extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-24 16:43:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Clean up links in the manpages

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2017-06-08 15:43:59 -07:00
parent a775fdcb7c
commit 81b42afa30
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
25 changed files with 124 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Shorewall/manpages/shorewall-actions.xml
View File

@ -148,9 +148,9 @@
<listitem>
<para>Added in Shorewall 5.0.7. Specifies that this action is
to be used in <ulink
url="shorewall-mangle.html">shorewall-mangle(5)</ulink> rather
url="/manpages/shorewall-mangle.html">shorewall-mangle(5)</ulink> rather
than <ulink
url="shorewall-rules.html">shorewall-rules(5)</ulink>.</para>
url="/manpages/shorewall-rules.html">shorewall-rules(5)</ulink>.</para>
</listitem>
</varlistentry>
@ -160,9 +160,9 @@
<listitem>
<para>Added in Shorewall 5.0.13. Specifies that this action is
to be used in <ulink
url="shorewall-snat.html">shorewall-snat(5)</ulink> rather
url="/manpages/shorewall-snat.html">shorewall-snat(5)</ulink> rather
than <ulink
url="shorewall-rules.html">shorewall-rules(5)</ulink>. The
url="/manpages/shorewall-rules.html">shorewall-rules(5)</ulink>. The
<option>mangle</option> and <option>nat</option> options are
mutually exclusive.</para>
</listitem>

2
Shorewall/manpages/shorewall-blrules.xml
View File

@ -170,7 +170,7 @@
<listitem>
<para>queues matching packets to a back end logging daemon via
a netlink socket then continues to the next rule. See <ulink
url="/shorewall.logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.</para>
url="/shorewall_logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.</para>
</listitem>
</varlistentry>

8
Shorewall/manpages/shorewall-interfaces.xml
View File

@ -257,7 +257,7 @@ loc eth2 -</programlisting>
<warning>
<para>Do not specify <emphasis
role="bold">arp_ignore</emphasis> for any interface involved
in <ulink url="../ProxyARP.htm">Proxy ARP</ulink>.</para>
in <ulink url="/ProxyARP.htm">Proxy ARP</ulink>.</para>
</warning>
</listitem>
</varlistentry>
@ -323,7 +323,7 @@ loc eth2 -</programlisting>
and/or destination address is to be compared against the
ipset-based dynamic blacklist (DYNAMIC_BLACKLIST=ipset... in
<ulink
url="manpages/shorewall.conf.html">shorewall.conf(5)</ulink>).
url="/manpages/shorewall.conf.html">shorewall.conf(5)</ulink>).
The default is determine by the setting of
DYNAMIC_BLACKLIST:</para>
@ -411,13 +411,13 @@ loc eth2 -</programlisting>
<listitem>
<para>the interface is a <ulink
url="../SimpleBridge.html">simple bridge</ulink> with a
url="/SimpleBridge.html">simple bridge</ulink> with a
DHCP server on one port and DHCP clients on another
port.</para>
<note>
<para>If you use <ulink
url="../bridge-Shorewall-perl.html">Shorewall-perl for
url="/bridge-Shorewall-perl.html">Shorewall-perl for
firewall/bridging</ulink>, then you need to include
DHCP-specific rules in <ulink
url="/manpages/shorewall-rules.html">shorewall-rules</ulink>(5).

2
Shorewall/manpages/shorewall-ipsets.xml
View File

@ -103,7 +103,7 @@
<important>
<para>These additional match options are not available in <ulink
url="shorewall-tcfilters.html">shorewall-tcfilters(5)</ulink>.</para>
url="/manpages/shorewall-tcfilters.html">shorewall-tcfilters(5)</ulink>.</para>
</important>
<para>Available options are:</para>

