diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli
index dc038c78e..13e33c902 100644
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -4366,7 +4366,9 @@ shorewall_cli() {
VERBOSE=
VERBOSITY=1
-
+ #
+ # Set the default product based on the Shorewall packages installed
+ #
set_default_product
finished=0
diff --git a/Shorewall/manpages/shorewall.xml b/Shorewall/manpages/shorewall.xml
index e90c5c479..74838fc22 100644
--- a/Shorewall/manpages/shorewall.xml
+++ b/Shorewall/manpages/shorewall.xml
@@ -1009,12 +1009,11 @@
Re-enables receipt of packets from hosts previously
- blacklisted by a drop, blacklist,
+ drop, logdrop, reject, or logreject command. Beginning with Shorewall
- 5.0.10, this command can also re-enable addresses blacklisted using
- the blacklist command.
+ role="bold">logreject command.
@@ -1441,7 +1440,7 @@
and raw table PREROUTING chains.
The log message destination is determined by the
- currently-selected IPv4 logging
backend.
@@ -1670,62 +1669,90 @@
pre-5.0.0 reload command is now called
remote-restart (see below).
- Reload is similar to shorewall
- start except that it assumes that the firewall is already
- started. Existing connections are maintained. If a
- directory is included in the command, Shorewall
- will look in that directory first for
- configuration files.
+
+
+ Shorewall and Shorewall6
- The option causes Shorewall to avoid
- updating the routing table(s).
+
+ Reload is similar to shorewall
+ start except that it assumes that the firewall is
+ already started. Existing connections are maintained. If a
+ directory is included in the command,
+ Shorewall will look in that directory
+ first for configuration files.
- The option causes the connection tracking
- table to be flushed; the conntrack utility must
- be installed to use this option.
+ The option causes Shorewall to avoid
+ updating the routing table(s).
- The option causes the compiler to run
- under the Perl debugger (Shorewall and Shorewall6 only).
+ The option causes the connection
+ tracking table to be flushed; the conntrack
+ utility must be installed to use this option.
- The option suppresses the compilation step
- and simply reused the compiled script which last started/restarted
- Shorewall, provided that /etc/shorewall and its contents have not
- been modified since the last start/restart (Shorewall and Shorewall6
- only).
+ The option causes the compiler to
+ run under the Perl debugger.
- The option was added in Shorewall 4.4.20
- and performs the compilation step unconditionally, overriding the
- AUTOMAKE setting in shorewall.conf(5)
- (Shorewall and Shorewall6 only). When both and
- are present, the result is determined by the
- option that appears last.
+ The option suppresses the
+ compilation step and simply reused the compiled script which
+ last started/restarted Shorewall, provided that /etc/shorewall
+ and its contents have not been modified since the last
+ start/restart.
- The option was added in Shorewall 4.5.3
- and causes a Perl stack trace to be included with each
- compiler-generated error and warning message (Shorewall and
- Shorewall6 only).
+ The option was added in Shorewall
+ 4.4.20 and performs the compilation step unconditionally,
+ overriding the AUTOMAKE setting in shorewall.conf(5)
+ (Shorewall and Shorewall6 only). When both
+ and are present, the result is determined
+ by the option that appears last.
- The option was added in Shorewall 4.6.0
- and causes a warning message to be issued if the current line
- contains alternative input specifications following a semicolon
- (";"). Such lines will be handled incorrectly if INLINE_MATCHES is
- set to Yes in shorewall.conf(5)
- (shorewall6.conf(5)).
- This option is available in Shorewall and Shorewall6 only.
+ The option was added in Shorewall
+ 4.5.3 and causes a Perl stack trace to be included with each
+ compiler-generated error and warning message.
- The option was added in Shorewall 4.6.5
- and is only meaningful when AUTOMAKE=Yes in shorewall.conf(5)
- (shorewall6.conf(5)).
- If an existing firewall script is used and if that script was the
- one that generated the current running configuration, then the
- running netfilter configuration will be reloaded as is so as to
- preserve the iptables packet and byte counters. This option is
- available in Shorewall and Shorewall6 only.
+ The option was added in Shorewall
+ 4.6.0 and causes a warning message to be issued if the current
+ line contains alternative input specifications following a
+ semicolon (";"). Such lines will be handled incorrectly if
+ INLINE_MATCHES is set to Yes in shorewall.conf(5)
+ (shorewall6.conf(5))..
+
+ The option was added in Shorewall
+ 4.6.5 and is only meaningful when AUTOMAKE=Yes in shorewall.conf(5)
+ (shorewall6.conf(5)).
