diff --git a/manpages6/shorewall6-ecn.xml b/manpages6/shorewall6-ecn.xml
deleted file mode 100644
index 2f8dfa925..000000000
--- a/manpages6/shorewall6-ecn.xml
+++ /dev/null
@@ -1,74 +0,0 @@
-
-
-
-
- shorewall6-ecn
-
- 5
-
-
-
- ecn
-
- shorewall6 ECN file
-
-
-
-
- /etc/shorewall6/ecn
-
-
-
-
- Description
-
- Use this file to list the destinations for which you want to disable
- ECN (Explicit Congestion Notification).
-
- The columns in the file are as follows.
-
-
-
- INTERFACE -
- interface
-
-
- Interface through which host(s) communicate with the
- firewall
-
-
-
-
- HOST(S) (Optional) - [-|address-or-address-range[,address-or-address-range]...]
-
-
- Comma-separated list of host and/or network addresses. If left
- empty or supplied as "-", ::/0 is assumed. If your kernel and
- ip6tables include iprange match support then IP address ranges are
- also permitted.
-
-
-
-
-
-
- FILES
-
- /etc/shorewall6/ecn
-
-
-
- See ALSO
-
- shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
- shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
- shorewall6-maclist(5), shorewall6-params(5), shorewall6-policy(5),
- shorewall6-providers(5), shorewall6-route_rules(5),
- shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
- shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),
- shorewall6-tos(5), shorewall6-tunnels(5), shorewall-zones(5)
-
-
diff --git a/manpages6/shorewall6-params.xml b/manpages6/shorewall6-params.xml
index ded58b474..798a9724f 100644
--- a/manpages6/shorewall6-params.xml
+++ b/manpages6/shorewall6-params.xml
@@ -32,20 +32,19 @@
Example params file:NET_IF=eth0
-NET_BCAST=130.252.100.255
-NET_OPTIONS=routefilter,norfc1918
+NET_OPTIONS=dhcp,nosmurfs
Example shorewall6-interfaces(5)
file.ZONE INTERFACE BROADCAST OPTIONS
-net $NET_IF $NET_BCAST $NET_OPTIONS
+net $NET_IF - $NET_OPTIONS
This is the same as if the interfaces file had contained:ZONE INTERFACE BROADCAST OPTIONS
-net eth0 130.252.100.255 routefilter,norfc1918
+net eth0 - dhcp,nosmurfs
@@ -62,11 +61,10 @@ net eth0 130.252.100.255 routefilter,norfc1918
shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
- shorewall6-ipsec(5), shorewall6-maclist(5), shorewall6-masq(5),
- shorewall6-nat(5), shorewall6-netmap(5), shorewall6-policy(5),
- shorewall6-providers(5), shorewall6-proxyarp(5), shorewall6-route_rules(5),
- shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
- shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),
- shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)
+ shorewall6-maclist(5), shorewall6-policy(5), shorewall6-providers(5),
+ shorewall6-route_rules(5), shorewall6-routestopped(5),
+ shorewall6-rules(5), shorewall6.conf(5), shorewall6-tcclasses(5),
+ shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5),
+ shorewall6-tunnels(5), shorewall6-zones(5)
diff --git a/manpages6/shorewall6-policy.xml b/manpages6/shorewall6-policy.xml
index 1f4539967..2b7f9727c 100644
--- a/manpages6/shorewall6-policy.xml
+++ b/manpages6/shorewall6-policy.xml
@@ -3,7 +3,7 @@
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
- shorewall-policy
+ shorewall6-policy5
@@ -11,12 +11,12 @@
policy
- Shorewall policy file
+ shorewall6 policy file
- /etc/shorewall/policy
+ /etc/shorewall6/policy
@@ -25,13 +25,13 @@
This file defines the high-level policy for connections between
zones defined in shorewall-zones(5).
+ url="shorewall6-zones.html">shorewall6-zones(5).
The order of entries in this file is importantThis file determines what to do with a new connection request if
- we don't get a match from the /etc/shorewall/rules file . For each
+ we don't get a match from the /etc/shorewall6/rules file . For each
source/destination pair, the file is processed in order until a match is
found ("all" will match any client or server).
@@ -39,13 +39,13 @@
Intra-zone policies are pre-defined
- For $FW and for all of the zones defined in /etc/shorewall/zones,
+ For $FW and for all of the zones defined in /etc/shorewall6/zones,
the POLICY for connections from the zone to itself is ACCEPT (with no
logging or TCP connection rate limiting but may be overridden by an
entry in this file. The overriding entry must be explicit (cannot use
"all" in the SOURCE or DEST).