18
Shorewall/manpages/shorewall-mangle.xml
View File

@ -119,7 +119,7 @@
Additionally, a <replaceable>chain-designator</replaceable> may not
be specified in an action body unless the action is declared as
<option>inline</option> in <ulink
url="shorewall6-actions.html">shorewall-actions</ulink>(5).</para>
url="/manpages6/shorewall6-actions.html">shorewall-actions</ulink>(5).</para>
<para>Where a command takes parameters, those parameters are
enclosed in parentheses ("(....)") and separated by commas.</para>
@ -299,7 +299,7 @@
configuration described at <ulink
url="http://www.loadbalancer.org/blog/setting-up-haproxy-with-transparent-mode-on-centos-6-x">http://www.loadbalancer.org/blog/setting-up-haproxy-with-transparent-mode-on-centos-6-x</ulink>,
place this entry in <ulink
url="manpages/shorewall-providers.html">shorewall-providers(5)</ulink>:</para>
url="/manpages/shorewall-providers.html">shorewall-providers(5)</ulink>:</para>
<programlisting>#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
TProxy 1 - - lo - tproxy</programlisting>
@ -365,7 +365,7 @@ DIVERTHA - - tcp</programlisting>
<listitem>
<para>Added in Shorewall 5.0.6 as an alternative to entries in
<ulink url="shorewall-ecn.html">shorewall-ecn(5)</ulink>. If a
<ulink url="/manpages/shorewall-ecn.html">shorewall-ecn(5)</ulink>. If a
PROTO is specified, it must be 'tcp' (6). If no PROTO is
supplied, TCP is assumed. This action causes all ECN bits in
the TCP header to be cleared.</para>
@ -788,7 +788,7 @@ Normal-Service =&gt; 0x00</programlisting>
<listitem>
<para>where <replaceable>interface</replaceable> is the
logical name of an interface defined in <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5).
url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5).
Matches packets entering the firewall from the named
interface. May not be used in CLASSIFY rules or in rules using
the :T chain qualifier.</para>
@ -911,11 +911,11 @@ Normal-Service =&gt; 0x00</programlisting>
<listitem>
<para>where <replaceable>interface</replaceable> is the
logical name of an interface defined in <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5).
url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5).
Matches packets leaving the firewall through the named
interface. May not be used in the PREROUTING chain (:P in the
mark column or no chain qualifier and MARK_IN_FORWARD_CHAIN=No
in <ulink url="manpages/shorewall.conf">shorewall.conf</ulink>
in <ulink url="/manpages/shorewall.conf">shorewall.conf</ulink>
(5)).</para>
</listitem>
</varlistentry>
@ -952,7 +952,7 @@ Normal-Service =&gt; 0x00</programlisting>
when both the outgoing interface and destination IP address
match. May not be used in the PREROUTING chain (:P in the mark
column or no chain qualifier and MARK_IN_FORWARD_CHAIN=No in
<ulink url="manpages/shorewall.conf">shorewall.conf</ulink>
<ulink url="/manpages/shorewall.conf">shorewall.conf</ulink>
(5)).</para>
</listitem>
</varlistentry>
@ -967,7 +967,7 @@ Normal-Service =&gt; 0x00</programlisting>
<replaceable>exclusion</replaceable>. May not be used in the
PREROUTING chain (:P in the mark column or no chain qualifier
and MARK_IN_FORWARD_CHAIN=No in <ulink
url="manpages/shorewall.conf">shorewall.conf</ulink>
url="/manpages/shorewall.conf">shorewall.conf</ulink>
(5)).</para>
</listitem>
</varlistentry>
@ -1036,7 +1036,7 @@ Normal-Service =&gt; 0x00</programlisting>
<listitem>
<para>See <ulink
url="shorewall-rules.html">shorewall-rules(5)</ulink> for
url="/manpages/shorewall-rules.html">shorewall-rules(5)</ulink> for
details.</para>
<para>Beginning with Shorewall 4.5.12, this column can accept a

2
Shorewall/manpages/shorewall-nat.xml
View File

@ -199,7 +199,7 @@ all all REJECT info
<listitem>
<para>Set IMPLICIT_CONTINUE=Yes in <ulink
url="manpages/shorewall.conf.html">shorewall.conf(5)</ulink>.</para>
url="/manpages/shorewall.conf.html">shorewall.conf(5)</ulink>.</para>
</listitem>
</orderedlist>
</refsect1>

20
Shorewall/manpages/shorewall-rules.xml
View File

@ -922,7 +922,7 @@
<listitem>
<para>The name of a zone defined in <ulink
url="shorewall-zones.html">shorewall-zones</ulink>(5). When
url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5). When
only the zone name is specified, the packet source may be any
host in that zone.</para>
@ -989,9 +989,9 @@
<replaceable>interface</replaceable> must be the name of an
interface associated with the named
<replaceable>zone</replaceable> in either <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
or <ulink
url="shorewall.hosts.html">shorewall-hosts</ulink>(5). Only
url="/manpages/shorewall.hosts.html">shorewall-hosts</ulink>(5). Only
packets from hosts in the <replaceable>zone</replaceable> that
arrive through the named interface will match the rule.</para>
</listitem>
@ -1007,7 +1007,7 @@
<listitem>
<para>A host or network IP address. A network address may
be followed by exclusion (see <ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para>
url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para>
</listitem>
<listitem>
@ -1067,7 +1067,7 @@
<listitem>
<para>This form matches if the host IP address does not match
any of the entries in the exclusion (see <ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para>
url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para>
</listitem>
</varlistentry>
@ -1229,7 +1229,7 @@
<listitem>
<para>The name of a zone defined in <ulink
url="shorewall-zones.html">shorewall-zones</ulink>(5). When
url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5). When
only the zone name is specified, the packet destination may be
any host in that zone.</para>
@ -1296,9 +1296,9 @@
<replaceable>interface</replaceable> must be the name of an
interface associated with the named
<replaceable>zone</replaceable> in either <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
or <ulink
url="shorewall.hosts.html">shorewall-hosts</ulink>(5). Only
url="/manpages/shorewall-hosts.html">shorewall-hosts</ulink>(5). Only
packets to hosts in the <replaceable>zone</replaceable> that
are sent through the named interface will match the
rule.</para>
@ -1315,7 +1315,7 @@
<listitem>
<para>A host or network IP address. A network address may
be followed by exclusion (see <ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para>
url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para>
</listitem>
<listitem>
@ -1370,7 +1370,7 @@
<listitem>
<para>This form matches if the host IP address does not match
any of the entries in the exclusion (see <ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para>
url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para>
</listitem>
</varlistentry>

6
Shorewall/manpages/shorewall-snat.xml
View File

@ -27,7 +27,7 @@
<para>This file is used to define dynamic NAT (Masquerading) and to define
Source NAT (SNAT). It superseded <ulink
url="shorewall-masq.html">shorewall-masq</ulink>(5) in Shorewall
url="/manpages/shorewall-masq.html">shorewall-masq</ulink>(5) in Shorewall
5.0.14.</para>
<warning>
@ -150,7 +150,7 @@
<listitem>
<para>where <replaceable>action</replaceable> is an action
declared in <ulink
url="shorewall-actions.html">shorewall-actions(5)</ulink> with
url="/manpages/shorewall-actions.html">shorewall-actions(5)</ulink> with
the <option>nat</option> option. See <ulink
url="/Actions.html">www.shorewall.net/Actions.html</ulink> for
further information.</para>
@ -257,7 +257,7 @@
<listitem>
<para>If you wish to restrict this entry to a particular protocol
then enter the protocol name (from protocols(5)) or number here. See
<ulink url="shorewall-rules.html">shorewall-rules(5)</ulink> for
<ulink url="/manpages/shorewall-rules.html">shorewall-rules(5)</ulink> for
details.</para>
<para>Beginning with Shorewall 4.5.12, this column can accept a

