diff --git a/Shorewall/manpages/shorewall-actions.xml b/Shorewall/manpages/shorewall-actions.xml
index 51644d4e4..d96026d10 100644
--- a/Shorewall/manpages/shorewall-actions.xml
+++ b/Shorewall/manpages/shorewall-actions.xml
@@ -148,9 +148,9 @@
Added in Shorewall 5.0.7. Specifies that this action is
to be used in shorewall-mangle(5) rather
+ url="/manpages/shorewall-mangle.html">shorewall-mangle(5) rather
than shorewall-rules(5).
+ url="/manpages/shorewall-rules.html">shorewall-rules(5).
@@ -160,9 +160,9 @@
Added in Shorewall 5.0.13. Specifies that this action is
to be used in shorewall-snat(5) rather
+ url="/manpages/shorewall-snat.html">shorewall-snat(5) rather
than shorewall-rules(5). The
+ url="/manpages/shorewall-rules.html">shorewall-rules(5). The
and options are
mutually exclusive.
diff --git a/Shorewall/manpages/shorewall-blrules.xml b/Shorewall/manpages/shorewall-blrules.xml
index 6f3e2d299..dd8f6ebe7 100644
--- a/Shorewall/manpages/shorewall-blrules.xml
+++ b/Shorewall/manpages/shorewall-blrules.xml
@@ -170,7 +170,7 @@
queues matching packets to a back end logging daemon via
a netlink socket then continues to the next rule. See http://www.shorewall.net/shorewall_logging.html.
+ url="/shorewall_logging.html">http://www.shorewall.net/shorewall_logging.html.
diff --git a/Shorewall/manpages/shorewall-interfaces.xml b/Shorewall/manpages/shorewall-interfaces.xml
index 903c71f12..b386558cd 100644
--- a/Shorewall/manpages/shorewall-interfaces.xml
+++ b/Shorewall/manpages/shorewall-interfaces.xml
@@ -257,7 +257,7 @@ loc eth2 -
Do not specify arp_ignore for any interface involved
- in Proxy ARP.
+ in Proxy ARP.
@@ -323,7 +323,7 @@ loc eth2 -
and/or destination address is to be compared against the
ipset-based dynamic blacklist (DYNAMIC_BLACKLIST=ipset... in
shorewall.conf(5)).
+ url="/manpages/shorewall.conf.html">shorewall.conf(5)).
The default is determine by the setting of
DYNAMIC_BLACKLIST:
@@ -411,13 +411,13 @@ loc eth2 -
the interface is a simple bridge with a
+ url="/SimpleBridge.html">simple bridge with a
DHCP server on one port and DHCP clients on another
port.If you use Shorewall-perl for
+ url="/bridge-Shorewall-perl.html">Shorewall-perl for
firewall/bridging, then you need to include
DHCP-specific rules in shorewall-rules(5).
diff --git a/Shorewall/manpages/shorewall-ipsets.xml b/Shorewall/manpages/shorewall-ipsets.xml
index fee152b7e..0bb47f632 100644
--- a/Shorewall/manpages/shorewall-ipsets.xml
+++ b/Shorewall/manpages/shorewall-ipsets.xml
@@ -103,7 +103,7 @@
These additional match options are not available in shorewall-tcfilters(5).
+ url="/manpages/shorewall-tcfilters.html">shorewall-tcfilters(5).Available options are:
diff --git a/Shorewall/manpages/shorewall-mangle.xml b/Shorewall/manpages/shorewall-mangle.xml
index 171d5af64..d27e7de55 100644
--- a/Shorewall/manpages/shorewall-mangle.xml
+++ b/Shorewall/manpages/shorewall-mangle.xml
@@ -119,7 +119,7 @@
Additionally, a chain-designator may not
be specified in an action body unless the action is declared as
in shorewall-actions(5).
+ url="/manpages6/shorewall6-actions.html">shorewall-actions(5).
Where a command takes parameters, those parameters are
enclosed in parentheses ("(....)") and separated by commas.
@@ -299,7 +299,7 @@
configuration described at http://www.loadbalancer.org/blog/setting-up-haproxy-with-transparent-mode-on-centos-6-x,
place this entry in shorewall-providers(5):
+ url="/manpages/shorewall-providers.html">shorewall-providers(5):
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
TProxy 1 - - lo - tproxy
@@ -365,7 +365,7 @@ DIVERTHA - - tcp
Added in Shorewall 5.0.6 as an alternative to entries in
- shorewall-ecn(5). If a
+ shorewall-ecn(5). If a
PROTO is specified, it must be 'tcp' (6). If no PROTO is
supplied, TCP is assumed. This action causes all ECN bits in
the TCP header to be cleared.
@@ -788,7 +788,7 @@ Normal-Service => 0x00
where interface is the
logical name of an interface defined in shorewall-interfaces(5).
