Cleanup links in manpages so that hrefs in generated HTML don't take the user to a different server

This commit is contained in:
Roberto C. Sanchez 2014-01-12 16:40:03 -05:00
parent 240c42943b
commit b1a490b50a
73 changed files with 680 additions and 680 deletions

View File

@ -50,7 +50,7 @@
</itemizedlist> </itemizedlist>
<para>The new structure is enabled by sectioning the accounting file in a <para>The new structure is enabled by sectioning the accounting file in a
manner similar to the <ulink url="manpages/shorewall-rules.html">rules manner similar to the <ulink url="/manpages/shorewall-rules.html">rules
file</ulink>. The sections are <emphasis role="bold">INPUT</emphasis>, file</ulink>. The sections are <emphasis role="bold">INPUT</emphasis>,
<emphasis role="bold">OUTPUT</emphasis> and <emphasis <emphasis role="bold">OUTPUT</emphasis> and <emphasis
role="bold">FORWARD</emphasis> and must appear in that order (although any role="bold">FORWARD</emphasis> and must appear in that order (although any
@ -295,7 +295,7 @@
the iptaccount utility are only available when <ulink the iptaccount utility are only available when <ulink
url="http://xtables-addons.sourceforge.net/">xtables-addons</ulink> url="http://xtables-addons.sourceforge.net/">xtables-addons</ulink>
is installed. See <ulink is installed. See <ulink
url="http://www.shorewall.net/Accounting.html#perIP">http://www.shorewall.net/Accounting.html#perIP</ulink> url="/Accounting.html#perIP">http://www.shorewall.net/Accounting.html#perIP</ulink>
for additional information.</para> for additional information.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -788,14 +788,14 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/Accounting.html">http://shorewall.net/Accounting.html url="/Accounting.html">http://www.shorewall.net/Accounting.html
</ulink></para> </ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/shorewall_logging.html">http://shorewall.net/shorewall_logging.html</ulink></para> url="/shorewall_logging.html">http://www.shorewall.net/shorewall_logging.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-actions(5), shorewall-blacklist(5), <para>shorewall(8), shorewall-actions(5), shorewall-blacklist(5),
shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5),

View File

@ -24,7 +24,7 @@
<title>Description</title> <title>Description</title>
<para>This file allows you to define new ACTIONS for use in rules (see <para>This file allows you to define new ACTIONS for use in rules (see
<ulink url="shorewall-rules.html">shorewall-rules(5)</ulink>). You define <ulink url="/manpages/shorewall-rules.html">shorewall-rules(5)</ulink>). You define
the iptables rules to be performed in an ACTION in the iptables rules to be performed in an ACTION in
/etc/shorewall/action.<emphasis>action-name</emphasis>.</para> /etc/shorewall/action.<emphasis>action-name</emphasis>.</para>
@ -58,7 +58,7 @@
target that is supported by your iptables but is not directly target that is supported by your iptables but is not directly
supported by Shorewall. The action may be used as the rule supported by Shorewall. The action may be used as the rule
target in an INLINE rule in <ulink target in an INLINE rule in <ulink
url="shorewall-rules.html">shorewall-rules</ulink>(5).</para> url="/manpages/shorewall-rules.html">shorewall-rules</ulink>(5).</para>
<para>Beginning with Shorewall 4.6.0, the Netfilter table(s) <para>Beginning with Shorewall 4.6.0, the Netfilter table(s)
in which the <emphasis role="bold">builtin</emphasis> can be in which the <emphasis role="bold">builtin</emphasis> can be
@ -147,7 +147,7 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/Actions.html">http://shorewall.net/Actions.html</ulink></para> url="/Actions.html">http://www.shorewall.net/Actions.html</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-blacklist(5), <para>shorewall(8), shorewall-accounting(5), shorewall-blacklist(5),
shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5),

View File

@ -44,7 +44,7 @@
(if your kernel and iptables contain iprange match support) or ipset (if your kernel and iptables contain iprange match support) or ipset
name prefaced by "+" (if your kernel supports ipset match). name prefaced by "+" (if your kernel supports ipset match).
Exclusion (<ulink Exclusion (<ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5)) is url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>(5)) is
supported.</para> supported.</para>
<para>MAC addresses must be prefixed with "~" and use "-" as a <para>MAC addresses must be prefixed with "~" and use "-" as a
@ -98,7 +98,7 @@
interface that has the 'blacklist' option set. So to block traffic interface that has the 'blacklist' option set. So to block traffic
from your local network to an internet host, you had to specify from your local network to an internet host, you had to specify
<option>blacklist</option> on your internal interface in <ulink <option>blacklist</option> on your internal interface in <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink> url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>
(5).</para> (5).</para>
</note> </note>
@ -106,7 +106,7 @@
<para>Beginning with Shorewall 4.4.13, entries are applied based <para>Beginning with Shorewall 4.4.13, entries are applied based
on the <emphasis role="bold">blacklist</emphasis> setting in on the <emphasis role="bold">blacklist</emphasis> setting in
<ulink <ulink
url="shorewall-zones.html">shorewall-zones</ulink>(5):</para> url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5):</para>
<orderedlist> <orderedlist>
<listitem> <listitem>
@ -182,10 +182,10 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/blacklisting_support.htm">http://shorewall.net/blacklisting_support.htm</ulink></para> url="/blacklisting_support.htm">http://www.shorewall.net/blacklisting_support.htm</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5),

View File

@ -27,13 +27,13 @@
<para>Rules in this file are applied depending on the setting of <para>Rules in this file are applied depending on the setting of
BLACKLISTNEWONLY in <ulink BLACKLISTNEWONLY in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5). If url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). If
BLACKLISTNEWONLY=No, then they are applied regardless of the connection BLACKLISTNEWONLY=No, then they are applied regardless of the connection
tracking state of the packet. If BLACKLISTNEWONLY=Yes, they are applied to tracking state of the packet. If BLACKLISTNEWONLY=Yes, they are applied to
connections in the NEW and INVALID states.</para> connections in the NEW and INVALID states.</para>
<para>The format of rules in this file is the same as the format of rules <para>The format of rules in this file is the same as the format of rules
in <ulink url="shorewall-rules.html">shorewall-rules (5)</ulink>. The in <ulink url="/manpages/shorewall-rules.html">shorewall-rules (5)</ulink>. The
difference in the two files lies in the ACTION (first) column.</para> difference in the two files lies in the ACTION (first) column.</para>
<variablelist> <variablelist>
@ -69,7 +69,7 @@
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>If BLACKLIST_LOGLEVEL is specified in <ulink <para>If BLACKLIST_LOGLEVEL is specified in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5), then url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5), then
the macro expands to <emphasis the macro expands to <emphasis
role="bold">blacklog</emphasis>.</para> role="bold">blacklog</emphasis>.</para>
</listitem> </listitem>
@ -77,7 +77,7 @@
<listitem> <listitem>
<para>Otherwise it expands to the action specified for <para>Otherwise it expands to the action specified for
BLACKLIST_DISPOSITION in <ulink BLACKLIST_DISPOSITION in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</listitem> </listitem>
@ -88,10 +88,10 @@
<listitem> <listitem>
<para>May only be used if BLACKLIST_LOGLEVEL is specified in <para>May only be used if BLACKLIST_LOGLEVEL is specified in
<ulink url="shorewall.conf.html">shorewall.conf </ulink>(5). <ulink url="/manpages/shorewall.conf.html">shorewall.conf </ulink>(5).
Logs, audits (if specified) and applies the Logs, audits (if specified) and applies the
BLACKLIST_DISPOSITION specified in <ulink BLACKLIST_DISPOSITION specified in <ulink
url="shorewall.conf.html">shorewall.conf</ulink> (5).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink> (5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -166,7 +166,7 @@
<listitem> <listitem>
<para>queues matching packets to a back end logging daemon via <para>queues matching packets to a back end logging daemon via
a netlink socket then continues to the next rule. See <ulink a netlink socket then continues to the next rule. See <ulink
url="http://www.shorewall.net/shorewall.logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.</para> url="/shorewall.logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -205,7 +205,7 @@
<listitem> <listitem>
<para>The name of an <emphasis>action</emphasis> declared in <para>The name of an <emphasis>action</emphasis> declared in
<ulink <ulink
url="shorewall-actions.html">shorewall-actions</ulink>(5) or url="/manpages/shorewall-actions.html">shorewall-actions</ulink>(5) or
in /usr/share/shorewall/actions.std.</para> in /usr/share/shorewall/actions.std.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -237,7 +237,7 @@
<para>If the <emphasis role="bold">ACTION</emphasis> names an <para>If the <emphasis role="bold">ACTION</emphasis> names an
<emphasis>action</emphasis> declared in <ulink <emphasis>action</emphasis> declared in <ulink
url="shorewall-actions.html">shorewall-actions</ulink>(5) or in url="/manpages/shorewall-actions.html">shorewall-actions</ulink>(5) or in
/usr/share/shorewall/actions.std then:</para> /usr/share/shorewall/actions.std then:</para>
<itemizedlist> <itemizedlist>
@ -267,13 +267,13 @@
<para>Actions specifying logging may be followed by a log tag (a <para>Actions specifying logging may be followed by a log tag (a
string of alphanumeric characters) which is appended to the string string of alphanumeric characters) which is appended to the string
generated by the LOGPREFIX (in <ulink generated by the LOGPREFIX (in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5)).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
<para>For the remaining columns, see <ulink <para>For the remaining columns, see <ulink
url="shorewall-rules.html">shorewall-rules (5)</ulink>.</para> url="/manpages/shorewall-rules.html">shorewall-rules (5)</ulink>.</para>
</refsect1> </refsect1>
<refsect1> <refsect1>
@ -313,10 +313,10 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/blacklisting_support.htm">http://shorewall.net/blacklisting_support.htm</ulink></para> url="/blacklisting_support.htm">http://www.shorewall.net/blacklisting_support.htm</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-hosts(5), shorewall-interfaces(5), shorewall-maclist(5), shorewall-hosts(5), shorewall-interfaces(5), shorewall-maclist(5),

View File

@ -266,7 +266,7 @@
<para>This error message may be eliminated by adding <para>This error message may be eliminated by adding
<replaceable>target</replaceable> as a builtin action in <ulink <replaceable>target</replaceable> as a builtin action in <ulink
url="manpages/shorewall-actions.html">shorewall-actions(5)</ulink>.</para> url="/manpages/shorewall-actions.html">shorewall-actions</ulink>(5).</para>
</listitem> </listitem>
<listitem> <listitem>
@ -344,7 +344,7 @@
<replaceable>interface</replaceable> is an interface to that zone, <replaceable>interface</replaceable> is an interface to that zone,
and <replaceable>address-list</replaceable> is a comma-separated and <replaceable>address-list</replaceable> is a comma-separated
list of addresses (may contain exclusion - see <ulink list of addresses (may contain exclusion - see <ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink> url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>
(5)).</para> (5)).</para>
<para>Beginning with Shorewall 4.5.7, <option>all</option> can be <para>Beginning with Shorewall 4.5.7, <option>all</option> can be
@ -365,7 +365,7 @@
<para>Where <replaceable>interface</replaceable> is an interface to <para>Where <replaceable>interface</replaceable> is an interface to
that zone, and <replaceable>address-list</replaceable> is a that zone, and <replaceable>address-list</replaceable> is a
comma-separated list of addresses (may contain exclusion - see comma-separated list of addresses (may contain exclusion - see
<ulink url="shorewall-exclusion.html">shorewall-exclusion</ulink> <ulink url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>
(5)).</para> (5)).</para>
<para>COMMENT is only allowed in format 1; the remainder of the line <para>COMMENT is only allowed in format 1; the remainder of the line
@ -381,7 +381,7 @@
<listitem> <listitem>
<para>where <replaceable>address-list</replaceable> is a <para>where <replaceable>address-list</replaceable> is a
comma-separated list of addresses (may contain exclusion - see comma-separated list of addresses (may contain exclusion - see
<ulink url="shorewall-exclusion.html">shorewall6-exclusion</ulink> <ulink url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>
(5)).</para> (5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -532,7 +532,7 @@ DROP:PO - 1.2.3.4
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),

View File

@ -88,7 +88,7 @@ ACCEPT all!z2 net tcp 22</programlisting>
<para>In most contexts, ipset names can be used as an <para>In most contexts, ipset names can be used as an
<replaceable>address-or-range</replaceable>. Beginning with Shorewall <replaceable>address-or-range</replaceable>. Beginning with Shorewall
4.4.14, ipset lists enclosed in +[...] may also be included (see <ulink 4.4.14, ipset lists enclosed in +[...] may also be included (see <ulink
url="shorewall-ipsets.html">shorewall-ipsets</ulink> (5)). The semantics url="/manpages/shorewall-ipsets.html">shorewall-ipsets</ulink> (5)). The semantics
of these lists when used in an exclusion are as follows:</para> of these lists when used in an exclusion are as follows:</para>
<itemizedlist> <itemizedlist>

View File

@ -29,7 +29,7 @@
<para>The order of entries in this file is not significant in determining <para>The order of entries in this file is not significant in determining
zone composition. Rather, the order that the zones are declared in <ulink zone composition. Rather, the order that the zones are declared in <ulink
url="shorewall-zones.html">shorewall-zones</ulink>(5) determines the order url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5) determines the order
in which the records in this file are interpreted.</para> in which the records in this file are interpreted.</para>
<warning> <warning>
@ -39,7 +39,7 @@
<warning> <warning>
<para>If you have an entry for a zone and interface in <ulink <para>If you have an entry for a zone and interface in <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5) then do url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5) then do
not include any entries in this file for that same (zone, interface) not include any entries in this file for that same (zone, interface)
pair.</para> pair.</para>
</warning> </warning>
@ -53,7 +53,7 @@
<listitem> <listitem>
<para>The name of a zone declared in <ulink <para>The name of a zone declared in <ulink
url="shorewall-zones.html">shorewall-zones</ulink>(5). You may not url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5). You may not
list the firewall zone in this column.</para> list the firewall zone in this column.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -67,7 +67,7 @@
<listitem> <listitem>
<para>The name of an interface defined in the <ulink <para>The name of an interface defined in the <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5) file url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5) file
followed by a colon (":") and a comma-separated list whose elements followed by a colon (":") and a comma-separated list whose elements
are either:</para> are either:</para>
@ -102,7 +102,7 @@
<blockquote> <blockquote>
<para>You may also exclude certain hosts through use of an <para>You may also exclude certain hosts through use of an
<emphasis>exclusion</emphasis> (see <ulink <emphasis>exclusion</emphasis> (see <ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5).</para> url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>(5).</para>
</blockquote> </blockquote>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -123,7 +123,7 @@
<listitem> <listitem>
<para>Check packets arriving on this port against the <ulink <para>Check packets arriving on this port against the <ulink
url="shorewall-blacklist.html">shorewall-blacklist</ulink>(5) url="/manpages/shorewall-blacklist.html">shorewall-blacklist</ulink>(5)
file.</para> file.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -145,7 +145,7 @@
<listitem> <listitem>
<para>The zone does not have an entry for this interface <para>The zone does not have an entry for this interface
in <ulink in <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5).</para> url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5).</para>
</listitem> </listitem>
</orderedlist> </orderedlist>
</listitem> </listitem>
@ -169,7 +169,7 @@
<para>The zone is accessed via a kernel 2.6 ipsec SA. Note <para>The zone is accessed via a kernel 2.6 ipsec SA. Note
that if the zone named in the ZONE column is specified as an that if the zone named in the ZONE column is specified as an
IPSEC zone in the <ulink IPSEC zone in the <ulink
url="shorewall-zones.html">shorewall-zones</ulink>(5) file url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5) file
then you do NOT need to specify the 'ipsec' option then you do NOT need to specify the 'ipsec' option
here.</para> here.</para>
</listitem> </listitem>
@ -181,7 +181,7 @@
<listitem> <listitem>
<para>Connection requests from these hosts are compared <para>Connection requests from these hosts are compared
against the contents of <ulink against the contents of <ulink
url="shorewall-maclist.html">shorewall-maclist</ulink>(5). If url="/manpages/shorewall-maclist.html">shorewall-maclist</ulink>(5). If
this option is specified, the interface must be an Ethernet this option is specified, the interface must be an Ethernet
NIC or equivalent and must be up before Shorewall is NIC or equivalent and must be up before Shorewall is
started.</para> started.</para>
@ -212,7 +212,7 @@
<para>Smurfs will be optionally logged based on the setting of <para>Smurfs will be optionally logged based on the setting of
SMURF_LOG_LEVEL in <ulink SMURF_LOG_LEVEL in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5). After url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). After
logging, the packets are dropped.</para> logging, the packets are dropped.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -274,7 +274,7 @@ vpn ppp+:192.168.3.0/24</programlisting></para>
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall_interfaces(5), shorewall-ipsets(5), shorewall-blacklist(5), shorewall_interfaces(5), shorewall-ipsets(5),

View File

@ -145,8 +145,8 @@
<para>On a laptop with both Ethernet and wireless interfaces, you will <para>On a laptop with both Ethernet and wireless interfaces, you will
want to make both interfaces optional and set the REQUIRE_INTERFACE option want to make both interfaces optional and set the REQUIRE_INTERFACE option
to Yes in <ulink url="shorewall.conf.html">shorewall.conf </ulink>(5) or to Yes in <ulink url="/manpages/shorewall.conf.html">shorewall.conf </ulink>(5) or
<ulink url="../Manpages6/shorewall6.conf.html">shorewall6.conf</ulink> <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>
(5). This causes the firewall to remain stopped until at least one of the (5). This causes the firewall to remain stopped until at least one of the
interfaces comes up.</para> interfaces comes up.</para>
</refsect1> </refsect1>

View File

@ -71,7 +71,7 @@
in this column.</para> in this column.</para>
<para>If the interface serves multiple zones that will be defined in <para>If the interface serves multiple zones that will be defined in
the <ulink url="shorewall-hosts.html">shorewall-hosts</ulink>(5) the <ulink url="/manpages/shorewall-hosts.html">shorewall-hosts</ulink>(5)
file, you should place "-" in this column.</para> file, you should place "-" in this column.</para>
<para>If there are multiple interfaces to the same zone, you must <para>If there are multiple interfaces to the same zone, you must
@ -97,7 +97,7 @@ loc eth2 -</programlisting>
<para>Logical name of interface. Each interface may be listed only <para>Logical name of interface. Each interface may be listed only
once in this file. You may NOT specify the name of a "virtual" once in this file. You may NOT specify the name of a "virtual"
interface (e.g., eth0:0) here; see <ulink interface (e.g., eth0:0) here; see <ulink
url="http://www.shorewall.net/FAQ.htm#faq18">http://www.shorewall.net/FAQ.htm#faq18</ulink>. url="/FAQ.htm#faq18">http://www.shorewall.net/FAQ.htm#faq18</ulink>.
If the <option>physical</option> option is not specified, then the If the <option>physical</option> option is not specified, then the
logical name is also the name of the actual interface.</para> logical name is also the name of the actual interface.</para>
@ -111,7 +111,7 @@ loc eth2 -</programlisting>
<para>When using Shorewall versions before 4.1.4, care must be <para>When using Shorewall versions before 4.1.4, care must be
exercised when using wildcards where there is another zone that uses exercised when using wildcards where there is another zone that uses
a matching specific interface. See <ulink a matching specific interface. See <ulink
url="shorewall-nesting.html">shorewall-nesting</ulink>(5) for a url="/manpages/shorewall-nesting.html">shorewall-nesting</ulink>(5) for a
discussion of this problem.</para> discussion of this problem.</para>
<para>Shorewall allows '+' as an interface name.</para> <para>Shorewall allows '+' as an interface name.</para>
@ -154,7 +154,7 @@ loc eth2 -</programlisting>
<para>Beginning with Shorewall 4.5.17, if you specify a zone for the <para>Beginning with Shorewall 4.5.17, if you specify a zone for the
'lo' interface, then that zone must be defined as type 'lo' interface, then that zone must be defined as type
<option>local</option> in <ulink <option>local</option> in <ulink
url="shorewall6-zones.html">shorewall6-zones</ulink>(5).</para> url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -268,7 +268,7 @@ loc eth2 -</programlisting>
<listitem> <listitem>
<para>Checks packets arriving on this interface against the <para>Checks packets arriving on this interface against the
<ulink <ulink
url="shorewall-blacklist.html">shorewall-blacklist</ulink>(5) url="/manpages/shorewall-blacklist.html">shorewall-blacklist</ulink>(5)
file.</para> file.</para>
<para>Beginning with Shorewall 4.4.13:</para> <para>Beginning with Shorewall 4.4.13:</para>
@ -279,7 +279,7 @@ loc eth2 -</programlisting>
ZONES column, then the behavior is as if <emphasis ZONES column, then the behavior is as if <emphasis
role="bold">blacklist</emphasis> had been specified in the role="bold">blacklist</emphasis> had been specified in the
IN_OPTIONS column of <ulink IN_OPTIONS column of <ulink
url="shorewall-zones.html">shorewall-zones</ulink>(5).</para> url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5).</para>
</listitem> </listitem>
<listitem> <listitem>
@ -348,7 +348,7 @@ loc eth2 -</programlisting>
url="../bridge-Shorewall-perl.html">Shorewall-perl for url="../bridge-Shorewall-perl.html">Shorewall-perl for
firewall/bridging</ulink>, then you need to include firewall/bridging</ulink>, then you need to include
DHCP-specific rules in <ulink DHCP-specific rules in <ulink
url="shorewall-rules.html">shorewall-rules</ulink>(8). url="/manpages/shorewall-rules.html">shorewall-rules</ulink>(8).
DHCP uses UDP ports 67 and 68.</para> DHCP uses UDP ports 67 and 68.</para>
</note> </note>
</listitem> </listitem>
@ -421,7 +421,7 @@ loc eth2 -</programlisting>
<blockquote> <blockquote>
<para>This option may also be enabled globally in the <ulink <para>This option may also be enabled globally in the <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5) url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
file.</para> file.</para>
</blockquote> </blockquote>
</listitem> </listitem>
@ -433,7 +433,7 @@ loc eth2 -</programlisting>
<listitem> <listitem>
<para>Connection requests from this interface are compared <para>Connection requests from this interface are compared
against the contents of <ulink against the contents of <ulink
url="shorewall-maclist.html">shorewall-maclist</ulink>(5). If url="/manpages/shorewall-maclist.html">shorewall-maclist</ulink>(5). If
this option is specified, the interface must be an Ethernet this option is specified, the interface must be an Ethernet
NIC and must be up before Shorewall is started.</para> NIC and must be up before Shorewall is started.</para>
</listitem> </listitem>
@ -472,7 +472,7 @@ loc eth2 -</programlisting>
<para>Defines the zone as <firstterm>dynamic</firstterm>. <para>Defines the zone as <firstterm>dynamic</firstterm>.
Requires ipset match support in your iptables and kernel. See Requires ipset match support in your iptables and kernel. See
<ulink <ulink
url="http://www.shorewall.net/Dynamic.html">http://www.shorewall.net/Dynamic.html</ulink> url="/Dynamic.html">http://www.shorewall.net/Dynamic.html</ulink>
for further information.</para> for further information.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -486,7 +486,7 @@ loc eth2 -</programlisting>
<para>Smurfs will be optionally logged based on the setting of <para>Smurfs will be optionally logged based on the setting of
SMURF_LOG_LEVEL in <ulink SMURF_LOG_LEVEL in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5). After url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). After
logging, the packets are dropped.</para> logging, the packets are dropped.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -527,7 +527,7 @@ loc eth2 -</programlisting>
refers to the name given in this option. It is useful when you refers to the name given in this option. It is useful when you
want to specify the same wildcard port name on two or more want to specify the same wildcard port name on two or more
bridges. See <ulink bridges. See <ulink
url="http://www.shorewall.net/bridge-Shorewall-perl.html#Multiple">http://www.shorewall.net/bridge-Shorewall-perl.html#Multiple</ulink>.</para> url="/bridge-Shorewall-perl.html#Multiple">http://www.shorewall.net/bridge-Shorewall-perl.html#Multiple</ulink>.</para>
<para>If the <emphasis>interface</emphasis> name is a wildcard <para>If the <emphasis>interface</emphasis> name is a wildcard
name (ends with '+'), then the physical name (ends with '+'), then the physical
@ -547,7 +547,7 @@ loc eth2 -</programlisting>
/proc/sys/net/ipv4/conf/<emphasis>interface</emphasis>/proxy_arp. /proc/sys/net/ipv4/conf/<emphasis>interface</emphasis>/proxy_arp.
Do NOT use this option if you are employing Proxy ARP through Do NOT use this option if you are employing Proxy ARP through
entries in <ulink entries in <ulink
url="shorewall-proxyarp.html">shorewall-proxyarp</ulink>(5). url="/manpages/shorewall-proxyarp.html">shorewall-proxyarp</ulink>(5).
This option is intended solely for use with Proxy ARP This option is intended solely for use with Proxy ARP
sub-networking as described at: <ulink sub-networking as described at: <ulink
url="http://tldp.org/HOWTO/Proxy-ARP-Subnet/index.html">http://tldp.org/HOWTO/Proxy-ARP-Subnet/index.html. url="http://tldp.org/HOWTO/Proxy-ARP-Subnet/index.html">http://tldp.org/HOWTO/Proxy-ARP-Subnet/index.html.
@ -626,12 +626,12 @@ loc eth2 -</programlisting>
<para>This option can also be enabled globally via the <para>This option can also be enabled globally via the
ROUTE_FILTER option in the <ulink ROUTE_FILTER option in the <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5) url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
file.</para> file.</para>
<important> <important>
<para>If ROUTE_FILTER=Yes in <ulink <para>If ROUTE_FILTER=Yes in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5), or if url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5), or if
your distribution sets net.ipv4.conf.all.rp_filter=1 in your distribution sets net.ipv4.conf.all.rp_filter=1 in
<filename>/etc/sysctl.conf</filename>, then setting <filename>/etc/sysctl.conf</filename>, then setting
<emphasis role="bold">routefilter</emphasis>=0 in an <emphasis role="bold">routefilter</emphasis>=0 in an
@ -653,14 +653,14 @@ loc eth2 -</programlisting>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>If USE_DEFAULT_RT=Yes in <ulink <para>If USE_DEFAULT_RT=Yes in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5) and url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) and
the interface is listed in <ulink the interface is listed in <ulink
url="shorewall-providers.html">shorewall-providers</ulink>(5).</para> url="/manpages/shorewall-providers.html">shorewall-providers</ulink>(5).</para>
</listitem> </listitem>
<listitem> <listitem>
<para>If there is an entry for the interface in <ulink <para>If there is an entry for the interface in <ulink
url="shorewall-providers.html">shorewall-providers</ulink>(5) url="/manpages/shorewall-providers.html">shorewall-providers</ulink>(5)
that doesn't specify the <option>balance</option> that doesn't specify the <option>balance</option>
option.</para> option.</para>
</listitem> </listitem>
@ -797,7 +797,7 @@ loc eth2 -</programlisting>
<listitem> <listitem>
<para>Incoming requests from this interface may be remapped <para>Incoming requests from this interface may be remapped
via UPNP (upnpd). See <ulink via UPNP (upnpd). See <ulink
url="../UPnP.html">http://www.shorewall.net/UPnP.html</ulink>.</para> url="/UPnP.html">http://www.shorewall.net/UPnP.html</ulink>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -912,7 +912,7 @@ net ppp0 -</programlisting>
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall-maclist(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall-maclist(5),

View File

@ -77,7 +77,7 @@
specified, matching packets must match all of the listed sets.</para> specified, matching packets must match all of the listed sets.</para>
<para>For information about set lists and exclusion, see <ulink <para>For information about set lists and exclusion, see <ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink> (5).</para> url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink> (5).</para>
<para>Beginning with Shorewall 4.5.16, you can increment one or more <para>Beginning with Shorewall 4.5.16, you can increment one or more
nfacct objects each time a packet matches an ipset. You do that by listing nfacct objects each time a packet matches an ipset. You do that by listing

View File

@ -27,8 +27,8 @@
associated IP addresses to be allowed to use the specified interface. The associated IP addresses to be allowed to use the specified interface. The
feature is enabled by using the <emphasis role="bold">maclist</emphasis> feature is enabled by using the <emphasis role="bold">maclist</emphasis>
option in the <ulink option in the <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5) or <ulink url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5) or <ulink
url="shorewall-hosts.html">shorewall-hosts</ulink>(5) configuration url="/manpages/shorewall-hosts.html">shorewall-hosts</ulink>(5) configuration
file.</para> file.</para>
<para>The columns in the file are as follows (where the column name is <para>The columns in the file are as follows (where the column name is
@ -45,7 +45,7 @@
<listitem> <listitem>
<para><emphasis role="bold">ACCEPT</emphasis> or <emphasis <para><emphasis role="bold">ACCEPT</emphasis> or <emphasis
role="bold">DROP</emphasis> (if MACLIST_TABLE=filter in <ulink role="bold">DROP</emphasis> (if MACLIST_TABLE=filter in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5), then REJECT is url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5), then REJECT is
also allowed). If specified, the also allowed). If specified, the
<replaceable>log-level</replaceable> causes packets matching the <replaceable>log-level</replaceable> causes packets matching the
rule to be logged at that level.</para> rule to be logged at that level.</para>
@ -101,10 +101,10 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/MAC_Validation.html">http://shorewall.net/MAC_Validation.html</ulink></para> url="/MAC_Validation.html">http://www.shorewall.net/MAC_Validation.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),

View File

@ -24,13 +24,13 @@
<title>Description</title> <title>Description</title>
<para>This file was introduced in Shorewall 4.6.0 and is intended to <para>This file was introduced in Shorewall 4.6.0 and is intended to
replace <ulink url="shorewall-mangle.html">shorewall-rules(5)</ulink>. replace <ulink url="/manpages/shorewall-mangle.html">shorewall-rules(5)</ulink>.
This file is only processed by the compiler if:</para> This file is only processed by the compiler if:</para>
<orderedlist numeration="loweralpha"> <orderedlist numeration="loweralpha">
<listitem> <listitem>
<para>No file named 'tcrules' exists on the current CONFIG_PATH (see <para>No file named 'tcrules' exists on the current CONFIG_PATH (see
<ulink url="shorewall.conf.html">shorewall.conf(5)</ulink>); or</para> <ulink url="/manpages/shorewall.conf.html">shorewall.conf(5)</ulink>); or</para>
</listitem> </listitem>
<listitem> <listitem>
@ -44,14 +44,14 @@
<important> <important>
<para>Unlike rules in the <ulink <para>Unlike rules in the <ulink
url="shorewall-rules.html">shorewall-rules</ulink>(5) file, evaluation url="/manpages/shorewall-rules.html">shorewall-rules</ulink>(5) file, evaluation
of rules in this file will continue after a match. So the final mark for of rules in this file will continue after a match. So the final mark for
each packet will be the one assigned by the LAST tcrule that each packet will be the one assigned by the LAST tcrule that
matches.</para> matches.</para>
<para>If you use multiple internet providers with the 'track' option, in <para>If you use multiple internet providers with the 'track' option, in
/etc/shorewall/providers be sure to read the restrictions at <ulink /etc/shorewall/providers be sure to read the restrictions at <ulink
url="http://shorewall.net/MultiISP.html">http://shorewall.net/MultiISP.html</ulink>.</para> url="/MultiISP.html">http://www.shorewall.net/MultiISP.html</ulink>.</para>
</important> </important>
<para>The columns in the file are as follows (where the column name is <para>The columns in the file are as follows (where the column name is
@ -104,7 +104,7 @@
<para>Unless otherwise specified for the particular <para>Unless otherwise specified for the particular
<replaceable>command</replaceable>, the default chain is PREROUTING <replaceable>command</replaceable>, the default chain is PREROUTING
when MARK_IN_FORWARD_CHAIN=No in <ulink when MARK_IN_FORWARD_CHAIN=No in <ulink
url="shorewall.conf.html">shorewall.conf(5)</ulink>, and FORWARD url="/manpages/shorewall.conf.html">shorewall.conf(5)</ulink>, and FORWARD
when MARK_IN_FORWARD_CHAIN=Yes.</para> when MARK_IN_FORWARD_CHAIN=Yes.</para>
<para>A chain-designator may not be specified if the SOURCE or DEST <para>A chain-designator may not be specified if the SOURCE or DEST
@ -159,11 +159,11 @@
<para>When using Shorewall's built-in traffic shaping tool, <para>When using Shorewall's built-in traffic shaping tool,
the <emphasis>major</emphasis> class is the device number (the the <emphasis>major</emphasis> class is the device number (the
first device in <ulink first device in <ulink
url="shorewall-tcdevices.html">shorewall-tcdevices</ulink>(5) url="/manpages/shorewall-tcdevices.html">shorewall-tcdevices</ulink>(5)
is major class 1, the second device is major class 2, and so is major class 1, the second device is major class 2, and so
on) and the <emphasis>minor</emphasis> class is the class's on) and the <emphasis>minor</emphasis> class is the class's
MARK value in <ulink MARK value in <ulink
url="shorewall-tcclasses.html">shorewall-tcclasses</ulink>(5) url="/manpages/shorewall-tcclasses.html">shorewall-tcclasses</ulink>(5)
preceded by the number 1 (MARK 1 corresponds to minor class preceded by the number 1 (MARK 1 corresponds to minor class
11, MARK 5 corresponds to minor class 15, MARK 22 corresponds 11, MARK 5 corresponds to minor class 15, MARK 22 corresponds
to minor class 122, etc.).</para> to minor class 122, etc.).</para>
@ -297,7 +297,7 @@
specified at the end of the rule. If the target is not one specified at the end of the rule. If the target is not one
known to Shorewall, then it must be defined as a builtin known to Shorewall, then it must be defined as a builtin
action in <ulink action in <ulink
url="shorewall-actions.html">shorewall-actions</ulink> url="/manpages/shorewall-actions.html">shorewall-actions</ulink>
(5).</para> (5).</para>
<para>The following rules are equivalent:</para> <para>The following rules are equivalent:</para>
@ -310,7 +310,7 @@ INLINE eth0 - ; -p tcp -j MARK --set-mark
</programlisting> </programlisting>
<para>If INLINE_MATCHES=Yes in <ulink <para>If INLINE_MATCHES=Yes in <ulink
url="shorewall.conf.html">shorewall6.conf(5)</ulink> then the url="/manpages/shorewall.conf.html">shorewall6.conf(5)</ulink> then the
third rule above can be specified as follows:</para> third rule above can be specified as follows:</para>
<programlisting>2:P eth0 - ; -p tcp</programlisting> <programlisting>2:P eth0 - ; -p tcp</programlisting>
@ -443,7 +443,7 @@ INLINE eth0 - ; -p tcp -j MARK --set-mark
<para>This error message may be eliminated by adding the <para>This error message may be eliminated by adding the
<replaceable>target</replaceable> as a builtin action in <replaceable>target</replaceable> as a builtin action in
<ulink <ulink
url="shorewall-actions.html">shorewall-actions(5)</ulink>.</para> url="/manpages/shorewall-actions.html">shorewall-actions(5)</ulink>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -485,7 +485,7 @@ INLINE eth0 - ; -p tcp -j MARK --set-mark
then the assigned mark values are 0x200, 0x300 and 0x400 in then the assigned mark values are 0x200, 0x300 and 0x400 in
equal proportions. If no mask is specified, then ( 2 ** equal proportions. If no mask is specified, then ( 2 **
MASK_BITS ) - 1 is assumed (MASK_BITS is set in <ulink MASK_BITS ) - 1 is assumed (MASK_BITS is set in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5)).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -586,7 +586,7 @@ Normal-Service =&gt; 0x00</programlisting>
<listitem> <listitem>
<para>Transparently redirects a packet without altering the IP <para>Transparently redirects a packet without altering the IP
header. Requires a tproxy provider to be defined in <ulink header. Requires a tproxy provider to be defined in <ulink
url="shorewall-providers.html">shorewall-providers</ulink>(5).</para> url="/manpages/shorewall-providers.html">shorewall-providers</ulink>(5).</para>
<para>There are three parameters to TPROXY - neither is <para>There are three parameters to TPROXY - neither is
required:</para> required:</para>
@ -712,7 +712,7 @@ Normal-Service =&gt; 0x00</programlisting>
<para>You may exclude certain hosts from the set already defined <para>You may exclude certain hosts from the set already defined
through use of an <emphasis>exclusion</emphasis> (see <ulink through use of an <emphasis>exclusion</emphasis> (see <ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para> url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -749,7 +749,7 @@ Normal-Service =&gt; 0x00</programlisting>
<para>You may exclude certain hosts from the set already defined <para>You may exclude certain hosts from the set already defined
through use of an <emphasis>exclusion</emphasis> (see <ulink through use of an <emphasis>exclusion</emphasis> (see <ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para> url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -784,7 +784,7 @@ Normal-Service =&gt; 0x00</programlisting>
destination icmp-type(s). ICMP types may be specified as a numeric destination icmp-type(s). ICMP types may be specified as a numeric
type, a numeric type and code separated by a slash (e.g., 3/4), or a type, a numeric type and code separated by a slash (e.g., 3/4), or a
typename. See <ulink typename. See <ulink
url="http://www.shorewall.net/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.</para> url="/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.</para>
<para>If the protocol is <emphasis role="bold">ipp2p</emphasis>, <para>If the protocol is <emphasis role="bold">ipp2p</emphasis>,
this column is interpreted as an ipp2p option without the leading this column is interpreted as an ipp2p option without the leading
@ -1167,16 +1167,16 @@ Normal-Service =&gt; 0x00</programlisting>
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para> url="/traffic_shaping.htm">http://www.shorewall.net/traffic_shaping.htm</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/MultiISP.html">http://shorewall.net/MultiISP.html</ulink></para> url="/MultiISP.html">http://www.shorewall.net/MultiISP.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/PacketMarking.html">http://shorewall.net/PacketMarking.html</ulink></para> url="/PacketMarking.html">http://www.shorewall.net/PacketMarking.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-ecn(5), shorewall-exclusion(5), shorewall-blacklist(5), shorewall-ecn(5), shorewall-exclusion(5),

