From 81b42afa300e2a4f751f163b04d65043d472a40c Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 8 Jun 2017 15:43:59 -0700 Subject: [PATCH] Clean up links in the manpages Signed-off-by: Tom Eastep --- Shorewall/manpages/shorewall-actions.xml | 8 ++--- Shorewall/manpages/shorewall-blrules.xml | 2 +- Shorewall/manpages/shorewall-interfaces.xml | 8 ++--- Shorewall/manpages/shorewall-ipsets.xml | 2 +- Shorewall/manpages/shorewall-mangle.xml | 18 +++++------ Shorewall/manpages/shorewall-nat.xml | 2 +- Shorewall/manpages/shorewall-rules.xml | 20 ++++++------- Shorewall/manpages/shorewall-snat.xml | 6 ++-- Shorewall/manpages/shorewall-tcfilters.xml | 8 ++--- Shorewall/manpages/shorewall.conf.xml | 23 +++++++------- Shorewall6/manpages/shorewall6-actions.xml | 8 ++--- Shorewall6/manpages/shorewall6-blrules.xml | 2 +- Shorewall6/manpages/shorewall6-conntrack.xml | 16 +++++----- Shorewall6/manpages/shorewall6-interfaces.xml | 2 +- Shorewall6/manpages/shorewall6-ipsets.xml | 2 +- Shorewall6/manpages/shorewall6-mangle.xml | 26 ++++++++-------- Shorewall6/manpages/shorewall6-masq.xml | 2 +- Shorewall6/manpages/shorewall6-nat.xml | 8 ++--- Shorewall6/manpages/shorewall6-policy.xml | 4 +-- Shorewall6/manpages/shorewall6-rules.xml | 30 +++++++++---------- Shorewall6/manpages/shorewall6-secmarks.xml | 2 +- Shorewall6/manpages/shorewall6-snat.xml | 10 +++---- Shorewall6/manpages/shorewall6-tcfilters.xml | 8 ++--- Shorewall6/manpages/shorewall6-zones.xml | 4 +-- Shorewall6/manpages/shorewall6.conf.xml | 29 +++++++++--------- 25 files changed, 124 insertions(+), 126 deletions(-) diff --git a/Shorewall/manpages/shorewall-actions.xml b/Shorewall/manpages/shorewall-actions.xml index 51644d4e4..d96026d10 100644 --- a/Shorewall/manpages/shorewall-actions.xml +++ b/Shorewall/manpages/shorewall-actions.xml @@ -148,9 +148,9 @@ Added in Shorewall 5.0.7. Specifies that this action is to be used in shorewall-mangle(5) rather + url="/manpages/shorewall-mangle.html">shorewall-mangle(5) rather than shorewall-rules(5). + url="/manpages/shorewall-rules.html">shorewall-rules(5). @@ -160,9 +160,9 @@ Added in Shorewall 5.0.13. Specifies that this action is to be used in shorewall-snat(5) rather + url="/manpages/shorewall-snat.html">shorewall-snat(5) rather than shorewall-rules(5). The + url="/manpages/shorewall-rules.html">shorewall-rules(5). The and options are mutually exclusive. diff --git a/Shorewall/manpages/shorewall-blrules.xml b/Shorewall/manpages/shorewall-blrules.xml index 6f3e2d299..dd8f6ebe7 100644 --- a/Shorewall/manpages/shorewall-blrules.xml +++ b/Shorewall/manpages/shorewall-blrules.xml @@ -170,7 +170,7 @@ queues matching packets to a back end logging daemon via a netlink socket then continues to the next rule. See http://www.shorewall.net/shorewall_logging.html. + url="/shorewall_logging.html">http://www.shorewall.net/shorewall_logging.html. diff --git a/Shorewall/manpages/shorewall-interfaces.xml b/Shorewall/manpages/shorewall-interfaces.xml index 903c71f12..b386558cd 100644 --- a/Shorewall/manpages/shorewall-interfaces.xml +++ b/Shorewall/manpages/shorewall-interfaces.xml @@ -257,7 +257,7 @@ loc eth2 - Do not specify arp_ignore for any interface involved - in Proxy ARP. + in Proxy ARP. @@ -323,7 +323,7 @@ loc eth2 - and/or destination address is to be compared against the ipset-based dynamic blacklist (DYNAMIC_BLACKLIST=ipset... in shorewall.conf(5)). + url="/manpages/shorewall.conf.html">shorewall.conf(5)). The default is determine by the setting of DYNAMIC_BLACKLIST: @@ -411,13 +411,13 @@ loc eth2 - the interface is a simple bridge with a + url="/SimpleBridge.html">simple bridge with a DHCP server on one port and DHCP clients on another port. If you use Shorewall-perl for + url="/bridge-Shorewall-perl.html">Shorewall-perl for firewall/bridging, then you need to include DHCP-specific rules in shorewall-rules(5). diff --git a/Shorewall/manpages/shorewall-ipsets.xml b/Shorewall/manpages/shorewall-ipsets.xml index fee152b7e..0bb47f632 100644 --- a/Shorewall/manpages/shorewall-ipsets.xml +++ b/Shorewall/manpages/shorewall-ipsets.xml @@ -103,7 +103,7 @@ These additional match options are not available in shorewall-tcfilters(5). + url="/manpages/shorewall-tcfilters.html">shorewall-tcfilters(5). Available options are: diff --git a/Shorewall/manpages/shorewall-mangle.xml b/Shorewall/manpages/shorewall-mangle.xml index 171d5af64..d27e7de55 100644 --- a/Shorewall/manpages/shorewall-mangle.xml +++ b/Shorewall/manpages/shorewall-mangle.xml @@ -119,7 +119,7 @@ Additionally, a chain-designator may not be specified in an action body unless the action is declared as in shorewall-actions(5). + url="/manpages6/shorewall6-actions.html">shorewall-actions(5). Where a command takes parameters, those parameters are enclosed in parentheses ("(....)") and separated by commas. @@ -299,7 +299,7 @@ configuration described at http://www.loadbalancer.org/blog/setting-up-haproxy-with-transparent-mode-on-centos-6-x, place this entry in shorewall-providers(5): + url="/manpages/shorewall-providers.html">shorewall-providers(5): #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY TProxy 1 - - lo - tproxy @@ -365,7 +365,7 @@ DIVERTHA - - tcp Added in Shorewall 5.0.6 as an alternative to entries in - shorewall-ecn(5). If a + shorewall-ecn(5). If a PROTO is specified, it must be 'tcp' (6). If no PROTO is supplied, TCP is assumed. This action causes all ECN bits in the TCP header to be cleared. @@ -788,7 +788,7 @@ Normal-Service => 0x00 where interface is the logical name of an interface defined in shorewall-interfaces(5). + url="/manpages/shorewall-interfaces.html">shorewall-interfaces(5). Matches packets entering the firewall from the named interface. May not be used in CLASSIFY rules or in rules using the :T chain qualifier. @@ -911,11 +911,11 @@ Normal-Service => 0x00 where interface is the logical name of an interface defined in shorewall-interfaces(5). + url="/manpages/shorewall-interfaces.html">shorewall-interfaces(5). Matches packets leaving the firewall through the named interface. May not be used in the PREROUTING chain (:P in the mark column or no chain qualifier and MARK_IN_FORWARD_CHAIN=No - in shorewall.conf + in shorewall.conf (5)). @@ -952,7 +952,7 @@ Normal-Service => 0x00 when both the outgoing interface and destination IP address match. May not be used in the PREROUTING chain (:P in the mark column or no chain qualifier and MARK_IN_FORWARD_CHAIN=No in - shorewall.conf + shorewall.conf (5)). @@ -967,7 +967,7 @@ Normal-Service => 0x00 exclusion. May not be used in the PREROUTING chain (:P in the mark column or no chain qualifier and MARK_IN_FORWARD_CHAIN=No in shorewall.conf + url="/manpages/shorewall.conf">shorewall.conf (5)). @@ -1036,7 +1036,7 @@ Normal-Service => 0x00 See shorewall-rules(5) for + url="/manpages/shorewall-rules.html">shorewall-rules(5) for details. Beginning with Shorewall 4.5.12, this column can accept a diff --git a/Shorewall/manpages/shorewall-nat.xml b/Shorewall/manpages/shorewall-nat.xml index 8876c1307..50c29b4f4 100644 --- a/Shorewall/manpages/shorewall-nat.xml +++ b/Shorewall/manpages/shorewall-nat.xml @@ -199,7 +199,7 @@ all all REJECT info Set IMPLICIT_CONTINUE=Yes in shorewall.conf(5). + url="/manpages/shorewall.conf.html">shorewall.conf(5). diff --git a/Shorewall/manpages/shorewall-rules.xml b/Shorewall/manpages/shorewall-rules.xml index 4bcb98dd0..3f04c6c1b 100644 --- a/Shorewall/manpages/shorewall-rules.xml +++ b/Shorewall/manpages/shorewall-rules.xml @@ -922,7 +922,7 @@ The name of a zone defined in shorewall-zones(5). When + url="/manpages/shorewall-zones.html">shorewall-zones(5). When only the zone name is specified, the packet source may be any host in that zone. @@ -989,9 +989,9 @@ interface must be the name of an interface associated with the named zone in either shorewall-interfaces(5) + url="/manpages/shorewall-interfaces.html">shorewall-interfaces(5) or shorewall-hosts(5). Only + url="/manpages/shorewall.hosts.html">shorewall-hosts(5). Only packets from hosts in the zone that arrive through the named interface will match the rule. @@ -1007,7 +1007,7 @@ A host or network IP address. A network address may be followed by exclusion (see shorewall-exclusion(5)). + url="/manpages/shorewall-exclusion.html">shorewall-exclusion(5)). @@ -1067,7 +1067,7 @@ This form matches if the host IP address does not match any of the entries in the exclusion (see shorewall-exclusion(5)). + url="/manpages/shorewall-exclusion.html">shorewall-exclusion(5)). @@ -1229,7 +1229,7 @@ The name of a zone defined in shorewall-zones(5). When + url="/manpages/shorewall-zones.html">shorewall-zones(5). When only the zone name is specified, the packet destination may be any host in that zone. @@ -1296,9 +1296,9 @@ interface must be the name of an interface associated with the named zone in either shorewall-interfaces(5) + url="/manpages/shorewall-interfaces.html">shorewall-interfaces(5) or shorewall-hosts(5). Only + url="/manpages/shorewall-hosts.html">shorewall-hosts(5). Only packets to hosts in the zone that are sent through the named interface will match the rule. @@ -1315,7 +1315,7 @@ A host or network IP address. A network address may be followed by exclusion (see shorewall-exclusion(5)). + url="/manpages/shorewall-exclusion.html">shorewall-exclusion(5)). @@ -1370,7 +1370,7 @@ This form matches if the host IP address does not match any of the entries in the exclusion (see shorewall-exclusion(5)). + url="/manpages/shorewall-exclusion.html">shorewall-exclusion(5)). diff --git a/Shorewall/manpages/shorewall-snat.xml b/Shorewall/manpages/shorewall-snat.xml index 16dd06047..acf68160c 100644 --- a/Shorewall/manpages/shorewall-snat.xml +++ b/Shorewall/manpages/shorewall-snat.xml @@ -27,7 +27,7 @@ This file is used to define dynamic NAT (Masquerading) and to define Source NAT (SNAT). It superseded shorewall-masq(5) in Shorewall + url="/manpages/shorewall-masq.html">shorewall-masq(5) in Shorewall 5.0.14. @@ -150,7 +150,7 @@ where action is an action declared in shorewall-actions(5) with + url="/manpages/shorewall-actions.html">shorewall-actions(5) with the option. See www.shorewall.net/Actions.html for further information. @@ -257,7 +257,7 @@ If you wish to restrict this entry to a particular protocol then enter the protocol name (from protocols(5)) or number here. See - shorewall-rules(5) for + shorewall-rules(5) for details. Beginning with Shorewall 4.5.12, this column can accept a diff --git a/Shorewall/manpages/shorewall-tcfilters.xml b/Shorewall/manpages/shorewall-tcfilters.xml index 17f8d6d5d..db51a3f1e 100644 --- a/Shorewall/manpages/shorewall-tcfilters.xml +++ b/Shorewall/manpages/shorewall-tcfilters.xml @@ -89,11 +89,11 @@ Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+') may be used if your kernel and ip6tables have the Basic Ematch capability and you set BASIC_FILTERS=Yes in - shorewall.conf (5). The + shorewall.conf (5). The ipset name may optionally be followed by a number or a comma separated list of src and/or dst enclosed in square brackets ([...]). See shorewall-ipsets(5) for + url="/manpages/shorewall-ipsets.html">shorewall-ipsets(5) for details. @@ -108,11 +108,11 @@ Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+') may be used if your kernel and ip6tables have the Basic Ematch capability and you set BASIC_FILTERS=Yes in - shorewall.conf (5). The + shorewall.conf (5). The ipset name may optionally be followed by a number or a comma separated list of src and/or dst enclosed in square brackets ([...]). See shorewall-ipsets(5) for + url="/manpages/shorewall-ipsets.html">shorewall-ipsets(5) for details. You may exclude certain hosts from the set already defined diff --git a/Shorewall/manpages/shorewall.conf.xml b/Shorewall/manpages/shorewall.conf.xml index 67ce8f596..a99981e70 100644 --- a/Shorewall/manpages/shorewall.conf.xml +++ b/Shorewall/manpages/shorewall.conf.xml @@ -321,9 +321,9 @@ The value of this variable affects Shorewall's stopped state. The behavior differs depending on whether shorewall-routestopped(5) + url="/manpages/shorewall-routestopped.html">shorewall-routestopped(5) or shorewall-stoppedrules(5) + url="/manpages/shorewall-stoppedrules.html">shorewall-stoppedrules(5) is used: @@ -483,7 +483,7 @@ Added in Shorewall 5.1.1. When USE_DEFAULT_RT=Yes, this option determines whether the provider option (see shorewall-providers(5)) is + url="/manpages/shorewall-providers.html">shorewall-providers(5)) is the default. When BALANCE_PROVIDERS=Yes, then the option is assumed unless the , , @@ -500,7 +500,7 @@ Added in Shorewall-4.6.0. When set to Yes, causes entries in shorewall-tcfilters(5) to + url="/manpages/shorewall-tcfilters.html">shorewall-tcfilters(5) to generate a basic filter rather than a u32 filter. This setting requires the Basic Ematch capability in your kernel and iptables. @@ -1114,8 +1114,8 @@ net all DROP infothen the chain name is 'net-all' specificaitons on the right.. When INLINE_MATCHES=Yes is specified, the specifications on the right are interpreted as if INLINE had been specified in the ACTION column. This also applies to - shorewall-masq(5) and - shorewall-mangle(5) which + shorewall-masq(5) and + shorewall-mangle(5) which also support INLINE. If not specified or if specified as the empty value, the value 'No' is assumed for backward compatibility. @@ -1365,7 +1365,7 @@ net all DROP infothen the chain name is 'net-all' sample configurations