diff --git a/Samples/Universal/rules b/Samples/Universal/rules
index 026aa2420..6d5680f0e 100644
--- a/Samples/Universal/rules
+++ b/Samples/Universal/rules
@@ -6,8 +6,8 @@
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-rules.html
#
-####################################################################################################################################################
-#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME
+###################################################################################################################################################################################
+#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ALL
#SECTION ESTABLISHED
diff --git a/Samples/one-interface/rules b/Samples/one-interface/rules
index 2315bdfe7..3dfaf2c8e 100644
--- a/Samples/one-interface/rules
+++ b/Samples/one-interface/rules
@@ -10,8 +10,8 @@
# See the file README.txt for further details.
#------------------------------------------------------------------------------------------------------------
# For information on entries in this file, type "man shorewall-rules"
-#############################################################################################################
-#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
+######################################################################################################################################################################################
+#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ALL
#SECTION ESTABLISHED
diff --git a/Samples/three-interfaces/rules b/Samples/three-interfaces/rules
index 8383d173f..1fe59b6f5 100644
--- a/Samples/three-interfaces/rules
+++ b/Samples/three-interfaces/rules
@@ -10,8 +10,8 @@
# See the file README.txt for further details.
#------------------------------------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-rules"
-#############################################################################################################
-#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
+######################################################################################################################################################################################
+#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ALL
#SECTION ESTABLISHED
diff --git a/Samples/two-interfaces/rules b/Samples/two-interfaces/rules
index 28fe38462..f6d39320f 100644
--- a/Samples/two-interfaces/rules
+++ b/Samples/two-interfaces/rules
@@ -10,8 +10,8 @@
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-rules"
-#############################################################################################################
-#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
+######################################################################################################################################################################################
+#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ALL
#SECTION ESTABLISHED
diff --git a/Samples6/Universal/rules b/Samples6/Universal/rules
index 026aa2420..5ae7cfbad 100644
--- a/Samples6/Universal/rules
+++ b/Samples6/Universal/rules
@@ -6,8 +6,8 @@
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-rules.html
#
-####################################################################################################################################################
-#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME
+###########################################################################################################################################################################
+#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ALL
#SECTION ESTABLISHED
diff --git a/Samples6/one-interface/rules b/Samples6/one-interface/rules
index 57a2365cb..e051f8e01 100644
--- a/Samples6/one-interface/rules
+++ b/Samples6/one-interface/rules
@@ -10,8 +10,8 @@
# See the file README.txt for further details.
#------------------------------------------------------------------------------------------------------------
# For information on entries in this file, type "man shorewall6-rules"
-#############################################################################################################
-#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
+###########################################################################################################################################################################
+#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ALL
#SECTION ESTABLISHED
diff --git a/Samples6/three-interfaces/rules b/Samples6/three-interfaces/rules
index 6a55c7231..a8a8d2979 100644
--- a/Samples6/three-interfaces/rules
+++ b/Samples6/three-interfaces/rules
@@ -10,8 +10,8 @@
# See the file README.txt for further details.
#------------------------------------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall6-rules"
-#############################################################################################################
-#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
+###########################################################################################################################################################################
+#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ALL
#SECTION ESTABLISHED
diff --git a/Samples6/two-interfaces/rules b/Samples6/two-interfaces/rules
index 6091118e6..2e95245eb 100644
--- a/Samples6/two-interfaces/rules
+++ b/Samples6/two-interfaces/rules
@@ -10,8 +10,8 @@
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall6-rules"
-#############################################################################################################
-#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
+###########################################################################################################################################################################
+#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ALL
#SECTION ESTABLISHED
diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml
index 91abb1967..1bdb5b762 100644
--- a/docs/configuration_file_basics.xml
+++ b/docs/configuration_file_basics.xml
@@ -18,7 +18,7 @@
- 2001-2010
+ 2001-2011
Thomas M. Eastep
@@ -1624,7 +1624,7 @@ DNAT net loc:192.168.1.3 tcp 4000:4100
above.
-
+
Switches
There are times when you would like to enable or disable one or more
@@ -1640,9 +1640,9 @@ DNAT net loc:192.168.1.3 tcp 4000:4100
Support requires that you install xtables-addons.
The SWITCH column contains the name of a
- switch. Each switch that is normally initially in
- the off position. You can turn on the switch condition named
- switch1 by:
+ switch. Each switch that is initially in the
+ off position. You can turn on the switch
+ named switch1 by:
echo 1 >
@@ -1657,9 +1657,10 @@ DNAT net loc:192.168.1.3 tcp 4000:4100
If you simply include the switch name in the SWITCH column, then the
- rule is enabled only when the switch is on. If you precede the switch name
- with ! (e.g., !switch1), then the rule is enabled only when the switch is
- off.
+ rule is enabled only when the switch is on. If you precede the switch name with ! (e.g.,
+ !switch1), then the rule is enabled only when the switch is off.
The shorewall restart command resets all
@@ -1667,7 +1668,19 @@ DNAT net loc:192.168.1.3 tcp 4000:4100
Shorewall requires that switch names begin with a letter and be
- composed of letters, digits, underscore ('_') or hyphen ('-').
+ composed of letters, digits, underscore ('_') or hyphen ('-'). Multiple
+ rules can be controlled by the same switch.
+
+ Example:
+
+
+ Forward port 80 to dmz host $BACKUP if switch 'primary_down' is
+ on.
+
+ #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
+# PORT(S) PORT(S) DEST LIMIT GROUP
+DNAT net dmz:$BACKUP tcp 80 - - - - - - - - primary_down
+
diff --git a/manpages6/shorewall6-rules.xml b/manpages6/shorewall6-rules.xml
index 33ca3784f..f4715fc8a 100644
--- a/manpages6/shorewall6-rules.xml
+++ b/manpages6/shorewall6-rules.xml
@@ -1184,10 +1184,10 @@
Example 6:
- Forward port 80 to dmz host $BACKUP if condition
- 'primary_down' is set.
+ Forward port 80 to dmz host $BACKUP if switch 'primary_down'
+ is set.
- #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS CONDITION
+ #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
# PORT(S) PORT(S) DEST LIMIT GROUP
DNAT net dmz:$BACKUP tcp 80 - - - - - - - - primary_down