View File

@ -35,9 +35,9 @@
<para>If you have more than one ISP link, adding entries to this file <para>If you have more than one ISP link, adding entries to this file
will <emphasis role="bold">not</emphasis> force connections to go out will <emphasis role="bold">not</emphasis> force connections to go out
through a particular link. You must use entries in <ulink through a particular link. You must use entries in <ulink
url="shorewall-rtrules.html">shorewall-rtrules</ulink>(5) or PREROUTING url="/manpages/shorewall-rtrules.html">shorewall-rtrules</ulink>(5) or PREROUTING
entries in <ulink entries in <ulink
url="shorewall-mangle.html">shorewall-mangle</ulink>(5) to do url="/manpages/shorewall-mangle.html">shorewall-mangle</ulink>(5) to do
that.</para> that.</para>
</warning> </warning>
@ -55,7 +55,7 @@
<para>Outgoing <emphasis>interfacelist</emphasis>. This may be a <para>Outgoing <emphasis>interfacelist</emphasis>. This may be a
comma-separated list of interface names. This is usually your comma-separated list of interface names. This is usually your
internet interface. If ADD_SNAT_ALIASES=Yes in <ulink internet interface. If ADD_SNAT_ALIASES=Yes in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5), you may add ":" url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5), you may add ":"
and a <emphasis>digit</emphasis> to indicate that you want the alias and a <emphasis>digit</emphasis> to indicate that you want the alias
added with that name (e.g., eth0:0). This will allow the alias to be added with that name (e.g., eth0:0). This will allow the alias to be
displayed with ifconfig. <emphasis role="bold">That is the only use displayed with ifconfig. <emphasis role="bold">That is the only use
@ -63,17 +63,17 @@
Shorewall configuration.</emphasis></para> Shorewall configuration.</emphasis></para>
<para>Each interface must match an entry in <ulink <para>Each interface must match an entry in <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5). url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5).
Shorewall allows loose matches to wildcard entries in <ulink Shorewall allows loose matches to wildcard entries in <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5). For url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5). For
example, <filename class="devicefile">ppp0</filename> in this file example, <filename class="devicefile">ppp0</filename> in this file
will match a <ulink will match a <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5) url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
entry that defines <filename entry that defines <filename
class="devicefile">ppp+</filename>.</para> class="devicefile">ppp+</filename>.</para>
<para>Where <ulink <para>Where <ulink
url="http://www.shorewall.net/4.4/MultiISP.html#Shared">more that url="/4.4/MultiISP.html#Shared">more that
one internet provider share a single interface</ulink>, the provider one internet provider share a single interface</ulink>, the provider
is specified by including the provider name or number in is specified by including the provider name or number in
parentheses:</para> parentheses:</para>
@ -88,7 +88,7 @@
addresses to indicate that you only want to change the source IP addresses to indicate that you only want to change the source IP
address for packets being sent to those particular destinations. address for packets being sent to those particular destinations.
Exclusion is allowed (see <ulink Exclusion is allowed (see <ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5)) as url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>(5)) as
are ipset names preceded by a plus sign '+';</para> are ipset names preceded by a plus sign '+';</para>
<para>If you wish to inhibit the action of ADD_SNAT_ALIASES for this <para>If you wish to inhibit the action of ADD_SNAT_ALIASES for this
@ -99,7 +99,7 @@
<para>Normally Masq/SNAT rules are evaluated after those for <para>Normally Masq/SNAT rules are evaluated after those for
one-to-one NAT (defined in <ulink one-to-one NAT (defined in <ulink
url="shorewall-nat.html">shorewall-nat</ulink>(5)). If you want the url="/manpages/shorewall-nat.html">shorewall-nat</ulink>(5)). If you want the
rule to be applied before one-to-one NAT rules, prefix the interface rule to be applied before one-to-one NAT rules, prefix the interface
name with "+":</para> name with "+":</para>
@ -109,7 +109,7 @@
<para>This feature should only be required if you need to insert <para>This feature should only be required if you need to insert
rules in this file that preempt entries in <ulink rules in this file that preempt entries in <ulink
url="shorewall-nat.html">shorewall-nat</ulink>(5).</para> url="/manpages/shorewall-nat.html">shorewall-nat</ulink>(5).</para>
<para>Comments may be attached to Netfilter rules generated from <para>Comments may be attached to Netfilter rules generated from
entries in this file through the use of COMMENT lines. These lines entries in this file through the use of COMMENT lines. These lines
@ -174,7 +174,7 @@
<listitem> <listitem>
<para>If you specify an address here, SNAT will be used and this <para>If you specify an address here, SNAT will be used and this
will be the source address. If ADD_SNAT_ALIASES is set to Yes or yes will be the source address. If ADD_SNAT_ALIASES is set to Yes or yes
in <ulink url="shorewall.conf.html">shorewall.conf</ulink>(5) then in <ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) then
Shorewall will automatically add this address to the INTERFACE named Shorewall will automatically add this address to the INTERFACE named
in the first column.</para> in the first column.</para>
@ -679,7 +679,7 @@
</programlisting> </programlisting>
<para>If INLINE_MATCHES=Yes in <ulink <para>If INLINE_MATCHES=Yes in <ulink
url="shorewall.conf.html">shorewall.conf(5)</ulink>, then these url="/manpages/shorewall.conf.html">shorewall.conf(5)</ulink>, then these
rules may be specified as follows:</para> rules may be specified as follows:</para>
<programlisting>/etc/shorewall/masq: <programlisting>/etc/shorewall/masq:
@ -703,7 +703,7 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-exclusion(5), shorewall-hosts(5), shorewall-blacklist(5), shorewall-exclusion(5), shorewall-hosts(5),

View File

@ -32,7 +32,7 @@
<para>The <filename>modules</filename> file is used when <para>The <filename>modules</filename> file is used when
LOAD_HELPERS_ONLY=No in <ulink LOAD_HELPERS_ONLY=No in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(8); the url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(8); the
<filename>helpers</filename> file is used when <filename>helpers</filename> file is used when
LOAD_HELPERS_ONLY=Yes</para> LOAD_HELPERS_ONLY=Yes</para>
@ -50,7 +50,7 @@
<para>The <replaceable>modulename</replaceable> names a kernel module <para>The <replaceable>modulename</replaceable> names a kernel module
(without suffix). Shorewall will search for modules based on your (without suffix). Shorewall will search for modules based on your
MODULESDIR and MODULE_SUFFIX settings in <ulink MODULESDIR and MODULE_SUFFIX settings in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(8). The url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(8). The
<replaceable>moduleoption</replaceable>s are passed to modprobe (if <replaceable>moduleoption</replaceable>s are passed to modprobe (if
installed) or to insmod.</para> installed) or to insmod.</para>

View File

@ -29,9 +29,9 @@
<warning> <warning>
<para>If all you want to do is simple port forwarding, do NOT use this <para>If all you want to do is simple port forwarding, do NOT use this
file. See <ulink file. See <ulink
url="../FAQ.htm#faq1">http://www.shorewall.net/FAQ.htm#faq1</ulink>. url="/FAQ.htm#faq1">http://www.shorewall.net/FAQ.htm#faq1</ulink>.
Also, in many cases, Proxy ARP (<ulink Also, in many cases, Proxy ARP (<ulink
url="shorewall-proxyarp.html">shorewall-proxyarp</ulink>(5)) is a better url="/manpages/shorewall-proxyarp.html">shorewall-proxyarp</ulink>(5)) is a better
solution that one-to-one NAT.</para> solution that one-to-one NAT.</para>
</warning> </warning>
@ -72,7 +72,7 @@
<listitem> <listitem>
<para>Interfaces that have the <emphasis <para>Interfaces that have the <emphasis
role="bold">EXTERNAL</emphasis> address. If ADD_IP_ALIASES=Yes in role="bold">EXTERNAL</emphasis> address. If ADD_IP_ALIASES=Yes in
<ulink url="shorewall.conf.html">shorewall.conf</ulink>(5), <ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5),
Shorewall will automatically add the EXTERNAL address to this Shorewall will automatically add the EXTERNAL address to this
interface. Also if ADD_IP_ALIASES=Yes, you may follow the interface interface. Also if ADD_IP_ALIASES=Yes, you may follow the interface
name with ":" and a <emphasis>digit</emphasis> to indicate that you name with ":" and a <emphasis>digit</emphasis> to indicate that you
@ -83,12 +83,12 @@
</emphasis></para> </emphasis></para>
<para>Each interface must match an entry in <ulink <para>Each interface must match an entry in <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5). url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5).
Shorewall allows loose matches to wildcard entries in <ulink Shorewall allows loose matches to wildcard entries in <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5). For url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5). For
example, <filename class="devicefile">ppp0</filename> in this file example, <filename class="devicefile">ppp0</filename> in this file
will match a <ulink will match a <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5) url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
entry that defines <filename entry that defines <filename
class="devicefile">ppp+</filename>.</para> class="devicefile">ppp+</filename>.</para>
@ -143,10 +143,10 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/NAT.htm">http://shorewall.net/NAT.htm</ulink></para> url="/NAT.htm">http://www.shorewall.net/NAT.htm</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),

View File

@ -24,7 +24,7 @@
<refsect1> <refsect1>
<title>Description</title> <title>Description</title>
<para>In <ulink url="shorewall-zones.html">shorewall-zones</ulink>(5), a <para>In <ulink url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5), a
zone may be declared to be a sub-zone of one or more other zones using the zone may be declared to be a sub-zone of one or more other zones using the
above syntax. The <replaceable>child-zone</replaceable> may be neither the above syntax. The <replaceable>child-zone</replaceable> may be neither the
firewall zone nor a vserver zone. The firewall zone may not appear as a firewall zone nor a vserver zone. The firewall zone may not appear as a
@ -32,7 +32,7 @@
firewall zone.</para> firewall zone.</para>
<para>Where zones are nested, the CONTINUE policy in <ulink <para>Where zones are nested, the CONTINUE policy in <ulink
url="shorewall-policy.html">shorewall-policy</ulink>(5) allows hosts that url="/manpages/shorewall-policy.html">shorewall-policy</ulink>(5) allows hosts that
are within multiple zones to be managed under the rules of all of these are within multiple zones to be managed under the rules of all of these
zones.</para> zones.</para>
</refsect1> </refsect1>
@ -74,7 +74,7 @@
under rules where the source zone is net. It is important that this policy under rules where the source zone is net. It is important that this policy
be listed BEFORE the next policy (net to all). You can have this policy be listed BEFORE the next policy (net to all). You can have this policy
generated for you automatically by using the IMPLICIT_CONTINUE option in generated for you automatically by using the IMPLICIT_CONTINUE option in
<ulink url="shorewall.conf.html">shorewall.conf</ulink>(5).</para> <ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
<para>Partial <filename>/etc/shorewall/rules</filename>:</para> <para>Partial <filename>/etc/shorewall/rules</filename>:</para>

View File

@ -81,7 +81,7 @@
<listitem> <listitem>
<para>Network in CIDR format (e.g., 192.168.1.0/24). Beginning with <para>Network in CIDR format (e.g., 192.168.1.0/24). Beginning with
Shorewall 4.4.24, <ulink Shorewall 4.4.24, <ulink
url="shorewall-exclusion.html">exclusion</ulink> is url="/manpages/shorewall-exclusion.html">exclusion</ulink> is
supported.</para> supported.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -93,12 +93,12 @@
<listitem> <listitem>
<para>The name of a network interface. The interface must be defined <para>The name of a network interface. The interface must be defined
in <ulink in <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5). url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5).
Shorewall allows loose matches to wildcard entries in <ulink Shorewall allows loose matches to wildcard entries in <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5). For url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5). For
example, <filename class="devicefile">ppp0</filename> in this file example, <filename class="devicefile">ppp0</filename> in this file
will match a <ulink will match a <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(8) url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(8)
entry that defines <filename entry that defines <filename
class="devicefile">ppp+</filename>.</para> class="devicefile">ppp+</filename>.</para>
</listitem> </listitem>
@ -147,7 +147,7 @@
destination icmp-type(s). ICMP types may be specified as a numeric destination icmp-type(s). ICMP types may be specified as a numeric
type, a numeric type and code separated by a slash (e.g., 3/4), or type, a numeric type and code separated by a slash (e.g., 3/4), or
a typename. See <ulink a typename. See <ulink
url="http://www.shorewall.net/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.</para> url="/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.</para>
<para>If the protocol is <emphasis role="bold">ipp2p</emphasis>, <para>If the protocol is <emphasis role="bold">ipp2p</emphasis>,
this column is interpreted as an ipp2p option without the leading this column is interpreted as an ipp2p option without the leading
@ -189,10 +189,10 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/netmap.html">http://shorewall.net/netmap.html</ulink></para> url="/netmap.html">http://www.shorewall.net/netmap.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),

View File

@ -26,7 +26,7 @@
<para>Assign any shell variables that you need in this file. The file is <para>Assign any shell variables that you need in this file. The file is
always processed by <filename>/bin/sh</filename> or by the shell specified always processed by <filename>/bin/sh</filename> or by the shell specified
through SHOREWALL_SHELL in <ulink through SHOREWALL_SHELL in <ulink
url="shorewall.conf.html">shorewall.conf</ulink> (5) so the full range of url="/manpages/shorewall.conf.html">shorewall.conf</ulink> (5) so the full range of
shell capabilities may be used.</para> shell capabilities may be used.</para>
<para>It is suggested that variable names begin with an upper case letter <para>It is suggested that variable names begin with an upper case letter
@ -40,7 +40,7 @@
<simplelist> <simplelist>
<member><emphasis role="bold">Any option from <ulink <member><emphasis role="bold">Any option from <ulink
url="shorewall.conf.html">shorewall.conf</ulink> (5)</emphasis></member> url="/manpages/shorewall.conf.html">shorewall.conf</ulink> (5)</emphasis></member>
<member><emphasis role="bold">COMMAND</emphasis></member> <member><emphasis role="bold">COMMAND</emphasis></member>
@ -107,7 +107,7 @@ NET_BCAST=130.252.100.255
NET_OPTIONS=routefilter,norfc1918</programlisting> NET_OPTIONS=routefilter,norfc1918</programlisting>
<para>Example <ulink <para>Example <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5) url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
file.</para> file.</para>
<programlisting>ZONE INTERFACE BROADCAST OPTIONS <programlisting>ZONE INTERFACE BROADCAST OPTIONS
@ -129,7 +129,7 @@ net eth0 130.252.100.255 routefilter,norfc1918</programlisting>
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://www.shorewall.net/configuration_file_basics.htm#Variables?">http://www.shorewall.net/configuration_file_basics.htm#Variables</ulink></para> url="/configuration_file_basics.htm#Variables">http://www.shorewall.net/configuration_file_basics.htm#Variables</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),

View File

@ -25,7 +25,7 @@
<para>This file defines the high-level policy for connections between <para>This file defines the high-level policy for connections between
zones defined in <ulink zones defined in <ulink
url="shorewall-zones.html">shorewall-zones</ulink>(5).</para> url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5).</para>
<important> <important>
<para>The order of entries in this file is important</para> <para>The order of entries in this file is important</para>
@ -66,7 +66,7 @@
<listitem> <listitem>
<para>Source zone. Must be the name of a zone defined in <ulink <para>Source zone. Must be the name of a zone defined in <ulink
url="shorewall-zones.html">shorewall-zones</ulink>(5), $FW, "all" or url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5), $FW, "all" or
"all+".</para> "all+".</para>
<para>Support for "all+" was added in Shorewall 4.5.17. "all" does <para>Support for "all+" was added in Shorewall 4.5.17. "all" does
@ -84,7 +84,7 @@
<listitem> <listitem>
<para>Destination zone. Must be the name of a zone defined in <ulink <para>Destination zone. Must be the name of a zone defined in <ulink
url="shorewall-zones.html">shorewall-zones</ulink>(5), $FW, "all" or url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5), $FW, "all" or
"all+". If the DEST is a bport zone, then the SOURCE must be "all", "all+". If the DEST is a bport zone, then the SOURCE must be "all",
"all+", another bport zone associated with the same bridge, or it "all+", another bport zone associated with the same bridge, or it
must be an ipv4 zone that is associated with only the same must be an ipv4 zone that is associated with only the same
@ -118,7 +118,7 @@
<listitem> <listitem>
<para>The word "None" or "none". This causes any default action <para>The word "None" or "none". This causes any default action
defined in <ulink defined in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5) to be url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) to be
omitted for this policy.</para> omitted for this policy.</para>
</listitem> </listitem>
@ -191,7 +191,7 @@
might also match (where the source or destination zone in might also match (where the source or destination zone in
those rules is a superset of the SOURCE or DEST in this those rules is a superset of the SOURCE or DEST in this
policy). See <ulink policy). See <ulink
url="shorewall-nesting.html">shorewall-nesting</ulink>(5) for url="/manpages/shorewall-nesting.html">shorewall-nesting</ulink>(5) for
additional information.</para> additional information.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -231,7 +231,7 @@
url="http://www.netfilter.org/projects/ulogd/index.html">http://www.netfilter.org/projects/ulogd/index.html</ulink>).</para> url="http://www.netfilter.org/projects/ulogd/index.html">http://www.netfilter.org/projects/ulogd/index.html</ulink>).</para>
<para>For a description of log levels, see <ulink <para>For a description of log levels, see <ulink
url="http://www.shorewall.net/shorewall_logging.html.">http://www.shorewall.net/shorewall_logging.html.</ulink></para> url="/shorewall_logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.</para>
<para>If you don't want to log but need to specify the following <para>If you don't want to log but need to specify the following
column, place "-" here.</para> column, place "-" here.</para>
@ -327,7 +327,7 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),

View File

@ -77,11 +77,11 @@
<listitem> <listitem>
<para>A FWMARK <emphasis>value</emphasis> used in your <ulink <para>A FWMARK <emphasis>value</emphasis> used in your <ulink
url="shorewall-mangle.html">shorewall-mangle(5)</ulink> file to url="/manpages/shorewall-mangle.html">shorewall-mangle(5)</ulink> file to
direct packets to this provider.</para> direct packets to this provider.</para>
<para>If HIGH_ROUTE_MARKS=Yes in <ulink <para>If HIGH_ROUTE_MARKS=Yes in <ulink
url="shorewall.conf.html">shorewall.conf(5)</ulink>, then the value url="/manpages/shorewall.conf.html">shorewall.conf(5)</ulink>, then the value
must be a multiple of 256 between 256 and 65280 or their hexadecimal must be a multiple of 256 between 256 and 65280 or their hexadecimal
equivalents (0x0100 and 0xff00 with the low-order byte of the value equivalents (0x0100 and 0xff00 with the low-order byte of the value
being zero). Otherwise, the value must be between 1 and 255. Each being zero). Otherwise, the value must be between 1 and 255. Each
@ -101,7 +101,7 @@
previously listed provider. You may select only certain entries from previously listed provider. You may select only certain entries from
the table to copy by using the COPY column below. This column should the table to copy by using the COPY column below. This column should
contain a dash ("-') when USE_DEFAULT_RT=Yes in <ulink contain a dash ("-') when USE_DEFAULT_RT=Yes in <ulink
url="shorewall.conf.html">shorewall.conf(5)</ulink>.</para> url="/manpages/shorewall.conf.html">shorewall.conf(5)</ulink>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -112,7 +112,7 @@
<listitem> <listitem>
<para>The name of the network interface to the provider. Must be <para>The name of the network interface to the provider. Must be
listed in <ulink listed in <ulink
url="shorewall-interfaces.html">shorewall-interfaces(5)</ulink>. In url="/manpages/shorewall-interfaces.html">shorewall-interfaces(5)</ulink>. In
general, that interface should not have the general, that interface should not have the
<option>proxyarp</option> option specified unless <option>proxyarp</option> option specified unless
<option>loose</option> is given in the OPTIONS column of this <option>loose</option> is given in the OPTIONS column of this
@ -177,7 +177,7 @@
<para>Beginning with Shorewall 4.4.3, <option>track</option> <para>Beginning with Shorewall 4.4.3, <option>track</option>
defaults to the setting of the TRACK_PROVIDERS option in defaults to the setting of the TRACK_PROVIDERS option in
<ulink url="shorewall.conf.html">shorewall.conf</ulink> (5). <ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink> (5).
If you set TRACK_PROVIDERS=Yes and want to override that If you set TRACK_PROVIDERS=Yes and want to override that
setting for an individual provider, then specify setting for an individual provider, then specify
<option>notrack</option> (see below).</para> <option>notrack</option> (see below).</para>
@ -241,7 +241,7 @@
and configured with an IPv4 address then ignore this provider. and configured with an IPv4 address then ignore this provider.
If not specified, the value of the <option>optional</option> If not specified, the value of the <option>optional</option>
option for the INTERFACE in <ulink option for the INTERFACE in <ulink
url="shorewall-interfaces.html">shorewall-interfaces(5)</ulink> url="/manpages/shorewall-interfaces.html">shorewall-interfaces(5)</ulink>
is assumed. Use of that option is preferred to this one, is assumed. Use of that option is preferred to this one,
unless an <replaceable>address</replaceable> is provider in unless an <replaceable>address</replaceable> is provider in
the INTERFACE column.</para> the INTERFACE column.</para>
@ -300,7 +300,7 @@
<listitem> <listitem>
<para>Added in Shorewall 4.5.4. Used for supporting the TPROXY <para>Added in Shorewall 4.5.4. Used for supporting the TPROXY
action in shorewall-mangle(5). See <ulink action in shorewall-mangle(5). See <ulink
url="http://www.shorewall.net/Shorewall_Squid_Usage.html">http://www.shorewall.net/Shorewall_Squid_Usage.html</ulink>. url="/Shorewall_Squid_Usage.html">http://www.shorewall.net/Shorewall_Squid_Usage.html</ulink>.
When specified, the MARK, DUPLICATE and GATEWAY columns should When specified, the MARK, DUPLICATE and GATEWAY columns should
be empty, INTERFACE should be set to 'lo' and be empty, INTERFACE should be set to 'lo' and
<option>tproxy</option> should be the only OPTION. Only one <option>tproxy</option> should be the only OPTION. Only one
@ -416,10 +416,10 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/MultiISP.html">http://shorewall.net/MultiISP.html</ulink></para> url="/MultiISP.html">http://www.shorewall.net/MultiISP.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),

View File

@ -132,10 +132,10 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/ProxyARP.htm">http://shorewall.net/ProxyARP.htm</ulink></para> url="/ProxyARP.htm">http://www.shorewall.net/ProxyARP.htm</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),

View File

@ -34,7 +34,7 @@
<listitem> <listitem>
<para>The name or number of a provider defined in <ulink <para>The name or number of a provider defined in <ulink
url="shorewall-providers.html">shorewall-providers</ulink> (5). url="/manpages/shorewall-providers.html">shorewall-providers</ulink> (5).
Beginning with Shorewall 4.5.14, you may also enter Beginning with Shorewall 4.5.14, you may also enter
<option>main</option> in this column to add routes to the main <option>main</option> in this column to add routes to the main
routing table.</para> routing table.</para>
@ -73,7 +73,7 @@
<listitem> <listitem>
<para>Specifies the device route. If neither DEVICE nor GATEWAY is <para>Specifies the device route. If neither DEVICE nor GATEWAY is
given, then the INTERFACE specified for the PROVIDER in <ulink given, then the INTERFACE specified for the PROVIDER in <ulink
url="shorewall-providers.html">shorewall-providers</ulink> (5). This url="/manpages/shorewall-providers.html">shorewall-providers</ulink> (5). This
column must be omitted if <option>blackhole</option>, column must be omitted if <option>blackhole</option>,
<option>prohibit</option> or <option>unreachable</option> is <option>prohibit</option> or <option>unreachable</option> is
specified in the GATEWAY column.</para> specified in the GATEWAY column.</para>
@ -92,7 +92,7 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),

View File

@ -25,7 +25,7 @@
<title>Description</title> <title>Description</title>
<para>This file is deprecated in favor of the <ulink <para>This file is deprecated in favor of the <ulink
url="shorewall-stoppedrules.html">shorewall-stoppedrules</ulink>(5) url="/manpages/shorewall-stoppedrules.html">shorewall-stoppedrules</ulink>(5)
file.</para> file.</para>
<para>This file is used to define the hosts that are accessible when the <para>This file is used to define the hosts that are accessible when the
@ -84,7 +84,7 @@
themselves. Beginning with Shorewall 4.4.9, this option is themselves. Beginning with Shorewall 4.4.9, this option is
automatically set if <emphasis automatically set if <emphasis
role="bold">routeback</emphasis> is specified in <ulink role="bold">routeback</emphasis> is specified in <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink> url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>
(5) or if the rules compiler detects that the interface is a (5) or if the rules compiler detects that the interface is a
bridge.</para> bridge.</para>
</listitem> </listitem>
@ -176,7 +176,7 @@
<para>The <emphasis role="bold">source</emphasis> and <emphasis <para>The <emphasis role="bold">source</emphasis> and <emphasis
role="bold">dest</emphasis> options work best when used in conjunction role="bold">dest</emphasis> options work best when used in conjunction
with ADMINISABSENTMINDED=Yes in <ulink with ADMINISABSENTMINDED=Yes in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</note> </note>
</refsect1> </refsect1>
@ -210,10 +210,10 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/starting_and_stopping_shorewall.htm">http://shorewall.net/starting_and_stopping_shorewall.htm</ulink></para> url="/starting_and_stopping_shorewall.htm">http://www.shorewall.net/starting_and_stopping_shorewall.htm</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),

View File

@ -25,7 +25,7 @@
<para>Entries in this file cause traffic to be routed to one of the <para>Entries in this file cause traffic to be routed to one of the
providers listed in <ulink providers listed in <ulink
url="shorewall-providers.html">shorewall-providers</ulink>(5).</para> url="/manpages/shorewall-providers.html">shorewall-providers</ulink>(5).</para>
<para>The columns in the file are as follows.</para> <para>The columns in the file are as follows.</para>
@ -181,10 +181,10 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/MultiISP.html">http://shorewall.net/MultiISP.html</ulink></para> url="/MultiISP.html">http://www.shorewall.net/MultiISP.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),

View File

@ -25,7 +25,7 @@
<para>Entries in this file govern connection establishment by defining <para>Entries in this file govern connection establishment by defining
exceptions to the policies laid out in <ulink exceptions to the policies laid out in <ulink
url="shorewall-policy.html">shorewall-policy</ulink>(5). By default, url="/manpages/shorewall-policy.html">shorewall-policy</ulink>(5). By default,
subsequent requests and responses are automatically allowed using subsequent requests and responses are automatically allowed using
connection tracking. For any particular (source,dest) pair of zones, the connection tracking. For any particular (source,dest) pair of zones, the
rules are evaluated in the order in which they appear in this file and the rules are evaluated in the order in which they appear in this file and the
@ -87,7 +87,7 @@
<para>There is an implicit rule added at the end of this section <para>There is an implicit rule added at the end of this section
that invokes the RELATED_DISPOSITION (<ulink that invokes the RELATED_DISPOSITION (<ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5)).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -103,7 +103,7 @@
<para>There is an implicit rule added at the end of this section <para>There is an implicit rule added at the end of this section
that invokes the INVALID_DISPOSITION (<ulink that invokes the INVALID_DISPOSITION (<ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5)).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -119,7 +119,7 @@
<para>There is an implicit rule added at the end of this section <para>There is an implicit rule added at the end of this section
that invokes the UNTRACKED_DISPOSITION (<ulink that invokes the UNTRACKED_DISPOSITION (<ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5)).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -145,7 +145,7 @@
<warning> <warning>
<para>If you specify FASTACCEPT=Yes in <ulink <para>If you specify FASTACCEPT=Yes in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5) then the <emphasis url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) then the <emphasis
role="bold">ALL, ESTABLISHED</emphasis> and <emphasis role="bold">ALL, ESTABLISHED</emphasis> and <emphasis
role="bold">RELATED</emphasis> sections must be empty.</para> role="bold">RELATED</emphasis> sections must be empty.</para>
@ -224,7 +224,7 @@
<listitem> <listitem>
<para>like ACCEPT but exempts the rule from being suppressed <para>like ACCEPT but exempts the rule from being suppressed
by OPTIMIZE=1 in <ulink by OPTIMIZE=1 in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -234,7 +234,7 @@
<listitem> <listitem>
<para>The name of an <emphasis>action</emphasis> declared in <para>The name of an <emphasis>action</emphasis> declared in
<ulink <ulink
url="shorewall-actions.html">shorewall-actions</ulink>(5) or url="/manpages/shorewall-actions.html">shorewall-actions</ulink>(5) or
in /usr/share/shorewall/actions.std.</para> in /usr/share/shorewall/actions.std.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -329,11 +329,11 @@
<para>Do not process any of the following rules for this <para>Do not process any of the following rules for this
(source zone,destination zone). If the source and/or (source zone,destination zone). If the source and/or
destination IP address falls into a zone defined later in destination IP address falls into a zone defined later in
<ulink url="shorewall-zones.html">shorewall-zones</ulink>(5) <ulink url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5)
or in a parent zone of the source or destination zones, then or in a parent zone of the source or destination zones, then
this connection request will be passed to the rules defined this connection request will be passed to the rules defined
for that (those) zone(s). See <ulink for that (those) zone(s). See <ulink
url="shorewall-nesting.html">shorewall-nesting</ulink>(5) for url="/manpages/shorewall-nesting.html">shorewall-nesting</ulink>(5) for
additional information.</para> additional information.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -344,7 +344,7 @@
<listitem> <listitem>
<para>like CONTINUE but exempts the rule from being suppressed <para>like CONTINUE but exempts the rule from being suppressed
by OPTIMIZE=1 in <ulink by OPTIMIZE=1 in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -414,7 +414,7 @@
<listitem> <listitem>
<para>like DROP but exempts the rule from being suppressed by <para>like DROP but exempts the rule from being suppressed by
OPTIMIZE=1 in <ulink OPTIMIZE=1 in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -445,7 +445,7 @@
INLINE(ACCEPT)). Otherwise, you can include it after the INLINE(ACCEPT)). Otherwise, you can include it after the
semicolon. In this case, you must declare the target as a semicolon. In this case, you must declare the target as a
builtin action in <ulink builtin action in <ulink
url="shorewall-actions.html">shorewall-actions</ulink>(5).</para> url="/manpages/shorewall-actions.html">shorewall-actions</ulink>(5).</para>
<para>Some considerations when using INLINE:</para> <para>Some considerations when using INLINE:</para>
@ -490,7 +490,7 @@
<para>This error message may be eliminated by adding the <para>This error message may be eliminated by adding the
<replaceable>target</replaceable> as a builtin action in <replaceable>target</replaceable> as a builtin action in
<ulink <ulink
url="shorewall-actions.html">shorewall-actions(5)</ulink>.</para> url="/manpages/shorewall-actions.html">shorewall-actions</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -536,7 +536,7 @@
<para>Added in Shorewall 4.5.9.3. Queues matching packets to a <para>Added in Shorewall 4.5.9.3. Queues matching packets to a
back end logging daemon via a netlink socket then continues to back end logging daemon via a netlink socket then continues to
the next rule. See <ulink the next rule. See <ulink
url="http://www.shorewall.net/shorewall.logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.</para> url="/shorewall.logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.</para>
<para>Similar to<emphasis role="bold"> <para>Similar to<emphasis role="bold">
LOG:NFLOG</emphasis>[(<replaceable>nflog-parameters</replaceable>)], LOG:NFLOG</emphasis>[(<replaceable>nflog-parameters</replaceable>)],
@ -565,7 +565,7 @@
<listitem> <listitem>
<para>like NFQUEUE but exempts the rule from being suppressed <para>like NFQUEUE but exempts the rule from being suppressed
by OPTIMIZE=1 in <ulink by OPTIMIZE=1 in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -596,7 +596,7 @@
<listitem> <listitem>
<para>like QUEUE but exempts the rule from being suppressed by <para>like QUEUE but exempts the rule from being suppressed by
OPTIMIZE=1 in <ulink OPTIMIZE=1 in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -615,7 +615,7 @@
<listitem> <listitem>
<para>like REJECT but exempts the rule from being suppressed <para>like REJECT but exempts the rule from being suppressed
by OPTIMIZE=1 in <ulink by OPTIMIZE=1 in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -649,7 +649,7 @@
<para>Added in Shorewall 4.5.10. Queues matching packets to a <para>Added in Shorewall 4.5.10. Queues matching packets to a
back end logging daemon via a netlink socket then continues to back end logging daemon via a netlink socket then continues to
the next rule. See <ulink the next rule. See <ulink
url="http://www.shorewall.net/shorewall.logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.</para> url="/shorewall.logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.</para>
<para>Similar to<emphasis role="bold"> <para>Similar to<emphasis role="bold">
LOG:ULOG</emphasis>[(<replaceable>ulog-parameters</replaceable>)], LOG:ULOG</emphasis>[(<replaceable>ulog-parameters</replaceable>)],
@ -671,7 +671,7 @@
<para>If the <emphasis role="bold">ACTION</emphasis> names an <para>If the <emphasis role="bold">ACTION</emphasis> names an
<emphasis>action</emphasis> declared in <ulink <emphasis>action</emphasis> declared in <ulink
url="shorewall-actions.html">shorewall-actions</ulink>(5) or in url="/manpages/shorewall-actions.html">shorewall-actions</ulink>(5) or in
/usr/share/shorewall/actions.std then:</para> /usr/share/shorewall/actions.std then:</para>
<itemizedlist> <itemizedlist>
@ -702,7 +702,7 @@
<para>Actions specifying logging may be followed by a log tag (a <para>Actions specifying logging may be followed by a log tag (a
string of alphanumeric characters) which is appended to the string string of alphanumeric characters) which is appended to the string
generated by the LOGPREFIX (in <ulink generated by the LOGPREFIX (in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5)).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)).</para>
<para>Example: ACCEPT:info:ftp would include 'ftp ' at the end of <para>Example: ACCEPT:info:ftp would include 'ftp ' at the end of
the log prefix generated by the LOGPREFIX setting.</para> the log prefix generated by the LOGPREFIX setting.</para>
@ -732,7 +732,7 @@
<para>Beginning with Shorewall 4.4.13, you may use a <para>Beginning with Shorewall 4.4.13, you may use a
<replaceable>zone-list </replaceable>which consists of a <replaceable>zone-list </replaceable>which consists of a
comma-separated list of zones declared in <ulink comma-separated list of zones declared in <ulink
url="shorewall-zones.html">shorewall-zones</ulink> (5). This url="/manpages/shorewall-zones.html">shorewall-zones</ulink> (5). This
<replaceable>zone-list</replaceable> may be optionally followed by <replaceable>zone-list</replaceable> may be optionally followed by
"+" to indicate that the rule is to apply to intra-zone traffic as "+" to indicate that the rule is to apply to intra-zone traffic as
well as inter-zone traffic.</para> well as inter-zone traffic.</para>
@ -751,7 +751,7 @@
role="bold">-</emphasis>] is "used, intra-zone traffic is affected. role="bold">-</emphasis>] is "used, intra-zone traffic is affected.
Beginning with Shorewall 4.4.13, exclusion is supported -- see see Beginning with Shorewall 4.4.13, exclusion is supported -- see see
<ulink <ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5).</para> url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>(5).</para>
<para>Except when <emphasis role="bold">all</emphasis>[<emphasis <para>Except when <emphasis role="bold">all</emphasis>[<emphasis
role="bold">+</emphasis>][<emphasis role="bold">-</emphasis>] or role="bold">+</emphasis>][<emphasis role="bold">-</emphasis>] or
@ -791,7 +791,7 @@
firewall interface can be specified by an ampersand ('&amp;') firewall interface can be specified by an ampersand ('&amp;')
followed by the logical name of the interface as found in the followed by the logical name of the interface as found in the
INTERFACE column of <ulink INTERFACE column of <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink> url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>
(5).</para> (5).</para>
<para>Beginning with Shorewall 4.5.4, A <para>Beginning with Shorewall 4.5.4, A
@ -801,14 +801,14 @@
preceded by a caret ('^'). When a single country code is given, the preceded by a caret ('^'). When a single country code is given, the
square brackets may be omitted. A list of country codes supported by square brackets may be omitted. A list of country codes supported by
Shorewall may be found at <ulink Shorewall may be found at <ulink
url="http://www.shorewall.net/ISO-3661.html">http://www.shorewall.net/ISO-3661.html</ulink>. url="/ISO-3661.html">http://www.shorewall.net/ISO-3661.html</ulink>.
Specifying a <replaceable>countrycode-list</replaceable> requires Specifying a <replaceable>countrycode-list</replaceable> requires
<firstterm>GeoIP Match</firstterm> support in your iptables and <firstterm>GeoIP Match</firstterm> support in your iptables and
Kernel.</para> Kernel.</para>
<para>You may exclude certain hosts from the set already defined <para>You may exclude certain hosts from the set already defined
through use of an <emphasis>exclusion</emphasis> (see <ulink through use of an <emphasis>exclusion</emphasis> (see <ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para> url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para>
<para>Examples:</para> <para>Examples:</para>
@ -906,7 +906,7 @@
<listitem> <listitem>
<para>Location of Server. May be a zone declared in <ulink <para>Location of Server. May be a zone declared in <ulink
url="shorewall-zones.html">shorewall-zones</ulink>(5), $<emphasis url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5), $<emphasis
role="bold">FW</emphasis> to indicate the firewall itself, <emphasis role="bold">FW</emphasis> to indicate the firewall itself, <emphasis
role="bold">all</emphasis>. <emphasis role="bold">all+</emphasis> or role="bold">all</emphasis>. <emphasis role="bold">all+</emphasis> or
<emphasis role="bold">none</emphasis>.</para> <emphasis role="bold">none</emphasis>.</para>
@ -914,7 +914,7 @@
<para>Beginning with Shorewall 4.4.13, you may use a <para>Beginning with Shorewall 4.4.13, you may use a
<replaceable>zone-list </replaceable>which consists of a <replaceable>zone-list </replaceable>which consists of a
comma-separated list of zones declared in <ulink comma-separated list of zones declared in <ulink
url="shorewall-zones.html">shorewall-zones</ulink> (5). This url="/manpages/shorewall-zones.html">shorewall-zones</ulink> (5). This
<replaceable>zone-list</replaceable> may be optionally followed by <replaceable>zone-list</replaceable> may be optionally followed by
"+" to indicate that the rule is to apply to intra-zone traffic as "+" to indicate that the rule is to apply to intra-zone traffic as
well as inter-zone traffic.</para> well as inter-zone traffic.</para>
@ -926,7 +926,7 @@
preceded by a caret ('^'). When a single country code is given, the preceded by a caret ('^'). When a single country code is given, the
square brackets may be omitted. A list of country codes supported by square brackets may be omitted. A list of country codes supported by
Shorewall may be found at <ulink Shorewall may be found at <ulink
url="http://www.shorewall.net/ISO-3661.html">http://www.shorewall.net/ISO-3661.html</ulink>. url="/ISO-3661.html">http://www.shorewall.net/ISO-3661.html</ulink>.
Specifying a <replaceable>countrycode-list</replaceable> requires Specifying a <replaceable>countrycode-list</replaceable> requires
<firstterm>GeoIP Match</firstterm> support in your iptables and <firstterm>GeoIP Match</firstterm> support in your iptables and
Kernel.</para> Kernel.</para>
@ -941,7 +941,7 @@
affected. When <emphasis role="bold">all+</emphasis> is used, affected. When <emphasis role="bold">all+</emphasis> is used,
intra-zone traffic is affected. Beginning with Shorewall 4.4.13, intra-zone traffic is affected. Beginning with Shorewall 4.4.13,
exclusion is supported -- see see <ulink exclusion is supported -- see see <ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5).</para> url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>(5).</para>
<para><emphasis role="bold">any</emphasis> is equivalent to <para><emphasis role="bold">any</emphasis> is equivalent to
<emphasis role="bold">all</emphasis> when there are no nested zones. <emphasis role="bold">all</emphasis> when there are no nested zones.
@ -976,7 +976,7 @@
<para>You may exclude certain hosts from the set already defined <para>You may exclude certain hosts from the set already defined
through use of an <emphasis>exclusion</emphasis> (see <ulink through use of an <emphasis>exclusion</emphasis> (see <ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para> url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para>
<para>Restriction: MAC addresses are not allowed (this is a <para>Restriction: MAC addresses are not allowed (this is a
Netfilter restriction).</para> Netfilter restriction).</para>
@ -1002,7 +1002,7 @@
firewall interface can be specified by an ampersand ('&amp;') firewall interface can be specified by an ampersand ('&amp;')
followed by the logical name of the interface as found in the followed by the logical name of the interface as found in the
INTERFACE column of <ulink INTERFACE column of <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink> url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>
(5).</para> (5).</para>
<para>The <replaceable>port</replaceable> that the server is <para>The <replaceable>port</replaceable> that the server is
@ -1079,7 +1079,7 @@
interpreted as the destination icmp-type(s). ICMP types may be interpreted as the destination icmp-type(s). ICMP types may be
specified as a numeric type, a numeric type and code separated by a specified as a numeric type, a numeric type and code separated by a
slash (e.g., 3/4), or a typename. See <ulink slash (e.g., 3/4), or a typename. See <ulink
url="http://www.shorewall.net/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>. url="/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.
Note that prior to Shorewall 4.4.19, only a single ICMP type may be Note that prior to Shorewall 4.4.19, only a single ICMP type may be
listed.</para> listed.</para>
@ -1176,7 +1176,7 @@
firewall interface can be specified by an ampersand ('&amp;') firewall interface can be specified by an ampersand ('&amp;')
followed by the logical name of the interface as found in the followed by the logical name of the interface as found in the
INTERFACE column of <ulink INTERFACE column of <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink> url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>
(5).</para> (5).</para>
<para>For other actions, this column may be included and may contain <para>For other actions, this column may be included and may contain
@ -1194,10 +1194,10 @@
role="bold">192.168.1.0/24!192.168.1.16/28</emphasis> specifies the role="bold">192.168.1.0/24!192.168.1.16/28</emphasis> specifies the
addresses 192.168.1.0-182.168.1.15 and 192.168.1.32-192.168.1.255. addresses 192.168.1.0-182.168.1.15 and 192.168.1.32-192.168.1.255.
See <ulink See <ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5).</para> url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>(5).</para>
<para>See <ulink <para>See <ulink
url="../PortKnocking.html">http://shorewall.net/PortKnocking.html</ulink> url="/PortKnocking.html">http://www.shorewall.net/PortKnocking.html</ulink>
for an example of using an entry in this column with a user-defined for an example of using an entry in this column with a user-defined
action rule.</para> action rule.</para>
</listitem> </listitem>
@ -1567,7 +1567,7 @@
</simplelist> </simplelist>
<para>If the HELPERS option is specified in <ulink <para>If the HELPERS option is specified in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5), then any module url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5), then any module
specified in this column must be listed in the HELPERS specified in this column must be listed in the HELPERS
setting.</para> setting.</para>
</listitem> </listitem>
@ -1696,21 +1696,21 @@
example:</para> example:</para>
<para><ulink <para><ulink
url="shorewall-zones.html">shorewall-zones</ulink>(8):<programlisting> #ZONE TYPE OPTIONS url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5):<programlisting> #ZONE TYPE OPTIONS
fw firewall fw firewall
net ipv4 net ipv4
dmz ipv4 dmz ipv4
loc ipv4</programlisting></para> loc ipv4</programlisting></para>
<para><ulink <para><ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(8):<programlisting> #ZONE INTERFACE BROADCAST OPTIONS url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5):<programlisting> #ZONE INTERFACE BROADCAST OPTIONS
net ppp0 net ppp0
loc eth1 detect loc eth1 detect
dmz eth2 detect dmz eth2 detect
- ppp+ # Addresses are assigned from 192.168.3.0/24</programlisting></para> - ppp+ # Addresses are assigned from 192.168.3.0/24</programlisting></para>
<para><ulink <para><ulink
url="shorewall-hosts.html">shorewall-host</ulink>(8):<programlisting> #ZONE HOST(S) OPTIONS url="/manpages/shorewall-hosts.html">shorewall-host</ulink>(5):<programlisting> #ZONE HOST(S) OPTIONS
loc ppp+:192.168.3.0/24</programlisting></para> loc ppp+:192.168.3.0/24</programlisting></para>
<para>rules:</para> <para>rules:</para>
@ -1806,7 +1806,7 @@
<programlisting> -A fw2net -p 6 -m mickey-mouse --name test -m set --match-set set1 src -m mickey-mouse --name test2 -j SECCTX --name test3</programlisting> <programlisting> -A fw2net -p 6 -m mickey-mouse --name test -m set --match-set set1 src -m mickey-mouse --name test2 -j SECCTX --name test3</programlisting>
<para>Note that SECCTX must be defined as a builtin action in <ulink <para>Note that SECCTX must be defined as a builtin action in <ulink
url="shorewall-actions.html">shorewall-actions</ulink>(5):</para> url="/manpages/shorewall-actions.html">shorewall-actions</ulink>(5):</para>
<programlisting> #ACTION OPTIONS <programlisting> #ACTION OPTIONS
SECCTX builtin</programlisting> SECCTX builtin</programlisting>
@ -1825,13 +1825,13 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://www.shorewall.net/ipsets.html">http://www.shorewall.net/ipsets.html</ulink></para> url="/ipsets.html">http://www.shorewall.net/ipsets.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para><ulink <para><ulink
url="http://www.shorewall.net/shorewall_logging.html">http://www.shorewall.net/shorewall_logging.html</ulink></para> url="/shorewall_logging.html">http://www.shorewall.net/shorewall_logging.html</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-blrules(5), shorewall-hosts(5), shorewall-blacklist(5), shorewall-blrules(5), shorewall-hosts(5),

