saved using the <emphasis
|
||||
role="bold">shorewall6-lite save</emphasis> command. Existing
|
||||
connections are maintained. The <emphasis>filename</emphasis> names
|
||||
a restore file in /var/lib/shorewall6-lite created using <emphasis
|
||||
role="bold">shorewall6-lite save</emphasis>; if no
|
||||
<emphasis>filename</emphasis> is given then shorewall6-lite will be
|
||||
<para>Restore shorewall6-lite to a state saved using the
|
||||
<command>shorewall6-lite save</command> command. Existing
|
||||
connections are maintained. The <replaceable>filename</replaceable> names
|
||||
a restore file in <filename class="directory">/var/lib/shorewall6-lite</filename>
|
||||
created using <command>shorewall6-lite save</command>; if no
|
||||
<replaceable>filename</replaceable> is given then shorewall6-lite will be
|
||||
restored from the file specified by the RESTOREFILE option in <ulink
|
||||
url="shorewall.conf.html">shorewall6.conf</ulink>(5).</para>
|
||||
|
||||
<para>The <option>-C</option> option was added in Shorewall 4.6.5.
|
||||
If the <option>-C</option> option was specified during <emphasis
|
||||
role="bold">shorewall save</emphasis>, then the counters saved by
|
||||
that operation will be restored.</para>
|
||||
If the <option>-C</option> option was specified during
|
||||
<command>shorewall7-lite save</command>, then the counters saved
|
||||
by that operation will be restored.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -886,10 +890,11 @@
|
||||
|
||||
<listitem>
|
||||
<para>The dynamic blacklist is stored in
|
||||
/var/lib/shorewall6-lite/save. The state of the firewall is stored
|
||||
in /var/lib/shorewall6-lite/<emphasis>filename</emphasis> for use by
|
||||
the <emphasis role="bold">shorewall6-lite restore</emphasis>. If
|
||||
<emphasis>filename</emphasis> is not given then the state is saved
|
||||
<filename>/var/lib/shorewall6-lite/save</filename>. The state of
|
||||
the firewall is stored in
|
||||
<filename>/var/lib/shorewall6-lite/<replaceable>filename</replaceable></filename>
|
||||
for use by the <command>shorewall6-lite restore</command> command.
|
||||
If <replaceable>filename</replaceable> is not given then the state is saved
|
||||
in the file specified by the RESTOREFILE option in <ulink
|
||||
url="shorewall.conf.html">shorewall6.conf</ulink>(5).</para>
|
||||
|
||||
@ -913,7 +918,7 @@
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.6.2. Displays the dynamic chain
|
||||
along with any chains produced by entries in
|
||||
shorewall6-blrules(5).The <emphasis role="bold">-x</emphasis>
|
||||
shorewall6-blrules(5).The <option>-x</option>
|
||||
option is passed directly through to ip6tables and causes
|
||||
actual packet and byte counts to be displayed. Without this
|
||||
option, those counts are abbreviated.</para>
|
||||
@ -925,9 +930,9 @@
|
||||
|
||||
<listitem>
|
||||
<para>Displays your kernel/iptables capabilities. The
|
||||
<emphasis role="bold">-f</emphasis> option causes the display
|
||||
to be formatted as a capabilities file for use with <emphasis
|
||||
role="bold">compile -e</emphasis>.</para>
|
||||
<option>-f</option> option causes the display
|
||||
to be formatted as a capabilities file for use with
|
||||
<command>compile -e</command>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -941,25 +946,28 @@
|
||||
-L</emphasis> <emphasis>chain</emphasis> <emphasis
|
||||
role="bold">-n -v</emphasis> command. If no
|
||||
<emphasis>chain</emphasis> is given, all of the chains in the
|
||||
filter table are displayed. The <emphasis
|
||||
role="bold">-x</emphasis> option is passed directly through to
|
||||
iptables and causes actual packet and byte counts to be
|
||||
displayed. Without this option, those counts are abbreviated.