+ url="/manpages/shorewall-interfaces.html">shorewall-interfaces(5).
Matches packets entering the firewall from the named
interface. May not be used in CLASSIFY rules or in rules using
the :T chain qualifier.
@@ -911,11 +911,11 @@ Normal-Service => 0x00
where interface is the
logical name of an interface defined in shorewall-interfaces(5).
+ url="/manpages/shorewall-interfaces.html">shorewall-interfaces(5).
Matches packets leaving the firewall through the named
interface. May not be used in the PREROUTING chain (:P in the
mark column or no chain qualifier and MARK_IN_FORWARD_CHAIN=No
- in shorewall.conf
+ in shorewall.conf
(5)).
@@ -952,7 +952,7 @@ Normal-Service => 0x00
when both the outgoing interface and destination IP address
match. May not be used in the PREROUTING chain (:P in the mark
column or no chain qualifier and MARK_IN_FORWARD_CHAIN=No in
- shorewall.conf
+ shorewall.conf
(5)).
@@ -967,7 +967,7 @@ Normal-Service => 0x00
exclusion. May not be used in the
PREROUTING chain (:P in the mark column or no chain qualifier
and MARK_IN_FORWARD_CHAIN=No in shorewall.conf
+ url="/manpages/shorewall.conf">shorewall.conf
(5)).
@@ -1036,7 +1036,7 @@ Normal-Service => 0x00
See shorewall-rules(5) for
+ url="/manpages/shorewall-rules.html">shorewall-rules(5) for
details.Beginning with Shorewall 4.5.12, this column can accept a
diff --git a/Shorewall/manpages/shorewall-nat.xml b/Shorewall/manpages/shorewall-nat.xml
index 8876c1307..50c29b4f4 100644
--- a/Shorewall/manpages/shorewall-nat.xml
+++ b/Shorewall/manpages/shorewall-nat.xml
@@ -199,7 +199,7 @@ all all REJECT info
Set IMPLICIT_CONTINUE=Yes in shorewall.conf(5).
+ url="/manpages/shorewall.conf.html">shorewall.conf(5).
diff --git a/Shorewall/manpages/shorewall-rules.xml b/Shorewall/manpages/shorewall-rules.xml
index 4bcb98dd0..3f04c6c1b 100644
--- a/Shorewall/manpages/shorewall-rules.xml
+++ b/Shorewall/manpages/shorewall-rules.xml
@@ -922,7 +922,7 @@
The name of a zone defined in shorewall-zones(5). When
+ url="/manpages/shorewall-zones.html">shorewall-zones(5). When
only the zone name is specified, the packet source may be any
host in that zone.
@@ -989,9 +989,9 @@
interface must be the name of an
interface associated with the named
zone in either shorewall-interfaces(5)
+ url="/manpages/shorewall-interfaces.html">shorewall-interfaces(5)
or shorewall-hosts(5). Only
+ url="/manpages/shorewall.hosts.html">shorewall-hosts(5). Only
packets from hosts in the zone that
arrive through the named interface will match the rule.
@@ -1007,7 +1007,7 @@
A host or network IP address. A network address may
be followed by exclusion (see shorewall-exclusion(5)).
+ url="/manpages/shorewall-exclusion.html">shorewall-exclusion(5)).
@@ -1067,7 +1067,7 @@
This form matches if the host IP address does not match
any of the entries in the exclusion (see shorewall-exclusion(5)).
+ url="/manpages/shorewall-exclusion.html">shorewall-exclusion(5)).
@@ -1229,7 +1229,7 @@
The name of a zone defined in shorewall-zones(5). When
+ url="/manpages/shorewall-zones.html">shorewall-zones(5). When
only the zone name is specified, the packet destination may be
any host in that zone.
@@ -1296,9 +1296,9 @@
interface must be the name of an
interface associated with the named
zone in either shorewall-interfaces(5)
+ url="/manpages/shorewall-interfaces.html">shorewall-interfaces(5)
or shorewall-hosts(5). Only
+ url="/manpages/shorewall-hosts.html">shorewall-hosts(5). Only
packets to hosts in the zone that
are sent through the named interface will match the
rule.
@@ -1315,7 +1315,7 @@
A host or network IP address. A network address may
be followed by exclusion (see shorewall-exclusion(5)).
+ url="/manpages/shorewall-exclusion.html">shorewall-exclusion(5)).
@@ -1370,7 +1370,7 @@
This form matches if the host IP address does not match
any of the entries in the exclusion (see shorewall-exclusion(5)).
+ url="/manpages/shorewall-exclusion.html">shorewall-exclusion(5)).
diff --git a/Shorewall/manpages/shorewall-snat.xml b/Shorewall/manpages/shorewall-snat.xml
index 16dd06047..acf68160c 100644
--- a/Shorewall/manpages/shorewall-snat.xml
+++ b/Shorewall/manpages/shorewall-snat.xml
@@ -27,7 +27,7 @@
This file is used to define dynamic NAT (Masquerading) and to define
Source NAT (SNAT). It superseded shorewall-masq(5) in Shorewall
+ url="/manpages/shorewall-masq.html">shorewall-masq(5) in Shorewall
5.0.14.
