Expand manpage text about trace/debug -> -T/-D change

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-21 23:23:13 +01:00 · 2020-03-08 13:22:05 -07:00 · 2020-03-08 13:22:05 -07:00 · a6c1cd6d7b
commit a6c1cd6d7b
parent 2604378646
1 changed files with 45 additions and 20 deletions
--- a/Shorewall-core/manpages/shorewall.xml
+++ b/Shorewall-core/manpages/shorewall.xml
@ -1035,15 +1035,10 @@
        <term>-T</term>

        <listitem>
-          <para>If the command invokes the generated firewall script, the
-          script's execution will be traced to standard error. This option
-          replaces the earlier <emphasis role="bold">trace</emphasis>
-          keyword.</para>
-
-          <caution>
-            <para>If both -T and -D are specified, only the last one specified
-            will be in effect.</para>
-          </caution>
+          <para>Added in Shorewall 5.2.4 to replace the earlier
+          <command>trace</command> keyword.. If the command invokes the
+          generated firewall script, the script's execution will be traced to
+          standard error.</para>
        </listitem>
      </varlistentry>

@ -1051,20 +1046,50 @@
        <term>-D</term>

        <listitem>
-          <para>If the command invokes the generated firewall script,
-          individual invocations of the ip[6]tables utility will be used to
-          configure the ruleset rather than ip[6]tables-restore. This is
-          useful for diagnosing ip[6]tables-restore failures on a *COMMIT
-          command. The option replaces the earlier <emphasis
-          role="bold">debug</emphasis> keyword.</para>
-
-          <caution>
-            <para>If both -T and -D are specified, only the last one specified
-            will be in effect.</para>
-          </caution>
+          <para>Added in Shorewall 5.2.4 to replace the earlier debug keyword.
+          If the command invokes the generated firewall script, individual
+          invocations of the ip[6]tables utility will be used to configure the
+          ruleset rather than ip[6]tables-restore. This is useful for
+          diagnosing ip[6]tables-restore failures on a *COMMIT command.</para>
        </listitem>
      </varlistentry>
    </variablelist>
+
+    <note>
+      <para>Prior to Shorewall 5.2.4, the general syntax for a CLI command
+      was:</para>
+
+      <cmdsynopsis>
+        <arg><option>trace|debug</option></arg>
+
+        <arg><option>nolock</option></arg>
+
+        <arg><replaceable>options</replaceable></arg>
+
+        <arg choice="plain"><replaceable>command</replaceable></arg>
+
+        <arg><replaceable>command-options</replaceable></arg>
+
+        <arg><replaceable>command-arguments</replaceable></arg>
+      </cmdsynopsis>
+
+      <para>Examples:</para>
+
+      <programlisting>    shorewall debug -tv2 reload
+    shorewall trace check
+    shorewall nolock enable eth0</programlisting>
+
+      <para>In Shorewall 5.2.4 and later, those commands would be:</para>
+
+      <programlisting>    shorewall -Dtv2 reload
+    shorewall check -D
+    shorewall -N enable eth0</programlisting>
+
+      <para>While not shown in the command synopses at the top of this page,
+      the <option>nolock</option> keyword is still supported in Shorewall
+      5.2.4 and later, but is deprecated in favor of the -<option>N
+      </option>option.</para>
+    </note>
  </refsect1>

  <refsect1>