mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 06:38:53 +01:00
More shorewall(8) documentation updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
bd2df4836d
commit
38c9165c39
@ -4366,7 +4366,9 @@ shorewall_cli() {
|
|||||||
|
|
||||||
VERBOSE=
|
VERBOSE=
|
||||||
VERBOSITY=1
|
VERBOSITY=1
|
||||||
|
#
|
||||||
|
# Set the default product based on the Shorewall packages installed
|
||||||
|
#
|
||||||
set_default_product
|
set_default_product
|
||||||
|
|
||||||
finished=0
|
finished=0
|
||||||
|
@ -1009,12 +1009,11 @@
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Re-enables receipt of packets from hosts previously
|
<para>Re-enables receipt of packets from hosts previously
|
||||||
blacklisted by a <emphasis role="bold">drop</emphasis>, <emphasis
|
blacklisted by a <emphasis role="bold">blacklist</emphasis>,
|
||||||
|
<emphasis role="bold">drop</emphasis>, <emphasis
|
||||||
role="bold">logdrop</emphasis>, <emphasis
|
role="bold">logdrop</emphasis>, <emphasis
|
||||||
role="bold">reject</emphasis>, or <emphasis
|
role="bold">reject</emphasis>, or <emphasis
|
||||||
role="bold">logreject</emphasis> command. Beginning with Shorewall
|
role="bold">logreject</emphasis> command.</para>
|
||||||
5.0.10, this command can also re-enable addresses blacklisted using
|
|
||||||
the <command>blacklist</command> command.</para>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1441,7 +1440,7 @@
|
|||||||
and raw table PREROUTING chains.</para>
|
and raw table PREROUTING chains.</para>
|
||||||
|
|
||||||
<para>The log message destination is determined by the
|
<para>The log message destination is determined by the
|
||||||
currently-selected IPv4 <ulink
|
currently-selected IPv4 or IPv6 <ulink
|
||||||
url="/shorewall_logging.html#Backends">logging
|
url="/shorewall_logging.html#Backends">logging
|
||||||
backend</ulink>.</para>
|
backend</ulink>.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
@ -1670,62 +1669,90 @@
|
|||||||
pre-5.0.0 <command>reload</command> command is now called
|
pre-5.0.0 <command>reload</command> command is now called
|
||||||
<command>remote-restart</command> (see below).</para>
|
<command>remote-restart</command> (see below).</para>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term>Shorewall and Shorewall6</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
<para>Reload is similar to <emphasis role="bold">shorewall
|
<para>Reload is similar to <emphasis role="bold">shorewall
|
||||||
start</emphasis> except that it assumes that the firewall is already
|
start</emphasis> except that it assumes that the firewall is
|
||||||
started. Existing connections are maintained. If a
|
already started. Existing connections are maintained. If a
|
||||||
<emphasis>directory</emphasis> is included in the command, Shorewall
|
<emphasis>directory</emphasis> is included in the command,
|
||||||
will look in that <emphasis>directory</emphasis> first for
|
Shorewall will look in that <emphasis>directory</emphasis>
|
||||||
configuration files.</para>
|
first for configuration files.</para>
|
||||||
|
|
||||||
<para>The <option>-n</option> option causes Shorewall to avoid
|
<para>The <option>-n</option> option causes Shorewall to avoid
|
||||||
updating the routing table(s).</para>
|
updating the routing table(s).</para>
|
||||||
|
|
||||||
<para>The <option>-p</option> option causes the connection tracking
|
<para>The <option>-p</option> option causes the connection
|
||||||
table to be flushed; the <command>conntrack</command> utility must
|
tracking table to be flushed; the <command>conntrack</command>
|
||||||
be installed to use this option.</para>
|
utility must be installed to use this option.</para>
|
||||||
|
|
||||||
<para>The <option>-d</option> option causes the compiler to run
|
<para>The <option>-d</option> option causes the compiler to
|
||||||
under the Perl debugger (Shorewall and Shorewall6 only).</para>
|
run under the Perl debugger.</para>
|
||||||
|
|
||||||
<para>The <option>-f</option> option suppresses the compilation step
|
<para>The <option>-f</option> option suppresses the
|
||||||
and simply reused the compiled script which last started/restarted
|
compilation step and simply reused the compiled script which
|
||||||
Shorewall, provided that /etc/shorewall and its contents have not
|
last started/restarted Shorewall, provided that /etc/shorewall
|
||||||
been modified since the last start/restart (Shorewall and Shorewall6
|
and its contents have not been modified since the last
|
||||||
only).</para>
|
start/restart.</para>
|
||||||
|
|
||||||
<para>The <option>-c</option> option was added in Shorewall 4.4.20
|
<para>The <option>-c</option> option was added in Shorewall
|
||||||
and performs the compilation step unconditionally, overriding the
|
4.4.20 and performs the compilation step unconditionally,
|
||||||
AUTOMAKE setting in <ulink
|
overriding the AUTOMAKE setting in <ulink
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||||
