Change references to 'recent set' to 'recent list' to match -m recent documentation

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9567 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-12-22 06:10:42 +01:00 · 2009-03-01 17:06:46 +00:00 · 2009-03-01 17:06:46 +00:00 · 757d0b8d7c
commit 757d0b8d7c
parent 5767a96005
4 changed files with 52 additions and 53 deletions
--- a/docs/Actions.xml
+++ b/docs/Actions.xml
@ -178,9 +178,9 @@ ACCEPT   -              -               tcp     135,139,445

    <orderedlist>
      <listitem>
-        <para>The name of a <quote>recent</quote> set; you select the set name
-        which must conform to the rules for a valid chain name. Different
-        rules that specify the same set name will use the same set of
+        <para>The name of a <quote>recent</quote> list. You select the list
+        name which must conform to the rules for a valid chain name. Different
+        rules that specify the same list name will use the same set of
        counters.</para>
      </listitem>

@ -196,7 +196,7 @@ ACCEPT   -              -               tcp     135,139,445

    <para>Connections that exceed the specified rate are dropped.</para>

-    <para>For example, to use a recent set name of <emphasis
+    <para>For example, to use a recent list name of <emphasis
    role="bold">SSHA</emphasis>, and to limit SSH connections to 3 per minute,
    use this entry in <filename>/etc/shorewall/rules</filename>:</para>

@ -219,7 +219,7 @@ Limit:info:SSHA,3,60   net               $FW            tcp         22</programl
      </listitem>

      <listitem>
-        <para>The name of the recent set that you want to use
+        <para>The name of the recent list that you want to use
        (<quote>SSHA</quote> in this example).</para>
      </listitem>

@ -242,10 +242,10 @@ Limit:info:SSHA,3,60   net               $FW            tcp         22</programl

      <programlisting>my @tag = split /,/, $tag;

-fatal_error 'Limit rules must include &lt;set name&gt;,&lt;max connections&gt;,&lt;interval&gt; as the log tag (' . join( ':', 'Limit', $level eq '' ? 'none' : $level , $tag ) . ')'
+fatal_error 'Limit rules must include &lt;list name&gt;,&lt;max connections&gt;,&lt;interval&gt; as the log tag (' . join( ':', 'Limit', $level eq '' ? 'none' : $level , $tag ) . ')'
    unless @tag == 3;

-my $set = $tag[0];
+my $list = $tag[0];

 for ( @tag[1,2] ) {
    fatal_error 'Max connections and interval in Limit rules must be numeric (' . join( ':', 'Limit', $level eq '' ? 'none' : $level, $tag ) . ')' unless /^\d+$/
@ -253,15 +253,15 @@ for ( @tag[1,2] ) {

 my $count = $tag[1] + 1;

-add_rule $chainref, "-m recent --name $set --set";
+add_rule $chainref, "-m recent --name $list --set";

 if ( $level ) {
    my $xchainref = new_chain 'filter' , "$chainref-&gt;{name}%";
    log_rule_limit $level, $xchainref, $tag[0], 'DROP', '', '', 'add', '';
    add_rule $xchainref, '-j DROP';
-    add_rule $chainref,  "-m recent --name $set --update --seconds $tag[2] --hitcount $count -j $xchainref-&gt;{name}";
+    add_rule $chainref,  "-m recent --name $list --update --seconds $tag[2] --hitcount $count -j $xchainref-&gt;{name}";
 } else {
-    add_rule $chainref, "-m recent --update --name $set --seconds $tag[2] --hitcount $count -j DROP";
+    add_rule $chainref, "-m recent --update --name $list --seconds $tag[2] --hitcount $count -j DROP";
 }

 add_rule $chainref, '-j ACCEPT';
--- a/docs/Shorewall-perl.xml
+++ b/docs/Shorewall-perl.xml
@ -96,35 +96,8 @@

      <orderedlist>
        <listitem>
-          <para>The Perl-based compiler requires the following capabilities in
-          your kernel and iptables.</para>
-
-          <itemizedlist>
-            <listitem>
-              <para>addrtype match (Restriction relaxed in Shorewall-perl
-              4.0.1)</para>
-            </listitem>
-
-            <listitem>
-              <para>multiport match (will not be relaxed)</para>
-            </listitem>
-          </itemizedlist>
-
-          <para>These capabilities are in current distributions.</para>
-        </listitem>
-
-        <listitem>
-          <para>Now that Netfilter has features to deal reasonably with port
-          lists, I see no reason to duplicate those features in Shorewall. The
-          Shorewall-shell compiler goes to great pain (in some cases) to break
-          very long port lists ( &gt; 15 where port ranges in lists count as
-          two ports) into individual rules. In the new compiler, I'm avoiding
-          the ugliness required to do that for source port lists. The new
-          compiler just generates an error if your source list is too long
-          (beginning with Shorewall 4.0.5, the compiler will break rules with
-          a long destination port list into multiple rules).. It will also
-          produce an error if you insert a port range into a port list and you
-          don't have extended multiport support.</para>
+          <para>The Perl-based compiler requires multiport match in your
+          kernel and iptables.</para>
        </listitem>