@@ -150,7 +150,7 @@
where action is an action
declared in shorewall-actions(5) with
+ url="/manpages/shorewall-actions.html">shorewall-actions(5) with
the option. See www.shorewall.net/Actions.html for
further information.
@@ -257,7 +257,7 @@
If you wish to restrict this entry to a particular protocol
then enter the protocol name (from protocols(5)) or number here. See
- shorewall-rules(5) for
+ shorewall-rules(5) for
details.Beginning with Shorewall 4.5.12, this column can accept a
diff --git a/Shorewall/manpages/shorewall-tcfilters.xml b/Shorewall/manpages/shorewall-tcfilters.xml
index 17f8d6d5d..db51a3f1e 100644
--- a/Shorewall/manpages/shorewall-tcfilters.xml
+++ b/Shorewall/manpages/shorewall-tcfilters.xml
@@ -89,11 +89,11 @@
Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+')
may be used if your kernel and ip6tables have the Basic
Ematch capability and you set BASIC_FILTERS=Yes in
- shorewall.conf (5). The
+ shorewall.conf (5). The
ipset name may optionally be followed by a number or a comma
separated list of src and/or dst enclosed in square brackets
([...]). See shorewall-ipsets(5) for
+ url="/manpages/shorewall-ipsets.html">shorewall-ipsets(5) for
details.
@@ -108,11 +108,11 @@
Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+')
may be used if your kernel and ip6tables have the Basic
Ematch capability and you set BASIC_FILTERS=Yes in
- shorewall.conf (5). The
+ shorewall.conf (5). The
ipset name may optionally be followed by a number or a comma
separated list of src and/or dst enclosed in square brackets
([...]). See shorewall-ipsets(5) for
+ url="/manpages/shorewall-ipsets.html">shorewall-ipsets(5) for
details.
You may exclude certain hosts from the set already defined
diff --git a/Shorewall/manpages/shorewall.conf.xml b/Shorewall/manpages/shorewall.conf.xml
index 67ce8f596..a99981e70 100644
--- a/Shorewall/manpages/shorewall.conf.xml
+++ b/Shorewall/manpages/shorewall.conf.xml
@@ -321,9 +321,9 @@
The value of this variable affects Shorewall's stopped state.
The behavior differs depending on whether shorewall-routestopped(5)
+ url="/manpages/shorewall-routestopped.html">shorewall-routestopped(5)
or shorewall-stoppedrules(5)
+ url="/manpages/shorewall-stoppedrules.html">shorewall-stoppedrules(5)
is used:
@@ -483,7 +483,7 @@
Added in Shorewall 5.1.1. When USE_DEFAULT_RT=Yes, this option
determines whether the provider option (see
shorewall-providers(5)) is
+ url="/manpages/shorewall-providers.html">shorewall-providers(5)) is
the default. When BALANCE_PROVIDERS=Yes, then the
option is assumed unless the
, ,
@@ -500,7 +500,7 @@
Added in Shorewall-4.6.0. When set to Yes, causes entries in shorewall-tcfilters(5) to
+ url="/manpages/shorewall-tcfilters.html">shorewall-tcfilters(5) to
generate a basic filter rather than a u32 filter. This setting
requires the Basic Ematch capability in your
kernel and iptables.
@@ -1114,8 +1114,8 @@ net all DROP infothen the chain name is 'net-all'
specificaitons on the right.. When INLINE_MATCHES=Yes is
specified, the specifications on the right are interpreted as if
INLINE had been specified in the ACTION column. This also applies to
- shorewall-masq(5) and
- shorewall-mangle(5) which
+ shorewall-masq(5) and
+ shorewall-mangle(5) which
also support INLINE. If not specified or if specified as the empty
value, the value 'No' is assumed for backward compatibility.
@@ -1365,7 +1365,7 @@ net all DROP infothen the chain name is 'net-all'
sample configurations use this as the default log level and changing
it will change all packet logging done by the configuration. In any
configuration file (except shorewall-params(5)), $LOG_LEVEL
+ url="/manpages/shorewall-params.html">shorewall-params(5)), $LOG_LEVEL
will expand to this value.
@@ -1487,7 +1487,7 @@ net all DROP infothen the chain name is 'net-all'
log, and hits commands.
If not assigned or if assigned an empty value, /var/log/messages is
assumed. For further information, see http://www.shorewall.net/shorewall_logging.html.
+ url="/manpages/shorewall_logging.html">http://www.shorewall.net/shorewall_logging.html.
Beginning with Shorewall 5.0.10.1, you may specify
to use journelctl -r to
read the log.
