Format and grammar fixes.

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8660 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2008-07-29 04:28:41 +00:00 · 2008-07-29 04:28:41 +00:00 · 1de5404e67
commit 1de5404e67
parent 46ec09dddf
2 changed files with 146 additions and 147 deletions
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@ -10,7 +10,7 @@ Changes in 4.2.0-Beta3
 5)  Fix COPY column.
-6) Add macro.RNDC.
+6)  Add macro.RNDC.
 Changes in 4.2.0-Beta2
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@ -36,20 +36,20 @@ Migration Issues.
 3)  Specifying a destination zone in a NAT-only rule now generates a
    warning and the destination zone is ignored. NAT-only rules are:
-    	     NONAT
+             NONAT
-	     REDIRECT-
+             REDIRECT-
-	     DNAT-
+             DNAT-
 4)  The default value for LOG_MARTIANS has been changed. Previously,
    the defaults were:
-    	Shorewall-perl - 'Off'
+        Shorewall-perl - 'Off'
-	Shorewall-shell - 'No'
+        Shorewall-shell - 'No'
    The new default values are:
-    	Shorewall-perl - 'On'
+        Shorewall-perl - 'On'
-	Shorewall-shell - 'Yes'.
+        Shorewall-shell - 'Yes'.
    Shorewall-perl users may:
@ -200,16 +200,16 @@ New Features in Shorewall 4.2.
     /etc/shorewall/route_rules:
-	#SOURCE		DEST			PROVIDER	PRIORITY
+        #SOURCE            DEST                    PROVIDER        PRIORITY
-	-		206.124.146.0/24	Blarg		1000
+        -                  206.124.146.0/24        Blarg           1000
-	-		130.252.144.0/24	Avvanta		1000
+        -                  130.252.144.0/24        Avvanta         1000
-	206.124.146.177	-			Blarg		26000
+        206.124.146.177    -                       Blarg           26000
     /etc/shorewall/tcrules
-	#MARK/CLASSIFY  SOURCE	               DEST
+        #MARK/CLASSIFY  SOURCE                       DEST
-	1		eth0:206.124.146.0/24  0.0.0.0/0
+        1                eth0:206.124.146.0/24  0.0.0.0/0
-	2		eth0:130.242.144.0/24  0.0.0.0/0
+        2                eth0:130.242.144.0/24  0.0.0.0/0
 2)  You may now include the name of a table (nat, mangle or filter) in
    a 'shorewall refresh' command by following the table name with a
@ -218,7 +218,7 @@ New Features in Shorewall 4.2.
    Example:
-	shorewall refresh nat:
+        shorewall refresh nat:
 3)  When no chain name is given to the 'shorewall refresh' command, the
    mangle table is refreshed along with the blacklist chain (if
@ -243,11 +243,11 @@ New Features in Shorewall 4.2.
    /etc/shorewall/shorewall.conf:
-	MACLIST_LOG_LEVEL=NFLOG(1,0,1)
+        MACLIST_LOG_LEVEL=NFLOG(1,0,1)
    /etc/shorewall/rules:
-	ACCEPT:NFLOG(1,0,1) vpn fw tcp ssh,time,631,8080
+        ACCEPT:NFLOG(1,0,1) vpn fw tcp ssh,time,631,8080
 5)  Shorewall-perl 4.2 implements an alternative syntax for macro
    parameters and for the NFQUEUE queue number. Rather than following
@ -256,8 +256,8 @@ New Features in Shorewall 4.2.
    Examples -- each pair shown below are equivalent:
-    DNS/ACCEPT	     DNS(ACCEPT)
+    DNS/ACCEPT          DNS(ACCEPT)
-    NFQUEUE/3	     NFQUEUE(3)
+    NFQUEUE/3           NFQUEUE(3)
    The old syntax will still be accepted but will cease to be documented
    in some future Shorewall release.
@ -276,17 +276,17 @@ New Features in Shorewall 4.2.
        the verbosity at which logging will occur. It uses the same
        value range as VERBOSITY:
-	-1    Do not log
+        -1    Do not log
-	0     Almost quiet
+        0     Almost quiet
-	1     Only major steps
+        1     Only major steps
-	2     Verbose
+        2     Verbose
    c)  An absolute VERBOSITY may be specified on the command line
        using the -v option followed by -1,0,1 or 2.
-	Example:
+        Example:
-		shorewall -v2 check
+                shorewall -v2 check
    d)  The /etc/init.d/shorewall script supplied with the
        shorewall.net packages sets '-v0' as the default. This may be
@ -296,17 +296,17 @@ New Features in Shorewall 4.2.
    Logging occurs on both Shorewall-perl and the generated script when
    the following commands are issued:
-	start
+        start
-	restart
+        restart
-	refresh
+        refresh
    Messages in the log are always timestamped.