        <listitem>
@ -134,6 +107,12 @@
          is provided by Shorewall-perl.</para>
        </listitem>

+        <listitem>
+          <para>DYNAMIC_ZONES=Yes is not supported. <ulink
+          url="ipsets.html#Dynamic">Use an ipset </ulink>to define your
+          dytnamic zones.</para>
+        </listitem>
+
        <listitem>
          <para>The BROADCAST column in the interfaces file is essentially
          unused if your kernel/iptables has Address Type Match support. If
@ -490,9 +469,8 @@ eth0             eth1:!192.168.4.9       ...</programlisting></para>

        <listitem>
          <para>The PKTTYPE option is ignored by Shorewall-perl.
-          Shorewall-perl 4.0.0 requires Address type match. Shorewall-perl
-          versions 4.0.1 and later will use Address type match if it is
-          available; otherwise, they will behave as if PKTTYPE=No had been
+          Shorewall-perl will use Address type match if it is available;
+          otherwise, it will behave as if PKTTYPE=No had been
          specified.</para>
        </listitem>

@ -531,9 +509,9 @@ ACCEPT loc:eth0:192.168.1.3,eth0:192.168.1.5   $fw  tcp   22</programlisting>
        </listitem>

        <listitem>
-          <para>Beginning in Shorewall 4.2.0, Shorewall-perl gives a warning
-          if a zone name is entered in the DEST column of a
-          <firstterm>nonat</firstterm> rule. Nonat rules include:</para>
+          <para>Shorewall-perl gives a warning if a zone name is entered in
+          the DEST column of a <firstterm>nonat</firstterm> rule. Nonat rules
+          include:</para>

          <itemizedlist>
            <listitem>
@ -565,7 +543,8 @@ DNAT-              net                192.168.1.3      tcp          21</programl
      footprint. This makes Shorewall-perl less desirable in an embedded
      environment. The best way to work around this limitation is to install
      Shorewall-perl on an administrative system and employ Shorewall-lite on
-      your embedded systems.</para>
+      your embedded systems. Shorewall-perl will run on Windows under <ulink
+      url="http://www.cygwin.com/">Cygwin</ulink>.</para>
    </section>
  </section>

--- a/docs/shorewall_features.xml
+++ b/docs/shorewall_features.xml
@ -16,7 +16,7 @@
    <pubdate><?dbtimestamp format="Y/m/d"?></pubdate>

    <copyright>
-      <year>2001-2008</year>
+      <year>2001-2009</year>

      <holder>Thomas M Eastep</holder>
    </copyright>
@ -33,9 +33,9 @@
  </articleinfo>

  <caution>
-    <para><emphasis role="bold">This article applies to Shorewall 3.0 and
+    <para><emphasis role="bold">This article applies to Shorewall 4.3 and
    later. If you are running a version of Shorewall earlier than Shorewall
-    3.0.0 then please see the documentation for that
+    4.3.5 then please see the documentation for that
    release.</emphasis></para>
  </caution>

@ -79,6 +79,25 @@
        </itemizedlist>
      </listitem>

+      <listitem>
+        <para>Supports <emphasis role="bold">centralized firewall
+        administration</emphasis>.</para>
+
+        <itemizedlist>
+          <listitem>
+            <para>Shorewall installed on a single administrative system. May
+            be a <trademark>Windows</trademark> PC running
+            <trademark>Cygwin</trademark>.</para>
+          </listitem>
+
+          <listitem>
+            <para>Centrally generated firewall scripts run on the firewalls
+            under control of <ulink
+            url="CompiledPrograms.html#Lite">Shorewall-lite</ulink>.</para>
+          </listitem>
+        </itemizedlist>
+      </listitem>
+
      <listitem>
        <para><ulink url="shorewall_quickstart_guide.htm">QuickStart Guides
        (HOWTOs)</ulink> to help get your first firewall up and running
@ -188,8 +207,8 @@
        <itemizedlist>
          <listitem>
            <para><ulink url="Install.htm#Install_RPM">RPM</ulink> and <ulink
-            url="http://idea.sec.dico.unimi.it/%7Elorenzo/index.html#Debian">Debian</ulink>
-            packages available.</para>
+            url="http://www.debian.org">Debian</ulink> packages
+            available.</para>
          </listitem>

          <listitem>
--- a/docs/upgrade_issues.xml
+++ b/docs/upgrade_issues.xml
@ -69,8 +69,9 @@
      <member><literal>eth3:192.0.2.123</literal></member>
    </simplelist>

-    <para>You can use the <command moreinfo="none">shorewall check</command>
-    command to see the groups associated with each of your zones.</para>
+    <para>You can use the <command moreinfo="none">shorewall show
+    zones</command> command to see the groups associated with each of your
+    zones.</para>
  </section>

  <section>