@@ -1935,10 +1935,9 @@ LOG:info:,bar net fw
Optimization category 1 - Traditionally, Shorewall has
- created rules for the complete matrix of
+ created rules for the complete matrix of
host groups defined by the zones, interfaces and hosts
- files. Any traffic that didn't correspond to an element
+ files. Any traffic that didn't correspond to an element
of that matrix was rejected in one of the built-in chains. When
the matrix is sparse, this results in lots of largely useless
rules.
@@ -2944,7 +2943,7 @@ INLINE - - - ;; -j REJECT
Packets are sent through the main routing table by a rule
with priority 999. In routing_rules(5),
+ url="/manpages/shorewall-rtrules.html">shorewall-rtrules(5),
the range 1-998 may be used for inserting rules that bypass the
main table.
diff --git a/Shorewall6/manpages/shorewall6-actions.xml b/Shorewall6/manpages/shorewall6-actions.xml
index be45c1e03..39b0ad1ed 100644
--- a/Shorewall6/manpages/shorewall6-actions.xml
+++ b/Shorewall6/manpages/shorewall6-actions.xml
@@ -149,9 +149,9 @@
Added in Shorewall 5.0.7. Specifies that this action is
to be used in shorewall6-mangle(5)
+ url="/manpages6/shorewall6-mangle.html">shorewall6-mangle(5)
rather than shorewall6-rules(5).
+ url="/manpages6/shorewall6-rules.html">shorewall6-rules(5).
@@ -161,9 +161,9 @@
Added in Shorewall 5.0.13. Specifies that this action is
to be used in shorewall6-snat(5) rather
+ url="/manpages6/shorewall6-snat.html">shorewall6-snat(5) rather
than shorewall6-rules(5). The
+ url="/manpages6/shorewall6-rules.html">shorewall6-rules(5). The
and options are
mutually exclusive.
diff --git a/Shorewall6/manpages/shorewall6-blrules.xml b/Shorewall6/manpages/shorewall6-blrules.xml
index 9f2903c11..27334ae29 100644
--- a/Shorewall6/manpages/shorewall6-blrules.xml
+++ b/Shorewall6/manpages/shorewall6-blrules.xml
@@ -171,7 +171,7 @@
queues matching packets to a back end logging daemon via
a netlink socket then continues to the next rule. See http://www.shorewall.net/shorewall_logging.html.
+ url="/shorewall_logging.html">http://www.shorewall.net/shorewall_logging.html.
diff --git a/Shorewall6/manpages/shorewall6-conntrack.xml b/Shorewall6/manpages/shorewall6-conntrack.xml
index 707b969df..e6d1fe4c9 100644
--- a/Shorewall6/manpages/shorewall6-conntrack.xml
+++ b/Shorewall6/manpages/shorewall6-conntrack.xml
@@ -403,7 +403,7 @@
Where interface is the logical name of an interface
defined in shorewall-interface(5).
+ url="/manpages6/shorewall6-interfaces.html">shorewall6-interface(5).
@@ -426,13 +426,13 @@
The name of an ipset preceded by a plus sign ("+").
See shorewall-ipsets(5).
+ url="/manpages6/shorewall6-ipsets.html">shorewall6-ipsets(5).
exclusion is described in
shorewall-exclusion(5).
+ url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion(5).
@@ -450,7 +450,7 @@
See shorewall-exclusion
+ url="/manpages6/shorewall6-exclusion.html">shorewall-exclusion
(5)
@@ -499,7 +499,7 @@
Where interface is the logical name of an interface
defined in shorewall-interface(5).
+ url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces(5).
@@ -522,13 +522,13 @@
The name of an ipset preceded by a plus sign ("+").
See shorewall-ipsets(5).
+ url="/manpages6/shorewall6-ipsets.html">shorewall6-ipsets(5).
exclusion is described in
shorewall-exclusion(5).
+ url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion(5).
@@ -547,7 +547,7 @@
See shorewall-exclusion
+ url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion
(5)
diff --git a/Shorewall6/manpages/shorewall6-interfaces.xml b/Shorewall6/manpages/shorewall6-interfaces.xml
index 80b9c84d6..696ee088c 100644
--- a/Shorewall6/manpages/shorewall6-interfaces.xml
+++ b/Shorewall6/manpages/shorewall6-interfaces.xml
@@ -345,7 +345,7 @@ loc eth2 -
url="/bridge-Shorewall-perl.html">Shorewall-perl for
firewall/bridging, then you need to include
DHCP-specific rules in shorewall-rules(8).
+ url="/manpages6/shorewall6-rules.html">shorewall6-rules(8).
