From 4c840a05a021380a1f8181eb3b54e4d6d19ca57b Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 19 Dec 2013 16:23:32 -0800 Subject: [PATCH 1/3] Fix issue in the shorewall-tcrules and shorewall6-tcrules manpages. Signed-off-by: Tom Eastep --- Shorewall/manpages/shorewall-tcrules.xml | 24 ++++++++++++---------- Shorewall6/manpages/shorewall6-tcrules.xml | 24 ++++++++++++---------- 2 files changed, 26 insertions(+), 22 deletions(-) diff --git a/Shorewall/manpages/shorewall-tcrules.xml b/Shorewall/manpages/shorewall-tcrules.xml index 101a9da32..bc4b2a5a7 100644 --- a/Shorewall/manpages/shorewall-tcrules.xml +++ b/Shorewall/manpages/shorewall-tcrules.xml @@ -631,17 +631,6 @@ SAME $FW 0.0.0.0/0 tcp 80,443 role="bold">:F - - STATE {NEW|RELATED|ESTABLISHED|INVALID} [,...] - - Added in Shorewall 4.5.9. The rule will only match if the - packet's connection is in one of the listed states. - - TOS(tos[/mask]) @@ -1210,6 +1199,19 @@ Normal-Service => 0x00 EF => 0x2e + + + STATE -- {NEW|RELATED|ESTABLISHED|INVALID} [,...] + + + Added in Shorewall 4.5.9. The rule will only match if the + packet's connection is in one of the listed states. + + diff --git a/Shorewall6/manpages/shorewall6-tcrules.xml b/Shorewall6/manpages/shorewall6-tcrules.xml index 62580b8df..ed1b77827 100644 --- a/Shorewall6/manpages/shorewall6-tcrules.xml +++ b/Shorewall6/manpages/shorewall6-tcrules.xml @@ -558,17 +558,6 @@ SAME $FW 0.0.0.0/0 tcp 80,443 role="bold">:F - - STATE {NEW|RELATED|ESTABLISHED|INVALID} [,...] - - Added in Shorewall 4.5.9. The rule will only match if the - packet's connection is in one of the listed states. - - TOS(tos[/mask]) @@ -1128,6 +1117,19 @@ Normal-Service => 0x00 at up to 8 decimal points of precision. + + + STATE -- {NEW|RELATED|ESTABLISHED|INVALID} [,...] + + + Added in Shorewall 4.5.9. The rule will only match if the + packet's connection is in one of the listed states. + + From b5295b203943de98b20c793ede9731fc8c32982d Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 24 Dec 2013 11:30:22 -0800 Subject: [PATCH 2/3] Add faq 102 Signed-off-by: Tom Eastep --- docs/FAQ.xml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/docs/FAQ.xml b/docs/FAQ.xml index 003d62f3c..f05c75d43 100644 --- a/docs/FAQ.xml +++ b/docs/FAQ.xml @@ -247,7 +247,7 @@ DNAT net:address loc:local-IP-address You are trying to test from inside your firewall (no, that - won't work -- see ). + won't work -- see ). @@ -2974,7 +2974,7 @@ Shorewall has detected the following iptables/netfilter capabilities: Persistent SNAT: Available gateway:~# - +
@@ -3167,5 +3167,16 @@ EXT_IF:192.168.1.1 0.0.0.0/0 192.168.1.254
+ +
+ (FAQ 102) What is 'qt'? I see it in some of the older + documentation. + + Answer: 'qt' stands for 'quiet'; + qt() is a shell function that accepts a command with arguments as + parameters. It redirects both standard out and standard error to + /dev/null. It is defined in the Shorewall-core shell library + lib.common. +
From 6d8cadd152880b0e36c4b4202f6b8af7ab082a2b Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 15 Jan 2014 17:38:39 -0800 Subject: [PATCH 3/3] Correct issues in the 'dump' command. - the -x and -l options do nothing - output of 'help' doesn't describe those options Signed-off-by: Tom Eastep --- Shorewall-core/lib.cli | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli index 63b5619ab..dc553f915 100644 --- a/Shorewall-core/lib.cli +++ b/Shorewall-core/lib.cli @@ -1546,7 +1546,7 @@ do_dump_command() { } dump_command() { - do_dump_command | dump_filter + do_dump_command $@ | dump_filter } # @@ -3415,7 +3415,7 @@ usage() # $1 = exit status echo " delete [:] ... " echo " disable " echo " drop
..." - echo " dump [ -x ]" + echo " dump [ -x ] [ -l ]" echo " enable " echo " forget [ ]" echo " help"