Change references to 'recent set' to 'recent list' to match -m recent documentation

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9567 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

docs/Actions.xml

@@ -178,9 +178,9 @@ ACCEPT   -              -               tcp     135,139,445
 
     <orderedlist>
       <listitem>
-        <para>The name of a <quote>recent</quote> set; you select the set name
+        <para>The name of a <quote>recent</quote> list. You select the list
-        which must conform to the rules for a valid chain name. Different
+        name which must conform to the rules for a valid chain name. Different
-        rules that specify the same set name will use the same set of
+        rules that specify the same list name will use the same set of
         counters.</para>
       </listitem>
 
@@ -196,7 +196,7 @@ ACCEPT   -              -               tcp     135,139,445
 
     <para>Connections that exceed the specified rate are dropped.</para>
 
-    <para>For example, to use a recent set name of <emphasis
+    <para>For example, to use a recent list name of <emphasis
     role="bold">SSHA</emphasis>, and to limit SSH connections to 3 per minute,
     use this entry in <filename>/etc/shorewall/rules</filename>:</para>
 
@@ -219,7 +219,7 @@ Limit:info:SSHA,3,60   net               $FW            tcp         22</programl
       </listitem>
 
       <listitem>
-        <para>The name of the recent set that you want to use
+        <para>The name of the recent list that you want to use
         (<quote>SSHA</quote> in this example).</para>
       </listitem>
 
@@ -242,10 +242,10 @@ Limit:info:SSHA,3,60   net               $FW            tcp         22</programl
 
       <programlisting>my @tag = split /,/, $tag;
 
-fatal_error 'Limit rules must include &lt;set name&gt;,&lt;max connections&gt;,&lt;interval&gt; as the log tag (' . join( ':', 'Limit', $level eq '' ? 'none' : $level , $tag ) . ')'
+fatal_error 'Limit rules must include &lt;list name&gt;,&lt;max connections&gt;,&lt;interval&gt; as the log tag (' . join( ':', 'Limit', $level eq '' ? 'none' : $level , $tag ) . ')'
     unless @tag == 3;
 
-my $set = $tag[0];
+my $list = $tag[0];
 
 for ( @tag[1,2] ) {
     fatal_error 'Max connections and interval in Limit rules must be numeric (' . join( ':', 'Limit', $level eq '' ? 'none' : $level, $tag ) . ')' unless /^\d+$/
@@ -253,15 +253,15 @@ for ( @tag[1,2] ) {
 
 my $count = $tag[1] + 1;
 
-add_rule $chainref, "-m recent --name $set --set";
+add_rule $chainref, "-m recent --name $list --set";
 
 if ( $level ) {
     my $xchainref = new_chain 'filter' , "$chainref-&gt;{name}%";
     log_rule_limit $level, $xchainref, $tag[0], 'DROP', '', '', 'add', '';
     add_rule $xchainref, '-j DROP';
-    add_rule $chainref,  "-m recent --name $set --update --seconds $tag[2] --hitcount $count -j $xchainref-&gt;{name}";
+    add_rule $chainref,  "-m recent --name $list --update --seconds $tag[2] --hitcount $count -j $xchainref-&gt;{name}";
 } else {
-    add_rule $chainref, "-m recent --update --name $set --seconds $tag[2] --hitcount $count -j DROP";
+    add_rule $chainref, "-m recent --update --name $list --seconds $tag[2] --hitcount $count -j DROP";
 }
 
 add_rule $chainref, '-j ACCEPT';

docs/Shorewall-perl.xml

@@ -96,35 +96,8 @@
 
       <orderedlist>
         <listitem>
-          <para>The Perl-based compiler requires the following capabilities in
+          <para>The Perl-based compiler requires multiport match in your
-          your kernel and iptables.</para>
+          kernel and iptables.</para>
-
-          <itemizedlist>
-            <listitem>
-              <para>addrtype match (Restriction relaxed in Shorewall-perl
-              4.0.1)</para>
-            </listitem>
-
-            <listitem>
-              <para>multiport match (will not be relaxed)</para>
-            </listitem>
-          </itemizedlist>
-
-          <para>These capabilities are in current distributions.</para>
-        </listitem>
-
-        <listitem>
-          <para>Now that Netfilter has features to deal reasonably with port
-          lists, I see no reason to duplicate those features in Shorewall. The
-          Shorewall-shell compiler goes to great pain (in some cases) to break
-          very long port lists ( &gt; 15 where port ranges in lists count as
-          two ports) into individual rules. In the new compiler, I'm avoiding
-          the ugliness required to do that for source port lists. The new
-          compiler just generates an error if your source list is too long
-          (beginning with Shorewall 4.0.5, the compiler will break rules with
-          a long destination port list into multiple rules).. It will also
-          produce an error if you insert a port range into a port list and you
-          don't have extended multiport support.</para>
         </listitem>
 