    This change implemented two new options to the Shorewall-perl
    compiler (/usr/share/shorewall-perl/compiler.pl).
-	     --log=<logfile>
+        --log=<logfile>
-	     --log_verbosity={-1|0-2}
+        --log_verbosity={-1|0-2}
    The --log option is ignored when --log_verbosity is not supplied or
    is supplied with value -1.
@ -315,34 +315,34 @@ New Features in Shorewall 4.2.
    Shorewall::Compiler::compile(), that function has been changed to
    use named parameters. Parameter names are:
-	 object          Object file. If omitted or '', the
+         object          Object file. If omitted or '', the
-			 configuration is syntax checked. 
+                         configuration is syntax checked. 
-	 directory       Directory. If omitted or '', configuration
+         directory       Directory. If omitted or '', configuration
-			 files are located using
+                         files are located using
-			 CONFIG_PATH. Otherwise, the directory named by
+                         CONFIG_PATH. Otherwise, the directory named by
-			 this parameter is searched first.
+                         this parameter is searched first.
-	 verbosity       Verbosity; range -1 to 2
+         verbosity       Verbosity; range -1 to 2
-	 timestamp       0|1 -- timestamp messages.
+         timestamp       0|1 -- timestamp messages.
-	 debug           0|1 -- include stack trace in warning/error
+         debug           0|1 -- include stack trace in warning/error
-			 messages. 
+                         messages. 
-	 export          0|1 -- compile for export.
+         export          0|1 -- compile for export.
-	 chains          List of chains to be reloaded by 'refresh'.
+         chains          List of chains to be reloaded by 'refresh'.
-	 log             File to log compiler messages to.
+         log             File to log compiler messages to.
-	 log_verbosity   Log Verbosity; range -1 to 2.
+         log_verbosity   Log Verbosity; range -1 to 2.
    Those parameters that are supplied must have defined values.
    Defaults are:
-	     object		'' ('check' command)
+             object         '' ('check' command)
-	     directory		''
+             directory      ''
-	     verbosity		1
+             verbosity      1
-	     timestamp		0
+             timestamp      0
-	     debug		0
+             debug          0
-	     export		0
+             export         0
-	     chains		''
+             chains         ''
-	     log		''
+             log            ''
-	     log_verbosity	-1
+             log_verbosity  -1
    Example:
@ -352,7 +352,7 @@ New Features in Shorewall 4.2.
    compiler( object        => '/root/firewall', 
              log           => '/root/compile.log',
-	      log_verbosity => 2 );
+              log_verbosity => 2 );
 7)  Previously, when HIGH_ROUTE_MARKS=Yes, Shorewall allowed non-zero
    mark values < 256 to be assigned in the OUTPUT chain. This has been
@ -371,7 +371,7 @@ New Features in Shorewall 4.2.
    column. Currently only a single option is defined.
    classify   When specified, you must use explicit CLASSIFY tcrules
-	       to classify traffic by class. Shorewall will not create
+               to classify traffic by class. Shorewall will not create
               any CLASSIFY rules to classify traffic by mark value.
    See http://www.shorewall.net/traffic_shaping.htm for further
@ -386,25 +386,25 @@ New Features in Shorewall 4.2.
    when the top-level macro was invoked. This allows the
    following:
-	/etc/shorewall/macro.SSH:
+        /etc/shorewall/macro.SSH:
-	    #ACTION SOURCE  PROTO   DEST    SOURCE  RATE    USER/
+            #ACTION SOURCE  PROTO   DEST    SOURCE  RATE    USER/
-	    #                       PORT(S) PORT(S) LIMIT   GROUP
+            #                       PORT(S) PORT(S) LIMIT   GROUP
-	    COMMENT My SSH Macro
+            COMMENT My SSH Macro
-	    PARAM   -       -       tcp     22
+            PARAM   -       -       tcp     22
-	/etc/shorewall/rules:
+        /etc/shorewall/rules:
-	    COMMENT Allow SSH from home
+            COMMENT Allow SSH from home
-	    SSH/ALLOW     net:$MYIP	$FW
+            SSH/ALLOW     net:$MYIP        $FW
-	    COMMENT
+            COMMENT
-	The comment line in macro.SSH will not override the 
+        The comment line in macro.SSH will not override the 
-	COMMENT line in the rules file and the generated rule will show
+        COMMENT line in the rules file and the generated rule will show
-		/* Allow SSH from home */
+                /* Allow SSH from home */
-	when displayed through the Shorewall show and dump commands.
+        when displayed through the Shorewall show and dump commands.
    If a macro is invoked and there is no current comment, then the
    name of the macro automatically becomes the current comment. This
@ -429,7 +429,7 @@ New Features in Shorewall 4.2.
