Cleanup of ORIGINAL DEST column references

Signed-off-by: Tom Eastep <teastep@shorewall.net>

docs/6to4.xml

@@ -485,7 +485,7 @@ all        all     REJECT    info</programlisting></para>
       <para><filename>/etc/shorewall6/rules</filename>:</para>
 
       <blockquote>
-        <para><programlisting>#ACTION         SOURCE          DEST            PROTO   DPORT   SPORT   ORIGINAL        RATE            USER    MARK    CONNLIMIT       TIME    HEADERS SWITCH  HELPER
+        <para><programlisting>#ACTION         SOURCE          DEST            PROTO   DPORT   SPORT   ORIGDEST        RATE            USER    MARK    CONNLIMIT       TIME    HEADERS SWITCH  HELPER
 
 ?SECTION ALL
 ?SECTION ESTABLISHED

docs/Events.xml

@@ -746,7 +746,7 @@ KnockEnhanced 'net', '$FW', {name => 'SSH1', log_level => 3, proto => '
 
             <listitem>
               <para><emphasis role="bold">original_dest</emphasis> is the rule
-              ORIGINAL DEST</para>
+              ORIGDEST</para>
             </listitem>
 
             <listitem>

docs/FAQ.xml

@@ -617,7 +617,7 @@ TOS=0x00 PREC=0x00 TTL=63 ID=23035 PROTO=UDP SPT=6376 DPT=2055 LEN=1472</program
       a single address?</title>
 
       <para><emphasis role="bold">Answer</emphasis>: Specify the external
-      address that you want to redirect in the ORIGINAL DEST column.</para>
+      address that you want to redirect in the ORIGDEST column.</para>
 
       <para>Example:</para>
 

docs/FTP.xml

@@ -530,9 +530,9 @@ options nf_nat_ftp</programlisting>
 ACCEPT or    &lt;<emphasis>source</emphasis>&gt;   &lt;<emphasis>destination</emphasis>&gt;  tcp       21         -           &lt;external IP addr&gt; if
 DNAT                                                                    ACTION = DNAT</programlisting>
 
-    <para>You need an entry in the ORIGINAL DESTINATION column only if the
+    <para>You need an entry in the ORIGDEST column only if the ACTION is DNAT,
-    ACTION is DNAT, you have multiple external IP addresses and you want a
+    you have multiple external IP addresses and you want a specific IP address
-    specific IP address to be forwarded to your server.</para>
+    to be forwarded to your server.</para>
 
     <para>Note that you do <emphasis role="bold">NOT </emphasis>need a rule
     with 20 (ftp-data) in the DPORT column. If you post your rules on the

docs/Macros.xml

@@ -469,7 +469,7 @@ ACCEPT          $FW             loc             tcp     135,139,445</programlist
         </listitem>
 
         <listitem>
-          <para>ORIGINAL DEST (Shorewall-perl 4.2.0 and later)</para>
+          <para>ORIGDEST (Shorewall-perl 4.2.0 and later)</para>
 
           <para>To use this column, you must include 'FORMAT 2' as the first
           non-comment line in your macro file.</para>

docs/PortKnocking.xml

@@ -153,10 +153,9 @@ SSHKnock         net               loc:192.168.1.5 tcp         22            -
 
         <note>
           <para>You can use SSHKnock with DNAT on earlier releases provided
-          that you omit the ORIGINAL DEST entry on the second SSHKnock rule.
+          that you omit the ORIGDEST entry on the second SSHKnock rule. This
-          This rule will be quite secure provided that you specify
+          rule will be quite secure provided that you specify 'routefilter' on
-          'routefilter' on your external interface and have
+          your external interface and have NULL_ROUTE_RFC1918=Yes in
-          NULL_ROUTE_RFC1918=Yes in
           <filename>shorewall.conf</filename>.</para>
         </note>
       </listitem>

docs/Shorewall_Squid_Usage.xml

@@ -174,7 +174,7 @@ REDIRECT  loc        3128     tcp      www              -          !206.124.146.
         Squid.</para>
 
