diff --git a/Shorewall-docs/shorewall_extension_scripts.htm b/Shorewall-docs/shorewall_extension_scripts.htm
deleted file mode 100644
index 96fcbf33a..000000000
--- a/Shorewall-docs/shorewall_extension_scripts.htm
+++ /dev/null
@@ -1,89 +0,0 @@
-
-
-
-
-
-
-
- Shorewall Extension Scripts
-
-
-Extension Scripts
-
-Extension scripts are user-provided scripts that are invoked at
-various points during firewall start, restart, stop and clear. The
-scripts are placed in /etc/shorewall and are processed using the Bourne
-shell "source" mechanism.
-
-Caution:
-
-
- - Be sure that you actually need to use an
-extension script to do what you want. Shorewall has a wide range of
-features
-that cover most requirements.
- - DO NOT SIMPLY COPY RULES THAT YOU FIND
-ON THE NET INTO AN EXTENSION SCRIPT AND EXPECT THEM TO WORK AND TO NOT
-BREAK SHOREWALL. TO USE SHOREWALL EXTENSION SCRIPTS YOU MUST KNOW WHAT
-YOU ARE
-DOING WITH RESPECT TO iptables/Netfilter
-
-The following scripts can be supplied:
-
- - init -- invoked early in "shorewall start" and "shorewall restart"
- - start -- invoked after the firewall has been started or restarted.
- - stop -- invoked as a first step when the firewall is being
-stopped.
- - stopped -- invoked after the firewall has been stopped.
- - clear -- invoked after the firewall has been cleared.
- - refresh -- invoked while the firewall is being refreshed but
-before the common and/or blacklst chains have been rebuilt.
- - newnotsyn (added in version 1.3.6) -- invoked after the
-'newnotsyn' chain has been created but before any rules have been added
-to it.
-
-If your version of Shorewall doesn't have the file that you
-want to use from the above list, you can simply create the file
-yourself.
- You can also supply a script with the same name as any of the
-filter chains in the firewall and the script will be invoked after the
-/etc/shorewall/rules file has been processed but before the
-/etc/shorewall/policy file has been processed.
-The /etc/shorewall/common file receives special treatment. If this
-file is present, the rules that it defines will totally replace the
-default rules in the common chain. These default rules are contained in
-the file /etc/shorewall/common.def which may be used as a starting
-point for making your own customized file.
- Rather than running iptables directly, you should run it using the
-function run_iptables. Similarly, rather than running "ip" directly,
-you should use run_ip. These functions accept the same arguments as the
-underlying command but cause the firewall to be stopped if an error
-occurs during
-processing of the command.
- If you decide to create /etc/shorewall/common it is a good idea to
-use the following technique
- /etc/shorewall/common:
-
- . /etc/shorewall/common.def
<add your rules here>
-
-If you need to supercede a rule in the released common.def file, you
-can add the superceding rule before the '.' command. Using this
-technique allows you to add new rules while still getting the benefit
-of the latest common.def file.
-Remember that /etc/shorewall/common defines rules that are only
-applied if the applicable policy is DROP or REJECT. These rules are NOT
-applied if the policy is ACCEPT or CONTINUE
-
-
-Last updated 6/30/2003 - Tom Eastep
-Copyright 2002,
-2003 Thomas M. Eastep
-
-
-
-
-
-
-
diff --git a/Shorewall-docs/shorewall_extension_scripts.xml b/Shorewall-docs/shorewall_extension_scripts.xml
new file mode 100755
index 000000000..906279d24
--- /dev/null
+++ b/Shorewall-docs/shorewall_extension_scripts.xml
@@ -0,0 +1,129 @@
+
+
+
+
+
+
+ Extension Scripts
+
+
+
+ Tom
+
+ Eastep
+
+
+
+ 2003-06-30
+
+
+ 2001
+
+ 2002
+
+ 2003
+
+ Thomas M. Eastep
+
+
+
+ Permission is granted to copy, distribute and/or modify this
+ document under the terms of the GNU Free Documentation License, Version
+ 1.2 or any later version published by the Free Software Foundation; with
+ no Invariant Sections, with no Front-Cover, and with no Back-Cover
+ Texts. A copy of the license is included in the section entitled
+ GNU Free Documentation License
.
+
+
+
+ Extension scripts are user-provided scripts that are invoked at
+ various points during firewall start, restart, stop and clear. The scripts
+ are placed in /etc/shorewall and are processed using the Bourne shell
+ "source" mechanism.
+
+
+
+
+ Be sure that you actually need to use an extension script to do
+ what you want. Shorewall has a wide range of features that cover most
+ requirements.
+
+
+
+ DO NOT SIMPLY COPY RULES THAT YOU FIND ON THE NET INTO AN
+ EXTENSION SCRIPT AND EXPECT THEM TO WORK AND TO NOT BREAK SHOREWALL.
+ TO USE SHOREWALL EXTENSION SCRIPTS YOU MUST KNOW WHAT YOU ARE DOING
+ WITH RESPECT TO iptables/Netfilter
+
+
+
+
+ The following scripts can be supplied:
+
+
+
+ init -- invoked early in "shorewall start" and
+ "shorewall restart"
+
+
+
+ start -- invoked after the firewall has been started or restarted.
+
+
+
+
+ stop -- invoked as a first step when the firewall is being
+ stopped.
+
+
+
+ stopped -- invoked after the firewall has been stopped.
+
+
+
+ clear -- invoked after the firewall has been cleared.
+
+
+
+ refresh -- invoked while the firewall is being refreshed but
+ before the common and/or blacklst chains have been rebuilt.
+
+
+
+ newnotsyn (added in version 1.3.6) -- invoked after the
+ 'newnotsyn' chain has been created but before any rules have
+ been added to it.
+
+
+
+ If your version of Shorewall doesn't have
+ the file that you want to use from the above list, you can simply create the
+ file yourself. You can also supply a script with the same name as
+ any of the filter chains in the firewall and the script will be invoked
+ after the /etc/shorewall/rules file has been processed but before the
+ /etc/shorewall/policy file has been processed. The /etc/shorewall/common
+ file receives special treatment. If this file is present, the rules that it
+ defines will totally replace the default rules in the common chain. These
+ default rules are contained in the file /etc/shorewall/common.def which may
+ be used as a starting point for making your own customized file. Rather than
+ running iptables directly, you should run it using the function
+ run_iptables. Similarly, rather than running "ip" directly, you
+ should use run_ip. These functions accept the same arguments as the
+ underlying command but cause the firewall to be stopped if an error occurs
+ during processing of the command. If you decide to create
+ /etc/shorewall/common it is a good idea to use the following technique.
+
+ /etc/shorewall/common:
+
+ . /etc/shorewall/common.def
+ <add your rules here>
+
+
+ If you need to supercede a rule in the released common.def file, you
+ can add the superceding rule before the '.' command. Using this
+ technique allows you to add new rules while still getting the benefit of the
+ latest common.def file. Remember that /etc/shorewall/common defines rules
+ that are only applied if the applicable policy is DROP or REJECT. These
+ rules are NOT applied if the policy is ACCEPT or CONTINUE
+
\ No newline at end of file