8
Shorewall/manpages/shorewall-tcfilters.xml
View File

@ -89,11 +89,11 @@
Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+')
may be used if your kernel and ip6tables have the <firstterm>Basic
Ematch</firstterm> capability and you set BASIC_FILTERS=Yes in
<ulink url="shorewall.conf.html">shorewall.conf (5)</ulink>. The
<ulink url="/manpages/shorewall.conf.html">shorewall.conf (5)</ulink>. The
ipset name may optionally be followed by a number or a comma
separated list of src and/or dst enclosed in square brackets
([...]). See <ulink
url="shorewall-ipsets.html">shorewall-ipsets(5)</ulink> for
url="/manpages/shorewall-ipsets.html">shorewall-ipsets(5)</ulink> for
details.</para>
</listitem>
</varlistentry>
@ -108,11 +108,11 @@
Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+')
may be used if your kernel and ip6tables have the <firstterm>Basic
Ematch</firstterm> capability and you set BASIC_FILTERS=Yes in
<ulink url="shorewall.conf.html">shorewall.conf (5)</ulink>. The
<ulink url="/manpages/shorewall.conf.html">shorewall.conf (5)</ulink>. The
ipset name may optionally be followed by a number or a comma
separated list of src and/or dst enclosed in square brackets
([...]). See <ulink
url="shorewall-ipsets.html">shorewall-ipsets(5)</ulink> for
url="/manpages/shorewall-ipsets.html">shorewall-ipsets(5)</ulink> for
details.</para>
<para>You may exclude certain hosts from the set already defined

23
Shorewall/manpages/shorewall.conf.xml
View File

@ -321,9 +321,9 @@
<listitem>
<para>The value of this variable affects Shorewall's stopped state.
The behavior differs depending on whether <ulink
url="shorewall-routestopped.html">shorewall-routestopped</ulink>(5)
url="/manpages/shorewall-routestopped.html">shorewall-routestopped</ulink>(5)
or <ulink
url="shorewall-stoppedrules.html">shorewall-stoppedrules</ulink>(5)
url="/manpages/shorewall-stoppedrules.html">shorewall-stoppedrules</ulink>(5)
is used:</para>
<variablelist>
@ -483,7 +483,7 @@
<para>Added in Shorewall 5.1.1. When USE_DEFAULT_RT=Yes, this option
determines whether the <option>balance</option> provider option (see
<ulink
url="shorewall-providers.html">shorewall-providers(5)</ulink>) is
url="/manpages/shorewall-providers.html">shorewall-providers(5)</ulink>) is
the default. When BALANCE_PROVIDERS=Yes, then the
<option>balance</option> option is assumed unless the
<option>fallback</option>, <option>loose</option>,
@ -500,7 +500,7 @@
<listitem>
<para>Added in Shorewall-4.6.0. When set to <emphasis
role="bold">Yes</emphasis>, causes entries in <ulink
url="shorewall-tcfilters.html">shorewall-tcfilters(5)</ulink> to
url="/manpages/shorewall-tcfilters.html">shorewall-tcfilters(5)</ulink> to
generate a basic filter rather than a u32 filter. This setting
requires the <firstterm>Basic Ematch</firstterm> capability in your
kernel and iptables.</para>
@ -1114,8 +1114,8 @@ net all DROP info</programlisting>then the chain name is 'net-all'
specificaitons</ulink> on the right.. When INLINE_MATCHES=Yes is
specified, the specifications on the right are interpreted as if
INLINE had been specified in the ACTION column. This also applies to
<ulink url="shorewall-masq.html">shorewall-masq(5)</ulink> and
<ulink url="shorewall-mangle.html">shorewall-mangle(5</ulink>) which
<ulink url="/manpages/shorewall-masq.html">shorewall-masq(5)</ulink> and
<ulink url="/manpages/shorewall-mangle.html">shorewall-mangle(5</ulink>) which
also support INLINE. If not specified or if specified as the empty
value, the value 'No' is assumed for backward compatibility.</para>
@ -1365,7 +1365,7 @@ net all DROP info</programlisting>then the chain name is 'net-all'
sample configurations use this as the default log level and changing
it will change all packet logging done by the configuration. In any
configuration file (except <ulink
url="shorewall-params.html">shorewall-params(5)</ulink>), $LOG_LEVEL
url="/manpages/shorewall-params.html">shorewall-params(5)</ulink>), $LOG_LEVEL
will expand to this value.</para>
</listitem>
</varlistentry>
@ -1487,7 +1487,7 @@ net all DROP info</programlisting>then the chain name is 'net-all'
log</emphasis>, and <emphasis role="bold">hits</emphasis> commands.
If not assigned or if assigned an empty value, /var/log/messages is
assumed. For further information, see <ulink
url="/shorewall_logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.
url="/manpages/shorewall_logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.
Beginning with Shorewall 5.0.10.1, you may specify
<option>systemd</option> to use <command>journelctl -r</command> to
read the log.</para>
@ -1935,10 +1935,9 @@ LOG:info:,bar net fw</programlisting>
<itemizedlist>
<listitem>
<para>Optimization category 1 - Traditionally, Shorewall has
created rules for <ulink
url="/ScalabilityAndPerformance.html">the complete matrix of
created rules for the complete matrix of
host groups defined by the zones, interfaces and hosts
files</ulink>. Any traffic that didn't correspond to an element
files. Any traffic that didn't correspond to an element
of that matrix was rejected in one of the built-in chains. When
the matrix is sparse, this results in lots of largely useless
rules.</para>
@ -2944,7 +2943,7 @@ INLINE - - - ;; -j REJECT
<listitem>
<para>Packets are sent through the main routing table by a rule
with priority 999. In <ulink
url="/manpages/shorewall-routing_rules.html">routing_rules</ulink>(5),
url="/manpages/shorewall-rtrules.html">shorewall-rtrules</ulink>(5),
the range 1-998 may be used for inserting rules that bypass the
main table.</para>
</listitem>

