diff --git a/Shorewall2/action.template b/Shorewall2/action.template index 80152daa5..a5bbce819 100644 --- a/Shorewall2/action.template +++ b/Shorewall2/action.template @@ -11,6 +11,9 @@ # 2. Copy this file to /etc/shorewall/action. # 3. Add the desired rules to that file. # +# Please see http://shorewall.net/Actions.html for additional +# information. +# # Columns are: # # diff --git a/Shorewall2/actions b/Shorewall2/actions index 4ddb30e91..c057929d5 100644 --- a/Shorewall2/actions +++ b/Shorewall2/actions @@ -8,7 +8,7 @@ # # ACTION names should begin with an upper-case letter to # distinguish them from Shorewall-generated chain names and -# they must need the requirements of a Netfilter chain. If +# they must meet the requirements of a Netfilter chain. If # you intend to log from the action then the name must be # no longer than 11 character in length. Names must also # meet the requirements for a Bourne Shell identifier (must @@ -22,7 +22,10 @@ # last such action will be taken. # # If you specify ":DROP", ":REJECT" or ":ACCEPT" on a line by -# itself, the associated policy will have no common action. +# itself, the associated policy will have no common action. +# +# Please see http://shorewall.net/Actions.html for additional +# information. # #ACTION diff --git a/Shorewall2/actions.std b/Shorewall2/actions.std index 7d8c5c334..7dfb23fcc 100644 --- a/Shorewall2/actions.std +++ b/Shorewall2/actions.std @@ -1,6 +1,8 @@ # # Shorewall 2.2 /usr/share/shorewall/actions.std # +# Please see http://shorewall.net/Actions.html for additional +# information. # # Builtin Actions are: # diff --git a/Shorewall2/blacklist b/Shorewall2/blacklist index 4cb06756d..8511c3137 100755 --- a/Shorewall2/blacklist +++ b/Shorewall2/blacklist @@ -38,6 +38,9 @@ # ADDRESS/SUBNET PROTOCOL PORT # 192.0.2.126 udp 53 # +# Please see http://shorewall.net/blacklisting_support.htm for additional +# information. +# ############################################################################### #ADDRESS/SUBNET PROTOCOL PORT #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall2/continue b/Shorewall2/continue index e608ca4ed..d1300c577 100644 --- a/Shorewall2/continue +++ b/Shorewall2/continue @@ -4,3 +4,5 @@ # Add commands below that you want to be executed after shorewall has # cleared any existing Netfilter rules and has enabled existing connections. # +# For additional information, see http://shorewall.net/shorewall_extension_scripts.htm +# diff --git a/Shorewall2/ecn b/Shorewall2/ecn index e09e32540..77b981b76 100644 --- a/Shorewall2/ecn +++ b/Shorewall2/ecn @@ -15,6 +15,8 @@ # 0.0.0.0/0 is assumed. If your kernel and iptables # include iprange match support then IP address ranges # are also permitted. +# +# For additional information, see http://shorewall.net/Documentation.htm#ECN ############################################################################## #INTERFACE HOST(S) #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall2/hosts b/Shorewall2/hosts index 1fbd5e51c..0016f976d 100644 --- a/Shorewall2/hosts +++ b/Shorewall2/hosts @@ -135,5 +135,7 @@ # /etc/shorewall/ipsec file then you do NOT # need to specify the 'ipsec' option here. # +# For additional information, see http://shorewall.net/Documentation.htm#Hosts +# #ZONE HOST(S) OPTIONS #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE diff --git a/Shorewall2/init b/Shorewall2/init index 7fb3988e1..571a9b31d 100644 --- a/Shorewall2/init +++ b/Shorewall2/init @@ -4,3 +4,5 @@ # Add commands below that you want to be executed at the beginning of # a "shorewall start" or "shorewall restart" command. # +# For additional information, see http://shorewall.net/shorewall_extension_scripts.htm +# diff --git a/Shorewall2/initdone b/Shorewall2/initdone index efd2be5d2..74460af0e 100755 --- a/Shorewall2/initdone +++ b/Shorewall2/initdone @@ -5,3 +5,5 @@ # "shorewall start" or "shorewall restart" commands at the point where # Shorewall has not yet added any perminent rules to the builtin chains. # +# For additional information, see http://shorewall.net/shorewall_extension_scripts.htm +# diff --git a/Shorewall2/interfaces b/Shorewall2/interfaces index ec23b8fef..bbb0c9687 100644 --- a/Shorewall2/interfaces +++ b/Shorewall2/interfaces @@ -201,6 +201,9 @@ # connections. # # net ppp0 - +# +# For additional information, see http://shorewall.net/Documentation.htm#Interfaces +# ############################################################################## #ZONE INTERFACE BROADCAST OPTIONS # diff --git a/Shorewall2/maclist b/Shorewall2/maclist index b200ddda2..f364048cd 100644 --- a/Shorewall2/maclist +++ b/Shorewall2/maclist @@ -1,6 +1,11 @@ # # Shorewall 2.2 - MAC list file # +# This file is used to define the MAC addresses and optionally their +# associated IP addresses to be allowed to use the specified interface. +# The feature is enabled by using the maclist option in the interfaces +# or hosts configuration file. +# # /etc/shorewall/maclist # # Columns are: @@ -18,6 +23,9 @@ # list of host and/or subnet addresses. If your kernel # and iptables have iprange match support