extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-08 00:34:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Patches for shorewall manpage

Browse Source 
Hi,

here is the patch set for the shorewall6-lite man page.

-Thomas

>From d3fc3bd79f6313e8c940f6df49ae6ea3e05fa590 Mon Sep 17 00:00:00 2001
From: Thomas D <whissi@whissi.de>
Date: Tue, 11 Nov 2014 01:23:44 +0100
Subject: [PATCH 2/2] Fixes for the "commands" section.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Thomas D 2014-11-11 01:27:33 +01:00 committed by Tom Eastep
parent 22ac37b51e
commit 2bf80ee3d9
1 changed files with 93 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
Shorewall6-lite/manpages/shorewall6-lite.xml
View File

@ -534,7 +534,7 @@
used for debugging. See <ulink
url="http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace">http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace</ulink>.</para>
<para>The nolock <option>option</option> prevents the command from
<para>The <option>nolock</option> option prevents the command from
attempting to acquire the shorewall6-lite lockfile. It is useful if you
need to include <command>shorewall</command> commands in
<filename>/etc/shorewall/started</filename>.</para>
@ -570,19 +570,21 @@
<para>Adds a list of hosts or subnets to a dynamic zone usually used
with VPN's.</para>
<para>The <emphasis>interface</emphasis> argument names an interface
<para>The <replaceable>interface</replaceable> argument names an interface
defined in the <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
file. A <emphasis>host-list</emphasis> is comma-separated list whose
elements are host or network addresses.<caution>
<para>The <command>add</command> command is not very robust. If
there are errors in the <replaceable>host-list</replaceable>,
you may see a large number of error messages yet a subsequent
<command>shorewall6-lite show zones</command> command will
indicate that all hosts were added. If this happens, replace
<command>add</command> by <command>delete</command> and run the
same command again. Then enter the correct command.</para>
</caution></para>
file. A <replaceable>host-list</replaceable> is comma-separated list whose
elements are host or network addresses.</para>
<caution>
<para>The <command>add</command> command is not very robust. If
there are errors in the <replaceable>host-list</replaceable>,
you may see a large number of error messages yet a subsequent
<command>shorewall6-lite show zones</command> command will
indicate that all hosts were added. If this happens, replace
<command>add</command> by <command>delete</command> and run the
same command again. Then enter the correct command.</para>
</caution>
</listitem>
</varlistentry>
@ -591,10 +593,9 @@
<listitem>
<para>Re-enables receipt of packets from hosts previously
blacklisted by a <emphasis role="bold">drop</emphasis>, <emphasis
role="bold">logdrop</emphasis>, <emphasis
role="bold">reject</emphasis>, or <emphasis
role="bold">logreject</emphasis> command.</para>
blacklisted by a <command>drop</command>, <command>logdrop</command>,
<command>reject</command>, or <command>logreject</command>
command.</para>
</listitem>
</varlistentry>
@ -608,10 +609,9 @@
the firewall is causing connection problems.</para>
<para>If <option>-f</option> is given, the command will be processed
by the compiled script that executed the last successful <emphasis
role="bold">start</emphasis>, <emphasis
role="bold">restart</emphasis> or <emphasis
role="bold">refresh</emphasis> command if that script exists.</para>
by the compiled script that executed the last successful
<command>start</command>, <command>restart</command> or
<command>refresh</command> command if that script exists.</para>
</listitem>
</varlistentry>
@ -619,14 +619,14 @@
<term><emphasis role="bold">delete</emphasis></term>
<listitem>
<para>The delete command reverses the effect of an earlier <emphasis
role="bold">add</emphasis> command.</para>
<para>The delete command reverses the effect of an earlier
<command>add</command> command.</para>
<para>The <emphasis>interface</emphasis> argument names an interface
defined in the <ulink
<para>The <replaceable>interface</replaceable> argument names an
interface defined in the <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
file. A <emphasis>host-list</emphasis> is comma-separated list whose
elements are a host or network address.</para>
file. A <replaceable>host-list</replaceable> is comma-separated
list whose elements are a host or network address.</para>
</listitem>
</varlistentry>
@ -646,7 +646,7 @@
<term><emphasis role="bold">drop</emphasis></term>
<listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es
<para>Causes traffic from the listed <replaceable>address</replaceable>es
to be silently dropped.</para>
</listitem>
</varlistentry>
@ -658,13 +658,14 @@
<para>Produces a verbose report about the firewall configuration for
the purpose of problem analysis.</para>
<para>The <emphasis role="bold">-x</emphasis> option causes actual
<para>The <option>-x</option> option causes actual
packet and byte counts to be displayed. Without that option, these
counts are abbreviated. The <emphasis role="bold">-m</emphasis>
option causes any MAC addresses included in shorewall6-lite log
messages to be displayed.</para>
counts are abbreviated.</para>