use this as the default log level and changing it will change all packet logging done by the configuration. In any configuration file (except shorewall-params(5)), $LOG_LEVEL + url="/manpages/shorewall-params.html">shorewall-params(5)), $LOG_LEVEL will expand to this value. @@ -1487,7 +1487,7 @@ net all DROP infothen the chain name is 'net-all' log, and hits commands. If not assigned or if assigned an empty value, /var/log/messages is assumed. For further information, see http://www.shorewall.net/shorewall_logging.html. + url="/manpages/shorewall_logging.html">http://www.shorewall.net/shorewall_logging.html. Beginning with Shorewall 5.0.10.1, you may specify to use journelctl -r to read the log. @@ -1935,10 +1935,9 @@ LOG:info:,bar net fw Optimization category 1 - Traditionally, Shorewall has - created rules for the complete matrix of + created rules for the complete matrix of host groups defined by the zones, interfaces and hosts - files. Any traffic that didn't correspond to an element + files. Any traffic that didn't correspond to an element of that matrix was rejected in one of the built-in chains. When the matrix is sparse, this results in lots of largely useless rules. @@ -2944,7 +2943,7 @@ INLINE - - - ;; -j REJECT Packets are sent through the main routing table by a rule with priority 999. In routing_rules(5), + url="/manpages/shorewall-rtrules.html">shorewall-rtrules(5), the range 1-998 may be used for inserting rules that bypass the main table. diff --git a/Shorewall6/manpages/shorewall6-actions.xml b/Shorewall6/manpages/shorewall6-actions.xml index be45c1e03..39b0ad1ed 100644 --- a/Shorewall6/manpages/shorewall6-actions.xml +++ b/Shorewall6/manpages/shorewall6-actions.xml @@ -149,9 +149,9 @@ Added in Shorewall 5.0.7. Specifies that this action is to be used in shorewall6-mangle(5) + url="/manpages6/shorewall6-mangle.html">shorewall6-mangle(5) rather than shorewall6-rules(5). + url="/manpages6/shorewall6-rules.html">shorewall6-rules(5). @@ -161,9 +161,9 @@ Added in Shorewall 5.0.13. Specifies that this action is to be used in shorewall6-snat(5) rather + url="/manpages6/shorewall6-snat.html">shorewall6-snat(5) rather than shorewall6-rules(5). The + url="/manpages6/shorewall6-rules.html">shorewall6-rules(5). The and options are mutually exclusive. diff --git a/Shorewall6/manpages/shorewall6-blrules.xml b/Shorewall6/manpages/shorewall6-blrules.xml index 9f2903c11..27334ae29 100644 --- a/Shorewall6/manpages/shorewall6-blrules.xml +++ b/Shorewall6/manpages/shorewall6-blrules.xml @@ -171,7 +171,7 @@ queues matching packets to a back end logging daemon via a netlink socket then continues to the next rule. See http://www.shorewall.net/shorewall_logging.html. + url="/shorewall_logging.html">http://www.shorewall.net/shorewall_logging.html. diff --git a/Shorewall6/manpages/shorewall6-conntrack.xml b/Shorewall6/manpages/shorewall6-conntrack.xml index 707b969df..e6d1fe4c9 100644 --- a/Shorewall6/manpages/shorewall6-conntrack.xml +++ b/Shorewall6/manpages/shorewall6-conntrack.xml @@ -403,7 +403,7 @@ Where interface is the logical name of an interface defined in shorewall-interface(5). + url="/manpages6/shorewall6-interfaces.html">shorewall6-interface(5). @@ -426,13 +426,13 @@ The name of an ipset preceded by a plus sign ("+"). See shorewall-ipsets(5). + url="/manpages6/shorewall6-ipsets.html">shorewall6-ipsets(5). exclusion is described in shorewall-exclusion(5). + url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion(5). @@ -450,7 +450,7 @@ See shorewall-exclusion + url="/manpages6/shorewall6-exclusion.html">shorewall-exclusion (5) @@ -499,7 +499,7 @@ Where interface is the logical name of an interface defined in shorewall-interface(5). + url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces(5). @@ -522,13 +522,13 @@ The name of an ipset preceded by a plus sign ("+"). See shorewall-ipsets(5). + url="/manpages6/shorewall6-ipsets.html">shorewall6-ipsets(5). exclusion is described in shorewall-exclusion(5). + url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion(5). @@ -547,7 +547,7 @@ See shorewall-exclusion + url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion (5) diff --git a/Shorewall6/manpages/shorewall6-interfaces.xml b/Shorewall6/manpages/shorewall6-interfaces.xml index 80b9c84d6..696ee088c 100644 --- a/Shorewall6/manpages/shorewall6-interfaces.xml +++ b/Shorewall6/manpages/shorewall6-interfaces.xml @@ -345,7 +345,7 @@ loc eth2 - url="/bridge-Shorewall-perl.html">Shorewall-perl