diff --git a/manpages/shorewall-actions.xml b/manpages/shorewall-actions.xml
index e2f00f468..02268d966 100644
--- a/manpages/shorewall-actions.xml
+++ b/manpages/shorewall-actions.xml
@@ -23,12 +23,12 @@
This file allows you to define new ACTIONS for use in rules (see
shorewall-rules(5)). You define the iptables rules to be performed in an
- ACTION in /etc/shorewall/action.action-name.
+ ACTION in /etc/shorewall/action.action-name.
ACTION names should begin with an upper-case letter to distinguish
them from Shorewall-generated chain names and they must meet the
requirements of a Netfilter chain. If you intend to log from the action
- then the name must be no longer than 11 character in length. Names must
+ then the name must be no longer than 11 characters in length. Names must
also meet the requirements for a Bourne Shell identifier (must begin with
a letter and be composed of letters, digits and underscore
characters).
diff --git a/manpages/shorewall-blacklist.xml b/manpages/shorewall-blacklist.xml
index 5585e2d15..ad7ef894c 100644
--- a/manpages/shorewall-blacklist.xml
+++ b/manpages/shorewall-blacklist.xml
@@ -22,7 +22,7 @@
Description
The blacklist file is used to perform static blacklisting. You can
- blacklist by source address (IP or MAC), or by application.
+ blacklist by source address (IP or MAC), or by application.
The columns in the file are as follows.
@@ -33,7 +33,7 @@
Host address, network address, MAC address, IP address range
(if your kernel and iptables contain iprange match support) or ipset
- name prefaced by "+" (i your kernel supports ipset match).
+ name prefaced by "+" (if your kernel supports ipset match).
MAC addresses must be prefixed with "~" and use "-" as a
separator.
@@ -97,7 +97,7 @@
Example 2:
- To block some of the nuisance applicataion:
+ To block some of the nuisance applications:
#ADDRESS/SUBNET PROTOCOL PORT
- udp 1024:1033,1434
diff --git a/manpages/shorewall-hosts.xml b/manpages/shorewall-hosts.xml
index 489088fc4..35fdf39cf 100644
--- a/manpages/shorewall-hosts.xml
+++ b/manpages/shorewall-hosts.xml
@@ -28,7 +28,7 @@
The order of entries in this file is not significant in determining
zone composition. Rather, the order that the zones are defined in
shorewall-zones(5) determines the order in which the records in this file
- are interpreted.
+ are interpreted.
The only time that you need this file is when you have more than
@@ -80,8 +80,8 @@
A physical port name; only allowed when the interface
names a bridge created by the brctl(8) addbr
command. This port must not be defined in
- shorewall-interfaces(5) and may optionally followed by a colon
- (":") and a host or network IP or a range. See
+ shorewall-interfaces(5) and may be optionally followed by a
+ colon (":") and a host or network IP or a range. See
http://www.shorewall.net/bridge.html for details. Specifying a
physical port name requires that you have BRIDGING=Yes in
shorewall.conf(5).
diff --git a/manpages/shorewall-interfaces.xml b/manpages/shorewall-interfaces.xml
index 1df218aeb..e99bb7eb5 100644
--- a/manpages/shorewall-interfaces.xml
+++ b/manpages/shorewall-interfaces.xml
@@ -202,7 +202,7 @@ loc eth2 -
/proc/sys/net/ipv4/conf/interface/proxy_arp.
Do NOT use this option if you are employing Proxy ARP through
entries in shorewall-proxyarp(5). This option is intended
- soley for use with Proxy ARP sub-networking as described at:
+ solely for use with Proxy ARP sub-networking as described at:
http://www.tldp.org/HOWTO/mini/Proxy-ARP-Subnet
@@ -247,7 +247,7 @@ loc eth2 -
interface
3 - do not reply for local addresses configured with
- scope host, only resolutions for global and link
+ scope host, only resolutions for global and link
4-7 - reserved
@@ -298,8 +298,8 @@ loc eth2 -
source-routed packets will not be accepted from that interface
(sets
/proc/sys/net/ipv4/conf/interface/accept_source_route
- to 1). Only set this option if you know what you are you
- doing. This might represent a security risk and is not usually
+ to 1). Only set this option if you know what you are doing.
+ This might represent a security risk and is not usually
needed.
