diff --git a/manpages/shorewall-template.xml b/manpages/shorewall-template.xml
index abc006410..5aa0c5098 100644
--- a/manpages/shorewall-template.xml
+++ b/manpages/shorewall-template.xml
@@ -1,209 +1,34 @@
- shorewall:zones
+ shorewall-
5
- zones
+ file
- Shorewall zone declaration file
+ Shorewall file
- /etc/shorewall/zones
+ /etc/shorewall/
Description
- The /etc/shorewall/zones file declares your network zones. You
- specify the hosts in each zone through entries in
- /etc/shorewall/interfaces or
- /etc/shorewall/hosts.
-
-
- The format of this file changed in Shorewall 3.0.0. You can
- continue to use your old records provided that you set IPSECFILE=ipsec
- in /etc/shorewall/shorewall.conf. This will signal Shorewall that the
- IPSEC-related zone options are still specified in /etc/shorewall/ipsec
- rather than in this file.
-
- To use records in the format described below, you must have
- IPSECFILE=zones specified in
- /etc/shorewall/shorewall.conf AND YOU MUST NOT SET
- THE 'FW' VARIABLE IN THAT FILE.
-
-
The columns in the file are as follows.
- ZONE
+ COLUMN 1
- Short name of the zone. The names "all" and "none" are
- reserved and may not be used as zone names. The maximum length of a
- zone name is determined by the setting of the LOGFORMAT option in
- shorewall.conf. With the default LOGFORMAT, zone names can be at
- most 5 characters long.
-
- Where a zone is nested in one or more other zones, you may
- follow the (sub)zone name by ":" and a comma-separated list of the
- parent zones. The parent zones must have been defined in earlier
- records in this file.
-
- Example:
-
- #ZONE TYPE OPTIONS
-a ipv4
-b ipv4
-c:a,b ipv4
-
- Currently, Shorewall uses this information to reorder the zone
- list so that parent zones appear after their subzones in the list.
- The IMPLICIT_CONTINUE option in shorewall.conf can also create
- implicit CONTINUE policies to/from the subzone.
-
- In the future, Shorewall may make additional use of nesting
- information.
-
-
-
-
- TYPE
-
-
-
-
- ipv4
-
-
- This is the standard Shorewall zone type and is the
- default if you leave this column empty or if you enter "-" in
- the column. Communication with some zone hosts may be
- encrypted. Encrypted hosts are designated using the
- 'ipsec'option in /etc/shorewall/hosts.
-
-
-
-
- ipsec
-
-
- Communication with all zone hosts is encrypted. Your
- kernel and iptables must include polic match support.
-
-
-
-
- fw
-
-
- Designates the firewall itself. You must have exactly
- one 'firewall' zone. No options ar permitted with a 'firewall'
- zone. The name that you enter in the ZONE column will be
- stored in the shell variable $FW which you may use in other
- configuration files to designate the firewall zone.
-
-
-
-
-
-
-
- OPTIONS, IN OPTIONS and OUT OPTIONS
-
-
- A comma-separated list of options.
-
-
-
- reqid=<number>
-
-
- where <number> is specified using setkey(8) using
- the 'unique:<number> option for the SPD level.
-
-
-
-
- spi=<number>
-
-
- where <number> is the SPI of the SA used to
- encrypt/decrypt packets.
-
-
-
-
- proto=ah|esp|ipcomp
-
-
- IPSEC Encapsulation Protocol
-
-
-
-
- mss=<number>
-
-
- sets the MSS field in TCP packets
-
-
-
-
- mode=transport|tunnel
-
-
- IPSEC mode
-
-
-
-
- tunnel-src=<address>[/<mask>]
-
-
- only available with mode=tunnel
-
-
-
-
- tunnel-dst=<address>[/<mask>]
-
-
- only available with mode=tunnel
-
-
-
-
- strict
-
-
- Means that packets must match all rules.
-
-
-
-
- next
-
-
- Separates rules; can only be used with strict
-
-
-
-
- The options in the OPTIONS column are applied to both incoming
- and outgoing traffic. The IN OPTIONS are applied to incoming traffic
- (in addition to OPTIONS) and the OUT OPTIONS are applied to outgoing
- traffic.
-
- If you wish to leave a column empty but need to make an entry
- in a following column, use "-".
+
@@ -212,7 +37,7 @@ c:a,b ipv4
FILES
- /etc/shorewall/zones
+ /etc/shorewall/
@@ -224,8 +49,8 @@ c:a,b ipv4
shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
shorewall-route_routes(5), shorewall-routestopped(5), shorewall-rules(5),
- shorewall.conf(5), shorewall-tcclasses(5), shorewall.tcdevices(5),
- shorewall.tcrules(5), shorewall.tos(5), shorewall.tunnels(5),
- shorewall.zones(5)
+ shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
+ shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
+ shorewall-zones(5)
\ No newline at end of file
diff --git a/manpages/shorewall-zones.xml b/manpages/shorewall-zones.xml
index e880714aa..f3b54f0a9 100644
--- a/manpages/shorewall-zones.xml
+++ b/manpages/shorewall-zones.xml
@@ -123,7 +123,7 @@ c:a,b ipv4
- reqid=<number>
+ reqid=<number>
where <number> is specified using setkey(8) using
@@ -168,7 +168,7 @@ c:a,b ipv4
tunnel-src=<address>[/<mask>]
- only available with mode=tunnel
+ only available with mode=tunnel
@@ -176,7 +176,7 @@ c:a,b ipv4
tunnel-dst=<address>[/<mask>]
- only available with mode=tunnel
+ only available with mode=tunnel
@@ -203,7 +203,7 @@ c:a,b ipv4
traffic.
If you wish to leave a column empty but need to make an entry
- in a following column, use "-".
+ in a following column, use "-".
@@ -218,11 +218,13 @@ c:a,b ipv4
See ALSO
- shorewall(8), accounting(5), actions(5), blacklist(5), hosts(5),
- interfaces(5), ipsec(5), maclist(5), masq(5), nat(5), netmap(5),
- params(5), policy(5), policy(5), providers(5), proxyarp(5),
- route_routes(5), routestopped(5), rules(5), shorewall.conf(5),
- tcclasses(5), tcdevices(5), tcrules(5), tos(5), tunnels(5),
- zones(5)
+ shorewall(8), shorewall-accounting(5), shorewall-actions(5),
+ shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
+ shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
+ shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
+ shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
+ shorewall-route_routes(5), shorewall-routestopped(5), shorewall-rules(5),
+ shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
+ shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5)
-
+
\ No newline at end of file