diff --git a/docs/Anatomy.xml b/docs/Anatomy.xml index 225b49e84..47b7333f7 100644 --- a/docs/Anatomy.xml +++ b/docs/Anatomy.xml @@ -504,7 +504,7 @@
/sbin - The /sbin/shorewall-lite shell program is use + The /sbin/shorewall-lite shell program is used to interact with Shorewall lite. See shorewall-lite(8).
diff --git a/docs/Build.xml b/docs/Build.xml index 5ada55b7a..ec8adc231 100644 --- a/docs/Build.xml +++ b/docs/Build.xml @@ -134,7 +134,7 @@ Added in Shorewall 4.4.22, this directory contains the files that contain release-dependent information (change.txt, releasenotes.txt, .spec files, etc). This is actually a symbolic link to ../release which - has it's own Git repository. + has its own Git repository. diff --git a/docs/ConnectionRate.xml b/docs/ConnectionRate.xml index af85527a4..b46f3954c 100644 --- a/docs/ConnectionRate.xml +++ b/docs/ConnectionRate.xml @@ -67,7 +67,7 @@ by 1 but is not allowed to exceed its initial setting (5). By default, the aggregate connection rate is limited. If the - specification is preceeded by "" or + specification is preceded by "" or "", then the rate is limited per SOURCE or per DESTINATION IP address respectively. diff --git a/docs/Events.xml b/docs/Events.xml index 50ab301c7..6cc15c08e 100644 --- a/docs/Events.xml +++ b/docs/Events.xml @@ -35,7 +35,7 @@ - This article applies to Shorewall 4.5.19 and later and supercedes + This article applies to Shorewall 4.5.19 and later and supersedes this article. @@ -477,7 +477,7 @@ root@gateway:~# This example is taken from this - article which explains the nice benifits of this approach. This + article which explains the nice benefits of this approach. This example is for ssh, but it can be adapted for any application. The name SSH has been changed to SSHLIMIT so as not to override diff --git a/docs/IPSEC-2.6.xml b/docs/IPSEC-2.6.xml index 70d288253..863a67488 100644 --- a/docs/IPSEC-2.6.xml +++ b/docs/IPSEC-2.6.xml @@ -59,7 +59,7 @@ Shorewall does not configure IPSEC for - you -- it rather configures netfilter to accomodate your IPSEC + you -- it rather configures netfilter to accommodate your IPSEC configuration. @@ -139,7 +139,7 @@ and zones was made easy by the presence of IPSEC pseudo-interfaces with names of the form ipsecN (e.g. ipsec0). Outgoing unencrypted - traffic (case 1.) was send through an ipsecN device while incoming unencrypted traffic (case 2) arrived from an ipsecN device. The 2.6 kernel-based diff --git a/docs/Install.xml b/docs/Install.xml index 5bd1b3d32..8e47d96a6 100644 --- a/docs/Install.xml +++ b/docs/Install.xml @@ -147,7 +147,7 @@ Shorewall-core 4.5.2 or later, a shorewallrc file named ${HOME}/.shorewallrc will be installed. That file will provide the default parameters for installing other Shorewall - components of the same or later verion. + components of the same or later version. Note that you must install Shorewall-core before installing any other Shorewall package. @@ -730,7 +730,7 @@ ./install.sh -s - The -s option supresses + The -s option suppresses installation of all files in /etc/shorewall except shorewall.conf. You can copy any other files diff --git a/docs/KVM.xml b/docs/KVM.xml index 3d9414ce8..f89097f12 100644 --- a/docs/KVM.xml +++ b/docs/KVM.xml @@ -66,7 +66,7 @@
Networking Configuration - I use a network configuration where each VM has it's own VNET and + I use a network configuration where each VM has its own VNET and tap device and the tap devices are all configured as ports on a Linux Bridge. For clarity, I've only shown four of the virtual machines available on the system. diff --git a/docs/Manpages.xml b/docs/Manpages.xml index 8e4ecc876..1b619506d 100644 --- a/docs/Manpages.xml +++ b/docs/Manpages.xml @@ -89,7 +89,7 @@ Define MAC verification. mangle - - Supercedes tcrules and describes packet/connection marking. + Supersedes tcrules and describes packet/connection marking. masq - Define Masquerade/SNAT @@ -168,7 +168,7 @@ state (added in Shorewall 4.5.8). tcrules - - Define packet marking rules, usually for traffic shaping. Superceded + Define packet marking