@@ -326,7 +326,7 @@ loc eth2 -
Example 1:
- Suppose you have eth0 connected to a DSL modem and eth1
+ Suppose you have eth0 connected to a DSL modem and eth1
connected to your local network and that your local subnet is
192.168.1.0/24. The interface gets it's IP address via DHCP from
subnet 206.191.149.192/27. You have a DMZ with subnet 192.168.2.0/24
diff --git a/manpages/shorewall-masq.xml b/manpages/shorewall-masq.xml
index fcb3ed3d6..f46e50755 100644
--- a/manpages/shorewall-masq.xml
+++ b/manpages/shorewall-masq.xml
@@ -86,9 +86,9 @@
firewall (Shorewall will use your main routing table to determine
the appropriate addresses to masquerade).
- In order to exclude a addrress of the specified SOURCE, you
- may append "!" and a comma-separated list of IP addresses (host or
- net) that you wish to exclude.
+ In order to exclude a address of the specified SOURCE, you may
+ append "!" and a comma-separated list of IP addresses (host or net)
+ that you wish to exclude.
Example: eth1!192.168.1.4,192.168.32.0/27
@@ -104,7 +104,7 @@
If you specify an address here, SNAT will be used and this
will be the source address. If ADD_SNAT_ALIASES is set to Yes or yes
in shorewall.conf(5) then Shorewall will automatically add this
- address to the INTERFACE named in the first column.
+ address to the INTERFACE named in the first column.
You may also specify a range of up to 256 IP addresses if you
want the SNAT address to be assigned from that range in a
@@ -294,14 +294,14 @@
You have a simple masquerading setup where eth0 connects to a
DSL or cable modem and eth1 connects to your local network with
- subnet 192.168.0.0/24.
+ subnet 192.168.0.0/24.
Your entry in the file can be either:
#INTERFACE SOURCE
eth0 eth1
- or
+ or
#INTERFACE SOURCE
eth0 192.168.0.0/24
@@ -340,8 +340,8 @@
You want all outgoing traffic from 192.168.1.0/24 through eth0
to use source address 206.124.146.176 which is NOT the primary
- address of eth0. You want 206.124.146.176 added to be added to eth0
- with name eth0:0.
+ address of eth0. You want 206.124.146.176 to be added to eth0 with
+ name eth0:0.
#INTERFACE SOURCE ADDRESS
eth0:0 192.168.1.0/24 206.124.146.176
diff --git a/manpages/shorewall-policy.xml b/manpages/shorewall-policy.xml
index 5e8c98030..694bf9789 100644
--- a/manpages/shorewall-policy.xml
+++ b/manpages/shorewall-policy.xml
@@ -36,7 +36,7 @@
Intra-zone policies are pre-defined
- For $FW and for all of the zoned defined in /etc/shorewall/zones,
+ For $FW and for all of the zones defined in /etc/shorewall/zones,
the POLICY for connections from the zone to itself is ACCEPT (with no
logging or TCP connection rate limiting but may be overridden by an
entry in this file. The overriding entry must be explicit (cannot use
@@ -121,9 +121,10 @@
SOURCE to this DEST. Shorewall will not create any
infrastructure to handle such packets and you may not have any
rules with this SOURCE and DEST in the /etc/shorewall/rules
- file such a packet _is_ received, the result is undefined.
- NONE may not be used if the SOURCE or DEST columns contain the
- firewall zone ($FW) or "all".
+ file. If such a packet is
+ received, the result is undefined. NONE may not be used if the
+ SOURCE or DEST columns contain the firewall zone ($FW) or
+ "all".
@@ -163,11 +164,11 @@
levels.
You may also specify ULOG (must be in upper case). This will
- log to the ULOG target and sent to a separate log through use of
- ulogd (http://www.gnumonks.org/projects/ulogd).
+ log to the ULOG target and will send to a separate log through use
+ of ulogd (http://www.gnumonks.org/projects/ulogd).
If you don't want to log but need to specify the following
- column, place "-" here.
+ column, place "-" here.
@@ -177,7 +178,7 @@
If passed, specifies the maximum TCP connection rate and the
size of an acceptable burst. If not specified, TCP connections are
- not limited.