for firewall/bridging, then you need to include DHCP-specific rules in shorewall-rules(8). + url="/manpages6/shorewall6-rules.html">shorewall6-rules(8). DHCP uses UDP ports 546 and 547. diff --git a/Shorewall6/manpages/shorewall6-ipsets.xml b/Shorewall6/manpages/shorewall6-ipsets.xml index b71659b07..8087fc75b 100644 --- a/Shorewall6/manpages/shorewall6-ipsets.xml +++ b/Shorewall6/manpages/shorewall6-ipsets.xml @@ -102,7 +102,7 @@ These additional match options are not available in shorewall6-tcfilters(5). + url="/manpages6/shorewall6-tcfilters.html">shorewall6-tcfilters(5). Available options are: diff --git a/Shorewall6/manpages/shorewall6-mangle.xml b/Shorewall6/manpages/shorewall6-mangle.xml index 87c2e45fa..02ff605b4 100644 --- a/Shorewall6/manpages/shorewall6-mangle.xml +++ b/Shorewall6/manpages/shorewall6-mangle.xml @@ -120,7 +120,7 @@ Additionally, a chain-designator may not be specified in an action body unless the action is declared as in shorewall6-actions(5). + url="/manpages6/shorewall6-actions.html">shorewall6-actions(5). Where a command takes parameters, those parameters are enclosed in parentheses ("(....)") and separated by commas. @@ -137,7 +137,7 @@ Added in Shorewall 5.0.7. action must be an action declared with the option in shorewall6-actions(5). + url="/manpages6/shorewall6-actions.html">shorewall6-actions(5). If the action accepts parameters, they are specified as a comma-separated list within parentheses following the action name. @@ -300,7 +300,7 @@ configuration described at http://www.loadbalancer.org/blog/setting-up-haproxy-with-transparent-mode-on-centos-6-x, place this entry in shorewall6-providers(5): + url="/manpages6/shorewall6-providers.html">shorewall6-providers(5): #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY TProxy 1 - - lo - tproxy @@ -410,7 +410,7 @@ DIVERTHA - - tcp specified at the end of the rule. If the target is not one known to Shorewall, then it must be defined as a builtin action in shorewall-actions + url="/manpages6/shorewall6-actions.html">shorewall6-actions (5). The following rules are equivalent: @@ -423,7 +423,7 @@ INLINE eth0 - ; -p tcp -j MARK --set If INLINE_MATCHES=Yes in shorewall6.conf(5) + url="/manpages6/shorewall6.conf.html">shorewall6.conf(5) then the third rule above can be specified as follows: MARK(2):P eth0 - ; -p tcp @@ -780,7 +780,7 @@ Normal-Service => 0x00 where interface is the logical name of an interface defined in shorewall6-interfaces(5). + url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces(5). Matches packets entering the firewall from the named interface. May not be used in CLASSIFY rules or in rules using the :T chain qualifier. @@ -807,7 +807,7 @@ Normal-Service => 0x00 Matches traffic whose source IP address matches one of the listed addresses and that does not match an address listed in the exclusion (see shorewall6-exclusion(5)). + url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion(5)). This form will not match traffic that originates on the firewall itself unless either @@ -903,11 +903,11 @@ Normal-Service => 0x00 where interface is the logical name of an interface defined in shorewall6-interfaces(5). + url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces(5). Matches packets leaving the firewall through the named interface. May not be used in the PREROUTING chain (:P in the mark column or no chain qualifier and MARK_IN_FORWARD_CHAIN=No - in shorewall6.conf + in shorewall6.conf (5)). @@ -932,7 +932,7 @@ Normal-Service => 0x00 Matches traffic whose destination IP address matches one of the listed addresses and that does not match an address listed in the exclusion (see shorewall6-exclusion(5)). + url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion(5)). @@ -944,7 +944,7 @@ Normal-Service => 0x00 when both the outgoing interface and destination IP address match. May not be used in the PREROUTING chain (:P in the mark column or no chain qualifier and MARK_IN_FORWARD_CHAIN=No in - shorewall6.conf + shorewall6.conf (5)). @@ -959,7 +959,7 @@ Normal-Service => 0x00 exclusion. May not be used in the PREROUTING chain (:P in the mark column or no chain qualifier and MARK_IN_FORWARD_CHAIN=No in shorewall6.conf (5)). + url="/manpages6/shorewall6.conf">shorewall6.conf (5)). @@ -1027,7 +1027,7 @@ Normal-Service => 0x00 See shorewall6-rules(5) for + url="/manpages6/shorewall6-rules.html">shorewall6-rules(5) for details. Beginning with Shorewall 4.5.12, this column can