Don't allow the -p start/stop option with Shorewall6; remove Shorewall-shell/Shorewall-perl references from the 'shorewall' manpage

This commit is contained in:
Tom Eastep 2009-07-15 13:47:16 -07:00
parent 6c1a500408
commit 73b9f04fc6
3 changed files with 12 additions and 44 deletions

View File

@ -445,11 +445,6 @@ start_command() {
FAST=Yes
option=${option#f}
;;
p*)
[ -n "$(which conntrack)" ] || fatal_error "The '-p' option requires the conntrack utility which does not appear to be installed on this system"
PURGE=Yes
option=${option%p}
;;
*)
usage 1
;;
@ -1381,11 +1376,11 @@ usage() # $1 = exit status
echo " reject <address> ..."
echo " reload [ -s ] [ -c ] [ -r <root user> ] [ <directory> ] <system>"
echo " reset [ <chain> ... ]"
echo " restart [ -n ] [ -p ] [ -f ] [ <directory> ]"
echo " restart [ -n ] [ -f ] [ <directory> ]"
echo " restore [ -n ] [ <file name> ]"
echo " save [ <file name> ]"
echo " show [ -x ] [ -m ] [-f] [ -t {filter|mangle} ] [ {chain [<chain> [ <chain> ... ]|actions|capabilities|classifiers|config|connections|filters|ip|log|macros|mangle|nat|raw|routing|tc|vardir|zones} ]"
echo " start [ -f ] [ -n ] [ -p ] [ <directory> ]"
echo " start [ -f ] [ -n ] [ <directory> ]"
echo " stop [ -f ]"
echo " status"
echo " try <directory> [ <timeout> ]"

View File

@ -683,13 +683,12 @@
-f capabilities &gt; capabilities</emphasis> on a system with
Shorewall Lite installed.</para>
<para>The <option>-d</option> option only works when the compiler is
Shorewall-perl. It causes the compiler to be run under control of
the Perl debugger.</para>
<para>The <option>-d</option> option causes the compiler to be run
under control of the Perl debugger.</para>
<para>The <option>-p</option> option only works when the compiler is
Shorewall-perl. It causes the compiler to be profiled via the Perl
<option>-wd:DProf</option> command-line option.</para>
<para>The <option>-p</option> option causes the compiler to be
profiled via the Perl <option>-wd:DProf</option> command-line
option.</para>
</listitem>
</varlistentry>
@ -741,9 +740,9 @@
Shorewall-perl. It causes the compiler to be run under control of
the Perl debugger.</para>
<para>The <option>-p</option> option only works when the compiler is
Shorewall-perl. It causes the compiler to be profiled via the Perl
<option>-wd:DProf</option> command-line option.</para>
<para>The <option>-p</option> option causes the compiler to be
profiled via the Perl <option>-wd:DProf</option> command-line
option.</para>
</listitem>
</varlistentry>
@ -979,24 +978,14 @@
<term><emphasis role="bold">refresh</emphasis></term>
<listitem>
<para>Shorewall-shell: The rules involving the the black list, ECN
control rules, and traffic shaping are recreated to reflect any
changes made to your configuration files. Existing connections are
untouched.</para>
<para>Shorewall-perl: All steps performed by
<command>restart</command> are performed by
<command>refresh</command> with the exception that
<para>All steps performed by <command>restart</command> are
performed by <command>refresh</command> with the exception that
<command>refresh</command> only recreates the chains specified in
the command while <command>restart</command> recreates the entire
Netfilter ruleset. If no <replaceable>chain</replaceable> is given,
the static blacklisting chain <emphasis
role="bold">blacklst</emphasis> is assumed.</para>
<para><emphasis role="bold">Note</emphasis>: Specifying chains in
the command requires Shorewall-perl 4.0.3 or later. Earlier versions
only refresh the blacklst chain</para>
<para>The listed chains are assumed to be in the filter table. You
can refresh chains in other tables by prefixing the chain name with
the table name followed by ":" (e.g., nat:net_dnat). Chain names

View File

@ -71,8 +71,6 @@
<arg><option>-d</option></arg>
<arg><option>-p</option></arg>
<arg><replaceable>directory</replaceable></arg>
<arg choice="opt"><replaceable>pathname</replaceable></arg>
@ -298,8 +296,6 @@
<arg><option>-n</option></arg>
<arg><option>-p</option></arg>
<arg><option>-f</option></arg>
<arg><replaceable>directory</replaceable></arg>
@ -330,8 +326,6 @@
<arg><option>-d</option></arg>
<arg><option>-p</option></arg>
<arg><replaceable>directory</replaceable></arg>
</cmdsynopsis>
@ -346,8 +340,6 @@
<arg><option>-d</option></arg>
<arg><option>-p</option></arg>
<arg><replaceable>directory</replaceable></arg>
</cmdsynopsis>
@ -905,10 +897,6 @@
<para>The <option>-n</option> option causes Shorewall6 to avoid
updating the routing table(s).</para>
<para>The <option>-p</option> option causes the connection tracking
table to be flushed; the <command>conntrack</command> utility must
be installed to use this option.</para>
<para>The <option>-f</option> option suppresses the compilation step
and simply reused the compiled script which last started/restarted
Shorewall6.</para>
@ -1146,10 +1134,6 @@
<para>The <option>-n</option> option causes Shorewall6 to avoid
updating the routing table(s).</para>
<para>The <option>-p</option> option causes the connection tracking
table to be flushed; the <command>conntrack</command> utility must
be installed to use this option.</para>
</listitem>
</varlistentry>