|
||||
The <emphasis role="bold">-t</emphasis> option specifies the
|
||||
filter table are displayed.</para>
|
||||
|
||||
<para>The <option>-x</option> option
|
||||
is passed directly through to iptables and causes actual
|
||||
packet and byte counts to be displayed. Without this option,
|
||||
those counts are abbreviated.</para>
|
||||
|
||||
<para>The <option>-t</option> option specifies the
|
||||
Netfilter table to display. The default is <emphasis
|
||||
role="bold">filter</emphasis>.</para>
|
||||
|
||||
<para>The <emphasis role="bold">-b</emphasis> ('brief') option
|
||||
<para>The <option>-b</option> ('brief') option
|
||||
causes rules which have not been used (i.e. which have zero
|
||||
packet and byte counts) to be omitted from the output. Chains
|
||||
with no rules displayed are also omitted from the
|
||||
output.</para>
|
||||
|
||||
<para>The <emphasis role="bold">-l</emphasis> option causes
|
||||
<para>The <option>-l</option> option causes
|
||||
the rule number for each Netfilter rule to be
|
||||
displayed.</para>
|
||||
|
||||
<para>If the <emphasis role="bold">t</emphasis> option and the
|
||||
<para>If the <option>-t</option> option and the
|
||||
<option>chain</option> keyword are both omitted and any of the
|
||||
listed <replaceable>chain</replaceable>s do not exist, a usage
|
||||
message is displayed.</para>
|
||||
@ -1037,8 +1045,9 @@
|
||||
<listitem>
|
||||
<para>Displays the last 20 shorewall6-lite messages from the
|
||||
log file specified by the LOGFILE option in <ulink
|
||||
url="shorewall.conf.html">shorewall6.conf</ulink>(5). The
|
||||
<emphasis role="bold">-m</emphasis> option causes the MAC
|
||||
url="shorewall.conf.html">shorewall6.conf</ulink>(5).</para>
|
||||
|
||||
<para>The <option>-m</option> option causes the MAC
|
||||
address of each packet source to be displayed if that
|
||||
information is available.</para>
|
||||
</listitem>
|
||||
@ -1059,8 +1068,8 @@
|
||||
|
||||
<listitem>
|
||||
<para>Displays the Netfilter nat table using the command
|
||||
<emphasis role="bold">iptables -t nat -L -n -v</emphasis>.The
|
||||
<emphasis role="bold">-x</emphasis> option is passed directly
|
||||
<command>iptables -t nat -L -n -v</command>.The
|
||||
<option>-x</option> option is passed directly
|
||||
through to iptables and causes actual packet and byte counts
|
||||
to be displayed. Without this option, those counts are
|
||||
abbreviated.</para>
|
||||
@ -1092,8 +1101,8 @@
|
||||
|
||||
<listitem>
|
||||
<para>Displays the Netfilter raw table using the command
|
||||
<emphasis role="bold">iptables -t raw -L -n -v</emphasis>.The
|
||||
<emphasis role="bold">-x</emphasis> option is passed directly
|
||||
<command>iptables -t raw -L -n -v</command>.The
|
||||
<option>-x</option> option is passed directly
|
||||
through to iptables and causes actual packet and byte counts
|
||||
to be displayed. Without this option, those counts are
|
||||
abbreviated.</para>
|
||||
@ -1146,8 +1155,8 @@
|
||||
<para>The <option>-C</option> option was added in Shorewall 4.6.5
|
||||
and is only meaningful when the <option>-f</option> option is also
|
||||
specified. If the previously-saved configuration is restored, and if
|
||||
the <option>-C</option> option was also specified in the <emphasis
|
||||
role="bold">save</emphasis> command, then the packet and byte
|
||||
the <option>-C</option> option was also specified in the
|
||||
<command>save</command> command, then the packet and byte
|
||||
counters will be restored.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -1167,10 +1176,9 @@
|
||||
or by ADMINISABSENTMINDED.</para>
|
||||
|
||||
<para>If <option>-f</option> is given, the command will be processed
|
||||
by the compiled script that executed the last successful <emphasis
|
||||
role="bold">start</emphasis>, <emphasis
|
||||
role="bold">restart</emphasis> or <emphasis
|
||||
role="bold">refresh</emphasis> command if that script exists.</para>
|
||||
by the compiled script that executed the last successful
|
||||
<command>start</command>, <command>restart</command> or
|
||||
<command>refresh</command> command if that script exists.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1181,7 +1189,7 @@
|
||||
<para>Produces a short report about the state of the
|
||||
Shorewall-configured firewall.</para>
|
||||
|
||||
<para>The <option>-i </option>option was added in Shorewall 4.6.2
|
||||
<para>The <option>-i</option> option was added in Shorewall 4.6.2
|
||||
and causes the status of each optional or provider interface to be
|
||||
displayed.</para>
|
||||
</listitem>
|
||||
|
Loading…
Reference in New Issue
Block a user