Merge branch '4.6.2'

Shorewall/manpages/shorewall-tcfilters.xml

@@ -88,9 +88,11 @@
           <replaceable>address</replaceable>. DNS names are not allowed.
           Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+')
           may be used if your kernel and ip6tables have the <firstterm>Basic
-          Ematch</firstterm>capability. The ipset name may optionally be
+          Ematch</firstterm> capability and you set BASIC_FILTERS=Yes in
-          followed by a number or a comma separated list of src and/or dst
+          <ulink url="shorewall.conf.html">shorewall.conf (5)</ulink>. The
-          enclosed in square brackets ([...]). See <ulink
+          ipset name may optionally be followed by a number or a comma
+          separated list of src and/or dst enclosed in square brackets
+          ([...]). See <ulink
           url="shorewall-ipsets.html">shorewall-ipsets(5)</ulink> for
           details.</para>
         </listitem>
@@ -105,9 +107,11 @@
           <replaceable>address</replaceable>. DNS names are not allowed.
           Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+')
           may be used if your kernel and ip6tables have the <firstterm>Basic
-          Ematch</firstterm>capability. The ipset name may optionally be
+          Ematch</firstterm> capability and you set BASIC_FILTERS=Yes in
-          followed by a number or a comma separated list of src and/or dst
+          <ulink url="shorewall.conf.html">shorewall.conf (5)</ulink>. The
-          enclosed in square brackets ([...]). See <ulink
+          ipset name may optionally be followed by a number or a comma
+          separated list of src and/or dst enclosed in square brackets
+          ([...]). See <ulink
           url="shorewall-ipsets.html">shorewall-ipsets(5)</ulink> for
           details.</para>
 

Shorewall6/manpages/shorewall6-tcfilters.xml

@@ -88,9 +88,11 @@
           <replaceable>address</replaceable>. DNS names are not allowed.
           Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+')
           may be used if your kernel and ip6tables have the <firstterm>Basic
-          Ematch </firstterm>capability. The ipset name may optionally be
+          Ematch </firstterm>capability and you set BASIC_FILTERS=Yes in
-          followed by a number or a comma separated list of src and/or dst
+          <ulink url="shorewall6.conf.html">shorewall6.conf (5)</ulink>. The
-          enclosed in square brackets ([...]). See <ulink
+          ipset name may optionally be followed by a number or a comma
+          separated list of src and/or dst enclosed in square brackets
+          ([...]). See <ulink
           url="shorewall6-ipsets.html">shorewall6-ipsets(5)</ulink> for
           details.</para>
         </listitem>
@@ -105,9 +107,11 @@
           <replaceable>address</replaceable>. DNS names are not allowed.
           Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+')
           may be used if your kernel and ip6tables have the <firstterm>Basic
-          Ematch</firstterm>capability. The ipset name may optionally be
+          Ematch</firstterm> capability and you set BASIC_FILTERS=Yes in
-          followed by a number or a comma separated list of src and/or dst
+          <ulink url="shorewall6.conf.html">shorewall6.conf (5)</ulink>. The
-          enclosed in square brackets ([...]). See <ulink
+          ipset name may optionally be followed by a number or a comma
+          separated list of src and/or dst enclosed in square brackets
+          ([...]). See <ulink
           url="shorewall6-ipsets.html">shorewall6-ipsets(5)</ulink> for
           details.</para>
         </listitem>

docs/MultiISP.xml

@@ -820,9 +820,9 @@ DROP:info        net:192.168.1.0/24         all</programlisting>
         url="manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>
         (5) will not disable route filtering on a given interface. You must
         set ROUTE_FILTER=No in <ulink
-        url="manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>
+        url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5), then
-        (5), then set the <emphasis role="bold">routefilter</emphasis> option
+        set the <emphasis role="bold">routefilter</emphasis> option on those
-        on those interfaces on which you want route filtering.</para>
+        interfaces on which you want route filtering.</para>
       </important>
     </section>
 

docs/Shorewall_and_Aliased_Interfaces.xml

@@ -182,6 +182,13 @@ ACCEPT    net        $FW:206.124.146.178  tcp        22</programlisting></para>
       <programlisting>#ACTION   SOURCE     DEST                 PROTO      DEST PORT(S)   SOURCE    ORIGINAL
 #                                                                   PORT(S)   DEST
 DNAT      net        loc:192.168.1.3      tcp        80             -         206.124.146.178    </programlisting>
+
+      <para>If I wished to forward tcp port 10000 on that virtual interface to
+      port 22 on local host 192.168.1.3, the rule would be:</para>
+
+      <programlisting>#ACTION   SOURCE     DEST                 PROTO      DEST PORT(S)   SOURCE    ORIGINAL
+#                                                                   PORT(S)   DEST
+DNAT      net        loc:192.168.1.3:22   tcp        10000          -         206.124.146.178    </programlisting>
     </section>
 
     <section id="SNAT">