diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli index dc038c78e..13e33c902 100644 --- a/Shorewall-core/lib.cli +++ b/Shorewall-core/lib.cli @@ -4366,7 +4366,9 @@ shorewall_cli() { VERBOSE= VERBOSITY=1 - + # + # Set the default product based on the Shorewall packages installed + # set_default_product finished=0 diff --git a/Shorewall/manpages/shorewall.xml b/Shorewall/manpages/shorewall.xml index e90c5c479..74838fc22 100644 --- a/Shorewall/manpages/shorewall.xml +++ b/Shorewall/manpages/shorewall.xml @@ -1009,12 +1009,11 @@ Re-enables receipt of packets from hosts previously - blacklisted by a drop, blacklist, + drop, logdrop, reject, or logreject command. Beginning with Shorewall - 5.0.10, this command can also re-enable addresses blacklisted using - the blacklist command. + role="bold">logreject command. @@ -1441,7 +1440,7 @@ and raw table PREROUTING chains. The log message destination is determined by the - currently-selected IPv4 logging backend. @@ -1670,62 +1669,90 @@ pre-5.0.0 reload command is now called remote-restart (see below). - Reload is similar to shorewall - start except that it assumes that the firewall is already - started. Existing connections are maintained. If a - directory is included in the command, Shorewall - will look in that directory first for - configuration files. + + + Shorewall and Shorewall6 - The option causes Shorewall to avoid - updating the routing table(s). + + Reload is similar to shorewall + start except that it assumes that the firewall is + already started. Existing connections are maintained. If a + directory is included in the command, + Shorewall will look in that directory + first for configuration files. - The option causes the connection tracking - table to be flushed; the conntrack utility must - be installed to use this option. + The option causes Shorewall to avoid + updating the routing table(s). - The option causes the compiler to run - under the Perl debugger (Shorewall and Shorewall6 only). + The option causes the connection + tracking table to be flushed; the conntrack + utility must be installed to use this option. - The option suppresses the compilation step - and simply reused the compiled script which last started/restarted - Shorewall, provided that /etc/shorewall and its contents have not - been modified since the last start/restart (Shorewall and Shorewall6 - only). + The option causes the compiler to + run under the Perl debugger. - The option was added in Shorewall 4.4.20 - and performs the compilation step unconditionally, overriding the - AUTOMAKE setting in shorewall.conf(5) - (Shorewall and Shorewall6 only). When both and - are present, the result is determined by the - option that appears last. + The option suppresses the + compilation step and simply reused the compiled script which + last started/restarted Shorewall, provided that /etc/shorewall + and its contents have not been modified since the last + start/restart. - The option was added in Shorewall 4.5.3 - and causes a Perl stack trace to be included with each - compiler-generated error and warning message (Shorewall and - Shorewall6 only). + The option was added in Shorewall + 4.4.20 and performs the compilation step unconditionally, + overriding the AUTOMAKE setting in shorewall.conf(5) + (Shorewall and Shorewall6 only). When both + and are present, the result is determined + by the option that appears last. - The option was added in Shorewall 4.6.0 - and causes a warning message to be issued if the current line - contains alternative input specifications following a semicolon - (";"). Such lines will be handled incorrectly if INLINE_MATCHES is - set to Yes in shorewall.conf(5) - (shorewall6.conf(5)). - This option is available in Shorewall and Shorewall6 only. + The option was added in Shorewall + 4.5.3 and causes a Perl stack trace to be included with each + compiler-generated error and warning message. - The option was added in Shorewall 4.6.5 - and is only meaningful when AUTOMAKE=Yes in shorewall.conf(5) - (shorewall6.conf(5)). - If an existing firewall script is used and if that script was the - one that generated the current running configuration, then the - running netfilter configuration will be reloaded as is so as to - preserve the iptables packet and byte counters. This option is - available in Shorewall and Shorewall6 only. + The option was added in Shorewall + 4.6.0 and causes a warning message to be issued if the current + line contains alternative input specifications following a + semicolon (";"). Such lines will be handled incorrectly if + INLINE_MATCHES is set to Yes in shorewall.conf(5) + (shorewall6.conf(5)).. + + The option was added in Shorewall + 4.6.5 and is only meaningful when AUTOMAKE=Yes in shorewall.conf(5) + (shorewall6.conf(5)). + If an existing firewall script is used and if that script was + the one that generated the current running