View File

@ -25,7 +25,7 @@
<important> <important>
<para>Unlike rules in the <ulink <para>Unlike rules in the <ulink
url="shorewall-rules.html">shorewall-rules</ulink>(5) file, evaluation url="/manpages/shorewall-rules.html">shorewall-rules</ulink>(5) file, evaluation
of rules in this file will continue after a match. So the final secmark of rules in this file will continue after a match. So the final secmark
for each packet will be the one assigned by the LAST rule that for each packet will be the one assigned by the LAST rule that
matches.</para> matches.</para>
@ -182,7 +182,7 @@
<para>You may exclude certain hosts from the set already defined <para>You may exclude certain hosts from the set already defined
through use of an <emphasis>exclusion</emphasis> (see <ulink through use of an <emphasis>exclusion</emphasis> (see <ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para> url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para>
<para>Addresses may be specified using an ipset name preceded by <para>Addresses may be specified using an ipset name preceded by
'+'.</para> '+'.</para>
@ -213,7 +213,7 @@
<para>You may exclude certain hosts from the set already defined <para>You may exclude certain hosts from the set already defined
through use of an <emphasis>exclusion</emphasis> (see <ulink through use of an <emphasis>exclusion</emphasis> (see <ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para> url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para>
<para>Addresses may be specified using an ipset name preceded by <para>Addresses may be specified using an ipset name preceded by
'+'.</para> '+'.</para>
@ -251,7 +251,7 @@
destination icmp-type(s). ICMP types may be specified as a numeric destination icmp-type(s). ICMP types may be specified as a numeric
type, a numeric type and code separated by a slash (e.g., 3/4), or type, a numeric type and code separated by a slash (e.g., 3/4), or
a typename. See <ulink a typename. See <ulink
url="http://www.shorewall.net/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.</para> url="/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.</para>
<para>If the protocol is <emphasis role="bold">ipp2p</emphasis>, <para>If the protocol is <emphasis role="bold">ipp2p</emphasis>,
this column is interpreted as an ipp2p option without the leading this column is interpreted as an ipp2p option without the leading
@ -411,7 +411,7 @@ RESTORE I:ER</programlisting>
url="http://james-morris.livejournal.com/11010.html">http://james-morris.livejournal.com/11010.html</ulink></para> url="http://james-morris.livejournal.com/11010.html">http://james-morris.livejournal.com/11010.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),

View File

@ -147,10 +147,10 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/starting_and_stopping_shorewall.htm">http://shorewall.net/starting_and_stopping_shorewall.htm</ulink></para> url="/starting_and_stopping_shorewall.htm">http://www.shorewall.net/starting_and_stopping_shorewall.htm</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),

View File

@ -125,7 +125,7 @@
<para>You may specify the interface number rather than the interface <para>You may specify the interface number rather than the interface
name. If the <emphasis role="bold">classify</emphasis> option is name. If the <emphasis role="bold">classify</emphasis> option is
given for the interface in <ulink given for the interface in <ulink
url="shorewall-tcdevices.html">shorewall-tcdevices</ulink>(5), then url="/manpages/shorewall-tcdevices.html">shorewall-tcdevices</ulink>(5), then
you must also specify an interface class (an integer that must be you must also specify an interface class (an integer that must be
unique within classes associated with this interface). If the unique within classes associated with this interface). If the
classify option is not given, you may still specify a classify option is not given, you may still specify a
@ -139,12 +139,12 @@
<para>Please note that you can only use interface names in here that <para>Please note that you can only use interface names in here that
have a bandwidth defined in the <ulink have a bandwidth defined in the <ulink
url="shorewall-tcdevices.html">shorewall-tcdevices</ulink>(5) url="/manpages/shorewall-tcdevices.html">shorewall-tcdevices</ulink>(5)
file.</para> file.</para>
<para>Normally, all classes defined here are sub-classes of a root <para>Normally, all classes defined here are sub-classes of a root
class that is implicitly defined from the entry in <ulink class that is implicitly defined from the entry in <ulink
url="shorewall-tcdevices.html">shorewall-tcdevices</ulink>(5). You url="/manpages/shorewall-tcdevices.html">shorewall-tcdevices</ulink>(5). You
can establish a class hierarchy by specifying a can establish a class hierarchy by specifying a
<emphasis>parent</emphasis> class -- the number of a class that you <emphasis>parent</emphasis> class -- the number of a class that you
have previously defined. The sub-class may borrow unused bandwidth have previously defined. The sub-class may borrow unused bandwidth
@ -159,11 +159,11 @@
<listitem> <listitem>
<para>The mark <emphasis>value</emphasis> which is an integer in the <para>The mark <emphasis>value</emphasis> which is an integer in the
range 1-255. You set mark values in the <ulink range 1-255. You set mark values in the <ulink
url="shorewall-mangle.html">shorewall-mangle</ulink>(5) file, url="/manpages/shorewall-mangle.html">shorewall-mangle</ulink>(5) file,
marking the traffic you want to fit in the classes defined in here. marking the traffic you want to fit in the classes defined in here.
Must be specified as '-' if the <emphasis Must be specified as '-' if the <emphasis
role="bold">classify</emphasis> option is given for the interface in role="bold">classify</emphasis> option is given for the interface in
<ulink url="shorewall-tcdevices.html">shorewall-tcdevices</ulink>(5) <ulink url="/manpages/shorewall-tcdevices.html">shorewall-tcdevices</ulink>(5)
and you are running Shorewall 4.5.5 or earlier.</para> and you are running Shorewall 4.5.5 or earlier.</para>
<para>You can use the same marks for different interfaces.</para> <para>You can use the same marks for different interfaces.</para>
@ -417,7 +417,7 @@
of the class. So the total RATE represented by an entry with of the class. So the total RATE represented by an entry with
'occurs' will be the listed RATE multiplied by 'occurs' will be the listed RATE multiplied by
<emphasis>number</emphasis>. For additional information, see <emphasis>number</emphasis>. For additional information, see
<ulink url="shorewall-mangle.html">tcrules</ulink> <ulink url="/manpages/shorewall-tcrules.html">shorewall-tcrules</ulink>
(5).</para> (5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -762,10 +762,10 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para> url="/traffic_shaping.htm">http://www.shorewall.net/traffic_shaping.htm</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>tc-hfsc(7)</para> <para>tc-hfsc(7)</para>

View File

@ -104,7 +104,7 @@
<para>Name of <emphasis>interface</emphasis>. Each interface may be <para>Name of <emphasis>interface</emphasis>. Each interface may be
listed only once in this file. You may NOT specify the name of an listed only once in this file. You may NOT specify the name of an
alias (e.g., eth0:0) here; see <ulink alias (e.g., eth0:0) here; see <ulink
url="http://www.shorewall.net/FAQ.htm#faq18">http://www.shorewall.net/FAQ.htm#faq18</ulink></para> url="/FAQ.htm#faq18">http://www.shorewall.net/FAQ.htm#faq18</ulink></para>
<para>You may NOT specify wildcards here, e.g. if you have multiple <para>You may NOT specify wildcards here, e.g. if you have multiple
ppp interfaces, you need to put them all in here!</para> ppp interfaces, you need to put them all in here!</para>
@ -151,7 +151,7 @@
may be configured instead. Rate-estimated filters should be used may be configured instead. Rate-estimated filters should be used
with Ethernet adapters that have Generic Receive Offload enabled by with Ethernet adapters that have Generic Receive Offload enabled by
default. See <ulink default. See <ulink
url="http://www.shorewall.net/FAQ.htm#faq97a">Shorewall FAQ url="/FAQ.htm#faq97a">Shorewall FAQ
97a</ulink>.</para> 97a</ulink>.</para>
<para>To create a rate-estimated filter, precede the bandwidth with <para>To create a rate-estimated filter, precede the bandwidth with
@ -171,7 +171,7 @@
<para>The outgoing <emphasis>bandwidth</emphasis> of that interface. <para>The outgoing <emphasis>bandwidth</emphasis> of that interface.
This is the maximum speed your connection can handle. It is also the This is the maximum speed your connection can handle. It is also the
speed you can refer as "full" if you define the tc classes in <ulink speed you can refer as "full" if you define the tc classes in <ulink
url="shorewall-tcclasses.html">shorewall-tcclasses</ulink>(5). url="/manpages/shorewall-tcclasses.html">shorewall-tcclasses</ulink>(5).
Outgoing traffic above this rate will be dropped.</para> Outgoing traffic above this rate will be dropped.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -195,7 +195,7 @@
<para><option>classify</option> ― When specified, Shorewall will not <para><option>classify</option> ― When specified, Shorewall will not
generate tc or Netfilter rules to classify traffic based on packet generate tc or Netfilter rules to classify traffic based on packet
marks. You must do all classification using CLASSIFY rules in <ulink marks. You must do all classification using CLASSIFY rules in <ulink
url="shorewall-mangle.html">shorewall-mangle</ulink>(5).</para> url="/manpages/shorewall-mangle.html">shorewall-mangle</ulink>(5).</para>
<para><option>htb</option> - Use the <firstterm>Hierarchical Token <para><option>htb</option> - Use the <firstterm>Hierarchical Token
Bucket</firstterm> queuing discipline. This is the default.</para> Bucket</firstterm> queuing discipline. This is the default.</para>
@ -283,10 +283,10 @@
<para>tc-hfsc (7)</para> <para>tc-hfsc (7)</para>
<para><ulink <para><ulink
url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para> url="/traffic_shaping.htm">http://www.shorewall.net/traffic_shaping.htm</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para><ulink <para><ulink
url="http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt</ulink></para> url="http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt</ulink></para>

View File

@ -70,10 +70,10 @@
<listitem> <listitem>
<para>The name or number of an <returnvalue>interface</returnvalue> <para>The name or number of an <returnvalue>interface</returnvalue>
defined in <ulink defined in <ulink
url="shorewall-tcdevices.html">shorewall-tcdevices</ulink>(5) url="/manpages/shorewall-tcdevices.html">shorewall-tcdevices</ulink>(5)
followed by a <replaceable>class</replaceable> number defined for followed by a <replaceable>class</replaceable> number defined for
that interface in <ulink that interface in <ulink
url="shorewall-tcclasses.html">shorewall-tcclasses</ulink>(5).</para> url="/manpages/shorewall-tcclasses.html">shorewall-tcclasses</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -99,7 +99,7 @@
<para>You may exclude certain hosts from the set already defined <para>You may exclude certain hosts from the set already defined
through use of an <emphasis>exclusion</emphasis> (see <ulink through use of an <emphasis>exclusion</emphasis> (see <ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para> url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -318,16 +318,16 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para> url="/traffic_shaping.htm">http://www.shorewall.net/traffic_shaping.htm</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/MultiISP.html">http://shorewall.net/MultiISP.html</ulink></para> url="/MultiISP.html">http://www.shorewall.net/MultiISP.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/PacketMarking.html">http://shorewall.net/PacketMarking.html</ulink></para> url="/PacketMarking.html">http://www.shorewall.net/PacketMarking.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-ecn(5), shorewall-exclusion(5), shorewall-blacklist(5), shorewall-ecn(5), shorewall-exclusion(5),

View File

@ -25,7 +25,7 @@
<para>This file lists the interfaces that are subject to simple traffic <para>This file lists the interfaces that are subject to simple traffic
shaping. Simple traffic shaping is enabled by setting TC_ENABLED=Simple in shaping. Simple traffic shaping is enabled by setting TC_ENABLED=Simple in
<ulink url="shorewall.conf.html">shorewall.conf</ulink>(5).</para> <ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
<para>A note on the <emphasis>bandwidth</emphasis> definition used in this <para>A note on the <emphasis>bandwidth</emphasis> definition used in this
file:</para> file:</para>
@ -162,7 +162,7 @@
may be configured instead. Rate-estimated filters should be used may be configured instead. Rate-estimated filters should be used
with Ethernet adapters that have Generic Receive Offload enabled by with Ethernet adapters that have Generic Receive Offload enabled by
default. See <ulink default. See <ulink
url="http://www.shorewall.net/FAQ.htm#faq97a">Shorewall FAQ url="/FAQ.htm#faq97a">Shorewall FAQ
97a</ulink>.</para> 97a</ulink>.</para>
<para>To create a rate-estimated filter, precede the bandwidth with <para>To create a rate-estimated filter, precede the bandwidth with

View File

@ -25,12 +25,12 @@
<para>This file is used to specify the priority of traffic for simple <para>This file is used to specify the priority of traffic for simple
traffic shaping (TC_ENABLED=Simple in <ulink traffic shaping (TC_ENABLED=Simple in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5)). The priority band of url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)). The priority band of
each packet is determined by the <emphasis role="bold">last</emphasis> each packet is determined by the <emphasis role="bold">last</emphasis>
entry that the packet matches. If a packet doesn't match any entry in this entry that the packet matches. If a packet doesn't match any entry in this
file, then its priority will be determined by its TOS field. The default file, then its priority will be determined by its TOS field. The default
mapping is as follows but can be changed by setting the TC_PRIOMAP option mapping is as follows but can be changed by setting the TC_PRIOMAP option
in <ulink url="shorewall.conf.html">shorewall.conf</ulink>(5).</para> in <ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
<programlisting>TOS Bits Means Linux Priority BAND <programlisting>TOS Bits Means Linux Priority BAND
------------------------------------------------------------ ------------------------------------------------------------
@ -63,7 +63,7 @@
<para>Classifies matching traffic as High Priority (1), Medium <para>Classifies matching traffic as High Priority (1), Medium
Priority (2) or Low Priority (3). For those interfaces listed in Priority (2) or Low Priority (3). For those interfaces listed in
<ulink <ulink
url="shorewall-tcinterfaces.html">shorewall-tcinterfaces</ulink>(5), url="/manpages/shorewall-tcinterfaces.html">shorewall-tcinterfaces</ulink>(5),
Priority 2 traffic will be deferred so long and there is Priority 1 Priority 2 traffic will be deferred so long and there is Priority 1
traffic queued and Priority 3 traffic will be deferred so long as traffic queued and Priority 3 traffic will be deferred so long as
there is Priority 1 or Priority 2 traffic to send.</para> there is Priority 1 or Priority 2 traffic to send.</para>
@ -151,7 +151,7 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>prio(8), shorewall(8), shorewall-accounting(5), <para>prio(8), shorewall(8), shorewall-accounting(5),
shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5),

View File

@ -28,14 +28,14 @@
<important> <important>
<para>Unlike rules in the <ulink <para>Unlike rules in the <ulink
url="shorewall-rules.html">shorewall-rules</ulink>(5) file, evaluation url="/manpages/shorewall-rules.html">shorewall-rules</ulink>(5) file, evaluation
of rules in this file will continue after a match. So the final mark for of rules in this file will continue after a match. So the final mark for
each packet will be the one assigned by the LAST tcrule that each packet will be the one assigned by the LAST tcrule that
matches.</para> matches.</para>
<para>If you use multiple internet providers with the 'track' option, in <para>If you use multiple internet providers with the 'track' option, in
/etc/shorewall/providers be sure to read the restrictions at <ulink /etc/shorewall/providers be sure to read the restrictions at <ulink
url="http://shorewall.net/MultiISP.html">http://shorewall.net/MultiISP.html</ulink>.</para> url="/MultiISP.html">http://www.shorewall.net/MultiISP.html</ulink>.</para>
</important> </important>
<para>Beginning with Shorewall 4.5.4, the tcrules file supports two <para>Beginning with Shorewall 4.5.4, the tcrules file supports two
@ -123,7 +123,7 @@
<para>- Otherwise, the chain is determined by the setting of <para>- Otherwise, the chain is determined by the setting of
MARK_IN_FORWARD_CHAIN in <ulink MARK_IN_FORWARD_CHAIN in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
<para>Please note that <emphasis role="bold">:I</emphasis> is <para>Please note that <emphasis role="bold">:I</emphasis> is
included for completeness and affects neither traffic shaping included for completeness and affects neither traffic shaping
@ -203,7 +203,7 @@
then the assigned mark values are 0x200, 0x300 and 0x400 in then the assigned mark values are 0x200, 0x300 and 0x400 in
equal proportions. If no mask is specified, then ( 2 ** equal proportions. If no mask is specified, then ( 2 **
MASK_BITS ) - 1 is assumed (MASK_BITS is set in <ulink MASK_BITS ) - 1 is assumed (MASK_BITS is set in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5)).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)).</para>
<para>May optionally be followed by <emphasis <para>May optionally be followed by <emphasis
role="bold">:P</emphasis>, <emphasis role="bold">:P</emphasis>, <emphasis
@ -231,7 +231,7 @@
<para>- Otherwise, the chain is determined by the setting of <para>- Otherwise, the chain is determined by the setting of
MARK_IN_FORWARD_CHAIN in <ulink MARK_IN_FORWARD_CHAIN in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
<para>Please note that <emphasis role="bold">:I</emphasis> is <para>Please note that <emphasis role="bold">:I</emphasis> is
included for completeness and affects neither traffic shaping included for completeness and affects neither traffic shaping
@ -311,11 +311,11 @@
<para>When using Shorewall's built-in traffic shaping tool, the <para>When using Shorewall's built-in traffic shaping tool, the
<emphasis>major</emphasis> class is the device number (the first <emphasis>major</emphasis> class is the device number (the first
device in <ulink device in <ulink
url="shorewall-tcdevices.html">shorewall-tcdevices</ulink>(5) is url="/manpages/shorewall-tcdevices.html">shorewall-tcdevices</ulink>(5) is
major class 1, the second device is major class 2, and so on) major class 1, the second device is major class 2, and so on)
and the <emphasis>minor</emphasis> class is the class's MARK and the <emphasis>minor</emphasis> class is the class's MARK
value in <ulink value in <ulink
url="shorewall-tcclasses.html">shorewall-tcclasses</ulink>(5) url="/manpages/shorewall-tcclasses.html">shorewall-tcclasses</ulink>(5)
preceded by the number 1 (MARK 1 corresponds to minor class 11, preceded by the number 1 (MARK 1 corresponds to minor class 11,
MARK 5 corresponds to minor class 15, MARK 22 corresponds to MARK 5 corresponds to minor class 15, MARK 22 corresponds to
minor class 122, etc.).</para> minor class 122, etc.).</para>
@ -487,7 +487,7 @@
[<replaceable>option</replaceable>] ...") after any matches [<replaceable>option</replaceable>] ...") after any matches
specified at the end of the rule. If the target is not one known specified at the end of the rule. If the target is not one known
to Shorewall, then it must be defined as a builtin action in to Shorewall, then it must be defined as a builtin action in
<ulink url="shorewall-actions.html">shorewall-actions</ulink> <ulink url="/manpages/shorewall-actions.html">shorewall-actions</ulink>
(5).</para> (5).</para>
<para>The following rules are equivalent:</para> <para>The following rules are equivalent:</para>
@ -500,7 +500,7 @@ INLINE eth0 - ; -p tcp -j MARK --set-mark
</programlisting> </programlisting>
<para>If INLINE_MATCHES=Yes in <ulink <para>If INLINE_MATCHES=Yes in <ulink
url="shorewall.conf.html">shorewall6.conf(5)</ulink> then the url="/manpages/shorewall.conf.html">shorewall.conf(5)</ulink> then the
third rule above can be specified as follows:</para> third rule above can be specified as follows:</para>
<programlisting>2:P eth0 - ; -p tcp</programlisting> <programlisting>2:P eth0 - ; -p tcp</programlisting>
@ -724,7 +724,7 @@ Normal-Service =&gt; 0x00</programlisting>
<para>Transparently redirects a packet without altering the IP <para>Transparently redirects a packet without altering the IP
header. Requires a local provider to be defined in <ulink header. Requires a local provider to be defined in <ulink
url="shorewall-providers.html">shorewall-providers</ulink>(5).</para> url="/manpages/shorewall-providers.html">shorewall-providers</ulink>(5).</para>
<para>There are three parameters to TPROXY - only the first <para>There are three parameters to TPROXY - only the first
(mark) is required:</para> (mark) is required:</para>
@ -733,7 +733,7 @@ Normal-Service =&gt; 0x00</programlisting>
<listitem> <listitem>
<para><replaceable>mark</replaceable> - the MARK value <para><replaceable>mark</replaceable> - the MARK value
corresponding to the local provider in <ulink corresponding to the local provider in <ulink
url="shorewall-providers.html">shorewall-providers</ulink>(5).</para> url="/manpages/shorewall-providers.html">shorewall-providers</ulink>(5).</para>
</listitem> </listitem>
<listitem> <listitem>
@ -758,7 +758,7 @@ Normal-Service =&gt; 0x00</programlisting>
<para>Transparently redirects a packet without altering the IP <para>Transparently redirects a packet without altering the IP
header. Requires a tproxy provider to be defined in <ulink header. Requires a tproxy provider to be defined in <ulink
url="shorewall-providers.html">shorewall-providers</ulink>(5).</para> url="/manpages/shorewall-providers.html">shorewall-providers</ulink>(5).</para>
<para>There are three parameters to TPROXY - neither is <para>There are three parameters to TPROXY - neither is
required:</para> required:</para>
@ -862,7 +862,7 @@ Normal-Service =&gt; 0x00</programlisting>
<para>You may exclude certain hosts from the set already defined <para>You may exclude certain hosts from the set already defined
through use of an <emphasis>exclusion</emphasis> (see <ulink through use of an <emphasis>exclusion</emphasis> (see <ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para> url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -879,7 +879,7 @@ Normal-Service =&gt; 0x00</programlisting>
<para>An interface name. May not be used in the PREROUTING chain <para>An interface name. May not be used in the PREROUTING chain
(:P in the mark column or no chain qualifier and (:P in the mark column or no chain qualifier and
MARK_IN_FORWARD_CHAIN=No in <ulink MARK_IN_FORWARD_CHAIN=No in <ulink
url="manpages/shorewall.conf">shorewall.conf</ulink> (5)). The url="/manpages/shorewall.conf">shorewall.conf</ulink> (5)). The
interface name may be optionally followed by a colon (":") and interface name may be optionally followed by a colon (":") and
an IP address list.</para> an IP address list.</para>
</listitem> </listitem>
@ -899,7 +899,7 @@ Normal-Service =&gt; 0x00</programlisting>
<para>You may exclude certain hosts from the set already defined <para>You may exclude certain hosts from the set already defined
through use of an <emphasis>exclusion</emphasis> (see <ulink through use of an <emphasis>exclusion</emphasis> (see <ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para> url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -934,7 +934,7 @@ Normal-Service =&gt; 0x00</programlisting>
destination icmp-type(s). ICMP types may be specified as a numeric destination icmp-type(s). ICMP types may be specified as a numeric
type, a numeric type and code separated by a slash (e.g., 3/4), or a type, a numeric type and code separated by a slash (e.g., 3/4), or a
typename. See <ulink typename. See <ulink
url="http://www.shorewall.net/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.</para> url="/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.</para>
<para>If the protocol is <emphasis role="bold">ipp2p</emphasis>, <para>If the protocol is <emphasis role="bold">ipp2p</emphasis>,
this column is interpreted as an ipp2p option without the leading this column is interpreted as an ipp2p option without the leading
@ -1317,16 +1317,16 @@ Normal-Service =&gt; 0x00</programlisting>
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para> url="/traffic_shaping.htm">http://www.shorewall.net/traffic_shaping.htm</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/MultiISP.html">http://shorewall.net/MultiISP.html</ulink></para> url="/MultiISP.html">http://www.shorewall.net/MultiISP.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/PacketMarking.html">http://shorewall.net/PacketMarking.html</ulink></para> url="/PacketMarking.html">http://www.shorewall.net/PacketMarking.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-ecn(5), shorewall-exclusion(5), shorewall-blacklist(5), shorewall-ecn(5), shorewall-exclusion(5),

View File

@ -25,7 +25,7 @@
<para>This file defines rules for setting Type Of Service (TOS). Its use <para>This file defines rules for setting Type Of Service (TOS). Its use
is deprecated, beginning in Shorewall 4.5.1, in favor of the TOS target in is deprecated, beginning in Shorewall 4.5.1, in favor of the TOS target in
<ulink url="shorewall-mangle.html">shorewall-mangle</ulink> (5).</para> <ulink url="/manpages/shorewall-mangle.html">shorewall-mangle</ulink> (5).</para>
<para>The columns in the file are as follows (where the column name is <para>The columns in the file are as follows (where the column name is
followed by a different name in parentheses, the different name is used in followed by a different name in parentheses, the different name is used in
@ -167,7 +167,7 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),

View File

@ -27,7 +27,7 @@
encrypted) traffic to pass between the Shorewall system and a remote encrypted) traffic to pass between the Shorewall system and a remote
gateway. Traffic flowing through the tunnel is handled using the normal gateway. Traffic flowing through the tunnel is handled using the normal
zone/policy/rule mechanism. See <ulink zone/policy/rule mechanism. See <ulink
url="http://www.shorewall.net/VPNBasics.html">http://www.shorewall.net/VPNBasics.html</ulink> url="/VPNBasics.html">http://www.shorewall.net/VPNBasics.html</ulink>
for details.</para> for details.</para>
<para>The columns in the file are as follows.</para> <para>The columns in the file are as follows.</para>
@ -143,7 +143,7 @@
<para>Beginning with Shorewall 4.5.3, a list of addresses or ranges <para>Beginning with Shorewall 4.5.3, a list of addresses or ranges
may be given. Exclusion (<ulink may be given. Exclusion (<ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink> (5) ) is url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink> (5) ) is
not supported.</para> not supported.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -281,7 +281,7 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),

View File

@ -45,14 +45,14 @@
"none", "any", "SOURCE" and "DEST" are reserved and may not be used "none", "any", "SOURCE" and "DEST" are reserved and may not be used
as zone names. The maximum length of a zone name is determined by as zone names. The maximum length of a zone name is determined by
the setting of the LOGFORMAT option in <ulink the setting of the LOGFORMAT option in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5). With the url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). With the
default LOGFORMAT, zone names can be at most 5 characters default LOGFORMAT, zone names can be at most 5 characters
long.</para> long.</para>
<blockquote> <blockquote>
<para>The maximum length of an iptables log prefix is 29 bytes. As <para>The maximum length of an iptables log prefix is 29 bytes. As
explained in <ulink explained in <ulink
url="shorewall.conf.html">shorewall.conf</ulink> (5), the default url="/manpages/shorewall.conf.html">shorewall.conf</ulink> (5), the default
LOGPREFIX formatting string is “Shorewall:%s:%s:” where the first LOGPREFIX formatting string is “Shorewall:%s:%s:” where the first
%s is replaced by the chain name and the second is replaced by the %s is replaced by the chain name and the second is replaced by the
disposition.</para> disposition.</para>
@ -97,7 +97,7 @@
(sub)zone name by ":" and a comma-separated list of the parent (sub)zone name by ":" and a comma-separated list of the parent
zones. The parent zones must have been declared in earlier records zones. The parent zones must have been declared in earlier records
in this file. See <ulink in this file. See <ulink
url="shorewall-nesting.html">shorewall-nesting</ulink>(5) for url="/manpages/shorewall-nesting.html">shorewall-nesting</ulink>(5) for
additional information.</para> additional information.</para>
<para>Example:</para> <para>Example:</para>
@ -110,7 +110,7 @@ c:a,b ipv4</programlisting>
<para>Currently, Shorewall uses this information to reorder the zone <para>Currently, Shorewall uses this information to reorder the zone
list so that parent zones appear after their subzones in the list. list so that parent zones appear after their subzones in the list.
The IMPLICIT_CONTINUE option in <ulink The IMPLICIT_CONTINUE option in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5) can also create url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) can also create
implicit CONTINUE policies to/from the subzone.</para> implicit CONTINUE policies to/from the subzone.</para>
<para>Where an <emphasis role="bold">ipsec</emphasis> zone is <para>Where an <emphasis role="bold">ipsec</emphasis> zone is
@ -137,7 +137,7 @@ c:a,b ipv4</programlisting>
the column. Communication with some zone hosts may be the column. Communication with some zone hosts may be
encrypted. Encrypted hosts are designated using the 'ipsec' encrypted. Encrypted hosts are designated using the 'ipsec'
option in <ulink option in <ulink
url="shorewall-hosts.html">shorewall-hosts</ulink>(5).</para> url="/manpages/shorewall-hosts.html">shorewall-hosts</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -180,7 +180,7 @@ c:a,b ipv4</programlisting>
<listitem> <listitem>
<para>Added in Shorewall 4.4.11 Beta 2 - A zone composed of <para>Added in Shorewall 4.4.11 Beta 2 - A zone composed of
Linux-vserver guests. The zone contents must be defined in Linux-vserver guests. The zone contents must be defined in
<ulink url="shorewall-hosts.html">shorewall-hosts</ulink> <ulink url="/manpages/shorewall-hosts.html">shorewall-hosts</ulink>
(5).</para> (5).</para>
<para>Vserver zones are implicitly handled as subzones of the <para>Vserver zones are implicitly handled as subzones of the
@ -208,7 +208,7 @@ c:a,b ipv4</programlisting>
$FW rules are defined, they are placed in a chain named $FW rules are defined, they are placed in a chain named
${FW}2${F2} or ${FW}-${FW} (e.g., 'fw2fw' or 'fw-fw' ) ${FW}2${F2} or ${FW}-${FW} (e.g., 'fw2fw' or 'fw-fw' )
depending on the ZONE2ZONE setting in <ulink depending on the ZONE2ZONE setting in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</listitem> </listitem>
<listitem> <listitem>
@ -290,12 +290,12 @@ c:a,b ipv4</programlisting>
<para>When specified in the IN_OPTIONS column, causes all <para>When specified in the IN_OPTIONS column, causes all
traffic from this zone to be passed against the <emphasis traffic from this zone to be passed against the <emphasis
role="bold">src</emphasis> entries in <ulink role="bold">src</emphasis> entries in <ulink
url="shorewall-blacklist.html">shorewall-blacklist</ulink>(5).</para> url="/manpages/shorewall-blacklist.html">shorewall-blacklist</ulink>(5).</para>
<para>When specified in the OUT_OPTIONS column, causes all <para>When specified in the OUT_OPTIONS column, causes all
traffic to this zone to be passed against the <emphasis traffic to this zone to be passed against the <emphasis
role="bold">dst</emphasis> entries in s<ulink role="bold">dst</emphasis> entries in s<ulink
url="shorewall-blacklist.html">horewall-blacklist</ulink>(5).</para> url="/manpages/shorewall-blacklist.html">horewall-blacklist</ulink>(5).</para>
<para>Specifying this option in the OPTIONS column is <para>Specifying this option in the OPTIONS column is
equivalent to entering it in both of the IN_OPTIONS and equivalent to entering it in both of the IN_OPTIONS and
@ -310,7 +310,7 @@ c:a,b ipv4</programlisting>
<para>Added in Shorewall 4.5.9. May only be specified in the <para>Added in Shorewall 4.5.9. May only be specified in the
OPTIONS column and indicates that only a single ipset should OPTIONS column and indicates that only a single ipset should
be created for this zone if it has multiple dynamic entries in be created for this zone if it has multiple dynamic entries in
<ulink url="shorewall-hosts.html">shorewall-hosts</ulink>(5). <ulink url="/manpages/shorewall-hosts.html">shorewall-hosts</ulink>(5).
Without this option, a separate ipset is created for each Without this option, a separate ipset is created for each
interface.</para> interface.</para>
</listitem> </listitem>
@ -354,7 +354,7 @@ c:a,b ipv4</programlisting>
<listitem> <listitem>
<para>sets the MSS field in TCP packets. If you supply this <para>sets the MSS field in TCP packets. If you supply this
option, you should also set FASTACCEPT=No in <ulink option, you should also set FASTACCEPT=No in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5) to insure url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) to insure
that both the SYN and SYN,ACK packets have their MSS field that both the SYN and SYN,ACK packets have their MSS field
adjusted.</para> adjusted.</para>
</listitem> </listitem>
@ -427,10 +427,10 @@ c:a,b ipv4</programlisting>
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://www.shorewall.net/Multiple_Zones.html">http://www.shorewall.net/Multiple_Zones.html</ulink>.</para> url="/Multiple_Zones.html">http://www.shorewall.net/Multiple_Zones.html</ulink>.</para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),

