New syntax convention in tcrules manpage

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4991 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

manpages/shorewall-tcrules.xml

@@ -38,13 +38,24 @@
 
     <variablelist>
       <varlistentry>
-        <term><emphasis role="bold">MARK/CLASSIFY</emphasis></term>
+        <term><emphasis role="bold">MARK/CLASSIFY</emphasis> —
+        {<emphasis>value</emphasis>|<emphasis>major</emphasis><emphasis
+        role="bold">:</emphasis><emphasis>minor</emphasis>|<emphasis
+        role="bold">RESTORE</emphasis>[<emphasis
+        role="bold">/</emphasis><emphasis>mask</emphasis>]|<emphasis
+        role="bold">SAVE</emphasis>[<emphasis
+        role="bold">/</emphasis><emphasis>mask</emphasis>]|<emphasis
+        role="bold">CONTINUE</emphasis>|<emphasis
+        role="bold">COMMENT</emphasis>}[<emphasis
+        role="bold">:</emphasis>{<emphasis role="bold">C</emphasis>|<emphasis
+        role="bold">F</emphasis>|<emphasis role="bold">P</emphasis>|<emphasis
+        role="bold">CF</emphasis>|<emphasis role="bold">CP</emphasis>}]</term>
 
         <listitem>
           <orderedlist numeration="loweralpha">
             <listitem>
-              <para>A mark value which is an integer in the range
+              <para>A mark <emphasis>value</emphasis> which is an integer in
-              1-255.</para>
+              the range 1-255.</para>
 
               <para>Normally will set the mark value. If preceded by a
               vertical bar ("|"), the mark value will be logically ORed with
@@ -180,7 +191,11 @@
       </varlistentry>
 
       <varlistentry>
-        <term><emphasis role="bold">SOURCE</emphasis></term>
+        <term><emphasis role="bold">SOURCE</emphasis> — {<emphasis
+        role="bold">-</emphasis>|{<emphasis>interface</emphasis>|<emphasis
+        role="bold">$FW</emphasis>|[{<emphasis>interface</emphasis>|<emphasis
+        role="bold">$FW</emphasis>}:]<emphasis>address-or-range</emphasis>[<emphasis
+        role="bold">,</emphasis><emphasis>address-or-range</emphasis>]...}</term>
 
         <listitem>
           <para>Source of the packet. A comma-separated list of interface
@@ -208,7 +223,9 @@
       </varlistentry>
 
       <varlistentry>
-        <term><emphasis role="bold">DEST</emphasis></term>
+        <term><emphasis role="bold">DEST</emphasis> — {<emphasis
+        role="bold">-</emphasis>|{<emphasis>interface</emphasis>|[<emphasis>interface</emphasis>:]<emphasis>address-or-range</emphasis>[<emphasis
+        role="bold">,</emphasis><emphasis>address-or-range</emphasis>]...}</term>
 
         <listitem>
           <para>Destination of the packet. Comma separated list of IP
@@ -223,22 +240,24 @@
       </varlistentry>
 
       <varlistentry>
-        <term><emphasis role="bold">PROTO</emphasis></term>
+        <term><emphasis role="bold">PROTO</emphasis> — {<emphasis
+        role="bold">-</emphasis>|<emphasis
+        role="bold">tcp:syn</emphasis>|<emphasis
+        role="bold">ipp2p</emphasis>|<emphasis
+        role="bold">ipp2p:udp</emphasis>|<emphasis
+        role="bold">ipp2p:all</emphasis>|<emphasis>protocol-number</emphasis>|<emphasis>protocol-name</emphasis>|<emphasis
+        role="bold">all}</emphasis></term>
 
         <listitem>
-          <para>Protocol - Must be <emphasis role="bold">tcp</emphasis>,
+          <para>Protocol - <emphasis role="bold">ipp2p</emphasis> requires
-          <emphasis role="bold">udp</emphasis>, <emphasis
+          ipp2p match support in your kernel and iptables.</para>
-          role="bold">icmp</emphasis>, <emphasis
-          role="bold">ipp2p</emphasis>,<emphasis role="bold">
-          ipp2p:udp</emphasis>, <emphasis role="bold">ipp2p:all</emphasis> a
-          <emphasis>number</emphasis>, or <emphasis
-          role="bold">all</emphasis>. <emphasis role="bold">ipp2p</emphasis>
-          requires ipp2p match support in your kernel and iptables.</para>
         </listitem>
       </varlistentry>
 
