From 79aab860bc3215c377a0eab859f9acb8ff254d29 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Mon, 9 Jul 2007 19:39:28 +0000
Subject: [PATCH] Fix manpages; Add vardir to config file list; annotate
 manpage index

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6829 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-common/changelog.txt          |   2 +
 Shorewall-common/releasenotes.txt       |   3 +
 Shorewall-perl/Shorewall/Interfaces.pm  |   2 +-
 Shorewall-perl/Shorewall/Nat.pm         |   2 +
 Shorewall-perl/Shorewall/Rules.pm       |   2 +-
 docs/Manpages.xml                       | 168 +++++++++++++-----------
 docs/configuration_file_basics.xml      |   8 +-
 manpages-lite/shorewall-lite-vardir.xml |   8 +-
 manpages/shorewall-vardir.xml           |  10 +-
 9 files changed, 116 insertions(+), 89 deletions(-)

diff --git a/Shorewall-common/changelog.txt b/Shorewall-common/changelog.txt
index 0ca69d9e3..1209a7d98 100644
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@@ -10,6 +10,8 @@ Changes in 4.0.0 RC 2
 
 5)  Fix LITEDIR mess.
 
+6)  Fix IPSEC.
+
 Changes in 4.0.0 RC 1
 
 1)  shorewall-perl RPM no longer installable under shorewall 3.4.
diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt
index c2ee3a94b..cee0e3ee6 100644
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@@ -61,6 +61,9 @@ Problems corrected in 4.0.0 RC 2.
     (compiler, shorewall-common and shorewall-lite) must be version
     4.0.0-RC2 or later.
 
+4)  Several bugs in Shorewall-perl's handling of ipsec zones have been
+    corrected.
+
 Other changes in Shorewall 4.0.0 RC 2.
 
 1)  The -f option is no longer the default when Shorewall is started at
diff --git a/Shorewall-perl/Shorewall/Interfaces.pm b/Shorewall-perl/Shorewall/Interfaces.pm
index e8d098cff..e39a415ce 100644
--- a/Shorewall-perl/Shorewall/Interfaces.pm
+++ b/Shorewall-perl/Shorewall/Interfaces.pm
@@ -144,7 +144,7 @@ sub add_group_to_zone($$$$$)
     
     push @{$arrayref}, { options => $options,
 			 hosts   => \@newnetworks,
-			 ipsec   => $type eq 'ipsec' ? 'ipsec' : 'none' };
+			 ipsec   => $type eq 'ipsec4' ? 'ipsec' : 'none' };
 }
 
 #
diff --git a/Shorewall-perl/Shorewall/Nat.pm b/Shorewall-perl/Shorewall/Nat.pm
index a1fa45286..b5ac67f51 100644
--- a/Shorewall-perl/Shorewall/Nat.pm
+++ b/Shorewall-perl/Shorewall/Nat.pm
@@ -137,6 +137,8 @@ sub setup_one_masq($$$$$$$)
 	} else {
 	    $rule .= do_ipsec_options $ipsec;
 	}
+    } elsif ( $capabilities{POLICY_MATCH} ) {
+	$rule .= '-m policy --pol none --dir out ';
     }
 
     #
diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm
index 20976cc04..c3e8e8bfa 100644
--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@@ -1471,7 +1471,7 @@ sub generate_matrix() {
 
 	if ( $capabilities{POLICY_MATCH} ) {
 	    my $type       = $zoneref->{type};
-	    my $source_ref = ( $zoneref->{hosts}{ipsec} ) || {};
+	    my $source_ref = ( $zoneref->{hosts}{ipsec4} ) || {};
 
 	    if ( $config{DYNAMIC_ZONES} ) {
 		no warnings;
diff --git a/docs/Manpages.xml b/docs/Manpages.xml
index 87d39f7a3..bd602fef6 100644
--- a/docs/Manpages.xml
+++ b/docs/Manpages.xml
@@ -53,90 +53,103 @@
 