View File

@ -183,7 +183,7 @@
<para>If you set the value of either option to "None" then no <para>If you set the value of either option to "None" then no
default action will be used and the default action or macro must be default action will be used and the default action or macro must be
specified in <ulink specified in <ulink
url="shorewall-policy.html">shorewall-policy</ulink>(5).</para> url="/manpages/shorewall-policy.html">shorewall-policy</ulink>(5).</para>
<para>You can pass <replaceable>parameters</replaceable> to the <para>You can pass <replaceable>parameters</replaceable> to the
specified action (e.g., specified action (e.g.,
@ -204,7 +204,7 @@
<listitem> <listitem>
<para>Added in Shorewall 4.4.7. If set to Yes, Shorewall accounting <para>Added in Shorewall 4.4.7. If set to Yes, Shorewall accounting
is enabled (see <ulink is enabled (see <ulink
url="shorewall-accounting.html">shorewall-accounting</ulink>(5)). If url="/manpages/shorewall-accounting.html">shorewall-accounting</ulink>(5)). If
not specified or set to the empty value, ACCOUNTING=Yes is not specified or set to the empty value, ACCOUNTING=Yes is
assumed.</para> assumed.</para>
</listitem> </listitem>
@ -219,7 +219,7 @@
<para>Added in Shorewall 4.4.20. This setting determines which <para>Added in Shorewall 4.4.20. This setting determines which
Netfilter table the accounting rules are added in. By default, Netfilter table the accounting rules are added in. By default,
ACCOUNTING_TABLE=filter is assumed. See also <ulink ACCOUNTING_TABLE=filter is assumed. See also <ulink
url="shorewall-accounting.html">shorewall-accounting</ulink>(5).</para> url="/manpages/shorewall-accounting.html">shorewall-accounting</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -230,7 +230,7 @@
<listitem> <listitem>
<para>This parameter determines whether Shorewall automatically adds <para>This parameter determines whether Shorewall automatically adds
the external address(es) in <ulink the external address(es) in <ulink
url="shorewall-nat.html">shorewall-nat</ulink>(5). If the variable url="/manpages/shorewall-nat.html">shorewall-nat</ulink>(5). If the variable
is set to <emphasis role="bold">Yes</emphasis> or <emphasis is set to <emphasis role="bold">Yes</emphasis> or <emphasis
role="bold">yes</emphasis> then Shorewall automatically adds these role="bold">yes</emphasis> then Shorewall automatically adds these
aliases. If it is set to <emphasis role="bold">No</emphasis> or aliases. If it is set to <emphasis role="bold">No</emphasis> or
@ -256,7 +256,7 @@
<listitem> <listitem>
<para>This parameter determines whether Shorewall automatically adds <para>This parameter determines whether Shorewall automatically adds
the SNAT ADDRESS in <ulink the SNAT ADDRESS in <ulink
url="shorewall-masq.html">shorewall-masq</ulink>(5). If the variable url="/manpages/shorewall-masq.html">shorewall-masq</ulink>(5). If the variable
is set to <emphasis role="bold">Yes</emphasis> or <emphasis is set to <emphasis role="bold">Yes</emphasis> or <emphasis
role="bold">yes</emphasis> then Shorewall automatically adds these role="bold">yes</emphasis> then Shorewall automatically adds these
addresses. If it is set to <emphasis role="bold">No</emphasis> or addresses. If it is set to <emphasis role="bold">No</emphasis> or
@ -283,10 +283,10 @@
<para>The value of this variable affects Shorewall's stopped state. <para>The value of this variable affects Shorewall's stopped state.
When ADMINISABSENTMINDED=No, only traffic to/from those addresses When ADMINISABSENTMINDED=No, only traffic to/from those addresses
listed in <ulink listed in <ulink
url="shorewall-routestopped.html">shorewall-routestopped</ulink>(5) url="/manpages/shorewall-routestopped.html">shorewall-routestopped</ulink>(5)
is accepted when Shorewall is stopped. When ADMINISABSENTMINDED=Yes, is accepted when Shorewall is stopped. When ADMINISABSENTMINDED=Yes,
in addition to traffic to/from addresses in <ulink in addition to traffic to/from addresses in <ulink
url="shorewall-routestopped.html">shorewall-routestopped</ulink>(5), url="/manpages/shorewall-routestopped.html">shorewall-routestopped</ulink>(5),
connections that were active when Shorewall stopped continue to work connections that were active when Shorewall stopped continue to work
and all new connections from the firewall system itself are allowed. and all new connections from the firewall system itself are allowed.
If this variable is not set or is given the empty value then If this variable is not set or is given the empty value then
@ -350,13 +350,13 @@
<orderedlist numeration="loweralpha"> <orderedlist numeration="loweralpha">
<listitem> <listitem>
<para>Modify <ulink <para>Modify <ulink
url="shorewall-conntrack.html">shorewall-conntrack</ulink> url="/manpages/shorewall-conntrack.html">shorewall-conntrack</ulink>
(5) to only apply helpers where they are required; or</para> (5) to only apply helpers where they are required; or</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Specify the appropriate helper in the HELPER column in <para>Specify the appropriate helper in the HELPER column in
<ulink url="shorewall-rules.html">shorewall-rules</ulink> <ulink url="/manpages/shorewall-rules.html">shorewall-rules</ulink>
(5).</para> (5).</para>
<note> <note>
@ -427,10 +427,10 @@
<para>The BLACKLIST_DISPOSITION setting has no effect on entries in <para>The BLACKLIST_DISPOSITION setting has no effect on entries in
the BLACKLIST section of <ulink the BLACKLIST section of <ulink
url="shorewall-rules.html">shorewall-rules</ulink> (5). It url="/manpages/shorewall-rules.html">shorewall-rules</ulink> (5). It
determines the disposition of packets sent to the <emphasis determines the disposition of packets sent to the <emphasis
role="bold">blacklog</emphasis> target of <ulink role="bold">blacklog</emphasis> target of <ulink
url="shorewall-blrules.html">shorewall-blrules </ulink>(5).</para> url="/manpages/shorewall-blrules.html">shorewall-blrules </ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -447,7 +447,7 @@
hosts are not logged. The setting determines the log level of hosts are not logged. The setting determines the log level of
packets sent to the <emphasis role="bold">blacklog</emphasis> target packets sent to the <emphasis role="bold">blacklog</emphasis> target
of <ulink of <ulink
url="shorewall-blrules.html">shorewall-blrules</ulink>(5).</para> url="/manpages/shorewall-blrules.html">shorewall-blrules</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -463,9 +463,9 @@
role="bold">yes</emphasis>, blacklists are only consulted for new role="bold">yes</emphasis>, blacklists are only consulted for new
connections and for packets in the INVALID connection state (such as connections and for packets in the INVALID connection state (such as
TCP SYN,ACK when there has been no corresponding SYN). That includes TCP SYN,ACK when there has been no corresponding SYN). That includes
entries in the <ulink url="???">shorewall-blrules</ulink> (5) file entries in the <ulink url="/manpages/shorewall-blrules.html">shorewall-blrules</ulink> (5) file
and in the BLACKLIST section of <ulink and in the BLACKLIST section of <ulink
url="shorewall-rules.html">shorewall-rules</ulink> (5).</para> url="/manpages/shorewall-rules.html">shorewall-rules</ulink> (5).</para>
<para>When set to <emphasis role="bold">No</emphasis> or <emphasis <para>When set to <emphasis role="bold">No</emphasis> or <emphasis
role="bold">no</emphasis>, blacklists are consulted for every packet role="bold">no</emphasis>, blacklists are consulted for every packet
@ -534,7 +534,7 @@
/etc/shorewall/tcstart file. That way, your traffic shaping rules /etc/shorewall/tcstart file. That way, your traffic shaping rules
can still use the “fwmark” classifier based on packet marking can still use the “fwmark” classifier based on packet marking
defined in <ulink defined in <ulink
url="shorewall-tcrules.html">shorewall-tcrules</ulink>(5). If not url="/manpages/shorewall-tcrules.html">shorewall-tcrules</ulink>(5). If not
specified, CLEAR_TC=Yes is assumed.</para> specified, CLEAR_TC=Yes is assumed.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -669,7 +669,7 @@
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>Install, configure and start <ulink <para>Install, configure and start <ulink
url="../IPv6Support.html">Shorewall6</ulink>.</para> url="/IPv6Support.html">Shorewall6</ulink>.</para>
</listitem> </listitem>
<listitem> <listitem>
@ -789,7 +789,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
are accepted early in the INPUT, FORWARD and OUTPUT chains. If you are accepted early in the INPUT, FORWARD and OUTPUT chains. If you
set FASTACCEPT=Yes then you may not include rules in the ESTABLISHED set FASTACCEPT=Yes then you may not include rules in the ESTABLISHED
or RELATED sections of <ulink or RELATED sections of <ulink
url="shorewall-rules.html">shorewall-rules</ulink>(5).</para> url="/manpages/shorewall-rules.html">shorewall-rules</ulink>(5).</para>
<note> <note>
<para>FASTACCEPT=Yes is incompatible with <para>FASTACCEPT=Yes is incompatible with
@ -820,7 +820,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<para>Added in Shorewall 4.5.4. Specifies the pathname of the <para>Added in Shorewall 4.5.4. Specifies the pathname of the
directory containing the <firstterm>GeoIP Match</firstterm> directory containing the <firstterm>GeoIP Match</firstterm>
database. See <ulink database. See <ulink
url="http://www.shorewall.net/ISO-3661.html">http://www.shorewall.net/ISO-3661.html</ulink>. url="/ISO-3661.html">http://www.shorewall.net/ISO-3661.html</ulink>.
If not specified, the default value is If not specified, the default value is
<filename>/usr/share/xt_geoip/LE</filename> which is the default <filename>/usr/share/xt_geoip/LE</filename> which is the default
location of the little-endian database.</para> location of the little-endian database.</para>
@ -907,7 +907,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<para>Prior to version 3.2.0, it was not possible to use connection <para>Prior to version 3.2.0, it was not possible to use connection
marking in <ulink marking in <ulink
url="shorewall-tcrules.html">shorewall-tcrules</ulink>(5) if you had url="/manpages/shorewall-tcrules.html">shorewall-tcrules</ulink>(5) if you had
a multi-ISP configuration that uses the track option.</para> a multi-ISP configuration that uses the track option.</para>
<para>You may set HIGH_ROUTE_MARKS=Yes in to effectively divide the <para>You may set HIGH_ROUTE_MARKS=Yes in to effectively divide the
@ -990,11 +990,11 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<para>Subzones are defined by following their name with ":" and a <para>Subzones are defined by following their name with ":" and a
list of parent zones (in <ulink list of parent zones (in <ulink
url="shorewall-zones.html">shorewall-zones</ulink>(5)). Normally, url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5)). Normally,
you want to have a set of special rules for the subzone and if a you want to have a set of special rules for the subzone and if a
connection doesn't match any of those subzone-specific rules then connection doesn't match any of those subzone-specific rules then
you want the parent zone rules and policies to be applied; see you want the parent zone rules and policies to be applied; see
<ulink url="shorewall-nesting.html">shorewall-nesting</ulink>(5). <ulink url="/manpages/shorewall-nesting.html">shorewall-nesting</ulink>(5).
With IMPLICIT_CONTINUE=Yes, that happens automatically.</para> With IMPLICIT_CONTINUE=Yes, that happens automatically.</para>
<para>If IMPLICIT_CONTINUE=No or if IMPLICIT_CONTINUE is not set, <para>If IMPLICIT_CONTINUE=No or if IMPLICIT_CONTINUE is not set,
@ -1011,9 +1011,9 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<listitem> <listitem>
<para>Added in Shorewall 4.6.0. Traditionally in <ulink <para>Added in Shorewall 4.6.0. Traditionally in <ulink
url="shorewall6-rules.html">shorewall-rules(5)</ulink>, a semicolon url="/manpages/shorewall-rules.html">shorewall-rules</ulink>(5), a semicolon
separates column-oriented specifications on the left from <ulink separates column-oriented specifications on the left from <ulink
url="http://www.shorewall.net/configuration_file_basics.htm#Pairs">alternative url="/configuration_file_basics.htm#Pairs">alternative
specificaitons</ulink> on the right.. When INLINE_MATCHES=Yes is specificaitons</ulink> on the right.. When INLINE_MATCHES=Yes is
specified, the specifications on the right are interpreted as if specified, the specifications on the right are interpreted as if
INLINE had been specified in the ACTION column. If not specified or INLINE had been specified in the ACTION column. If not specified or
@ -1029,7 +1029,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<listitem> <listitem>
<para>Added in Shorewall 4.5.13. Shorewall has traditionally passed <para>Added in Shorewall 4.5.13. Shorewall has traditionally passed
INVALID packets through the NEW section of <ulink INVALID packets through the NEW section of <ulink
url="shorewall-rules.html">shorewall-rules</ulink> (5). When a url="/manpages/shorewall-rules.html">shorewall-rules</ulink> (5). When a
packet in INVALID state fails to match any rule in the INVALID packet in INVALID state fails to match any rule in the INVALID
section, the packet is disposed of based on this setting. The section, the packet is disposed of based on this setting. The
default value is CONTINUE for compatibility with earlier default value is CONTINUE for compatibility with earlier
@ -1044,7 +1044,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<listitem> <listitem>
<para>Added in Shorewall 4.5.13. Packets in the INVALID state that <para>Added in Shorewall 4.5.13. Packets in the INVALID state that
do not match any rule in the INVALID section of <ulink do not match any rule in the INVALID section of <ulink
url="manpages/shorewall-rules.html">shorewall-rules</ulink> (5) are url="/manpages/shorewall-rules.html">shorewall-rules</ulink> (5) are
logged at this level. The default value is empty which means no logged at this level. The default value is empty which means no
logging is performed.</para> logging is performed.</para>
</listitem> </listitem>
@ -1117,7 +1117,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<listitem> <listitem>
<para>This option indicates that zone-related ipsec information is <para>This option indicates that zone-related ipsec information is
found in the zones file (<ulink found in the zones file (<ulink
url="shorewall-zones.html">shorewall-zones</ulink>(5)). The option url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5)). The option
indicates to the compiler that this is not a legacy configuration indicates to the compiler that this is not a legacy configuration
where the ipsec information was contained in a separate file. The where the ipsec information was contained in a separate file. The
value of this option must not be changed and the option must not be value of this option must not be changed and the option must not be
@ -1255,7 +1255,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
you do not enable martian logging for all interfaces, you may still you do not enable martian logging for all interfaces, you may still
enable it for individual interfaces using the <emphasis enable it for individual interfaces using the <emphasis
role="bold">logmartians</emphasis> interface option in <ulink role="bold">logmartians</emphasis> interface option in <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5).</para> url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5).</para>
<para>The value <emphasis role="bold">Keep</emphasis> causes <para>The value <emphasis role="bold">Keep</emphasis> causes
Shorewall to ignore the option. If the option is set to <emphasis Shorewall to ignore the option. If the option is set to <emphasis
@ -1263,7 +1263,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
interfaces. If the option is set to <emphasis interfaces. If the option is set to <emphasis
role="bold">No</emphasis>, then martian logging is disabled on all role="bold">No</emphasis>, then martian logging is disabled on all
interfaces except those specified in <ulink interfaces except those specified in <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5).</para> url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1351,7 +1351,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
log</emphasis>, and <emphasis role="bold">hits</emphasis> commands. log</emphasis>, and <emphasis role="bold">hits</emphasis> commands.
If not assigned or if assigned an empty value, /var/log/messages is If not assigned or if assigned an empty value, /var/log/messages is
assumed. For further information, see <ulink assumed. For further information, see <ulink
url="http://www.shorewall.net/shorewall_logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.</para> url="/shorewall_logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1378,7 +1378,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<note> <note>
<para>The setting of LOGFORMAT has an effect of the permitted <para>The setting of LOGFORMAT has an effect of the permitted
length of zone names. See <ulink length of zone names. See <ulink
url="shorewall-zones.html">shorewall-zones</ulink> (5).</para> url="/manpages/shorewall-zones.html">shorewall-zones</ulink> (5).</para>
</note> </note>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1546,9 +1546,9 @@ LOG:info:,bar net fw</programlisting>
<listitem> <listitem>
<para>The performance of configurations with a large numbers of <para>The performance of configurations with a large numbers of
entries in <ulink entries in <ulink
url="shorewall-maclist.html">shorewall-maclist</ulink>(5) can be url="/manpages/shorewall-maclist.html">shorewall-maclist</ulink>(5) can be
improved by setting the MACLIST_TTL variable in <ulink improved by setting the MACLIST_TTL variable in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
<para>If your iptables and kernel support the "Recent Match" (see <para>If your iptables and kernel support the "Recent Match" (see
the output of "shorewall check" near the top), you can cache the the output of "shorewall check" near the top), you can cache the
@ -1557,7 +1557,7 @@ LOG:info:,bar net fw</programlisting>
<para>When a new connection arrives from a 'maclist' interface, the <para>When a new connection arrives from a 'maclist' interface, the
packet passes through then list of entries for that interface in packet passes through then list of entries for that interface in
<ulink url="shorewall-maclist.html">shorewall-maclist</ulink>(5). If <ulink url="/manpages/shorewall-maclist.html">shorewall-maclist</ulink>(5). If
there is a match then the source IP address is added to the 'Recent' there is a match then the source IP address is added to the 'Recent'
set for that interface. Subsequent connection attempts from that IP set for that interface. Subsequent connection attempts from that IP
address occurring within $MACLIST_TTL seconds will be accepted address occurring within $MACLIST_TTL seconds will be accepted
@ -1763,7 +1763,7 @@ LOG:info:,bar net fw</programlisting>
<para>When combined with route filtering (ROUTE_FILTER=Yes or <para>When combined with route filtering (ROUTE_FILTER=Yes or
<option>routefilter</option> in <ulink <option>routefilter</option> in <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5)), url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5)),
this option ensures that packets with an RFC1918 source address are this option ensures that packets with an RFC1918 source address are
only accepted from interfaces having known routes to networks using only accepted from interfaces having known routes to networks using
such addresses.</para> such addresses.</para>
@ -1772,7 +1772,7 @@ LOG:info:,bar net fw</programlisting>
<option>blackhole</option>, <option>unreachable</option> or <option>blackhole</option>, <option>unreachable</option> or
<option>prohibit</option> to set the type of route to be created. <option>prohibit</option> to set the type of route to be created.
See <ulink See <ulink
url="http://www.shorewall.net/MultiISP.html#null_routing">http://www.shorewall.net/MultiISP.html#null_routing</ulink>.</para> url="/MultiISP.html#null_routing">http://www.shorewall.net/MultiISP.html#null_routing</ulink>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1794,7 +1794,7 @@ LOG:info:,bar net fw</programlisting>
<listitem> <listitem>
<para>Optimization category 1 - Traditionally, Shorewall has <para>Optimization category 1 - Traditionally, Shorewall has
created rules for <ulink created rules for <ulink
url="../ScalabilityAndPerformance.html">the complete matrix of url="/ScalabilityAndPerformance.html">the complete matrix of
host groups defined by the zones, interfaces and hosts host groups defined by the zones, interfaces and hosts
files</ulink>. Any traffic that didn't correspond to an element files</ulink>. Any traffic that didn't correspond to an element
of that matrix was rejected in one of the built-in chains. When of that matrix was rejected in one of the built-in chains. When
@ -2104,7 +2104,7 @@ LOG:info:,bar net fw</programlisting>
<listitem> <listitem>
<para>Added in Shorewall 4.4.27. Shorewall has traditionally <para>Added in Shorewall 4.4.27. Shorewall has traditionally
ACCEPTed RELATED packets that don't match any rule in the RELATED ACCEPTed RELATED packets that don't match any rule in the RELATED
section of <ulink url="shorewall-rules.html">shorewall-rules</ulink> section of <ulink url="/manpages/shorewall-rules.html">shorewall-rules</ulink>
(5). Concern about the safety of this practice resulted in the (5). Concern about the safety of this practice resulted in the
addition of this option. When a packet in RELATED state fails to addition of this option. When a packet in RELATED state fails to
match any rule in the RELATED section, the packet is disposed of match any rule in the RELATED section, the packet is disposed of
@ -2120,7 +2120,7 @@ LOG:info:,bar net fw</programlisting>
<listitem> <listitem>
<para>Added in Shorewall 4.4.27. Packets in the related state that <para>Added in Shorewall 4.4.27. Packets in the related state that
do not match any rule in the RELATED section of <ulink do not match any rule in the RELATED section of <ulink
url="shorewall-rules.html">shorewall-rules</ulink> (5) are logged at url="/manpages/shorewall-rules.html">shorewall-rules</ulink> (5) are logged at
this level. The default value is empty which means no logging is this level. The default value is empty which means no logging is
performed.</para> performed.</para>
</listitem> </listitem>
@ -2203,7 +2203,7 @@ INLINE - - - ; -j REJECT
<para>Added in Shorewall 4.4.10. The default is No. If set to Yes, <para>Added in Shorewall 4.4.10. The default is No. If set to Yes,
at least one optional interface must be up in order for the firewall at least one optional interface must be up in order for the firewall
to be in the started state. Intended to be used with the <ulink to be in the started state. Intended to be used with the <ulink
url="shorewall-init.html">Shorewall Init Package</ulink>.</para> url="/manpages/shorewall-init.html">Shorewall Init Package</ulink>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -2266,8 +2266,8 @@ INLINE - - - ; -j REJECT
<para>During <emphasis role="bold">shorewall star</emphasis>t, IP <para>During <emphasis role="bold">shorewall star</emphasis>t, IP
addresses to be added as a consequence of ADD_IP_ALIASES=Yes and addresses to be added as a consequence of ADD_IP_ALIASES=Yes and
ADD_SNAT_ALIASES=Yes are quietly deleted when <ulink ADD_SNAT_ALIASES=Yes are quietly deleted when <ulink
url="shorewall-nat.html">shorewall-nat</ulink>(5) and <ulink url="/manpages/shorewall-nat.html">shorewall-nat</ulink>(5) and <ulink
url="shorewall-masq.html">shorewall-masq</ulink>(5) are processed url="/manpages/shorewall-masq.html">shorewall-masq</ulink>(5) are processed
then are re-added later. This is done to help ensure that the then are re-added later. This is done to help ensure that the
addresses can be added with the specified labels but can have the addresses can be added with the specified labels but can have the
undesirable side effect of causing routes to be quietly deleted. undesirable side effect of causing routes to be quietly deleted.
@ -2299,14 +2299,14 @@ INLINE - - - ; -j REJECT
interfaces. If the option is set to <emphasis interfaces. If the option is set to <emphasis
role="bold">No</emphasis>, then route filtering is disabled on all role="bold">No</emphasis>, then route filtering is disabled on all
interfaces except those specified in <ulink interfaces except those specified in <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5).</para> url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5).</para>
<important> <important>
<para>If you need to disable route filtering on any interface, <para>If you need to disable route filtering on any interface,
then you must set ROUTE_FILTER=No then set routefilter=1 or then you must set ROUTE_FILTER=No then set routefilter=1 or
routefilter=2 on those interfaces where you want route filtering. routefilter=2 on those interfaces where you want route filtering.
See <ulink See <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5) url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
for additional details.</para> for additional details.</para>
</important> </important>
</listitem> </listitem>
@ -2321,7 +2321,7 @@ INLINE - - - ; -j REJECT
<para>Added in Shorewall 4.5.7. Determines the disposition of <para>Added in Shorewall 4.5.7. Determines the disposition of
packets entering from interfaces the <option>rpfilter</option> packets entering from interfaces the <option>rpfilter</option>
option (see <ulink option (see <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5)). url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5)).
Packets disposed of by this option are those whose response packets Packets disposed of by this option are those whose response packets
would not be sent through the same interface receiving the would not be sent through the same interface receiving the
packet.</para> packet.</para>
@ -2374,7 +2374,7 @@ INLINE - - - ; -j REJECT
<listitem> <listitem>
<para>Added in Shorewall 4.4.20. Determines the disposition of <para>Added in Shorewall 4.4.20. Determines the disposition of
packets matching the <option>sfilter</option> option (see <ulink packets matching the <option>sfilter</option> option (see <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5)) and url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5)) and
of <firstterm>hairpin</firstterm> packets on interfaces without the of <firstterm>hairpin</firstterm> packets on interfaces without the
<option>routeback</option> option.<footnote> <option>routeback</option> option.<footnote>
<para>Hairpin packets are packets that are routed out of the <para>Hairpin packets are packets that are routed out of the
@ -2390,7 +2390,7 @@ INLINE - - - ; -j REJECT
<listitem> <listitem>
<para>Added on Shorewall 4.4.20. Determines the logging of packets <para>Added on Shorewall 4.4.20. Determines the logging of packets
matching the <option>sfilter</option> option (see <ulink matching the <option>sfilter</option> option (see <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5)) and url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5)) and
of <firstterm>hairpin</firstterm> packets on interfaces without the of <firstterm>hairpin</firstterm> packets on interfaces without the
<option>routeback</option> option.<footnote> <option>routeback</option> option.<footnote>
<para>Hairpin packets are packets that are routed out of the <para>Hairpin packets are packets that are routed out of the
@ -2421,7 +2421,7 @@ INLINE - - - ; -j REJECT
<listitem> <listitem>
<para>Added in Shorewall 4.4.20. The default setting is DROP which <para>Added in Shorewall 4.4.20. The default setting is DROP which
causes smurf packets (see the nosmurfs option in <ulink causes smurf packets (see the nosmurfs option in <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5)) to url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5)) to
be dropped. A_DROP causes the packets to be audited prior to being be dropped. A_DROP causes the packets to be audited prior to being
dropped and requires AUDIT_TARGET support in the kernel and dropped and requires AUDIT_TARGET support in the kernel and
iptables.</para> iptables.</para>
@ -2435,7 +2435,7 @@ INLINE - - - ; -j REJECT
<listitem> <listitem>
<para>Specifies the logging level for smurf packets (see the <para>Specifies the logging level for smurf packets (see the
nosmurfs option in <ulink nosmurfs option in <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5)). If url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5)). If
set to the empty value ( SMURF_LOG_LEVEL="" ) then smurfs are not set to the empty value ( SMURF_LOG_LEVEL="" ) then smurfs are not
logged.</para> logged.</para>
</listitem> </listitem>
@ -2524,8 +2524,8 @@ INLINE - - - ; -j REJECT
<para>If you set TC_ENABLED=Simple (Shorewall 4.4.6 and later), <para>If you set TC_ENABLED=Simple (Shorewall 4.4.6 and later),
simple traffic shaping using <ulink simple traffic shaping using <ulink
url="shorewall-tcinterfaces.html">shorewall-tcinterfaces</ulink>(5) url="/manpages/shorewall-tcinterfaces.html">shorewall-tcinterfaces</ulink>(5)
and <ulink url="shorewall-tcpri.html">shorewall-tcpri</ulink>(5) is and <ulink url="/manpages/shorewall-tcpri.html">shorewall-tcpri</ulink>(5) is
enabled.</para> enabled.</para>
<para>If you set TC_ENABLED=Internal or internal or leave the option <para>If you set TC_ENABLED=Internal or internal or leave the option
@ -2552,7 +2552,7 @@ INLINE - - - ; -j REJECT
<para>Normally, Shorewall tries to protect users from themselves by <para>Normally, Shorewall tries to protect users from themselves by
preventing PREROUTING and OUTPUT tcrules from being applied to preventing PREROUTING and OUTPUT tcrules from being applied to
packets that have been marked by the 'track' option in <ulink packets that have been marked by the 'track' option in <ulink
url="shorewall-providers.html">shorewall-providers</ulink>(5).</para> url="/manpages/shorewall-providers.html">shorewall-providers</ulink>(5).</para>
<para>If you know what you are doing, you can set TC_EXPERT=Yes and <para>If you know what you are doing, you can set TC_EXPERT=Yes and
Shorewall will not include these cautionary checks.</para> Shorewall will not include these cautionary checks.</para>
@ -2566,7 +2566,7 @@ INLINE - - - ; -j REJECT
<listitem> <listitem>
<para>Added in Shorewall 4.4.6. Determines the mapping of a packet's <para>Added in Shorewall 4.4.6. Determines the mapping of a packet's
TOS field to priority bands. See <ulink TOS field to priority bands. See <ulink
url="shorewall-tcpri.html">shorewall-tcpri</ulink>(5). The url="/manpages/shorewall-tcpri.html">shorewall-tcpri</ulink>(5). The
<emphasis>map</emphasis> consists of 16 space-separated digits with <emphasis>map</emphasis> consists of 16 space-separated digits with
values 1, 2 or 3. A value of 1 corresponds to Linux priority 0, 2 to values 1, 2 or 3. A value of 1 corresponds to Linux priority 0, 2 to
Linux priority 1, and 3 to Linux Priority 2. The first entry gives Linux priority 1, and 3 to Linux Priority 2. The first entry gives
@ -2589,7 +2589,7 @@ INLINE - - - ; -j REJECT
<para>Determines the disposition of TCP packets that fail the checks <para>Determines the disposition of TCP packets that fail the checks
enabled by the <emphasis role="bold">tcpflags</emphasis> interface enabled by the <emphasis role="bold">tcpflags</emphasis> interface
option (see <ulink option (see <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5)) and url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5)) and
must have a value of ACCEPT (accept the packet), REJECT (send an RST must have a value of ACCEPT (accept the packet), REJECT (send an RST
response) or DROP (ignore the packet). If not set or if set to the response) or DROP (ignore the packet). If not set or if set to the
empty value (e.g., TCP_FLAGS_DISPOSITION="") then empty value (e.g., TCP_FLAGS_DISPOSITION="") then
@ -2621,13 +2621,13 @@ INLINE - - - ; -j REJECT
<para>Added in Shorewall 4.4.3. When set to Yes, causes the <para>Added in Shorewall 4.4.3. When set to Yes, causes the
<option>track</option> option to be assumed on all providers defined <option>track</option> option to be assumed on all providers defined
in <ulink in <ulink
url="shorewall-providers.html">shorewall-providers</ulink>(5). May url="/manpages/shorewall-providers.html">shorewall-providers</ulink>(5). May
be overridden on an individual provider through use of the be overridden on an individual provider through use of the
<option>notrack</option> option. The default value is 'No'.</para> <option>notrack</option> option. The default value is 'No'.</para>
<para>Beginning in Shorewall 4.4.6, setting this option to 'Yes' <para>Beginning in Shorewall 4.4.6, setting this option to 'Yes'
also simplifies PREROUTING rules in <ulink also simplifies PREROUTING rules in <ulink
url="shorewall-tcrules.html">shorewall-tcrules</ulink>(5). url="/manpages/shorewall-tcrules.html">shorewall-tcrules</ulink>(5).
Previously, when TC_EXPERT=No, packets arriving through 'tracked' Previously, when TC_EXPERT=No, packets arriving through 'tracked'
provider interfaces were unconditionally passed to the PREROUTING provider interfaces were unconditionally passed to the PREROUTING
tcrules. This was done so that tcrules could reset the packet mark tcrules. This was done so that tcrules could reset the packet mark
@ -2669,7 +2669,7 @@ INLINE - - - ; -j REJECT
<listitem> <listitem>
<para>Added in Shorewall 4.5.13. Shorewall has traditionally passed <para>Added in Shorewall 4.5.13. Shorewall has traditionally passed
UNTRACKED packets through the NEW section of <ulink UNTRACKED packets through the NEW section of <ulink
url="shorewall-rules.html">shorewall-rules</ulink> (5). When a url="/manpages/shorewall-rules.html">shorewall-rules</ulink> (5). When a
packet in UNTRACKED state fails to match any rule in the UNTRACKED packet in UNTRACKED state fails to match any rule in the UNTRACKED
section, the packet is disposed of based on this setting. The section, the packet is disposed of based on this setting. The
default value is CONTINUE for compatibility with earlier default value is CONTINUE for compatibility with earlier
@ -2684,7 +2684,7 @@ INLINE - - - ; -j REJECT
<listitem> <listitem>
<para>Added in Shorewall 4.5.13. Packets in the UNTRACKED state that <para>Added in Shorewall 4.5.13. Packets in the UNTRACKED state that
do not match any rule in the UNTRACKED section of <ulink do not match any rule in the UNTRACKED section of <ulink
url="shorewall-rules.html">shorewall-rules</ulink> (5) are logged at url="/manpages/shorewall-rules.html">shorewall-rules</ulink> (5) are logged at
this level. The default value is empty which means no logging is this level. The default value is empty which means no logging is
performed.</para> performed.</para>
</listitem> </listitem>
@ -2708,7 +2708,7 @@ INLINE - - - ; -j REJECT
<orderedlist> <orderedlist>
<listitem> <listitem>
<para>Both the DUPLICATE and the COPY columns in <ulink <para>Both the DUPLICATE and the COPY columns in <ulink
url="shorewall-providers.html">providers</ulink>(5) file must url="/manpages/shorewall-providers.html">providers</ulink>(5) file must
remain empty (or contain "-").</para> remain empty (or contain "-").</para>
</listitem> </listitem>
@ -2725,7 +2725,7 @@ INLINE - - - ; -j REJECT
<listitem> <listitem>
<para>Packets are sent through the main routing table by a rule <para>Packets are sent through the main routing table by a rule
with priority 999. In <ulink with priority 999. In <ulink
url="shorewall-routing_rules.html">routing_rules</ulink>(5), the url="/manpages/shorewall-routing_rules.html">routing_rules</ulink>(5), the
range 1-998 may be used for inserting rules that bypass the main range 1-998 may be used for inserting rules that bypass the main
table.</para> table.</para>
</listitem> </listitem>