(Shorewall and Shorewall6 only). When both <option>-f</option> and
|
(Shorewall and Shorewall6 only). When both <option>-f</option>
|
||||||
<option>-c</option> are present, the result is determined by the
|
and <option>-c</option> are present, the result is determined
|
||||||
option that appears last.</para>
|
by the option that appears last.</para>
|
||||||
|
|
||||||
<para>The <option>-T</option> option was added in Shorewall 4.5.3
|
<para>The <option>-T</option> option was added in Shorewall
|
||||||
and causes a Perl stack trace to be included with each
|
4.5.3 and causes a Perl stack trace to be included with each
|
||||||
compiler-generated error and warning message (Shorewall and
|
compiler-generated error and warning message.</para>
|
||||||
Shorewall6 only).</para>
|
|
||||||
|
|
||||||
<para>The <option>-i</option> option was added in Shorewall 4.6.0
|
<para>The <option>-i</option> option was added in Shorewall
|
||||||
and causes a warning message to be issued if the current line
|
4.6.0 and causes a warning message to be issued if the current
|
||||||
contains alternative input specifications following a semicolon
|
line contains alternative input specifications following a
|
||||||
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
|
semicolon (";"). Such lines will be handled incorrectly if
|
||||||
set to Yes in <ulink
|
INLINE_MATCHES is set to Yes in <ulink
|
||||||
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||||
|
(<ulink
|
||||||
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5))..</para>
|
||||||
|
|
||||||
|
<para>The <option>-C</option> option was added in Shorewall
|
||||||
|
4.6.5 and is only meaningful when AUTOMAKE=Yes in <ulink
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||||
(<ulink
|
(<ulink
|
||||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).
|
||||||
This option is available in Shorewall and Shorewall6 only.</para>
|
If an existing firewall script is used and if that script was
|
||||||
|
the one that generated the current running configuration, then
|
||||||
|
the running netfilter configuration will be reloaded as is so
|
||||||
|
as to preserve the iptables packet and byte counters.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<para>The <option>-C</option> option was added in Shorewall 4.6.5
|
<varlistentry>
|
||||||
and is only meaningful when AUTOMAKE=Yes in <ulink
|
<term>Shorewall-lite and Shorewall6-lite</term>
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
|
||||||
(<ulink
|
<listitem>
|
||||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).
|
<para>Reload is similar to <emphasis role="bold">shorewall
|
||||||
If an existing firewall script is used and if that script was the
|
start</emphasis> except that it assumes that the firewall is
|
||||||
one that generated the current running configuration, then the
|
already started. Existing connections are maintained.</para>
|
||||||
running netfilter configuration will be reloaded as is so as to
|
|
||||||
preserve the iptables packet and byte counters. This option is
|
<para>The <option>-n</option> option causes Shorewall to avoid
|
||||||
available in Shorewall and Shorewall6 only.</para>
|
updating the routing table(s).</para>
|
||||||
|
|
||||||
|
<para>The <option>-p</option> option causes the connection
|
||||||
|
tracking table to be flushed; the <command>conntrack</command>
|
||||||
|
utility must be installed to use this option.</para>
|
||||||
|
|
||||||
|
<para>The <option>-C</option> option was added in Shorewall
|
||||||
|
4.6.5 If the existing firewall script is the one that
|
||||||
|
generated the current running configuration, then the running
|
||||||
|
netfilter configuration will be reloaded as is so as to
|
||||||
|
preserve the iptables packet and byte counters.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1973,53 +2000,82 @@
|
|||||||
<para>Beginning with Shorewall 5.0.0, this command performs a true
|
<para>Beginning with Shorewall 5.0.0, this command performs a true
|
||||||
restart. The firewall is completely stopped as if a
|
restart. The firewall is completely stopped as if a
|
||||||
<command>stop</command> command had been issued then it is started
|
<command>stop</command> command had been issued then it is started
|
||||||
again. The command is available on Shorewall and Shorewall6
|
again.</para>
|
||||||
only.</para>
|
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term>Shorewall and Shorewall6</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
<para>If a <emphasis>directory</emphasis> is included in the
|
<para>If a <emphasis>directory</emphasis> is included in the
|
||||||
command, Shorewall will look in that <emphasis>directory</emphasis>
|
command, Shorewall will look in that
|
||||||
first for configuration files.</para>
|
<emphasis>directory</emphasis> first for configuration
|
||||||
|
files.</para>
|
||||||
|
|
||||||
<para>The <option>-n</option> option causes Shorewall to avoid