- Similarly, if you have IMPLICIT_CONTINUE=Yes in shorewall.conf,
+ Similarly, if you have IMPLICIT_CONTINUE=Yes in shorewall6.conf,
then the implicit policy to/from any sub-zone is CONTINUE. These
implicit CONTINUE policies may also be overridden by an explicit entry
in this file.
@@ -61,7 +61,7 @@
Source zone. Must be the name of a zone defined in shorewall-zones(5), $FW or
+ url="shorewall6-zones.html">shorewall6-zones(5), $FW or
"all".
@@ -73,10 +73,10 @@
Destination zone. Must be the name of a zone defined in shorewall-zones(5), $FW or "all".
- If the DEST is a bport zone, then the SOURCE must be "all", another
- bport zone associated with the same bridge, or it must be an ipv4
- zone that is associated with only the same bridge.
+ url="shorewall6-zones.html">shorewall6-zones(5), $FW or
+ "all". If the DEST is a bport zone, then the SOURCE must be "all",
+ another bport zone associated with the same bridge, or it must be an
+ ipv6 zone that is associated with only the same bridge.
@@ -102,13 +102,13 @@
The word "None" or "none". This causes any default action
defined in shorewall.conf(5) to be
+ url="shorewall6.conf.html">shorewall6.conf(5) to be
omitted for this policy.The name of an action (requires that USE_ACTIONS=Yes in
- shorewall.conf(5)).
+ shorewall6.conf(5)).
That action will be invoked before the policy is
enforced.
@@ -165,7 +165,7 @@
NFQUEUE
- Added in Shorewall-perl 4.0.3. Queue the request for a
+ Added in shorewall6-perl 4.0.3. Queue the request for a
user-space application using the nfnetlink_queue mechanism. If
a queuenumber is not given, queue
zero (0) is assumed.
@@ -180,8 +180,8 @@
might also match (where the source or destination zone in
those rules is a superset of the SOURCE or DEST in this
policy). See shorewall-nesting(5) for
- additional information.
+ url="shorewall6-nesting.html">shorewall6-nesting(5)
+ for additional information.
@@ -190,9 +190,9 @@
Assume that there will never be any packets from this
- SOURCE to this DEST. Shorewall will not create any
+ SOURCE to this DEST. shorewall6 will not create any
infrastructure to handle such packets and you may not have any
- rules with this SOURCE and DEST in the /etc/shorewall/rules
+ rules with this SOURCE and DEST in the /etc/shorewall6/rules
file. If such a packet is
received, the result is undefined. NONE may not be used if the
SOURCE or DEST columns contain the firewall zone ($FW) or
@@ -243,8 +243,8 @@
limit[:mask]
- Added in Shorewall-perl 4.2.1. May be used to limit the number
- of simultaneous connections from each individual host to
+ Added in shorewall6-perl 4.2.1. May be used to limit the
+ number of simultaneous connections from each individual host to
limit connections. While the limit is
only checked on connections to which this policy could apply, the
number of current connections is calculated over all current
@@ -293,20 +293,20 @@
FILES
- /etc/shorewall/policy
+ /etc/shorewall6/policySee ALSO
- shorewall(8), shorewall-accounting(5), shorewall-actions(5),
- shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
- shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
- shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
- shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
- shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5),
- shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
- shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
- shorewall-zones(5)
+ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
+ shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
+ shorewall6-ipsec(5), shorewall6-maclist(5), shorewall6-masq(5),
+ shorewall6-nat(5), shorewall6-netmap(5), shorewall6-params(5),
+ shorewall6-policy(5), shorewall6-providers(5), shorewall6-proxyarp(5),
+ shorewall6-route_rules(5), shorewall6-routestopped(5),
+ shorewall6-rules(5), shorewall6.conf(5), shorewall6-tcclasses(5),
+ shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5),
+ shorewall6-tunnels(5), shorewall6-zones(5)
diff --git a/manpages6/shorewall6-providers.xml b/manpages6/shorewall6-providers.xml
index 4c23394f1..37082680d 100644
--- a/manpages6/shorewall6-providers.xml
+++ b/manpages6/shorewall6-providers.xml
@@ -1,7 +1,9 @@
+
- shorewall-providers
+ shorewall6-providers5
@@ -9,12 +11,12 @@
providers
- Shorewall Providers file
+ Shorewall6 Providers file
- /etc/shorewall/providers
+ /etc/shorewall6/providers
@@ -75,15 +77,15 @@
A FWMARK value used in your shorewall-tcrules(5) file to
+ url="shorewall6-tcrules.html">shorewall6-tcrules(5) file to
direct packets to this provider.If HIGH_ROUTE_MARKS=Yes in shorewall.conf(5), then the value
- must be a multiple of 256 between 256 and 65280 or their hexadecimal
- equivalents (0x0100 and 0xff00 with the low-order byte of the value
- being zero). Otherwise, the value must be between 1 and 255. Each
- provider must be assigned a unique mark value.
