diff --git a/docs/Shorewall-5.xml b/docs/Shorewall-5.xml
index 7e03fd6b3..901bf5baf 100644
--- a/docs/Shorewall-5.xml
+++ b/docs/Shorewall-5.xml
@@ -81,7 +81,7 @@
Over the years, a number of workarounds have been added to
Shorewall to work around defects in other products. In current
- distributions, those defects have been corrected and in 4.6.11, a
+ distributions, those defects have been corrected, and in 4.6.11, a
WORKAROUNDS configuration option was added to disable those workarounds.
In Shorewall 5, the WORKAROUNDS setting is still available in the
shorewall[6].conf files but:
@@ -96,6 +96,9 @@
eliminated.
+
+ If there is a need to add new workarounds in the future, those
+ workarounds will be enabled by WORKAROUNDS=Yes.
@@ -148,7 +151,7 @@
A fatal compilation error is emitted if any of these options are
present in the .conf file, and the shorewall[6]
update command will replace these options with equivalent
- setting for the options that supersede them.
+ setting of the options that supersede them.
@@ -159,17 +162,13 @@
The and options of the
update command are still available to convert the
- 'tcrules' file to the equivalent 'mangle' file and to convert the
- 'blacklist' file into an equivalent 'blrules' file.
+ 'tcrules' and 'tos' files to the equivalent 'mangle' file and to convert
+ the 'blacklist' file into an equivalent 'blrules' file.
As in Shorewall 4.6.12, the option is
available to convert the 'routestopped' file into the equivalent
'stoppedrules' file and the option is available to
convert a 'notrack' file to the equivalent 'conntrack' file.
-
- No update option is available to update the 'tos' file. Its
- entries must be manually converted to TOS rules in the 'mangle'
- file.
@@ -350,16 +349,12 @@
It is stongly recommended that you first upgrade your installation
to a 4.6 release that supports the option to the
- update command; 4.6.12 or later is preferred.
+ update command; 4.6.13 is preferred.
Once you are on that release, execute the shorewall update
-A command (and shorewall6 update -A if you
also have Shorewall6).
- If you have a non-empty 'tos' file, it is also suggested that you
- manually convert its entries to equivalent TOS entries in the 'mangle'
- file.
-
Finally, add ?FORMAT 2 to each of your macro and action files and be
sure that the check command does not produce errors -- if it does, you can
shuffle the columns around to make them work on both Shorewall 4 and
@@ -368,42 +363,4 @@
These steps can also be taken after you upgrade, but your firewall
likely won't start or work correctly until you do.
-
-
- Potential Upgrade Issues
-
- There are several potential problems with using the update
- -A command. These are described in the following
- sections.
-
-
- Sparse /etc/shorewall[6] Directory
-
- If you run a Debian-based distribution or another once that does
- not fully populate /etc/shorewall[6] and you include a fully-populated
- directory in your CONFIG_PATH, then an additional step is required
- before running update -A. You must copy skeleton
- 'blrules', 'mangle' and 'conntrack' files into /etc/shorewall[6] or
- update -A will update the files in the fully
- populated directory rather than creating new files in
- /etc/shorewall[6].
-
-
-
- Old Multi-ISP Configurations
-
- If you have an old Multi-ISP configuration that does not include
- USE_DEFAULT_RT in shorewall.conf, then you need to add USE_DEFAULT_RT=No
- in that file prior to running update -A. Otherwise,
- the update command will fail with the error:
-
-
- ERROR: The COPY column must be empty when
- USE_DEFAULT_RT=Yes
-
-
- If you receive this error, modify the setting of USE_DEFAULT_RT to
- No and rerun the command.
-
-