extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-23 19:21:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Correct manpages per Vieri Di Paolo's proofreading

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4952 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-11-20 17:52:52 +00:00
parent 5054e21730
commit 5bc03af1a0
9 changed files with 48 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
manpages/shorewall-actions.xml
View File

@ -23,12 +23,12 @@
<para>This file allows you to define new ACTIONS for use in rules (see
shorewall-rules(5)). You define the iptables rules to be performed in an
ACTION in /etc/shorewall/action.<emphasis>action-name</emphasis>. </para>
ACTION in /etc/shorewall/action.<emphasis>action-name</emphasis>.</para>
<para>ACTION names should begin with an upper-case letter to distinguish
them from Shorewall-generated chain names and they must meet the
requirements of a Netfilter chain. If you intend to log from the action
then the name must be no longer than 11 character in length. Names must
then the name must be no longer than 11 characters in length. Names must
also meet the requirements for a Bourne Shell identifier (must begin with
a letter and be composed of letters, digits and underscore
characters).</para>

6
manpages/shorewall-blacklist.xml
View File

@ -22,7 +22,7 @@
<title>Description</title>
<para>The blacklist file is used to perform static blacklisting. You can
blacklist by source address (IP or MAC), or by application. </para>
blacklist by source address (IP or MAC), or by application.</para>
<para>The columns in the file are as follows.</para>
@ -33,7 +33,7 @@
<listitem>
<para>Host address, network address, MAC address, IP address range
(if your kernel and iptables contain iprange match support) or ipset
name prefaced by "+" (i your kernel supports ipset match).</para>
name prefaced by "+" (if your kernel supports ipset match).</para>
<para>MAC addresses must be prefixed with "~" and use "-" as a
separator.</para>
@ -97,7 +97,7 @@
<term>Example 2:</term>
<listitem>
<para>To block some of the nuisance applicataion:</para>
<para>To block some of the nuisance applications:</para>
<programlisting> #ADDRESS/SUBNET PROTOCOL PORT
- udp 1024:1033,1434

6
manpages/shorewall-hosts.xml
View File

@ -28,7 +28,7 @@
<para>The order of entries in this file is not significant in determining
zone composition. Rather, the order that the zones are defined in
shorewall-zones(5) determines the order in which the records in this file
are interpreted. </para>
are interpreted.</para>
<warning>
<para>The only time that you need this file is when you have more than
@ -80,8 +80,8 @@
<para>A physical port name; only allowed when the interface
names a bridge created by the <command>brctl(8) addbr</command>
command. This port must not be defined in
shorewall-interfaces(5) and may optionally followed by a colon
(":") and a host or network IP or a range. See
shorewall-interfaces(5) and may be optionally followed by a
colon (":") and a host or network IP or a range. See
http://www.shorewall.net/bridge.html for details. Specifying a
physical port name requires that you have BRIDGING=Yes in
shorewall.conf(5).</para>

10
manpages/shorewall-interfaces.xml
View File

@ -202,7 +202,7 @@ loc eth2 -</programlisting>
/proc/sys/net/ipv4/conf/<emphasis>interface</emphasis>/proxy_arp.
Do NOT use this option if you are employing Proxy ARP through
entries in shorewall-proxyarp(5). This option is intended
soley for use with Proxy ARP sub-networking as described at:
solely for use with Proxy ARP sub-networking as described at:
http://www.tldp.org/HOWTO/mini/Proxy-ARP-Subnet</para>
</listitem>
</varlistentry>
@ -247,7 +247,7 @@ loc eth2 -</programlisting>
interface</para>
<para>3 - do not reply for local addresses configured with
scope host, only resolutions for global and link </para>
scope host, only resolutions for global and link</para>
<para>4-7 - reserved</para>
@ -298,8 +298,8 @@ loc eth2 -</programlisting>
source-routed packets will not be accepted from that interface
(sets
/proc/sys/net/ipv4/conf/<emphasis>interface</emphasis>/accept_source_route
to 1). Only set this option if you know what you are you
doing. This might represent a security risk and is not usually
to 1). Only set this option if you know what you are doing.
This might represent a security risk and is not usually
needed.</para>
</listitem>
</varlistentry>
@ -326,7 +326,7 @@ loc eth2 -</programlisting>
<term>Example 1:</term>
<listitem>
<para> Suppose you have eth0 connected to a DSL modem and eth1
<para>Suppose you have eth0 connected to a DSL modem and eth1
connected to your local network and that your local subnet is
192.168.1.0/24. The interface gets it's IP address via DHCP from
subnet 206.191.149.192/27. You have a DMZ with subnet 192.168.2.0/24

