Update manpages for interface exclusion

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2025-06-20 09:47:51 +02:00 · 2018-06-15 08:23:35 -07:00 · 2018-06-15 08:23:35 -07:00 · 780eb0402c
commit 780eb0402c
parent bfb9852eb6
3 changed files with 48 additions and 12 deletions
--- a/Shorewall/manpages/shorewall-addresses.xml
+++ b/Shorewall/manpages/shorewall-addresses.xml
@ -107,6 +107,10 @@
        <para>INTERFACE — The name of an interface that matches an entry in
        <filename>/etc/shorewall/interfaces</filename>
        (<filename>/etc/shorewall6/interfaces</filename>).</para>
        <para>Beginning with Shorweall 5.2.1, the
        <replaceable>interface</replaceable> may be preceded with '!' which
        matches all interfaces except the one specified.</para>
      </listitem>
      <listitem>
--- a/Shorewall/manpages/shorewall-mangle.xml
+++ b/Shorewall/manpages/shorewall-mangle.xml
@ -857,15 +857,20 @@ Normal-Service       =&gt; 0x00</programlisting>
          <variablelist>
            <varlistentry>
-              <term><replaceable>interface</replaceable></term>
+              <term>[!]<replaceable>interface</replaceable></term>
              <listitem>
                <para>where <replaceable>interface</replaceable> is the
-                logical name of an interface defined in <ulink
+                logical name of an <replaceable>interface</replaceable>
                defined in <ulink
                url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5).
                Matches packets entering the firewall from the named
                interface. May not be used in CLASSIFY rules or in rules using
                the :T chain qualifier.</para>
                <para>Beginning with Shorweall 5.2.1, the
                <replaceable>interface</replaceable> may be preceded with '!'
                which matches all interfaces except the one specified.</para>
              </listitem>
            </varlistentry>
@ -899,23 +904,31 @@ Normal-Service       =&gt; 0x00</programlisting>
            </varlistentry>
            <varlistentry>
-              <term><replaceable>interface</replaceable>:<replaceable>address</replaceable>,[...][<replaceable>exclusion</replaceable>]</term>
+              <term>[!]<replaceable>interface</replaceable>:<replaceable>address</replaceable>,[...][<replaceable>exclusion</replaceable>]</term>
              <listitem>
                <para>This form combines the preceding two forms and matches
                when both the incoming interface and source IP address
                match.</para>
                <para>Beginning with Shorweall 5.2.1, the
                <replaceable>interface</replaceable> may be preceded with '!'
                which matches all interfaces except the one specified.</para>
              </listitem>
            </varlistentry>
            <varlistentry>
-              <term><replaceable>interface</replaceable>:<replaceable>exclusion</replaceable></term>
+              <term>[!]<replaceable>interface</replaceable>:<replaceable>exclusion</replaceable></term>
              <listitem>
                <para>This form matches packets arriving through the named
                <replaceable>interface</replaceable> and whose source IP
                address does not match any of the addresses in the
                <replaceable>exclusion</replaceable>.</para>
                <para>Beginning with Shorweall 5.2.1, the
                <replaceable>interface</replaceable> may be preceded with '!'
                which matches all interfaces except the one specified.</para>
              </listitem>
            </varlistentry>
--- a/Shorewall/manpages/shorewall-rules.xml
+++ b/Shorewall/manpages/shorewall-rules.xml
@ -461,8 +461,7 @@
              <listitem>
                <para>Added in Shorewall 4.5.16. This action allows you to
                construct most of the rule yourself using iptables syntax. The
-                part that you specify must follow two semicolons (';;')
+                part that you specify must follow two semicolons (';;') and is
 		and is
                completely free-form. If the target of the rule (the part
                following 'j') is something that Shorewall supports in the
                ACTION column, then you may enclose it in parentheses (e.g.,
@ -1046,7 +1045,7 @@
            </varlistentry>
            <varlistentry>
-              <term><replaceable>zone</replaceable>:<replaceable>interface</replaceable></term>
+              <term><replaceable>zone</replaceable>:[!]<replaceable>interface</replaceable></term>
              <listitem>
                <para>When this form is used,
@ -1059,6 +1058,11 @@
                Only packets from hosts in the <replaceable>zone</replaceable>
                that arrive through the named interface will match the
                rule.</para>
                <para>Beginning with Shorweall 5.2.1, the
                <replaceable>interface</replaceable> may be preceded with '!'
                which matches all interfaces associated with the zone except
                the one specified.</para>
              </listitem>
            </varlistentry>
@ -1397,7 +1401,7 @@
            </varlistentry>
            <varlistentry>
-              <term><replaceable>zone</replaceable>:<replaceable>interface</replaceable></term>
+              <term><replaceable>zone</replaceable>:[!]<replaceable>interface</replaceable></term>
              <listitem>
                <para>When this form is used,
@ -1410,6 +1414,11 @@
                Only packets to hosts in the <replaceable>zone</replaceable>
                that are sent through the named interface will match the
                rule.</para>
                <para>Beginning with Shorweall 5.2.1, the
                <replaceable>interface</replaceable> may be preceded with '!'
                which matches all interfaces associated with the zone except
                the one specified.</para>
              </listitem>
            </varlistentry>
@ -1463,12 +1472,17 @@
            </varlistentry>
            <varlistentry>
-              <term><replaceable>zone</replaceable>:<replaceable>interface</replaceable>:<replaceable>address</replaceable>[,...]</term>
+              <term><replaceable>zone</replaceable>:[!]<replaceable>interface</replaceable>:<replaceable>address</replaceable>[,...]</term>
              <listitem>
                <para>This form combines the preceding two and requires that
                both the outgoing interface and destinationaddress
                match.</para>
                <para>Beginning with Shorweall 5.2.1, the
                <replaceable>interface</replaceable> may be preceded with '!'
                which matches all interfaces associated with the zone except
                the one specified.</para>
              </listitem>
            </varlistentry>
@ -1483,7 +1497,7 @@
            </varlistentry>
            <varlistentry>
-              <term><replaceable>zone</replaceable>:<replaceable>interface</replaceable>:<replaceable>exclusion</replaceable></term>
+              <term><replaceable>zone</replaceable>:[!]<replaceable>interface</replaceable>:<replaceable>exclusion</replaceable></term>
              <listitem>
                <para>This form matches packets to the named
@ -1491,6 +1505,11 @@
                <replaceable>interface</replaceable> where the destination
                address does not match any entry in the
                <replaceable>exclusion</replaceable>.</para>
                <para>Beginning with Shorweall 5.2.1, the
                <replaceable>interface</replaceable> may be preceded with '!'
                which matches all interfaces associated with the zone except
                the one specified.</para>
              </listitem>
            </varlistentry>