Add 2.6.16 Kernel configuration information

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4106 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

docs/kernel.xml

@@ -243,4 +243,23 @@ CONFIG_BRIDGE_NF_EBTABLES=m
 </programlisting>
     </blockquote>
   </section>
+
+  <section>
+    <title>Kernel 2.6.16 and Later Netfilter Options</title>
+
+    <para>Here's a screenshot of my modularized 2.6.16 Kernel config
+    (Navigation: Networking → Networking Options → Network Packet Filtering
+    (replaces ipchains) → Core Netfilter configuration):</para>
+
+    <graphic align="center" fileref="images/kernel-2.6.16-1.png" />
+
+    <para>Note that is is particularly important to select "Netfilter Xtables
+    support (required for ip_tables).</para>
+
+    <para>Here's a screenshot of the IP Netfilter config (Navigation:
+    Networking → Networking Options → Network Packet Filtering (replaces
+    ipchains) → IP: Netfilter configuration):</para>
+
+    <graphic align="center" fileref="images/kernel-2.6.16-2.png" />
+  </section>
 </article>

docs/starting_and_stopping_shorewall.xml

@@ -672,7 +672,7 @@
         <term>clear</term>
 
         <listitem>
-          <para><command>shorewall clear</command></para>
+          <para><command>shorewall[-lite] clear</command></para>
 
           <para>Clear will remove all rules and chains installed by Shorewall.
           The firewall is then wide open and unprotected. Existing connections
@@ -792,7 +792,7 @@
         <term>dump</term>
 
         <listitem>
-          <para><command>shorewall[-lite] [ -x ] dump</command></para>
+          <para><command>shorewall[-lite] dump</command></para>
 
           <para>Produce a verbose report about the firewall.</para>
 
@@ -919,7 +919,7 @@
         <term>refresh (Not supported by Shorewall Lite)</term>
 
         <listitem>
-          <para><command>shorewall [ -q ] refresh</command></para>
+          <para><command>shorewall refresh</command></para>
 
           <para>The rules involving the broadcast addresses of firewall
           interfaces, the black list and ECN control rules are recreated to
@@ -996,7 +996,7 @@
         <term>restart</term>
 
         <listitem>
-          <para><command>shorewall[-lite] [ -q ] restart
+          <para><command>shorewall[-lite] restart
           &lt;configuration-directory&gt;</command></para>
 
           <para>Restart is similar to <command>shorewall stop</command>
@@ -1010,7 +1010,7 @@
         <term>restore</term>
 
         <listitem>
-          <para><command>shorewall[-lite] [ -q ] restore [ &lt;filename&gt;
+          <para><command>shorewall[-lite] restore [ &lt;filename&gt;
           ]</command></para>
 
           <para>Restore Shorewall to a state saved using the
@@ -1030,7 +1030,7 @@
         <term>safe-restart (Not supported by Shorewall Lite)</term>
 
         <listitem>
-          <para><command>shorewall [ -q ] safe-restart [ &lt;filename&gt;
+          <para><command>shorewall safe-restart [ &lt;filename&gt;
           ]</command></para>
 
           <para>Only allowed if Shorewall is running. The current
@@ -1049,7 +1049,7 @@
         <term>safe-start (Not supported by Shorewall Lite)</term>
 
         <listitem>
-          <para><command>shorewall [ -q ] safe-start [ &lt;filename&gt;
+          <para><command>shorewall safe-start [ &lt;filename&gt;
           ]</command></para>
 
           <para>Shorewall is started normally. You will then be prompted
@@ -1082,27 +1082,25 @@
         <term>show</term>
 
         <listitem>
-          <para><command>shorewall [ -x ] show actions (Not supported by
+          <para><command>shorewall show actions (Not supported by Shorewall
-          Shorewall Lite)</command> — produces a list of actions available on
+          Lite)</command> — produces a list of actions available on the
-          the system.</para>
+          system.</para>
 
-          <para><command>shorewall[-lite] [ -x ] show [ &lt;chain&gt; [
+          <para><command>shorewall[-lite] show [ &lt;chain&gt; [ &lt;chain&gt;
-          &lt;chain&gt; ...]
+          ...] |classifiers|connections|log|nat|tc|tos]</command></para>
-          |classifiers|connections|log|nat|tc|tos]</command></para>
 
-          <para><command>shorewall[-lite] [ -x ] show &lt;chain&gt; [
+          <para><command>shorewall[-lite] show &lt;chain&gt; [ &lt;chain&gt;
-          &lt;chain&gt; ... ] </command> - produce a verbose report about the
+          ... ] </command> - produce a verbose report about the Netfilter
-          Netfilter chain(s). (<command>iptables -L chain -n
+          chain(s). (<command>iptables -L chain -n -v</command>)</para>
+
+          <para><command>shorewall[-lite] show mangle</command> - produce a
+          verbose report about the mangle table. (<command>iptables -t mangle
+          -L -n -v</command>)</para>
+
+          <para><command>shorewall[-lite] show nat</command> - produce a
+          verbose report about the nat table. (<command>iptables -t nat -L -n
           -v</command>)</para>
 
-          <para><command>shorewall[-lite] [ -x ] show mangle</command> -
-          produce a verbose report about the mangle table. (<command>iptables
-          -t mangle -L -n -v</command>)</para>
-
-          <para><command>shorewall[-lite] [ -x ] show nat</command> - produce
-          a verbose report about the nat table. (<command>iptables -t nat -L
-          -n -v</command>)</para>
-
           <para><command>shorewall[-lite] show [- m ] log</command> - display
           the last 20 packet log entries. The '-m' option is available in
           Shorewall version 3.2.0 Beta5 and later and causes the MAC address
@@ -1139,7 +1137,7 @@
         <term>start</term>
 
         <listitem>
-          <para><command>shorewall[-lite] [ -q ] [ -f ] start [
+          <para><command>shorewall[-lite] [ -f ] start [
           &lt;configuration-directory&gt; ]</command></para>
 
           <para>Start shorewall. Existing connections through shorewall