16
manpages/shorewall-masq.xml
View File

@ -86,9 +86,9 @@
firewall (Shorewall will use your main routing table to determine
the appropriate addresses to masquerade).</para>
<para>In order to exclude a addrress of the specified SOURCE, you
may append "!" and a comma-separated list of IP addresses (host or
net) that you wish to exclude.</para>
<para>In order to exclude a address of the specified SOURCE, you may
append "!" and a comma-separated list of IP addresses (host or net)
that you wish to exclude.</para>
<para>Example: eth1!192.168.1.4,192.168.32.0/27</para>
@ -104,7 +104,7 @@
<para>If you specify an address here, SNAT will be used and this
will be the source address. If ADD_SNAT_ALIASES is set to Yes or yes
in shorewall.conf(5) then Shorewall will automatically add this
address to the INTERFACE named in the first column. </para>
address to the INTERFACE named in the first column.</para>
<para>You may also specify a range of up to 256 IP addresses if you
want the SNAT address to be assigned from that range in a
@ -294,14 +294,14 @@
<listitem>
<para>You have a simple masquerading setup where eth0 connects to a
DSL or cable modem and eth1 connects to your local network with
subnet 192.168.0.0/24. </para>
subnet 192.168.0.0/24.</para>
<para>Your entry in the file can be either:</para>
<programlisting> #INTERFACE SOURCE
eth0 eth1</programlisting>
<para>or </para>
<para>or</para>
<programlisting> #INTERFACE SOURCE
eth0 192.168.0.0/24</programlisting>
@ -340,8 +340,8 @@
<listitem>
<para>You want all outgoing traffic from 192.168.1.0/24 through eth0
to use source address 206.124.146.176 which is NOT the primary
address of eth0. You want 206.124.146.176 added to be added to eth0
with name eth0:0.</para>
address of eth0. You want 206.124.146.176 to be added to eth0 with
name eth0:0.</para>
<programlisting> #INTERFACE SOURCE ADDRESS
eth0:0 192.168.1.0/24 206.124.146.176</programlisting>

17
manpages/shorewall-policy.xml
View File

@ -36,7 +36,7 @@
<important>
<para>Intra-zone policies are pre-defined</para>
<para>For $FW and for all of the zoned defined in /etc/shorewall/zones,
<para>For $FW and for all of the zones defined in /etc/shorewall/zones,
the POLICY for connections from the zone to itself is ACCEPT (with no
logging or TCP connection rate limiting but may be overridden by an
entry in this file. The overriding entry must be explicit (cannot use
@ -121,9 +121,10 @@
SOURCE to this DEST. Shorewall will not create any
infrastructure to handle such packets and you may not have any
rules with this SOURCE and DEST in the /etc/shorewall/rules
file such a packet _is_ received, the result is undefined.
NONE may not be used if the SOURCE or DEST columns contain the
firewall zone ($FW) or "all".</para>
file. If such a packet <emphasis role="bold">is</emphasis>
received, the result is undefined. NONE may not be used if the
SOURCE or DEST columns contain the firewall zone ($FW) or
"all".</para>
</listitem>
</varlistentry>
</variablelist>
@ -163,11 +164,11 @@
levels.</para>
<para>You may also specify ULOG (must be in upper case). This will
log to the ULOG target and sent to a separate log through use of
ulogd (http://www.gnumonks.org/projects/ulogd).</para>
log to the ULOG target and will send to a separate log through use
of ulogd (http://www.gnumonks.org/projects/ulogd).</para>
<para>If you don't want to log but need to specify the following
column, place "-" here. </para>
column, place "-" here.</para>
</listitem>
</varlistentry>
@ -177,7 +178,7 @@
<listitem>
<para>If passed, specifies the maximum TCP connection rate and the
size of an acceptable burst. If not specified, TCP connections are
not limited. </para>
not limited.</para>
</listitem>
</varlistentry>
</variablelist>

8
manpages/shorewall-providers.xml
View File

@ -163,9 +163,9 @@
<term><emphasis role="bold">optional</emphasis></term>
<listitem>
<para> If the interface named in the INTERFACE column is not
up and configured with an IPv4 address then ignore this
provider. </para>
<para>If the interface named in the INTERFACE column is not up
and configured with an IPv4 address then ignore this
provider.</para>
</listitem>
</varlistentry>
</variablelist>
@ -176,7 +176,7 @@
<term><emphasis role="bold">COPY</emphasis></term>
<listitem>
<para>A comma-separated lists of other interfaces on your firewall.
<para>A comma-separated list of other interfaces on your firewall.
Usually used only when DUPLICATE is 'main'. Only copy routes through
INTERFACE and through interfaces listed here. If you only wish to
copy routes through INTERFACE, enter 'none' here.</para>