View File

@ -730,7 +730,7 @@
<para>The <option>trace</option> and <option>debug</option> options are <para>The <option>trace</option> and <option>debug</option> options are
used for debugging. See <ulink used for debugging. See <ulink
url="http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace">http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace</ulink>.</para> url="/starting_and_stopping_shorewall.htm#Trace">http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace</ulink>.</para>
<para>The nolock <option>option</option> prevents the command from <para>The nolock <option>option</option> prevents the command from
attempting to acquire the Shorewall lockfile. It is useful if you need to attempting to acquire the Shorewall lockfile. It is useful if you need to
@ -742,7 +742,7 @@
role="bold">v</emphasis> and <emphasis role="bold">q</emphasis>. If the role="bold">v</emphasis> and <emphasis role="bold">q</emphasis>. If the
options are omitted, the amount of output is determined by the setting of options are omitted, the amount of output is determined by the setting of
the VERBOSITY parameter in <ulink the VERBOSITY parameter in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5). Each <emphasis url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). Each <emphasis
role="bold">v</emphasis> adds one to the effective verbosity and each role="bold">v</emphasis> adds one to the effective verbosity and each
<emphasis role="bold">q</emphasis> subtracts one from the effective <emphasis role="bold">q</emphasis> subtracts one from the effective
VERBOSITY. Alternatively, <emphasis role="bold">v</emphasis> may be VERBOSITY. Alternatively, <emphasis role="bold">v</emphasis> may be
@ -770,7 +770,7 @@
<para>The <emphasis>interface</emphasis> argument names an interface <para>The <emphasis>interface</emphasis> argument names an interface
defined in the <ulink defined in the <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5) url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
file. A <emphasis>host-list</emphasis> is comma-separated list whose file. A <emphasis>host-list</emphasis> is comma-separated list whose
elements are host or network addresses.<caution> elements are host or network addresses.<caution>
<para>The <command>add</command> command is not very robust. If <para>The <command>add</command> command is not very robust. If
@ -784,7 +784,7 @@
<para>Beginning with Shorewall 4.5.9, the <emphasis <para>Beginning with Shorewall 4.5.9, the <emphasis
role="bold">dynamic_shared</emphasis> zone option (<ulink role="bold">dynamic_shared</emphasis> zone option (<ulink
url="shorewall-zones.html">shorewall-zones</ulink>(5)) allows a url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5)) allows a
single ipset to handle entries for multiple interfaces. When that single ipset to handle entries for multiple interfaces. When that
option is specified for a zone, the <command>add</command> command option is specified for a zone, the <command>add</command> command
has the alternative syntax in which the has the alternative syntax in which the
@ -839,7 +839,7 @@
warning message to be issued if the line current line contains warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall.conf.html">shorewall.conf(5)</ulink>.</para> <ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -912,7 +912,7 @@
warning message to be issued if the line current line contains warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall.conf.html">shorewall.conf(5)</ulink>.</para> <ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -925,13 +925,13 @@
<para>The <emphasis>interface</emphasis> argument names an interface <para>The <emphasis>interface</emphasis> argument names an interface
defined in the <ulink defined in the <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5) url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
file. A <emphasis>host-list</emphasis> is comma-separated list whose file. A <emphasis>host-list</emphasis> is comma-separated list whose
elements are a host or network address.</para> elements are a host or network address.</para>
<para>Beginning with Shorewall 4.5.9, the <emphasis <para>Beginning with Shorewall 4.5.9, the <emphasis
role="bold">dynamic_shared</emphasis> zone option (<ulink role="bold">dynamic_shared</emphasis> zone option (<ulink
url="shorewall-zones.html">shorewall-zones</ulink>(5)) allows a url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5)) allows a
single ipset to handle entries for multiple interfaces. When that single ipset to handle entries for multiple interfaces. When that
option is specified for a zone, the <command>delete</command> option is specified for a zone, the <command>delete</command>
command has the alternative syntax in which the command has the alternative syntax in which the
@ -954,7 +954,7 @@
any optional network interface. <replaceable>interface</replaceable> any optional network interface. <replaceable>interface</replaceable>
may be either the logical or physical name of the interface. The may be either the logical or physical name of the interface. The
command removes any routes added from <ulink command removes any routes added from <ulink
url="shorewall-routes.html">shorewall-routes</ulink>(5) and any url="/manpages/shorewall-routes.html">shorewall-routes</ulink>(5) and any
traffic shaping configuration for the interface.</para> traffic shaping configuration for the interface.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1001,7 +1001,7 @@
may be either the logical or physical name of the interface. The may be either the logical or physical name of the interface. The
command sets <filename>/proc</filename> entries for the interface, command sets <filename>/proc</filename> entries for the interface,
adds any route specified in <ulink adds any route specified in <ulink
url="shorewall-routes.html">shorewall-routes</ulink>(5) and installs url="/manpages/shorewall-routes.html">shorewall-routes</ulink>(5) and installs
the interface's traffic shaping configuration, if any.</para> the interface's traffic shaping configuration, if any.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1037,7 +1037,7 @@
<para>Deletes /var/lib/shorewall/<emphasis>filename</emphasis> and <para>Deletes /var/lib/shorewall/<emphasis>filename</emphasis> and
/var/lib/shorewall/save. If no <emphasis>filename</emphasis> is /var/lib/shorewall/save. If no <emphasis>filename</emphasis> is
given then the file specified by RESTOREFILE in <ulink given then the file specified by RESTOREFILE in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5) is url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) is
assumed.</para> assumed.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1148,7 +1148,7 @@
warning message to be issued if the line current line contains warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall.conf.html">shorewall.conf(5)</ulink>.</para> <ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1159,7 +1159,7 @@
<para>Causes traffic from the listed <emphasis>address</emphasis>es <para>Causes traffic from the listed <emphasis>address</emphasis>es
to be logged then discarded. Logging occurs at the log level to be logged then discarded. Logging occurs at the log level
specified by the BLACKLIST_LOGLEVEL setting in <ulink specified by the BLACKLIST_LOGLEVEL setting in <ulink
url="shorewall.conf.html">shorewall.conf</ulink> (5).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink> (5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1168,7 +1168,7 @@
<listitem> <listitem>
<para>Monitors the log file specified by the LOGFILE option in <para>Monitors the log file specified by the LOGFILE option in
<ulink url="shorewall.conf.html">shorewall.conf</ulink>(5) and <ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) and
produces an audible alarm when new Shorewall messages are logged. produces an audible alarm when new Shorewall messages are logged.
The <emphasis role="bold">-m</emphasis> option causes the MAC The <emphasis role="bold">-m</emphasis> option causes the MAC
address of each packet source to be displayed if that information is address of each packet source to be displayed if that information is
@ -1188,7 +1188,7 @@
<para>Causes traffic from the listed <emphasis>address</emphasis>es <para>Causes traffic from the listed <emphasis>address</emphasis>es
to be logged then rejected. Logging occurs at the log level to be logged then rejected. Logging occurs at the log level
specified by the BLACKLIST_LOGLEVEL setting in <ulink specified by the BLACKLIST_LOGLEVEL setting in <ulink
url="shorewall.conf.html">shorewall.conf</ulink> (5).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink> (5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1238,7 +1238,7 @@
warning message to be issued if the line current line contains warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall.conf.html">shorewall.conf(5)</ulink>.</para> <ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
<para>The -<option>D</option> option was added in Shorewall 4.5.3 <para>The -<option>D</option> option was added in Shorewall 4.5.3
and causes Shorewall to look in the given and causes Shorewall to look in the given
@ -1306,7 +1306,7 @@
warning message to be issued if the line current line contains warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall.conf.html">shorewall.conf(5)</ulink>.</para> <ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1348,7 +1348,7 @@
<para>The <option>-c</option> option was added in Shorewall 4.4.20 <para>The <option>-c</option> option was added in Shorewall 4.4.20
and performs the compilation step unconditionally, overriding the and performs the compilation step unconditionally, overriding the
AUTOMAKE setting in <ulink AUTOMAKE setting in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5). When both url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). When both
<option>-f</option> and <option>-c</option>are present, the result <option>-f</option> and <option>-c</option>are present, the result
is determined by the option that appears last.</para> is determined by the option that appears last.</para>
@ -1360,7 +1360,7 @@
warning message to be issued if the line current line contains warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall.conf.html">shorewall.conf(5)</ulink>.</para> <ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1375,7 +1375,7 @@
role="bold">shorewall save</emphasis>; if no role="bold">shorewall save</emphasis>; if no
<emphasis>filename</emphasis> is given then Shorewall will be <emphasis>filename</emphasis> is given then Shorewall will be
restored from the file specified by the RESTOREFILE option in <ulink restored from the file specified by the RESTOREFILE option in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1437,7 +1437,7 @@
role="bold">shorewall -f start</emphasis> commands. If role="bold">shorewall -f start</emphasis> commands. If
<emphasis>filename</emphasis> is not given then the state is saved <emphasis>filename</emphasis> is not given then the state is saved
in the file specified by the RESTOREFILE option in <ulink in the file specified by the RESTOREFILE option in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1564,7 +1564,7 @@
<listitem> <listitem>
<para>Added in Shorewall 4.4.17. Displays the per-IP <para>Added in Shorewall 4.4.17. Displays the per-IP
accounting counters (<ulink accounting counters (<ulink
url="manpages/shorewall-accounting.html">shorewall-accounting</ulink> url="/manpages/shorewall-accounting.html">shorewall-accounting</ulink>
(5)).</para> (5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1575,7 +1575,7 @@
<listitem> <listitem>
<para>Displays the last 20 Shorewall messages from the log <para>Displays the last 20 Shorewall messages from the log
file specified by the LOGFILE option in <ulink file specified by the LOGFILE option in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5). The url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). The
<emphasis role="bold">-m</emphasis> option causes the MAC <emphasis role="bold">-m</emphasis> option causes the MAC
address of each packet source to be displayed if that address of each packet source to be displayed if that
information is available.</para> information is available.</para>
@ -1690,14 +1690,14 @@
Shorewall will look in that <emphasis>directory</emphasis> first for Shorewall will look in that <emphasis>directory</emphasis> first for
configuration files. If <emphasis role="bold">-f</emphasis> is configuration files. If <emphasis role="bold">-f</emphasis> is
specified, the saved configuration specified by the RESTOREFILE specified, the saved configuration specified by the RESTOREFILE
option in <ulink url="shorewall.conf.html">shorewall.conf</ulink>(5) option in <ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
will be restored if that saved configuration exists and has been will be restored if that saved configuration exists and has been
modified more recently than the files in /etc/shorewall. When modified more recently than the files in /etc/shorewall. When
<emphasis role="bold">-f</emphasis> is given, a <emphasis role="bold">-f</emphasis> is given, a
<replaceable>directory</replaceable> may not be specified.</para> <replaceable>directory</replaceable> may not be specified.</para>
<para>Update: In Shorewall 4.4.20, a new LEGACY_FASTSTART option was <para>Update: In Shorewall 4.4.20, a new LEGACY_FASTSTART option was
added to <ulink url="shorewall.conf.html">shorewall.conf</ulink>(5). added to <ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).
When LEGACY_FASTSTART=No, the modification times of files in When LEGACY_FASTSTART=No, the modification times of files in
/etc/shorewall are compared with that of /var/lib/shorewall/firewall /etc/shorewall are compared with that of /var/lib/shorewall/firewall
(the compiled script that last started/restarted the (the compiled script that last started/restarted the
@ -1713,7 +1713,7 @@
<para>The <option>-c</option> option was added in Shorewall 4.4.20 <para>The <option>-c</option> option was added in Shorewall 4.4.20
and performs the compilation step unconditionally, overriding the and performs the compilation step unconditionally, overriding the
AUTOMAKE setting in <ulink AUTOMAKE setting in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5). When both url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). When both
<option>-f</option> and <option>-c</option>are present, the result <option>-f</option> and <option>-c</option>are present, the result
is determined by the option that appears last.</para> is determined by the option that appears last.</para>
@ -1725,7 +1725,7 @@
warning message to be issued if the line current line contains warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall.conf.html">shorewall.conf(5)</ulink>.</para> <ulink url="/manpages/shorewall.conf.html">shorewall.conf(5)</ulink>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1735,12 +1735,12 @@
<listitem> <listitem>
<para>Stops the firewall. All existing connections, except those <para>Stops the firewall. All existing connections, except those
listed in <ulink listed in <ulink
url="shorewall-routestopped.html">shorewall-routestopped</ulink>(5) url="/manpages/shorewall-routestopped.html">shorewall-routestopped</ulink>(5)
or permitted by the ADMINISABSENTMINDED option in <ulink or permitted by the ADMINISABSENTMINDED option in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5), are taken down. url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5), are taken down.
The only new traffic permitted through the firewall is from systems The only new traffic permitted through the firewall is from systems
listed in <ulink listed in <ulink
url="shorewall-routestopped.html">shorewall-routestopped</ulink>(5) url="/manpages/shorewall-routestopped.html">shorewall-routestopped</ulink>(5)
or by ADMINISABSENTMINDED.</para> or by ADMINISABSENTMINDED.</para>
<para>If <option>-f</option> is given, the command will be processed <para>If <option>-f</option> is given, the command will be processed
@ -1814,13 +1814,13 @@
<para>The <option>-b</option> option was added in Shorewall 4.4.26 <para>The <option>-b</option> option was added in Shorewall 4.4.26
and causes legacy blacklisting rules (<ulink and causes legacy blacklisting rules (<ulink
url="shorewall-blacklist.html">shorewall-blacklist</ulink> (5) ) to url="/manpages/shorewall-blacklist.html">shorewall-blacklist</ulink> (5) ) to
be converted to entries in the blrules file (<ulink be converted to entries in the blrules file (<ulink
url="shorewall-blrules.html">shorewall-blrules</ulink> (5) ). The url="/manpages/shorewall-blrules.html">shorewall-blrules</ulink> (5) ). The
blacklist keyword is removed from <ulink blacklist keyword is removed from <ulink
url="shorewall-zones.html">shorewall-zones</ulink> (5), <ulink url="/manpages/shorewall-zones.html">shorewall-zones</ulink> (5), <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink> (5) and url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink> (5) and
<ulink url="shorewall-hosts.html">shorewall-hosts</ulink> (5). The <ulink url="/manpages/shorewall-hosts.html">shorewall-hosts</ulink> (5). The
unmodified files are saved with a .bak suffix.</para> unmodified files are saved with a .bak suffix.</para>
<para>The <option>-D</option> option was added in Shorewall 4.5.11. <para>The <option>-D</option> option was added in Shorewall 4.5.11.
@ -1834,7 +1834,7 @@
warning message to be issued if the line current line contains warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall.conf.html">shorewall.conf(5)</ulink>.</para> <ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
<para>For a description of the other options, see the <emphasis <para>For a description of the other options, see the <emphasis
role="bold">check</emphasis> command above.</para> role="bold">check</emphasis> command above.</para>
@ -1880,7 +1880,7 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://www.shorewall.net/starting_and_stopping_shorewall.htm">http://www.shorewall.net/starting_and_stopping_shorewall.htm</ulink></para> url="/starting_and_stopping_shorewall.htm">http://www.shorewall.net/starting_and_stopping_shorewall.htm</ulink></para>
<para>shorewall-accounting(5), shorewall-actions(5), <para>shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),

View File

@ -50,7 +50,7 @@
</itemizedlist> </itemizedlist>
<para>The new structure is enabled by sectioning the accounting file in a <para>The new structure is enabled by sectioning the accounting file in a
manner similar to the <ulink url="manpages/shorewall-rules.html">rules manner similar to the <ulink url="/manpages6/shorewall6-rules.html">rules
file</ulink>. The sections are <emphasis role="bold">INPUT</emphasis>, file</ulink>. The sections are <emphasis role="bold">INPUT</emphasis>,
<emphasis role="bold">OUTPUT</emphasis> and <emphasis <emphasis role="bold">OUTPUT</emphasis> and <emphasis
role="bold">FORWARD</emphasis> and must appear in that order (although any role="bold">FORWARD</emphasis> and must appear in that order (although any
@ -824,14 +824,14 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/Accounting.html">http://shorewall.net/Accounting.html url="/Accounting.html">http://www.shorewall.net/Accounting.html
</ulink></para> </ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/shorewall_logging.html">http://shorewall.net/shorewall_logging.html</ulink></para> url="/shorewall_logging.html">http://www.shorewall.net/shorewall_logging.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall6(8), shorewall6-actions(5), shorewall6-blacklist(5), <para>shorewall6(8), shorewall6-actions(5), shorewall6-blacklist(5),
shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),

View File

@ -24,7 +24,7 @@
<title>Description</title> <title>Description</title>
<para>This file allows you to define new ACTIONS for use in rules (see <para>This file allows you to define new ACTIONS for use in rules (see
<ulink url="shorewall-rules.html">shorewall6-rules(5)</ulink>). You define <ulink url="/manpages6/shorewall6-rules.html">shorewall6-rules(5)</ulink>). You define
the ip6tables rules to be performed in an ACTION in the ip6tables rules to be performed in an ACTION in
/etc/shorewall6/action.<emphasis>action-name</emphasis>.</para> /etc/shorewall6/action.<emphasis>action-name</emphasis>.</para>
@ -58,7 +58,7 @@
target that is supported by your ip6tables but is not directly target that is supported by your ip6tables but is not directly
supported by Shorewall. The action may be used as the rule supported by Shorewall. The action may be used as the rule
target in an INLINE rule in <ulink target in an INLINE rule in <ulink
url="shorewall6-rules.html">shorewall6-rules</ulink>(5).</para> url="/manpages6/shorewall6-rules.html">shorewall6-rules</ulink>(5).</para>
<para>Beginning with Shorewall 4.6.0, the Netfilter table(s) <para>Beginning with Shorewall 4.6.0, the Netfilter table(s)
in which the <emphasis role="bold">builtin</emphasis> can be in which the <emphasis role="bold">builtin</emphasis> can be
@ -146,7 +146,7 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/Actions.html">http://shorewall.net/Actions.html</ulink></para> url="/Actions.html">http://www.shorewall.net/Actions.html</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-blacklist(5), <para>shorewall6(8), shorewall6-accounting(5), shorewall6-blacklist(5),
shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),

View File

@ -26,7 +26,7 @@
<para>The blacklist file is used to perform static blacklisting by source <para>The blacklist file is used to perform static blacklisting by source
address (IP or MAC), or by application. The use of this file is deprecated address (IP or MAC), or by application. The use of this file is deprecated
in favor of <ulink in favor of <ulink
url="shorewall6-blrules.html">shorewall6-blrules</ulink>(5), and beginning url="/manpages6/shorewall6-blrules.html">shorewall6-blrules</ulink>(5), and beginning
with Shorewall 4.5.7, the blacklist file is no longer installed. Existing with Shorewall 4.5.7, the blacklist file is no longer installed. Existing
blacklist files can be converted to a corresponding blrules file using the blacklist files can be converted to a corresponding blrules file using the
<command>shorewall6 update -b</command> command.</para> <command>shorewall6 update -b</command> command.</para>
@ -47,7 +47,7 @@
(if your kernel and ip6tables contain iprange match support) or (if your kernel and ip6tables contain iprange match support) or
ipset name prefaced by "+" (if your kernel supports ipset match). ipset name prefaced by "+" (if your kernel supports ipset match).
Exclusion (<ulink Exclusion (<ulink
url="shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)) is url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)) is
supported.</para> supported.</para>
<para>MAC addresses must be prefixed with "~" and use "-" as a <para>MAC addresses must be prefixed with "~" and use "-" as a
@ -101,7 +101,7 @@
interface that has the 'blacklist' option set. So to block traffic interface that has the 'blacklist' option set. So to block traffic
from your local network to an internet host, you had to specify from your local network to an internet host, you had to specify
<option>blacklist</option> on your internal interface in <ulink <option>blacklist</option> on your internal interface in <ulink
url="shorewall6-interfaces.html">shorewall6-interfaces</ulink> url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>
(5).</para> (5).</para>
</note> </note>
@ -109,7 +109,7 @@
<para>Beginning with Shorewall 4.4.13, entries are applied based <para>Beginning with Shorewall 4.4.13, entries are applied based
on the <emphasis role="bold">blacklist</emphasis> setting in on the <emphasis role="bold">blacklist</emphasis> setting in
<ulink <ulink
url="shorewall-zones.html">shorewall6-zones</ulink>(5):</para> url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink>(5):</para>
<orderedlist> <orderedlist>
<listitem> <listitem>
@ -145,12 +145,12 @@
<para>When a packet arrives on an interface that has the <emphasis <para>When a packet arrives on an interface that has the <emphasis
role="bold">blacklist</emphasis> option specified in <ulink role="bold">blacklist</emphasis> option specified in <ulink
url="shorewall-interfaces.html">shorewall6-interfaces</ulink>(5), its url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5), its
source IP address and MAC address is checked against this file and source IP address and MAC address is checked against this file and
disposed of according to the <emphasis disposed of according to the <emphasis
role="bold">BLACKLIST_DISPOSITION</emphasis> and <emphasis role="bold">BLACKLIST_DISPOSITION</emphasis> and <emphasis
role="bold">BLACKLIST_LOGLEVEL</emphasis> variables in <ulink role="bold">BLACKLIST_LOGLEVEL</emphasis> variables in <ulink
url="shorewall.conf.html">shorewall6.conf</ulink>(5). If <emphasis url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5). If <emphasis
role="bold">PROTOCOL</emphasis> or <emphasis role="bold">PROTOCOL</emphasis> or <emphasis
role="bold">PROTOCOL</emphasis> and <emphasis role="bold">PORTS</emphasis> role="bold">PROTOCOL</emphasis> and <emphasis role="bold">PORTS</emphasis>
are supplied, only packets matching the protocol (and one of the ports if are supplied, only packets matching the protocol (and one of the ports if
@ -197,10 +197,10 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/blacklisting_support.htm">http://shorewall.net/blacklisting_support.htm</ulink></para> url="/blacklisting_support.htm">http://www.shorewall.net/blacklisting_support.htm</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), <para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),

View File

@ -28,13 +28,13 @@
<para>Rules in this file are applied depending on the setting of <para>Rules in this file are applied depending on the setting of
BLACKLISTNEWONLY in <ulink BLACKLISTNEWONLY in <ulink
url="shorewall.conf.html">shorewall6.conf</ulink>(5). If url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5). If
BLACKLISTNEWONLY=No, then they are applied regardless of the connection BLACKLISTNEWONLY=No, then they are applied regardless of the connection
tracking state of the packet. If BLACKLISTNEWONLY=Yes, they are applied to tracking state of the packet. If BLACKLISTNEWONLY=Yes, they are applied to
connections in the NEW and INVALID states.</para> connections in the NEW and INVALID states.</para>
<para>The format of rules in this file is the same as the format of rules <para>The format of rules in this file is the same as the format of rules
in <ulink url="shorewall6-rules.html">shorewall6-rules (5)</ulink>. The in <ulink url="/manpages6/shorewall6-rules.html">shorewall6-rules</ulink>(5). The
difference in the two files lies in the ACTION (first) column.</para> difference in the two files lies in the ACTION (first) column.</para>
<variablelist> <variablelist>
@ -70,7 +70,7 @@
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>If BLACKLIST_LOGLEVEL is specified in <ulink <para>If BLACKLIST_LOGLEVEL is specified in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5), url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5),
then the macro expands to <emphasis then the macro expands to <emphasis
role="bold">blacklog</emphasis>.</para> role="bold">blacklog</emphasis>.</para>
</listitem> </listitem>
@ -78,7 +78,7 @@
<listitem> <listitem>
<para>Otherwise it expands to the action specified for <para>Otherwise it expands to the action specified for
BLACKLIST_DISPOSITION in <ulink BLACKLIST_DISPOSITION in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</listitem> </listitem>
@ -89,10 +89,10 @@
<listitem> <listitem>
<para>May only be used if BLACKLIST_LOGLEVEL is specified in <para>May only be used if BLACKLIST_LOGLEVEL is specified in
<ulink url="shorewall6.conf.html">shorewall6.conf </ulink>(5). <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf </ulink>(5).
Logs, audits (if specified) and applies the Logs, audits (if specified) and applies the
BLACKLIST_DISPOSITION specified in <ulink BLACKLIST_DISPOSITION specified in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink> (5).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink> (5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -167,7 +167,7 @@
<listitem> <listitem>
<para>queues matching packets to a back end logging daemon via <para>queues matching packets to a back end logging daemon via
a netlink socket then continues to the next rule. See <ulink a netlink socket then continues to the next rule. See <ulink
url="http://www.shorewall.net/shorewall.logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.</para> url="/shorewall.logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -206,7 +206,7 @@
<listitem> <listitem>
<para>The name of an <emphasis>action</emphasis> declared in <para>The name of an <emphasis>action</emphasis> declared in
<ulink <ulink
url="shorewall6-actions.html">shorewall6-actions</ulink>(5) or url="/manpages6/shorewall6-actions.html">shorewall6-actions</ulink>(5) or
in /usr/share/shorewall6/actions.std.</para> in /usr/share/shorewall6/actions.std.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -238,7 +238,7 @@
<para>If the <emphasis role="bold">ACTION</emphasis> names an <para>If the <emphasis role="bold">ACTION</emphasis> names an
<emphasis>action</emphasis> declared in <ulink <emphasis>action</emphasis> declared in <ulink
url="shorewall6-actions.html">shorewall6-actions</ulink>(5) or in url="/manpages6/shorewall6-actions.html">shorewall6-actions</ulink>(5) or in
/usr/share/shorewall6/actions.std then:</para> /usr/share/shorewall6/actions.std then:</para>
<itemizedlist> <itemizedlist>
@ -268,13 +268,13 @@
<para>Actions specifying logging may be followed by a log tag (a <para>Actions specifying logging may be followed by a log tag (a
string of alphanumeric characters) which is appended to the string string of alphanumeric characters) which is appended to the string
generated by the LOGPREFIX (in <ulink generated by the LOGPREFIX (in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
<para>For the remaining columns, see <ulink <para>For the remaining columns, see <ulink
url="shorewall6-rules.html">shorewall6-rules (5)</ulink>.</para> url="/manpages6/shorewall6-rules.html">shorewall6-rules (5)</ulink>.</para>
</refsect1> </refsect1>
<refsect1> <refsect1>
@ -314,10 +314,10 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/blacklisting_support.htm">http://shorewall.net/blacklisting_support.htm</ulink></para> url="/blacklisting_support.htm">http://www.shorewall.net/blacklisting_support.htm</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), <para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),

View File

@ -266,7 +266,7 @@
<para>This error message may be eliminated by adding <para>This error message may be eliminated by adding
<replaceable>target</replaceable> as a builtin action in <ulink <replaceable>target</replaceable> as a builtin action in <ulink
url="manpages/shorewall-actions.html">shorewall6-actions(5)</ulink>.</para> url="/manpages6/shorewall6-actions.html">shorewall6-actions(5)</ulink>.</para>
</listitem> </listitem>
<listitem> <listitem>
@ -336,7 +336,7 @@
<replaceable>interface</replaceable> is an interface to that zone, <replaceable>interface</replaceable> is an interface to that zone,
and <replaceable>address-list</replaceable> is a comma-separated and <replaceable>address-list</replaceable> is a comma-separated
list of addresses (may contain exclusion - see <ulink list of addresses (may contain exclusion - see <ulink
url="shorewall-exclusion.html">shorewall6-exclusion</ulink> url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>
(5)).</para> (5)).</para>
<para>Beginning with Shorewall 4.5.7, <option>all</option> can be <para>Beginning with Shorewall 4.5.7, <option>all</option> can be
@ -357,7 +357,7 @@
<para>Where <replaceable>interface</replaceable> is an interface to <para>Where <replaceable>interface</replaceable> is an interface to
that zone, and <replaceable>address-list</replaceable> is a that zone, and <replaceable>address-list</replaceable> is a
comma-separated list of addresses (may contain exclusion - see comma-separated list of addresses (may contain exclusion - see
<ulink url="shorewall-exclusion.html">shorewall-exclusion</ulink> <ulink url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>
(5)).</para> (5)).</para>
<para>COMMENT is only allowed in format 1; the remainder of the line <para>COMMENT is only allowed in format 1; the remainder of the line
@ -373,7 +373,7 @@
<listitem> <listitem>
<para>where <replaceable>address-list</replaceable> is a <para>where <replaceable>address-list</replaceable> is a
comma-separated list of addresses (may contain exclusion - see comma-separated list of addresses (may contain exclusion - see
<ulink url="shorewall-exclusion.html">shorewall6-exclusion</ulink> <ulink url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>
(5)).</para> (5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -524,7 +524,7 @@ DROP:PO - 2001:1.2.3::4
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), <para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),

View File

@ -29,7 +29,7 @@
<para>The order of entries in this file is not significant in determining <para>The order of entries in this file is not significant in determining
zone composition. Rather, the order that the zones are declared in <ulink zone composition. Rather, the order that the zones are declared in <ulink
url="shorewall-zones.html">shorewall6-zones</ulink>(5) determines the url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink>(5) determines the
order in which the records in this file are interpreted.</para> order in which the records in this file are interpreted.</para>
<warning> <warning>
@ -39,7 +39,7 @@
<warning> <warning>
<para>If you have an entry for a zone and interface in <ulink <para>If you have an entry for a zone and interface in <ulink
url="shorewall-interfaces.html">shorewall6-interfaces</ulink>(5) then do url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5) then do
not include any entries in this file for that same (zone, interface) not include any entries in this file for that same (zone, interface)
pair.</para> pair.</para>
</warning> </warning>
@ -55,7 +55,7 @@
<listitem> <listitem>
<para>The name of a zone declared in <ulink <para>The name of a zone declared in <ulink
url="shorewall-zones.html">shorewall6-zones</ulink>(5). You may not url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink>(5). You may not
list the firewall zone in this column.</para> list the firewall zone in this column.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -68,7 +68,7 @@
<listitem> <listitem>
<para>The name of an interface defined in the <ulink <para>The name of an interface defined in the <ulink
url="shorewall-interfaces.html">shorewall6-interfaces</ulink>(5) url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5)
file followed by a colon (":") and a comma-separated list whose file followed by a colon (":") and a comma-separated list whose
elements are either:</para> elements are either:</para>
@ -105,7 +105,7 @@
<blockquote> <blockquote>
<para>You may also exclude certain hosts through use of an <para>You may also exclude certain hosts through use of an
<emphasis>exclusion</emphasis> (see <ulink <emphasis>exclusion</emphasis> (see <ulink
url="shorewall-exclusion.html">shorewall6-exclusion</ulink>(5).</para> url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5).</para>
</blockquote> </blockquote>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -125,7 +125,7 @@
<listitem> <listitem>
<para>Check packets arriving on this port against the <ulink <para>Check packets arriving on this port against the <ulink
url="shorewall-blacklist.html">shorewall6-blacklist</ulink>(5) url="/manpages6/shorewall6-blacklist.html">shorewall6-blacklist</ulink>(5)
file.</para> file.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -137,7 +137,7 @@
<para>The zone is accessed via a kernel 2.6 ipsec SA. Note <para>The zone is accessed via a kernel 2.6 ipsec SA. Note
that if the zone named in the ZONE column is specified as an that if the zone named in the ZONE column is specified as an
IPSEC zone in the <ulink IPSEC zone in the <ulink
url="shorewall-zones.html">shorewall6-zones</ulink>(5) file url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink>(5) file
then you do NOT need to specify the 'ipsec' option then you do NOT need to specify the 'ipsec' option
here.</para> here.</para>
</listitem> </listitem>
@ -195,7 +195,7 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), <para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-interfaces(5), shorewall6-maclist(5), shorewall6-blacklist(5), shorewall6-interfaces(5), shorewall6-maclist(5),

View File

@ -71,7 +71,7 @@
zone in this column.</para> zone in this column.</para>
<para>If the interface serves multiple zones that will be defined in <para>If the interface serves multiple zones that will be defined in
the <ulink url="shorewall6-hosts.html">shorewall6-hosts</ulink>(5) the <ulink url="/manpages6/shorewall6-hosts.html">shorewall6-hosts</ulink>(5)
file, you should place "-" in this column.</para> file, you should place "-" in this column.</para>
<para>If there are multiple interfaces to the same zone, you must <para>If there are multiple interfaces to the same zone, you must
@ -88,7 +88,7 @@ loc eth2 -</programlisting>
<para>Beginning with Shorewall 4.5.17, if you specify a zone for the <para>Beginning with Shorewall 4.5.17, if you specify a zone for the
'lo' interface, then that zone must be defined as type 'lo' interface, then that zone must be defined as type
<option>local</option> in <ulink <option>local</option> in <ulink
url="shorewall6-zones.html">shorewall6-zones</ulink>(5).</para> url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -102,7 +102,7 @@ loc eth2 -</programlisting>
<para>Logical name of interface. Each interface may be listed only <para>Logical name of interface. Each interface may be listed only
once in this file. You may NOT specify the name of a "virtual" once in this file. You may NOT specify the name of a "virtual"
interface (e.g., eth0:0) here; see <ulink interface (e.g., eth0:0) here; see <ulink
url="http://www.shorewall.net/FAQ.htm#faq18">http://www.shorewall.net/FAQ.htm#faq18</ulink>. url="/FAQ.htm#faq18">http://www.shorewall.net/FAQ.htm#faq18</ulink>.
If the <option>physical</option> option is not specified, then the If the <option>physical</option> option is not specified, then the
logical name is also the name of the actual interface.</para> logical name is also the name of the actual interface.</para>
@ -115,7 +115,7 @@ loc eth2 -</programlisting>
<para>Care must be exercised when using wildcards where there is <para>Care must be exercised when using wildcards where there is
another zone that uses a matching specific interface. See <ulink another zone that uses a matching specific interface. See <ulink
url="shorewall6-nesting.html">shorewall6-nesting</ulink>(5) for a url="/manpages6/shorewall6-nesting.html">shorewall6-nesting</ulink>(5) for a
discussion of this problem.</para> discussion of this problem.</para>
<para>Shorewall6 allows '+' as an interface name.</para> <para>Shorewall6 allows '+' as an interface name.</para>
@ -199,7 +199,7 @@ loc eth2 -</programlisting>
<listitem> <listitem>
<para>Check packets arriving on this interface against the <para>Check packets arriving on this interface against the
<ulink <ulink
url="shorewall6-blacklist.html">shorewall6-blacklist</ulink>(5) url="/manpages6/shorewall6-blacklist.html">shorewall6-blacklist</ulink>(5)
file.</para> file.</para>
<para>Beginning with Shorewall 4.4.13:</para> <para>Beginning with Shorewall 4.4.13:</para>
@ -210,7 +210,7 @@ loc eth2 -</programlisting>
ZONES column, then the behavior is as if <emphasis ZONES column, then the behavior is as if <emphasis
role="bold">blacklist</emphasis> had been specified in the role="bold">blacklist</emphasis> had been specified in the
IN_OPTIONS column of <ulink IN_OPTIONS column of <ulink
url="shorewall6-zones.html">shorewall6-zones</ulink>(5).</para> url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink>(5).</para>
</listitem> </listitem>
<listitem> <listitem>
@ -270,16 +270,16 @@ loc eth2 -</programlisting>
<listitem> <listitem>
<para>the interface is a <ulink <para>the interface is a <ulink
url="../SimpleBridge.html">simple bridge</ulink> with a url="/SimpleBridge.html">simple bridge</ulink> with a
DHCP server on one port and DHCP clients on another DHCP server on one port and DHCP clients on another
port.</para> port.</para>
<note> <note>
<para>If you use <ulink <para>If you use <ulink
url="../bridge-Shorewall-perl.html">Shorewall-perl for url="/bridge-Shorewall-perl.html">Shorewall-perl for
firewall/bridging</ulink>, then you need to include firewall/bridging</ulink>, then you need to include
DHCP-specific rules in <ulink DHCP-specific rules in <ulink
url="shorewall-rules.html">shorewall-rules</ulink>(8). url="/manpages/shorewall-rules.html">shorewall-rules</ulink>(8).
DHCP uses UDP ports 546 and 547.</para> DHCP uses UDP ports 546 and 547.</para>
</note> </note>
</listitem> </listitem>
@ -349,7 +349,7 @@ loc eth2 -</programlisting>
<para>Added in Shorewall 4.4.21. Defines the zone as <para>Added in Shorewall 4.4.21. Defines the zone as
<firstterm>dynamic</firstterm>. Requires ipset match support <firstterm>dynamic</firstterm>. Requires ipset match support
in your iptables and kernel. See <ulink in your iptables and kernel. See <ulink
url="http://www.shorewall.net/Dynamic.html">http://www.shorewall.net/Dynamic.html</ulink> url="/Dynamic.html">http://www.shorewall.net/Dynamic.html</ulink>
for further information.</para> for further information.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -389,7 +389,7 @@ loc eth2 -</programlisting>
refers to the name given in this option. It is useful when you refers to the name given in this option. It is useful when you
want to specify the same wildcard port name on two or more want to specify the same wildcard port name on two or more
bridges. See <ulink bridges. See <ulink
url="http://www.shorewall.net/bridge-Shorewall-perl.html#Multiple">http://www.shorewall.net/bridge-Shorewall-perl.html#Multiple</ulink>.</para> url="/bridge-Shorewall-perl.html#Multiple">http://www.shorewall.net/bridge-Shorewall-perl.html#Multiple</ulink>.</para>
<para>If the <emphasis>interface</emphasis> name is a wildcard <para>If the <emphasis>interface</emphasis> name is a wildcard
name (ends with '+'), then the physical name (ends with '+'), then the physical
@ -627,7 +627,7 @@ dmz eth2 -</programlisting>
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), <para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-maclist(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-maclist(5),

View File

@ -76,7 +76,7 @@
specified, matching packets must match all of the listed sets.</para> specified, matching packets must match all of the listed sets.</para>
<para>For information about set lists and exclusion, see <ulink <para>For information about set lists and exclusion, see <ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink> (5).</para> url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink> (5).</para>
<para>Beginning with Shorewall 4.5.16, you can increment one or more <para>Beginning with Shorewall 4.5.16, you can increment one or more
nfacct objects each time a packet matches an ipset. You do that by listing nfacct objects each time a packet matches an ipset. You do that by listing

View File

@ -27,8 +27,8 @@
associated IPv6 addresses to be allowed to use the specified interface. associated IPv6 addresses to be allowed to use the specified interface.
The feature is enabled by using the <emphasis The feature is enabled by using the <emphasis
role="bold">maclist</emphasis> option in the <ulink role="bold">maclist</emphasis> option in the <ulink
url="shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5) or url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5) or
<ulink url="shorewall6-hosts.html">shorewall6-hosts</ulink>(5) <ulink url="/manpages6/shorewall6-hosts.html">shorewall6-hosts</ulink>(5)
configuration file.</para> configuration file.</para>
<para>The columns in the file are as follows.</para> <para>The columns in the file are as follows.</para>
@ -43,7 +43,7 @@
<listitem> <listitem>
<para><emphasis role="bold">ACCEPT</emphasis> or <emphasis <para><emphasis role="bold">ACCEPT</emphasis> or <emphasis
role="bold">DROP</emphasis> (if MACLIST_TABLE=filter in <ulink role="bold">DROP</emphasis> (if MACLIST_TABLE=filter in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5), then REJECT url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5), then REJECT
is also allowed). If specified, the is also allowed). If specified, the
<replaceable>log-level</replaceable> causes packets matching the <replaceable>log-level</replaceable> causes packets matching the
rule to be logged at that level.</para> rule to be logged at that level.</para>
@ -99,10 +99,10 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/MAC_Validation.html">http://shorewall.net/MAC_Validation.html</ulink></para> url="/MAC_Validation.html">http://www.shorewall.net/MAC_Validation.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), <para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),