+ url="shorewall6.conf.html">shorewall6.conf(5), then the
+ value must be a multiple of 256 between 256 and 65280 or their
+ hexadecimal equivalents (0x0100 and 0xff00 with the low-order byte
+ of the value being zero). Otherwise, the value must be between 1 and
+ 255. Each provider must be assigned a unique mark value.
@@ -97,23 +99,18 @@
previously listed provider. You may select only certain entries from
the table to copy by using the COPY column below. This column should
contain a dash ("-') when USE_DEFAULT_RT=Yes in shorewall.conf(5).
+ url="shorewall6.conf.html">shorewall6.conf(5).
INTERFACE -
- interface[:address]
+ interfaceThe name of the network interface to the provider. Must be
listed in shorewall-interfaces(5).
-
- Where more than one provider is serviced through a single
- interface, the interface must be followed by a
- colon and the IP address of the interface that
- is supplied by the associated provider.
+ url="shorewall6-interfaces.html">shorewall6-interfaces(5).
@@ -125,7 +122,7 @@
The IP address of the provider's gateway router.
- You can enter "detect" here and Shorewall will attempt to
+ You can enter "detect" here and Shorewall6 will attempt to
detect the gateway automatically.For PPP devices, you may omit this column.
@@ -177,7 +174,7 @@
loose
- Shorewall normally adds a routing rule for each IP
+ Shorewall6 normally adds a routing rule for each IP
address on an interface which forces traffic whose source is
that IP address to be sent using the routing table for that
interface. Setting prevents creation of
@@ -193,7 +190,7 @@
and configured with an IPv4 address then ignore this provider.
If not specified, the value of the
option for the INTERFACE in shorewall-interfaces(5)
+ url="shorewall6-interfaces.html">shorewall6-interfaces(5)
is assumed.
@@ -202,13 +199,13 @@
src=source-address
- Added in Shorewall-perl 4.1.5. Specifies the source
- address to use when routing to this provider and none is known
- (the local client has bound to the 0 address). May not be
- specified when an address is given
- in the INTERFACE column. If this option is not used, Shorewall
- substitutes the primary IP address on the interface named in
- the INTERFACE column.
+ Specifies the source address to use when routing to this
+ provider and none is known (the local client has bound to the
+ 0 address). May not be specified when an
+ address is given in the INTERFACE
+ column. If this option is not used, Shorewall6 substitutes the
+ primary IP address on the interface named in the INTERFACE
+ column.
@@ -216,9 +213,9 @@
mtu=number
- Added in Shorewall-perl 4.1.5. Specifies the MTU when
- forwarding through this provider. If not given, the MTU of the
- interface named in the INTERFACE column is assumed.
+ Specifies the MTU when forwarding through this provider.
+ If not given, the MTU of the interface named in the INTERFACE
+ column is assumed.
@@ -250,11 +247,11 @@
Example 1:
- You run squid in your DMZ on IP address 192.168.2.99. Your DMZ
- interface is eth2
+ You run squid in your DMZ on IP address 2002:ce7c:92b4:1::2.
+ Your DMZ interface is eth2
- #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS
- Squid 1 1 - eth2 192.168.2.99 -
+ #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS
+ Squid 1 1 - eth2 2002:ce7c:92b4:1::2 -
@@ -262,19 +259,17 @@
Example 2:
- eth0 connects to ISP 1. The IP address of eth0 is
- 206.124.146.176 and the ISP's gateway router has IP address
- 206.124.146.254.
+ eth0 connects to ISP 1. The ISP's gateway router has IP
+ address 2001:ce7c:92b4:1::2.
- eth1 connects to ISP 2. The IP address of eth1 is
- 130.252.99.27 and the ISP's gateway router has IP address
- 130.252.99.254.
+ eth1 connects to ISP 2. The ISP's gateway router has IP
+ address 2001:d64c:83c9:12::8b.eth2 connects to a local network.