DHCP uses UDP ports 546 and 547.
diff --git a/Shorewall6/manpages/shorewall6-ipsets.xml b/Shorewall6/manpages/shorewall6-ipsets.xml
index b71659b07..8087fc75b 100644
--- a/Shorewall6/manpages/shorewall6-ipsets.xml
+++ b/Shorewall6/manpages/shorewall6-ipsets.xml
@@ -102,7 +102,7 @@
These additional match options are not available in shorewall6-tcfilters(5).
+ url="/manpages6/shorewall6-tcfilters.html">shorewall6-tcfilters(5).
Available options are:
diff --git a/Shorewall6/manpages/shorewall6-mangle.xml b/Shorewall6/manpages/shorewall6-mangle.xml
index 87c2e45fa..02ff605b4 100644
--- a/Shorewall6/manpages/shorewall6-mangle.xml
+++ b/Shorewall6/manpages/shorewall6-mangle.xml
@@ -120,7 +120,7 @@
Additionally, a chain-designator may not
be specified in an action body unless the action is declared as
in shorewall6-actions(5).
+ url="/manpages6/shorewall6-actions.html">shorewall6-actions(5).
Where a command takes parameters, those parameters are
enclosed in parentheses ("(....)") and separated by commas.
@@ -137,7 +137,7 @@
Added in Shorewall 5.0.7.
action must be an action declared
with the option in shorewall6-actions(5).
+ url="/manpages6/shorewall6-actions.html">shorewall6-actions(5).
If the action accepts parameters, they are specified as a
comma-separated list within parentheses following the
action name.
@@ -300,7 +300,7 @@
configuration described at http://www.loadbalancer.org/blog/setting-up-haproxy-with-transparent-mode-on-centos-6-x,
place this entry in shorewall6-providers(5):
+ url="/manpages6/shorewall6-providers.html">shorewall6-providers(5):
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
TProxy 1 - - lo - tproxy
@@ -410,7 +410,7 @@ DIVERTHA - - tcp
specified at the end of the rule. If the target is not one
known to Shorewall, then it must be defined as a builtin
action in shorewall-actions
+ url="/manpages6/shorewall6-actions.html">shorewall6-actions
(5).
The following rules are equivalent:
@@ -423,7 +423,7 @@ INLINE eth0 - ; -p tcp -j MARK --set
If INLINE_MATCHES=Yes in shorewall6.conf(5)
+ url="/manpages6/shorewall6.conf.html">shorewall6.conf(5)
then the third rule above can be specified as follows:MARK(2):P eth0 - ; -p tcp
@@ -780,7 +780,7 @@ Normal-Service => 0x00
where interface is the
logical name of an interface defined in shorewall6-interfaces(5).
+ url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces(5).
Matches packets entering the firewall from the named
interface. May not be used in CLASSIFY rules or in rules using
the :T chain qualifier.
@@ -807,7 +807,7 @@ Normal-Service => 0x00
Matches traffic whose source IP address matches one of
the listed addresses and that does not match an address listed
in the exclusion (see shorewall6-exclusion(5)).
+ url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion(5)).
This form will not match traffic
that originates on the firewall itself unless either
@@ -903,11 +903,11 @@ Normal-Service => 0x00
where interface is the
logical name of an interface defined in shorewall6-interfaces(5).
+ url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces(5).
Matches packets leaving the firewall through the named
interface. May not be used in the PREROUTING chain (:P in the
mark column or no chain qualifier and MARK_IN_FORWARD_CHAIN=No
- in shorewall6.conf
+ in shorewall6.conf
(5)).
@@ -932,7 +932,7 @@ Normal-Service => 0x00
Matches traffic whose destination IP address matches one
of the listed addresses and that does not match an address
listed in the exclusion (see shorewall6-exclusion(5)).
+ url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion(5)).
@@ -944,7 +944,7 @@ Normal-Service => 0x00
when both the outgoing interface and destination IP address
match. May not be used in the PREROUTING chain (:P in the mark
column or no chain qualifier and MARK_IN_FORWARD_CHAIN=No in
- shorewall6.conf
+ shorewall6.conf
(5)).
@@ -959,7 +959,7 @@ Normal-Service => 0x00
exclusion. May not be used in the
PREROUTING chain (:P in the mark column or no chain qualifier
and MARK_IN_FORWARD_CHAIN=No in shorewall6.conf (5)).
+ url="/manpages6/shorewall6.conf">shorewall6.conf (5)).
@@ -1027,7 +1027,7 @@ Normal-Service => 0x00
See shorewall6-rules(5) for
+ url="/manpages6/shorewall6-rules.html">shorewall6-rules(5) for
details.Beginning with Shorewall 4.5.12, this column can accept a
diff --git a/Shorewall6/manpages/shorewall6-masq.xml b/Shorewall6/manpages/shorewall6-masq.xml
index cdd9e9532..da310ebbd 100644
--- a/Shorewall6/manpages/shorewall6-masq.xml
+++ b/Shorewall6/manpages/shorewall6-masq.xml
@@ -67,7 +67,7 @@
entry that defines ppp+.
