Merge branch 'master' into 4.5.7

docs/Manpages.xml

@@ -70,6 +70,11 @@
         url="manpages/shorewall-blacklist.html">blacklist</ulink> - Static
         blacklisting.</member>
 
+        <member><ulink
+        url="manpages/shorewall-conntrack.html">conntrack</ulink> - Specify
+        helpers for connections or exempt certain traffic from netfilter
+        connection tracking.</member>
+
         <member><ulink url="manpages/shorewall-ecn.html">ecn</ulink> -
         Disabling Explicit Congestion Notification</member>
 
@@ -108,7 +113,7 @@
         How to map addresses from one net to another.</member>
 
         <member><ulink url="manpages/shorewall-notrack.html">notrack</ulink> -
-        Exclude certain traffic from Netfilter connection tracking</member>
+        Exclude certain traffic from Netfilter connection tracking </member>
 
         <member><ulink url="manpages/shorewall-params.html">params</ulink> -
         Assign values to shell variables used in other files.</member>
@@ -123,9 +128,8 @@
         <member><ulink url="manpages/shorewall-proxyarp.html">proxyarp</ulink>
         - Define Proxy ARP.</member>
 
-        <member><ulink
+        <member><ulink url="manpages/shorewall-rtrules.html">rtrules</ulink> -
-        url="manpages/shorewall-rtrules.html">rtrules</ulink> - Define
+        Define routing rules.</member>
-        routing rules.</member>
 
         <member><ulink url="manpages/shorewall-routes.html">routes</ulink> -
         (Added in Shorewall 4.4.15) Add additional routes to provider routing

docs/Manpages6.xml

@@ -68,7 +68,11 @@
 
         <member><ulink
         url="manpages6/shorewall6-blacklist.html">blacklist</ulink> - Static
-        blacklisting.</member>
+        blacklisting (deprecated)</member>
+
+        <member><ulink url="manpages-conntrack.html">conntrack</ulink> -
+        Specify helpers for connections or exempt certain traffic from
+        netfilter connection tracking.</member>
 
         <member><ulink
         url="manpages6/shorewall6-exclusion.html">exclusion</ulink> -
@@ -92,7 +96,8 @@
         - How to define nested zones.</member>
 
         <member><ulink url="manpages6/shorewall6-notrack.html">notrack</ulink>
-        - Exclude certain traffic from Netfilter6 connection tracking</member>
+        - Exclude certain traffic from Netfilter6 connection tracking
+        (deprecated)</member>
 
         <member><ulink url="manpages6/shorewall6-params.html">params</ulink> -
         Assign values to shell variables used in other files.</member>
@@ -108,9 +113,8 @@
         url="manpages6/shorewall6-proxyndp.html">proxyndp</ulink> - Defines
         Proxy NDP</member>
 
-        <member><ulink
+        <member><ulink url="manpages6/shorewall6-rtrules.html">rtrules</ulink>
-        url="manpages6/shorewall6-rtrules.html">rtrules</ulink> -
+        - Define routing rules.</member>
-        Define routing rules.</member>
 
         <member><ulink url="manpages6/shorewall6-routes.html">routes</ulink> -
         (Added in Shorewall 4.4.15) Add additional routes to provider routing

docs/upgrade_issues.xml

@@ -122,7 +122,7 @@
         (shorewall-lite, and shorewall6-lite) will create a directory under
         the specified path name to hold state information.</para>
 
-        <para>Example: </para>
+        <para>Example:</para>
 
         <blockquote>
           <para>VARDIR=/opt/var/</para>
@@ -152,18 +152,18 @@
           <para>?ENDIF</para>
         </blockquote>
 
-        <para> If they are to be processed only if TC_ENABLED=Internal, then
+        <para>If they are to be processed only if TC_ENABLED=Internal, then
         enclose them in</para>
 
         <blockquote>
           <para>?IF TC_ENABLED eq 'Internal'</para>
 
-          <para> ...</para>
+          <para>...</para>
 
           <para>?ENDIF.</para>
         </blockquote>
 
-        <para> </para>
+        <para></para>
       </listitem>
 
       <listitem>
@@ -172,27 +172,29 @@
         files are still processed by the compiler.</para>
 
         <para>Note that blacklist files may be converted to equivalent blrules
-        files using <command>shorewall[6] update -b</command>. </para>
+        files using <command>shorewall[6] update -b</command>.</para>
       </listitem>
 
       <listitem>
-        <para> In Shorewall 4.5.7, the
+        <para>In Shorewall 4.5.7, the
         <filename>/etc/shorewall[6]/notrack</filename> file was renamed
         <filename>/etc/shorewall[6]/conntrack</filename>. When upgrading to a
         release &gt;= 4.5.7, the <filename>conntrack</filename> file will be
         installed along side of an existing <filename>notrack</filename> file.
-        When both files exist, a compiler warning is generated:</para>
+        </para>
+
+        <para>If the 'notrack' file is non-empty, a warning message is issued
+        during compilation: </para>
 
         <blockquote>
-          <para>WARNING: Both /etc/shorewall/notrack and
+          <para>WARNING: Non-empty notrack file (...); please move its
-          /etc/shorewall/conntrack exist; /etc/shorewall/conntrack is
+          contents to the conntrack file </para>
-          ignored</para>
         </blockquote>
 
-        <para>This warning may be eliminated by moving any entries in the
+        <para>This warning can be eliminated by removing the notrack file (if
-        <filename>notrack</filename> file to the
+        it has no entries), or by moving its entries to the conntrack file and
-        <filename>conntrack</filename> file and removing the
+        removing the notrack file. Note that the conntrack file is always
-        <filename>notrack</filename> file. </para>
+        populated with rules </para>
       </listitem>
     </orderedlist>
   </section>