- #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
- ISP1 1 1 main eth0 206.124.146.254 track,balance eth2
- ISP2 2 2 main eth1 130.252.99.254 track,balance eth2
+ #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
+ ISP1 1 1 main eth0 2001:ce7c:92b4:1::2 track,balance eth2
+ ISP2 2 2 main eth1 2001:d64c:83c9:12::8b track,balance eth2
@@ -283,22 +278,21 @@
FILES
- /etc/shorewall/providers
+ /etc/shorewall6/providersSee ALSOhttp://shorewall.net/MultiISP.html
+ url="http://shorewall6.net/MultiISP.html">http://shorewall.net/MultiISP.html
- shorewall(8), shorewall-accounting(5), shorewall-actions(5),
- shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
- shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
- shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
- shorewall-policy(5), shorewall-proxyarp(5), shorewall-route_rules(5),
- shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
- shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
- shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)
+ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
+ shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
+ shorewall6-maclist(5), shorewall6-params(5), shorewall6-policy(5),
+ shorewall6-route_rules(5), shorewall6-routestopped(5),
+ shorewall6-rules(5), shorewall6.conf(5), shorewall6-tcclasses(5),
+ shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5),
+ shorewall6-tunnels(5), shorewall6-zones(5)
-
\ No newline at end of file
+
diff --git a/manpages6/shorewall6-route_rules.xml b/manpages6/shorewall6-route_rules.xml
index 97e7cf247..115487742 100644
--- a/manpages6/shorewall6-route_rules.xml
+++ b/manpages6/shorewall6-route_rules.xml
@@ -1,7 +1,9 @@
+
- shorewall-route_rules
+ shorewall6-route_rules5
@@ -9,12 +11,12 @@
route_rules
- Shorewall Routing Rules file
+ Shorewall6 Routing Rules file
- /etc/shorewall/route_rules
+ /etc/shorewall6/route_rules
@@ -23,7 +25,7 @@
Entries in this file cause traffic to be routed to one of the
providers listed in shorewall-providers(5).
+ url="shorewall6-providers.html">shorewall6-providers(5).
The columns in the file are as follows.
@@ -87,7 +89,7 @@
1000-1999
- Before Shorewall-generated 'MARK' rules
+ Before Shorewall6-generated 'MARK' rules
@@ -95,7 +97,7 @@
11000-11999
- After 'MARK' rules but before Shorewall-generated rules
+ After 'MARK' rules but before Shorewall6-generated rules
for ISP interfaces.
@@ -127,23 +129,6 @@
#SOURCE DEST PROVIDER PRIORITY
eth1 - ISP1 1000
-
-
-
-
-
- Example 2:
-
-
- You use OpenVPN (routed setup /tunX) in combination with
- multiple providers. In this case you have to set up a rule to ensure
- that the OpenVPN traffic is routed back through the tunX
- interface(s) rather than through any of the providers. 10.8.0.0/24
- is the subnet chosen in your OpenVPN configuration (server 10.8.0.0
- 255.255.255.0).
-
- #SOURCE DEST PROVIDER PRIORITY
- - 10.8.0.0/24 main 1000
@@ -153,7 +138,7 @@
FILES
- /etc/shorewall/route_rules
+ /etc/shorewall6/route_rules
@@ -162,13 +147,12 @@
http://shorewall.net/MultiISP.html
- shorewall(8), shorewall-accounting(5), shorewall-actions(5),
- shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
- shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
- shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
- shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
- shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
- shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
- shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)
+ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
+ shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
+ shorewall6-maclist(5), shorewall6-params(5), shorewall6-policy(5),
+ shorewall6-providers(5), shorewall6-routestopped(5), shorewall6-rules(5),
+ shorewall6.conf(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),
+ shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5),
+ shorewall6-zones(5)
-
\ No newline at end of file
+
diff --git a/manpages6/shorewall6-routestopped.xml b/manpages6/shorewall6-routestopped.xml
index ea9366916..d2dc1e692 100644
--- a/manpages6/shorewall6-routestopped.xml
+++ b/manpages6/shorewall6-routestopped.xml
@@ -1,7 +1,9 @@
+
- shorewall-routestopped
+ shorewall6-routestopped5
@@ -9,13 +11,13 @@
routestopped
- The Shorewall file that governs what traffic flows through the
- firewall while it is in 'stopped' state.
+ The Shorewall6 file that governs what traffic flows through
+ the firewall while it is in 'stopped' state.
- /etc/shorewall/routestopped
+ /etc/shorewall6/routestopped
@@ -23,7 +25,7 @@
DescriptionThis file is used to define the hosts that are accessible when the
- firewall is stopped or is being stopped. When shorewall-shell is being
+ firewall is stopped or is being stopped. When shorewall6-shell is being
used, the file also determines those hosts that are accessible when the
firewall is in the process of being [re]started.