8
Shorewall6/manpages/shorewall6-actions.xml
View File

@ -149,9 +149,9 @@
<listitem>
<para>Added in Shorewall 5.0.7. Specifies that this action is
to be used in <ulink
url="shorewall6-mangle.html">shorewall6-mangle(5)</ulink>
url="/manpages6/shorewall6-mangle.html">shorewall6-mangle(5)</ulink>
rather than <ulink
url="shorewall6-rules.html">shorewall6-rules(5)</ulink>.</para>
url="/manpages6/shorewall6-rules.html">shorewall6-rules(5)</ulink>.</para>
</listitem>
</varlistentry>
@ -161,9 +161,9 @@
<listitem>
<para>Added in Shorewall 5.0.13. Specifies that this action is
to be used in <ulink
url="shorewall6-snat.html">shorewall6-snat(5)</ulink> rather
url="/manpages6/shorewall6-snat.html">shorewall6-snat(5)</ulink> rather
than <ulink
url="shorewall6-rules.html">shorewall6-rules(5)</ulink>. The
url="/manpages6/shorewall6-rules.html">shorewall6-rules(5)</ulink>. The
<option>mangle</option> and <option>nat</option> options are
mutually exclusive.</para>
</listitem>

2
Shorewall6/manpages/shorewall6-blrules.xml
View File

@ -171,7 +171,7 @@
<listitem>
<para>queues matching packets to a back end logging daemon via
a netlink socket then continues to the next rule. See <ulink
url="/shorewall.logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.</para>
url="/shorewall_logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.</para>
</listitem>
</varlistentry>

16
Shorewall6/manpages/shorewall6-conntrack.xml
View File

@ -403,7 +403,7 @@
<listitem>
<para>Where interface is the logical name of an interface
defined in <ulink
url="shorewall-interfaces.html">shorewall-interface</ulink>(5).</para>
url="/manpages6/shorewall6-interfaces.html">shorewall6-interface</ulink>(5).</para>
</listitem>
</varlistentry>
@ -426,13 +426,13 @@
<listitem>
<para>The name of an ipset preceded by a plus sign ("+").
See <ulink
url="shorewall-ipsets.html">shorewall-ipsets</ulink>(5).</para>
url="/manpages6/shorewall6-ipsets.html">shorewall6-ipsets</ulink>(5).</para>
</listitem>
</itemizedlist>
<para><replaceable>exclusion</replaceable> is described in
<ulink
url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>(5).</para>
url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5).</para>
</listitem>
</varlistentry>
@ -450,7 +450,7 @@
<listitem>
<para>See <ulink
url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>
url="/manpages6/shorewall6-exclusion.html">shorewall-exclusion</ulink>
(5)</para>
</listitem>
</varlistentry>
@ -499,7 +499,7 @@
<listitem>
<para>Where interface is the logical name of an interface
defined in <ulink
url="shorewall-interfaces.html">shorewall-interface</ulink>(5).</para>
url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5).</para>
</listitem>
</varlistentry>
@ -522,13 +522,13 @@
<listitem>
<para>The name of an ipset preceded by a plus sign ("+").
See <ulink
url="shorewall-ipsets.html">shorewall-ipsets</ulink>(5).</para>
url="/manpages6/shorewall6-ipsets.html">shorewall6-ipsets</ulink>(5).</para>
</listitem>
</itemizedlist>
<para><replaceable>exclusion</replaceable> is described in
<ulink
url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>(5).</para>
url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5).</para>
</listitem>
</varlistentry>
@ -547,7 +547,7 @@
<listitem>
<para>See <ulink
url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>
url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>
(5)</para>
</listitem>
</varlistentry>

2
Shorewall6/manpages/shorewall6-interfaces.xml
View File

@ -345,7 +345,7 @@ loc eth2 -</programlisting>
url="/bridge-Shorewall-perl.html">Shorewall-perl for
firewall/bridging</ulink>, then you need to include
DHCP-specific rules in <ulink
url="/manpages/shorewall-rules.html">shorewall-rules</ulink>(8).
url="/manpages6/shorewall6-rules.html">shorewall6-rules</ulink>(8).
DHCP uses UDP ports 546 and 547.</para>
</note>
</listitem>