View File

@ -25,13 +25,13 @@
<para>This file was introduced in Shorewall 4.6.0 and is intended to <para>This file was introduced in Shorewall 4.6.0 and is intended to
replace <ulink replace <ulink
url="shorewall6-tcrules.html">shorewall6-tcrules(5)</ulink>. This file is url="/manpages6/shorewall6-tcrules.html">shorewall6-tcrules(5)</ulink>. This file is
only processed by the compiler if:</para> only processed by the compiler if:</para>
<orderedlist numeration="loweralpha"> <orderedlist numeration="loweralpha">
<listitem> <listitem>
<para>No file named 'tcrules' exists on the current CONFIG_PATH (see <para>No file named 'tcrules' exists on the current CONFIG_PATH (see
<ulink url="shorewall.conf.html">shorewall6.conf(5)</ulink>); <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink>);
or</para> or</para>
</listitem> </listitem>
@ -46,14 +46,14 @@
<important> <important>
<para>Unlike rules in the <ulink <para>Unlike rules in the <ulink
url="shorewall6-rules.html">shorewall6-rules</ulink>(5) file, evaluation url="/manpages6/shorewall6-rules.html">shorewall6-rules</ulink>(5) file, evaluation
of rules in this file will continue after a match. So the final mark for of rules in this file will continue after a match. So the final mark for
each packet will be the one assigned by the LAST tcrule that each packet will be the one assigned by the LAST tcrule that
matches.</para> matches.</para>
<para>If you use multiple internet providers with the 'track' option, in <para>If you use multiple internet providers with the 'track' option, in
/etc/shorewall/providers be sure to read the restrictions at <ulink /etc/shorewall/providers be sure to read the restrictions at <ulink
url="http://shorewall.net/MultiISP.html">http://shorewall.net/MultiISP.html</ulink>.</para> url="/MultiISP.html">http://www.shorewall.net/MultiISP.html</ulink>.</para>
</important> </important>
<para>The columns in the file are as follows (where the column name is <para>The columns in the file are as follows (where the column name is
@ -106,7 +106,7 @@
<para>Unless otherwise specified for the particular <para>Unless otherwise specified for the particular
<replaceable>command</replaceable>, the default chain is PREROUTING <replaceable>command</replaceable>, the default chain is PREROUTING
when MARK_IN_FORWARD_CHAIN=No in <ulink when MARK_IN_FORWARD_CHAIN=No in <ulink
url="shorewall.conf.html">shorewall6.conf(5)</ulink>, and FORWARD url="/manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink>, and FORWARD
when MARK_IN_FORWARD_CHAIN=Yes.</para> when MARK_IN_FORWARD_CHAIN=Yes.</para>
<para>A chain-designator may not be specified if the SOURCE or DEST <para>A chain-designator may not be specified if the SOURCE or DEST
@ -161,11 +161,11 @@
<para>When using Shorewall's built-in traffic shaping tool, <para>When using Shorewall's built-in traffic shaping tool,
the <emphasis>major</emphasis> class is the device number (the the <emphasis>major</emphasis> class is the device number (the
first device in <ulink first device in <ulink
url="shorewall6-tcdevices.html">shorewall6-tcdevices</ulink>(5) url="/manpages6/shorewall6-tcdevices.html">shorewall6-tcdevices</ulink>(5)
is major class 1, the second device is major class 2, and so is major class 1, the second device is major class 2, and so
on) and the <emphasis>minor</emphasis> class is the class's on) and the <emphasis>minor</emphasis> class is the class's
MARK value in <ulink MARK value in <ulink
url="shorewall6-tcclasses.html">shorewall6-tcclasses</ulink>(5) url="/manpages6/shorewall6-tcclasses.html">shorewall6-tcclasses</ulink>(5)
preceded by the number 1 (MARK 1 corresponds to minor class preceded by the number 1 (MARK 1 corresponds to minor class
11, MARK 5 corresponds to minor class 15, MARK 22 corresponds 11, MARK 5 corresponds to minor class 15, MARK 22 corresponds
to minor class 122, etc.).</para> to minor class 122, etc.).</para>
@ -299,7 +299,7 @@
specified at the end of the rule. If the target is not one specified at the end of the rule. If the target is not one
known to Shorewall, then it must be defined as a builtin known to Shorewall, then it must be defined as a builtin
action in <ulink action in <ulink
url="shorewall6-actions.html">shorewall6-actions</ulink> url="/manpages6/shorewall6-actions.html">shorewall6-actions</ulink>
(5).</para> (5).</para>
<para>The following rules are equivalent:</para> <para>The following rules are equivalent:</para>
@ -312,7 +312,7 @@ INLINE eth0 - ; -p tcp -j MARK --set-mark
</programlisting> </programlisting>
<para>If INLINE_MATCHES=Yes in <ulink <para>If INLINE_MATCHES=Yes in <ulink
url="shorewall.conf.html">shorewall6.conf(5)</ulink> then the url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) then the
third rule above can be specified as follows:</para> third rule above can be specified as follows:</para>
<programlisting>2:P eth0 - ; -p tcp</programlisting> <programlisting>2:P eth0 - ; -p tcp</programlisting>
@ -445,7 +445,7 @@ INLINE eth0 - ; -p tcp -j MARK --set-mark
<para>This error message may be eliminated by adding the <para>This error message may be eliminated by adding the
<replaceable>target</replaceable> as a builtin action in <replaceable>target</replaceable> as a builtin action in
<ulink <ulink
url="shorewall6-actions.html">shorewall6-actions(5)</ulink>.</para> url="/manpages6/shorewall6-actions.html">shorewall6-actions</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -487,7 +487,7 @@ INLINE eth0 - ; -p tcp -j MARK --set-mark
then the assigned mark values are 0x200, 0x300 and 0x400 in then the assigned mark values are 0x200, 0x300 and 0x400 in
equal proportions. If no mask is specified, then ( 2 ** equal proportions. If no mask is specified, then ( 2 **
MASK_BITS ) - 1 is assumed (MASK_BITS is set in <ulink MASK_BITS ) - 1 is assumed (MASK_BITS is set in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -588,7 +588,7 @@ Normal-Service =&gt; 0x00</programlisting>
<listitem> <listitem>
<para>Transparently redirects a packet without altering the IP <para>Transparently redirects a packet without altering the IP
header. Requires a tproxy provider to be defined in <ulink header. Requires a tproxy provider to be defined in <ulink
url="shorewall6-providers.html">shorewall6-providers</ulink>(5).</para> url="/manpages6/shorewall6-providers.html">shorewall6-providers</ulink>(5).</para>
<para>There are three parameters to TPROXY - neither is <para>There are three parameters to TPROXY - neither is
required:</para> required:</para>
@ -714,7 +714,7 @@ Normal-Service =&gt; 0x00</programlisting>
<para>You may exclude certain hosts from the set already defined <para>You may exclude certain hosts from the set already defined
through use of an <emphasis>exclusion</emphasis> (see <ulink through use of an <emphasis>exclusion</emphasis> (see <ulink
url="shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para> url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -731,7 +731,7 @@ Normal-Service =&gt; 0x00</programlisting>
<para>An interface name. May not be used in the PREROUTING chain <para>An interface name. May not be used in the PREROUTING chain
(:P in the mark column or no chain qualifier and (:P in the mark column or no chain qualifier and
MARK_IN_FORWARD_CHAIN=No in <ulink MARK_IN_FORWARD_CHAIN=No in <ulink
url="shorewall6.conf">shorewall6.conf</ulink> (5)). The url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink> (5)). The
interface name may be optionally followed by a colon (":") and interface name may be optionally followed by a colon (":") and
an IP address list.</para> an IP address list.</para>
</listitem> </listitem>
@ -751,7 +751,7 @@ Normal-Service =&gt; 0x00</programlisting>
<para>You may exclude certain hosts from the set already defined <para>You may exclude certain hosts from the set already defined
through use of an <emphasis>exclusion</emphasis> (see <ulink through use of an <emphasis>exclusion</emphasis> (see <ulink
url="shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para> url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -786,7 +786,7 @@ Normal-Service =&gt; 0x00</programlisting>
destination icmp-type(s). ICMP types may be specified as a numeric destination icmp-type(s). ICMP types may be specified as a numeric
type, a numeric type and code separated by a slash (e.g., 3/4), or a type, a numeric type and code separated by a slash (e.g., 3/4), or a
typename. See <ulink typename. See <ulink
url="http://www.shorewall.net/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.</para> url="/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.</para>
<para>If the protocol is <emphasis role="bold">ipp2p</emphasis>, <para>If the protocol is <emphasis role="bold">ipp2p</emphasis>,
this column is interpreted as an ipp2p option without the leading this column is interpreted as an ipp2p option without the leading
@ -1146,16 +1146,16 @@ Normal-Service =&gt; 0x00</programlisting>
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para> url="/traffic_shaping.htm">http://www.shorewall.net/traffic_shaping.htm</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/MultiISP.html">http://shorewall.net/MultiISP.html</ulink></para> url="/MultiISP.html">http://www.shorewall.net/MultiISP.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/PacketMarking.html">http://shorewall.net/PacketMarking.html</ulink></para> url="/PacketMarking.html">http://www.shorewall.net/PacketMarking.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), <para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-ecn(5), shorewall6-exclusion(5), shorewall6-blacklist(5), shorewall6-ecn(5), shorewall6-exclusion(5),

View File

@ -35,9 +35,9 @@
<para>If you have more than one ISP link, adding entries to this file <para>If you have more than one ISP link, adding entries to this file
will <emphasis role="bold">not</emphasis> force connections to go out will <emphasis role="bold">not</emphasis> force connections to go out
through a particular link. You must use entries in <ulink through a particular link. You must use entries in <ulink
url="shorewall6-rtrules.html">shorewall6-rtrules</ulink>(5) or url="/manpages6/shorewall6-rtrules.html">shorewall6-rtrules</ulink>(5) or
PREROUTING entries in <ulink PREROUTING entries in <ulink
url="shorewall6-mangle.html">shorewall-tcrules</ulink>(5) to do url="/manpages6/shorewall6-tcrules.html">shorewall-tcrules</ulink>(5) to do
that.</para> that.</para>
</warning> </warning>
@ -56,17 +56,17 @@
internet interface.</para> internet interface.</para>
<para>Each interface must match an entry in <ulink <para>Each interface must match an entry in <ulink
url="shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5). url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5).
Shorewall allows loose matches to wildcard entries in <ulink Shorewall allows loose matches to wildcard entries in <ulink
url="shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5). url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5).
For example, <filename class="devicefile">ppp0</filename> in this For example, <filename class="devicefile">ppp0</filename> in this
file will match a <ulink file will match a <ulink
url="shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5) url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5)
entry that defines <filename entry that defines <filename
class="devicefile">ppp+</filename>.</para> class="devicefile">ppp+</filename>.</para>
<para>Where <ulink <para>Where <ulink
url="http://www.shorewall.net/4.4/MultiISP.html#Shared">more that url="/4.4/MultiISP.html#Shared">more that
one internet provider share a single interface</ulink>, the provider one internet provider share a single interface</ulink>, the provider
is specified by including the provider name or number in is specified by including the provider name or number in
parentheses:</para> parentheses:</para>
@ -81,7 +81,7 @@
addresses to indicate that you only want to change the source IP addresses to indicate that you only want to change the source IP
address for packets being sent to those particular destinations. address for packets being sent to those particular destinations.
Exclusion is allowed (see <ulink Exclusion is allowed (see <ulink
url="shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)) as url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)) as
are ipset names preceded by a plus sign '+'.</para> are ipset names preceded by a plus sign '+'.</para>
<para>Comments may be attached to Netfilter rules generated from <para>Comments may be attached to Netfilter rules generated from
@ -535,7 +535,7 @@
</programlisting> </programlisting>
<para>If INLINE_MATCHES=Yes in <ulink <para>If INLINE_MATCHES=Yes in <ulink
url="shorewall.conf.html">shorewall6.conf(5)</ulink>, then these url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5), then these
rules may be specified as follows:</para> rules may be specified as follows:</para>
<programlisting>/etc/shorewall/masq: <programlisting>/etc/shorewall/masq:

View File

@ -30,7 +30,7 @@
<para>These files specify which kernel modules shorewall6 will load before <para>These files specify which kernel modules shorewall6 will load before
trying to determine your ip6tables/kernel's capabilities. The trying to determine your ip6tables/kernel's capabilities. The
<filename>modules</filename> file is used when LOAD_HELPERS_ONLY=No in <filename>modules</filename> file is used when LOAD_HELPERS_ONLY=No in
<ulink url="shorewall6.conf.html">shorewall6.conf</ulink>(8); the <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5); the
<filename>helpers</filename> file is used when <filename>helpers</filename> file is used when
LOAD_HELPERS_ONLY=Yes.</para> LOAD_HELPERS_ONLY=Yes.</para>
@ -48,7 +48,7 @@
<para>The <replaceable>modulename</replaceable> names a kernel module <para>The <replaceable>modulename</replaceable> names a kernel module
(without suffix). shorewall6 will search for modules based on your (without suffix). shorewall6 will search for modules based on your
MODULESDIR and MODULE_SUFFIX settings in <ulink MODULESDIR and MODULE_SUFFIX settings in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(8). The url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5). The
<replaceable>moduleoption</replaceable>s are passed to modprobe (if <replaceable>moduleoption</replaceable>s are passed to modprobe (if
installed) or to insmod.</para> installed) or to insmod.</para>

View File

@ -24,7 +24,7 @@
<refsect1> <refsect1>
<title>Description</title> <title>Description</title>
<para>In <ulink url="shorewall-zones.html">shorewall6-zones</ulink>(5), a <para>In <ulink url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink>(5), a
zone may be declared to be a sub-zone of one or more other zones using the zone may be declared to be a sub-zone of one or more other zones using the
above syntax. The <replaceable>child-zone</replaceable> may be neither the above syntax. The <replaceable>child-zone</replaceable> may be neither the
firewall zone nor a vserver zone. The firewall zone may not appear as a firewall zone nor a vserver zone. The firewall zone may not appear as a
@ -32,7 +32,7 @@
firewall zone.</para> firewall zone.</para>
<para>Where zones are nested, the CONTINUE policy in <ulink <para>Where zones are nested, the CONTINUE policy in <ulink
url="shorewall6-policy.html">shorewall6-policy</ulink>(5) allows hosts url="/manpages6/shorewall6-policy.html">shorewall6-policy</ulink>(5) allows hosts
that are within multiple zones to be managed under the rules of all of that are within multiple zones to be managed under the rules of all of
these zones.</para> these zones.</para>
</refsect1> </refsect1>
@ -74,7 +74,7 @@
under rules where the source zone is net. It is important that this policy under rules where the source zone is net. It is important that this policy
be listed BEFORE the next policy (net to all). You can have this policy be listed BEFORE the next policy (net to all). You can have this policy
generated for you automatically by using the IMPLICIT_CONTINUE option in generated for you automatically by using the IMPLICIT_CONTINUE option in
<ulink url="shorewall6.conf.html">shorewall6.conf</ulink>(5).</para> <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
<para>Partial <filename>/etc/shorewall6/rules</filename>:</para> <para>Partial <filename>/etc/shorewall6/rules</filename>:</para>

View File

@ -82,7 +82,7 @@
<listitem> <listitem>
<para>Network in CIDR format (e.g., 2001:470:b:227/64). Beginning in <para>Network in CIDR format (e.g., 2001:470:b:227/64). Beginning in
Shorewall6 4.4.24, <ulink Shorewall6 4.4.24, <ulink
url="shorewall6-exclusion.html">exclusion</ulink> is url="/manpages6/shorewall6-exclusion.html">exclusion</ulink> is
supported.</para> supported.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -94,12 +94,12 @@
<listitem> <listitem>
<para>The name of a network interface. The interface must be defined <para>The name of a network interface. The interface must be defined
in <ulink in <ulink
url="shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5). url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5).
Shorewall allows loose matches to wildcard entries in <ulink Shorewall allows loose matches to wildcard entries in <ulink
url="shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5). url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5).
For example, <filename class="devicefile">ppp0</filename> in this For example, <filename class="devicefile">ppp0</filename> in this
file will match a <ulink file will match a <ulink
url="shorewall6-interfaces.html">shorewall6-interfaces</ulink>(8) url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5)
entry that defines <filename entry that defines <filename
class="devicefile">ppp+</filename>.</para> class="devicefile">ppp+</filename>.</para>
</listitem> </listitem>
@ -147,7 +147,7 @@
destination icmp-type(s). ICMP types may be specified as a numeric destination icmp-type(s). ICMP types may be specified as a numeric
type, a numeric type and code separated by a slash (e.g., 3/4), or type, a numeric type and code separated by a slash (e.g., 3/4), or
a typename. See <ulink a typename. See <ulink
url="http://www.shorewall.net/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.</para> url="/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.</para>
<para>If the protocol is <emphasis role="bold">ipp2p</emphasis>, <para>If the protocol is <emphasis role="bold">ipp2p</emphasis>,
this column is interpreted as an ipp2p option without the leading this column is interpreted as an ipp2p option without the leading
@ -188,9 +188,9 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/netmap.html">http://shorewall.net/netmap.html</ulink></para> url="/netmap.html">http://www.shorewall.net/netmap.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
</refsect1> </refsect1>
</refentry> </refentry>

View File

@ -26,7 +26,7 @@
<para>Assign any shell variables that you need in this file. The file is <para>Assign any shell variables that you need in this file. The file is
always processed by <filename>/bin/sh</filename> or by the shell specified always processed by <filename>/bin/sh</filename> or by the shell specified
through SHOREWALL_SHELL in <ulink through SHOREWALL_SHELL in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink> (5) so the full range url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink> (5) so the full range
of shell capabilities may be used.</para> of shell capabilities may be used.</para>
<para>It is suggested that variable names begin with an upper case letter <para>It is suggested that variable names begin with an upper case letter
@ -40,7 +40,7 @@
<simplelist> <simplelist>
<member><emphasis role="bold">Any option from <ulink <member><emphasis role="bold">Any option from <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>
(5)</emphasis></member> (5)</emphasis></member>
<member><emphasis role="bold">COMMAND</emphasis></member> <member><emphasis role="bold">COMMAND</emphasis></member>
@ -107,7 +107,7 @@
NET_OPTIONS=dhcp,nosmurfs</programlisting> NET_OPTIONS=dhcp,nosmurfs</programlisting>
<para>Example <ulink <para>Example <ulink
url="shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5) url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5)
file.</para> file.</para>
<programlisting>ZONE INTERFACE BROADCAST OPTIONS <programlisting>ZONE INTERFACE BROADCAST OPTIONS
@ -129,7 +129,7 @@ net eth0 - dhcp,nosmurfs</programlisting>
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://www.shorewall.net/configuration_file_basics.htm#Variables?">http://www.shorewall.net/configuration_file_basics.htm#Variables</ulink></para> url="/configuration_file_basics.htm#Variables">http://www.shorewall.net/configuration_file_basics.htm#Variables</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), <para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),

View File

@ -25,7 +25,7 @@
<para>This file defines the high-level policy for connections between <para>This file defines the high-level policy for connections between
zones defined in <ulink zones defined in <ulink
url="shorewall6-zones.html">shorewall6-zones</ulink>(5).</para> url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink>(5).</para>
<important> <important>
<para>The order of entries in this file is important</para> <para>The order of entries in this file is important</para>
@ -66,7 +66,7 @@
<listitem> <listitem>
<para>Source zone. Must be the name of a zone defined in <ulink <para>Source zone. Must be the name of a zone defined in <ulink
url="shorewall-zones.html">shorewall-zones</ulink>(5), $FW, "all" or url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink>(5), $FW, "all" or
"all+".</para> "all+".</para>
<para>Support for "all+" was added in Shorewall 4.5.17. "all" does <para>Support for "all+" was added in Shorewall 4.5.17. "all" does
@ -84,7 +84,7 @@
<listitem> <listitem>
<para>Destination zone. Must be the name of a zone defined in <ulink <para>Destination zone. Must be the name of a zone defined in <ulink
url="shorewall-zones.html">shorewall-zones</ulink>(5), $FW, "all" or url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink>(5), $FW, "all" or
"all+". If the DEST is a bport zone, then the SOURCE must be "all", "all+". If the DEST is a bport zone, then the SOURCE must be "all",
"all+", another bport zone associated with the same bridge, or it "all+", another bport zone associated with the same bridge, or it
must be an ipv4 zone that is associated with only the same must be an ipv4 zone that is associated with only the same
@ -118,7 +118,7 @@
<listitem> <listitem>
<para>The word "None" or "none". This causes any default action <para>The word "None" or "none". This causes any default action
defined in <ulink defined in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5) to be url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) to be
omitted for this policy.</para> omitted for this policy.</para>
</listitem> </listitem>
@ -191,7 +191,7 @@
might also match (where the source or destination zone in might also match (where the source or destination zone in
those rules is a superset of the SOURCE or DEST in this those rules is a superset of the SOURCE or DEST in this
policy). See <ulink policy). See <ulink
url="shorewall6-nesting.html">shorewall6-nesting</ulink>(5) url="/manpages6/shorewall6-nesting.html">shorewall6-nesting</ulink>(5)
for additional information.</para> for additional information.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -231,7 +231,7 @@
url="http://www.netfilter.org/projects/ulogd/index.html">http://www.netfilter.org/projects/ulogd/index.html</ulink>).</para> url="http://www.netfilter.org/projects/ulogd/index.html">http://www.netfilter.org/projects/ulogd/index.html</ulink>).</para>
<para>For a description of log levels, see <ulink <para>For a description of log levels, see <ulink
url="http://www.shorewall.net/shorewall_logging.html.">http://www.shorewall.net/shorewall_logging.html.</ulink></para> url="/shorewall_logging.html.">http://www.shorewall.net/shorewall_logging.html.</ulink></para>
<para>If you don't want to log but need to specify the following <para>If you don't want to log but need to specify the following
column, place "-" here.</para> column, place "-" here.</para>
@ -327,7 +327,7 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), <para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),

View File

@ -77,11 +77,11 @@
<listitem> <listitem>
<para>A FWMARK <emphasis>value</emphasis> used in your <ulink <para>A FWMARK <emphasis>value</emphasis> used in your <ulink
url="shorewall6-mangle.html">shorewall6-mangle(5)</ulink> file to url="/manpages6/shorewall6-mangle.html">shorewall6-mangle</ulink>(5) file to
direct packets to this provider.</para> direct packets to this provider.</para>
<para>If HIGH_ROUTE_MARKS=Yes in <ulink <para>If HIGH_ROUTE_MARKS=Yes in <ulink
url="shorewall6.conf.html">shorewall6.conf(5)</ulink>, then the url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5), then the
value must be a multiple of 256 between 256 and 65280 or their value must be a multiple of 256 between 256 and 65280 or their
hexadecimal equivalents (0x0100 and 0xff00 with the low-order byte hexadecimal equivalents (0x0100 and 0xff00 with the low-order byte
of the value being zero). Otherwise, the value must be between 1 and of the value being zero). Otherwise, the value must be between 1 and
@ -110,7 +110,7 @@
<listitem> <listitem>
<para>The name of the network interface to the provider. Must be <para>The name of the network interface to the provider. Must be
listed in <ulink listed in <ulink
url="shorewall6-interfaces.html">shorewall6-interfaces(5)</ulink>.</para> url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -190,7 +190,7 @@
<para>Beginning with Shorewall 4.4.3, <option>track</option> <para>Beginning with Shorewall 4.4.3, <option>track</option>
defaults to the setting of the TRACK_PROVIDERS option in defaults to the setting of the TRACK_PROVIDERS option in
<ulink url="shorwewall6.conf.html">shorewall6.conf</ulink> <ulink url="/manpages6/shorwewall6.conf.html">shorewall6.conf</ulink>
(5). If you set TRACK_PROVIDERS=Yes and want to override that (5). If you set TRACK_PROVIDERS=Yes and want to override that
setting for an individual provider, then specify setting for an individual provider, then specify
<option>notrack</option> (see below).</para> <option>notrack</option> (see below).</para>
@ -238,7 +238,7 @@
and configured with an IPv4 address then ignore this provider. and configured with an IPv4 address then ignore this provider.
If not specified, the value of the <option>optional</option> If not specified, the value of the <option>optional</option>
option for the INTERFACE in <ulink option for the INTERFACE in <ulink
url="shorewall6-interfaces.html">shorewall6-interfaces(5)</ulink> url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces(5)</ulink>
is assumed. Use of that option is preferred to this one, is assumed. Use of that option is preferred to this one,
unless an <replaceable>address</replaceable> is provider in unless an <replaceable>address</replaceable> is provider in
the INTERFACE column.</para> the INTERFACE column.</para>
@ -275,7 +275,7 @@
<listitem> <listitem>
<para>Added in Shorewall 4.5.4. Used for supporting the TPROXY <para>Added in Shorewall 4.5.4. Used for supporting the TPROXY
action in shorewall-tcrules(5). See <ulink action in shorewall-tcrules(5). See <ulink
url="http://www.shorewall.net/Shorewall_Squid_Usage.html">http://www.shorewall.net/Shorewall_Squid_Usage.html</ulink>. url="/Shorewall_Squid_Usage.html">http://www.shorewall.net/Shorewall_Squid_Usage.html</ulink>.
When specified, the MARK, DUPLICATE and GATEWAY columns should When specified, the MARK, DUPLICATE and GATEWAY columns should
be empty, INTERFACE should be set to 'lo' and be empty, INTERFACE should be set to 'lo' and
<option>tproxy</option> should be the only OPTION. Only one <option>tproxy</option> should be the only OPTION. Only one
@ -389,10 +389,10 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/MultiISP.html">http://shorewall.net/MultiISP.html</ulink></para> url="/MultiISP.html">http://www.shorewall.net/MultiISP.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), <para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),

View File

@ -133,7 +133,7 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), <para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-exclusion(5), shorewall6-hosts(5), shorewall6-blacklist(5), shorewall6-exclusion(5), shorewall6-hosts(5),

View File

@ -34,7 +34,7 @@
<listitem> <listitem>
<para>The name or number of a provider defined in <ulink <para>The name or number of a provider defined in <ulink
url="shorewall6-providers.html">shorewall6-providers</ulink> (5). url="/manpages6/shorewall6-providers.html">shorewall6-providers</ulink> (5).
Beginning with Shorewall 4.5.14, you may also enter Beginning with Shorewall 4.5.14, you may also enter
<option>main</option> in this column to add routes to the main <option>main</option> in this column to add routes to the main
routing table.</para> routing table.</para>
@ -73,7 +73,7 @@
<listitem> <listitem>
<para>Specifies the device route. If neither DEVICE nor GATEWAY is <para>Specifies the device route. If neither DEVICE nor GATEWAY is
given, then the INTERFACE specified for the PROVIDER in <ulink given, then the INTERFACE specified for the PROVIDER in <ulink
url="shorewall6-providers.html">shorewall6-providers</ulink> url="/manpages6/shorewall6-providers.html">shorewall6-providers</ulink>
(5).This column must be omitted if <option>blackhole</option>, (5).This column must be omitted if <option>blackhole</option>,
<option>prohibit</option> or <option>unreachable</option> is <option>prohibit</option> or <option>unreachable</option> is
specified in the GATEWAY column.</para> specified in the GATEWAY column.</para>
@ -92,7 +92,7 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), <para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),

View File

@ -25,7 +25,7 @@
<title>Description</title> <title>Description</title>
<para>This file is deprecated in favor of the <ulink <para>This file is deprecated in favor of the <ulink
url="shorewall-stoppedrules.html">shorewall6-stoppedrules</ulink>(5) url="/manpages6/shorewall6-stoppedrules.html">shorewall6-stoppedrules</ulink>(5)
file.</para> file.</para>
<para>This file is used to define the hosts that are accessible when the <para>This file is used to define the hosts that are accessible when the
@ -80,7 +80,7 @@
themselves. Beginning with Shorewall 4.4.9, this option is themselves. Beginning with Shorewall 4.4.9, this option is
automatically set if <emphasis automatically set if <emphasis
role="bold">routeback</emphasis> is specified in <ulink role="bold">routeback</emphasis> is specified in <ulink
url="shorewall6-interfaces.html">shorewall6-interfaces</ulink> url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>
(5) or if the rules compiler detects that the interface is a (5) or if the rules compiler detects that the interface is a
bridge.</para> bridge.</para>
</listitem> </listitem>
@ -149,7 +149,7 @@
<para>The <emphasis role="bold">source</emphasis> and <emphasis <para>The <emphasis role="bold">source</emphasis> and <emphasis
role="bold">dest</emphasis> options work best when used in conjunction role="bold">dest</emphasis> options work best when used in conjunction
with ADMINISABSENTMINDED=Yes in <ulink with ADMINISABSENTMINDED=Yes in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
</note> </note>
</refsect1> </refsect1>
@ -181,10 +181,10 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/starting_and_stopping_shorewall.htm">http://shorewall.net/starting_and_stopping_shorewall.htm</ulink></para> url="/starting_and_stopping_shorewall.htm">http://www.shorewall.net/starting_and_stopping_shorewall.htm</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), <para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),

View File

@ -25,7 +25,7 @@
<para>Entries in this file cause traffic to be routed to one of the <para>Entries in this file cause traffic to be routed to one of the
providers listed in <ulink providers listed in <ulink
url="shorewall6-providers.html">shorewall6-providers</ulink>(5).</para> url="/manpages6/shorewall6-providers.html">shorewall6-providers</ulink>(5).</para>
<para>The columns in the file are as follows.</para> <para>The columns in the file are as follows.</para>
@ -164,7 +164,7 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/MultiISP.html">http://shorewall.net/MultiISP.html</ulink></para> url="/MultiISP.html">http://www.shorewall.net/MultiISP.html</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), <para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),

View File

@ -25,7 +25,7 @@
<para>Entries in this file govern connection establishment by defining <para>Entries in this file govern connection establishment by defining
exceptions to the policies laid out in <ulink exceptions to the policies laid out in <ulink
url="shorewall6-policy.html">shorewall6-policy</ulink>(5). By default, url="/manpages6/shorewall6-policy.html">shorewall6-policy</ulink>(5). By default,
subsequent requests and responses are automatically allowed using subsequent requests and responses are automatically allowed using
connection tracking. For any particular (source,dest) pair of zones, the connection tracking. For any particular (source,dest) pair of zones, the
rules are evaluated in the order in which they appear in this file and the rules are evaluated in the order in which they appear in this file and the
@ -80,7 +80,7 @@
<para>There is an implicit rule added at the end of this section <para>There is an implicit rule added at the end of this section
that invokes the RELATED_DISPOSITION (<ulink that invokes the RELATED_DISPOSITION (<ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -96,7 +96,7 @@
<para>There is an implicit rule added at the end of this section <para>There is an implicit rule added at the end of this section
that invokes the INVALID_DISPOSITION (<ulink that invokes the INVALID_DISPOSITION (<ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -112,7 +112,7 @@
<para>There is an implicit rule added at the end of this section <para>There is an implicit rule added at the end of this section
that invokes the UNTRACKED_DISPOSITION (<ulink that invokes the UNTRACKED_DISPOSITION (<ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -137,7 +137,7 @@
<warning> <warning>
<para>If you specify FASTACCEPT=Yes in <ulink <para>If you specify FASTACCEPT=Yes in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5) then the <emphasis url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) then the <emphasis
role="bold">ESTABLISHED</emphasis> and <emphasis role="bold">ESTABLISHED</emphasis> and <emphasis
role="bold">RELATED</emphasis> sections must be empty.</para> role="bold">RELATED</emphasis> sections must be empty.</para>
@ -197,7 +197,7 @@
<listitem> <listitem>
<para>like ACCEPT but exempts the rule from being suppressed <para>like ACCEPT but exempts the rule from being suppressed
by OPTIMIZE=1 in <ulink by OPTIMIZE=1 in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -207,7 +207,7 @@
<listitem> <listitem>
<para>The name of an <emphasis>action</emphasis> declared in <para>The name of an <emphasis>action</emphasis> declared in
<ulink <ulink
url="shorewall6-actions.html">shorewall6-actions</ulink>(5) or url="/manpages6/shorewall6-actions.html">shorewall6-actions</ulink>(5) or
in /usr/share/shorewall/actions.std.</para> in /usr/share/shorewall/actions.std.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -302,11 +302,11 @@
<para>Do not process any of the following rules for this <para>Do not process any of the following rules for this
(source zone,destination zone). If the source and/or (source zone,destination zone). If the source and/or
destination IP address falls into a zone defined later in destination IP address falls into a zone defined later in
<ulink url="shorewall6-zones.html">shorewall6-zones</ulink>(5) <ulink url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink>(5)
or in a parent zone of the source or destination zones, then or in a parent zone of the source or destination zones, then
this connection request will be passed to the rules defined this connection request will be passed to the rules defined
for that (those) zone(s). See <ulink for that (those) zone(s). See <ulink
url="shorewall6-nesting.html">shorewall6-nesting</ulink>(5) url="/manpages6/shorewall6-nesting.html">shorewall6-nesting</ulink>(5)
for additional information.</para> for additional information.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -317,7 +317,7 @@
<listitem> <listitem>
<para>like CONTINUE but exempts the rule from being suppressed <para>like CONTINUE but exempts the rule from being suppressed
by OPTIMIZE=1 in <ulink by OPTIMIZE=1 in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -388,7 +388,7 @@
<listitem> <listitem>
<para>like DROP but exempts the rule from being suppressed by <para>like DROP but exempts the rule from being suppressed by
OPTIMIZE=1 in <ulink OPTIMIZE=1 in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -419,7 +419,7 @@
INLINE(ACCEPT)). Otherwise, you can include it after the INLINE(ACCEPT)). Otherwise, you can include it after the
semicolon. In this case, you must declare the target as a semicolon. In this case, you must declare the target as a
builtin action in <ulink builtin action in <ulink
url="shorewall6-actions.html">shorewall6-actions</ulink>(5).</para> url="/manpages6/shorewall6-actions.html">shorewall6-actions</ulink>(5).</para>
<para>Some considerations when using INLINE:</para> <para>Some considerations when using INLINE:</para>
@ -464,7 +464,7 @@
<para>This error message may be eliminated by adding the <para>This error message may be eliminated by adding the
<replaceable>target</replaceable> as a builtin action in <replaceable>target</replaceable> as a builtin action in
<ulink <ulink
url="shorewall6-actions.html">shorewall6-actions(5)</ulink>.</para> url="/manpages6/shorewall6-actions.html">shorewall6-actions(5)</ulink>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -510,7 +510,7 @@
<para>Added in Shorewall 4.5.9.3. Queues matching packets to a <para>Added in Shorewall 4.5.9.3. Queues matching packets to a
back end logging daemon via a netlink socket then continues to back end logging daemon via a netlink socket then continues to
the next rule. See <ulink the next rule. See <ulink
url="http://www.shorewall.net/shorewall.logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.</para> url="/shorewall_logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.</para>
<para>Similar to<emphasis role="bold"> <para>Similar to<emphasis role="bold">
LOG:NFLOG</emphasis>[(<replaceable>nflog-parameters</replaceable>)], LOG:NFLOG</emphasis>[(<replaceable>nflog-parameters</replaceable>)],
@ -539,7 +539,7 @@
<listitem> <listitem>
<para>like NFQUEUE but exempts the rule from being suppressed <para>like NFQUEUE but exempts the rule from being suppressed
by OPTIMIZE=1 in <ulink by OPTIMIZE=1 in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -571,7 +571,7 @@
<listitem> <listitem>
<para>like QUEUE but exempts the rule from being suppressed by <para>like QUEUE but exempts the rule from being suppressed by
OPTIMIZE=1 in <ulink OPTIMIZE=1 in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -613,7 +613,7 @@
<listitem> <listitem>
<para>like REJECT but exempts the rule from being suppressed <para>like REJECT but exempts the rule from being suppressed
by OPTIMIZE=1 in <ulink by OPTIMIZE=1 in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -629,7 +629,7 @@
<para>If the <emphasis role="bold">ACTION</emphasis> names an <para>If the <emphasis role="bold">ACTION</emphasis> names an
<emphasis>action</emphasis> declared in <ulink <emphasis>action</emphasis> declared in <ulink
url="shorewall-actions.html">shorewall-actions</ulink>(5) or in url="/manpages/shorewall-actions.html">shorewall-actions</ulink>(5) or in
/usr/share/shorewall/actions.std then:</para> /usr/share/shorewall/actions.std then:</para>
<itemizedlist> <itemizedlist>
@ -660,7 +660,7 @@
<para>Actions specifying logging may be followed by a log tag (a <para>Actions specifying logging may be followed by a log tag (a
string of alphanumeric characters) which is appended to the string string of alphanumeric characters) which is appended to the string
generated by the LOGPREFIX (in <ulink generated by the LOGPREFIX (in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5)).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para>
<para>Example: ACCEPT:info:ftp would include 'ftp ' at the end of <para>Example: ACCEPT:info:ftp would include 'ftp ' at the end of
the log prefix generated by the LOGPREFIX setting.</para> the log prefix generated by the LOGPREFIX setting.</para>
@ -688,7 +688,7 @@
<para>Beginning with Shorewall 4.4.13, you may use a <para>Beginning with Shorewall 4.4.13, you may use a
<replaceable>zone-list </replaceable>which consists of a <replaceable>zone-list </replaceable>which consists of a
comma-separated list of zones declared in <ulink comma-separated list of zones declared in <ulink
url="shorewall-zones.html">shorewall-zones</ulink> (5). This url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink> (5). This
<replaceable>zone-list</replaceable> may be optionally followed by <replaceable>zone-list</replaceable> may be optionally followed by
"+" to indicate that the rule is to apply to intra-zone traffic as "+" to indicate that the rule is to apply to intra-zone traffic as
well as inter-zone traffic.</para> well as inter-zone traffic.</para>
@ -707,7 +707,7 @@
role="bold">-</emphasis>] is "used, intra-zone traffic is affected. role="bold">-</emphasis>] is "used, intra-zone traffic is affected.
Beginning with Shorewall 4.4.13, exclusion is supported -- see see Beginning with Shorewall 4.4.13, exclusion is supported -- see see
<ulink <ulink
url="shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5).</para> url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5).</para>
<para>Except when <emphasis role="bold">all</emphasis>[<emphasis <para>Except when <emphasis role="bold">all</emphasis>[<emphasis
role="bold">+</emphasis>][<emphasis role="bold">-</emphasis>] or role="bold">+</emphasis>][<emphasis role="bold">-</emphasis>] or
@ -740,7 +740,7 @@
firewall interface can be specified by an ampersand ('&amp;') firewall interface can be specified by an ampersand ('&amp;')
followed by the logical name of the interface as found in the followed by the logical name of the interface as found in the
INTERFACE column of <ulink INTERFACE column of <ulink
url="shorewall-interfaces.html">shorewall6-interfaces</ulink> url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>
(5).</para> (5).</para>
<para>Beginning with Shorewall 4.5.4, A <para>Beginning with Shorewall 4.5.4, A
@ -750,7 +750,7 @@
preceded by a caret ('^'). When a single country code is given, the preceded by a caret ('^'). When a single country code is given, the
square brackets may be omitted. A list of country codes supported by square brackets may be omitted. A list of country codes supported by
Shorewall may be found at <ulink Shorewall may be found at <ulink
url="http://www.shorewall.net/ISO-3661.html">http://www.shorewall.net/ISO-3661.html</ulink>. url="/ISO-3661.html">http://www.shorewall.net/ISO-3661.html</ulink>.
Specifying a <replaceable>countrycode-list</replaceable> requires Specifying a <replaceable>countrycode-list</replaceable> requires
<firstterm>GeoIP Match</firstterm> support in your ip6tables and <firstterm>GeoIP Match</firstterm> support in your ip6tables and
Kernel.</para> Kernel.</para>
@ -761,7 +761,7 @@
<para>You may exclude certain hosts from the set already defined <para>You may exclude certain hosts from the set already defined
through use of an <emphasis>exclusion</emphasis> (see <ulink through use of an <emphasis>exclusion</emphasis> (see <ulink
url="shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para> url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para>
<para>Examples:</para> <para>Examples:</para>
@ -856,7 +856,7 @@
<listitem> <listitem>
<para>Location of Server. May be a zone declared in <ulink <para>Location of Server. May be a zone declared in <ulink
url="shorewall6-zones.html">shorewall6-zones</ulink>(5), $<emphasis url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink>(5), $<emphasis
role="bold">FW</emphasis> to indicate the firewall itself, <emphasis role="bold">FW</emphasis> to indicate the firewall itself, <emphasis
role="bold">all</emphasis>. <emphasis role="bold">all+</emphasis> or role="bold">all</emphasis>. <emphasis role="bold">all+</emphasis> or
<emphasis role="bold">none</emphasis>.</para> <emphasis role="bold">none</emphasis>.</para>
@ -864,18 +864,18 @@
<para>Beginning with Shorewall 4.4.13, you may use a <para>Beginning with Shorewall 4.4.13, you may use a
<replaceable>zone-list </replaceable>which consists of a <replaceable>zone-list </replaceable>which consists of a
comma-separated list of zones declared in <ulink comma-separated list of zones declared in <ulink
url="shorewall-zones.html">shorewall-zones</ulink> (5). Ths url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink> (5). Ths
<replaceable>zone-list</replaceable> may be optionally followed by <replaceable>zone-list</replaceable> may be optionally followed by
"+" to indicate that the rule is to apply to intra-zone traffic as "+" to indicate that the rule is to apply to intra-zone traffic as
well as inter-zone traffic. Beginning with Shorewall-4.4.13, well as inter-zone traffic. Beginning with Shorewall-4.4.13,
exclusion is supported -- see see <ulink exclusion is supported -- see see <ulink
url="shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5).</para> url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5).</para>
<para>Beginning with Shorewall6 4.4.17, the primary IP address of a <para>Beginning with Shorewall6 4.4.17, the primary IP address of a
firewall interface can be specified by an ampersand ('&amp;') firewall interface can be specified by an ampersand ('&amp;')
followed by the logical name of the interface as found in the followed by the logical name of the interface as found in the
INTERFACE column of <ulink INTERFACE column of <ulink
url="shorewall-interfaces.html">shorewall6-interfaces</ulink> url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>
(5).</para> (5).</para>
<para>Beginning with Shorewall 4.5.4, A <para>Beginning with Shorewall 4.5.4, A
@ -885,7 +885,7 @@
preceded by a caret ('^'). When a single country code is given, the preceded by a caret ('^'). When a single country code is given, the
square brackets may be omitted. A list of country codes supported by square brackets may be omitted. A list of country codes supported by
Shorewall may be found at <ulink Shorewall may be found at <ulink
url="http://www.shorewall.net/ISO-3661.html">http://www.shorewall.net/ISO-3661.html</ulink>. url="/ISO-3661.html">http://www.shorewall.net/ISO-3661.html</ulink>.
Specifying a <replaceable>countrycode-list</replaceable> requires Specifying a <replaceable>countrycode-list</replaceable> requires
<firstterm>GeoIP Match</firstterm> support in your ip6tables and <firstterm>GeoIP Match</firstterm> support in your ip6tables and
Kernel.</para> Kernel.</para>
@ -925,7 +925,7 @@
<para>You may exclude certain hosts from the set already defined <para>You may exclude certain hosts from the set already defined
through use of an <emphasis>exclusion</emphasis> (see <ulink through use of an <emphasis>exclusion</emphasis> (see <ulink
url="shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para> url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para>
<para>Restriction: MAC addresses are not allowed (this is a <para>Restriction: MAC addresses are not allowed (this is a
Netfilter restriction).</para> Netfilter restriction).</para>
@ -1024,7 +1024,7 @@
interpreted as the destination icmp-type(s). ICMP types may be interpreted as the destination icmp-type(s). ICMP types may be
specified as a numeric type, a numeric type and code separated by a specified as a numeric type, a numeric type and code separated by a
slash (e.g., 3/4), or a typename. See <ulink slash (e.g., 3/4), or a typename. See <ulink
url="http://www.shorewall.net/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>. url="/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.
Note that prior to Shorewall6 4.4.19, only a single ICMP type may be Note that prior to Shorewall6 4.4.19, only a single ICMP type may be
listed.</para> listed.</para>
@ -1549,7 +1549,7 @@
</simplelist> </simplelist>
<para>If the HELPERS option is specified in <ulink <para>If the HELPERS option is specified in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5), then any module url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5), then any module
specified in this column must be listed in the HELPERS specified in this column must be listed in the HELPERS
setting.</para> setting.</para>
</listitem> </listitem>
@ -1644,7 +1644,7 @@
<programlisting> -A fw2net -p 6 -m mickey-mouse --name test -m set --match-set set1 src -m mickey-mouse --name test2 -j SECCTX --name test3</programlisting> <programlisting> -A fw2net -p 6 -m mickey-mouse --name test -m set --match-set set1 src -m mickey-mouse --name test2 -j SECCTX --name test3</programlisting>
<para>Note that SECCTX must be defined as a builtin action in <ulink <para>Note that SECCTX must be defined as a builtin action in <ulink
url="shorewall6-actions.html">shorewall6-actions</ulink>(5):</para> url="/manpages6/shorewall6-actions.html">shorewall6-actions</ulink>(5):</para>
<programlisting> #ACTION OPTIONS <programlisting> #ACTION OPTIONS
SECCTX builtin</programlisting> SECCTX builtin</programlisting>
@ -1663,10 +1663,10 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://www.shorewall.net/shorewall_logging.html">http://www.shorewall.net/shorewall_logging.html</ulink></para> url="/shorewall_logging.html">http://www.shorewall.net/shorewall_logging.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), <para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-blrules(5), shorewall6-hosts(5), shorewall6-blacklist(5), shorewall6-blrules(5), shorewall6-hosts(5),