+ If an existing firewall script is used and if that script was
+ the one that generated the current running configuration, then
+ the running netfilter configuration will be reloaded as is so
+ as to preserve the iptables packet and byte counters.
+
+
+
+
+ Shorewall-lite and Shorewall6-lite
+
+
+ Reload is similar to shorewall
+ start except that it assumes that the firewall is
+ already started. Existing connections are maintained.
+
+ The option causes Shorewall to avoid
+ updating the routing table(s).
+
+ The option causes the connection
+ tracking table to be flushed; the conntrack
+ utility must be installed to use this option.
+
+ The option was added in Shorewall
+ 4.6.5 If the existing firewall script is the one that
+ generated the current running configuration, then the running
+ netfilter configuration will be reloaded as is so as to
+ preserve the iptables packet and byte counters.
+
+
+
@@ -1973,53 +2000,82 @@
Beginning with Shorewall 5.0.0, this command performs a true
restart. The firewall is completely stopped as if a
stop command had been issued then it is started
- again. The command is available on Shorewall and Shorewall6
- only.
+ again.
- If a directory is included in the
- command, Shorewall will look in that directory
- first for configuration files.
+
+
+ Shorewall and Shorewall6
- The option causes Shorewall to avoid
- updating the routing table(s).
+
+ If a directory is included in the
+ command, Shorewall will look in that
+ directory first for configuration
+ files.
- The option causes the connection tracking
- table to be flushed; the conntrack utility must
- be installed to use this option.
+ The option causes Shorewall to avoid
+ updating the routing table(s).
- The option causes the compiler to run
- under the Perl debugger.
+ The option causes the connection
+ tracking table to be flushed; the conntrack
+ utility must be installed to use this option.
- The option suppresses the compilation step
- and simply reused the compiled script which last started/restarted
- Shorewall, provided that /etc/shorewall and its contents have not
- been modified since the last start/restart.
+ The option causes the compiler to
+ run under the Perl debugger.
- The option was added in Shorewall 4.4.20
- and performs the compilation step unconditionally, overriding the
- AUTOMAKE setting in shorewall.conf(5). When
- both and are present, the
- result is determined by the option that appears last.
+ The option suppresses the
+ compilation step and simply reused the compiled script which
+ last started/restarted Shorewall, provided that /etc/shorewall
+ and its contents have not been modified since the last
+ start/restart.
- The option was added in Shorewall 4.5.3
- and causes a Perl stack trace to be included with each
- compiler-generated error and warning message.
+ The option was added in Shorewall
+ 4.4.20 and performs the compilation step unconditionally,
+ overriding the AUTOMAKE setting in shorewall.conf(5).
+ When both and are
+ present, the result is determined by the option that appears
+ last.
- The option was added in Shorewall 4.6.0
- and causes a warning message to be issued if the current line
- contains alternative input specifications following a semicolon
- (";"). Such lines will be handled incorrectly if INLINE_MATCHES is
- set to Yes in shorewall.conf(5).
+ The option was added in Shorewall
+ 4.5.3 and causes a Perl stack trace to be included with each
+ compiler-generated error and warning message.
- The option was added in Shorewall 4.6.5
- and is only meaningful when AUTOMAKE=Yes in shorewall.conf(5). If an
- existing firewall script is used and if that script was the one that
- generated the current running configuration, then the running
- netfilter configuration will be reloaded as is so as to preserve the
- iptables packet and byte counters.
+ The option was added in Shorewall
+ 4.6.0 and causes a warning message to be issued if the current
+ line contains alternative input specifications following a
+ semicolon (";"). Such lines will be handled incorrectly if
+ INLINE_MATCHES is set to Yes in shorewall.conf(5).
+
+ The option was added in Shorewall
+ 4.6.5 and is only meaningful when AUTOMAKE=Yes in shorewall.conf(5).
+ If an existing firewall script is used and if that script was
+ the one that generated the current running configuration, then
+ the running netfilter configuration will be reloaded as is so
+ as to preserve the iptables packet and byte counters.
+
+
+
+
+ Shorewall-lite and Shorewall6-lite
+
+
+ The option causes Shorewall to avoid
+ updating the routing table(s).
+
+ The option causes the connection
+ tracking table to be flushed; the conntrack
+ utility must be installed to use this option.
+
+ The option was added in Shorewall
+ 4.6.5 If the existing firewall script is the one that
+ generated the current running configuration, then the running
+ netfilter configuration will be reloaded as is so as to
+ preserve the iptables packet and byte counters.
+
+
+