mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 06:38:53 +01:00
Remove command-specific help; add -t option to show command
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4969 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
7c80e547c7
commit
f6323ea466
@ -1,304 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
#
|
|
||||||
# Shorewall help subsystem - V3.3
|
|
||||||
#
|
|
||||||
#
|
|
||||||
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
|
|
||||||
#
|
|
||||||
# (c) 2003-2006 - Tom Eastep (teastep@shorewall.net)
|
|
||||||
# Steve Herber (herber@thing.com)
|
|
||||||
#
|
|
||||||
# This file should be placed in /usr/share/shorewall-lite/help
|
|
||||||
#
|
|
||||||
# Shorewall documentation is available at http://shorewall.sourceforge.net
|
|
||||||
#
|
|
||||||
# This program is free software; you can redistribute it and/or modify
|
|
||||||
# it under the terms of Version 2 of the GNU General Public License
|
|
||||||
# as published by the Free Software Foundation.
|
|
||||||
#
|
|
||||||
# This program is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this program; if not, write to the Free Software
|
|
||||||
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
|
||||||
##################################################################################
|
|
||||||
|
|
||||||
case $1 in
|
|
||||||
|
|
||||||
address|host)
|
|
||||||
echo "<$1>:
|
|
||||||
May be either a host IP address such as 192.168.1.4 or a network address in
|
|
||||||
CIDR format like 192.168.1.0/24. If your kernel and iptables contain iprange
|
|
||||||
match support then IP address ranges of the form <low address>-<high address>
|
|
||||||
are also permitted. If your kernel and iptables contain ipset match support
|
|
||||||
then you may specify the name of an ipset prefaced by "+". The name of the
|
|
||||||
ipsec may be optionally followed by a number of levels of ipset bindings
|
|
||||||
(1 - 6) that are to be followed"
|
|
||||||
;;
|
|
||||||
|
|
||||||
allow)
|
|
||||||
echo "allow: allow <address> ...
|
|
||||||
Re-enables receipt of packets from hosts previously blacklisted
|
|
||||||
by a drop or reject command.
|
|
||||||
|
|
||||||
shorewall-lite allow, drop, rejct and save implement dynamic blacklisting.
|
|
||||||
|
|
||||||
See also \"help address\""
|
|
||||||
;;
|
|
||||||
|
|
||||||
clear)
|
|
||||||
echo "clear: clear
|
|
||||||
Clear will remove all rules and chains installed by Shoreline.
|
|
||||||
The firewall is then wide open and unprotected. Existing
|
|
||||||
connections are untouched. Clear is often used to see if the
|
|
||||||
firewall is causing connection problems."
|
|
||||||
;;
|
|
||||||
|
|
||||||
debug)
|
|
||||||
echo "debug: debug
|
|
||||||
If you include the keyword debug as the first argument to any
|
|
||||||
of these commands:
|
|
||||||
|
|
||||||
start|stop|restart|reset|clear|add|delete
|
|
||||||
|
|
||||||
then a shell trace of the command is produced. For example:
|
|
||||||
|
|
||||||
shorewall-lite debug start 2> /tmp/trace
|
|
||||||
|
|
||||||
The above command would trace the 'start' command and
|
|
||||||
place the trace information in the file /tmp/trace.
|
|
||||||
|
|
||||||
The word 'trace' is a synonym for 'debug'."
|
|
||||||
;;
|
|
||||||
|
|
||||||
drop)
|
|
||||||
echo "$1: $1 <address> ...
|
|
||||||
Causes packets from the specified <address> to be ignored
|
|
||||||
|
|
||||||
shorewall-lite allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
|
|
||||||
|
|
||||||
See also \"help address\""
|
|
||||||
;;
|
|
||||||
|
|
||||||
dump)
|
|
||||||
echo "dump: dump
|
|
||||||
|
|
||||||
shorewall-lite [-x] dump
|
|
||||||
|
|
||||||
Produce a verbose report about the firewall for problem analysis.
|
|
||||||
|
|
||||||
(iptables -L -n -)
|
|
||||||
|
|
||||||
When -x is given, that option is also passed to iptables to display actual packet and byte counts."
|
|
||||||
;;
|
|
||||||
|
|
||||||
forget)
|
|
||||||
echo "forget: forget [ <file name> ]
|
|
||||||
Deletes /var/lib/shorewall-lite/<file name>. If no <file name> is given then
|
|
||||||
the file specified by RESTOREFILE in shorewall.conf is removed.
|
|
||||||
|
|
||||||
See also \"help save\""
|
|
||||||
;;
|
|
||||||
|
|
||||||
help)
|
|
||||||
echo "help: help [<command> | host | address ]
|
|
||||||
Display helpful information about the shorewall-lite commands."
|
|
||||||
;;
|
|
||||||
|
|
||||||
hits)
|
|
||||||
echo "hits: hits
|
|
||||||
Produces several reports about the Shorewall packet log messages
|
|
||||||
in the current /var/log/messages file."
|
|
||||||
;;
|
|
||||||
|
|
||||||
ipcalc)
|
|
||||||
echo "ipcalc: ipcalc { address mask | address/vlsm }
|
|
||||||
Ipcalc displays the network address, broadcast address,
|
|
||||||
network in CIDR notation and netmask corresponding to the input[s]."
|
|
||||||
;;
|
|
||||||
|
|
||||||
ipdecimal)
|
|
||||||
echo "ipdecimal: ipdecimal { <IP address> | <integer> }
|
|
||||||
Converts an IP address into its 32-bit decimal equivalent and
|
|
||||||
vice versa"
|
|
||||||
;;
|
|
||||||
|
|
||||||
iprange)
|
|
||||||
echo "iprange: iprange address1-address2
|
|
||||||
Iprange decomposes the specified range of IP addresses into the
|
|
||||||
equivalent list of network/host addresses."
|
|
||||||
;;
|
|
||||||
|
|
||||||
logdrop)
|
|
||||||
echo "$1: $1 <address> ...
|
|
||||||
Causes packets from the specified <address> to be ignored and loged.
|
|
||||||
|
|
||||||
shorewall-lite allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
|
|
||||||
|
|
||||||
See also \"help address\""
|
|
||||||
;;
|
|
||||||
|
|
||||||
logwatch)
|
|
||||||
echo "logwatch: logwatch [ -m ] [<refresh interval>]
|
|
||||||
Monitors the LOGFILE, $LOGFILE,
|
|
||||||
and produces an audible alarm when new Shorewall messages are logged.
|
|
||||||
If \"-m\" is specified, then MAC addresses in the log entries (if any) are displayed."
|
|
||||||
;;
|
|
||||||
|
|
||||||
logreject)
|
|
||||||
echo "$1: $1 <address> ...
|
|
||||||
Causes packets from the specified <address> to be rejected and logged.
|
|
||||||
|
|
||||||
shorewall-lite allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
|
|
||||||
|
|
||||||
See also \"help address\""
|
|
||||||
;;
|
|
||||||
|
|
||||||
reject)
|
|
||||||
echo "$1: $1 <address> ...
|
|
||||||
Causes packets from the specified <address> to be rejected
|
|
||||||
|
|
||||||
shorewall-lite allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
|
|
||||||
|
|
||||||
See also \"help address\""
|
|
||||||
;;
|
|
||||||
|
|
||||||
reset)
|
|
||||||
echo "reset: reset
|
|
||||||
All the packet and byte counters in the firewall are reset."
|
|
||||||
;;
|
|
||||||
|
|
||||||
restart)
|
|
||||||
echo "restart: restart [ -n ] [ <configuration-directory> ]
|
|
||||||
Restart is the same as a shorewall-lite stop && shorewall-lite start.
|
|
||||||
Existing connections are maintained.
|
|
||||||
|
|
||||||
If \"-n\" is specified, no changes to routing will be made"
|
|
||||||
;;
|
|
||||||
|
|
||||||
restore)
|
|
||||||
echo "restore: restore [ -n ] [ <file name> ]
|
|
||||||
Restore Shorewall to a state saved using the 'save' command
|
|
||||||
Existing connections are maintained. The <file name> names a restore file in
|
|
||||||
/var/lib/shorewall-lite created using \"shorewall-lite save\"; if no
|
|
||||||
<file name> is given then Shorewall Lite will be restored from the file
|
|
||||||
specified by the RESTOREFILE option in shorewall.conf.
|
|
||||||
|
|
||||||
If \"-n\" is specified, no changes to routing will be made.
|
|
||||||
|
|
||||||
See also \"help save\", \"help compile\" and \"help forget\""
|
|
||||||
;;
|
|
||||||
|
|
||||||
save)
|
|
||||||
echo "save: save [ <file name> ]
|
|
||||||
The dynamic data is stored in /var/lib/shorewall-lite/save. The state of the
|
|
||||||
firewall is stored in /var/lib/shorewall-lite/<file name> for use by the 'shorewall-lite restore'
|
|
||||||
and 'shorewall-lite -f start' commands. If <file name> is not given then the state is saved
|
|
||||||
in the file specified by the RESTOREFILE option in shorewall.conf.
|
|
||||||
|
|
||||||
shorewall-lite allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
|
|
||||||
|
|
||||||
See also \"help restore\" and \"help forget\""
|
|
||||||
;;
|
|
||||||
|
|
||||||
show)
|
|
||||||
echo "show: show [ <chain> [ <chain> ...] |actions|capabilities|classifiers|config|connections|ip|log|macros|mangle|nat|routing|tc|zones]
|
|
||||||
|
|
||||||
shorewall-lite [-x] show <chain> [ <chain> ... ] - produce a verbose report about the IPtable chain(s).
|
|
||||||
(iptables -L chain -n -v)
|
|
||||||
|
|
||||||
shorewall-lite [-x] show mangle - produce a verbose report about the mangle table.
|
|
||||||
(iptables -t mangle -L -n -v)
|
|
||||||
|
|
||||||
shorewall-lite [-x] show nat - produce a verbose report about the nat table.
|
|
||||||
(iptables -t nat -L -n -v)
|
|
||||||
|
|
||||||
shorewall-lite show [ -m ] log - display the last 20 packet log entries. If \"-m\" is specified, then
|
|
||||||
MAC addresses in the log entries (if any) are displayed.
|
|
||||||
|
|
||||||
shorewall-lite show connections - displays the IP connections currently
|
|
||||||
being tracked by the firewall.
|
|
||||||
|
|
||||||
shorewall-lite show tc - displays information about the traffic
|
|
||||||
control/shaping configuration.
|
|
||||||
|
|
||||||
shorewall-lite show zones - displays the contents of all zones.
|
|
||||||
|
|
||||||
shorewall-lite show - [ -f ] capabilities - displays your kernel/iptables capabilities. When \"-f\" is
|
|
||||||
specified, then the output is suitable for use as /etc/shorewall/capabilities on your administrative
|
|
||||||
system.
|
|
||||||
|
|
||||||
shorewall-lite show ip - produces output equivalent to 'ip addr ls'
|
|
||||||
|
|
||||||
shorewall-lite show routing - produces a report about routing rules and tables.
|
|
||||||
|
|
||||||
shorewall-lite show config - displays the default CONFIG_PATH and LITEDIR for your distribution
|
|
||||||
|
|
||||||
When -x is given, that option is also passed to iptables to display actual packet and byte counts."
|
|
||||||
;;
|
|
||||||
|
|
||||||
start)
|
|
||||||
echo "start: start [ -f ] [ -n ] [ <configuration-directory> ]
|
|
||||||
Start Shorewall Lite. Existing connections through shorewall managed
|
|
||||||
interfaces are untouched. New connections will be allowed only
|
|
||||||
if they are allowed by the firewall rules or policies.
|
|
||||||
|
|
||||||
If \"-f\" is specified, the saved configuration specified by the RESTOREFILE option
|
|
||||||
in shorewall.conf will be restored if that saved configuration exists. In that
|
|
||||||
case, a <configuration-directory> may not be specified.
|
|
||||||
If \"-n\" is specified, no changes to routing will be made."
|
|
||||||
;;
|
|
||||||
|
|
||||||
stop)
|
|
||||||
echo "stop: stop
|
|
||||||
Stops the firewall. All existing connections, except those
|
|
||||||
listed in routestopped, are taken down.
|
|
||||||
The only new traffic permitted through the firewall
|
|
||||||
is from systems listed in routestopped."
|
|
||||||
;;
|
|
||||||
|
|
||||||
status)
|
|
||||||
echo "status: status
|
|
||||||
|
|
||||||
shorewall-lite status
|
|
||||||
|
|
||||||
Displays the Shorewall Lite status (running/not-running).
|
|
||||||
|
|
||||||
Also displays the Shorewall Lite state as shown in the state diagram at
|
|
||||||
http://www.shorewall.net/starting_and_stopping_shorewall. The time and
|
|
||||||
date when that state was reached is also displayed."
|
|
||||||
;;
|
|
||||||
|
|
||||||
trace)
|
|
||||||
echo "trace: trace
|
|
||||||
If you include the keyword trace as the first argument to any
|
|
||||||
of these commands:
|
|
||||||
|
|
||||||
start|stop|restart|reset|clear
|
|
||||||
|
|
||||||
then a shell trace of the command is produced. For example:
|
|
||||||
|
|
||||||
shorewall-lite trace start 2> /tmp/trace
|
|
||||||
|
|
||||||
The above command would trace the 'start' command and
|
|
||||||
place the trace information in the file /tmp/trace.
|
|
||||||
|
|
||||||
The word 'debug' is a synonym for 'trace'."
|
|
||||||
;;
|
|
||||||
|
|
||||||
version)
|
|
||||||
echo "version: version
|
|
||||||
Show the current Shorewall Lite version which is: $version"
|
|
||||||
;;
|
|
||||||
|
|
||||||
*)
|
|
||||||
echo "$1: $1 is not recognized by the help command"
|
|
||||||
;;
|
|
||||||
|
|
||||||
esac
|
|
||||||
|
|
||||||
exit 0 # always ok
|
|
||||||
|
|
@ -313,13 +313,6 @@ install_file shorecap ${PREFIX}/usr/share/shorewall-lite/shorecap 0555
|
|||||||
echo
|
echo
|
||||||
echo "Capability file builder installed in ${PREFIX}/usr/share/shorewall-lite/shorecap"
|
echo "Capability file builder installed in ${PREFIX}/usr/share/shorewall-lite/shorecap"
|
||||||
|
|
||||||
|
|
||||||
# Install the Help file
|
|
||||||
#
|
|
||||||
install_file help ${PREFIX}/usr/share/shorewall-lite/help 0544
|
|
||||||
|
|
||||||
echo "Help command executor installed in ${PREFIX}/usr/share/shorewall-lite/help"
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Install the Modules file
|
# Install the Modules file
|
||||||
#
|
#
|
||||||
|
@ -375,7 +375,7 @@ usage() # $1 = exit status
|
|||||||
echo " drop <address> ..."
|
echo " drop <address> ..."
|
||||||
echo " dump [ -x ]"
|
echo " dump [ -x ]"
|
||||||
echo " forget [ <file name> ]"
|
echo " forget [ <file name> ]"
|
||||||
echo " help [ <command > | host | address ]"
|
echo " help"
|
||||||
echo " hits"
|
echo " hits"
|
||||||
echo " ipcalc { <address>/<vlsm> | <address> <netmask> }"
|
echo " ipcalc { <address>/<vlsm> | <address> <netmask> }"
|
||||||
echo " ipdecimal { <address> | <integer> }"
|
echo " ipdecimal { <address> | <integer> }"
|
||||||
@ -881,8 +881,7 @@ case "$COMMAND" in
|
|||||||
;;
|
;;
|
||||||
help)
|
help)
|
||||||
shift
|
shift
|
||||||
[ $# -ne 1 ] && usage 1
|
usage
|
||||||
help $@
|
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
usage 1
|
usage 1
|
||||||
|
@ -80,7 +80,6 @@ fi
|
|||||||
%attr(0444,root,root) /usr/share/shorewall-lite/lib.cli
|
%attr(0444,root,root) /usr/share/shorewall-lite/lib.cli
|
||||||
%attr(0444,root,root) /usr/share/shorewall-lite/modules
|
%attr(0444,root,root) /usr/share/shorewall-lite/modules
|
||||||
%attr(0544,root,root) /usr/share/shorewall-lite/shorecap
|
%attr(0544,root,root) /usr/share/shorewall-lite/shorecap
|
||||||
%attr(0544,root,root) /usr/share/shorewall-lite/help
|
|
||||||
|
|
||||||
%attr(0444,root,root) %{_mandir}/man5/shorewall-accounting.5.gz
|
%attr(0444,root,root) %{_mandir}/man5/shorewall-accounting.5.gz
|
||||||
%attr(0444,root,root) %{_mandir}/man5/shorewall-actions.5.gz
|
%attr(0444,root,root) %{_mandir}/man5/shorewall-actions.5.gz
|
||||||
|
@ -2,6 +2,8 @@ Changes in 3.3.6
|
|||||||
|
|
||||||
1) Remove /etc/shorewall/Documentation.
|
1) Remove /etc/shorewall/Documentation.
|
||||||
|
|
||||||
|
2) Remove /usr/share/shorewall/help.
|
||||||
|
|
||||||
Changes in 3.3.5
|
Changes in 3.3.5
|
||||||
|
|
||||||
1) Restore default route when there are no 'balance' providers.
|
1) Restore default route when there are no 'balance' providers.
|
||||||
|
467
Shorewall/help
467
Shorewall/help
@ -1,467 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
#
|
|
||||||
# Shorewall help subsystem - V3.3
|
|
||||||
#
|
|
||||||
#
|
|
||||||
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
|
|
||||||
#
|
|
||||||
# (c) 2003-2006 - Tom Eastep (teastep@shorewall.net)
|
|
||||||
# Steve Herber (herber@thing.com)
|
|
||||||
#
|
|
||||||
# This file should be placed in /usr/share/shorewall/help
|
|
||||||
#
|
|
||||||
# Shorewall documentation is available at http://www.shorewall.net
|
|
||||||
#
|
|
||||||
# This program is free software; you can redistribute it and/or modify
|
|
||||||
# it under the terms of Version 2 of the GNU General Public License
|
|
||||||
# as published by the Free Software Foundation.
|
|
||||||
#
|
|
||||||
# This program is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this program; if not, write to the Free Software
|
|
||||||
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
|
||||||
##################################################################################
|
|
||||||
|
|
||||||
case $1 in
|
|
||||||
|
|
||||||
add)
|
|
||||||
echo "add: add <interface>[:<host-list>] ... <zone>
|
|
||||||
Adds a list of hosts or subnets to a dynamic zone usually used with VPN's.
|
|
||||||
|
|
||||||
shorewall add interface:host-list ... zone - Adds the specified interface
|
|
||||||
(and host-list if included) to the specified zone.
|
|
||||||
|
|
||||||
A host-list is a comma-separated list whose elements are:
|
|
||||||
|
|
||||||
A host or network address
|
|
||||||
The name of a bridge port
|
|
||||||
The name of a bridge port followed by a colon (":") and a host or
|
|
||||||
network address.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
shorewall add ipsec0:192.0.2.24 vpn1 -- adds the address 192.0.2.24
|
|
||||||
from interface ipsec0 to the zone vpn1.
|
|
||||||
|
|
||||||
See also \"help host\""
|
|
||||||
;;
|
|
||||||
|
|
||||||
address|host)
|
|
||||||
echo "<$1>:
|
|
||||||
May be either a host IP address such as 192.168.1.4 or a network address in
|
|
||||||
CIDR format like 192.168.1.0/24. If your kernel and iptables contain iprange
|
|
||||||
match support then IP address ranges of the form <low address>-<high address>
|
|
||||||
are also permitted. If your kernel and iptables contain ipset match support
|
|
||||||
then you may specify the name of an ipset prefaced by "+". The name of the
|
|
||||||
ipsec may be optionally followed by a number of levels of ipset bindings
|
|
||||||
(1 - 6) that are to be followed"
|
|
||||||
;;
|
|
||||||
|
|
||||||
allow)
|
|
||||||
echo "allow: allow <address> ...
|
|
||||||
Re-enables receipt of packets from hosts previously blacklisted
|
|
||||||
by a drop or reject command.
|
|
||||||
|
|
||||||
Shorewall allow, drop, rejct and save implement dynamic blacklisting.
|
|
||||||
|
|
||||||
See also \"help address\""
|
|
||||||
;;
|
|
||||||
|
|
||||||
check)
|
|
||||||
echo "check: check [ -e ] [ <configuration-directory> ]
|
|
||||||
Performs a cursory validation of the zones, interfaces, hosts,
|
|
||||||
rules, policy, masq, blacklist, proxyarp, nat and provider files. Use this
|
|
||||||
if you are unsure of any edits you have made to the shorewall configuration.
|
|
||||||
See the try command examples for a recommended way to make changes.
|
|
||||||
|
|
||||||
The \"-e\" option causes Shorewall to use the /etc/shorewall/capabilities
|
|
||||||
file to determine the capabilities of the target system rather than probing
|
|
||||||
for them on the local system."
|
|
||||||
;;
|
|
||||||
|
|
||||||
clear)
|
|
||||||
echo "clear: clear
|
|
||||||
Clear will remove all rules and chains installed by Shoreline.
|
|
||||||
The firewall is then wide open and unprotected. Existing
|
|
||||||
connections are untouched. Clear is often used to see if the
|
|
||||||
firewall is causing connection problems."
|
|
||||||
;;
|
|
||||||
|
|
||||||
compile)
|
|
||||||
echo "compile: compile [ -e ] [ <directory name> ] <path name>
|
|
||||||
Compiles the current configuration into the executable file
|
|
||||||
<path name>. If <path name> names a file in /var/lib/shorewall then
|
|
||||||
the file may be executed using the \"restore\" command.
|
|
||||||
|
|
||||||
When -e is specified, the compilation is being performed on a system
|
|
||||||
other than where the compiled script will run. This option disables
|
|
||||||
certain configuration options that require the script to be compiled
|
|
||||||
where it is to be run.
|
|
||||||
|
|
||||||
Additional distributions are expected to be supported shortly."
|
|
||||||
;;
|
|
||||||
|
|
||||||
debug)
|
|
||||||
echo "debug: debug
|
|
||||||
If you include the keyword debug as the first argument to any
|
|
||||||
of these commands:
|
|
||||||
|
|
||||||
start|stop|restart|reset|clear|refresh|check|add|delete|compile
|
|
||||||
|
|
||||||
then a shell trace of the command is produced. For example:
|
|
||||||
|
|
||||||
shorewall debug start 2> /tmp/trace
|
|
||||||
|
|
||||||
The above command would trace the 'start' command and
|
|
||||||
place the trace information in the file /tmp/trace.
|
|
||||||
|
|
||||||
The word 'trace' is a synonym for 'debug'."
|
|
||||||
;;
|
|
||||||
|
|
||||||
delete)
|
|
||||||
echo "delete: delete <interface>[:<host-list>] ... <zone>
|
|
||||||
Deletes a list of hosts or networks from a dynamic zone usually used with VPN's.
|
|
||||||
|
|
||||||
shorewall delete interface[:host-list] ... zone - Deletes the specified
|
|
||||||
interfaces (and host list if included) from the specified zone.
|
|
||||||
|
|
||||||
A host-list is a comma-separated list whose elements are:
|
|
||||||
|
|
||||||
A host or network address
|
|
||||||
The name of a bridge port
|
|
||||||
The name of a bridge port followed by a colon (":") and a host or
|
|
||||||
network address.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
shorewall delete ipsec0:192.0.2.24 vpn1 -- deletes the address
|
|
||||||
192.0.2.24 from interface ipsec0 from zone vpn1
|
|
||||||
|
|
||||||
See also \"help host\""
|
|
||||||
;;
|
|
||||||
|
|
||||||
drop)
|
|
||||||
echo "$1: $1 <address> ...
|
|
||||||
Causes packets from the specified <address> to be ignored
|
|
||||||
|
|
||||||
Shorewall allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
|
|
||||||
|
|
||||||
See also \"help address\""
|
|
||||||
;;
|
|
||||||
|
|
||||||
dump)
|
|
||||||
echo "dump: dump
|
|
||||||
|
|
||||||
shorewall [-x] dump
|
|
||||||
|
|
||||||
Produce a verbose report about the firewall for problem analysis.
|
|
||||||
|
|
||||||
(iptables -L -n -)
|
|
||||||
|
|
||||||
When -x is given, that option is also passed to iptables to display actual packet and byte counts."
|
|
||||||
;;
|
|
||||||
|
|
||||||
export)
|
|
||||||
echo "export: export [ <directory1> ] <target>
|
|
||||||
|
|
||||||
If <directory1> is omitted, then the current working directory is assumed.
|
|
||||||
|
|
||||||
Causes the shorewall configuration in <directory1> to be compiled into a
|
|
||||||
program called '<directory1>/firewall'. If compilation is successful,
|
|
||||||
the '<directory1>/firewall' script is copied via scp to the specified
|
|
||||||
<target>
|
|
||||||
|
|
||||||
<target> is of the form [user@]<system>:[<directory1>]
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
shorewall export admin@gateway:~
|
|
||||||
|
|
||||||
This command would compile the configuration in the current working directory
|
|
||||||
then copy the 'firewall' (and firewall.conf) files to admin's home directory
|
|
||||||
on system 'gateway'"
|
|
||||||
;;
|
|
||||||
|
|
||||||
forget)
|
|
||||||
echo "forget: forget [ <file name> ]
|
|
||||||
Deletes /var/lib/shorewall/<file name>. If no <file name> is given then
|
|
||||||
the file specified by RESTOREFILE in shorewall.conf is removed.
|
|
||||||
|
|
||||||
See also \"help save\""
|
|
||||||
;;
|
|
||||||
|
|
||||||
help)
|
|
||||||
echo "help: help [<command> | host | address ]
|
|
||||||
Display helpful information about the shorewall commands."
|
|
||||||
;;
|
|
||||||
|
|
||||||
hits)
|
|
||||||
echo "hits: hits
|
|
||||||
Produces several reports about the Shorewall packet log messages
|
|
||||||
in the current /var/log/messages file."
|
|
||||||
;;
|
|
||||||
|
|
||||||
ipcalc)
|
|
||||||
echo "ipcalc: ipcalc { address mask | address/vlsm }
|
|
||||||
Ipcalc displays the network address, broadcast address,
|
|
||||||
network in CIDR notation and netmask corresponding to the input[s]."
|
|
||||||
;;
|
|
||||||
|
|
||||||
ipdecimal)
|
|
||||||
echo "ipdecimal: ipdecimal { <IP address> | <integer> }
|
|
||||||
Converts an IP address into its 32-bit decimal equivalent and
|
|
||||||
vice versa"
|
|
||||||
;;
|
|
||||||
|
|
||||||
iprange)
|
|
||||||
echo "iprange: iprange address1-address2
|
|
||||||
Iprange decomposes the specified range of IP addresses into the
|
|
||||||
equivalent list of network/host addresses."
|
|
||||||
;;
|
|
||||||
|
|
||||||
load)
|
|
||||||
echo "load: load [ -s ] [ -c ] [ <directory> ] <system>
|
|
||||||
If <directory> is omitted, then the current working directory is assumed.
|
|
||||||
|
|
||||||
Requires that Shorewall Lite be installed on the named <system>.
|
|
||||||
|
|
||||||
Causes the shorewall configuration in <directory> to be compiled into a
|
|
||||||
program called '<directory>/firewall'. If compilation is successful,
|
|
||||||
the '<directory>/firewall' script is copied via scp to the
|
|
||||||
${LITEDIR} directory on <system>. If the script is copied
|
|
||||||
successfully, Shorewall Lite on <system> is started via ssh.
|
|
||||||
|
|
||||||
If the -s option is given and Shorewall Lite starts successfully then
|
|
||||||
ssh is used to execute 'shorewall-lite save' on <system>
|
|
||||||
|
|
||||||
If the -c option is given, Shorewall will capture the remote system's
|
|
||||||
capabilities to <directory>/capabilities before compiling"
|
|
||||||
;;
|
|
||||||
|
|
||||||
logdrop)
|
|
||||||
echo "$1: $1 <address> ...
|
|
||||||
Causes packets from the specified <address> to be ignored and loged.
|
|
||||||
|
|
||||||
Shorewall allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
|
|
||||||
|
|
||||||
See also \"help address\""
|
|
||||||
;;
|
|
||||||
|
|
||||||
logwatch)
|
|
||||||
echo "logwatch: logwatch [ -m ] [<refresh interval>]
|
|
||||||
Monitors the LOGFILE, $LOGFILE,
|
|
||||||
and produces an audible alarm when new Shorewall messages are logged.
|
|
||||||
If \"-m\" is specified, then MAC addresses in the log entries (if any) are displayed."
|
|
||||||
;;
|
|
||||||
|
|
||||||
logreject)
|
|
||||||
echo "$1: $1 <address> ...
|
|
||||||
Causes packets from the specified <address> to be rejected and logged.
|
|
||||||
|
|
||||||
Shorewall allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
|
|
||||||
|
|
||||||
See also \"help address\""
|
|
||||||
;;
|
|
||||||
|
|
||||||
refresh)
|
|
||||||
echo "refresh: refresh
|
|
||||||
The rules involving the broadcast addresses of firewall interfaces,
|
|
||||||
the black list, and ECN control rules are recreated to reflect any
|
|
||||||
changes made. Existing connections are untouched."
|
|
||||||
;;
|
|
||||||
|
|
||||||
reject)
|
|
||||||
echo "$1: $1 <address> ...
|
|
||||||
Causes packets from the specified <address> to be rejected
|
|
||||||
|
|
||||||
Shorewall allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
|
|
||||||
|
|
||||||
See also \"help address\""
|
|
||||||
;;
|
|
||||||
|
|
||||||
reset)
|
|
||||||
echo "reset: reset
|
|
||||||
All the packet and byte counters in the firewall are reset."
|
|
||||||
;;
|
|
||||||
|
|
||||||
reload)
|
|
||||||
echo "reload: reload [ -s ] [ -c ] [ <directory> ] <system>
|
|
||||||
If <directory> is omitted, then the current working directory is assumed.
|
|
||||||
|
|
||||||
Requires that Shorewall Lite be installed on the named <system>.
|
|
||||||
|
|
||||||
Causes the shorewall configuration in <directory> to be compiled into a
|
|
||||||
program called '<directory>/firewall'. If compilation is successful,
|
|
||||||
the '<directory>/firewall' script is copied via scp to the
|
|
||||||
${LITEDIR} directory on <system>. If the script is copied
|
|
||||||
successfully, Shorewall Lite on <system> is restarted via ssh.
|
|
||||||
|
|
||||||
If the -s option is given and Shorewall Lite restarts successfully then
|
|
||||||
ssh is used to execute 'shorewall-lite save' on <system>
|
|
||||||
|
|
||||||
If the -c option is given, Shorewall will capture the remote system's
|
|
||||||
capabilities to <directory>/capabilities before compiling"
|
|
||||||
;;
|
|
||||||
|
|
||||||
restart)
|
|
||||||
echo "restart: restart [ -n ] [ <configuration-directory> ]
|
|
||||||
Restart is the same as a shorewall stop && shorewall start.
|
|
||||||
Existing connections are maintained.
|
|
||||||
|
|
||||||
If \"-n\" is specified, no changes to routing will be made"
|
|
||||||
;;
|
|
||||||
|
|
||||||
safe-restart)
|
|
||||||
echo "safe-restart: safe-restart
|
|
||||||
Restart the same way as a shorewall restart except that previous firewall
|
|
||||||
configuration is backed up and will be restored if you notice any anomalies
|
|
||||||
or you are not able to reach the firewall any more."
|
|
||||||
;;
|
|
||||||
|
|
||||||
safe-start)
|
|
||||||
echo "safe-start: safe-start
|
|
||||||
Start the same way as a shorewall start except that in case of anomalies
|
|
||||||
shorewall clear is issued. "
|
|
||||||
;;
|
|
||||||
|
|
||||||
restore)
|
|
||||||
echo "restore: restore [ -n ] [ <file name> ]
|
|
||||||
Restore Shorewall to a state saved using the 'save' command
|
|
||||||
Existing connections are maintained. The <file name> names a restore file in
|
|
||||||
/var/lib/shorewall created using \"shorewall save\"; if no <file name> is given
|
|
||||||
then Shorewall will be restored from the file specified by the RESTOREFILE
|
|
||||||
option in shorewall.conf.
|
|
||||||
|
|
||||||
If \"-n\" is specified, no changes to routing will be made.
|
|
||||||
|
|
||||||
See also \"help save\", \"help compile\" and \"help forget\""
|
|
||||||
;;
|
|
||||||
|
|
||||||
save)
|
|
||||||
echo "save: save [ <file name> ]
|
|
||||||
The dynamic data is stored in /var/lib/shorewall/save. The state of the
|
|
||||||
firewall is stored in /var/lib/shorewall/<file name> for use by the 'shorewall restore'
|
|
||||||
and 'shorewall -f start' commands. If <file name> is not given then the state is saved
|
|
||||||
in the file specified by the RESTOREFILE option in shorewall.conf.
|
|
||||||
|
|
||||||
Shorewall allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
|
|
||||||
|
|
||||||
See also \"help restore\" and \"help forget\""
|
|
||||||
;;
|
|
||||||
|
|
||||||
show)
|
|
||||||
echo "show: show [ <chain> [ <chain> ...] |actions|capabilities|classifiers|config|connections|ip|log|macros|mangle|nat|routing|tc|zones]
|
|
||||||
|
|
||||||
shorewall [-x] show <chain> [ <chain> ... ] - produce a verbose report about the IPtable chain(s).
|
|
||||||
(iptables -L chain -n -v)
|
|
||||||
|
|
||||||
shorewall show actions - produce a list of builtin actions and actions defined in /usr/share/shorewall/actions.std and /etc/shorewall
|
|
||||||
|
|
||||||
shorewall [-x] show mangle - produce a verbose report about the mangle table.
|
|
||||||
(iptables -t mangle -L -n -v)
|
|
||||||
|
|
||||||
shorewall [-x] show nat - produce a verbose report about the nat table.
|
|
||||||
(iptables -t nat -L -n -v)
|
|
||||||
|
|
||||||
shorewall show [ -m ] log - display the last 20 packet log entries. If \"-m\" is specified, then
|
|
||||||
MAC addresses in the log entries (if any) are displayed.
|
|
||||||
|
|
||||||
shorewall show macros -- displays the standard macros.
|
|
||||||
|
|
||||||
shorewall show connections - displays the IP connections currently
|
|
||||||
being tracked by the firewall.
|
|
||||||
|
|
||||||
shorewall show tc - displays information about the traffic
|
|
||||||
control/shaping configuration.
|
|
||||||
|
|
||||||
shorewall show zones - displays the contents of all zones.
|
|
||||||
|
|
||||||
shorewall show [ -f ] capabilities - displays your kernel/iptables capabilities. When \"-f\" is
|
|
||||||
specified, then the output is suitable for use as /etc/shorewall/capabilities.
|
|
||||||
|
|
||||||
shorewall show ip - produces output equivalent to 'ip addr ls'
|
|
||||||
|
|
||||||
shorewall show routing - produces a report about routing rules and tables.
|
|
||||||
|
|
||||||
shorewall show config - displays the default CONFIG_PATH and LITEDIR for your distribution
|
|
||||||
|
|
||||||
When -x is given, that option is also passed to iptables to display actual packet and byte counts."
|
|
||||||
;;
|
|
||||||
|
|
||||||
start)
|
|
||||||
echo "start: start [ -f ] [ -n ] [ <configuration-directory> ]
|
|
||||||
Start shorewall. Existing connections through shorewall managed
|
|
||||||
interfaces are untouched. New connections will be allowed only
|
|
||||||
if they are allowed by the firewall rules or policies.
|
|
||||||
If \"-f\" is specified, the saved configuration specified by the RESTOREFILE option
|
|
||||||
in shorewall.conf will be restored if that saved configuration exists. In that
|
|
||||||
case, a <configuration-directory> may not be specified.
|
|
||||||
If \"-n\" is specified, no changes to routing will be made."
|
|
||||||
;;
|
|
||||||
|
|
||||||
stop)
|
|
||||||
echo "stop: stop
|
|
||||||
Stops the firewall. All existing connections, except those
|
|
||||||
listed in /etc/shorewall/routestopped, are taken down.
|
|
||||||
The only new traffic permitted through the firewall
|
|
||||||
is from systems listed in /etc/shorewall/routestopped."
|
|
||||||
;;
|
|
||||||
|
|
||||||
status)
|
|
||||||
echo "status: status
|
|
||||||
|
|
||||||
shorewall status
|
|
||||||
|
|
||||||
Displays the Shorewall status (running/not-running).
|
|
||||||
|
|
||||||
Also displays the Shorewall state as shown in the state diagram at
|
|
||||||
http://www.shorewall.net/starting_and_stopping_shorewall. The time and
|
|
||||||
date when that state was reached is also displayed."
|
|
||||||
;;
|
|
||||||
|
|
||||||
trace)
|
|
||||||
echo "trace: trace
|
|
||||||
If you include the keyword trace as the first argument to any
|
|
||||||
of these commands:
|
|
||||||
|
|
||||||
start|stop|restart|reset|clear|refresh|check|add|delete|compile
|
|
||||||
|
|
||||||
then a shell trace of the command is produced. For example:
|
|
||||||
|
|
||||||
shorewall trace start 2> /tmp/trace
|
|
||||||
|
|
||||||
The above command would trace the 'start' command and
|
|
||||||
place the trace information in the file /tmp/trace.
|
|
||||||
|
|
||||||
The word 'debug' is a synonym for 'trace'."
|
|
||||||
;;
|
|
||||||
|
|
||||||
try)
|
|
||||||
echo "try: try [ -n ] <configuration-directory> [ <timeout> ]
|
|
||||||
Restart shorewall using the specified configuration. If an error
|
|
||||||
occurs during the restart, then another shorewall restart is performed
|
|
||||||
using the default configuration. If a timeout is specified then
|
|
||||||
the restart is always performed after the timeout occurs and uses
|
|
||||||
the default configuration.
|
|
||||||
|
|
||||||
The \"-n\" option will be passed down to the underlying commands (see
|
|
||||||
'start', 'restart' and 'restore')"
|
|
||||||
;;
|
|
||||||
|
|
||||||
version)
|
|
||||||
echo "version: version
|
|
||||||
Show the current shorewall version which is: $version"
|
|
||||||
;;
|
|
||||||
|
|
||||||
*)
|
|
||||||
echo "$1: $1 is not recognized by the help command"
|
|
||||||
;;
|
|
||||||
|
|
||||||
esac
|
|
||||||
|
|
||||||
exit 0 # always ok
|
|
||||||
|
|
@ -295,12 +295,6 @@ install_file compiler ${PREFIX}/usr/share/shorewall/compiler 0555
|
|||||||
echo
|
echo
|
||||||
echo "Compiler installed in ${PREFIX}/usr/share/shorewall/compiler"
|
echo "Compiler installed in ${PREFIX}/usr/share/shorewall/compiler"
|
||||||
|
|
||||||
# Install the Help file
|
|
||||||
#
|
|
||||||
install_file help ${PREFIX}/usr/share/shorewall/help 0555
|
|
||||||
|
|
||||||
echo "Help command executor installed in ${PREFIX}/usr/share/shorewall/help"
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Install the policy file
|
# Install the policy file
|
||||||
#
|
#
|
||||||
|
@ -355,7 +355,7 @@ show_routing() {
|
|||||||
# Show Command Executor
|
# Show Command Executor
|
||||||
#
|
#
|
||||||
show_command() {
|
show_command() {
|
||||||
local finished=0
|
local finished=0 local table=filter
|
||||||
|
|
||||||
while [ $finished -eq 0 -a $# -gt 0 ]; do
|
while [ $finished -eq 0 -a $# -gt 0 ]; do
|
||||||
option=$1
|
option=$1
|
||||||
@ -385,6 +385,21 @@ show_command() {
|
|||||||
FILEMODE=Yes
|
FILEMODE=Yes
|
||||||
option=${option#f}
|
option=${option#f}
|
||||||
;;
|
;;
|
||||||
|
t)
|
||||||
|
[ $# -eq 1 ] && usage 1
|
||||||
|
|
||||||
|
case $2 in
|
||||||
|
mangle|nat|filter)
|
||||||
|
table=$2
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
fatal_error "Invalid table name ($s)"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
option=
|
||||||
|
shift
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
usage 1
|
usage 1
|
||||||
;;
|
;;
|
||||||
@ -528,10 +543,10 @@ show_command() {
|
|||||||
show_reset
|
show_reset
|
||||||
if [ $# -gt 0 ]; then
|
if [ $# -gt 0 ]; then
|
||||||
for chain in $*; do
|
for chain in $*; do
|
||||||
$IPTABLES -L $chain $IPT_OPTIONS
|
$IPTABLES -t $table -L $chain $IPT_OPTIONS
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
$IPTABLES -L $IPT_OPTIONS
|
$IPTABLES -t $table -L $IPT_OPTIONS
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
@ -715,15 +730,6 @@ restore_command() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
|
||||||
# Help information
|
|
||||||
#
|
|
||||||
help()
|
|
||||||
{
|
|
||||||
[ -x $HELP ] && { export version; exec $HELP $*; }
|
|
||||||
echo "Help subsystem is not installed at $HELP"
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Display the time that the counters were last reset
|
# Display the time that the counters were last reset
|
||||||
#
|
#
|
||||||
|
@ -31,7 +31,7 @@ Shorewall 3.3.6
|
|||||||
Please see the "Migration Considerations" below for additional upgrade
|
Please see the "Migration Considerations" below for additional upgrade
|
||||||
information.
|
information.
|
||||||
|
|
||||||
Problems Corrected in 3.3.5
|
Problems Corrected in 3.3.6
|
||||||
|
|
||||||
None.
|
None.
|
||||||
|
|
||||||
@ -40,6 +40,9 @@ Other Changes in 3.3.6
|
|||||||
1) Now that the manpages are in place, /etc/shorewall/Documentation
|
1) Now that the manpages are in place, /etc/shorewall/Documentation
|
||||||
has been removed.
|
has been removed.
|
||||||
|
|
||||||
|
Command-specific help has also been removed since it duplicates
|
||||||
|
information in the man pages.
|
||||||
|
|
||||||
Migration Considerations:
|
Migration Considerations:
|
||||||
|
|
||||||
1) Shorewall supports the notion of "default actions". A default
|
1) Shorewall supports the notion of "default actions". A default
|
||||||
|
@ -861,7 +861,7 @@ export_command() # $* = original arguments less the command.
|
|||||||
target=$2
|
target=$2
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
fatal_error "ERROR: Invalid command syntax (\"shorewall help export\" for help)"
|
fatal_error "ERROR: Invalid command syntax (\"man shorewall\" for help)"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
@ -900,7 +900,7 @@ usage() # $1 = exit status
|
|||||||
echo " dump [ -x ]"
|
echo " dump [ -x ]"
|
||||||
echo " export [ <directory1> ] [<user>@]<system>:[<directory2>]"
|
echo " export [ <directory1> ] [<user>@]<system>:[<directory2>]"
|
||||||
echo " forget [ <file name> ]"
|
echo " forget [ <file name> ]"
|
||||||
echo " help [ <command > | host | address ]"
|
echo " help"
|
||||||
echo " hits"
|
echo " hits"
|
||||||
echo " ipcalc { <address>/<vlsm> | <address> <netmask> }"
|
echo " ipcalc { <address>/<vlsm> | <address> <netmask> }"
|
||||||
echo " ipdecimal { <address> | <integer> }"
|
echo " ipdecimal { <address> | <integer> }"
|
||||||
@ -916,7 +916,7 @@ usage() # $1 = exit status
|
|||||||
echo " restart [ -n ] [ <directory> ]"
|
echo " restart [ -n ] [ <directory> ]"
|
||||||
echo " restore [ -n ] [ <file name> ]"
|
echo " restore [ -n ] [ <file name> ]"
|
||||||
echo " save [ <file name> ]"
|
echo " save [ <file name> ]"
|
||||||
echo " show [ -x ] [ -m ] [-f] [<chain> [ <chain> ... ]|actions|capabilities|classifiers|config|connections|ip|log|macros|mangle|nat|routing|tc|zones]"
|
echo " show [ -x ] [ -m ] [-f] [ -t {filter|mangle|nat} ] [<chain> [ <chain> ... ]|actions|capabilities|classifiers|config|connections|ip|log|macros|mangle|nat|routing|tc|zones]"
|
||||||
echo " start [ -f ] [ -n ] [ <directory> ]"
|
echo " start [ -f ] [ -n ] [ <directory> ]"
|
||||||
echo " stop"
|
echo " stop"
|
||||||
echo " status"
|
echo " status"
|
||||||
@ -1456,8 +1456,7 @@ case "$COMMAND" in
|
|||||||
;;
|
;;
|
||||||
help)
|
help)
|
||||||
shift
|
shift
|
||||||
[ $# -ne 1 ] && usage 1
|
usage
|
||||||
help $@
|
|
||||||
;;
|
;;
|
||||||
safe-restart|safe-start)
|
safe-restart|safe-start)
|
||||||
shift
|
shift
|
||||||
|
@ -112,7 +112,6 @@ fi
|
|||||||
%attr(0555,root,root) /usr/share/shorewall/compiler
|
%attr(0555,root,root) /usr/share/shorewall/compiler
|
||||||
%attr(0555,root,root) /usr/share/shorewall/firewall
|
%attr(0555,root,root) /usr/share/shorewall/firewall
|
||||||
%attr(0777,root,root) /usr/share/shorewall/functions
|
%attr(0777,root,root) /usr/share/shorewall/functions
|
||||||
%attr(0555,root,root) /usr/share/shorewall/help
|
|
||||||
%attr(0444,root,root) /usr/share/shorewall/lib.accounting
|
%attr(0444,root,root) /usr/share/shorewall/lib.accounting
|
||||||
%attr(0444,root,root) /usr/share/shorewall/lib.actions
|
%attr(0444,root,root) /usr/share/shorewall/lib.actions
|
||||||
%attr(0444,root,root) /usr/share/shorewall/lib.base
|
%attr(0444,root,root) /usr/share/shorewall/lib.base
|
||||||
|
@ -70,10 +70,6 @@
|
|||||||
<arg>-options</arg>
|
<arg>-options</arg>
|
||||||
|
|
||||||
<command>help</command>
|
<command>help</command>
|
||||||
|
|
||||||
<group>
|
|
||||||
<arg choice="plain">command</arg>
|
|
||||||
</group>
|
|
||||||
</cmdsynopsis>
|
</cmdsynopsis>
|
||||||
|
|
||||||
<cmdsynopsis>
|
<cmdsynopsis>
|
||||||
@ -187,6 +183,9 @@
|
|||||||
|
|
||||||
<arg><option>-x</option></arg>
|
<arg><option>-x</option></arg>
|
||||||
|
|
||||||
|
<arg><option>-t</option>
|
||||||
|
{<option>filter</option>|<option>mangle</option>|<option>nat</option>}</arg>
|
||||||
|
|
||||||
<arg rep="repeat">chain</arg>
|
<arg rep="repeat">chain</arg>
|
||||||
</cmdsynopsis>
|
</cmdsynopsis>
|
||||||
|
|
||||||
@ -406,9 +405,7 @@
|
|||||||
<term><emphasis role="bold">help</emphasis></term>
|
<term><emphasis role="bold">help</emphasis></term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Displays information about a particular
|
<para>Displays a syntax summary.</para>
|
||||||
<emphasis>command</emphasis>. If no <emphasis>command</emphasis> is
|
|
||||||
given, a syntax summary is displayed.</para>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -541,6 +538,11 @@
|
|||||||
iptables and causes actual packet and byte counts to be
|
iptables and causes actual packet and byte counts to be
|
||||||
displayed. Without this option, those counts are
|
displayed. Without this option, those counts are
|
||||||
abbreviated.</para>
|
abbreviated.</para>
|
||||||
|
|
||||||
|
<para>The <emphasis role="bold">-t</emphasis> option
|
||||||
|
designates the Netfilter table to be displayed. Without that
|
||||||
|
option, the <emphasis role="bold">filter</emphasis> table is
|
||||||
|
assumed.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
@ -136,10 +136,6 @@
|
|||||||
<arg>-options</arg>
|
<arg>-options</arg>
|
||||||
|
|
||||||
<command>help</command>
|
<command>help</command>
|
||||||
|
|
||||||
<group>
|
|
||||||
<arg choice="plain">command</arg>
|
|
||||||
</group>
|
|
||||||
</cmdsynopsis>
|
</cmdsynopsis>
|
||||||
|
|
||||||
<cmdsynopsis>
|
<cmdsynopsis>
|
||||||
@ -606,9 +602,7 @@
|
|||||||
<term><emphasis role="bold">help</emphasis></term>
|
<term><emphasis role="bold">help</emphasis></term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Displays information about a particular
|
<para>Displays a syntax summary.</para>
|
||||||
<emphasis>command</emphasis>. If no <emphasis>command</emphasis> is
|
|
||||||
given, a syntax summary is displayed.</para>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user