     <simplelist>
       <member><ulink
-      url="manpages/shorewall-accounting.html">accounting</ulink></member>
+      url="manpages/shorewall-accounting.html">accounting</ulink> - Define IP
+      accounting rules.</member>
+
+      <member><ulink url="manpages/shorewall-actions.html">actions</ulink> -
+      Declare user-defined actions.</member>
+
+      <member><ulink url="manpages/shorewall-blacklist.html">blacklist</ulink>
+      - Static blacklisting.</member>
+
+      <member><ulink url="manpages/shorewall-ecn.html">ecn</ulink> - Disabling
+      Explicit Congestion Notification</member>
+
+      <member><ulink url="manpages/shorewall-exclusion.html">exclusion</ulink>
+      - Excluding hosts from a network or zone</member>
+
+      <member><ulink url="manpages/shorewall-hosts.html">hosts</ulink> -
+      Define multiple zones accessed through a single interface</member>
+
+      <member><ulink url="shorewall-interfaces.html">interfaces</ulink> -
+      Define the interfaces on the system and optionally associate them with
+      zones.</member>
+
+      <member><ulink url="manpages/shorewall-maclist.html">maclist</ulink> -
+      Define MAC verification.</member>
+
+      <member><ulink url="manpages/shorewall-masq.html">masq</ulink> - Define
+      Masquerade/SNAT</member>
+
+      <member><ulink url="manpages/shorewall-nat.html">nat</ulink> - Define
+      one-to-one NAT.</member>
+
+      <member><ulink url="manpages/shorewall-nesting.html">nesting</ulink> -
+      How to define nested zones.</member>
+
+      <member><ulink url="manpages/shorewall-netmap.html">netmap</ulink> - How
+      to map addresses from one net to another.</member>
+
+      <member><ulink url="manpages/shorewall-params.html">params</ulink> -
+      Assign values to shell variables used in other files.</member>
+
+      <member><ulink url="manpages/shorewall-policy.html">policy</ulink> -
+      Define high-level policies for connections between zones.</member>
+
+      <member><ulink url="manpages/shorewall-providers.html">providers</ulink>
+      - Define routing tables, usually for mutliple internet links.</member>
+
+      <member><ulink url="manpages/shorewall-proxyarp.html">proxyarp</ulink> -
+      Define Proxy ARP.</member>
+
+      <member><ulink url="manpages/shorewall-rfc1918.html">rfc1918</ulink> -
+      Specify address ranges affected by the <option>norfc1918</option>
+      interface option.</member>
 
       <member><ulink
-      url="manpages/shorewall-actions.html">actions</ulink></member>
+      url="manpages/shorewall-route_rules.html">route_rules</ulink> - Define
+      routing rules.</member>
 
       <member><ulink
-      url="manpages/shorewall-blacklist.html">blacklist</ulink></member>
+      url="manpages/shorewall-routestopped.html">routestopped</ulink> -
+      Specify connections to be permitted when Shorewall is in the stopped
+      state.</member>
 
-      <member><ulink url="manpages/shorewall-ecn.html">ecn</ulink></member>
+      <member><ulink url="manpages/shorewall-rules.html">rules</ulink> -
+      Specify exceptions to policies, including DNAT and REDIRECT.</member>
+
+      <member><ulink url="manpages/shorewall-tcclasses.html">tcclasses</ulink>
+      - Define htb classes for traffic shaping.</member>
+
+      <member><ulink url="manpages/shorewall-tcdevices.html">tcdevices</ulink>
+      - Specify speed of devices for traffic shaping.</member>
+
+      <member><ulink url="manpages/shorewall-tcrules.html">tcrules</ulink> -
+      Define packet marking rules, usually for traffic shaping.</member>
+
+      <member><ulink url="manpages/shorewall-tos.html">tos</ulink> - Define
+      TOS field manipulation.</member>
+
+      <member><ulink url="manpages/shorewall-tunnels.html">tunnels</ulink> -
+      Define VPN connections with endpoints on the firewall.</member>
+
+      <member><ulink url="manpages/shorewall.conf.html">shorewall.conf</ulink>
+      - Specify values for global Shorewall options.</member>
 
