Fix manpages; Add vardir to config file list; annotate manpage index

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6829 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-07-09 19:39:28 +00:00
parent 968ee7ef75
commit 79aab860bc
9 changed files with 116 additions and 89 deletions

View File

@ -10,6 +10,8 @@ Changes in 4.0.0 RC 2
5) Fix LITEDIR mess.
6) Fix IPSEC.
Changes in 4.0.0 RC 1
1) shorewall-perl RPM no longer installable under shorewall 3.4.

View File

@ -61,6 +61,9 @@ Problems corrected in 4.0.0 RC 2.
(compiler, shorewall-common and shorewall-lite) must be version
4.0.0-RC2 or later.
4) Several bugs in Shorewall-perl's handling of ipsec zones have been
corrected.
Other changes in Shorewall 4.0.0 RC 2.
1) The -f option is no longer the default when Shorewall is started at

View File

@ -144,7 +144,7 @@ sub add_group_to_zone($$$$$)
push @{$arrayref}, { options => $options,
hosts => \@newnetworks,
ipsec => $type eq 'ipsec' ? 'ipsec' : 'none' };
ipsec => $type eq 'ipsec4' ? 'ipsec' : 'none' };
}
#

View File

@ -137,6 +137,8 @@ sub setup_one_masq($$$$$$$)
} else {
$rule .= do_ipsec_options $ipsec;
}
} elsif ( $capabilities{POLICY_MATCH} ) {
$rule .= '-m policy --pol none --dir out ';
}
#

View File

@ -1471,7 +1471,7 @@ sub generate_matrix() {
if ( $capabilities{POLICY_MATCH} ) {
my $type = $zoneref->{type};
my $source_ref = ( $zoneref->{hosts}{ipsec} ) || {};
my $source_ref = ( $zoneref->{hosts}{ipsec4} ) || {};
if ( $config{DYNAMIC_ZONES} ) {
no warnings;

View File

@ -53,90 +53,103 @@
<simplelist>
<member><ulink
url="manpages/shorewall-accounting.html">accounting</ulink></member>
url="manpages/shorewall-accounting.html">accounting</ulink> - Define IP
accounting rules.</member>
<member><ulink url="manpages/shorewall-actions.html">actions</ulink> -
Declare user-defined actions.</member>
<member><ulink url="manpages/shorewall-blacklist.html">blacklist</ulink>
- Static blacklisting.</member>
<member><ulink url="manpages/shorewall-ecn.html">ecn</ulink> - Disabling
Explicit Congestion Notification</member>
<member><ulink url="manpages/shorewall-exclusion.html">exclusion</ulink>
- Excluding hosts from a network or zone</member>
<member><ulink url="manpages/shorewall-hosts.html">hosts</ulink> -
Define multiple zones accessed through a single interface</member>
<member><ulink url="shorewall-interfaces.html">interfaces</ulink> -
Define the interfaces on the system and optionally associate them with
zones.</member>
<member><ulink url="manpages/shorewall-maclist.html">maclist</ulink> -
Define MAC verification.</member>
<member><ulink url="manpages/shorewall-masq.html">masq</ulink> - Define
Masquerade/SNAT</member>
<member><ulink url="manpages/shorewall-nat.html">nat</ulink> - Define
one-to-one NAT.</member>
<member><ulink url="manpages/shorewall-nesting.html">nesting</ulink> -
How to define nested zones.</member>
<member><ulink url="manpages/shorewall-netmap.html">netmap</ulink> - How
to map addresses from one net to another.</member>
<member><ulink url="manpages/shorewall-params.html">params</ulink> -
Assign values to shell variables used in other files.</member>
<member><ulink url="manpages/shorewall-policy.html">policy</ulink> -
Define high-level policies for connections between zones.</member>
<member><ulink url="manpages/shorewall-providers.html">providers</ulink>
- Define routing tables, usually for mutliple internet links.</member>
<member><ulink url="manpages/shorewall-proxyarp.html">proxyarp</ulink> -
Define Proxy ARP.</member>
<member><ulink url="manpages/shorewall-rfc1918.html">rfc1918</ulink> -
Specify address ranges affected by the <option>norfc1918</option>
interface option.</member>
<member><ulink
url="manpages/shorewall-actions.html">actions</ulink></member>
url="manpages/shorewall-route_rules.html">route_rules</ulink> - Define
routing rules.</member>
<member><ulink
url="manpages/shorewall-blacklist.html">blacklist</ulink></member>
url="manpages/shorewall-routestopped.html">routestopped</ulink> -
Specify connections to be permitted when Shorewall is in the stopped
state.</member>
<member><ulink url="manpages/shorewall-ecn.html">ecn</ulink></member>
<member><ulink url="manpages/shorewall-rules.html">rules</ulink> -
Specify exceptions to policies, including DNAT and REDIRECT.</member>
<member><ulink url="manpages/shorewall-tcclasses.html">tcclasses</ulink>
- Define htb classes for traffic shaping.</member>
<member><ulink url="manpages/shorewall-tcdevices.html">tcdevices</ulink>
- Specify speed of devices for traffic shaping.</member>
<member><ulink url="manpages/shorewall-tcrules.html">tcrules</ulink> -
Define packet marking rules, usually for traffic shaping.</member>
<member><ulink url="manpages/shorewall-tos.html">tos</ulink> - Define
TOS field manipulation.</member>
<member><ulink url="manpages/shorewall-tunnels.html">tunnels</ulink> -
Define VPN connections with endpoints on the firewall.</member>
<member><ulink url="manpages/shorewall.conf.html">shorewall.conf</ulink>
- Specify values for global Shorewall options.</member>
<member><ulink
url="manpages/shorewall-exclusion.html">exclusion</ulink></member>
url="manpages/shorewall.conf.html">shorewall-lite.conf</ulink> - Specify
values for global Shorewall Lite options.</member>
<member><ulink url="manpages/shorewall-vardir.html">vardir</ulink> -
Redefine the directory where Shorewall keeps its state
information.</member>
<member><ulink
url="manpages/shorewall-hosts.html">hosts</ulink></member>
url="manpages/shorewall-lite-vardir.html">vardir-lite</ulink> - Redefine
the directory where Shorewall Lite keeps its state information.</member>
<member><ulink
url="shorewall-interfaces.html">interfaces</ulink></member>
<member><ulink
url="manpages/shorewall-maclist.html">maclist</ulink></member>
<member><ulink url="manpages/shorewall-masq.html">masq</ulink></member>
<member><ulink url="manpages/shorewall-nat.html">nat</ulink></member>
<member><ulink
url="manpages/shorewall-nesting.html">nesting</ulink></member>
<member><ulink
url="manpages/shorewall-netmap.html">netmap</ulink></member>
<member><ulink
url="manpages/shorewall-params.html">params</ulink></member>
<member><ulink
url="manpages/shorewall-policy.html">policy</ulink></member>
<member><ulink
url="manpages/shorewall-providers.html">providers</ulink></member>
<member><ulink
url="manpages/shorewall-proxyarp.html">proxyarp</ulink></member>
<member><ulink
url="manpages/shorewall-rfc1918.html">rfc1918</ulink></member>
<member><ulink
url="manpages/shorewall-route_rules.html">route_rules</ulink></member>
<member><ulink
url="manpages/shorewall-routestopped.html">routestopped</ulink></member>
<member><ulink
url="manpages/shorewall-rules.html">rules</ulink></member>
<member><ulink
url="manpages/shorewall-tcclasses.html">tcclasses</ulink></member>
<member><ulink
url="manpages/shorewall-tcdevices.html">tcdevices</ulink></member>
<member><ulink
url="manpages/shorewall-tcrules.html">tcrules</ulink></member>
<member><ulink url="manpages/shorewall-tos.html">tos</ulink></member>
<member><ulink
url="manpages/shorewall-tunnels.html">tunnels</ulink></member>
<member><ulink
url="manpages/shorewall.conf.html">shorewall.conf</ulink></member>
<member><ulink
url="manpages/shorewall.conf.html">shorewall-lite.conf</ulink></member>
<member><ulink
url="manpages/shorewall-vardir.html">vardir</ulink></member>
<member><ulink
url="manpages/shorewall-lite-vardir.html">vardir-lite</ulink></member>
<member><ulink
url="manpages/shorewall-zones.html">zones</ulink></member>
<member><ulink url="manpages/shorewall-zones.html">zones</ulink> -
Declare Shorewall zones.l</member>
</simplelist>
</section>
@ -144,10 +157,11 @@
<title>Section 8 — Administrative Commands</title>
<simplelist>
<member><ulink url="manpages/shorewall.html">shorewall</ulink></member>
<member><ulink url="manpages/shorewall.html">shorewall</ulink> -
/sbin/shorewall command syntax and semantics.</member>
<member><ulink
url="manpages/shorewall-lite.html">shorewall-lite</ulink></member>
<member><ulink url="manpages/shorewall-lite.html">shorewall-lite</ulink>
- /sbin/shorewall-lite command syntax and semantics.</member>
</simplelist>
</section>
</article>