2
Shorewall6/manpages/shorewall6-ipsets.xml
View File

@ -102,7 +102,7 @@
<important>
<para>These additional match options are not available in <ulink
url="shorewall6-tcfilters.html">shorewall6-tcfilters(5)</ulink>.</para>
url="/manpages6/shorewall6-tcfilters.html">shorewall6-tcfilters(5)</ulink>.</para>
</important>
<para>Available options are:</para>

26
Shorewall6/manpages/shorewall6-mangle.xml
View File

@ -120,7 +120,7 @@
Additionally, a <replaceable>chain-designator</replaceable> may not
be specified in an action body unless the action is declared as
<option>inline</option> in <ulink
url="shorewall6-actions.html">shorewall6-actions</ulink>(5).</para>
url="/manpages6/shorewall6-actions.html">shorewall6-actions</ulink>(5).</para>
<para>Where a command takes parameters, those parameters are
enclosed in parentheses ("(....)") and separated by commas.</para>
@ -137,7 +137,7 @@
<para>Added in Shorewall 5.0.7.
<replaceable>action</replaceable> must be an action declared
with the <option>mangle</option> option in <ulink
url="manpages6/shorewall6-actions.html">shorewall6-actions(5)</ulink>.
url="/manpages6/shorewall6-actions.html">shorewall6-actions(5)</ulink>.
If the action accepts parameters, they are specified as a
comma-separated list within parentheses following the
<replaceable>action</replaceable> name.</para>
@ -300,7 +300,7 @@
configuration described at <ulink
url="http://www.loadbalancer.org/blog/setting-up-haproxy-with-transparent-mode-on-centos-6-x">http://www.loadbalancer.org/blog/setting-up-haproxy-with-transparent-mode-on-centos-6-x</ulink>,
place this entry in <ulink
url="manpages6/shorewall6-providers.html">shorewall6-providers(5)</ulink>:</para>
url="/manpages6/shorewall6-providers.html">shorewall6-providers(5)</ulink>:</para>
<programlisting>#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
TProxy 1 - - lo - tproxy</programlisting>
@ -410,7 +410,7 @@ DIVERTHA - - tcp</programlisting>
specified at the end of the rule. If the target is not one
known to Shorewall, then it must be defined as a builtin
action in <ulink
url="/manpages/shorewall-actions.html">shorewall-actions</ulink>
url="/manpages6/shorewall6-actions.html">shorewall6-actions</ulink>
(5).</para>
<para>The following rules are equivalent:</para>
@ -423,7 +423,7 @@ INLINE eth0 - ; -p tcp -j MARK --set
</programlisting>
<para>If INLINE_MATCHES=Yes in <ulink
url="/manpages/shorewall.conf.html">shorewall6.conf(5)</ulink>
url="/manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink>
then the third rule above can be specified as follows:</para>
<programlisting>MARK(2):P eth0 - ; -p tcp</programlisting>
@ -780,7 +780,7 @@ Normal-Service =&gt; 0x00</programlisting>
<listitem>
<para>where <replaceable>interface</replaceable> is the
logical name of an interface defined in <ulink
url="shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5).
url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5).
Matches packets entering the firewall from the named
interface. May not be used in CLASSIFY rules or in rules using
the :T chain qualifier.</para>
@ -807,7 +807,7 @@ Normal-Service =&gt; 0x00</programlisting>
<para>Matches traffic whose source IP address matches one of
the listed addresses and that does not match an address listed
in the <replaceable>exclusion</replaceable> (see <ulink
url="shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para>
url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para>
<para><emphasis role="bold">This form will not match traffic
that originates on the firewall itself unless either
@ -903,11 +903,11 @@ Normal-Service =&gt; 0x00</programlisting>
<listitem>
<para>where <replaceable>interface</replaceable> is the
logical name of an interface defined in <ulink
url="shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5).
url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5).
Matches packets leaving the firewall through the named
interface. May not be used in the PREROUTING chain (:P in the
mark column or no chain qualifier and MARK_IN_FORWARD_CHAIN=No
in <ulink url="shorewall6.conf">shorewall6.conf</ulink>
in <ulink url="/manpages6/shorewall6.conf">shorewall6.conf</ulink>
(5)).</para>
</listitem>
</varlistentry>
@ -932,7 +932,7 @@ Normal-Service =&gt; 0x00</programlisting>
<para>Matches traffic whose destination IP address matches one
of the listed addresses and that does not match an address
listed in the <replaceable>exclusion</replaceable> (see <ulink
url="shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para>
url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para>
</listitem>
</varlistentry>
@ -944,7 +944,7 @@ Normal-Service =&gt; 0x00</programlisting>
when both the outgoing interface and destination IP address
match. May not be used in the PREROUTING chain (:P in the mark
column or no chain qualifier and MARK_IN_FORWARD_CHAIN=No in
<ulink url="shorewall6.conf">shorewall6.conf</ulink>
<ulink url="/manpages6/shorewall6.conf">shorewall6.conf</ulink>
(5)).</para>
</listitem>
</varlistentry>
@ -959,7 +959,7 @@ Normal-Service =&gt; 0x00</programlisting>
<replaceable>exclusion</replaceable>. May not be used in the
PREROUTING chain (:P in the mark column or no chain qualifier
and MARK_IN_FORWARD_CHAIN=No in <ulink
url="shorewall6.conf">shorewall6.conf</ulink> (5)).</para>
url="/manpages6/shorewall6.conf">shorewall6.conf</ulink> (5)).</para>
</listitem>
</varlistentry>
@ -1027,7 +1027,7 @@ Normal-Service =&gt; 0x00</programlisting>
<listitem>
<para>See <ulink
url="shorewall-rules.html">shorewall6-rules(5)</ulink> for
url="/manpages6/shorewall6-rules.html">shorewall6-rules(5)</ulink> for
details.</para>
<para>Beginning with Shorewall 4.5.12, this column can accept a