@@ -136,7 +138,7 @@
The source and dest options work best when used in conjunction
with ADMINISABSENTMINDED=Yes in shorewall.conf(5).
+ url="shorewall6.conf.html">shorewall6.conf(5).
@@ -149,8 +151,8 @@
#INTERFACE HOST(S) OPTIONS
- eth2 192.168.1.0/24
- eth0 192.0.2.44
+ eth2 2002:ce7c:92b4::/64
+ eth0 2002:ce7c:92b4:1::/64
br0 - routeback
eth3 - source
@@ -161,22 +163,21 @@
FILES
- /etc/shorewall/routestopped
+ /etc/shorewall6/routestoppedSee ALSOhttp://shorewall.net/starting_and_stopping_shorewall.htm
+ url="http://shorewall.net/starting_and_stopping_shorewall6.htm">http://shorewall.net/starting_and_stopping_shorewall6.htm
- shorewall(8), shorewall-accounting(5), shorewall-actions(5),
- shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
- shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
- shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
- shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
- shorewall-route_rules(5), shorewall-rules(5), shorewall.conf(5),
- shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
- shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)
+ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
+ shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
+ shorewall6-maclist(5), shorewall6-params(5), shorewall6-policy(5),
+ shorewall6-providers(5), shorewall6-route_rules(5), shorewall6-rules(5),
+ shorewall6.conf(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),
+ shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5),
+ shorewall6-zones(5)
-
\ No newline at end of file
+
diff --git a/manpages6/shorewall6-rules.xml b/manpages6/shorewall6-rules.xml
index 509c61175..5fd08fb1c 100644
--- a/manpages6/shorewall6-rules.xml
+++ b/manpages6/shorewall6-rules.xml
@@ -3,7 +3,7 @@
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
- shorewall-rules
+ shorewall6-rules5
@@ -11,12 +11,12 @@
rules
- Shorewall rules file
+ Shorewall6 rules file
- /etc/shorewall/rules
+ /etc/shorewall6/rules
@@ -25,7 +25,7 @@
Entries in this file govern connection establishment by defining
exceptions to the policies layed out in shorewall-policy(5). By default,
+ url="shorewall6-policy.html">shorewall6-policy(5). By default,
subsequent requests and responses are automatically allowed using
connection tracking. For any particular (source,dest) pair of zones, the
rules are evaluated in the order in which they appear in this file and the
@@ -97,7 +97,7 @@
If you specify FASTACCEPT=Yes in shorewall.conf(5) then the shorewall6.conf(5) then the ESTABLISHED and RELATED sections must be empty.
@@ -188,7 +188,7 @@
like ACCEPT but exempts the rule from being suppressed
by OPTIMIZE=1 in shorewall.conf(5).
+ url="shorewall6.conf.html">shorewall6.conf(5).
@@ -217,7 +217,7 @@
like DROP but exempts the rule from being suppressed by
OPTIMIZE=1 in shorewall.conf(5).
+ url="shorewall6.conf.html">shorewall6.conf(5).
@@ -236,7 +236,7 @@
like REJECT but exempts the rule from being suppressed
by OPTIMIZE=1 in shorewall.conf(5).
+ url="shorewall6.conf.html">shorewall6.conf(5).
@@ -319,12 +319,12 @@
Do not process any of the following rules for this
(source zone,destination zone). If the source and/or
destination IP address falls into a zone defined later in
- shorewall-zones(5)
+ shorewall6-zones(5)
or in a parent zone of the source or destination zones, then
this connection request will be passed to the rules defined
for that (those) zone(s). See shorewall-nesting(5) for
- additional information.
+ url="shorewall6-nesting.html">shorewall6-nesting(5)
+ for additional information.
@@ -334,7 +334,7 @@
like CONTINUE but exempts the rule from being suppressed
by OPTIMIZE=1 in shorewall.conf(5).
+ url="shorewall6.conf.html">shorewall6.conf(5).
@@ -363,7 +363,7 @@
like QUEUE but exempts the rule from being suppressed by
OPTIMIZE=1 in shorewall.conf(5).
+ url="shorewall6.conf.html">shorewall6.conf(5).
@@ -371,7 +371,7 @@
NFQUEUE
- Only supported by Shorewall-perl >= 4.0.3.
+ Only supported by Shorewall6-perl >= 4.0.3.Queues the packet to a user-space application using the
nfnetlink_queue mechanism. If a
@@ -386,7 +386,7 @@
like NFQUEUE but exempts the rule from being suppressed
by OPTIMIZE=1 in shorewall.conf(5).
+ url="shorewall6.conf.html">shorewall6.conf(5).
@@ -397,9 +397,9 @@
the rest of the line will be attached as a comment to
the Netfilter rule(s) generated by the following entries. The
comment will appear delimited by "/* ... */" in the output of
- "shorewall show <chain>". To stop the comment from being
- attached to further rules, simply include COMMENT on a line by
- itself.
+ "shorewall6 show <chain>". To stop the comment from
+ being attached to further rules, simply include COMMENT on a
+ line by itself.
@@ -409,8 +409,8 @@
The name of an action declared in
shorewall-actions(5) or
- in /usr/share/shorewall/actions.std.
+ url="shorewall6-actions.html">shorewall6-actions(5) or
+ in /usr/share/shorewall6/actions.std.
@@ -452,8 +452,8 @@
If the ACTION names an
action declared in shorewall-actions(5) or in
- /usr/share/shorewall/actions.std then:
+ url="shorewall6-actions.html">shorewall6-actions(5) or in
+ /usr/share/shorewall6/actions.std then:
@@ -482,7 +482,7 @@
Actions specifying logging may be followed by a log tag (a
string of alphanumeric characters) which is appended to the string
generated by the LOGPREFIX (in shorewall.conf(5)).
+ url="shorewall6.conf.html">shorewall6.conf(5)).
Example: ACCEPT:info:ftp would include 'ftp ' at the end of
the log prefix generated by the LOGPREFIX setting.
@@ -497,12 +497,12 @@
role="bold">+][-]}[:interface][:{address-or-range[,address-or-range]...[exclusion]|exclusion|:{address-or-range[,address-or-range]...[exclusion]|exclusion|+ipset}
Source hosts to which the rule applies. May be a zone declared
- in /etc/shorewall/zones, $FW to
+ in /etc/shorewall6/zones, $FW to
indicate the firewall itself, all,
all+, all-, all+-
@@ -542,24 +542,24 @@
You may exclude certain hosts from the set already defined
through use of an exclusion (see shorewall-exclusion(5)).
+ url="shorewall6-exclusion.html">shorewall6-exclusion(5)).Examples:
- dmz:192.168.2.2
+ dmz:2002:ce7c:92b4:1::2
- Host 192.168.2.2 in the DMZ
+ Host 2002:ce7c:92b4:1::2 in the DMZ
- net:155.186.235.0/24
+ net:2001:4d48:ad51:24:;/64
- Subnet 155.186.235.0/24 on the Internet
+ Subnet 2001:4d48:ad51:24::/64 on the Internet
@@ -581,23 +581,6 @@
-
- net:192.0.2.11-192.0.2.17
-
-
- Hosts 192.0.2.11-192.0.2.17 in the net zone.
-
-
-
-
- net:!192.0.2.11-192.0.2.17
-
-
- All hosts in the net zone except for
- 192.0.2.11-192.0.2.17.
-
-
-
net:155.186.235.0/24!155.186.235.16/28
@@ -618,7 +601,7 @@
role="bold">loc:eth1:192.168.1.5).
It is important to note that when using Shorewall-shell and specifying an
+ role="bold">using Shorewall6-shell and specifying an
address list that will be split (i.e., a comma separated list),
there is a subtle behavior which has the potential to cause
confusion. Consider the two examples below:
@@ -652,7 +635,7 @@
That is, the interface name must be explicitly stated for
each member of the comma separated list. Again, this distinction
in behavior only occurs when using
- Shorewall-shell.
+ Shorewall6-shell.
@@ -669,7 +652,7 @@
Location of Server. May be a zone declared in shorewall-zones(5), $shorewall6-zones(5), $FW to indicate the firewall itself, all. all+ or
none.
@@ -684,7 +667,7 @@
affected. When all+ is used,
intra-zone traffic is affected.
- Beginning with Shorewall 4.1.4, the
+ Beginning with Shorewall6 4.1.4, the
zone should be omitted in DNAT-,
REDIRECT- and NONAT rules.
@@ -716,15 +699,15 @@
You may exclude certain hosts from the set already defined
through use of an exclusion (see shorewall-exclusion(5)).
+ url="shorewall6-exclusion.html">shorewall6-exclusion(5)).Restrictions:1. MAC addresses are not allowed (this is a Netfilter
restriction).
- 2.Prior to Shorewall 4.1.4, only IP addresses are allowed in
- DNAT rules; no DNS names are
+ 2.Prior to Shorewall6 4.1.4, only IP addresses are allowed
+ in DNAT rules; no DNS names are
permitted. In no case may a network be specified as the
server.