       <member><ulink
-      url="manpages/shorewall-exclusion.html">exclusion</ulink></member>
+      url="manpages/shorewall.conf.html">shorewall-lite.conf</ulink> - Specify
+      values for global Shorewall Lite options.</member>
+
+      <member><ulink url="manpages/shorewall-vardir.html">vardir</ulink> -
+      Redefine the directory where Shorewall keeps its state
+      information.</member>
 
       <member><ulink
-      url="manpages/shorewall-hosts.html">hosts</ulink></member>
+      url="manpages/shorewall-lite-vardir.html">vardir-lite</ulink> - Redefine
+      the directory where Shorewall Lite keeps its state information.</member>
 
-      <member><ulink
-      url="shorewall-interfaces.html">interfaces</ulink></member>
-
-      <member><ulink
-      url="manpages/shorewall-maclist.html">maclist</ulink></member>
-
-      <member><ulink url="manpages/shorewall-masq.html">masq</ulink></member>
-
-      <member><ulink url="manpages/shorewall-nat.html">nat</ulink></member>
-
-      <member><ulink
-      url="manpages/shorewall-nesting.html">nesting</ulink></member>
-
-      <member><ulink
-      url="manpages/shorewall-netmap.html">netmap</ulink></member>
-
-      <member><ulink
-      url="manpages/shorewall-params.html">params</ulink></member>
-
-      <member><ulink
-      url="manpages/shorewall-policy.html">policy</ulink></member>
-
-      <member><ulink
-      url="manpages/shorewall-providers.html">providers</ulink></member>
-
-      <member><ulink
-      url="manpages/shorewall-proxyarp.html">proxyarp</ulink></member>
-
-      <member><ulink
-      url="manpages/shorewall-rfc1918.html">rfc1918</ulink></member>
-
-      <member><ulink
-      url="manpages/shorewall-route_rules.html">route_rules</ulink></member>
-
-      <member><ulink
-      url="manpages/shorewall-routestopped.html">routestopped</ulink></member>
-
-      <member><ulink
-      url="manpages/shorewall-rules.html">rules</ulink></member>
-
-      <member><ulink
-      url="manpages/shorewall-tcclasses.html">tcclasses</ulink></member>
-
-      <member><ulink
-      url="manpages/shorewall-tcdevices.html">tcdevices</ulink></member>
-
-      <member><ulink
-      url="manpages/shorewall-tcrules.html">tcrules</ulink></member>
-
-      <member><ulink url="manpages/shorewall-tos.html">tos</ulink></member>
-
-      <member><ulink
-      url="manpages/shorewall-tunnels.html">tunnels</ulink></member>
-
-      <member><ulink
-      url="manpages/shorewall.conf.html">shorewall.conf</ulink></member>
-
-      <member><ulink
-      url="manpages/shorewall.conf.html">shorewall-lite.conf</ulink></member>
-
-      <member><ulink
-      url="manpages/shorewall-vardir.html">vardir</ulink></member>
-
-      <member><ulink
-      url="manpages/shorewall-lite-vardir.html">vardir-lite</ulink></member>
-
-      <member><ulink
-      url="manpages/shorewall-zones.html">zones</ulink></member>
+      <member><ulink url="manpages/shorewall-zones.html">zones</ulink> -
+      Declare Shorewall zones.l</member>
     </simplelist>
   </section>
 
@@ -144,10 +157,11 @@
     <title>Section 8 — Administrative Commands</title>
 
     <simplelist>
-      <member><ulink url="manpages/shorewall.html">shorewall</ulink></member>
+      <member><ulink url="manpages/shorewall.html">shorewall</ulink> -
+      /sbin/shorewall command syntax and semantics.</member>
 
-      <member><ulink
-      url="manpages/shorewall-lite.html">shorewall-lite</ulink></member>
+      <member><ulink url="manpages/shorewall-lite.html">shorewall-lite</ulink>
+      - /sbin/shorewall-lite command syntax and semantics.</member>
     </simplelist>
   </section>
 </article>
\ No newline at end of file
diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml
index f8caac0a0..bf1bf32f1 100644
--- a/docs/configuration_file_basics.xml
+++ b/docs/configuration_file_basics.xml
@@ -185,10 +185,16 @@
         <listitem>
           <para><filename>/etc/shorewall/route_rules</filename> (Added in
           Shorewall 3.2.0) - Defines routing rules to be used in conjunction
-          with the routing tables devined in
+          with the routing tables defined in
           <filename>/etc/shorewall/providers</filename>.</para>
         </listitem>
 
+        <listitem>
+          <para><filename>/etc/shorewall/vardir</filename> - (Added in
+          Shoreall 4.0.0-RC2) - Determines the directory where Shorewall
+          maintains its state.</para>
+        </listitem>
+
         <listitem>
           <para><filename>/usr/share/shorewall/actions.std</filename> -
           Actions defined by Shorewall.</para>
diff --git a/manpages-lite/shorewall-lite-vardir.xml b/manpages-lite/shorewall-lite-vardir.xml
index 30c8cc454..59bb77509 100644
--- a/manpages-lite/shorewall-lite-vardir.xml
+++ b/manpages-lite/shorewall-lite-vardir.xml
@@ -9,7 +9,7 @@
   <refnamediv>
     <refname>vardir</refname>
 
-    <refpurpose>Shorewall file</refpurpose>
+    <refpurpose>Shorewall Lite file</refpurpose>
   </refnamediv>
 
   <refsynopsisdiv>
@@ -22,9 +22,9 @@
     <title>Description</title>
 
     <para>This file does not exist by default. You may create the file if you
-    want to change the directory used by Shorewall to store state information,
-    including compiled firewall scripts. By default, the directory used is
-    <filename>/var/lib/shorewall-lite/</filename>.</para>
+    want to change the directory used by Shorewall Lite to store state
+    information, including compiled firewall scripts. By default, the
+    directory used is <filename>/var/lib/shorewall-lite/</filename>.</para>
 
     <para>The file contains a single variable assignment:</para>
 
diff --git a/manpages/shorewall-vardir.xml b/manpages/shorewall-vardir.xml
index 9c1a1dffd..bbc83d215 100644
--- a/manpages/shorewall-vardir.xml
+++ b/manpages/shorewall-vardir.xml
@@ -22,9 +22,9 @@
     <title>Description</title>
 
     <para>This file does not exist by default. You may create the file if you
-    want to change the directory used by Shorewall lite to store state
-    information, including compiled firewall scripts. By default, the
-    directory used is <filename>/var/lib/shorewall/</filename>.</para>
+    want to change the directory used by Shorewall to store state information,
+    including compiled firewall scripts. By default, the directory used is
+    <filename>/var/lib/shorewall/</filename>.</para>
 
     <para>The file contains a single variable assignment:</para>
 
@@ -32,7 +32,7 @@
 
     <para>where <replaceable>directory</replaceable> is the name of a
     directory. If you add this file, you should copy the files from
-    <filename>/var/lib/shorewall-lite</filename> to the new directory before
+    <filename>/var/lib/shorewall</filename> to the new directory before
     performing a <command>shorewall restart</command>.</para>
   </refsect1>
 
@@ -61,4 +61,4 @@
     shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
     shorewall-zones(5)</para>
   </refsect1>
-</refentry>
+</refentry>
\ No newline at end of file