View File

@ -25,7 +25,7 @@
<important> <important>
<para>Unlike rules in the <ulink <para>Unlike rules in the <ulink
url="shorewall6-rules.html">shorewall6-rules</ulink>(5) file, evaluation url="/manpages6/shorewall6-rules.html">shorewall6-rules</ulink>(5) file, evaluation
of rules in this file will continue after a match. So the final secmark of rules in this file will continue after a match. So the final secmark
for each packet will be the one assigned by the LAST rule that for each packet will be the one assigned by the LAST rule that
matches.</para> matches.</para>
@ -182,7 +182,7 @@
<para>You may exclude certain hosts from the set already defined <para>You may exclude certain hosts from the set already defined
through use of an <emphasis>exclusion</emphasis> (see <ulink through use of an <emphasis>exclusion</emphasis> (see <ulink
url="shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para> url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -210,7 +210,7 @@
<para>You may exclude certain hosts from the set already defined <para>You may exclude certain hosts from the set already defined
through use of an <emphasis>exclusion</emphasis> (see <ulink through use of an <emphasis>exclusion</emphasis> (see <ulink
url="shorewall-exclusion.html">shorewall6-exclusion</ulink>(5)).</para> url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -245,7 +245,7 @@
destination icmp-type(s). ICMP types may be specified as a numeric destination icmp-type(s). ICMP types may be specified as a numeric
type, a numeric type and code separated by a slash (e.g., 3/4), or type, a numeric type and code separated by a slash (e.g., 3/4), or
a typename. See <ulink a typename. See <ulink
url="http://www.shorewall.net/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.</para> url="/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.</para>
<para>If the protocol is <emphasis role="bold">ipp2p</emphasis>, <para>If the protocol is <emphasis role="bold">ipp2p</emphasis>,
this column is interpreted as an ipp2p option without the leading this column is interpreted as an ipp2p option without the leading
@ -412,7 +412,7 @@ RESTORE I:ER</programlisting>
url="http://james-morris.livejournal.com/11010.html">http://james-morris.livejournal.com/11010.html</ulink></para> url="http://james-morris.livejournal.com/11010.html">http://james-morris.livejournal.com/11010.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall6(8), shorewall6-actions(5), shorewall6-blacklist(5), <para>shorewall6(8), shorewall6-actions(5), shorewall6-blacklist(5),
shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),

View File

@ -147,10 +147,10 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/starting_and_stopping_shorewall.htm">http://shorewall.net/starting_and_stopping_shorewall.htm</ulink></para> url="/starting_and_stopping_shorewall.htm">http://www.shorewall.net/starting_and_stopping_shorewall.htm</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),

View File

@ -125,7 +125,7 @@
<para>You may specify either the interface number or the interface <para>You may specify either the interface number or the interface
name. If the <emphasis role="bold">classify</emphasis> option is name. If the <emphasis role="bold">classify</emphasis> option is
given for the interface in <ulink given for the interface in <ulink
url="shorewall6-tcdevices.html">shorewall6-tcdevices</ulink>(5), url="/manpages6/shorewall6-tcdevices.html">shorewall6-tcdevices</ulink>(5),
then you must also specify an interface class (an integer that must then you must also specify an interface class (an integer that must
be unique within classes associated with this interface).</para> be unique within classes associated with this interface).</para>
@ -134,13 +134,13 @@
<para>Please note that you can only use interface names in here that <para>Please note that you can only use interface names in here that
have a bandwidth defined in the <ulink have a bandwidth defined in the <ulink
url="shorewall6-tcdevices.html">shorewall6-tcdevices</ulink>(5) url="/manpages6/shorewall6-tcdevices.html">shorewall6-tcdevices</ulink>(5)
file.</para> file.</para>
<para>Normally, all classes defined here are sub-classes of a root <para>Normally, all classes defined here are sub-classes of a root
class (class number 1) that is implicitly defined from the entry in class (class number 1) that is implicitly defined from the entry in
<ulink <ulink
url="shorewall6-tcdevices.html">shorewall6-tcdevices</ulink>(5). You url="/manpages6/shorewall6-tcdevices.html">shorewall6-tcdevices</ulink>(5). You
can establish a class hierarchy by specifying a can establish a class hierarchy by specifying a
<emphasis>parent</emphasis> class -- the number of a class that you <emphasis>parent</emphasis> class -- the number of a class that you
have previously defined. The sub-class may borrow unused bandwidth have previously defined. The sub-class may borrow unused bandwidth
@ -155,12 +155,12 @@
<listitem> <listitem>
<para>The mark <emphasis>value</emphasis> which is an integer in the <para>The mark <emphasis>value</emphasis> which is an integer in the
range 1-255. You set mark values in the <ulink range 1-255. You set mark values in the <ulink
url="shorewall6-mangle.html">shorewall6-mangle</ulink>(5) file, url="/manpages6/shorewall6-mangle.html">shorewall6-mangle</ulink>(5) file,
marking the traffic you want to fit in the classes defined in here. marking the traffic you want to fit in the classes defined in here.
Must be specified as '-' if the <emphasis Must be specified as '-' if the <emphasis
role="bold">classify</emphasis> option is given for the interface in role="bold">classify</emphasis> option is given for the interface in
<ulink <ulink
url="shorewall6-tcdevices.html">shorewall6-tcdevices</ulink>(5) and url="/manpages6/shorewall6-tcdevices.html">shorewall6-tcdevices</ulink>(5) and
you are running Shorewall 4.5 5 or earlier.</para> you are running Shorewall 4.5 5 or earlier.</para>
<para>You can use the same marks for different interfaces.</para> <para>You can use the same marks for different interfaces.</para>
@ -718,10 +718,10 @@
<para>tc-red(8)</para> <para>tc-red(8)</para>
<para><ulink <para><ulink
url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para> url="/traffic_shaping.htm">http://www.shorewall.net/traffic_shaping.htm</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), <para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),

View File

@ -104,7 +104,7 @@
<para>Name of <emphasis>interface</emphasis>. Each interface may be <para>Name of <emphasis>interface</emphasis>. Each interface may be
listed only once in this file. You may NOT specify the name of an listed only once in this file. You may NOT specify the name of an
alias (e.g., eth0:0) here; see <ulink alias (e.g., eth0:0) here; see <ulink
url="http://www.shorewall.net/FAQ.htm#faq18">http://www.shorewall.net/FAQ.htm#faq18</ulink></para> url="/FAQ.htm#faq18">http://www.shorewall.net/FAQ.htm#faq18</ulink></para>
<para>You may NOT specify wildcards here, e.g. if you have multiple <para>You may NOT specify wildcards here, e.g. if you have multiple
ppp interfaces, you need to put them all in here!</para> ppp interfaces, you need to put them all in here!</para>
@ -152,7 +152,7 @@
may be configured instead. Rate-estimated filters should be used may be configured instead. Rate-estimated filters should be used
with Ethernet adapters that have Generic Receive Offload enabled by with Ethernet adapters that have Generic Receive Offload enabled by
default. See <ulink default. See <ulink
url="http://www.shorewall.net/FAQ.htm#faq97a">Shorewall FAQ url="/FAQ.htm#faq97a">Shorewall FAQ
97a</ulink>.</para> 97a</ulink>.</para>
<para>To create a rate-estimated filter, precede the bandwidth with <para>To create a rate-estimated filter, precede the bandwidth with
@ -172,7 +172,7 @@
<para>The outgoing <emphasis>bandwidth</emphasis> of that interface. <para>The outgoing <emphasis>bandwidth</emphasis> of that interface.
This is the maximum speed your connection can handle. It is also the This is the maximum speed your connection can handle. It is also the
speed you can refer as "full" if you define the tc classes in <ulink speed you can refer as "full" if you define the tc classes in <ulink
url="shorewall6-tcclasses.html">shorewall6-tcclasses</ulink>(5). url="/manpages6/shorewall6-tcclasses.html">shorewall6-tcclasses</ulink>(5).
Outgoing traffic above this rate will be dropped.</para> Outgoing traffic above this rate will be dropped.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -196,7 +196,7 @@
<para><option>classify</option> ― When specified, Shorewall will not <para><option>classify</option> ― When specified, Shorewall will not
generate tc or Netfilter rules to classify traffic based on packet generate tc or Netfilter rules to classify traffic based on packet
marks. You must do all classification using CLASSIFY rules in <ulink marks. You must do all classification using CLASSIFY rules in <ulink
url="shorewall-tcrules.html">shorewall-tcrules</ulink>(5).</para> url="/manpages6/shorewall6-tcrules.html">shorewall6-tcrules</ulink>(5).</para>
<para><option>htb</option> - Use the <firstterm>Hierarchical Token <para><option>htb</option> - Use the <firstterm>Hierarchical Token
Bucket</firstterm> queuing discipline. This is the default.</para> Bucket</firstterm> queuing discipline. This is the default.</para>
@ -285,7 +285,7 @@
<para>tc-hfsc (7)</para> <para>tc-hfsc (7)</para>
<para><ulink <para><ulink
url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para> url="/traffic_shaping.htm">http://www.shorewall.net/traffic_shaping.htm</ulink></para>
<para><ulink <para><ulink
url="http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt</ulink></para> url="http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt</ulink></para>

View File

@ -70,10 +70,10 @@
<listitem> <listitem>
<para>The name or number of an <returnvalue>interface</returnvalue> <para>The name or number of an <returnvalue>interface</returnvalue>
defined in <ulink defined in <ulink
url="shorewall6-tcdevices.html">shorewall6-tcdevices</ulink>(5) url="/manpages6/shorewall6-tcdevices.html">shorewall6-tcdevices</ulink>(5)
followed by a <replaceable>class</replaceable> number defined for followed by a <replaceable>class</replaceable> number defined for
that interface in <ulink that interface in <ulink
url="shorewall6-tcclasses.html">shorewall6-tcclasses</ulink>(5).</para> url="/manpages6/shorewall6-tcclasses.html">shorewall6-tcclasses</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -312,13 +312,13 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para> url="/traffic_shaping.htm">http://www.shorewall.net/traffic_shaping.htm</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/MultiISP.html">http://shorewall.net/MultiISP.html</ulink></para> url="/MultiISP.html">http://www.shorewall.net/MultiISP.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/PacketMarking.html">http://shorewall.net/PacketMarking.html</ulink></para> url="/PacketMarking.html">http://www.shorewall.net/PacketMarking.html</ulink></para>
<para></para> <para></para>
</refsect1> </refsect1>

View File

@ -25,7 +25,7 @@
<para>This file lists the interfaces that are subject to simple traffic <para>This file lists the interfaces that are subject to simple traffic
shaping. Simple traffic shaping is enabled by setting TC_ENABLED=Simple in shaping. Simple traffic shaping is enabled by setting TC_ENABLED=Simple in
<ulink url="shorewall6.conf.html">shorewall6.conf</ulink>(5).</para> <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
<para>A note on the <emphasis>bandwidth</emphasis> definition used in this <para>A note on the <emphasis>bandwidth</emphasis> definition used in this
file:</para> file:</para>
@ -162,7 +162,7 @@
may be configured instead. Rate-estimated filters should be used may be configured instead. Rate-estimated filters should be used
with Ethernet adapters that have Generic Receive Offload enabled by with Ethernet adapters that have Generic Receive Offload enabled by
default. See <ulink default. See <ulink
url="http://www.shorewall.net/FAQ.htm#faq97a">Shorewall FAQ url="/FAQ.htm#faq97a">Shorewall FAQ
97a</ulink>.</para> 97a</ulink>.</para>
<para>To create a rate-estimated filter, precede the bandwidth with <para>To create a rate-estimated filter, precede the bandwidth with

View File

@ -25,12 +25,12 @@
<para>This file is used to specify the priority band of traffic for simple <para>This file is used to specify the priority band of traffic for simple
traffic shaping (TC_ENABLED=Simple in <ulink traffic shaping (TC_ENABLED=Simple in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5)). The priority band url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)). The priority band
of each packet is determined by the <emphasis role="bold">last</emphasis> of each packet is determined by the <emphasis role="bold">last</emphasis>
entry that the packet matches. If a packet doesn't match any entry in this entry that the packet matches. If a packet doesn't match any entry in this
file, then its priority will be determined by its TOS field. The default file, then its priority will be determined by its TOS field. The default
mapping is as follows but can be changed by setting the TC_PRIOMAP option mapping is as follows but can be changed by setting the TC_PRIOMAP option
in <ulink url="shorewall6.conf.html">shorewall6.conf</ulink>(5).</para> in <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
<programlisting>TOS Bits Means Linux Priority BAND <programlisting>TOS Bits Means Linux Priority BAND
------------------------------------------------------------ ------------------------------------------------------------
@ -63,7 +63,7 @@
<para>Classifies matching traffic as High Priority (1), Medium <para>Classifies matching traffic as High Priority (1), Medium
Priority (2) or Low Priority (3). For those interfaces listed in Priority (2) or Low Priority (3). For those interfaces listed in
<ulink <ulink
url="shorewall6-tcinterfaces.html">shorewall6-tcinterfaces</ulink>(5), url="/manpages6/shorewall6-tcinterfaces.html">shorewall6-tcinterfaces</ulink>(5),
Priority 2 traffic will be deferred so long and there is Priority 1 Priority 2 traffic will be deferred so long and there is Priority 1
traffic queued and Priority 3 traffic will be deferred so long as traffic queued and Priority 3 traffic will be deferred so long as
there is Priority 1 or Priority 2 traffic to send.</para> there is Priority 1 or Priority 2 traffic to send.</para>

View File

@ -28,14 +28,14 @@
<important> <important>
<para>Unlike rules in the <ulink <para>Unlike rules in the <ulink
url="shorewall6-rules.html">shorewall6-rules</ulink>(5) file, evaluation url="/manpages6/shorewall6-rules.html">shorewall6-rules</ulink>(5) file, evaluation
of rules in this file will continue after a match. So the final mark for of rules in this file will continue after a match. So the final mark for
each packet will be the one assigned by the LAST tcrule that each packet will be the one assigned by the LAST tcrule that
matches.</para> matches.</para>
<para>If you use multiple internet providers with the 'track' option, in <para>If you use multiple internet providers with the 'track' option, in
/etc/shorewall6/providers be sure to read the restrictions at <ulink /etc/shorewall6/providers be sure to read the restrictions at <ulink
url="http://shorewall.net/MultiISP.html">http://shorewall.net/MultiISP.html</ulink>.</para> url="/MultiISP.html">http://www.shorewall.net/MultiISP.html</ulink>.</para>
</important> </important>
<para>Beginning with Shorewall 4.5.4, the tcrules file supports two <para>Beginning with Shorewall 4.5.4, the tcrules file supports two
@ -123,7 +123,7 @@
<para>- Otherwise, the chain is determined by the setting of <para>- Otherwise, the chain is determined by the setting of
MARK_IN_FORWARD_CHAIN in <ulink MARK_IN_FORWARD_CHAIN in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
<para>Please note that <emphasis role="bold">:I</emphasis> is <para>Please note that <emphasis role="bold">:I</emphasis> is
included for completeness and affects neither traffic shaping included for completeness and affects neither traffic shaping
@ -203,7 +203,7 @@
then the assigned mark values are 0x200, 0x300 and 0x400 in then the assigned mark values are 0x200, 0x300 and 0x400 in
equal proportions. If no mask is specified, then ( 2 ** equal proportions. If no mask is specified, then ( 2 **
MASK_BITS ) - 1 is assumed (MASK_BITS is set in <ulink MASK_BITS ) - 1 is assumed (MASK_BITS is set in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para>
<para>May optionally be followed by <emphasis <para>May optionally be followed by <emphasis
role="bold">:P</emphasis>, <emphasis role="bold">:P</emphasis>, <emphasis
@ -231,7 +231,7 @@
<para>- Otherwise, the chain is determined by the setting of <para>- Otherwise, the chain is determined by the setting of
MARK_IN_FORWARD_CHAIN in <ulink MARK_IN_FORWARD_CHAIN in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
<para>Please note that <emphasis role="bold">:I</emphasis> is <para>Please note that <emphasis role="bold">:I</emphasis> is
included for completeness and affects neither traffic shaping included for completeness and affects neither traffic shaping
@ -317,11 +317,11 @@
<para>When using Shorewall6's built-in traffic shaping tool, the <para>When using Shorewall6's built-in traffic shaping tool, the
<emphasis>major</emphasis> class is the device number (the first <emphasis>major</emphasis> class is the device number (the first
device in <ulink device in <ulink
url="shorewall6-tcdevices.html">shorewall6-tcdevices</ulink>(5) url="/manpages6/shorewall6-tcdevices.html">shorewall6-tcdevices</ulink>(5)
is major class 1, the second device is major class 2, and so on) is major class 1, the second device is major class 2, and so on)
and the <emphasis>minor</emphasis> class is the class's MARK and the <emphasis>minor</emphasis> class is the class's MARK
value in <ulink value in <ulink
url="shorewall6-tcclasses.html">shorewall6-tcclasses</ulink>(5) url="/manpages6/shorewall6-tcclasses.html">shorewall6-tcclasses</ulink>(5)
preceded by the number 1 (MARK 1 corresponds to minor class 11, preceded by the number 1 (MARK 1 corresponds to minor class 11,
MARK 5 corresponds to minor class 15, MARK 22 corresponds to MARK 5 corresponds to minor class 15, MARK 22 corresponds to
minor class 122, etc.).</para> minor class 122, etc.).</para>
@ -517,7 +517,7 @@
[<replaceable>option</replaceable>] ...") after any matches [<replaceable>option</replaceable>] ...") after any matches
specified at the end of the rule. If the target is not one known specified at the end of the rule. If the target is not one known
to Shorewall, then it must be defined as a builtin action in to Shorewall, then it must be defined as a builtin action in
<ulink url="shorewall6-actions.html">shorewall6-actions</ulink> <ulink url="/manpages6/shorewall6-actions.html">shorewall6-actions</ulink>
(5).</para> (5).</para>
<para>The following rules are equivalent:</para> <para>The following rules are equivalent:</para>
@ -529,7 +529,7 @@ INLINE eth0 - tcp 22 ; -j MARK --set-mark 2
INLINE eth0 - ; -p tcp -j MARK --set-mark 2</programlisting> INLINE eth0 - ; -p tcp -j MARK --set-mark 2</programlisting>
<para>If INLINE_MATCHES=Yes in <ulink <para>If INLINE_MATCHES=Yes in <ulink
url="shorewall.conf.html">shorewall.conf(5)</ulink> then the url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) then the
third rule above can be specified as follows:</para> third rule above can be specified as follows:</para>
<programlisting>2:P eth0 - ; -p tcp</programlisting> <programlisting>2:P eth0 - ; -p tcp</programlisting>
@ -653,7 +653,7 @@ Normal-Service =&gt; 0x00</programlisting>
<para>Transparently redirects a packet without altering the IP <para>Transparently redirects a packet without altering the IP
header. Requires a local provider to be defined in <ulink header. Requires a local provider to be defined in <ulink
url="shorewall6-providers.html">shorewall6-providers</ulink>(5).</para> url="/manpages6/shorewall6-providers.html">shorewall6-providers</ulink>(5).</para>
<para>There are three parameters to TPROXY - only the first <para>There are three parameters to TPROXY - only the first
(mark) is required:</para> (mark) is required:</para>
@ -662,7 +662,7 @@ Normal-Service =&gt; 0x00</programlisting>
<listitem> <listitem>
<para><replaceable>mark</replaceable> - the MARK value <para><replaceable>mark</replaceable> - the MARK value
corresponding to the local provider in <ulink corresponding to the local provider in <ulink
url="shorewall6-providers.html">shorewall6-providers</ulink>(5).</para> url="/manpages6/shorewall6-providers.html">shorewall6-providers</ulink>(5).</para>
</listitem> </listitem>
<listitem> <listitem>
@ -687,7 +687,7 @@ Normal-Service =&gt; 0x00</programlisting>
<para>Transparently redirects a packet without altering the IP <para>Transparently redirects a packet without altering the IP
header. Requires a local provider to be defined in <ulink header. Requires a local provider to be defined in <ulink
url="shorewall6-providers.html">shorewall6-providers</ulink>(5).</para> url="/manpages6/shorewall6-providers.html">shorewall6-providers</ulink>(5).</para>
<para>There are three parameters to TPROXY - only the first <para>There are three parameters to TPROXY - only the first
(mark) is required:</para> (mark) is required:</para>
@ -747,7 +747,7 @@ Normal-Service =&gt; 0x00</programlisting>
<para>You may exclude certain hosts from the set already defined <para>You may exclude certain hosts from the set already defined
through use of an <emphasis>exclusion</emphasis> (see <ulink through use of an <emphasis>exclusion</emphasis> (see <ulink
url="shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para> url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -777,7 +777,7 @@ Normal-Service =&gt; 0x00</programlisting>
<para>You may exclude certain hosts from the set already defined <para>You may exclude certain hosts from the set already defined
through use of an <emphasis>exclusion</emphasis> (see <ulink through use of an <emphasis>exclusion</emphasis> (see <ulink
url="shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para> url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -812,7 +812,7 @@ Normal-Service =&gt; 0x00</programlisting>
destination icmp-type(s). ICMP types may be specified as a numeric destination icmp-type(s). ICMP types may be specified as a numeric
type, a numeric type and code separated by a slash (e.g., 3/4), or a type, a numeric type and code separated by a slash (e.g., 3/4), or a
typename. See <ulink typename. See <ulink
url="http://www.shorewall.net/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.</para> url="/configuration_file_basics.htm#ICMP">http://www.shorewall.net/configuration_file_basics.htm#ICMP</ulink>.</para>
<para>If the protocol is <emphasis role="bold">ipp2p</emphasis>, <para>If the protocol is <emphasis role="bold">ipp2p</emphasis>,
this column is interpreted as an ipp2p option without the leading this column is interpreted as an ipp2p option without the leading
@ -1214,16 +1214,16 @@ Normal-Service =&gt; 0x00</programlisting>
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para> url="/traffic_shaping.htm">http://www.shorewall.net/traffic_shaping.htm</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/MultiISP.html">http://shorewall.net/MultiISP.html</ulink></para> url="/MultiISP.html">http://www.shorewall.net/MultiISP.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/PacketMarking.html">http://shorewall.net/PacketMarking.html</ulink></para> url="/PacketMarking.html">http://www.shorewall.net/PacketMarking.html</ulink></para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), <para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-ecn(5), shorewall6-exclusion(5), shorewall6-blacklist(5), shorewall6-ecn(5), shorewall6-exclusion(5),

View File

@ -25,7 +25,7 @@
<para>This file defines rules for setting Type Of Service (TOS). Its use <para>This file defines rules for setting Type Of Service (TOS). Its use
is deprecated, beginning in Shorewall 4.5.1, in favor of the TOS target in is deprecated, beginning in Shorewall 4.5.1, in favor of the TOS target in
<ulink url="shorewall6-mangle.html">shorewall6-mangle</ulink> <ulink url="/manpages6/shorewall6-mangle.html">shorewall6-mangle</ulink>
(5).</para> (5).</para>
<para>The columns in the file are as follows.</para> <para>The columns in the file are as follows.</para>
@ -166,7 +166,7 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), <para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),

View File

@ -27,7 +27,7 @@
encrypted) traffic to pass between the Shorewall6 system and a remote encrypted) traffic to pass between the Shorewall6 system and a remote
gateway. Traffic flowing through the tunnel is handled using the normal gateway. Traffic flowing through the tunnel is handled using the normal
zone/policy/rule mechanism. See <ulink zone/policy/rule mechanism. See <ulink
url="http://www.shorewall.net/VPNBasics.html">http://www.shorewall.net/VPNBasics.html</ulink> url="/VPNBasics.html">http://www.shorewall.net/VPNBasics.html</ulink>
for details.</para> for details.</para>
<para>The columns in the file are as follows (where the column name is <para>The columns in the file are as follows (where the column name is
@ -138,7 +138,7 @@
<para>Beginning with Shorewall 4.5.3, a list of addresses or ranges <para>Beginning with Shorewall 4.5.3, a list of addresses or ranges
may be given. Exclusion (<ulink may be given. Exclusion (<ulink
url="shorewall6-exclusion.html">shorewall6-exclusion</ulink> (5) ) url="/manpages6/shorewall6-exclusion.html">shorewall6-exclusion</ulink> (5) )
is not supported.</para> is not supported.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -240,7 +240,7 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), <para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),

View File

@ -44,14 +44,14 @@
"none", "SOURCE" and "DEST" are reserved and may not be used as zone "none", "SOURCE" and "DEST" are reserved and may not be used as zone
names. The maximum length of a zone name is determined by the names. The maximum length of a zone name is determined by the
setting of the LOGFORMAT option in <ulink setting of the LOGFORMAT option in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5). With the url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5). With the
default LOGFORMAT, zone names can be at most 5 characters default LOGFORMAT, zone names can be at most 5 characters
long.</para> long.</para>
<blockquote> <blockquote>
<para>The maximum length of an iptables log prefix is 29 bytes. As <para>The maximum length of an iptables log prefix is 29 bytes. As
explained in <ulink explained in <ulink
url="shorewall.conf.html">shorewall6.conf</ulink> (5), the default url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink> (5), the default
LOGPREFIX formatting string is “Shorewall:%s:%s:” where the first LOGPREFIX formatting string is “Shorewall:%s:%s:” where the first
%s is replaced by the chain name and the second is replaced by the %s is replaced by the chain name and the second is replaced by the
disposition.</para> disposition.</para>
@ -95,7 +95,7 @@
follow the (sub)zone name by ":" and a comma-separated list of the follow the (sub)zone name by ":" and a comma-separated list of the
parent zones. The parent zones must have been declared in earlier parent zones. The parent zones must have been declared in earlier
records in this file. See <ulink records in this file. See <ulink
url="shorewall6-nesting.html">shorewall6-nesting</ulink>(5) for url="/manpages6/shorewall6-nesting.html">shorewall6-nesting</ulink>(5) for
additional information.</para> additional information.</para>
<para>Example:</para> <para>Example:</para>
@ -108,7 +108,7 @@ c:a,b ipv6</programlisting>
<para>Currently, Shorewall6 uses this information to reorder the <para>Currently, Shorewall6 uses this information to reorder the
zone list so that parent zones appear after their subzones in the zone list so that parent zones appear after their subzones in the
list. The IMPLICIT_CONTINUE option in <ulink list. The IMPLICIT_CONTINUE option in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5) can also url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) can also
create implicit CONTINUE policies to/from the subzone.</para> create implicit CONTINUE policies to/from the subzone.</para>
<para>Where an <emphasis role="bold">ipsec</emphasis> zone is <para>Where an <emphasis role="bold">ipsec</emphasis> zone is
@ -135,7 +135,7 @@ c:a,b ipv6</programlisting>
the column. Communication with some zone hosts may be the column. Communication with some zone hosts may be
encrypted. Encrypted hosts are designated using the 'ipsec' encrypted. Encrypted hosts are designated using the 'ipsec'
option in <ulink option in <ulink
url="shorewall6-hosts.html">shorewall6-hosts</ulink>(5).</para> url="/manpages6/shorewall6-hosts.html">shorewall6-hosts</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -178,7 +178,7 @@ c:a,b ipv6</programlisting>
<listitem> <listitem>
<para>Added in Shorewall 4.4.11 Beta 2 - A zone composed of <para>Added in Shorewall 4.4.11 Beta 2 - A zone composed of
Linux-vserver guests. The zone contents must be defined in Linux-vserver guests. The zone contents must be defined in
<ulink url="shorewall6-hosts.html">shorewall6-hosts</ulink> <ulink url="/manpages6/shorewall6-hosts.html">shorewall6-hosts</ulink>
(5).</para> (5).</para>
<para>Vserver zones are implicitly handled as subzones of the <para>Vserver zones are implicitly handled as subzones of the
@ -206,7 +206,7 @@ c:a,b ipv6</programlisting>
$FW rules are defined, they are placed in a chain named $FW rules are defined, they are placed in a chain named
${FW}2${F2} or ${FW}-${FW} (e.g., 'fw2fw' or 'fw-fw' ) ${FW}2${F2} or ${FW}-${FW} (e.g., 'fw2fw' or 'fw-fw' )
depending on the ZONE2ZONE setting in <ulink depending on the ZONE2ZONE setting in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
</listitem> </listitem>
<listitem> <listitem>
@ -288,12 +288,12 @@ c:a,b ipv6</programlisting>
<para>When specified in the IN_OPTIONS column, causes all <para>When specified in the IN_OPTIONS column, causes all
traffic from this zone to be passed against the <emphasis traffic from this zone to be passed against the <emphasis
role="bold">src</emphasis> entries in <ulink role="bold">src</emphasis> entries in <ulink
url="shorewall6-blacklist.html">shorewall6-blacklist</ulink>(5).</para> url="/manpages6/shorewall6-blacklist.html">shorewall6-blacklist</ulink>(5).</para>
<para>When specified in the OUT_OPTIONS column, causes all <para>When specified in the OUT_OPTIONS column, causes all
traffic to this zone to be passed against the <emphasis traffic to this zone to be passed against the <emphasis
role="bold">dst</emphasis> entries in s<ulink role="bold">dst</emphasis> entries in s<ulink
url="shorewall6-blacklist.html">horewall6-blacklist</ulink>(5).</para> url="/manpages6/shorewall6-blacklist.html">horewall6-blacklist</ulink>(5).</para>
<para>Specifying this option in the OPTIONS column is <para>Specifying this option in the OPTIONS column is
equivalent to entering it in both of the IN_OPTIONS and equivalent to entering it in both of the IN_OPTIONS and
@ -309,7 +309,7 @@ c:a,b ipv6</programlisting>
OPTIONS column and indicates that only a single ipset should OPTIONS column and indicates that only a single ipset should
be created for this zone if it has multiple dynamic entries in be created for this zone if it has multiple dynamic entries in
<ulink <ulink
url="shorewall6-hosts.html">shorewall6-hosts</ulink>(5). url="/manpages6/shorewall6-hosts.html">shorewall6-hosts</ulink>(5).
Without this option, a separate ipset is created for each Without this option, a separate ipset is created for each
interface.</para> interface.</para>
</listitem> </listitem>
@ -353,7 +353,7 @@ c:a,b ipv6</programlisting>
<listitem> <listitem>
<para>sets the MSS field in TCP packets. If you supply this <para>sets the MSS field in TCP packets. If you supply this
option, you should also set FASTACCEPT=No in <ulink option, you should also set FASTACCEPT=No in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5) to url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) to
insure that both the SYN and SYN,ACK packets have their MSS insure that both the SYN and SYN,ACK packets have their MSS
field adjusted.</para> field adjusted.</para>
</listitem> </listitem>
@ -426,10 +426,10 @@ c:a,b ipv6</programlisting>
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://www.shorewall.net/Multiple_Zones.html">http://www.shorewall.net/Multiple_Zones.html</ulink>.</para> url="/Multiple_Zones.html">http://www.shorewall.net/Multiple_Zones.html</ulink>.</para>
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), <para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),