accept a diff --git a/Shorewall6/manpages/shorewall6-masq.xml b/Shorewall6/manpages/shorewall6-masq.xml index cdd9e9532..da310ebbd 100644 --- a/Shorewall6/manpages/shorewall6-masq.xml +++ b/Shorewall6/manpages/shorewall6-masq.xml @@ -67,7 +67,7 @@ entry that defines ppp+. - Where more that one + Where more that one internet provider share a single interface, the provider is specified by including the provider name or number in parentheses: diff --git a/Shorewall6/manpages/shorewall6-nat.xml b/Shorewall6/manpages/shorewall6-nat.xml index 60a33bc9b..747bdd902 100644 --- a/Shorewall6/manpages/shorewall6-nat.xml +++ b/Shorewall6/manpages/shorewall6-nat.xml @@ -67,7 +67,7 @@ Interfaces that have the EXTERNAL address. If ADD_IP_ALIASES=Yes in shorewall6.conf(5), + url="/manpages6/shorewall6.conf.html">shorewall6.conf(5), Shorewall will automatically add the EXTERNAL address to this interface. Also if ADD_IP_ALIASES=Yes, you may follow the interface name with ":" and a digit to indicate that you @@ -78,12 +78,12 @@ Each interface must match an entry in shorewall6-interfaces(5). + url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces(5). Shorewall allows loose matches to wildcard entries in shorewall6-interfaces(5). + url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces(5). For example, ppp0 in this file will match a shorewall6-interfaces(5) + url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces(5) entry that defines ppp+. diff --git a/Shorewall6/manpages/shorewall6-policy.xml b/Shorewall6/manpages/shorewall6-policy.xml index 9dd7a6559..d334bb664 100644 --- a/Shorewall6/manpages/shorewall6-policy.xml +++ b/Shorewall6/manpages/shorewall6-policy.xml @@ -156,7 +156,7 @@ policy-action list can be prefixed with a plus sign ("+") indicating that the listed actions are in addition to those listed in the related _DEFAULT setting in shorewall6.conf(5). + url="/manpages6/shorewall6.conf.html">shorewall6.conf(5). Possible policies are: @@ -192,7 +192,7 @@ Added in Shorewall 5.1.1 and requires that the DYNAMIC_BLACKLIST setting in shorewall6.conf(5) + url="/manpages6/shorewall6.conf.html">shorewall6.conf(5) specifies ipset-based dynamic blacklisting. The SOURCE IP address is added to the blacklist ipset and the connection request is ignored. diff --git a/Shorewall6/manpages/shorewall6-rules.xml b/Shorewall6/manpages/shorewall6-rules.xml index 9ad7ab15a..dd0acb29e 100644 --- a/Shorewall6/manpages/shorewall6-rules.xml +++ b/Shorewall6/manpages/shorewall6-rules.xml @@ -487,7 +487,7 @@ the ip6tables-target as a builtin action in shorewall6-actions(5). + url="/manpages6/shorewall6-actions.html">shorewall6-actions(5). If you specify REJECT as the @@ -642,7 +642,7 @@ like NFQUEUE but exempts the rule from being suppressed by OPTIMIZE=1 in shorewall6.conf(5). + url="/manpages6/shorewall6.conf.html">shorewall6.conf(5). @@ -829,7 +829,7 @@ If the ACTION names an action declared in shorewall6-actions(5) or in + url="/manpages6/shorewall6-actions.html">shorewall6-actions(5) or in /usr/share/shorewall/actions.std then: @@ -884,7 +884,7 @@ The name of a zone defined in shorewall6-zones(5). When + url="/manpages6/shorewall6-zones.html">shorewall6-zones(5). When only the zone name is specified, the packet source may be any host in that zone. @@ -951,9 +951,9 @@ interface must be the name of an interface associated with the named zone in either shorewall6-interfaces(5) + url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces(5) or shorewall6-hosts(5). Only + url="/manpages6/shorewall6.hosts.html">shorewall6-hosts(5). Only packets from hosts in the zone that arrive through the named interface will match the rule. @@ -971,7 +971,7 @@ follow the standard convention and be enclosed in square brackets (e.g., [2001:470:b:227::0]/64). A network address may be followed by exclusion (see shorewall6-exclusion(5)). + url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion(5)). @@ -1009,7 +1009,7 @@ be specified by an ampersand ('&') followed by the logical name of the interface as found in the INTERFACE column of shorewall6-interfaces + url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces (5). @@ -1031,7 +1031,7 @@ This form matches if the host IP address does not match any of the entries in the exclusion (see shorewall6-exclusion(5)). + url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion(5)). @@ -1139,7 +1139,7 @@ The name of a zone defined in shorewall6-zones(5). When + url="/manpages6/shorewall6-zones.html">shorewall6-zones(5). When only the zone name is specified, the packet destination may be any host in that zone. @@ -1206,9 +1206,9 @@ interface must be the name of an interface associated with the named zone in either shorewall6-interfaces(5) + url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces(5) or shorewall6-hosts(5). Only + url="/manpages6/shorewall6.hosts.html">shorewall6-hosts(5). Only packets to hosts in the zone that are sent through the named interface will match the rule. @@ -1225,7 +1225,7 @@ A host or network IP address. A network address may be followed by exclusion (see shorewall6-exclusion(5)). + url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion(5)). @@ -1257,7 +1257,7 @@ be specified by an ampersand ('&') followed by the logical name of the interface as found in the INTERFACE column of shorewall6-interfaces + url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces (5). @@ -1280,7 +1280,7 @@ This form matches if the host IP address does not match any of the entries in the exclusion (see shorewall6-exclusion(5)). + url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion(5)). diff --git a/Shorewall6/manpages/shorewall6-secmarks.xml b/Shorewall6/manpages/shorewall6-secmarks.xml index a83c5773c..12158fc92 100644 --- a/Shorewall6/manpages/shorewall6-secmarks.xml +++ b/Shorewall6/manpages/shorewall6-secmarks.xml @@ -223,7 +223,7 @@ See shorewall6-rules(5) for + url="/manpages6/shorewall6-rules.html">shorewall6-rules(5) for details. Beginning with Shorewall 4.5.12, this column can accept a diff --git a/Shorewall6/manpages/shorewall6-snat.xml b/Shorewall6/manpages/shorewall6-snat.xml index 9d9c65d71..87a0dc3ee 100644 --- a/Shorewall6/manpages/shorewall6-snat.xml +++ b/Shorewall6/manpages/shorewall6-snat.xml @@ -27,7 +27,7 @@ This file is used to define dynamic NAT (Masquerading) and to define Source NAT (SNAT). While still supported, its use is deprecated in favor - of shorewall6-snat(5) which was + of shorewall6-snat(5) which was introduced in Shorewall 5.0.14. @@ -84,7 +84,7 @@ If you specify an address here, matching packets will have their source address set to that address. If ADD_SNAT_ALIASES is set to Yes or yes in shorewall6.conf(5) then + url="/manpages6/shorewall6.conf.html">shorewall6.conf(5) then Shorewall will automatically add this address to the INTERFACE named in the first column. @@ -149,7 +149,7 @@ where action is an action declared in shorewall6-actions(5) + url="/manpages6/shorewall6-actions.html">shorewall6-actions(5) with the option. See www.shorewall.net/Actions.html for further information. @@ -200,7 +200,7 @@ entry that defines ppp+. - Where more that one + Where more that one internet provider share a single interface, the provider is specified by including the provider name or number in parentheses: @@ -235,7 +235,7 @@ If you wish to restrict this entry to a particular protocol then enter the protocol name (from protocols(5)) or number here. See - shorewall6-rules(5) for + shorewall6-rules(5) for details. Beginning with Shorewall 4.5.12, this column can accept a diff --git a/Shorewall6/manpages/shorewall6-tcfilters.xml b/Shorewall6/manpages/shorewall6-tcfilters.xml index c573e8fc3..f07fa7d66 100644 --- a/Shorewall6/manpages/shorewall6-tcfilters.xml +++ b/Shorewall6/manpages/shorewall6-tcfilters.xml @@ -89,11 +89,11 @@ Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+') may be used if your kernel and ip6tables have the Basic Ematch capability and you set BASIC_FILTERS=Yes in - shorewall6.conf (5). The + shorewall6.conf (5). The ipset name may optionally be followed by a number or a comma separated list of src and/or dst enclosed in square brackets ([...]). See shorewall6-ipsets(5) for + url="/manpages6/shorewall6-ipsets.html">shorewall6-ipsets(5) for details. @@ -108,11 +108,11 @@ Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+') may be used if your kernel and ip6tables have the Basic Ematch capability and you set BASIC_FILTERS=Yes in - shorewall6.conf (5). The + shorewall6.conf (5). The ipset name may optionally be followed by a number or a comma separated list of src and/or dst enclosed in square brackets ([...]). See shorewall6-ipsets(5) for + url="/manpages6/shorewall6-ipsets.html">shorewall6-ipsets(5) for details. diff --git a/Shorewall6/manpages/shorewall6-zones.xml b/Shorewall6/manpages/shorewall6-zones.xml index 2f7afaeff..d0183d7b7 100644 --- a/Shorewall6/manpages/shorewall6-zones.xml +++ b/Shorewall6/manpages/shorewall6-zones.xml @@ -47,14 +47,14 @@ "none", "any", "SOURCE" and "DEST" are reserved and may not be used as zone names. The maximum length of a zone name is determined by the setting of the LOGFORMAT option in shorewall6.conf(5). With + url="/manpages6/shorewall6.conf.html">shorewall6.conf(5). With the default LOGFORMAT, zone names can be at most 5 characters long.