- Where more that one
+ Where more that one
internet provider share a single interface, the provider is
specified by including the provider name or number in
parentheses:
diff --git a/Shorewall6/manpages/shorewall6-nat.xml b/Shorewall6/manpages/shorewall6-nat.xml
index 60a33bc9b..747bdd902 100644
--- a/Shorewall6/manpages/shorewall6-nat.xml
+++ b/Shorewall6/manpages/shorewall6-nat.xml
@@ -67,7 +67,7 @@
Interfaces that have the EXTERNAL address. If ADD_IP_ALIASES=Yes in
shorewall6.conf(5),
+ url="/manpages6/shorewall6.conf.html">shorewall6.conf(5),
Shorewall will automatically add the EXTERNAL address to this
interface. Also if ADD_IP_ALIASES=Yes, you may follow the interface
name with ":" and a digit to indicate that you
@@ -78,12 +78,12 @@
Each interface must match an entry in shorewall6-interfaces(5).
+ url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces(5).
Shorewall allows loose matches to wildcard entries in shorewall6-interfaces(5).
+ url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces(5).
For example, ppp0 in this
file will match a shorewall6-interfaces(5)
+ url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces(5)
entry that defines ppp+.
diff --git a/Shorewall6/manpages/shorewall6-policy.xml b/Shorewall6/manpages/shorewall6-policy.xml
index 9dd7a6559..d334bb664 100644
--- a/Shorewall6/manpages/shorewall6-policy.xml
+++ b/Shorewall6/manpages/shorewall6-policy.xml
@@ -156,7 +156,7 @@
policy-action list can be prefixed with a plus sign ("+") indicating
that the listed actions are in addition to those listed in the
related _DEFAULT setting in shorewall6.conf(5).
+ url="/manpages6/shorewall6.conf.html">shorewall6.conf(5).
Possible policies are:
@@ -192,7 +192,7 @@
Added in Shorewall 5.1.1 and requires that the
DYNAMIC_BLACKLIST setting in shorewall6.conf(5)
+ url="/manpages6/shorewall6.conf.html">shorewall6.conf(5)
specifies ipset-based dynamic blacklisting. The SOURCE IP
address is added to the blacklist ipset and the connection
request is ignored.
diff --git a/Shorewall6/manpages/shorewall6-rules.xml b/Shorewall6/manpages/shorewall6-rules.xml
index 9ad7ab15a..dd0acb29e 100644
--- a/Shorewall6/manpages/shorewall6-rules.xml
+++ b/Shorewall6/manpages/shorewall6-rules.xml
@@ -487,7 +487,7 @@
the
ip6tables-target as a
builtin action in shorewall6-actions(5).
+ url="/manpages6/shorewall6-actions.html">shorewall6-actions(5).
If you specify REJECT as the
@@ -642,7 +642,7 @@
like NFQUEUE but exempts the rule from being suppressed
by OPTIMIZE=1 in shorewall6.conf(5).
+ url="/manpages6/shorewall6.conf.html">shorewall6.conf(5).
@@ -829,7 +829,7 @@
If the ACTION names an
action declared in shorewall6-actions(5) or in
+ url="/manpages6/shorewall6-actions.html">shorewall6-actions(5) or in
/usr/share/shorewall/actions.std then:
@@ -884,7 +884,7 @@
The name of a zone defined in shorewall6-zones(5). When
+ url="/manpages6/shorewall6-zones.html">shorewall6-zones(5). When
only the zone name is specified, the packet source may be any
host in that zone.
@@ -951,9 +951,9 @@
interface must be the name of an
interface associated with the named
zone in either shorewall6-interfaces(5)
+ url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces(5)
or shorewall6-hosts(5). Only
+ url="/manpages6/shorewall6.hosts.html">shorewall6-hosts(5). Only
packets from hosts in the zone that
arrive through the named interface will match the rule.
@@ -971,7 +971,7 @@
follow the standard convention and be enclosed in square
brackets (e.g., [2001:470:b:227::0]/64). A network address
may be followed by exclusion (see shorewall6-exclusion(5)).
+ url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion(5)).
@@ -1009,7 +1009,7 @@
be specified by an ampersand ('&') followed by the
logical name of the interface as found in the INTERFACE
column of shorewall6-interfaces
+ url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces
(5).
@@ -1031,7 +1031,7 @@
This form matches if the host IP address does not match
any of the entries in the exclusion (see shorewall6-exclusion(5)).
+ url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion(5)).
@@ -1139,7 +1139,7 @@
The name of a zone defined in shorewall6-zones(5). When
+ url="/manpages6/shorewall6-zones.html">shorewall6-zones(5). When
only the zone name is specified, the packet destination may be
any host in that zone.