2
Shorewall6/manpages/shorewall6-masq.xml
View File

@ -67,7 +67,7 @@
entry that defines <filename
class="devicefile">ppp+</filename>.</para>
<para>Where <ulink url="/4.4/MultiISP.html#Shared">more that one
<para>Where <ulink url="MultiISP.html#Shared">more that one
internet provider share a single interface</ulink>, the provider is
specified by including the provider name or number in
parentheses:</para>

8
Shorewall6/manpages/shorewall6-nat.xml
View File

@ -67,7 +67,7 @@
<para>Interfaces that have the <emphasis
role="bold">EXTERNAL</emphasis> address. If ADD_IP_ALIASES=Yes in
<ulink
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5),
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5),
Shorewall will automatically add the EXTERNAL address to this
interface. Also if ADD_IP_ALIASES=Yes, you may follow the interface
name with ":" and a <emphasis>digit</emphasis> to indicate that you
@ -78,12 +78,12 @@
</emphasis></para>
<para>Each interface must match an entry in <ulink
url="/manpages/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5).
url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5).
Shorewall allows loose matches to wildcard entries in <ulink
url="/manpages/shorewall-interfaces.html">shorewall6-interfaces</ulink>(5).
url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5).
For example, <filename class="devicefile">ppp0</filename> in this
file will match a <ulink
url="/manpages/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5)
url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5)
entry that defines <filename
class="devicefile">ppp+</filename>.</para>

4
Shorewall6/manpages/shorewall6-policy.xml
View File

@ -156,7 +156,7 @@
policy-action list can be prefixed with a plus sign ("+") indicating
that the listed actions are in addition to those listed in the
related _DEFAULT setting in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
<para>Possible policies are:</para>
@ -192,7 +192,7 @@
<listitem>
<para>Added in Shorewall 5.1.1 and requires that the
DYNAMIC_BLACKLIST setting in <ulink
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)
specifies ipset-based dynamic blacklisting. The SOURCE IP
address is added to the blacklist ipset and the connection
request is ignored.</para>

30
Shorewall6/manpages/shorewall6-rules.xml
View File

@ -487,7 +487,7 @@
the<replaceable>
ip6tables-</replaceable><replaceable>target</replaceable> as a
builtin action in <ulink
url="shorewall6-actions.html">shorewall6-actions</ulink>(5).</para>
url="/manpages6/shorewall6-actions.html">shorewall6-actions</ulink>(5).</para>
<important>
<para>If you specify REJECT as the
@ -642,7 +642,7 @@
<listitem>
<para>like NFQUEUE but exempts the rule from being suppressed
by OPTIMIZE=1 in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
</listitem>
</varlistentry>
@ -829,7 +829,7 @@
<para>If the <emphasis role="bold">ACTION</emphasis> names an
<emphasis>action</emphasis> declared in <ulink
url="shorewall6-actions.html">shorewall6-actions</ulink>(5) or in
url="/manpages6/shorewall6-actions.html">shorewall6-actions</ulink>(5) or in
/usr/share/shorewall/actions.std then:</para>
<itemizedlist>
@ -884,7 +884,7 @@
<listitem>
<para>The name of a zone defined in <ulink
url="shorewall6-zones.html">shorewall6-zones</ulink>(5). When
url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink>(5). When
only the zone name is specified, the packet source may be any
host in that zone.</para>
@ -951,9 +951,9 @@
<replaceable>interface</replaceable> must be the name of an
interface associated with the named
<replaceable>zone</replaceable> in either <ulink
url="shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5)
url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5)
or <ulink
url="shorewall6.hosts.html">shorewall6-hosts</ulink>(5). Only
url="/manpages6/shorewall6.hosts.html">shorewall6-hosts</ulink>(5). Only
packets from hosts in the <replaceable>zone</replaceable> that
arrive through the named interface will match the rule.</para>
</listitem>
@ -971,7 +971,7 @@
follow the standard convention and be enclosed in square
brackets (e.g., [2001:470:b:227::0]/64). A network address
may be followed by exclusion (see <ulink
url="shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para>
url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para>
</listitem>
<listitem>
@ -1009,7 +1009,7 @@
be specified by an ampersand ('&amp;') followed by the
logical name of the interface as found in the INTERFACE
column of <ulink
url="shorewall6-interfaces.html">shorewall6-interfaces</ulink>
url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>
(5).</para>
</listitem>
</itemizedlist>
@ -1031,7 +1031,7 @@
<listitem>
<para>This form matches if the host IP address does not match
any of the entries in the exclusion (see <ulink
url="shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para>
url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para>
</listitem>
</varlistentry>
@ -1139,7 +1139,7 @@
<listitem>
<para>The name of a zone defined in <ulink
url="shorewall6-zones.html">shorewall6-zones</ulink>(5). When
url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink>(5). When
only the zone name is specified, the packet destination may be
any host in that zone.</para>
@ -1206,9 +1206,9 @@
<replaceable>interface</replaceable> must be the name of an
interface associated with the named
<replaceable>zone</replaceable> in either <ulink
url="shorewall-interfaces.html">shorewall6-interfaces</ulink>(5)
url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5)
or <ulink
url="shorewall.hosts.html">shorewall6-hosts</ulink>(5). Only
url="/manpages6/shorewall6.hosts.html">shorewall6-hosts</ulink>(5). Only
packets to hosts in the <replaceable>zone</replaceable> that
are sent through the named interface will match the
rule.</para>
@ -1225,7 +1225,7 @@
<listitem>
<para>A host or network IP address. A network address may
be followed by exclusion (see <ulink
url="shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para>
url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para>
</listitem>
<listitem>
@ -1257,7 +1257,7 @@
be specified by an ampersand ('&amp;') followed by the
logical name of the interface as found in the INTERFACE
column of <ulink
url="/manpages/shorewall6-interfaces.html">shorewall6-interfaces</ulink>
url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>
(5).</para>
</listitem>
</itemizedlist>
@ -1280,7 +1280,7 @@
<listitem>
<para>This form matches if the host IP address does not match
any of the entries in the exclusion (see <ulink
url="shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para>
url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para>
</listitem>
</varlistentry>

