Documentation corrections to the blacklist files

manpages/shorewall-blacklist.xml

@@ -101,21 +101,19 @@
             <para>Beginning with Shorewall 4.4.13, entries are applied based
             on the <emphasis role="bold">blacklist</emphasis> setting in
             <ulink
-            url="shorewall-interfaces.html">shorewall-zones</ulink>(5):</para>
+            url="shorewall-zones.html">shorewall-zones</ulink>(5):</para>
 
             <orderedlist>
               <listitem>
                 <para>'blacklist' in the OPTIONS or IN_OPTIONS column. Traffic
-                from this zone is passed against the entries in <ulink
+                from this zone is passed against the entries in this file that
-                url="shorewall-blacklist.html">shorewall-blacklist</ulink>(5)
+                have the <emphasis role="bold">src</emphasis> option
-                that have the <emphasis role="bold">src</emphasis> option
                 (specified or defaulted).</para>
               </listitem>
 
               <listitem>
                 <para>'blacklist' in the OPTIONS or OUT_OPTIONS column.
-                Trafficto this zone is passed against the entries in <ulink
+                Trafficto this zone is passed against the entries in this file
-                url="shorewall-blacklist.html">shorewall-blacklist</ulink>(5)
                 that have the <emphasis role="bold">dst</emphasis>
                 option.</para>
               </listitem>

manpages6/shorewall6-blacklist.xml

@@ -76,52 +76,46 @@
 
       <varlistentry>
         <term>OPTIONS (Optional - Added in 4.4.12) -
-        {-|{to|from}[,...]}</term>
+        {-|{dst|src}[,...]}</term>
 
         <listitem>
-          <para>If specified, indicates whether traffic <option>to</option> or
+          <para>If specified, indicates whether traffic
-          <option>from</option> the ADDRESS/SUBNET should be blacklisted. The
+          <emphasis>from</emphasis> ADDRESS/SUBNET (<emphasis
-          default is <emphasis role="bold">from</emphasis>. If the
+          role="bold">src</emphasis>) or traffic <emphasis>to</emphasis>
-          ADDRESS/SUBNET column is empty, then this column has no effect on
+          ADDRESS/SUBNET (<emphasis role="bold">dst</emphasis>) should be
-          the generated rule.</para>
+          blacklisted. The default is <emphasis role="bold">src</emphasis>. If
+          the ADDRESS/SUBNET column is empty, then this column has no effect
+          on the generated rule.</para>
 
           <note>
-            <para>Blacklisting is still restricted to traffic
+            <para>In Shorewall 4.4.12, the keywords from and to were used in
-            <emphasis>arriving</emphasis> on an interface that has the
+            place of src and dst respectively. Blacklisting was still
-            'blacklist' option set. So to block traffic from your local
+            restricted to traffic <emphasis>arriving</emphasis> on an
-            network to an internet host, you must specify
+            interface that has the 'blacklist' option set. So to block traffic
+            from your local network to an internet host, you had to specify
             <option>blacklist</option> on your internal interface in <ulink
             url="shorewall6-interfaces.html">shorewall6-interfaces</ulink>
             (5).</para>
           </note>
 
           <note>
-            <para>Beginning with Shorewall 4.4.13, entries specifying
+            <para>Beginning with Shorewall 4.4.13, entries are applied based
-            <emphasis role="bold">to</emphasis> are applied to traffic based
             on the <emphasis role="bold">blacklist</emphasis> setting in
             <ulink
-            url="shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5).</para>
+            url="shorewall-zones.html">shorewall6-zones</ulink>(5):</para>
 
             <orderedlist>
               <listitem>
-                <para>Input blacklisting (default if no value given). Traffic
+                <para>'blacklist' in the OPTIONS or IN_OPTIONS column. Traffic
-                entering this interface are passed against the entries in
+                from this zone is passed against the entries in this file that
-                <ulink
+                have the <emphasis role="bold">src</emphasis> option
-                url="shorewall6-blacklist.html">shorewall6-blacklist</ulink>(5)
+                (specified or defaulted).</para>
-                that have the <emphasis role="bold">from</emphasis> option
-                (specified or defaulted). Traffic originating on the firewall
-                and leaving by this interface is passed against the entries in
-                <ulink
-                url="shorewall6-blacklist.html">shorewall6-blacklist</ulink>(5)
-                that have the <emphasis role="bold">to</emphasis>
-                option.</para>
               </listitem>
 
               <listitem>
-                <para>Output blacklisting. Traffic entering on this interface
+                <para>'blacklist' in the OPTIONS or OUT_OPTIONS column.
-                is passed against the entries in <ulink
+                Trafficto this zone is passed against the entries in this file
-                url="shorewall6-blacklist.html">shorewall6-blacklist</ulink>(5)
+                that have the <emphasis role="bold">dst</emphasis>
-                that have the <emphasis role="bold">to</emphasis>
                 option.</para>
               </listitem>
             </orderedlist>