<para>The <option>-m</option> option causes any MAC addresses
included in shorewall6-lite log messages to be displayed.</para>
<para>The <emphasis role="bold">-l</emphasis> option causes the rule
<para>The <option>-l</option> option causes the rule
number for each Netfilter rule to be displayed.</para>
</listitem>
</varlistentry>
@ -685,9 +686,9 @@
<term><emphasis role="bold">forget</emphasis></term>
<listitem>
<para>Deletes /var/lib/shorewall6-lite/<emphasis>filename</emphasis>
and /var/lib/shorewall6-lite/save. If no
<emphasis>filename</emphasis> is given then the file specified by
<para>Deletes <filename>/var/lib/shorewall6-lite/<replaceable>filename</replaceable></filename>
and <filename>/var/lib/shorewall6-lite/save</filename>. If no
<replaceable>filename</replaceable> is given then the file specified by
RESTOREFILE in <ulink
url="shorewall.conf.html">shorewall6.conf</ulink>(5) is
assumed.</para>
@ -754,7 +755,7 @@
<term><emphasis role="bold">logdrop</emphasis></term>
<listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es
<para>Causes traffic from the listed <replaceable>address</replaceable>es
to be logged then discarded. Logging occurs at the log level
specified by the BLACKLIST_LOGLEVEL setting in <ulink
url="shorewall.conf.html">shorewall6.conf</ulink> (5).</para>
@ -768,15 +769,18 @@
<para>Monitors the log file specified by the LOGFILE option in
<ulink url="shorewall.conf.html">shorewall6.conf</ulink>(5) and
produces an audible alarm when new shorewall6-lite messages are
logged. The <emphasis role="bold">-m</emphasis> option causes the
logged.</para>
<para>The <option>-m</option> option causes the
MAC address of each packet source to be displayed if that
information is available. The
<replaceable>refresh-interval</replaceable> specifies the time in
seconds between screen refreshes. You can enter a negative number by
preceding the number with "--" (e.g., <command>shorewall6-lite
logwatch -- -30</command>). In this case, when a packet count
changes, you will be prompted to hit any key to resume screen
refreshes.</para>
information is available.</para>
<para>The <replaceable>refresh-interval</replaceable> specifies
the time in seconds between screen refreshes. You can enter a
negative number by preceding the number with "--" (e.g.,
<command>shorewall6-lite logwatch -- -30</command>). In this
case, when a packet count changes, you will be prompted to hit
any key to resume screen refreshes.</para>
</listitem>
</varlistentry>
@ -784,7 +788,7 @@
<term><emphasis role="bold">logreject</emphasis></term>
<listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es
<para>Causes traffic from the listed <replaceable>address</replaceable>es
to be logged then rejected. Logging occurs at the log level
specified by the BLACKLIST_LOGLEVEL setting in <ulink
url="shorewall.conf.html">shorewall6.conf</ulink> (5).</para>
@ -817,8 +821,8 @@
<term><emphasis role="bold">restart</emphasis></term>
<listitem>
<para>Restart is similar to <emphasis role="bold">shorewall6-lite
start</emphasis> except that it assumes that the firewall is already
<para>Restart is similar to <command>shorewall6-lite start</command>
except that it assumes that the firewall is already
started. Existing connections are maintained.</para>
<caution>
@ -848,19 +852,19 @@
<term><emphasis role="bold">restore</emphasis></term>
<listitem>
<para>Restore shorewall6-lite to a state saved using the <emphasis
role="bold">shorewall6-lite save</emphasis> command. Existing
connections are maintained. The <emphasis>filename</emphasis> names
a restore file in /var/lib/shorewall6-lite created using <emphasis
role="bold">shorewall6-lite save</emphasis>; if no
<emphasis>filename</emphasis> is given then shorewall6-lite will be
<para>Restore shorewall6-lite to a state saved using the
<command>shorewall6-lite save</command> command. Existing
connections are maintained. The <replaceable>filename</replaceable> names
a restore file in <filename class="directory">/var/lib/shorewall6-lite</filename>
created using <command>shorewall6-lite save</command>; if no
<replaceable>filename</replaceable> is given then shorewall6-lite will be
restored from the file specified by the RESTOREFILE option in <ulink
url="shorewall.conf.html">shorewall6.conf</ulink>(5).</para>
<para>The <option>-C</option> option was added in Shorewall 4.6.5.
If the <option>-C</option> option was specified during <emphasis
role="bold">shorewall save</emphasis>, then the counters saved by
that operation will be restored.</para>
If the <option>-C</option> option was specified during
<command>shorewall7-lite save</command>, then the counters saved
by that operation will be restored.</para>
</listitem>
</varlistentry>
@ -886,10 +890,11 @@
<listitem>
<para>The dynamic blacklist is stored in
/var/lib/shorewall6-lite/save. The state of the firewall is stored
in /var/lib/shorewall6-lite/<emphasis>filename</emphasis> for use by
the <emphasis role="bold">shorewall6-lite restore</emphasis>. If
<emphasis>filename</emphasis> is not given then the state is saved
<filename>/var/lib/shorewall6-lite/save</filename>. The state of
the firewall is stored in
<filename>/var/lib/shorewall6-lite/<replaceable>filename</replaceable></filename>
for use by the <command>shorewall6-lite restore</command> command.