@@ -1206,9 +1206,9 @@
interface must be the name of an
interface associated with the named
zone in either shorewall6-interfaces(5)
+ url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces(5)
or shorewall6-hosts(5). Only
+ url="/manpages6/shorewall6.hosts.html">shorewall6-hosts(5). Only
packets to hosts in the zone that
are sent through the named interface will match the
rule.
@@ -1225,7 +1225,7 @@
A host or network IP address. A network address may
be followed by exclusion (see shorewall6-exclusion(5)).
+ url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion(5)).
@@ -1257,7 +1257,7 @@
be specified by an ampersand ('&') followed by the
logical name of the interface as found in the INTERFACE
column of shorewall6-interfaces
+ url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces
(5).
@@ -1280,7 +1280,7 @@
This form matches if the host IP address does not match
any of the entries in the exclusion (see shorewall6-exclusion(5)).
+ url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion(5)).
diff --git a/Shorewall6/manpages/shorewall6-secmarks.xml b/Shorewall6/manpages/shorewall6-secmarks.xml
index a83c5773c..12158fc92 100644
--- a/Shorewall6/manpages/shorewall6-secmarks.xml
+++ b/Shorewall6/manpages/shorewall6-secmarks.xml
@@ -223,7 +223,7 @@
See shorewall6-rules(5) for
+ url="/manpages6/shorewall6-rules.html">shorewall6-rules(5) for
details.Beginning with Shorewall 4.5.12, this column can accept a
diff --git a/Shorewall6/manpages/shorewall6-snat.xml b/Shorewall6/manpages/shorewall6-snat.xml
index 9d9c65d71..87a0dc3ee 100644
--- a/Shorewall6/manpages/shorewall6-snat.xml
+++ b/Shorewall6/manpages/shorewall6-snat.xml
@@ -27,7 +27,7 @@
This file is used to define dynamic NAT (Masquerading) and to define
Source NAT (SNAT). While still supported, its use is deprecated in favor
- of shorewall6-snat(5) which was
+ of shorewall6-snat(5) which was
introduced in Shorewall 5.0.14.
@@ -84,7 +84,7 @@
If you specify an address here, matching packets will
have their source address set to that address. If
ADD_SNAT_ALIASES is set to Yes or yes in shorewall6.conf(5) then
+ url="/manpages6/shorewall6.conf.html">shorewall6.conf(5) then
Shorewall will automatically add this address to the INTERFACE
named in the first column.
@@ -149,7 +149,7 @@
where action is an action
declared in shorewall6-actions(5)
+ url="/manpages6/shorewall6-actions.html">shorewall6-actions(5)
with the option. See www.shorewall.net/Actions.html for
further information.
@@ -200,7 +200,7 @@
entry that defines ppp+.
- Where more that one
+ Where more that one
internet provider share a single interface, the provider is
specified by including the provider name or number in
parentheses:
@@ -235,7 +235,7 @@
If you wish to restrict this entry to a particular protocol
then enter the protocol name (from protocols(5)) or number here. See
- shorewall6-rules(5) for
+ shorewall6-rules(5) for
details.Beginning with Shorewall 4.5.12, this column can accept a
diff --git a/Shorewall6/manpages/shorewall6-tcfilters.xml b/Shorewall6/manpages/shorewall6-tcfilters.xml
index c573e8fc3..f07fa7d66 100644
--- a/Shorewall6/manpages/shorewall6-tcfilters.xml
+++ b/Shorewall6/manpages/shorewall6-tcfilters.xml
@@ -89,11 +89,11 @@
Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+')
may be used if your kernel and ip6tables have the Basic
Ematch capability and you set BASIC_FILTERS=Yes in
- shorewall6.conf (5). The
+ shorewall6.conf (5). The
ipset name may optionally be followed by a number or a comma
separated list of src and/or dst enclosed in square brackets
([...]). See shorewall6-ipsets(5) for
+ url="/manpages6/shorewall6-ipsets.html">shorewall6-ipsets(5) for
details.
@@ -108,11 +108,11 @@
Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+')
may be used if your kernel and ip6tables have the Basic
Ematch capability and you set BASIC_FILTERS=Yes in
- shorewall6.conf (5). The
+ shorewall6.conf (5). The
ipset name may optionally be followed by a number or a comma
separated list of src and/or dst enclosed in square brackets
([...]). See shorewall6-ipsets(5) for
+ url="/manpages6/shorewall6-ipsets.html">shorewall6-ipsets(5) for
details.
diff --git a/Shorewall6/manpages/shorewall6-zones.xml b/Shorewall6/manpages/shorewall6-zones.xml
index 2f7afaeff..d0183d7b7 100644
--- a/Shorewall6/manpages/shorewall6-zones.xml
+++ b/Shorewall6/manpages/shorewall6-zones.xml
@@ -47,14 +47,14 @@
"none", "any", "SOURCE" and "DEST" are reserved and may not be used
as zone names. The maximum length of a zone name is determined by
the setting of the LOGFORMAT option in shorewall6.conf(5). With
+ url="/manpages6/shorewall6.conf.html">shorewall6.conf(5). With
the default LOGFORMAT, zone names can be at most 5 characters
long.