then IP # address ranges are also allowed. +# +# For additional information, see http://shorewall.net/MAC_Validation.html +# ############################################################################## #INTERFACE MAC IP ADDRESSES (Optional) #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE diff --git a/Shorewall2/masq b/Shorewall2/masq index fe8133994..22adaa1b9 100755 --- a/Shorewall2/masq +++ b/Shorewall2/masq @@ -209,6 +209,8 @@ # # THE ORDER OF THE ABOVE TWO RULES IS SIGNIFICANT!!!!! # +# For additional information, see http://shorewall.net/Documentation.htm#Masq +# ############################################################################### #INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE diff --git a/Shorewall2/modules b/Shorewall2/modules index f658e3576..4b969b4bb 100644 --- a/Shorewall2/modules +++ b/Shorewall2/modules @@ -7,6 +7,7 @@ # dependency order. i.e., if M2 depends on M1 then you must load M1 before # you load M2. # +# For additional information, see http://shorewall.net/Documentation.htm#modules loadmodule ip_tables loadmodule iptable_filter diff --git a/Shorewall2/nat b/Shorewall2/nat index 76991ebdd..5078bec21 100755 --- a/Shorewall2/nat +++ b/Shorewall2/nat @@ -38,6 +38,8 @@ # # LOCAL If Yes or yes, NAT will be effective from the firewall # system +# +# For additional information, see http://shorewall.net/NAT.htm ############################################################################## #EXTERNAL INTERFACE INTERNAL ALL LOCAL # INTERFACES diff --git a/Shorewall2/policy b/Shorewall2/policy index 7da6f5dcb..a6c4b230a 100644 --- a/Shorewall2/policy +++ b/Shorewall2/policy @@ -85,6 +85,7 @@ # # # all all REJECT info # +# See http://shorewall.net/Documentation.htm#Policy for additional information. ############################################################################### #SOURCE DEST POLICY LOG LIMIT:BURST # LEVEL diff --git a/Shorewall2/proxyarp b/Shorewall2/proxyarp index c80c1b21c..a48fefc53 100644 --- a/Shorewall2/proxyarp +++ b/Shorewall2/proxyarp @@ -39,6 +39,8 @@ # # #ADDRESS INTERFACE EXTERNAL # 155.186.235.6 eth1 eth0 +# +# See http://shorewall.net/ProxyARP.htm for additional information. ############################################################################## #ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall2/routestopped b/Shorewall2/routestopped index d59da15be..64b0fe504 100644 --- a/Shorewall2/routestopped +++ b/Shorewall2/routestopped @@ -31,6 +31,10 @@ # eth2 192.168.1.0/24 # eth0 192.0.2.44 # br0 - routeback +# +# See http://shorewall.net/Documentation.htm#Routestopped and +# http://shorewall.net/starting_and_stopping_shorewall.htm for additional +# information. ############################################################################## #INTERFACE HOST(S) OPTIONS #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall2/start b/Shorewall2/start index ac4e3e89d..471a8a9b0 100644 --- a/Shorewall2/start +++ b/Shorewall2/start @@ -4,3 +4,5 @@ # Add commands below that you want to be executed after shorewall has # been started or restarted. # +# See http://shorewall.net/shorewall_extension_scripts.htm for additional +# information. diff --git a/Shorewall2/started b/Shorewall2/started index 279c0e7b9..255e0a7ad 100644 --- a/Shorewall2/started +++ b/Shorewall2/started @@ -11,3 +11,5 @@ # This script should not change the firewall configuration directly but may # do so indirectly by running /sbin/shorewall with the 'nolock' option. # +# See http://shorewall.net/shorewall_extension_scripts.htm for additional +# information. diff --git a/Shorewall2/stop b/Shorewall2/stop index 067de4a41..2c4acbdb6 100644 --- a/Shorewall2/stop +++ b/Shorewall2/stop @@ -4,3 +4,5 @@ # Add commands below that you want to be executed at the beginning of a # "shorewall stop" command. # +# See http://shorewall.net/shorewall_extension_scripts.htm for additional +# information. diff --git a/Shorewall2/stopped b/Shorewall2/stopped index d31d023c7..b1aa78ab4 100644 --- a/Shorewall2/stopped +++ b/Shorewall2/stopped @@ -4,3 +4,5 @@ # Add commands below that you want to be executed at the completion of a # "shorewall stop" command. # +# See http://shorewall.net/shorewall_extension_scripts.htm for additional +# information. diff --git a/Shorewall2/tcrules b/Shorewall2/tcrules index 4c2009af0..3a758b262 100755 --- a/Shorewall2/tcrules +++ b/Shorewall2/tcrules @@ -147,6 +147,8 @@ # testing # :C Designates a connection mark. If omitted, # the packet mark's value is tested. +# +# See http://shorewall.net/traffic_shaping.htm for additional information. ############################################################################## #MARK SOURCE DEST PROTO PORT(S) CLIENT USER TEST # PORT(S) diff --git a/Shorewall2/tunnels b/Shorewall2/tunnels index c764d63ba..83a4d7949 100644 --- a/Shorewall2/tunnels +++ b/Shorewall2/tunnels @@ -108,6 +108,10 @@ # # generic:udp:4444 net 4.3.99.124 # +# +# See http://shorewall.net/Documentation.htm#Tunnels for additional information. +# # TYPE ZONE GATEWAY GATEWAY # ZONE +# #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE