extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-03 03:59:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove all of the update-specific options from the update command

Browse Source 
Leave -i and -A

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2015-08-31 14:21:41 -07:00
parent 6a374b80e0
commit ed90360b4c
8 changed files with 183 additions and 280 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Shorewall-core/lib.cli
View File

@ -3969,7 +3969,6 @@ shorewall_cli() {
g_refreshchains=:none:
g_confess=
g_update=
g_convert=
g_annotate=
g_recovering=
g_timestamp=
@ -3978,14 +3977,10 @@ shorewall_cli() {
g_conditional=
g_file=
g_doing="Compiling"
g_directives=
g_inline=
g_tcrules=
g_counters=
g_loopback=
g_compiled=
g_routestopped=
g_notrack=
VERBOSE=
VERBOSITY=1

25
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -592,8 +592,8 @@ EOF
#
sub compiler {
my ( $scriptfilename, $directory, $verbosity, $timestamp , $debug, $chains , $log , $log_verbosity, $preview, $confess , $update , $annotate , $convert, $config_path, $shorewallrc , $shorewallrc1 , $directives, $inline, $tcrules, $routestopped , $notrack ) =
( '', '', -1, '', 0, '', '', -1, 0, 0, 0, 0, , 0 , '' , '/usr/share/shorewall/shorewallrc', '' , 0 , 0 , 0 , 0 , 0 );
my ( $scriptfilename, $directory, $verbosity, $timestamp , $debug, $chains , $log , $log_verbosity, $preview, $confess , $update , $annotate , $config_path, $shorewallrc , $shorewallrc1 , $inline ) =
( '', '', -1, '', 0, '', '', -1, 0, 0, 0, 0, , '' , '/usr/share/shorewall/shorewallrc', '' , 0 );
$export = 0;
$test = 0;
@ -629,13 +629,8 @@ sub compiler {
preview => { store => \$preview, validate=> \&validate_boolean } ,
confess => { store => \$confess, validate=> \&validate_boolean } ,
update => { store => \$update, validate=> \&validate_boolean } ,
convert => { store => \$convert, validate=> \&validate_boolean } ,
annotate => { store => \$annotate, validate=> \&validate_boolean } ,
inline => { store => \$inline, validate=> \&validate_boolean } ,
directives => { store => \$directives, validate=> \&validate_boolean } ,
tcrules => { store => \$tcrules, validate=> \&validate_boolean } ,
routestopped => { store => \$routestopped, validate=> \&validate_boolean } ,
notrack => { store => \$notrack, validate=> \&validate_boolean } ,
config_path => { store => \$config_path } ,
shorewallrc => { store => \$shorewallrc } ,
shorewallrc1 => { store => \$shorewallrc1 } ,
@ -671,7 +666,7 @@ sub compiler {
#
# S H O R E W A L L . C O N F A N D C A P A B I L I T I E S
#
get_configuration( $export , $update , $annotate , $directives , $inline );
get_configuration( $export , $update , $annotate , $inline );
#
# Chain table initialization depends on shorewall.conf and capabilities. So it must be deferred until
# now when shorewall.conf has been processed and the capabilities have been determined.
@ -739,7 +734,7 @@ sub compiler {
#
# Do all of the zone-independent stuff (mostly /proc)
#
add_common_rules( $convert, $tcrules , $routestopped );
add_common_rules( $update );
#
# More /proc
#
@ -804,7 +799,7 @@ sub compiler {
#
# TCRules and Traffic Shaping
#
setup_tc( $tcrules );
setup_tc( $update );
if ( $scriptfilename || $debug ) {
pop_indent;
@ -842,11 +837,11 @@ sub compiler {
#
# Process the rules file.
#
process_rules( $convert );
process_rules( $update );
#
# Process the conntrack file
#
setup_conntrack( $notrack );
setup_conntrack( $update );
#
# Add Tunnel rules.
#
@ -913,7 +908,7 @@ sub compiler {
# S T O P _ F I R E W A L L
# (Writes the stop_firewall() function to the compiled script)
#
compile_stop_firewall( $test, $export , $have_arptables, $routestopped );
compile_stop_firewall( $test, $export , $have_arptables, $update );
#
# U P D O W N
# (Writes the updown() function to the compiled script)
@ -978,14 +973,14 @@ sub compiler {
initialize_chain_table(0);
if ( $debug ) {
compile_stop_firewall( $test, $export, $have_arptables, $routestopped );
compile_stop_firewall( $test, $export, $have_arptables, $update );
disable_script;
} else {
#
# compile_stop_firewall() also validates the stoppedrules file. Since we don't
# call that function during normal 'check', we must validate stoppedrules here.
#
convert_routestopped if $routestopped;
convert_routestopped if $update;
process_stoppedrules;
}
#

26
Shorewall/Perl/Shorewall/Config.pm
View File

@ -4772,8 +4772,8 @@ sub update_default($$) {
$config{$var} = $val unless defined $config{$var};
}
sub update_config_file( $$ ) {
my ( $annotate, $directives ) = @_;
sub update_config_file( $ ) {
my ( $annotate ) = @_;
sub is_set( $ ) {
my $value = $_[0];
@ -4926,14 +4926,6 @@ EOF
warning_message "Unable to rename $configfile.bak to $configfile";
progress_message3 "No update required to configuration file $configfile";
}
exit 0 unless ( $directives ||
-f find_file 'blacklist' ||
-f find_file 'tcrules' ||
-f find_file 'routestopped' ||
-f find_file 'notrack' ||
-f find_file 'tos'
);
}
} else {
fatal_error "$fn does not exist";
@ -4943,8 +4935,8 @@ EOF
#
# Small functions called by get_configuration. We separate them so profiling is more useful
#
sub process_shorewall_conf( $$$ ) {
my ( $update, $annotate, $directives ) = @_;
sub process_shorewall_conf( $$ ) {
my ( $update, $annotate ) = @_;
my $file = find_file "$product.conf";
if ( -f $file ) {
@ -4996,7 +4988,7 @@ sub process_shorewall_conf( $$$ ) {
#
# Now update the config file if asked
#
update_config_file( $annotate, $directives ) if $update;
update_config_file( $annotate ) if $update;
#
# Config file update requires that the option values not have
# Shell variables expanded. We do that now.
@ -5385,9 +5377,9 @@ EOF
# - Read the capabilities file, if any
# - establish global hashes %params, %config , %globals and %capabilities
#
sub get_configuration( $$$$$ ) {
sub get_configuration( $$$$ ) {
( my ( $export, $update, $annotate, $directives ) , $checkinline ) = @_;
( my ( $export, $update, $annotate ) , $checkinline ) = @_;
$globals{EXPORT} = $export;
@ -5431,7 +5423,7 @@ sub get_configuration( $$$$$ ) {
get_params( $export );
process_shorewall_conf( $update, $annotate, $directives );
process_shorewall_conf( $update, $annotate );
ensure_config_path;
@ -6099,7 +6091,7 @@ sub get_configuration( $$$$$ ) {
$variables{$var} = $config{$val};
}
convert_to_directives if $directives;
convert_to_directives if $update;
cleanup_iptables if $sillyname && ! $config{LOAD_HELPERS_ONLY};
}

14
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -617,8 +617,8 @@ sub process_stoppedrules() {
sub setup_mss();
sub add_common_rules ( $$$ ) {
my ( $upgrade_blacklist, $upgrade_tcrules , $upgrade_routestopped ) = @_;
sub add_common_rules ( $ ) {
my ( $upgrade ) = @_;
my $interface;
my $chainref;
my $target;
@ -788,8 +788,8 @@ sub add_common_rules ( $$$ ) {
run_user_exit1 'initdone';
if ( $upgrade_blacklist ) {
exit 0 unless convert_blacklist || $upgrade_tcrules || $upgrade_routestopped;
if ( $upgrade ) {
convert_blacklist;
} elsif ( -f ( my $fn = find_file 'blacklist' ) ) {
warning_message "The blacklist file is no longer supported -- use '$product update -b' to convert $fn to the equivalent blrules file";
}
@ -2252,7 +2252,7 @@ sub setup_mss( ) {
# Compile the stop_firewall() function
#
sub compile_stop_firewall( $$$$ ) {
my ( $test, $export, $have_arptables, $routestopped ) = @_;
my ( $test, $export, $have_arptables, $convert ) = @_;
my $input = $filter_table->{INPUT};
my $output = $filter_table->{OUTPUT};
@ -2430,10 +2430,10 @@ EOF
}
}
if ( $routestopped ) {
if ( $convert ) {
convert_routestopped;
} elsif ( -f ( my $fn = find_file 'routestopped' ) ) {
warning_message "The routestopped file is no longer supported - use '$product update -s' to convert $fn to an equivalent 'stoppedrules' file";
warning_message "The routestopped file is no longer supported - use '$product update' to convert $fn to an equivalent 'stoppedrules' file";
}
process_stoppedrules;

22
Shorewall/Perl/compiler.pl
View File

@ -41,6 +41,7 @@
# --shorewallrc1=<path> # Path to export shorewallrc file.
# --config_path=<path-list> # Search path for config files
# --inline # Update alternative column specifications
# --update # Update configuration to this release
# --tcrules # Create mangle from tcrules
# --routestopped # Create stoppedrules from routestopped
# --notrack # Create conntrack from notrack
@ -72,15 +73,10 @@ usage: compiler.pl [ <option> ... ] [ <filename> ]
[ --family={4|6} ]
[ --annotate ]
[ --update ]
[ --convert ]
[ --directives ]
[ --shorewallrc=<pathname> ]
[ --shorewallrc1=<pathname> ]
[ --config_path=<path-list> ]
[ --inline ]
[ --tcrules ]
[ --routestopped ]
[ --notrack ]
_EOF_
exit shift @_;
@ -104,15 +100,10 @@ my $family = 4; # F_IPV4
my $preview = 0;
my $annotate = 0;
my $update = 0;
my $convert = 0;
my $directives = 0;
my $config_path = '';
my $shorewallrc = '';
my $shorewallrc1 = '';
my $inline = 0;
my $tcrules = 0;
my $routestopped = 0;
my $notrack = 0;
Getopt::Long::Configure ('bundling');
@ -140,15 +131,9 @@ my $result = GetOptions('h' => \$help,
'confess' => \$confess,
'a' => \$annotate,
'annotate' => \$annotate,
'directives' => \$directives,
'D' => \$directives,
'u' => \$update,
'update' => \$update,
'convert' => \$convert,
'inline' => \$inline,
'tcrules' => \$tcrules,
'routestopped' => \$routestopped,
'notrack' => \$notrack,
'config_path=s' => \$config_path,
'shorewallrc=s' => \$shorewallrc,
'shorewallrc1=s' => \$shorewallrc1,
@ -171,14 +156,9 @@ compiler( script => $ARGV[0] || '',
family => $family,
confess => $confess,
update => $update,
convert => $convert,
annotate => $annotate,
directives => $directives,
config_path => $config_path,
shorewallrc => $shorewallrc,
shorewallrc1 => $shorewallrc1,
inline => $inline,
tcrules => $tcrules,
routestopped => $routestopped,
notrack => $notrack
);

30
Shorewall/lib.cli-std
View File

@ -433,13 +433,8 @@ compiler() {
[ -n "$g_refreshchains" ] && options="$options --refresh=$g_refreshchains"
[ -n "$g_confess" ] && options="$options --confess"
[ -n "$g_update" ] && options="$options --update"
[ -n "$g_convert" ] && options="$options --convert"
[ -n "$g_annotate" ] && options="$options --annotate"
[ -n "$g_directives" ] && options="$options --directives"
[ -n "$g_tcrules" ] && options="$options --tcrules"
[ -n "$g_inline" ] && options="$options --inline"
[ -n "$g_routestopped" ] && options="$options --routestopped"
[ -n "$g_notrack" ] && options="$options --notrack"
if [ -n "$PERL" ]; then
if [ ! -x "$PERL" ]; then
@ -834,33 +829,8 @@ update_command() {
g_annotate=Yes
option=${option#a}
;;
b*)
g_convert=Yes
option=${option#b}
;;
D*)
g_directives=Yes
option=${option#D}
;;
t*)
g_tcrules=Yes
option=${option#t}
;;
s*)
g_routestopped=Yes
option=${option#s}
;;
n*)
g_notrack=Yes
option=${option#n}
;;
A*)
g_inline=Yes
g_convert=Yes
g_directives=Yes
g_tcrules=Yes
g_routestopped=Yes
g_notrack=Yes
option=${option#A}
;;
*)

168
Shorewall/manpages/shorewall.xml
View File

@ -843,16 +843,8 @@
<arg><option>-a</option></arg>
<arg><option>-D</option></arg>
<arg><option>-i</option></arg>
<arg><option>-t</option></arg>
<arg><option>-r</option></arg>
<arg><option>-n</option></arg>
<arg><option>-A</option></arg>
<arg><replaceable>directory</replaceable></arg>
@ -2456,10 +2448,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">update </emphasis> [-<option>b</option>]
[-<option>d</option>] [-<option>r</option>] [-<option>T</option>]
[-<option>a</option>] [-<option>D</option>] [-<option>i</option>]
[-<option>t</option>] [-r] [-n][-<option>A</option>] [
<term><emphasis role="bold">update </emphasis> [-<option>d</option>]
[-<option>r</option>] [-<option>T</option>] [-<option>a</option>]
[-<option>i</option>] [-<option>A</option>] [
<replaceable>directory</replaceable> ]</term>
<listitem>
@ -2472,30 +2463,81 @@
<filename>shorewall.conf</filename> file is renamed
<filename>shorewall.conf.bak.</filename></para>
<para><filename>The command was extended over the years with a set
of options that caused additional configuration
updates.</filename></para>
<itemizedlist>
<listitem>
<para>Convert an existing <filename>blacklist</filename> file
into an equivalent <filename>blrules</filename> file.</para>
</listitem>
<listitem>
<para>Convert an existing <filename>routestopped</filename> file
into an equivalent <filename>stoppedrules</filename>
file.</para>
</listitem>
<listitem>
<para>Convert existing <filename>tcrules</filename> and
<filename>tos</filename> files into an equivalent mangle
file.</para>
</listitem>
<listitem>
<para>Convert an existing <filename>notrack</filename> file into
an equivalent <filename>conntrack</filename> file.</para>
</listitem>
<listitem>
<para>Convert FORMAT, SECTION and COMMENT entries into ?FORMAT,
?SECTION and ?COMMENT directives.</para>
</listitem>
</itemizedlist>
<para>In each case, the old file is renamed with a .bak
suffix.</para>
<para>In Shorewall 5.0.0, the options were eliminated and the
<command>update</command> command performs all of the updates
described above.</para>
<important>
<para>There are some notable restrictions with the
<command>update</command> command:</para>
<orderedlist>
<listitem>
<para>Converted rules will be appended to the existing file;
if there is no existing file in the CONFIG_PATH, one will be
created in the directory specified in the command or in the
first entry in the CONFIG_PATH (normally <filename
class="directory">/etc/shorewall</filename>) otherwise.</para>
</listitem>
<listitem>
<para>Existing comments in the file being converted will not
be transferred to the output file.</para>
</listitem>
<listitem>
<para>INCLUDEd files will be expanded inline in the output
file.</para>
</listitem>
<listitem>
<para>Columns in the output file will be separated by a single
tab character; there is no attempt made to otherwise align the
columns.</para>
</listitem>
</orderedlist>
</important>
<para>The <option>-a</option> option causes the updated
<filename>shorewall.conf</filename> file to be annotated with
documentation.</para>
<para>The <option>-b</option> option was added in Shorewall 4.4.26
and causes legacy blacklisting rules (<ulink
url="/manpages/shorewall-blacklist.html">shorewall-blacklist</ulink>
(5) ) to be converted to entries in the blrules file (<ulink
url="/manpages/shorewall-blrules.html">shorewall-blrules</ulink> (5)
). The blacklist keyword is removed from <ulink
url="/manpages/shorewall-zones.html">shorewall-zones</ulink> (5),
<ulink
url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>
(5) and <ulink
url="/manpages/shorewall-hosts.html">shorewall-hosts</ulink> (5).
The unmodified files are saved with a .bak suffix.</para>
<para>The <option>-D</option> option was added in Shorewall 4.5.11.
When this option is specified, the compiler will walk through the
directories in the CONFIG_PATH replacing FORMAT and COMMENT entries
to compiler directives (e.g., ?FORMAT and ?COMMENT. When a file is
updated, the original is saved in a .bak file in the same
directory.</para>
<para>The <option>-i</option> option was added in Shorewall 4.6.0
and causes a warning message to be issued if the current line
contains alternative input specifications following a semicolon
@ -2503,65 +2545,9 @@
set to Yes in <ulink
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
<para>The <option>-t</option> option was added in Shorewall 4.6.0.
When specified, <option>-t</option> causes the <emphasis
role="bold">tcrules</emphasis> file to be converted to <ulink
url="shorewall-mangle.html">shorewall-mangle(5)</ulink>. The old
file is renamed with a .bak suffix. Beginning with Shorewall
4.6.12.2, this option also causes the <emphasis
role="bold">tos</emphasis> file to be converted to <ulink
url="shorewall-mangle.html">shorewall-mangle(5)</ulink>.</para>
<important>
<para>There are some notable restrictions with the
<option>-t</option> option:</para>
<orderedlist>
<listitem>
<para>Converted rules will be appended to the existing
<filename>mangle</filename> file; if there is no
<filename>mangle</filename> file in the CONFIG_PATH, one will
be created in <filename
class="directory">/etc/shorewall</filename>.</para>
</listitem>
<listitem>
<para>Existing comments in the <filename>tcrules</filename>
file will not be transferred to the
<filename>mangle</filename> file.</para>
</listitem>
<listitem>
<para>INCLUDEd files will be expanded inline in the
<filename>mangle</filename> file.</para>
</listitem>
<listitem>
<para>Columns in the <filename>mangle</filename> file will be
separated by a single tab character; there is no attempt made
to otherwise align the columns.</para>
</listitem>
</orderedlist>
</important>
<para>The <option>-r</option> option was added in Shorewall 4.6.12.
When specified, <option>-r</option> causes <ulink
url="manpages/shorewall-routestopped.html">shorewall-routestopped(5)</ulink>
to be converted to <ulink
url="manpages/shorewall-stoppedrules.html">shorewall-stoppedrules(5)</ulink>.
The old file is renamed with a .bak suffix.</para>
<para>The <option>-n</option> option was added in Shorewall 4.6.12.
When specified, <option>-n</option> causes <ulink
url="manpages/shorewall-routestopped.html">shorewall-notrack(5)</ulink>
to be converted to <ulink
url="manpages/shorewall-conntrack.html">shorewall-conntrack(5)</ulink>.
The old file is renamed with a .bak suffix.</para>
<para>The <option>-A</option> option was added in Shorewall 4.6.0
and is equivalent to specifying the <option>-b</option>,
<option>-D</option>, <option>-t,</option> <option>-r</option> and
the <option>-n</option> options.</para>
<para>The <option>-A</option> option is included for compatibility
with Shorewall 4.6 and is equivalent to specifying the
<option>-i</option> option.</para>
<para>For a description of the other options, see the <emphasis
role="bold">check</emphasis> command above.</para>

173
Shorewall6/manpages/shorewall6.xml
View File

@ -803,8 +803,6 @@
<arg choice="plain"><option>update</option></arg>
<arg><option>-b</option></arg>
<arg><option>-d</option></arg>
<arg><option>-r</option></arg>
@ -813,16 +811,8 @@
<arg><option>-a</option></arg>
<arg><option>-D</option></arg>
<arg><option>-i</option></arg>
<arg><option>-t</option></arg>
<arg><option>-r</option></arg>
<arg><option>-n</option></arg>
<arg><option>-A</option></arg>
<arg><replaceable>directory</replaceable></arg>
@ -2333,10 +2323,9 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">update </emphasis> [-<option>b</option>]
[-<option>d</option>] [-<option>r</option>] [-<option>T</option>]
[-<option>a</option>] [-<option>D</option>] [-<option>i</option>]
[-<option>t</option>] [-r] [-n][-<option>A</option>] [
<term><emphasis role="bold">update</emphasis> [-<option>d</option>]
[-<option>r</option>] [-<option>T</option>] [-<option>a</option>]
[-<option>i</option>] [-<option>A</option>] [
<replaceable>directory</replaceable> ]</term>
<listitem>
@ -2349,96 +2338,92 @@
<filename>shorewall.conf</filename> file is renamed
<filename>shorewall.conf.bak.</filename></para>
<para><filename>The command was extended over the years with a set
of options that caused additional configuration
updates.</filename></para>
<itemizedlist>
<listitem>
<para>Convert an existing <filename>blacklist</filename> file
into an equivalent <filename>blrules</filename> file.</para>
</listitem>
<listitem>
<para>Convert an existing <filename>routestopped</filename> file
into an equivalent <filename>stoppedrules</filename>
file.</para>
</listitem>
<listitem>
<para>Convert existing <filename>tcrules</filename> and
<filename>tos</filename> files into an equivalent mangle
file.</para>
</listitem>
<listitem>
<para>Convert an existing <filename>notrack</filename> file into
an equivalent <filename>conntrack</filename> file.</para>
</listitem>
<listitem>
<para>Convert FORMAT, SECTION and COMMENT entries into ?FORMAT,
?SECTION and ?COMMENT directives.</para>
</listitem>
</itemizedlist>
<para>In each case, the old file is renamed with a .bak
suffix.</para>
<para>In Shorewall 5.0.0, the options were eliminated and the
<command>update</command> command performs all of the updates
described above.</para>
<important>
<para>There are some notable restrictions with the
<command>update</command> command:</para>
<orderedlist>
<listitem>
<para>Converted rules will be appended to the existing file;
if there is no existing file in the CONFIG_PATH, one will be
created in the directory specified in the command or in the
first entry in the CONFIG_PATH (normally <filename
class="directory">/etc/shorewall6</filename>)
otherwise.</para>
</listitem>
<listitem>
<para>Existing comments in the file being converted will not
be transferred to the output file.</para>
</listitem>
<listitem>
<para>INCLUDEd files will be expanded inline in the output
file.</para>
</listitem>
<listitem>
<para>Columns in the output file will be separated by a single
tab character; there is no attempt made to otherwise align the
columns.</para>
</listitem>
</orderedlist>
</important>
<para>The <option>-a</option> option causes the updated
<filename>shorewall.conf</filename> file to be annotated with
documentation.</para>
<para>The <option>-b</option> option was added in Shorewall 4.4.26
and causes legacy blacklisting rules (<ulink
url="/manpages6/shorewall6-blacklist.html">shorewall6-blacklist</ulink>
(5) ) to be converted to entries in the blrules file (<ulink
url="/manpages6/shorewall6-blrules.html">shorewall6-blrules</ulink>
(5) ). The blacklist keyword is removed from <ulink
url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink> (5),
<ulink
url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>
(5) and <ulink
url="/manpages6/shorewall6-hosts.html">shorewall6-hosts</ulink> (5).
The unmodified files are saved with a .bak suffix.</para>
<para>The <option>-D</option> option was added in Shorewall 4.5.11.
When this option is specified, the compiler will walk through the
directories in the CONFIG_PATH replacing FORMAT and COMMENT entries
to compiler directives (e.g., ?FORMAT and ?COMMENT. When a file is
updated, the original is saved in a .bak file in the same
directory.</para>
<para>The <option>-i</option> option was added in Shorewall 4.6.0
and causes a warning message to be issued if the current line
contains alternative input specifications following a semicolon
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
set to Yes in <ulink
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
<para>The <option>-t</option> option was added in Shorewall 4.6.0.
When specified, <option>-t</option> causes the <emphasis
role="bold">tcrules</emphasis> file to be converted to <ulink
url="shorewall6-mangle.html">shorewall6-mangle(5)</ulink>. The old
file is renamed with a .bak suffix. Beginning with Shorewall
4.6.12.2, this option also causes the <emphasis
role="bold">tos</emphasis> file to be converted to <ulink
url="shorewall6-mangle.html">shorewall6-mangle(5)</ulink>.</para>
<important>
<para>There are some notable restrictions with the
<option>-t</option> option:</para>
<orderedlist>
<listitem>
<para>Converted rules will be appended to the existing
<filename>mangle</filename> file; if there is no
<filename>mangle</filename> file in the CONFIG_PATH, one will
be created in <filename
class="directory">/etc/shorewall</filename>.</para>
</listitem>
<listitem>
<para>Existing comments in the <filename>tcrules</filename>
file will not be transferred to the
<filename>mangle</filename> file.</para>
</listitem>
<listitem>
<para>INCLUDEd files will be expanded inline in the
<filename>mangle</filename> file.</para>
</listitem>
<listitem>
<para>Columns in the <filename>mangle</filename> file will be
separated by a single tab character; there is no attempt made
to otherwise align the columns.</para>
</listitem>
</orderedlist>
</important>
<para>The <option>-r</option> option was added in Shorewall 4.6.12.
When specified, <option>-r</option> causes <ulink
url="manpages6/shorewall6-routestopped.html">shorewall6-routestopped(5)</ulink>
to be converted to <ulink
url="manpages6/shorewall6-stoppedrules.html">shorewall6-stoppedrules(5)</ulink>.
The old file is renamed with a .bak suffix.</para>
<para>The <option>-n</option> option was added in Shorewall 4.6.12.
When specified, <option>-n</option> causes <ulink
url="manpages6/shorewall6-routestopped.html">shorewall6-notrack(5)</ulink>
to be converted to <ulink
url="manpages6/shorewall6-conntrack.html">shorewall6-conntrack(5)</ulink>.
The old file is renamed with a .bak suffix.</para>
<para>The <option>-A</option> option was added in Shorewall 4.6.0
and is equivalent to specifying the <option>-b</option>,
<option>-D</option>, <option>-t,</option> <option>-r</option> and
the <option>-n</option> options.</para>
<para>The <option>-A</option> option is included for compatibility
with Shorewall 4.6 and is equivalent to specifying the
<option>-i</option> option.</para>
<para>For a description of the other options, see the <emphasis
role="bold">check</emphasis> command above.</para>