rules, usually for traffic shaping. Superseded by mangle (above) in Shorewall 4.6.0. tos - Define diff --git a/docs/Manpages6.xml b/docs/Manpages6.xml index e595003e1..0f3f2f8e2 100644 --- a/docs/Manpages6.xml +++ b/docs/Manpages6.xml @@ -79,7 +79,7 @@ - Define MAC verification. mangle - - Supercedes tcrules and describes packet/connection marking. + Supersedes tcrules and describes packet/connection marking. masq - Define Masquerade/SNAT @@ -149,7 +149,7 @@ Classify traffic for simplified traffic shaping. tcrules - - Define packet marking rules, usually for traffic shaping. Superceded + - Define packet marking rules, usually for traffic shaping. Superseded by mangle (above) in Shorewall 4.6.0. tos - diff --git a/docs/MultiISP.xml b/docs/MultiISP.xml index f7070a261..cda333ce7 100644 --- a/docs/MultiISP.xml +++ b/docs/MultiISP.xml @@ -155,7 +155,7 @@ Shorewall can set up the correct marking rules for you. - /etc/shorewall/mangle superceded + /etc/shorewall/mangle superseded /etc/shorewall/tcrules in Shorewall 4.6.0. diff --git a/docs/MyNetwork.xml b/docs/MyNetwork.xml index e3b4fe117..f13767b5e 100644 --- a/docs/MyNetwork.xml +++ b/docs/MyNetwork.xml @@ -171,7 +171,7 @@
Shorewall Configuration - This section contains exerpts from the Shorewall + This section contains excerpts from the Shorewall configuration. It is important to keep in mind that parts of my configuration are diff --git a/docs/OPENVPN.xml b/docs/OPENVPN.xml index cb3a843e4..bf7c667dc 100644 --- a/docs/OPENVPN.xml +++ b/docs/OPENVPN.xml @@ -603,7 +603,7 @@ net COM_IF detect dhcp,blacklist,optional,routefilter=0,logmartians,pr 6to4 net 6to4 vpn - Similarly, here are exerpts from the Shorewall6 + Similarly, here are excerpts from the Shorewall6 configuration. /etc/shorewall6/zones: diff --git a/docs/OpenVZ.xml b/docs/OpenVZ.xml index 8d82e5631..f49363422 100644 --- a/docs/OpenVZ.xml +++ b/docs/OpenVZ.xml @@ -452,7 +452,7 @@ NAME="server"
Shorewall Configuration on the Host - Below are exerpts from the configuration files as they pertain to + Below are excerpts from the configuration files as they pertain to the OpenVZ environment. /etc/shorewall/zones: @@ -762,7 +762,7 @@ NAME="server"
Shorewall Configuration on the Host - Below are exerpts from the configuration files as they pertain to + Below are excerpts from the configuration files as they pertain to the OpenVZ environment. Again, bold font indicates change from the prior configuration. diff --git a/docs/PacketMarking.xml b/docs/PacketMarking.xml index ee92d5ad1..3d0acc2a1 100644 --- a/docs/PacketMarking.xml +++ b/docs/PacketMarking.xml @@ -44,7 +44,7 @@ - /etc/shorewall/mangle superceded /etc/shorewall/tcruels in Shorewall + /etc/shorewall/mangle superseded /etc/shorewall/tcruels in Shorewall 4.6.0. /etc/shorwall/tcrules is still supported but its use is deprecated. diff --git a/docs/PortKnocking.xml b/docs/PortKnocking.xml index ced88164f..9f7edd58e 100644 --- a/docs/PortKnocking.xml +++ b/docs/PortKnocking.xml @@ -41,7 +41,7 @@ - The techniques described in this article were superceded in + The techniques described in this article were superseded in Shorewall 4.5.19 with the introduction of Shorewall Events. diff --git a/docs/SplitDNS.xml b/docs/SplitDNS.xml index 062824992..151c32c1c 100644 --- a/docs/SplitDNS.xml +++ b/docs/SplitDNS.xml @@ -167,7 +167,7 @@ linksys.shorewall.net has address 172.20.1.1 teastep@tipper:~$ As a bonus, dnsmasq can also act as a DHCP server. Here are some - exerpts from the corresponding /etc/dnsmasq.conf: + excerpts from the corresponding /etc/dnsmasq.conf: interface=eth1 diff --git a/docs/XenMyWay-Routed.xml b/docs/XenMyWay-Routed.xml index ea64d5926..745da652a 100644 --- a/docs/XenMyWay-Routed.xml +++ b/docs/XenMyWay-Routed.xml @@ -376,7 +376,7 @@ bootentry = 'hda2:/boot/vmlinuz-xen,/boot/initrd-xen' has an RFC 1918 address (192.168.1.7). That configuration is established by Xen which clones the primary IP address of eth0 on all of the routed virtual interfaces that it creates. test is configured with it's default route via + role="bold">test is