View File

@ -171,7 +171,7 @@
<para>If you set the value of either option to "None" then no <para>If you set the value of either option to "None" then no
default action will be used and the default action or macro must be default action will be used and the default action or macro must be
specified in <ulink specified in <ulink
url="shorewall6-policy.html">shorewall6-policy</ulink>(5).</para> url="/manpages6/shorewall6-policy.html">shorewall6-policy</ulink>(5).</para>
<para>You can pass <replaceable>parameters</replaceable> to the <para>You can pass <replaceable>parameters</replaceable> to the
specified action or macro (e.g., specified action or macro (e.g.,
@ -192,7 +192,7 @@
<listitem> <listitem>
<para>Added in Shorewall 4.4.7. If set to Yes, Shorewall6 accounting <para>Added in Shorewall 4.4.7. If set to Yes, Shorewall6 accounting
is enabled (see <ulink is enabled (see <ulink
url="shorewall6-accounting.html">shorewall6-accounting</ulink>(5)). url="/manpages6/shorewall6-accounting.html">shorewall6-accounting</ulink>(5)).
If not specified or set to the empty value, ACCOUNTING=Yes is If not specified or set to the empty value, ACCOUNTING=Yes is
assumed.</para> assumed.</para>
</listitem> </listitem>
@ -207,7 +207,7 @@
<para>Added in Shorewall 4.4.20. This setting determines which <para>Added in Shorewall 4.4.20. This setting determines which
Netfilter table the accounting rules are added in. By default, Netfilter table the accounting rules are added in. By default,
ACCOUNTING_TABLE=filter is assumed. See also <ulink ACCOUNTING_TABLE=filter is assumed. See also <ulink
url="shorewall-accounting.html">shorewall-accounting</ulink>(5).</para> url="/manpages6/shorewall6-accounting.html">shorewall6-accounting</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -219,11 +219,11 @@
<para>The value of this variable affects Shorewall6's stopped state. <para>The value of this variable affects Shorewall6's stopped state.
When ADMINISABSENTMINDED=No, only traffic to/from those addresses When ADMINISABSENTMINDED=No, only traffic to/from those addresses
listed in <ulink listed in <ulink
url="shorewall6-routestopped.html">shorewall6-routestopped</ulink>(5) url="/manpages6/shorewall6-routestopped.html">shorewall6-routestopped</ulink>(5)
is accepted when Shorewall6 is stopped. When is accepted when Shorewall6 is stopped. When
ADMINISABSENTMINDED=Yes, in addition to traffic to/from addresses in ADMINISABSENTMINDED=Yes, in addition to traffic to/from addresses in
<ulink <ulink
url="shorewall6-routestopped.html">shorewall6-routestopped</ulink>(5), url="/manpages6/shorewall6-routestopped.html">shorewall6-routestopped</ulink>(5),
connections that were active when Shorewall6 stopped continue to connections that were active when Shorewall6 stopped continue to
work and all new connections from the firewall system itself are work and all new connections from the firewall system itself are
allowed. If this variable is not set or is given the empty value allowed. If this variable is not set or is given the empty value
@ -280,13 +280,13 @@
<orderedlist numeration="loweralpha"> <orderedlist numeration="loweralpha">
<listitem> <listitem>
<para>Modify <ulink <para>Modify <ulink
url="shorewall-conntrack.html">shorewall6-conntrack</ulink> url="/manpages6/shorewall6-conntrack.html">shorewall6-conntrack</ulink>
(5) to only apply helpers where they are required; or</para> (5) to only apply helpers where they are required; or</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Specify the appropriate helper in the HELPER column in <para>Specify the appropriate helper in the HELPER column in
<ulink url="shorewall6-rules.html">shorewall6-rules</ulink> <ulink url="/manpages6/shorewall6-rules.html">shorewall6-rules</ulink>
(5).</para> (5).</para>
<note> <note>
@ -357,7 +357,7 @@
a value or if you assign an empty value then DROP is assumed. The a value or if you assign an empty value then DROP is assumed. The
setting determines the disposition of packets sent to the <emphasis setting determines the disposition of packets sent to the <emphasis
role="bold">blacklog</emphasis> target of <ulink role="bold">blacklog</emphasis> target of <ulink
url="shorewall6-blrules.html">shorewall6-blrules</ulink>(5).</para> url="/manpages6/shorewall6-blrules.html">shorewall6-blrules</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -374,7 +374,7 @@
hosts are not logged. The setting determines the log level of hosts are not logged. The setting determines the log level of
packets sent to the <emphasis role="bold">blacklog</emphasis> target packets sent to the <emphasis role="bold">blacklog</emphasis> target
of <ulink of <ulink
url="shorewall6-blrules.html">shorewall6-blrules</ulink>(5).</para> url="/manpages6/shorewall6-blrules.html">shorewall6-blrules</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -391,11 +391,11 @@
connections, for packets in the INVALID connection state (such as a connections, for packets in the INVALID connection state (such as a
TCP SYN,ACK when there has been no corresponding SYN), and for TCP SYN,ACK when there has been no corresponding SYN), and for
packets that are UNTRACKED due to entries in <ulink packets that are UNTRACKED due to entries in <ulink
url="shorewall6-conntrack.html">shorewall6-conntrack</ulink>(5). url="/manpages6/shorewall6-conntrack.html">shorewall6-conntrack</ulink>(5).
This includes entries in the <ulink This includes entries in the <ulink
url="shorewall6-blrules.html">shorewall6-blrules</ulink> (5) file url="/manpages6/shorewall6-blrules.html">shorewall6-blrules</ulink> (5) file
and in the BLACKLIST section of <ulink and in the BLACKLIST section of <ulink
url="shorewall6-rules.html">shorewall6-rules</ulink> (5).</para> url="/manpages6/shorewall6-rules.html">shorewall6-rules</ulink> (5).</para>
<para>When set to <emphasis role="bold">No</emphasis> or <emphasis <para>When set to <emphasis role="bold">No</emphasis> or <emphasis
role="bold">no</emphasis>, blacklists are consulted for every packet role="bold">no</emphasis>, blacklists are consulted for every packet
@ -464,13 +464,13 @@
/etc/shorewall6/tcstart file. That way, your traffic shaping rules /etc/shorewall6/tcstart file. That way, your traffic shaping rules
can still use the “fwmark” classifier based on packet marking can still use the “fwmark” classifier based on packet marking
defined in <ulink defined in <ulink
url="shorewall6-tcrules.html">shorewall6-tcrules</ulink>(5). If not url="/manpages6/shorewall6-tcrules.html">shorewall6-tcrules</ulink>(5). If not
specified, CLEAR_TC=No is assumed.</para> specified, CLEAR_TC=No is assumed.</para>
<warning> <warning>
<para>If you also run Shorewall and if you have <para>If you also run Shorewall and if you have
TC_ENABLED=Internal in your <ulink TC_ENABLED=Internal in your <ulink
url="../manpages/shorewall.conf.html">shorewall-conf</ulink>(5), url="/manpages/shorewall.conf.html">shorewall-conf</ulink>(5),
then you will want CLEAR_TC=No in this file.</para> then you will want CLEAR_TC=No in this file.</para>
</warning> </warning>
</listitem> </listitem>
@ -678,7 +678,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
are accepted early in the INPUT, FORWARD and OUTPUT chains. If you are accepted early in the INPUT, FORWARD and OUTPUT chains. If you
set FASTACCEPT=Yes then you may not include rules in the ESTABLISHED set FASTACCEPT=Yes then you may not include rules in the ESTABLISHED
or RELATED sections of <ulink or RELATED sections of <ulink
url="shorewall6-rules.html">shorewall6-rules</ulink>(5).</para> url="/manpages6/shorewall6-rules.html">shorewall6-rules</ulink>(5).</para>
<note> <note>
<para>FASTACCEPT=Yes is incompatible with <para>FASTACCEPT=Yes is incompatible with
@ -709,7 +709,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<para>Added in Shorewall 4.5.4. Specifies the pathname of the <para>Added in Shorewall 4.5.4. Specifies the pathname of the
directory containing the <firstterm>GeoIP Match</firstterm> directory containing the <firstterm>GeoIP Match</firstterm>
database. See <ulink database. See <ulink
url="http://www.shorewall.net/ISO-3661.html">http://www.shorewall.net/ISO-3661.html</ulink>. url="/ISO-3661.html">http://www.shorewall.net/ISO-3661.html</ulink>.
If not specified, the default value is If not specified, the default value is
<filename>/usr/share/xt_geoip/LE</filename> which is the default <filename>/usr/share/xt_geoip/LE</filename> which is the default
location of the little-endian database.</para> location of the little-endian database.</para>
@ -861,11 +861,11 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<para>Subzones are defined by following their name with ":" and a <para>Subzones are defined by following their name with ":" and a
list of parent zones (in <ulink list of parent zones (in <ulink
url="shorewall6-zones.html">shorewall6-zones</ulink>(5)). Normally, url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink>(5)). Normally,
you want to have a set of special rules for the subzone and if a you want to have a set of special rules for the subzone and if a
connection doesn't match any of those subzone-specific rules then connection doesn't match any of those subzone-specific rules then
you want the parent zone rules and policies to be applied; see you want the parent zone rules and policies to be applied; see
<ulink url="shorewall6-nesting.html">shorewall6-nesting</ulink>(5). <ulink url="/manpages6/shorewall6-nesting.html">shorewall6-nesting</ulink>(5).
With IMPLICIT_CONTINUE=Yes, that happens automatically.</para> With IMPLICIT_CONTINUE=Yes, that happens automatically.</para>
<para>If IMPLICIT_CONTINUE=No or if IMPLICIT_CONTINUE is not set, <para>If IMPLICIT_CONTINUE=No or if IMPLICIT_CONTINUE is not set,
@ -882,9 +882,9 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<listitem> <listitem>
<para>Added in Shorewall 4.6.0. Traditionally in <ulink <para>Added in Shorewall 4.6.0. Traditionally in <ulink
url="shorewall6-rules.html">shorewall6-rules(5)</ulink>, a semicolon url="/manpages6/shorewall6-rules.html">shorewall6-rules(5)</ulink>, a semicolon
separates column-oriented specifications on the left from <ulink separates column-oriented specifications on the left from <ulink
url="http://www.shorewall.net/configuration_file_basics.htm#Pairs">alternative url="/configuration_file_basics.htm#Pairs">alternative
specificaitons</ulink> on the right.. When INLINE_MATCHES=Yes is specificaitons</ulink> on the right.. When INLINE_MATCHES=Yes is
specified, the specifications on the right are interpreted as if specified, the specifications on the right are interpreted as if
INLINE had been specified in the ACTION column. If not specified or INLINE had been specified in the ACTION column. If not specified or
@ -900,7 +900,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<listitem> <listitem>
<para>Added in Shorewall 4.5.13. Shorewall has traditionally passed <para>Added in Shorewall 4.5.13. Shorewall has traditionally passed
INVALID packets through the NEW section of <ulink INVALID packets through the NEW section of <ulink
url="shorewall6-rules.html">shorewall-rules</ulink> (5). When a url="/manpages6/shorewall6-rules.html">shorewall-rules</ulink> (5). When a
packet in INVALID state fails to match any rule in the INVALID packet in INVALID state fails to match any rule in the INVALID
section, the packet is disposed of based on this setting. The section, the packet is disposed of based on this setting. The
default value is CONTINUE for compatibility with earlier default value is CONTINUE for compatibility with earlier
@ -915,7 +915,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<listitem> <listitem>
<para>Added in Shorewall 4.5.13. Packets in the INVALID state that <para>Added in Shorewall 4.5.13. Packets in the INVALID state that
do not match any rule in the INVALID section of <ulink do not match any rule in the INVALID section of <ulink
url="manpages/shorewall6-rules.html">shorewall-rules</ulink> (5) are url="/manpages6/shorewall6-rules.html">shorewall6-rules</ulink> (5) are
logged at this level. The default value is empty which means no logged at this level. The default value is empty which means no
logging is performed.</para> logging is performed.</para>
</listitem> </listitem>
@ -1205,7 +1205,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<note> <note>
<para>The setting of LOGFORMAT has an effect of the permitted <para>The setting of LOGFORMAT has an effect of the permitted
length of zone names. See <ulink length of zone names. See <ulink
url="shorewall6-zones.html">shorewall6-zones</ulink> (5).</para> url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink> (5).</para>
</note> </note>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1373,9 +1373,9 @@ LOG:info:,bar net fw</programlisting>
<listitem> <listitem>
<para>The performance of configurations with a large numbers of <para>The performance of configurations with a large numbers of
entries in <ulink entries in <ulink
url="shorewall-maclist.html">shorewall-maclist</ulink>(5) can be url="/manpages6/shorewall6-maclist.html">shorewall6-maclist</ulink>(5) can be
improved by setting the MACLIST_TTL variable in <ulink improved by setting the MACLIST_TTL variable in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
<para>If your iptables and kernel support the "Recent Match" (see <para>If your iptables and kernel support the "Recent Match" (see
the output of "shorewall check" near the top), you can cache the the output of "shorewall check" near the top), you can cache the
@ -1384,7 +1384,7 @@ LOG:info:,bar net fw</programlisting>
<para>When a new connection arrives from a 'maclist' interface, the <para>When a new connection arrives from a 'maclist' interface, the
packet passes through then list of entries for that interface in packet passes through then list of entries for that interface in
<ulink url="shorewall-maclist.html">shorewall-maclist</ulink>(5). If <ulink url="/manpages6/shorewall6-maclist.html">shorewall6-maclist</ulink>(5). If
there is a match then the source IP address is added to the 'Recent' there is a match then the source IP address is added to the 'Recent'
set for that interface. Subsequent connection attempts from that IP set for that interface. Subsequent connection attempts from that IP
address occurring within $MACLIST_TTL seconds will be accepted address occurring within $MACLIST_TTL seconds will be accepted
@ -1555,7 +1555,7 @@ LOG:info:,bar net fw</programlisting>
<listitem> <listitem>
<para>Optimization category 1 - Traditionally, Shorewall has <para>Optimization category 1 - Traditionally, Shorewall has
created rules for <ulink created rules for <ulink
url="../ScalabilityAndPerformance.html">the complete matrix of url="/ScalabilityAndPerformance.html">the complete matrix of
host groups defined by the zones, interfaces and hosts host groups defined by the zones, interfaces and hosts
files</ulink>. Any traffic that didn't correspond to an element files</ulink>. Any traffic that didn't correspond to an element
of that matrix was rejected in one of the built-in chains. When of that matrix was rejected in one of the built-in chains. When
@ -1860,7 +1860,7 @@ LOG:info:,bar net fw</programlisting>
<para>Added in Shorewall 4.4.27. Shorewall has traditionally <para>Added in Shorewall 4.4.27. Shorewall has traditionally
ACCEPTed RELATED packets that don't match any rule in the RELATED ACCEPTed RELATED packets that don't match any rule in the RELATED
section of <ulink section of <ulink
url="shorewall6-rules.html">shorewall6-rules</ulink> (5). Concern url="/manpages6/shorewall6-rules.html">shorewall6-rules</ulink> (5). Concern
about the safety of this practice resulted in the addition of this about the safety of this practice resulted in the addition of this
option. When a packet in RELATED state fails to match any rule in option. When a packet in RELATED state fails to match any rule in
the RELATED section, the packet is disposed of based on this the RELATED section, the packet is disposed of based on this
@ -1876,7 +1876,7 @@ LOG:info:,bar net fw</programlisting>
<listitem> <listitem>
<para>Added in Shorewall 4.4.27. Packets in the related state that <para>Added in Shorewall 4.4.27. Packets in the related state that
do not match any rule in the RELATED section of <ulink do not match any rule in the RELATED section of <ulink
url="manpages/shorewall-rules.html">shorewall6-rules</ulink> (5) are url="/manpages6/shorewall6-rules.html">shorewall6-rules</ulink> (5) are
logged at this level. The default value is empty which means no logged at this level. The default value is empty which means no
logging is performed.</para> logging is performed.</para>
</listitem> </listitem>
@ -1959,7 +1959,7 @@ INLINE - - - ; -j REJECT
<para>Added in Shorewall 4.4.10. The default is No. If set to Yes, <para>Added in Shorewall 4.4.10. The default is No. If set to Yes,
at least one optional interface must be up in order for the firewall at least one optional interface must be up in order for the firewall
to be in the started state. Intended to be used with the <ulink to be in the started state. Intended to be used with the <ulink
url="../Manpages/shorewall-init.html">Shorewall Init url="/manpages/shorewall-init.html">Shorewall Init
Package</ulink>.</para> Package</ulink>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -2003,7 +2003,7 @@ INLINE - - - ; -j REJECT
<para>Added in Shorewall 4.5.7. Determines the disposition of <para>Added in Shorewall 4.5.7. Determines the disposition of
packets entering from interfaces with the <option>rpfilter</option> packets entering from interfaces with the <option>rpfilter</option>
option (see <ulink option (see <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5)). url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5)).
Packets disposed of by this option are those whose response packets Packets disposed of by this option are those whose response packets
would not be sent through the same interface receiving the would not be sent through the same interface receiving the
packet.</para> packet.</para>
@ -2040,7 +2040,7 @@ INLINE - - - ; -j REJECT
<listitem> <listitem>
<para>Added in Shorewall 4.4.20. The default setting is DROP which <para>Added in Shorewall 4.4.20. The default setting is DROP which
causes smurf packets (see the nosmurfs option in <ulink causes smurf packets (see the nosmurfs option in <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5)) to url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5)) to
be dropped. A_DROP causes the packets to be audited prior to being be dropped. A_DROP causes the packets to be audited prior to being
dropped and requires AUDIT_TARGET support in the kernel and dropped and requires AUDIT_TARGET support in the kernel and
ip6tables.</para> ip6tables.</para>
@ -2054,7 +2054,7 @@ INLINE - - - ; -j REJECT
<listitem> <listitem>
<para>Specifies the logging level for smurf packets (see the <para>Specifies the logging level for smurf packets (see the
nosmurfs option in <ulink nosmurfs option in <ulink
url="shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5)). url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5)).
If set to the empty value ( SMURF_LOG_LEVEL="" ) then smurfs are not If set to the empty value ( SMURF_LOG_LEVEL="" ) then smurfs are not
logged.</para> logged.</para>
</listitem> </listitem>
@ -2068,7 +2068,7 @@ INLINE - - - ; -j REJECT
<listitem> <listitem>
<para>Added in Shorewall 4.4.20. Determines the disposition of <para>Added in Shorewall 4.4.20. Determines the disposition of
packets matching the <option>sfilter</option> option (see <ulink packets matching the <option>sfilter</option> option (see <ulink
url="shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5)) url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5))
and of <firstterm>hairpin</firstterm> packets on interfaces without and of <firstterm>hairpin</firstterm> packets on interfaces without
the <option>routeback</option> option.<footnote> the <option>routeback</option> option.<footnote>
<para>Hairpin packets are packets that are routed out of the <para>Hairpin packets are packets that are routed out of the
@ -2084,7 +2084,7 @@ INLINE - - - ; -j REJECT
<listitem> <listitem>
<para>Added on Shorewall 4.4.20. Determines the logging of packets <para>Added on Shorewall 4.4.20. Determines the logging of packets
matching the <option>sfilter</option> option (see <ulink matching the <option>sfilter</option> option (see <ulink
url="shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5)) url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5))
and of <firstterm>hairpin</firstterm> packets on interfaces without and of <firstterm>hairpin</firstterm> packets on interfaces without
the <option>routeback</option> option.<footnote> the <option>routeback</option> option.<footnote>
<para>Hairpin packets are packets that are routed out of the <para>Hairpin packets are packets that are routed out of the
@ -2187,13 +2187,13 @@ INLINE - - - ; -j REJECT
<filename>tcdevices</filename> and <filename>tcclasses</filename> <filename>tcdevices</filename> and <filename>tcclasses</filename>
files. This allows the compiler to have access to your Shorewall files. This allows the compiler to have access to your Shorewall
traffic shaping configuration so that it can validate CLASSIFY rules traffic shaping configuration so that it can validate CLASSIFY rules
in <ulink url="shorewall-tcrules.html">shorewall6-tcrules</ulink> in <ulink url="/manpages6/shorewall6-tcrules.html">shorewall6-tcrules</ulink>
(5).</para> (5).</para>
<warning> <warning>
<para>If you also run Shorewall and if you have <para>If you also run Shorewall and if you have
TC_ENABLED=Internal in your <ulink TC_ENABLED=Internal in your <ulink
url="../manpages/shorewall.conf.html">shorewall-conf</ulink>(5), url="/manpages/shorewall.conf.html">shorewall-conf</ulink>(5),
then you will want TC_ENABLED=No or TC_ENABLED=Shared in this then you will want TC_ENABLED=No or TC_ENABLED=Shared in this
file.</para> file.</para>
</warning> </warning>
@ -2208,7 +2208,7 @@ INLINE - - - ; -j REJECT
<para>Normally, Shorewall6 tries to protect users from themselves by <para>Normally, Shorewall6 tries to protect users from themselves by
preventing PREROUTING and OUTPUT tcrules from being applied to preventing PREROUTING and OUTPUT tcrules from being applied to
packets that have been marked by the 'track' option in <ulink packets that have been marked by the 'track' option in <ulink
url="shorewall6-providers.html">shorewall6-providers</ulink>(5).</para> url="/manpages6/shorewall6-providers.html">shorewall6-providers</ulink>(5).</para>
<para>If you know what you are doing, you can set TC_EXPERT=Yes and <para>If you know what you are doing, you can set TC_EXPERT=Yes and
Shorewall6 will not include these cautionary checks.</para> Shorewall6 will not include these cautionary checks.</para>
@ -2222,7 +2222,7 @@ INLINE - - - ; -j REJECT
<listitem> <listitem>
<para>Added in Shorewall 4.4.6. Determines the mapping of a packet's <para>Added in Shorewall 4.4.6. Determines the mapping of a packet's
TOS field to priority bands. See <ulink TOS field to priority bands. See <ulink
url="shorewall6-tcpri.html">shorewall6-tcpri</ulink>(5). The url="/manpages6/shorewall6-tcpri.html">shorewall6-tcpri</ulink>(5). The
<emphasis>map</emphasis> consists of 16 space-separated digits with <emphasis>map</emphasis> consists of 16 space-separated digits with
values 1, 2 or 3. A value of 1 corresponds to Linux priority 0, 2 to values 1, 2 or 3. A value of 1 corresponds to Linux priority 0, 2 to
Linux priority 1, and 3 to Linux Priority 2. The first entry gives Linux priority 1, and 3 to Linux Priority 2. The first entry gives
@ -2245,7 +2245,7 @@ INLINE - - - ; -j REJECT
<para>Determines the disposition of TCP packets that fail the checks <para>Determines the disposition of TCP packets that fail the checks
enabled by the <emphasis role="bold">tcpflags</emphasis> interface enabled by the <emphasis role="bold">tcpflags</emphasis> interface
option (see <ulink option (see <ulink
url="shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5)) url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5))
and must have a value of ACCEPT (accept the packet), REJECT (send an and must have a value of ACCEPT (accept the packet), REJECT (send an
RST response) or DROP (ignore the packet). If not set or if set to RST response) or DROP (ignore the packet). If not set or if set to
the empty value (e.g., TCP_FLAGS_DISPOSITION="") then the empty value (e.g., TCP_FLAGS_DISPOSITION="") then
@ -2273,20 +2273,20 @@ INLINE - - - ; -j REJECT
<para>Added in Shorewall 4.4.3. When set to Yes, causes the <para>Added in Shorewall 4.4.3. When set to Yes, causes the
<option>track</option> option to be assumed on all providers defined <option>track</option> option to be assumed on all providers defined
in <ulink in <ulink
url="shorewall6-providers.html">shorewall6-providers</ulink>(5). May url="/manpages6/shorewall6-providers.html">shorewall6-providers</ulink>(5). May
be overridden on an individual provider through use of the be overridden on an individual provider through use of the
<option>notrack</option> option. The default value is 'No'.</para> <option>notrack</option> option. The default value is 'No'.</para>
<para>Beginning in Shorewall 4.4.6, setting this option to 'Yes' <para>Beginning in Shorewall 4.4.6, setting this option to 'Yes'
also simplifies PREROUTING rules in <ulink also simplifies PREROUTING rules in <ulink
url="shorewall6-tcrules.html">shorewall6-tcrules</ulink>(5). url="/manpages6/shorewall6-tcrules.html">shorewall6-tcrules</ulink>(5).
Previously, when TC_EXPERT=No, packets arriving through 'tracked' Previously, when TC_EXPERT=No, packets arriving through 'tracked'
provider interfaces were unconditionally passed to the PREROUTING provider interfaces were unconditionally passed to the PREROUTING
tcrules. This was done so that tcrules could reset the packet mark tcrules. This was done so that tcrules could reset the packet mark
to zero, thus allowing the packet to be routed using the 'main' to zero, thus allowing the packet to be routed using the 'main'
routing table. Using the main table allowed dynamic routes (such as routing table. Using the main table allowed dynamic routes (such as
those added for VPNs) to be effective. The <ulink those added for VPNs) to be effective. The <ulink
url="shorewall6-rtrules.html">shorewall6-rtrules</ulink>(5) file was url="/manpages6/shorewall6-rtrules.html">shorewall6-rtrules</ulink>(5) file was
created to provide a better alternative to clearing the packet mark. created to provide a better alternative to clearing the packet mark.
As a consequence, passing these packets to PREROUTING complicates As a consequence, passing these packets to PREROUTING complicates
things without providing any real benefit. Beginning with Shorewall things without providing any real benefit. Beginning with Shorewall
@ -2322,7 +2322,7 @@ INLINE - - - ; -j REJECT
<listitem> <listitem>
<para>Added in Shorewall 4.5.13. Shorewall has traditionally passed <para>Added in Shorewall 4.5.13. Shorewall has traditionally passed
UNTRACKED packets through the NEW section of <ulink UNTRACKED packets through the NEW section of <ulink
url="shorewall6-rules.html">shorewall6-rules</ulink> (5). When a url="/manpages6/shorewall6-rules.html">shorewall6-rules</ulink> (5). When a
packet in UNTRACKED state fails to match any rule in the UNTRACKED packet in UNTRACKED state fails to match any rule in the UNTRACKED
section, the packet is disposed of based on this setting. The section, the packet is disposed of based on this setting. The
default value is CONTINUE for compatibility with earlier default value is CONTINUE for compatibility with earlier
@ -2337,7 +2337,7 @@ INLINE - - - ; -j REJECT
<listitem> <listitem>
<para>Added in Shorewall 4.5.13. Packets in the UNTRACKED state that <para>Added in Shorewall 4.5.13. Packets in the UNTRACKED state that
do not match any rule in the UNTRACKED section of <ulink do not match any rule in the UNTRACKED section of <ulink
url="manpages/shorewall-rules.html">shorewall-rules</ulink> (5) are url="/manpages6/shorewall6-rules.html">shorewall6-rules</ulink> (5) are
logged at this level. The default value is empty which means no logged at this level. The default value is empty which means no
logging is performed.</para> logging is performed.</para>
</listitem> </listitem>
@ -2362,7 +2362,7 @@ INLINE - - - ; -j REJECT
<orderedlist> <orderedlist>
<listitem> <listitem>
<para>Both the DUPLICATE and the COPY columns in <ulink <para>Both the DUPLICATE and the COPY columns in <ulink
url="shorewall6-providers.html">shorewall6-providers</ulink>(5) url="/manpages6/shorewall6-providers.html">shorewall6-providers</ulink>(5)
file must remain empty (or contain "-").</para> file must remain empty (or contain "-").</para>
</listitem> </listitem>
@ -2379,7 +2379,7 @@ INLINE - - - ; -j REJECT
<listitem> <listitem>
<para>Packets are sent through the main routing table by a rule <para>Packets are sent through the main routing table by a rule
with priority 999. In <ulink with priority 999. In <ulink
url="shorewall6-routing_rules.html">shorewall6-routing_rules</ulink>(5), url="/manpages6/shorewall6-routing_rules.html">shorewall6-routing_rules</ulink>(5),
the range 1-998 may be used for inserting rules that bypass the the range 1-998 may be used for inserting rules that bypass the
main table.</para> main table.</para>
</listitem> </listitem>

View File

@ -647,7 +647,7 @@
<para>The <option>trace</option> and <option>debug</option> options are <para>The <option>trace</option> and <option>debug</option> options are
used for debugging. See <ulink used for debugging. See <ulink
url="http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace">http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace</ulink>.</para> url="/starting_and_stopping_shorewall.htm#Trace">http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace</ulink>.</para>
<para>The nolock <option>option</option> prevents the command from <para>The nolock <option>option</option> prevents the command from
attempting to acquire the Shorewall6 lockfile. It is useful if you need to attempting to acquire the Shorewall6 lockfile. It is useful if you need to
@ -659,7 +659,7 @@
role="bold">v</emphasis> and <emphasis role="bold">q</emphasis>. If the role="bold">v</emphasis> and <emphasis role="bold">q</emphasis>. If the
options are omitted, the amount of output is determined by the setting of options are omitted, the amount of output is determined by the setting of
the VERBOSITY parameter in <ulink the VERBOSITY parameter in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5). Each <emphasis url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5). Each <emphasis
role="bold">v</emphasis> adds one to the effective verbosity and each role="bold">v</emphasis> adds one to the effective verbosity and each
<emphasis role="bold">q</emphasis> subtracts one from the effective <emphasis role="bold">q</emphasis> subtracts one from the effective
VERBOSITY. Alternatively, <emphasis role="bold">v</emphasis> may be VERBOSITY. Alternatively, <emphasis role="bold">v</emphasis> may be
@ -687,7 +687,7 @@
<para>The <emphasis>interface</emphasis> argument names an interface <para>The <emphasis>interface</emphasis> argument names an interface
defined in the <ulink defined in the <ulink
url="shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5) url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5)
file. A <emphasis>host-list</emphasis> is comma-separated list whose file. A <emphasis>host-list</emphasis> is comma-separated list whose
elements are host or network addresses.<caution> elements are host or network addresses.<caution>
<para>The <command>add</command> command is not very robust. If <para>The <command>add</command> command is not very robust. If
@ -701,7 +701,7 @@
<para>Beginning with Shorewall 4.5.9, the <emphasis <para>Beginning with Shorewall 4.5.9, the <emphasis
role="bold">dynamic_shared</emphasis> zone option (<ulink role="bold">dynamic_shared</emphasis> zone option (<ulink
url="shorewall6-zones.html">shorewall6-zones</ulink>(5)) allows a url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink>(5)) allows a
single ipset to handle entries for multiple interfaces. When that single ipset to handle entries for multiple interfaces. When that
option is specified for a zone, the <command>add</command> command option is specified for a zone, the <command>add</command> command
has the alternative syntax in which the has the alternative syntax in which the
@ -756,7 +756,7 @@
warning message to be issued if the line current line contains warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para> <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -822,7 +822,7 @@
warning message to be issued if the line current line contains warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para> <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -836,13 +836,13 @@
<para>The <emphasis>interface</emphasis> argument names an interface <para>The <emphasis>interface</emphasis> argument names an interface
defined in the <ulink defined in the <ulink
url="shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5) url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5)
file. A <emphasis>host-list</emphasis> is comma-separated list whose file. A <emphasis>host-list</emphasis> is comma-separated list whose
elements are a host or network address.</para> elements are a host or network address.</para>
<para>Beginning with Shorewall 4.5.9, the <emphasis <para>Beginning with Shorewall 4.5.9, the <emphasis
role="bold">dynamic_shared</emphasis> zone option (<ulink role="bold">dynamic_shared</emphasis> zone option (<ulink
url="shorewall6-zones.html">shorewall6-zones</ulink>(5)) allows a url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink>(5)) allows a
single ipset to handle entries for multiple interfaces. When that single ipset to handle entries for multiple interfaces. When that
option is specified for a zone, the <command>delete</command> option is specified for a zone, the <command>delete</command>
command has the alternative syntax in which the command has the alternative syntax in which the
@ -865,7 +865,7 @@
any optional network interface. <replaceable>interface</replaceable> any optional network interface. <replaceable>interface</replaceable>
may be either the logical or physical name of the interface. The may be either the logical or physical name of the interface. The
command removes any routes added from <ulink command removes any routes added from <ulink
url="shorewall6-routes.html">shorewall6-routes</ulink>(5) and any url="/manpages6/shorewall6-routes.html">shorewall6-routes</ulink>(5) and any
traffic shaping configuration for the interface.</para> traffic shaping configuration for the interface.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -912,7 +912,7 @@
may be either the logical or physical name of the interface. The may be either the logical or physical name of the interface. The
command sets <filename>/proc</filename> entries for the interface, command sets <filename>/proc</filename> entries for the interface,
adds any route specified in <ulink adds any route specified in <ulink
url="shorewall6-routes.html">shorewall6-routes</ulink>(5) and url="/manpages6/shorewall6-routes.html">shorewall6-routes</ulink>(5) and
installs the interface's traffic shaping configuration, if installs the interface's traffic shaping configuration, if
any.</para> any.</para>
</listitem> </listitem>
@ -949,7 +949,7 @@
<para>Deletes /var/lib/shorewall6/<emphasis>filename</emphasis> and <para>Deletes /var/lib/shorewall6/<emphasis>filename</emphasis> and
/var/lib/shorewall6/save. If no <emphasis>filename</emphasis> is /var/lib/shorewall6/save. If no <emphasis>filename</emphasis> is
given then the file specified by RESTOREFILE in <ulink given then the file specified by RESTOREFILE in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5) is url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) is
assumed.</para> assumed.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1032,7 +1032,7 @@
warning message to be issued if the line current line contains warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para> <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1043,7 +1043,7 @@
<para>Causes traffic from the listed <emphasis>address</emphasis>es <para>Causes traffic from the listed <emphasis>address</emphasis>es
to be logged then discarded. Logging occurs at the log level to be logged then discarded. Logging occurs at the log level
specified by the BLACKLIST_LOGLEVEL setting in <ulink specified by the BLACKLIST_LOGLEVEL setting in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink> (5).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink> (5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1052,7 +1052,7 @@
<listitem> <listitem>
<para>Monitors the log file specified by the LOGFILE option in <para>Monitors the log file specified by the LOGFILE option in
<ulink url="shorewall6.conf.html">shorewall6.conf</ulink>(5) and <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) and
produces an audible alarm when new Shorewall6 messages are logged. produces an audible alarm when new Shorewall6 messages are logged.
The <emphasis role="bold">-m</emphasis> option causes the MAC The <emphasis role="bold">-m</emphasis> option causes the MAC
address of each packet source to be displayed if that information is address of each packet source to be displayed if that information is
@ -1072,7 +1072,7 @@
<para>Causes traffic from the listed <emphasis>address</emphasis>es <para>Causes traffic from the listed <emphasis>address</emphasis>es
to be logged then rejected. Logging occurs at the log level to be logged then rejected. Logging occurs at the log level
specified by the BLACKLIST_LOGLEVEL setting in <ulink specified by the BLACKLIST_LOGLEVEL setting in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink> (5).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink> (5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1124,7 +1124,7 @@
warning message to be issued if the line current line contains warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para> <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
<para>The -<option>D</option> option was added in Shorewall 4.5.3 <para>The -<option>D</option> option was added in Shorewall 4.5.3
and causes Shorewall to look in the given and causes Shorewall to look in the given
@ -1184,7 +1184,7 @@
warning message to be issued if the line current line contains warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para> <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1229,7 +1229,7 @@
<para>The <option>-c</option> option was added in Shorewall 4.4.20 <para>The <option>-c</option> option was added in Shorewall 4.4.20
and performs the compilation step unconditionally, overriding the and performs the compilation step unconditionally, overriding the
AUTOMAKE setting in <ulink AUTOMAKE setting in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5). When both url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5). When both
<option>-f</option> and <option>-c </option>are present, the result <option>-f</option> and <option>-c </option>are present, the result
is determined by the option that appears last.</para> is determined by the option that appears last.</para>
@ -1241,7 +1241,7 @@
warning message to be issued if the line current line contains warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para> <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1256,7 +1256,7 @@
role="bold">shorewall6 save</emphasis>; if no role="bold">shorewall6 save</emphasis>; if no
<emphasis>filename</emphasis> is given then Shorewall6 will be <emphasis>filename</emphasis> is given then Shorewall6 will be
restored from the file specified by the RESTOREFILE option in <ulink restored from the file specified by the RESTOREFILE option in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1318,7 +1318,7 @@
role="bold">shorewall6 -f start</emphasis> commands. If role="bold">shorewall6 -f start</emphasis> commands. If
<emphasis>filename</emphasis> is not given then the state is saved <emphasis>filename</emphasis> is not given then the state is saved
in the file specified by the RESTOREFILE option in <ulink in the file specified by the RESTOREFILE option in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1445,7 +1445,7 @@
<listitem> <listitem>
<para>Displays the last 20 Shorewall6 messages from the log <para>Displays the last 20 Shorewall6 messages from the log
file specified by the LOGFILE option in <ulink file specified by the LOGFILE option in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5). The url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5). The
<emphasis role="bold">-m</emphasis> option causes the MAC <emphasis role="bold">-m</emphasis> option causes the MAC
address of each packet source to be displayed if that address of each packet source to be displayed if that
information is available.</para> information is available.</para>
@ -1537,7 +1537,7 @@
for configuration files. If <emphasis role="bold">-f</emphasis> is for configuration files. If <emphasis role="bold">-f</emphasis> is
specified, the saved configuration specified by the RESTOREFILE specified, the saved configuration specified by the RESTOREFILE
option in <ulink option in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5) will be url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) will be
restored if that saved configuration exists and has been modified restored if that saved configuration exists and has been modified
more recently than the files in /etc/shorewall6. When <emphasis more recently than the files in /etc/shorewall6. When <emphasis
role="bold">-f</emphasis> is given, a role="bold">-f</emphasis> is given, a
@ -1545,7 +1545,7 @@
<para>Update: In Shorewall6 4.4.20, a new LEGACY_FASTSTART option <para>Update: In Shorewall6 4.4.20, a new LEGACY_FASTSTART option
was added to <ulink was added to <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5). When url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5). When
LEGACY_FASTSTART=No, the modification times of files in LEGACY_FASTSTART=No, the modification times of files in
/etc/shorewall6 are compared with that of /etc/shorewall6 are compared with that of
/var/lib/shorewall6/firewall (the compiled script that last /var/lib/shorewall6/firewall (the compiled script that last
@ -1557,7 +1557,7 @@
<para>The <option>-c</option> option was added in Shorewall 4.4.20 <para>The <option>-c</option> option was added in Shorewall 4.4.20
and performs the compilation step unconditionally, overriding the and performs the compilation step unconditionally, overriding the
AUTOMAKE setting in <ulink AUTOMAKE setting in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5). When both url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5). When both
<option>-f</option> and <option>-c </option>are present, the result <option>-f</option> and <option>-c </option>are present, the result
is determined by the option that appears last.</para> is determined by the option that appears last.</para>
@ -1569,7 +1569,7 @@
warning message to be issued if the line current line contains warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para> <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1579,12 +1579,12 @@
<listitem> <listitem>
<para>Stops the firewall. All existing connections, except those <para>Stops the firewall. All existing connections, except those
listed in <ulink listed in <ulink
url="shorewall6-routestopped.html">shorewall6-routestopped</ulink>(5) url="/manpages6/shorewall6-routestopped.html">shorewall6-routestopped</ulink>(5)
or permitted by the ADMINISABSENTMINDED option in <ulink or permitted by the ADMINISABSENTMINDED option in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5), are taken url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5), are taken
down. The only new traffic permitted through the firewall is from down. The only new traffic permitted through the firewall is from
systems listed in <ulink systems listed in <ulink
url="shorewall6-routestopped.html">shorewall6-routestopped</ulink>(5) url="/manpages6/shorewall6-routestopped.html">shorewall6-routestopped</ulink>(5)
or by ADMINISABSENTMINDED.</para> or by ADMINISABSENTMINDED.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1652,13 +1652,13 @@
<para>The <option>-b</option> option was added in Shorewall 4.4.26 <para>The <option>-b</option> option was added in Shorewall 4.4.26
and causes legacy blacklisting rules (<ulink and causes legacy blacklisting rules (<ulink
url="shorewall6-blacklist.html">shorewall6-blacklist</ulink> (5) ) url="/manpages6/shorewall6-blacklist.html">shorewall6-blacklist</ulink> (5) )
to be converted to entries in the blrules file (<ulink to be converted to entries in the blrules file (<ulink
url="shorewall6-blrules.html">shorewall6-blrules</ulink> (5) ). The url="/manpages6/shorewall6-blrules.html">shorewall6-blrules</ulink> (5) ). The
blacklist keyword is removed from <ulink blacklist keyword is removed from <ulink
url="shorewall6-zones.html">shorewall6-zones</ulink> (5), <ulink url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink> (5), <ulink
url="shorewall6-interfaces.html">shorewall-interfaces</ulink> (5) url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink> (5)
and <ulink url="shorewall6-hosts.html">shorewall6-hosts</ulink> (5). and <ulink url="/manpages6/shorewall6-hosts.html">shorewall6-hosts</ulink> (5).
The unmodified files are saved with a .bak suffix.</para> The unmodified files are saved with a .bak suffix.</para>
<para>The <option>-D</option> option was added in Shorewall 4.5.11. <para>The <option>-D</option> option was added in Shorewall 4.5.11.
@ -1672,7 +1672,7 @@
warning message to be issued if the line current line contains warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para> <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para>
<para>For a description of the other options, see the <emphasis <para>For a description of the other options, see the <emphasis
role="bold">check</emphasis> command above.</para> role="bold">check</emphasis> command above.</para>
@ -1712,7 +1712,7 @@
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="http://www.shorewall.net/starting_and_stopping_shorewall.htm">http://www.shorewall.net/starting_and_stopping_shorewall.htm</ulink></para> url="/starting_and_stopping_shorewall.htm">http://www.shorewall.net/starting_and_stopping_shorewall.htm</ulink></para>
<para>shorewall6-accounting(5), shorewall6-actions(5), <para>shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),