2
Shorewall6/manpages/shorewall6-secmarks.xml
View File

@ -223,7 +223,7 @@
<listitem>
<para>See <ulink
url="shorewall-rules.html">shorewall6-rules(5)</ulink> for
url="/manpages6/shorewall6-rules.html">shorewall6-rules(5)</ulink> for
details.</para>
<para>Beginning with Shorewall 4.5.12, this column can accept a

10
Shorewall6/manpages/shorewall6-snat.xml
View File

@ -27,7 +27,7 @@
<para>This file is used to define dynamic NAT (Masquerading) and to define
Source NAT (SNAT). While still supported, its use is deprecated in favor
of <ulink url="shorewall6-snat.html">shorewall6-snat</ulink>(5) which was
of <ulink url="/manpages6/shorewall6-snat.html">shorewall6-snat</ulink>(5) which was
introduced in Shorewall 5.0.14.</para>
<warning>
@ -84,7 +84,7 @@
<para>If you specify an address here, matching packets will
have their source address set to that address. If
ADD_SNAT_ALIASES is set to Yes or yes in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5) then
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) then
Shorewall will automatically add this address to the INTERFACE
named in the first column.</para>
@ -149,7 +149,7 @@
<listitem>
<para>where <replaceable>action</replaceable> is an action
declared in <ulink
url="shorewall6-actions.html">shorewall6-actions(5)</ulink>
url="/manpages6/shorewall6-actions.html">shorewall6-actions(5)</ulink>
with the <option>nat</option> option. See <ulink
url="/Actions.html">www.shorewall.net/Actions.html</ulink> for
further information.</para>
@ -200,7 +200,7 @@
entry that defines <filename
class="devicefile">ppp+</filename>.</para>
<para>Where <ulink url="/4.4/MultiISP.html#Shared">more that one
<para>Where <ulink url="MultiISP.html#Shared">more that one
internet provider share a single interface</ulink>, the provider is
specified by including the provider name or number in
parentheses:</para>
@ -235,7 +235,7 @@
<listitem>
<para>If you wish to restrict this entry to a particular protocol
then enter the protocol name (from protocols(5)) or number here. See
<ulink url="shorewall-rules.html">shorewall6-rules(5)</ulink> for
<ulink url="/manpages6/shorewall6-rules.html">shorewall6-rules(5)</ulink> for
details.</para>
<para>Beginning with Shorewall 4.5.12, this column can accept a

8
Shorewall6/manpages/shorewall6-tcfilters.xml
View File

@ -89,11 +89,11 @@
Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+')
may be used if your kernel and ip6tables have the <firstterm>Basic
Ematch </firstterm>capability and you set BASIC_FILTERS=Yes in
<ulink url="shorewall6.conf.html">shorewall6.conf (5)</ulink>. The
<ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf (5)</ulink>. The
ipset name may optionally be followed by a number or a comma
separated list of src and/or dst enclosed in square brackets
([...]). See <ulink
url="shorewall6-ipsets.html">shorewall6-ipsets(5)</ulink> for
url="/manpages6/shorewall6-ipsets.html">shorewall6-ipsets(5)</ulink> for
details.</para>
</listitem>
</varlistentry>
@ -108,11 +108,11 @@
Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+')
may be used if your kernel and ip6tables have the <firstterm>Basic
Ematch</firstterm> capability and you set BASIC_FILTERS=Yes in
<ulink url="shorewall6.conf.html">shorewall6.conf (5)</ulink>. The
<ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf (5)</ulink>. The
ipset name may optionally be followed by a number or a comma
separated list of src and/or dst enclosed in square brackets
([...]). See <ulink
url="shorewall6-ipsets.html">shorewall6-ipsets(5)</ulink> for
url="/manpages6/shorewall6-ipsets.html">shorewall6-ipsets(5)</ulink> for
details.</para>
</listitem>
</varlistentry>

4
Shorewall6/manpages/shorewall6-zones.xml
View File

@ -47,14 +47,14 @@
"none", "any", "SOURCE" and "DEST" are reserved and may not be used
as zone names. The maximum length of a zone name is determined by
the setting of the LOGFORMAT option in <ulink
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5). With
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5). With
the default LOGFORMAT, zone names can be at most 5 characters
long.</para>
<blockquote>
<para>The maximum length of an iptables log prefix is 29 bytes. As
explained in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink> (5), the legacy
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink> (5), the legacy
default LOGPREFIX formatting string is “Shorewall:%s:%s:” where
the first %s is replaced by the chain name and the second is
replaced by the disposition.</para>