+ not limited.
diff --git a/manpages/shorewall-providers.xml b/manpages/shorewall-providers.xml
index 45fe24858..86a27a49f 100644
--- a/manpages/shorewall-providers.xml
+++ b/manpages/shorewall-providers.xml
@@ -163,9 +163,9 @@
optional
- If the interface named in the INTERFACE column is not
- up and configured with an IPv4 address then ignore this
- provider.
+ If the interface named in the INTERFACE column is not up
+ and configured with an IPv4 address then ignore this
+ provider.
@@ -176,7 +176,7 @@
COPY
- A comma-separated lists of other interfaces on your firewall.
+ A comma-separated list of other interfaces on your firewall.
Usually used only when DUPLICATE is 'main'. Only copy routes through
INTERFACE and through interfaces listed here. If you only wish to
copy routes through INTERFACE, enter 'none' here.
diff --git a/manpages/shorewall-route_rules.xml b/manpages/shorewall-route_rules.xml
index fed5dd78d..ecf59fae6 100644
--- a/manpages/shorewall-route_rules.xml
+++ b/manpages/shorewall-route_rules.xml
@@ -21,7 +21,7 @@
Description
- Entries in this file cause traffic to be routed to one of the
+ Entries in this file cause traffic to be routed to one of the
providers listed in shorewall-providers(5).
The columns in the file are as follows.
@@ -40,7 +40,7 @@
- DEST (Optional)
+ DEST (Optional)
An ip address (network or host) that matches the destination
@@ -70,7 +70,7 @@
PRIORITY
- The rule's priority which determines the order in which the
+ The rule's priority which determines the order in which the
rules are processed.
@@ -133,7 +133,7 @@
multiple providers. In this case you have to set up a rule to ensure
that the OpenVPN traffic is routed back through the tunX
interface(s) rather than through any of the providers. 10.8.0.0/24
- is the subnet choosen in your OpenVPN configuration (server 10.8.0.0
+ is the subnet chosen in your OpenVPN configuration (server 10.8.0.0
255.255.255.0).
#SOURCE DEST PROVIDER PRIORITY
diff --git a/manpages/shorewall-rules.xml b/manpages/shorewall-rules.xml
index 6ce02e567..1ebe41e64 100644
--- a/manpages/shorewall-rules.xml
+++ b/manpages/shorewall-rules.xml
@@ -265,7 +265,7 @@
the rest of the line will be attached as a comment to
- the Netfilter rule(s) generated by the following entres. The
+ the Netfilter rule(s) generated by the following entrIes. The
comment will appear delimited by "/* ... */" in the output of
"shorewall show <chain>". To stop the comment from being
attached to further rules, simply include COMMENT on a line by
@@ -378,7 +378,7 @@
Hosts may be specified as an IP address range using the syntax
lowaddress-highaddress.
This requires that your kernel and iptables contain iprange match
- support. If you kernel and iptables have ipset match support then
+ support. If your kernel and iptables have ipset match support then
you may give the name of an ipset prefaced by "+". The ipset name
may be optionally followed by a number from 1 to 6 enclosed in
square brackets ([]) to indicate the number of levels of source
@@ -388,7 +388,7 @@
- dmz:192.168.2.2
+ dmz:192.168.2.2
Host 192.168.2.2 in the DMZ
@@ -497,7 +497,7 @@
firewall will not modifiy the destination port. A destination port
may only be included if the ACTION
is DNAT or REDIRECT. Example:
+ role="bold">REDIRECT. Example:
@@ -593,11 +593,11 @@
If you don't want to restrict client ports but need to specify
an ORIGINAL DEST in the next
- column, then place "-" in this column.
+ column, then place "-" in this column.
If your kernel contains multi-port match support, then only a
single Netfilter rule will be generated if in this list and the
- DEST PORT(S) list above:
+ DEST PORT(S) list above:
1. There are 15 or less ports listed.
@@ -650,8 +650,8 @@
RATE LIMIT (Optional)
- You may rate-limit the rule by placing a value in this column:
-
+ You may rate-limit the rule by placing a value in this
+ column:
rate/interval[:burst]
where rate is the number of connections per
@@ -675,8 +675,8 @@
The column may contain:
[!][user name or number][:group
- name or number][+program name]
-
+ name or number][+program
+ name]
When this column is non-empty, the rule applies only if the
program generating the output is running under the effective