configuration, then + the running netfilter configuration will be reloaded as is so + as to preserve the iptables packet and byte counters. + + + + + Shorewall-lite and Shorewall6-lite + + + Reload is similar to shorewall + start except that it assumes that the firewall is + already started. Existing connections are maintained. + + The option causes Shorewall to avoid + updating the routing table(s). + + The option causes the connection + tracking table to be flushed; the conntrack + utility must be installed to use this option. + + The option was added in Shorewall + 4.6.5 If the existing firewall script is the one that + generated the current running configuration, then the running + netfilter configuration will be reloaded as is so as to + preserve the iptables packet and byte counters. + + + @@ -1973,53 +2000,82 @@ Beginning with Shorewall 5.0.0, this command performs a true restart. The firewall is completely stopped as if a stop command had been issued then it is started - again. The command is available on Shorewall and Shorewall6 - only. + again. - If a directory is included in the - command, Shorewall will look in that directory - first for configuration files. + + + Shorewall and Shorewall6 - The option causes Shorewall to avoid - updating the routing table(s). + + If a directory is included in the + command, Shorewall will look in that + directory first for configuration + files. - The option causes the connection tracking - table to be flushed; the conntrack utility must - be installed to use this option. + The option causes Shorewall to avoid + updating the routing table(s). - The option causes the compiler to run - under the Perl debugger. + The option causes the connection + tracking table to be flushed; the conntrack + utility must be installed to use this option. - The option suppresses the compilation step - and simply reused the compiled script which last started/restarted - Shorewall, provided that /etc/shorewall and its contents have not - been modified since the last start/restart. + The option causes the compiler to + run under the Perl debugger. - The option was added in Shorewall 4.4.20 - and performs the compilation step unconditionally, overriding the - AUTOMAKE setting in shorewall.conf(5). When - both and are present, the - result is determined by the option that appears last. + The option suppresses the + compilation step and simply reused the compiled script which + last started/restarted Shorewall, provided that /etc/shorewall + and its contents have not been modified since the last + start/restart. - The option was added in Shorewall 4.5.3 - and causes a Perl stack trace to be included with each - compiler-generated error and warning message. + The option was added in Shorewall + 4.4.20 and performs the compilation step unconditionally, + overriding the AUTOMAKE setting in shorewall.conf(5). + When both and are + present, the result is determined by the option that appears + last. - The option was added in Shorewall 4.6.0 - and causes a warning message to be issued if the current line - contains alternative input specifications following a semicolon - (";"). Such lines will be handled incorrectly if INLINE_MATCHES is - set to Yes in shorewall.conf(5). + The option was added in Shorewall + 4.5.3 and causes a Perl stack trace to be included with each + compiler-generated error and warning message. - The option was added in Shorewall 4.6.5 - and is only meaningful when AUTOMAKE=Yes in shorewall.conf(5). If an - existing firewall script is used and if that script was the one that - generated the current running configuration, then the running - netfilter configuration will be reloaded as is so as to preserve the - iptables packet and byte counters. + The option was added in Shorewall + 4.6.0 and causes a warning message to be issued if the current + line contains alternative input specifications following a + semicolon (";"). Such lines will be handled incorrectly if + INLINE_MATCHES is set to Yes in shorewall.conf(5). + + The option was added in Shorewall + 4.6.5 and is only meaningful when AUTOMAKE=Yes in shorewall.conf(5). + If an existing firewall script is used and if that script was + the one that generated the current running configuration, then + the running netfilter configuration will be reloaded as is so + as to preserve the iptables packet and byte counters. + + + + + Shorewall-lite and Shorewall6-lite + + + The option causes Shorewall to avoid + updating the routing table(s). + + The option causes the connection + tracking table to be flushed; the conntrack + utility must be installed to use this option. + + The option was added in Shorewall + 4.6.5 If the existing firewall script is the one that + generated the current running configuration, then the running + netfilter configuration will be reloaded as is so as to + preserve the iptables packet and byte counters. + + +