29
Shorewall6/manpages/shorewall6.conf.xml
View File

@ -243,9 +243,9 @@
<listitem>
<para>The value of this variable affects Shorewall's stopped state.
The behavior differs depending on whether <ulink
url="shorewall-routestopped.html">shorewall-routestopped</ulink>(5)
url="/manpages6/shorewall6-routestopped.html">shorewall6-routestopped</ulink>(5)
or <ulink
url="shorewall-stoppedrules.html">shorewall-stoppedrules</ulink>(5)
url="/manpages6/shorewall6-stoppedrules.html">shorewall6-stoppedrules</ulink>(5)
is used:</para>
<variablelist>
@ -404,7 +404,7 @@
<para>Added in Shorewall 5.1.1. When USE_DEFAULT_RT=Yes, this option
determines whether the <option>balance</option> provider option (see
<ulink
url="shorewall6-providers.html">shorewall6-providers(5)</ulink>) is
url="/manpages6/shorewall6-providers.html">shorewall6-providers(5)</ulink>) is
the default. When BALANCE_PROVIDERS=Yes, then the
<option>balance</option> option is assumed unless the
<option>fallback</option>, <option>loose</option>,
@ -421,7 +421,7 @@
<listitem>
<para>Added in Shorewall-4.6.0. When set to <emphasis
role="bold">Yes</emphasis>, causes entries in <ulink
url="shorewall6-tcfilters.html">shorewall6-tcfilters(5)</ulink> to
url="/manpages6/shorewall6-tcfilters.html">shorewall6-tcfilters(5)</ulink> to
generate a basic filter rather than a u32 filter. This setting
requires the <firstterm>Basic Ematch</firstterm> capability in your
kernel and iptables.</para>
@ -950,8 +950,8 @@ net all DROP info</programlisting>then the chain name is 'net-all'
specificaitons</ulink> on the right.. When INLINE_MATCHES=Yes is
specified, the specifications on the right are interpreted as if
INLINE had been specified in the ACTION column. This also applies to
<ulink url="shorewall-masq.html">shorewall6-masq(5)</ulink> and
<ulink url="shorewall6-mangle.html">shorewall6-mangle(5</ulink>)
<ulink url="/manpages6/shorewall6-masq.html">shorewall6-masq(5)</ulink> and
<ulink url="/manpages6/shorewall6-mangle.html">shorewall6-mangle(5</ulink>)
which also support INLINE. If not specified or if specified as the
empty value, the value 'No' is assumed for backward
compatibility.</para>
@ -1194,7 +1194,7 @@ net all DROP info</programlisting>then the chain name is 'net-all'
sample configurations use this as the default log level and changing
it will change all packet logging done by the configuration. In any
configuration file (except <ulink
url="shorewall6-params.html">shorewall6-params(5)</ulink>),
url="/manpages6/shorewall6-params.html">shorewall6-params(5)</ulink>),
$LOG_LEVEL will expand to this value.</para>
</listitem>
</varlistentry>
@ -1316,7 +1316,7 @@ net all DROP info</programlisting>then the chain name is 'net-all'
<note>
<para>The setting of LOGFORMAT has an effect of the permitted
length of zone names. See <ulink
url="/manpages/shorewall-zones.html">shorewall6-zones</ulink>
url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink>
(5).</para>
</note>
@ -1679,10 +1679,9 @@ LOG:info:,bar net fw</programlisting>
<itemizedlist>
<listitem>
<para>Optimization category 1 - Traditionally, Shorewall has
created rules for <ulink
url="/ScalabilityAndPerformance.html">the complete matrix of
created rules for the complete matrix of
host groups defined by the zones, interfaces and hosts
files</ulink>. Any traffic that didn't correspond to an element
files. Any traffic that didn't correspond to an element
of that matrix was rejected in one of the built-in chains. When
the matrix is sparse, this results in lots of largely useless
rules.</para>
@ -2104,7 +2103,7 @@ INLINE - - - ;; -j REJECT
<para>Added in Shorewall 4.4.10. The default is No. If set to Yes,
at least one optional interface must be up in order for the firewall
to be in the started state. Intended to be used with the <ulink
url="/manpages/shorewall-init.html">Shorewall Init
url="/shorewall-init.html">Shorewall Init
Package</ulink>.</para>
</listitem>
</varlistentry>
@ -2381,9 +2380,9 @@ INLINE - - - ;; -j REJECT
<para>If you set TC_ENABLED=Simple (Shorewall 4.4.6 and later),
simple traffic shaping using <ulink
url="/manpages/shorewall-tcinterfaces.html">shorewall-tcinterfaces</ulink>(5)
url="/manpages6/shorewall6-tcinterfaces.html">shorewall6-tcinterfaces</ulink>(5)
and <ulink
url="/manpages/shorewall-tcpri.html">shorewall-tcpri</ulink>(5) is
url="/manpages6/shorewall6-tcpri.html">shorewall6-tcpri</ulink>(5) is
enabled.</para>
<para>Beginning with Shorewall 4.4.15, if you set TC_ENABLED=Shared
@ -2598,7 +2597,7 @@ INLINE - - - ;; -j REJECT
<listitem>
<para>Packets are sent through the main routing table by a rule
with priority 999. In <ulink
url="/manpages6/shorewall6-routing_rules.html">shorewall6-routing_rules</ulink>(5),
url="/manpages6/shorewall6-rtrules.html">shorewall6-routing_rules</ulink>(5),
the range 1-998 may be used for inserting rules that bypass the
main table.</para>
</listitem>