The maximum length of an iptables log prefix is 29 bytes. As explained in shorewall6.conf (5), the legacy + url="/manpages6/shorewall6.conf.html">shorewall6.conf (5), the legacy default LOGPREFIX formatting string is “Shorewall:%s:%s:” where the first %s is replaced by the chain name and the second is replaced by the disposition. diff --git a/Shorewall6/manpages/shorewall6.conf.xml b/Shorewall6/manpages/shorewall6.conf.xml index aa9bdc6f9..ac589e384 100644 --- a/Shorewall6/manpages/shorewall6.conf.xml +++ b/Shorewall6/manpages/shorewall6.conf.xml @@ -243,9 +243,9 @@ The value of this variable affects Shorewall's stopped state. The behavior differs depending on whether shorewall-routestopped(5) + url="/manpages6/shorewall6-routestopped.html">shorewall6-routestopped(5) or shorewall-stoppedrules(5) + url="/manpages6/shorewall6-stoppedrules.html">shorewall6-stoppedrules(5) is used: @@ -404,7 +404,7 @@ Added in Shorewall 5.1.1. When USE_DEFAULT_RT=Yes, this option determines whether the provider option (see shorewall6-providers(5)) is + url="/manpages6/shorewall6-providers.html">shorewall6-providers(5)) is the default. When BALANCE_PROVIDERS=Yes, then the option is assumed unless the , , @@ -421,7 +421,7 @@ Added in Shorewall-4.6.0. When set to Yes, causes entries in shorewall6-tcfilters(5) to + url="/manpages6/shorewall6-tcfilters.html">shorewall6-tcfilters(5) to generate a basic filter rather than a u32 filter. This setting requires the Basic Ematch capability in your kernel and iptables. @@ -950,8 +950,8 @@ net all DROP infothen the chain name is 'net-all' specificaitons on the right.. When INLINE_MATCHES=Yes is specified, the specifications on the right are interpreted as if INLINE had been specified in the ACTION column. This also applies to - shorewall6-masq(5) and - shorewall6-mangle(5) + shorewall6-masq(5) and + shorewall6-mangle(5) which also support INLINE. If not specified or if specified as the empty value, the value 'No' is assumed for backward compatibility. @@ -1194,7 +1194,7 @@ net all DROP infothen the chain name is 'net-all' sample configurations use this as the default log level and changing it will change all packet logging done by the configuration. In any configuration file (except shorewall6-params(5)), + url="/manpages6/shorewall6-params.html">shorewall6-params(5)), $LOG_LEVEL will expand to this value. @@ -1316,7 +1316,7 @@ net all DROP infothen the chain name is 'net-all' The setting of LOGFORMAT has an effect of the permitted length of zone names. See shorewall6-zones + url="/manpages6/shorewall6-zones.html">shorewall6-zones (5). @@ -1679,10 +1679,9 @@ LOG:info:,bar net fw Optimization category 1 - Traditionally, Shorewall has - created rules for the complete matrix of + created rules for the complete matrix of host groups defined by the zones, interfaces and hosts - files. Any traffic that didn't correspond to an element + files. Any traffic that didn't correspond to an element of that matrix was rejected in one of the built-in chains. When the matrix is sparse, this results in lots of largely useless rules. @@ -2104,7 +2103,7 @@ INLINE - - - ;; -j REJECT Added in Shorewall 4.4.10. The default is No. If set to Yes, at least one optional interface must be up in order for the firewall to be in the started state. Intended to be used with the Shorewall Init + url="/shorewall-init.html">Shorewall Init Package. @@ -2381,9 +2380,9 @@ INLINE - - - ;; -j REJECT If you set TC_ENABLED=Simple (Shorewall 4.4.6 and later), simple traffic shaping using shorewall-tcinterfaces(5) + url="/manpages6/shorewall6-tcinterfaces.html">shorewall6-tcinterfaces(5) and shorewall-tcpri(5) is + url="/manpages6/shorewall6-tcpri.html">shorewall6-tcpri(5) is enabled. Beginning with Shorewall 4.4.15, if you set TC_ENABLED=Shared @@ -2598,7 +2597,7 @@ INLINE - - - ;; -j REJECT Packets are sent through the main routing table by a rule with priority 999. In shorewall6-routing_rules(5), + url="/manpages6/shorewall6-rtrules.html">shorewall6-routing_rules(5), the range 1-998 may be used for inserting rules that bypass the main table.