The maximum length of an iptables log prefix is 29 bytes. As
explained in shorewall6.conf (5), the legacy
+ url="/manpages6/shorewall6.conf.html">shorewall6.conf (5), the legacy
default LOGPREFIX formatting string is “Shorewall:%s:%s:” where
the first %s is replaced by the chain name and the second is
replaced by the disposition.
diff --git a/Shorewall6/manpages/shorewall6.conf.xml b/Shorewall6/manpages/shorewall6.conf.xml
index aa9bdc6f9..ac589e384 100644
--- a/Shorewall6/manpages/shorewall6.conf.xml
+++ b/Shorewall6/manpages/shorewall6.conf.xml
@@ -243,9 +243,9 @@
The value of this variable affects Shorewall's stopped state.
The behavior differs depending on whether shorewall-routestopped(5)
+ url="/manpages6/shorewall6-routestopped.html">shorewall6-routestopped(5)
or shorewall-stoppedrules(5)
+ url="/manpages6/shorewall6-stoppedrules.html">shorewall6-stoppedrules(5)
is used:
@@ -404,7 +404,7 @@
Added in Shorewall 5.1.1. When USE_DEFAULT_RT=Yes, this option
determines whether the provider option (see
shorewall6-providers(5)) is
+ url="/manpages6/shorewall6-providers.html">shorewall6-providers(5)) is
the default. When BALANCE_PROVIDERS=Yes, then the
option is assumed unless the
, ,
@@ -421,7 +421,7 @@
Added in Shorewall-4.6.0. When set to Yes, causes entries in shorewall6-tcfilters(5) to
+ url="/manpages6/shorewall6-tcfilters.html">shorewall6-tcfilters(5) to
generate a basic filter rather than a u32 filter. This setting
requires the Basic Ematch capability in your
kernel and iptables.
@@ -950,8 +950,8 @@ net all DROP infothen the chain name is 'net-all'
specificaitons on the right.. When INLINE_MATCHES=Yes is
specified, the specifications on the right are interpreted as if
INLINE had been specified in the ACTION column. This also applies to
- shorewall6-masq(5) and
- shorewall6-mangle(5)
+ shorewall6-masq(5) and
+ shorewall6-mangle(5)
which also support INLINE. If not specified or if specified as the
empty value, the value 'No' is assumed for backward
compatibility.
@@ -1194,7 +1194,7 @@ net all DROP infothen the chain name is 'net-all'
sample configurations use this as the default log level and changing
it will change all packet logging done by the configuration. In any
configuration file (except shorewall6-params(5)),
+ url="/manpages6/shorewall6-params.html">shorewall6-params(5)),
$LOG_LEVEL will expand to this value.
@@ -1316,7 +1316,7 @@ net all DROP infothen the chain name is 'net-all'
The setting of LOGFORMAT has an effect of the permitted
length of zone names. See shorewall6-zones
+ url="/manpages6/shorewall6-zones.html">shorewall6-zones
(5).
@@ -1679,10 +1679,9 @@ LOG:info:,bar net fw
Optimization category 1 - Traditionally, Shorewall has
- created rules for the complete matrix of
+ created rules for the complete matrix of
host groups defined by the zones, interfaces and hosts
- files. Any traffic that didn't correspond to an element
+ files. Any traffic that didn't correspond to an element
of that matrix was rejected in one of the built-in chains. When
the matrix is sparse, this results in lots of largely useless
rules.
@@ -2104,7 +2103,7 @@ INLINE - - - ;; -j REJECT
Added in Shorewall 4.4.10. The default is No. If set to Yes,
at least one optional interface must be up in order for the firewall
to be in the started state. Intended to be used with the Shorewall Init
+ url="/shorewall-init.html">Shorewall Init
Package.
@@ -2381,9 +2380,9 @@ INLINE - - - ;; -j REJECT
If you set TC_ENABLED=Simple (Shorewall 4.4.6 and later),
simple traffic shaping using shorewall-tcinterfaces(5)
+ url="/manpages6/shorewall6-tcinterfaces.html">shorewall6-tcinterfaces(5)
and shorewall-tcpri(5) is
+ url="/manpages6/shorewall6-tcpri.html">shorewall6-tcpri(5) is
enabled.Beginning with Shorewall 4.4.15, if you set TC_ENABLED=Shared
@@ -2598,7 +2597,7 @@ INLINE - - - ;; -j REJECT
Packets are sent through the main routing table by a rule
with priority 999. In shorewall6-routing_rules(5),
+ url="/manpages6/shorewall6-rtrules.html">shorewall6-routing_rules(5),
the range 1-998 may be used for inserting rules that bypass the
main table.