@@ -768,17 +751,17 @@
- If you are using Shorewall-shell or Shorewall-perl before
+ If you are using Shorewall6-shell or Shorewall6-perl before
version 4.0.5, then the port number MUST be specified as an
- integer and not as a name from services(5). Shorewall-perl 4.0.5
+ integer and not as a name from services(5). Shorewall6-perl 4.0.5
and later permit the port to be specified as
- a service name. Additionally, Shorewall-perl 4.0.5 and later
+ a service name. Additionally, Shorewall6-perl 4.0.5 and later
permit specifying a port range in the form
lowport-highport to cause connections to be
assigned to ports in the range in round-robin fashion. When a port
range is specified, lowport and
highport must be given as integers; service
- names are not permitted. Beginning with Shorewall 4.0.6, the port
+ names are not permitted. Beginning with Shorewall6 4.0.6, the port
range may be optionally followed by :random which causes assignment to ports in
the list to be random.
@@ -848,8 +831,8 @@
contain extended multiport match support.Otherwise, unless you are using Shorewall-perl, a separate rule
- will be generated for each port. Shorewall-perl does not
+ url="../Shorewall6-perl.html">Shorewall6-perl, a separate
+ rule will be generated for each port. Shorewall6-perl does not
automatically break up lists into individual rules.
@@ -887,8 +870,8 @@
contain extended multiport match support.
Otherwise, unless you are using Shorewall-perl, a separate
- rule will be generated for each port. Shorewall-perl does not
+ url="../Shorewall6-perl.html">Shorewall6-perl, a separate
+ rule will be generated for each port. Shorewall6-perl does not
automatically break up lists into individual rules.
@@ -932,10 +915,10 @@
role="bold">192.168.1.0/24!192.168.1.16/28 specifies the
addresses 192.168.1.0-182.168.1.15 and 192.168.1.32-192.168.1.255.
See shorewall-exclusion(5).
+ url="shorewall6-exclusion.html">shorewall6-exclusion(5).
See http://shorewall.net/PortKnocking.html
+ url="../PortKnocking.html">http://shorewall6.net/PortKnocking.html
for an example of using an entry in this column with a user-defined
action rule.
@@ -1067,7 +1050,7 @@
Designates a connection mark. If omitted, the packet
mark's value is tested. This option is only supported by
- Shorewall-perl.
+ Shorewall6-perl.
@@ -1079,8 +1062,8 @@
role="bold">!]limit[:mask]
- Added in Shorewall-perl 4.2.1. May be used to limit the number
- of simultaneous connections from each individual host to
+ Added in Shorewall6-perl 4.2.1. May be used to limit the
+ number of simultaneous connections from each individual host to
limit connections. Requires connlimit
match in your kernel and iptables. While the limit is only checked
on rules specifying CONNLIMIT, the number of current connections is
@@ -1103,7 +1086,7 @@
timeelement[,timelement...]
- Added in Shorewall-perl 4.2.1. May be used to limit the rule
+ Added in Shorewall6-perl 4.2.1. May be used to limit the rule
to a particular time period each day, to particular days of the week
or month, or to a range defined by dates and times. Requires time
match support in your kernel and iptables.
@@ -1190,9 +1173,9 @@
RestrictionsUnless you are using Shorewall-perl and your
+ url="../Shorewall6-perl.html">Shorewall6-perl and your
iptables/kernel have Repeat Match support (see the
- output of shorewall show capabilities), if you specify
+ output of shorewall6 show capabilities), if you specify
a list of DEST PORT(S), then you may not specify SOURCE PORT(S) and vice
versa.