configured with its default route via 192.168.1.254 which is the IP address of the firewall's br0. That works because of the way that the Linux network stack treats local IPv4 addresses; by default, it will respond to ARP "who-has" broadcasts for diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml index db78b38fc..e3fc67533 100644 --- a/docs/configuration_file_basics.xml +++ b/docs/configuration_file_basics.xml @@ -110,7 +110,7 @@ - /etc/shorewall/mangle - supercedes + /etc/shorewall/mangle - supersedes /etc/shorewall/tcrules in Shorewall 4.6.0. Contains rules for packet marking, TTL, TPROXY, etc. @@ -140,7 +140,7 @@ /etc/shorewall/tcrules - The file has a rather unfortunate name because it is used to define marking of packets for later use by both traffic control/shaping and policy - routing. This file is superceded by + routing. This file is superseded by /etc/shorewall/mangle in Shorewall 4.6.0. @@ -288,7 +288,7 @@ /etc/shorewall/mangle -- Added in - Shorewall 4.6.0. Supercedes + Shorewall 4.6.0. Supersedes /etc/shorewall/tcrules. @@ -1168,7 +1168,7 @@ SHELL cat /etc/shorewall/rules.d/*.rules 2> /dev/null || trueBeginning with Shorewall 4.5.2, in files other than /etc/shorewall/params and /etc/shorewall/conf, INCLUDE may be immediately - preceeded with '?' to signal that the line is a compiler directive and + preceded with '?' to signal that the line is a compiler directive and not configuration data. Example: @@ -1483,7 +1483,7 @@ SHELL cat /etc/shorewall/rules.d/*.rules 2> /dev/null || trueEXT_IP=$(ssh root@firewall "/sbin/shorewall-lite call find_first_interface_address eth0") The shorewall-lite call command allows you to - to call interactively any Shorewall function that you can call in an + call interactively any Shorewall function that you can call in an extension script. @@ -2150,7 +2150,7 @@ SHELL cat /etc/shorewall/rules.d/*.rules 2> /dev/null || true - Perl scripts run in the context of of the compiler process using + Perl scripts run in the context of the compiler process using Perl's eval() function. Perl scripts are implicitly prefixed by the following: @@ -2370,7 +2370,7 @@ POP(ACCEPT) loc net:pop.gmail.com 192.168.1.4. There must be no white space following the !. - Similarly, in columns that specify an IP protocol, you can preceed + Similarly, in columns that specify an IP protocol, you can precede the protocol name or number by "!". For example, !tcp means "any protocol except tcp". diff --git a/docs/ipsets.xml b/docs/ipsets.xml index b8a53d6b0..aef381c23 100644 --- a/docs/ipsets.xml +++ b/docs/ipsets.xml @@ -130,7 +130,7 @@ ACCEPT net:+sshok $FW tcp 22 Beginning with Shorewall 4.4.14, multiple source or destination matches may be specified by placing multiple set names in '+[...]' (e.g., - +[myset,myotherset]). When so inclosed, the set names need not be prefixed + +[myset,myotherset]). When so enclosed, the set names need not be prefixed with a plus sign. Shorewall can save/restore your ipset contents with certain diff --git a/docs/traffic_shaping.xml b/docs/traffic_shaping.xml index acb276c3a..5f4e43b26 100644 --- a/docs/traffic_shaping.xml +++ b/docs/traffic_shaping.xml @@ -908,7 +908,7 @@ ppp0 6000kbit 500kbit qualifier (see below). See shorewall-mangle(5) and shorewall-tcrules(5) for a description - of the entries in these files. Note that the mangle file superceded the + of the entries in these files. Note that the mangle file superseded the tcrules file in Shorewall 4.6.0. The following examples are for the mangle file. diff --git a/docs/upgrade_issues.xml b/docs/upgrade_issues.xml index 2802c10a0..91c00e3e6 100644 --- a/docs/upgrade_issues.xml +++ b/docs/upgrade_issues.xml @@ -95,7 +95,7 @@ Beginning with Shorewall 4.6.0, the 'tcrules' file has been - superceded by the 'mangle' file. Existing 'tcrules' files will still + superseded by the 'mangle' file. Existing 'tcrules' files will still be processed, with the restriction that TPROXY is no longer supported in FORMAT 1. If your 'tcrules' file has non-commentary entries, the following warning message is issued: