minor modifications for v3.0 ..(probably more work is needed )

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2660 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-docs2/shorewall_extension_scripts.xml

@@ -15,7 +15,7 @@
       </author>
     </authorgroup>
 
-    <pubdate>2005-05-13</pubdate>
+    <pubdate>2005-09-11</pubdate>
 
     <copyright>
       <year>2001-2005</year>
@@ -34,6 +34,13 @@
     </legalnotice>
   </articleinfo>
 
+  <caution>
+    <para><emphasis role="bold">This article applies to Shorewall 3.0 and
+    later. If you are running a version of Shorewall earlier than Shorewall
+    3.0.0 then please see the documentation for that
+    release.</emphasis></para>
+  </caution>
+
   <para>Extension scripts are user-provided scripts that are invoked at
   various points during firewall start, restart, stop and clear. The scripts
   are placed in /etc/shorewall and are processed using the Bourne shell
@@ -65,9 +72,8 @@
     </listitem>
 
     <listitem>
-      <para>initdone (added in Shorewall 2.0.2 RC1) -- invoked after Shorewall
+      <para>initdone -- invoked after Shorewall has flushed all existing rules
-      has flushed all existing rules but before any rules have been added to
+      but before any rules have been added to the builtin chains.</para>
-      the builtin chains.</para>
     </listitem>
 
     <listitem>
@@ -75,6 +81,11 @@
       restarted.</para>
     </listitem>
 
+    <listitem>
+      <para>started -- invoked as a first step when the firewall is being
+      started</para>
+    </listitem>
+
     <listitem>
       <para>stop -- invoked as a first step when the firewall is being
       stopped.</para>
@@ -94,18 +105,11 @@
     </listitem>
 
     <listitem>
-      <para>newnotsyn (added in version 1.3.6) -- invoked after the
+      <para>continue -- invoked to allow you to insert special rules to allow
-      <quote>newnotsyn</quote> chain has been created but before any rules
+      traffic while Shorewall is [re]starting. Any rules added in this script
-      have been added to it.</para>
+      should be deleted in your <emphasis>start</emphasis> script. This script
-    </listitem>
+      is invoked earlier in the [re]start process than is the
-
+      <emphasis>initdone</emphasis> script described above.</para>
-    <listitem>
-      <para>continue (added in version 2.2.3) -- invoked to allow you to
-      insert special rules to allow traffic while Shorewall is [re]starting.
-      Any rules added in this script should be deleted in your
-      <emphasis>start</emphasis> script. This script is invoked earlier in the
-      [re]start process than is the <emphasis>initdone</emphasis> script
-      described above.</para>
     </listitem>
   </itemizedlist>
 
@@ -125,10 +129,7 @@
       <command>run_iptables</command> instead. <command>run_iptables</command>
       will run the iptables utility passing the arguments to
       <command>run_iptables</command> and if the command fails, the firewall
-      will be stopped (Shorewall version &lt; 2.0.2 Beta 1 or there is no
+      will be stopped.</para>
-      <filename>/var/lib/shorewall/restore</filename> file) or restored
-      (Shorewall version &gt;= 2.0.2 Beta 1 and
-      <filename>/var/lib/shorewall/restore</filename> exists).</para>
     </listitem>
 
     <listitem>
@@ -159,8 +160,7 @@
         <listitem>
           <para>Rate Limit (if passed as "" then $LOGLIMIT is assumed — see
           the LOGLIMIT option in <ulink
-          url="Documentation.htm#Conf">/etc/shorewall/shorewall.conf</ulink>)
+          url="Documentation.htm#Conf">/etc/shorewall/shorewall.conf</ulink>)</para>
-          </para>
         </listitem>
 
         <listitem>
@@ -168,8 +168,7 @@
         </listitem>
 
         <listitem>
-          <para>Command (-A or -I for append or insert). This argument applies
+          <para>Command (-A or -I for append or insert).</para>
-          to Shorewall 2.2.0 and later only.</para>
         </listitem>
 
         <listitem>
@@ -179,11 +178,10 @@
     </listitem>
 
     <listitem>
-      <para>With Shorewall 2.0.2 Beta 1 and later versions, if you run
+      <para>if you run commands other than <command>iptables</command> that
-      commands other than <command>iptables</command> that must be re-run in
+      must be re-run in order to restore the firewall to its current state
-      order to restore the firewall to its current state then you must save
+      then you must save the commands to the <firstterm>restore
-      the commands to the <firstterm>restore file</firstterm>. The restore
+      file</firstterm>. The restore file is a temporary file in <filename
-      file is a temporary file in <filename
       class="directory">/var/lib/shorewall</filename> that will be renamed
       <filename>/var/lib/shorewall/restore-base</filename> at the successful
       completion of the Shorewall command. The <command>shorewall
@@ -228,13 +226,12 @@
     </listitem>
   </itemizedlist>
 
-  <para>Beginning with Shorewall 2.0.0, you can also define a <emphasis>common
+  <para> You can also define a <emphasis>common action</emphasis> to be
-  action</emphasis> to be performed immediately before a policy of ACCEPT,
+  performed immediately before a policy of ACCEPT, DROP or REJECT is applied.
-  DROP or REJECT is applied. Separate <ulink
+  Separate <ulink url="Actions.html">actions</ulink> can be assigned to each
-  url="Actions.html">actions</ulink> can be assigned to each policy type so
+  policy type so for example you can have a different common action for DROP
-  for example you can have a different common action for DROP and REJECT
+  and REJECT policies. The most common usage of common actions is to silently
-  policies. The most common usage of common actions is to silently drop
+  drop traffic that you don't wish to have logged by the policy.</para>
-  traffic that you don't wish to have logged by the policy.</para>
 
   <para>As released, Shorewall defines a number of actions which are cataloged
   in the <filename>/usr/share/shorewall/actions.std</filename> file. That file