@@ -1310,29 +1293,29 @@
Example 9:
- Shorewall does not impose as much structure on the Netfilter
+ Shorewall6 does not impose as much structure on the Netfilter
rules in the 'nat' table as it does on those in the filter table. As
- a consequence, when using Shorewall versions before 4.1.4, care must
- be exercised when using DNAT and REDIRECT rules with zones defined
- with wildcard interfaces (those ending with '+'. Here is an
+ a consequence, when using Shorewall6 versions before 4.1.4, care
+ must be exercised when using DNAT and REDIRECT rules with zones
+ defined with wildcard interfaces (those ending with '+'. Here is an
example:shorewall-zones(8): #ZONE TYPE OPTIONS
+ url="shorewall6-zones.html">shorewall6-zones(8): #ZONE TYPE OPTIONS
fw firewall
net ipv4
dmz ipv4
loc ipv4shorewall-interfaces(8): #ZONE INTERFACE BROADCAST OPTIONS
+ url="shorewall6-interfaces.html">shorewall6-interfaces(8): #ZONE INTERFACE BROADCAST OPTIONS
net ppp0
loc eth1 detect
dmz eth2 detect
- ppp+ # Addresses are assigned from 192.168.3.0/24shorewall-host(8): #ZONE HOST(S) OPTIONS
+ url="shorewall6-hosts.html">shorewall6-host(8): #ZONE HOST(S) OPTIONS
loc ppp+:192.168.3.0/24rules:
@@ -1342,7 +1325,7 @@
REDIRECT loc 3128 tcp 80
Note that it would have been tempting to simply define the
- loc zone entirely in shorewall-interfaces(8):
+ loc zone entirely in shorewall6-interfaces(8):
#******************* INCORRECT *****************
#ZONE INTERFACE BROADCAST OPTIONS
@@ -1364,19 +1347,19 @@
FILES
- /etc/shorewall/rules
+ /etc/shorewall6/rulesSee ALSO
- shorewall(8), shorewall-accounting(5), shorewall-actions(5),
- shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
- shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
- shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
- shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
- shorewall-route_rules(5), shorewall-routestopped(5), shorewall.conf(5),
- shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
- shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)
+ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
+ shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
+ shorewall6-ipsec(5), shorewall6-maclist(5), shorewall6-masq(5),
+ shorewall6-nat(5), shorewall6-netmap(5), shorewall6-params(5),
+ shorewall6-policy(5), shorewall6-providers(5), shorewall6-proxyarp(5),
+ shorewall6-route_rules(5), shorewall6-routestopped(5), shorewall6.conf(5),
+ shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),
+ shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)
diff --git a/manpages6/shorewall6-tcfilters.xml b/manpages6/shorewall6-tcfilters.xml
deleted file mode 100644
index 461e8f0c4..000000000
--- a/manpages6/shorewall6-tcfilters.xml
+++ /dev/null
@@ -1,158 +0,0 @@
-
-
-
- shorewall-tcfilters
-
- 5
-
-
-
- tcfilters
-
- Shorewall u32 classifier rules file
-
-
-
-
- /etc/shorewall/tcfilters
-
-
-
-
- Description
-
- Entries in this file cause packets to be classified for traffic
- shaping.
-
- The columns in the file are as follows.
-
-
-
- CLASS -
- interface:class
-
-
- The name or number of an interface
- defined in shorewall-tcdevices(5)
- followed by a class number defined for
- that interface in shorewall-tcclasses(5).
-
-
-
-
- SOURCE - {-|address}
-
-
- Source of the packet. May be a host or network
- address. DNS names are not
- allowed.
-
-
-
-
- DEST - {-|address}}
-
-
- Destination of the packet. Comma separated list of IP
- addresses and/or subnets. If your kernel and iptables include
- iprange match support, IP address ranges are also allowed. List
- elements may also consist of an interface name followed by ":" and
- an address (e.g., eth1:192.168.1.0/24). If the MARK column specificies a classification of
- the form major:minor then
- this column may also contain an interface name.
-
- You may exclude certain hosts from the set already defined
- through use of an exclusion (see shorewall-exclusion(5)).
-
-
-
-
- PROTO - {-|protocol-number|protocol-name|all}
-
-
- Protocol.
-
-
-
-
- DEST PORT (Optional) -
- [-|port-name-or-number]
-
-
- Destination Ports. A Port name (from services(5)) or a
- port number; if the protocol is icmp, this column is interpreted as the
- destination icmp-type(s).
-
-
-
-
- SOURCE PORT (Optional) -
- [-|port-name-or-number]
-
-
- Source port.
-
-
-
-
-
-
- Example
-
-
-
- Example 1:
-
-
- Place all ICMP echo traffic on interface 1 in class 10.
-
- #CLASS SOURCE DEST PROTO DEST
- # PORT
- 1:10 0.0.0.0/0 0.0.0.0/0 icmp echo-request
- 1:10 0.0.0.0/0 0.0.0.0/0 icmp echo-reply
-
-
-
-
-
-
- FILES
-
- /etc/shorewall/tcfilters
-
-
-
- See ALSO
-
- http://shorewall.net/traffic_shaping.htm
-
- http://shorewall.net/MultiISP.html
-
- http://shorewall.net/PacketMarking.html
-
- shorewall(8), shorewall-accounting(5), shorewall-actions(5),
- shorewall-blacklist(5), shorewall-ecn(5), shorewall-exclusion(5),
- shorewall-hosts(5), shorewall-interfaces(5), shorewall-ipsec(5),
- shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
- shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
- shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_rules(5),
- shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
- shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tos(5),
- shorewall-tunnels(5), shorewall-zones(5)
-
-
\ No newline at end of file