8
manpages/shorewall-route_rules.xml
View File

@ -21,7 +21,7 @@
<refsect1>
<title>Description</title>
<para> Entries in this file cause traffic to be routed to one of the
<para>Entries in this file cause traffic to be routed to one of the
providers listed in shorewall-providers(5).</para>
<para>The columns in the file are as follows.</para>
@ -40,7 +40,7 @@
</varlistentry>
<varlistentry>
<term> <emphasis role="bold">DEST</emphasis> (Optional)</term>
<term><emphasis role="bold">DEST</emphasis> (Optional)</term>
<listitem>
<para>An ip address (network or host) that matches the destination
@ -70,7 +70,7 @@
<term><emphasis role="bold">PRIORITY</emphasis></term>
<listitem>
<para> The rule's priority which determines the order in which the
<para>The rule's priority which determines the order in which the
rules are processed.</para>
<variablelist>
@ -133,7 +133,7 @@
multiple providers. In this case you have to set up a rule to ensure
that the OpenVPN traffic is routed back through the tunX
interface(s) rather than through any of the providers. 10.8.0.0/24
is the subnet choosen in your OpenVPN configuration (server 10.8.0.0
is the subnet chosen in your OpenVPN configuration (server 10.8.0.0
255.255.255.0).</para>
<programlisting> #SOURCE DEST PROVIDER PRIORITY

20
manpages/shorewall-rules.xml
View File

@ -265,7 +265,7 @@
<listitem>
<para>the rest of the line will be attached as a comment to
the Netfilter rule(s) generated by the following entres. The
the Netfilter rule(s) generated by the following entrIes. The
comment will appear delimited by "/* ... */" in the output of
"shorewall show &lt;chain&gt;". To stop the comment from being
attached to further rules, simply include COMMENT on a line by
@ -378,7 +378,7 @@
<para>Hosts may be specified as an IP address range using the syntax
<emphasis>lowaddress</emphasis>-<emphasis>highaddress</emphasis>.
This requires that your kernel and iptables contain iprange match
support. If you kernel and iptables have ipset match support then
support. If your kernel and iptables have ipset match support then
you may give the name of an ipset prefaced by "+". The ipset name
may be optionally followed by a number from 1 to 6 enclosed in
square brackets ([]) to indicate the number of levels of source
@ -388,7 +388,7 @@
<variablelist>
<varlistentry>
<term>dmz:192.168.2.2 </term>
<term>dmz:192.168.2.2</term>
<listitem>
<para>Host 192.168.2.2 in the DMZ</para>
@ -497,7 +497,7 @@
firewall will not modifiy the destination port. A destination port
may only be included if the <emphasis role="bold">ACTION</emphasis>
is <emphasis role="bold">DNAT</emphasis> or <emphasis
role="bold">REDIRECT</emphasis>. Example: </para>
role="bold">REDIRECT</emphasis>. Example:</para>
<variablelist>
<varlistentry>
@ -593,11 +593,11 @@
<para>If you don't want to restrict client ports but need to specify
an <emphasis role="bold">ORIGINAL DEST</emphasis> in the next
column, then place "-" in this column. </para>
column, then place "-" in this column.</para>
<para>If your kernel contains multi-port match support, then only a
single Netfilter rule will be generated if in this list and the
<emphasis role="bold">DEST PORT(S)</emphasis> list above: </para>
<emphasis role="bold">DEST PORT(S)</emphasis> list above:</para>
<para>1. There are 15 or less ports listed.</para>
@ -650,8 +650,8 @@
<term><emphasis role="bold">RATE LIMIT</emphasis> (Optional)</term>
<listitem>
<para>You may rate-limit the rule by placing a value in this column:
</para>
<para>You may rate-limit the rule by placing a value in this
column:</para>
<para><emphasis>rate</emphasis>/<emphasis>interval</emphasis>[:<emphasis>burst</emphasis>]
where <emphasis>rate</emphasis> is the number of connections per
@ -675,8 +675,8 @@
<para>The column may contain:</para>
<para>[!][<emphasis>user name or number</emphasis>][:<emphasis>group
name or number</emphasis>][+<emphasis>program name</emphasis>]
</para>
name or number</emphasis>][+<emphasis>program
name</emphasis>]</para>
<para>When this column is non-empty, the rule applies only if the
program generating the output is running under the effective