View File

@ -185,10 +185,16 @@
<listitem>
<para><filename>/etc/shorewall/route_rules</filename> (Added in
Shorewall 3.2.0) - Defines routing rules to be used in conjunction
with the routing tables devined in
with the routing tables defined in
<filename>/etc/shorewall/providers</filename>.</para>
</listitem>
<listitem>
<para><filename>/etc/shorewall/vardir</filename> - (Added in
Shoreall 4.0.0-RC2) - Determines the directory where Shorewall
maintains its state.</para>
</listitem>
<listitem>
<para><filename>/usr/share/shorewall/actions.std</filename> -
Actions defined by Shorewall.</para>

View File

@ -9,7 +9,7 @@
<refnamediv>
<refname>vardir</refname>
<refpurpose>Shorewall file</refpurpose>
<refpurpose>Shorewall Lite file</refpurpose>
</refnamediv>
<refsynopsisdiv>
@ -22,9 +22,9 @@
<title>Description</title>
<para>This file does not exist by default. You may create the file if you
want to change the directory used by Shorewall to store state information,
including compiled firewall scripts. By default, the directory used is
<filename>/var/lib/shorewall-lite/</filename>.</para>
want to change the directory used by Shorewall Lite to store state
information, including compiled firewall scripts. By default, the
directory used is <filename>/var/lib/shorewall-lite/</filename>.</para>
<para>The file contains a single variable assignment:</para>

View File

@ -22,9 +22,9 @@
<title>Description</title>
<para>This file does not exist by default. You may create the file if you
want to change the directory used by Shorewall lite to store state
information, including compiled firewall scripts. By default, the
directory used is <filename>/var/lib/shorewall/</filename>.</para>
want to change the directory used by Shorewall to store state information,
including compiled firewall scripts. By default, the directory used is
<filename>/var/lib/shorewall/</filename>.</para>
<para>The file contains a single variable assignment:</para>
@ -32,7 +32,7 @@
<para>where <replaceable>directory</replaceable> is the name of a
directory. If you add this file, you should copy the files from
<filename>/var/lib/shorewall-lite</filename> to the new directory before
<filename>/var/lib/shorewall</filename> to the new directory before
performing a <command>shorewall restart</command>.</para>
</refsect1>