         <para>If needed, you may just add the additional hosts/networks to the
-        ORIGINAL DEST column in your REDIRECT rule.</para>
+        ORIGDEST column in your REDIRECT rule.</para>
 
         <para><filename>/etc/shorewall/rules</filename>:<programlisting>#ACTION   SOURCE     DEST     PROTO    DPORT            SPORT      ORIGDEST
 REDIRECT  loc        3128     tcp      www              -          !206.124.146.177,130.252.100.0/24</programlisting></para>

docs/VPN.xml

@@ -46,7 +46,7 @@
     The two most common means for doing this are IPSEC and PPTP. The basic
     setup is shown in the following diagram:</para>
 
-    <graphic fileref="images/VPN.png" />
+    <graphic fileref="images/VPN.png"/>
 
     <para>A system with an RFC 1918 address needs to access a remote network
     through a remote gateway. For this example, we will assume that the local
@@ -87,15 +87,15 @@
 
             <entry align="center">SOURCE</entry>
 
-            <entry align="center">DESTINATION</entry>
+            <entry align="center">DEST</entry>
 
-            <entry align="center">PROTOCOL</entry>
+            <entry align="center">PROTO</entry>
 
-            <entry align="center">PORT</entry>
+            <entry align="center">DPORT</entry>
 
-            <entry align="center">CLIENT PORT</entry>
+            <entry align="center">SPORT</entry>
 
-            <entry align="center">ORIGINAL DEST</entry>
+            <entry align="center">ORIGDEST</entry>
           </row>
         </thead>
 
@@ -109,11 +109,11 @@
 
             <entry>50</entry>
 
-            <entry></entry>
+            <entry/>
 
-            <entry></entry>
+            <entry/>
 
-            <entry></entry>
+            <entry/>
           </row>
 
           <row>
@@ -127,9 +127,9 @@
 
             <entry>500</entry>
 
-            <entry></entry>
+            <entry/>
 
-            <entry></entry>
+            <entry/>
           </row>
         </tbody>
       </tgroup>
@@ -146,15 +146,15 @@
 
               <entry align="center">SOURCE</entry>
 
-              <entry align="center">DESTINATION</entry>
+              <entry align="center">DEST</entry>
 
-              <entry align="center">PROTOCOL</entry>
+              <entry align="center">PROTO</entry>
 
-              <entry align="center">PORT</entry>
+              <entry align="center">DPORT</entry>
 
-              <entry align="center">CLIENT PORT</entry>
+              <entry align="center">SPORT</entry>
 
-              <entry align="center">ORIGINAL DEST</entry>
+              <entry align="center">ORIGDEST</entry>
             </row>
           </thead>
 
@@ -170,9 +170,9 @@
 
               <entry>4500</entry>
 
-              <entry></entry>
+              <entry/>
 
-              <entry></entry>
+              <entry/>
             </row>
 
             <row>
@@ -186,9 +186,9 @@
 
               <entry>500</entry>
 
-              <entry></entry>
+              <entry/>
 
-              <entry></entry>
+              <entry/>
             </row>
           </tbody>
         </tgroup>

docs/configuration_file_basics.xml

@@ -1766,7 +1766,7 @@ SSH(ACCEPT)    net:$MYIP      $FW
       </listitem>
     </itemizedlist>
 
-    <para>They may also appear in the ORIGINAL DEST column of:</para>
+    <para>They may also appear in the ORIGDEST column of:</para>
 
     <itemizedlist>
       <listitem>

docs/shorewall_setup_guide.xml

@@ -1418,8 +1418,8 @@ DNAT     net     loc:192.168.201.4  tcp    www</programlisting>
 
         <para>This example used the firewall's external IP address for DNAT.
         You can use another of your public IP addresses (place it in the
-        ORIGINAL DEST column in the rule above) but Shorewall will not add
+        ORIGDEST column in the rule above) but Shorewall will not add that
-        that address to the firewall's external interface for you.</para>
+        address to the firewall's external interface for you.</para>
 
         <important>
           <para>When testing DNAT rules like those shown above, you must test