diff --git a/Shorewall/manpages/shorewall-tcfilters.xml b/Shorewall/manpages/shorewall-tcfilters.xml index 26242660a..e428b03e9 100644 --- a/Shorewall/manpages/shorewall-tcfilters.xml +++ b/Shorewall/manpages/shorewall-tcfilters.xml @@ -88,9 +88,11 @@ address. DNS names are not allowed. Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+') may be used if your kernel and ip6tables have the Basic - Ematchcapability. The ipset name may optionally be - followed by a number or a comma separated list of src and/or dst - enclosed in square brackets ([...]). See capability and you set BASIC_FILTERS=Yes in + shorewall.conf (5). The + ipset name may optionally be followed by a number or a comma + separated list of src and/or dst enclosed in square brackets + ([...]). See shorewall-ipsets(5) for details. @@ -105,9 +107,11 @@ address. DNS names are not allowed. Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+') may be used if your kernel and ip6tables have the Basic - Ematchcapability. The ipset name may optionally be - followed by a number or a comma separated list of src and/or dst - enclosed in square brackets ([...]). See capability and you set BASIC_FILTERS=Yes in + shorewall.conf (5). The + ipset name may optionally be followed by a number or a comma + separated list of src and/or dst enclosed in square brackets + ([...]). See shorewall-ipsets(5) for details. diff --git a/Shorewall6/manpages/shorewall6-tcfilters.xml b/Shorewall6/manpages/shorewall6-tcfilters.xml index 66e6e87a9..1813c0cc0 100644 --- a/Shorewall6/manpages/shorewall6-tcfilters.xml +++ b/Shorewall6/manpages/shorewall6-tcfilters.xml @@ -88,9 +88,11 @@ address. DNS names are not allowed. Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+') may be used if your kernel and ip6tables have the Basic - Ematch capability. The ipset name may optionally be - followed by a number or a comma separated list of src and/or dst - enclosed in square brackets ([...]). See capability and you set BASIC_FILTERS=Yes in + shorewall6.conf (5). The + ipset name may optionally be followed by a number or a comma + separated list of src and/or dst enclosed in square brackets + ([...]). See shorewall6-ipsets(5) for details. @@ -105,9 +107,11 @@ address. DNS names are not allowed. Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+') may be used if your kernel and ip6tables have the Basic - Ematchcapability. The ipset name may optionally be - followed by a number or a comma separated list of src and/or dst - enclosed in square brackets ([...]). See capability and you set BASIC_FILTERS=Yes in + shorewall6.conf (5). The + ipset name may optionally be followed by a number or a comma + separated list of src and/or dst enclosed in square brackets + ([...]). See shorewall6-ipsets(5) for details. diff --git a/docs/MultiISP.xml b/docs/MultiISP.xml index 0c6b34034..208b7f8f6 100644 --- a/docs/MultiISP.xml +++ b/docs/MultiISP.xml @@ -820,9 +820,9 @@ DROP:info net:192.168.1.0/24 all url="manpages/shorewall-interfaces.html">shorewall-interfaces (5) will not disable route filtering on a given interface. You must set ROUTE_FILTER=No in shorewall-interfaces - (5), then set the routefilter option - on those interfaces on which you want route filtering. + url="manpages/shorewall.conf.html">shorewall.conf (5), then + set the routefilter option on those + interfaces on which you want route filtering. diff --git a/docs/Shorewall_and_Aliased_Interfaces.xml b/docs/Shorewall_and_Aliased_Interfaces.xml index 559e7c8b0..432fbb9f1 100644 --- a/docs/Shorewall_and_Aliased_Interfaces.xml +++ b/docs/Shorewall_and_Aliased_Interfaces.xml @@ -182,6 +182,13 @@ ACCEPT net $FW:206.124.146.178 tcp 22 #ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE ORIGINAL # PORT(S) DEST DNAT net loc:192.168.1.3 tcp 80 - 206.124.146.178 + + If I wished to forward tcp port 10000 on that virtual interface to + port 22 on local host 192.168.1.3, the rule would be: + + #ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE ORIGINAL +# PORT(S) DEST +DNAT net loc:192.168.1.3:22 tcp 10000 - 206.124.146.178