       <varlistentry>
-        <term><emphasis role="bold">PORT(S)</emphasis></term>
+        <term><emphasis role="bold">PORT(S)</emphasis> (Optional) — [<emphasis
+        role="bold">-</emphasis>|<emphasis>port-name-number-or-range</emphasis>[<emphasis
+        role="bold">,</emphasis><emphasis>port-name-number-or-range</emphasis>]...]</term>
 
         <listitem>
           <para>Destination Ports. A comma-separated list of Port names (from
@@ -260,8 +279,10 @@
       </varlistentry>
 
       <varlistentry>
-        <term><emphasis role="bold">SOURCE PORT(S)</emphasis>
+        <term><emphasis role="bold">SOURCE PORT(S)</emphasis> (Optional) —
-        (Optional)</term>
+        [<emphasis
+        role="bold">-</emphasis>|<emphasis>port-name-number-or-range</emphasis>[<emphasis
+        role="bold">,</emphasis><emphasis>port-name-number-or-range</emphasis>]...]</term>
 
         <listitem>
           <para>Source port(s). If omitted, any source port is acceptable.
@@ -271,18 +292,15 @@
       </varlistentry>
 
       <varlistentry>
-        <term><emphasis role="bold">USER</emphasis></term>
+        <term><emphasis role="bold">USER</emphasis> (Optional) — [<emphasis
+        role="bold">!</emphasis>][<emphasis>user-name-or-number</emphasis>][<emphasis
+        role="bold">:</emphasis><emphasis>group-name-or-number</emphasis>][<emphasis
+        role="bold">+</emphasis><emphasis>program-name</emphasis>]</term>
 
         <listitem>
           <para>This column may only be non-empty if the SOURCE is the
           firewall itself.</para>
 
-          <para>The column may contain:</para>
-
-          <para>[!][<emphasis>user name or number</emphasis>][:<emphasis>group
-          name or number</emphasis>][+<emphasis>program
-          name</emphasis>]</para>
-
           <para>When this column is non-empty, the rule applies only if the
           program generating the output is running under the effective
           <emphasis>user</emphasis> and/or <emphasis>group</emphasis>
@@ -334,18 +352,17 @@
       </varlistentry>
 
       <varlistentry>
-        <term>TEST</term>
+        <term><emphasis role="bold">TEST</emphasis> — [<emphasis
+        role="bold">!</emphasis>]<emphasis>value</emphasis>[/<emphasis>mask</emphasis>][<emphasis
+        role="bold">:C</emphasis>]</term>
 
         <listitem>
           <para>Defines a test on the existing packet or connection mark. The
           rule will match only if the test returns true. Tests have the
           format</para>
 
-          <para>[<emphasis
+          <para>If you don't want to define a test but need to specify
-          role="bold">!</emphasis>]<emphasis>value</emphasis>[/<emphasis>mask</emphasis>][<emphasis
+          anything in the following columns, place a "-" in this field.</para>
-          role="bold">:C</emphasis>]</para>
-
-          <para>Where:</para>
 
           <variablelist>
             <varlistentry>
@@ -381,14 +398,13 @@
               </listitem>
             </varlistentry>
           </variablelist>
-
-          <para>If you don't want to define a test but need to specify
-          anything in the following columns, place a "-" in this field.</para>
         </listitem>
       </varlistentry>
 
       <varlistentry>
-        <term><emphasis role="bold">LENGTH</emphasis> (Optional)</term>
+        <term><emphasis role="bold">LENGTH</emphasis> (Optional) -
+        [<emphasis>length</emphasis>|[<emphasis>min</emphasis>]<emphasis
+        role="bold">:</emphasis>[<emphasis>max</emphasis>]]</term>
 
         <listitem>
           <para>Packet Length. This field, if present allow you to match the
@@ -404,7 +420,8 @@
       </varlistentry>
 
       <varlistentry>
-        <term><emphasis role="bold">TOS</emphasis></term>
+        <term><emphasis role="bold">TOS</emphasis> —
+        <emphasis>tos</emphasis></term>
 
         <listitem>
           <para>Type of service. Either a standard name, or a numeric value to