|
<para>The <option>-n</option> option causes Shorewall to avoid
|
||||||
updating the routing table(s).</para>
|
updating the routing table(s).</para>
|
||||||
|
|
||||||
<para>The <option>-p</option> option causes the connection tracking
|
<para>The <option>-p</option> option causes the connection
|
||||||
table to be flushed; the <command>conntrack</command> utility must
|
tracking table to be flushed; the <command>conntrack</command>
|
||||||
be installed to use this option.</para>
|
utility must be installed to use this option.</para>
|
||||||
|
|
||||||
<para>The <option>-d</option> option causes the compiler to run
|
<para>The <option>-d</option> option causes the compiler to
|
||||||
under the Perl debugger.</para>
|
run under the Perl debugger.</para>
|
||||||
|
|
||||||
<para>The <option>-f</option> option suppresses the compilation step
|
<para>The <option>-f</option> option suppresses the
|
||||||
and simply reused the compiled script which last started/restarted
|
compilation step and simply reused the compiled script which
|
||||||
Shorewall, provided that /etc/shorewall and its contents have not
|
last started/restarted Shorewall, provided that /etc/shorewall
|
||||||
been modified since the last start/restart.</para>
|
and its contents have not been modified since the last
|
||||||
|
start/restart.</para>
|
||||||
|
|
||||||
<para>The <option>-c</option> option was added in Shorewall 4.4.20
|
<para>The <option>-c</option> option was added in Shorewall
|
||||||
and performs the compilation step unconditionally, overriding the
|
4.4.20 and performs the compilation step unconditionally,
|
||||||
AUTOMAKE setting in <ulink
|
overriding the AUTOMAKE setting in <ulink
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). When
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).
|
||||||
both <option>-f</option> and <option>-c</option> are present, the
|
When both <option>-f</option> and <option>-c</option> are
|
||||||
result is determined by the option that appears last.</para>
|
present, the result is determined by the option that appears
|
||||||
|
last.</para>
|
||||||
|
|
||||||
<para>The <option>-T</option> option was added in Shorewall 4.5.3
|
<para>The <option>-T</option> option was added in Shorewall
|
||||||
and causes a Perl stack trace to be included with each
|
4.5.3 and causes a Perl stack trace to be included with each
|
||||||
compiler-generated error and warning message.</para>
|
compiler-generated error and warning message.</para>
|
||||||
|
|
||||||
<para>The <option>-i</option> option was added in Shorewall 4.6.0
|
<para>The <option>-i</option> option was added in Shorewall
|
||||||
and causes a warning message to be issued if the current line
|
4.6.0 and causes a warning message to be issued if the current
|
||||||
contains alternative input specifications following a semicolon
|
line contains alternative input specifications following a
|
||||||
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
|
semicolon (";"). Such lines will be handled incorrectly if
|
||||||
set to Yes in <ulink
|
INLINE_MATCHES is set to Yes in <ulink
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
||||||
|
|
||||||
<para>The <option>-C</option> option was added in Shorewall 4.6.5
|
<para>The <option>-C</option> option was added in Shorewall
|
||||||
and is only meaningful when AUTOMAKE=Yes in <ulink
|
4.6.5 and is only meaningful when AUTOMAKE=Yes in <ulink
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). If an
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).
|
||||||
existing firewall script is used and if that script was the one that
|
If an existing firewall script is used and if that script was
|
||||||
|
the one that generated the current running configuration, then
|
||||||
|
the running netfilter configuration will be reloaded as is so
|
||||||
|
as to preserve the iptables packet and byte counters.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>Shorewall-lite and Shorewall6-lite</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>The <option>-n</option> option causes Shorewall to avoid
|
||||||
|
updating the routing table(s).</para>
|
||||||
|
|
||||||
|
<para>The <option>-p</option> option causes the connection
|
||||||
|
tracking table to be flushed; the <command>conntrack</command>
|
||||||
|
utility must be installed to use this option.</para>
|
||||||
|
|
||||||
|
<para>The <option>-C</option> option was added in Shorewall
|
||||||
|
4.6.5 If the existing firewall script is the one that
|
||||||
generated the current running configuration, then the running
|
generated the current running configuration, then the running
|
||||||
netfilter configuration will be reloaded as is so as to preserve the
|
netfilter configuration will be reloaded as is so as to
|
||||||
iptables packet and byte counters.</para>
|
preserve the iptables packet and byte counters.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user