diff --git a/docs/Manpages.xml b/docs/Manpages.xml
index bf3ac8362..f388b94ad 100644
--- a/docs/Manpages.xml
+++ b/docs/Manpages.xml
@@ -70,6 +70,11 @@
url="manpages/shorewall-blacklist.html">blacklist - Static
blacklisting.
+ conntrack - Specify
+ helpers for connections or exempt certain traffic from netfilter
+ connection tracking.
+
ecn -
Disabling Explicit Congestion Notification
@@ -108,7 +113,7 @@
How to map addresses from one net to another.
notrack -
- Exclude certain traffic from Netfilter connection tracking
+ Exclude certain traffic from Netfilter connection tracking
params -
Assign values to shell variables used in other files.
@@ -123,9 +128,8 @@
proxyarp
- Define Proxy ARP.
- rtrules - Define
- routing rules.
+ rtrules -
+ Define routing rules.
routes -
(Added in Shorewall 4.4.15) Add additional routes to provider routing
diff --git a/docs/Manpages6.xml b/docs/Manpages6.xml
index 69ed41ad0..3d9a6d976 100644
--- a/docs/Manpages6.xml
+++ b/docs/Manpages6.xml
@@ -68,7 +68,11 @@
blacklist - Static
- blacklisting.
+ blacklisting (deprecated)
+
+ conntrack -
+ Specify helpers for connections or exempt certain traffic from
+ netfilter connection tracking.
exclusion -
@@ -92,7 +96,8 @@
- How to define nested zones.
notrack
- - Exclude certain traffic from Netfilter6 connection tracking
+ - Exclude certain traffic from Netfilter6 connection tracking
+ (deprecated)
params -
Assign values to shell variables used in other files.
@@ -108,9 +113,8 @@
url="manpages6/shorewall6-proxyndp.html">proxyndp - Defines
Proxy NDP
- rtrules -
- Define routing rules.
+ rtrules
+ - Define routing rules.
routes -
(Added in Shorewall 4.4.15) Add additional routes to provider routing
diff --git a/docs/upgrade_issues.xml b/docs/upgrade_issues.xml
index 654185c52..f5d8d16e3 100644
--- a/docs/upgrade_issues.xml
+++ b/docs/upgrade_issues.xml
@@ -122,7 +122,7 @@
(shorewall-lite, and shorewall6-lite) will create a directory under
the specified path name to hold state information.
- Example:
+ Example:
VARDIR=/opt/var/
@@ -152,18 +152,18 @@
?ENDIF
- If they are to be processed only if TC_ENABLED=Internal, then
+ If they are to be processed only if TC_ENABLED=Internal, then
enclose them in
?IF TC_ENABLED eq 'Internal'
- ...
+ ...
?ENDIF.
-
+
@@ -172,27 +172,29 @@
files are still processed by the compiler.
Note that blacklist files may be converted to equivalent blrules
- files using shorewall[6] update -b.
+ files using shorewall[6] update -b.
- In Shorewall 4.5.7, the
+ In Shorewall 4.5.7, the
/etc/shorewall[6]/notrack file was renamed
/etc/shorewall[6]/conntrack. When upgrading to a
release >= 4.5.7, the conntrack file will be
installed along side of an existing notrack file.
- When both files exist, a compiler warning is generated:
+
+
+ If the 'notrack' file is non-empty, a warning message is issued
+ during compilation:
- WARNING: Both /etc/shorewall/notrack and
- /etc/shorewall/conntrack exist; /etc/shorewall/conntrack is
- ignored
+ WARNING: Non-empty notrack file (...); please move its
+ contents to the conntrack file
- This warning may be eliminated by moving any entries in the
- notrack file to the
- conntrack file and removing the
- notrack file.
+ This warning can be eliminated by removing the notrack file (if
+ it has no entries), or by moving its entries to the conntrack file and
+ removing the notrack file. Note that the conntrack file is always
+ populated with rules