         <listitem>
@@ -134,6 +107,12 @@
           is provided by Shorewall-perl.</para>
         </listitem>
 
+        <listitem>
+          <para>DYNAMIC_ZONES=Yes is not supported. <ulink
+          url="ipsets.html#Dynamic">Use an ipset </ulink>to define your
+          dytnamic zones.</para>
+        </listitem>
+
         <listitem>
           <para>The BROADCAST column in the interfaces file is essentially
           unused if your kernel/iptables has Address Type Match support. If
@@ -490,9 +469,8 @@ eth0             eth1:!192.168.4.9       ...</programlisting></para>
 
         <listitem>
           <para>The PKTTYPE option is ignored by Shorewall-perl.
-          Shorewall-perl 4.0.0 requires Address type match. Shorewall-perl
+          Shorewall-perl will use Address type match if it is available;
-          versions 4.0.1 and later will use Address type match if it is
+          otherwise, it will behave as if PKTTYPE=No had been
-          available; otherwise, they will behave as if PKTTYPE=No had been
           specified.</para>
         </listitem>
 
@@ -531,9 +509,9 @@ ACCEPT loc:eth0:192.168.1.3,eth0:192.168.1.5   $fw  tcp   22</programlisting>
         </listitem>
 
         <listitem>
-          <para>Beginning in Shorewall 4.2.0, Shorewall-perl gives a warning
+          <para>Shorewall-perl gives a warning if a zone name is entered in
-          if a zone name is entered in the DEST column of a
+          the DEST column of a <firstterm>nonat</firstterm> rule. Nonat rules
-          <firstterm>nonat</firstterm> rule. Nonat rules include:</para>
+          include:</para>
 
           <itemizedlist>
             <listitem>
@@ -565,7 +543,8 @@ DNAT-              net                192.168.1.3      tcp          21</programl
       footprint. This makes Shorewall-perl less desirable in an embedded
       environment. The best way to work around this limitation is to install
       Shorewall-perl on an administrative system and employ Shorewall-lite on
-      your embedded systems.</para>
+      your embedded systems. Shorewall-perl will run on Windows under <ulink
+      url="http://www.cygwin.com/">Cygwin</ulink>.</para>
     </section>
   </section>
 

docs/shorewall_features.xml

@@ -16,7 +16,7 @@
     <pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
 
     <copyright>
-      <year>2001-2008</year>
+      <year>2001-2009</year>
 
       <holder>Thomas M Eastep</holder>
     </copyright>
@@ -33,9 +33,9 @@
   </articleinfo>
 
   <caution>
-    <para><emphasis role="bold">This article applies to Shorewall 3.0 and
+    <para><emphasis role="bold">This article applies to Shorewall 4.3 and
     later. If you are running a version of Shorewall earlier than Shorewall
-    3.0.0 then please see the documentation for that
+    4.3.5 then please see the documentation for that
     release.</emphasis></para>
   </caution>
 
@@ -79,6 +79,25 @@
         </itemizedlist>
       </listitem>
 
+      <listitem>
+        <para>Supports <emphasis role="bold">centralized firewall
+        administration</emphasis>.</para>
+
+        <itemizedlist>
+          <listitem>
+            <para>Shorewall installed on a single administrative system. May
+            be a <trademark>Windows</trademark> PC running
+            <trademark>Cygwin</trademark>.</para>
+          </listitem>
+
+          <listitem>
+            <para>Centrally generated firewall scripts run on the firewalls
+            under control of <ulink
+            url="CompiledPrograms.html#Lite">Shorewall-lite</ulink>.</para>
+          </listitem>
+        </itemizedlist>
+      </listitem>
+
       <listitem>
         <para><ulink url="shorewall_quickstart_guide.htm">QuickStart Guides
         (HOWTOs)</ulink> to help get your first firewall up and running
@@ -188,8 +207,8 @@
         <itemizedlist>
           <listitem>
             <para><ulink url="Install.htm#Install_RPM">RPM</ulink> and <ulink
-            url="http://idea.sec.dico.unimi.it/%7Elorenzo/index.html#Debian">Debian</ulink>
+            url="http://www.debian.org">Debian</ulink> packages
-            packages available.</para>
+            available.</para>
           </listitem>
 
           <listitem>

docs/upgrade_issues.xml

@@ -69,8 +69,9 @@
       <member><literal>eth3:192.0.2.123</literal></member>
     </simplelist>
 
-    <para>You can use the <command moreinfo="none">shorewall check</command>
+    <para>You can use the <command moreinfo="none">shorewall show
-    command to see the groups associated with each of your zones.</para>
+    zones</command> command to see the groups associated with each of your
+    zones.</para>
   </section>
 
   <section>