If <replaceable>filename</replaceable> is not given then the state is saved
in the file specified by the RESTOREFILE option in <ulink
url="shorewall.conf.html">shorewall6.conf</ulink>(5).</para>
@ -913,7 +918,7 @@
<listitem>
<para>Added in Shorewall 4.6.2. Displays the dynamic chain
along with any chains produced by entries in
shorewall6-blrules(5).The <emphasis role="bold">-x</emphasis>
shorewall6-blrules(5).The <option>-x</option>
option is passed directly through to ip6tables and causes
actual packet and byte counts to be displayed. Without this
option, those counts are abbreviated.</para>
@ -925,9 +930,9 @@
<listitem>
<para>Displays your kernel/iptables capabilities. The
<emphasis role="bold">-f</emphasis> option causes the display
to be formatted as a capabilities file for use with <emphasis
role="bold">compile -e</emphasis>.</para>
<option>-f</option> option causes the display
to be formatted as a capabilities file for use with
<command>compile -e</command>.</para>
</listitem>
</varlistentry>
@ -941,25 +946,28 @@
-L</emphasis> <emphasis>chain</emphasis> <emphasis
role="bold">-n -v</emphasis> command. If no
<emphasis>chain</emphasis> is given, all of the chains in the
filter table are displayed. The <emphasis
role="bold">-x</emphasis> option is passed directly through to
iptables and causes actual packet and byte counts to be
displayed. Without this option, those counts are abbreviated.
The <emphasis role="bold">-t</emphasis> option specifies the
filter table are displayed.</para>
<para>The <option>-x</option> option
is passed directly through to iptables and causes actual
packet and byte counts to be displayed. Without this option,
those counts are abbreviated.</para>
<para>The <option>-t</option> option specifies the
Netfilter table to display. The default is <emphasis
role="bold">filter</emphasis>.</para>
<para>The <emphasis role="bold">-b</emphasis> ('brief') option
<para>The <option>-b</option> ('brief') option
causes rules which have not been used (i.e. which have zero
packet and byte counts) to be omitted from the output. Chains
with no rules displayed are also omitted from the
output.</para>
<para>The <emphasis role="bold">-l</emphasis> option causes
<para>The <option>-l</option> option causes
the rule number for each Netfilter rule to be
displayed.</para>
<para>If the <emphasis role="bold">t</emphasis> option and the
<para>If the <option>-t</option> option and the
<option>chain</option> keyword are both omitted and any of the
listed <replaceable>chain</replaceable>s do not exist, a usage
message is displayed.</para>
@ -1037,8 +1045,9 @@
<listitem>
<para>Displays the last 20 shorewall6-lite messages from the
log file specified by the LOGFILE option in <ulink
url="shorewall.conf.html">shorewall6.conf</ulink>(5). The
<emphasis role="bold">-m</emphasis> option causes the MAC
url="shorewall.conf.html">shorewall6.conf</ulink>(5).</para>
<para>The <option>-m</option> option causes the MAC
address of each packet source to be displayed if that
information is available.</para>
</listitem>
@ -1059,8 +1068,8 @@
<listitem>
<para>Displays the Netfilter nat table using the command
<emphasis role="bold">iptables -t nat -L -n -v</emphasis>.The
<emphasis role="bold">-x</emphasis> option is passed directly
<command>iptables -t nat -L -n -v</command>.The
<option>-x</option> option is passed directly
through to iptables and causes actual packet and byte counts
to be displayed. Without this option, those counts are
abbreviated.</para>
@ -1092,8 +1101,8 @@
<listitem>
<para>Displays the Netfilter raw table using the command
<emphasis role="bold">iptables -t raw -L -n -v</emphasis>.The
<emphasis role="bold">-x</emphasis> option is passed directly
<command>iptables -t raw -L -n -v</command>.The
<option>-x</option> option is passed directly
through to iptables and causes actual packet and byte counts
to be displayed. Without this option, those counts are
abbreviated.</para>
@ -1146,8 +1155,8 @@
<para>The <option>-C</option> option was added in Shorewall 4.6.5
and is only meaningful when the <option>-f</option> option is also
specified. If the previously-saved configuration is restored, and if
the <option>-C</option> option was also specified in the <emphasis
role="bold">save</emphasis> command, then the packet and byte
the <option>-C</option> option was also specified in the
<command>save</command> command, then the packet and byte
counters will be restored.</para>
</listitem>
</varlistentry>
@ -1167,10 +1176,9 @@
or by ADMINISABSENTMINDED.</para>
<para>If <option>-f</option> is given, the command will be processed
by the compiled script that executed the last successful <emphasis
role="bold">start</emphasis>, <emphasis
role="bold">restart</emphasis> or <emphasis
role="bold">refresh</emphasis> command if that script exists.</para>
by the compiled script that executed the last successful
<command>start</command>, <command>restart</command> or
<command>refresh</command> command if that script exists.</para>
</listitem>
</varlistentry>
@ -1181,7 +1189,7 @@
<para>Produces a short report about the state of the
Shorewall-configured firewall.</para>
<para>The <option>-i </option>option was added in Shorewall 4.6.2
<para>The <option>-i</option> option was added in Shorewall 4.6.2
and causes the status of each optional or provider interface to be
displayed.</para>
</listitem>