    Example:
-	OWNER=foo GROUP=bar ./install.sh
+        OWNER=foo GROUP=bar ./install.sh
    To install Shorewall-perl under Cygwin:
@ -450,9 +450,9 @@ New Features in Shorewall 4.2.
 16) Specifying a destination zone in a NAT-only rule now generates a
    warning and the destination zone is ignored. NAT-only rules are:
-    	     NONAT
+             NONAT
-	     REDIRECT-
+             REDIRECT-
-	     DNAT-
+             DNAT-
 17)  The /etc/shorewall/masq and /etc/shorewall/nat file now accept a
    comma-separated list of interface names where before only a single
@ -469,26 +469,26 @@ New Features in Shorewall 4.2.
    /etc/shorewall/masq:
    #INTERFACE              SOURCE          ADDRESS
-    eth0,eth1		    eth2	    1.2.3.4
+    eth0,eth1               eth2            1.2.3.4
    equivalent to:
    #INTERFACE              SOURCE          ADDRESS
-    eth0		    eth2	    1.2.3.4
+    eth0                    eth2            1.2.3.4
-    eth1		    eth2	    1.2.3.4
+    eth1                    eth2            1.2.3.4
    Example 2:
    /etc/shorewall/masq:
-    #INTERFACE			SOURCE      ADDRESS
+    #INTERFACE                       SOURCE      ADDRESS
-    eth0,eth1::192.168.1.0/24	eth2	    1.2.3.4
+    eth0,eth1::192.168.1.0/24        eth2        1.2.3.4
    equivalent to:
    #INTERFACE              SOURCE          ADDRESS
-    eth0::192.168.1.0/24    eth2	    1.2.3.4
+    eth0::192.168.1.0/24    eth2            1.2.3.4
-    eth1::192.168.1.0/24    eth2	    1.2.3.4
+    eth1::192.168.1.0/24    eth2            1.2.3.4
    Example 3:
@ -513,11 +513,11 @@ New Features in Shorewall 4.2.
    /etc/shorewall/interfaces:
-	vpn	tun+	
+        vpn        tun+        
    /etc/shorewall/masq:
-	tun1	192.168.4.0/24
+        tun1        192.168.4.0/24
 19) Previously, Shorewall classified non-firewall zones as either
    'simple' or 'complex'. Attributes of a zone which made it 'complex'
@ -564,7 +564,7 @@ New Features in Shorewall 4.2.
    So, if you have this rule:
-    	SSH/ACCEPT  loc	 fw
+            SSH/ACCEPT  loc         fw
    then the generated netfilter rule will include "/* SSH */" when
    viewed with 'iptables -L' or 'shorewall show loc2fw' or 'shorewall
@ -594,9 +594,9 @@ New Features in Shorewall 4.2.
    Example:
-     #INTERFACE	IN-BANDWITH	OUT-BANDWIDTH	OPTIONS
+     #INTERFACE    IN-BANDWITH     OUT-BANDWIDTH        OPTIONS
-     1:eth0	1300kbit	384kbit		classify
+     1:eth0        1300kbit        384kbit              classify
-     2:eth1	5600kbit	1000kbit	
+     2:eth1        5600kbit        1000kbit        
     In /etc/shorewall/tcclasses:
@ -634,26 +634,26 @@ New Features in Shorewall 4.2.
    Example:
-	ursa:~ # modprobe ifb numifbs=1
+        ursa:~ # modprobe ifb numifbs=1
-	ursa:~ # ip link ls
+        ursa:~ # ip link ls
-	1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue 
+        1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue 
-    	    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
+                link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
-	2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
+        2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
-    	    link/ether cc:2b:cb:24:1b:00 brd ff:ff:ff:ff:ff:ff
+                link/ether cc:2b:cb:24:1b:00 brd ff:ff:ff:ff:ff:ff
-	3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
+        3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
-    	    link/ether 00:1a:73:db:8c:35 brd ff:ff:ff:ff:ff:ff
+                link/ether 00:1a:73:db:8c:35 brd ff:ff:ff:ff:ff:ff
        4: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop qlen 32
-   	    link/ether 26:99:d8:7d:32:26 brd ff:ff:ff:ff:ff:ff
+               link/ether 26:99:d8:7d:32:26 brd ff:ff:ff:ff:ff:ff
-	ursa:~ # 
+        ursa:~ # 
    After you have created the IFB(s), you must bring it(them) up:
-    	ip link set dev ifb0 up
+            ip link set dev ifb0 up
    You can place all of this in /etc/shorewall/init as follows:
-    	modprobe ifb numifbs=1
+            modprobe ifb numifbs=1
-	ip link set dev ifb0 up
+        ip link set dev ifb0 up
    The /etc/shorewall/tcdevices file has been extended to include an
    additional REDIRECTED DEVICES column. To convert your configuration
@ -662,15 +662,15 @@ New Features in Shorewall 4.2.
    a) Look at your current /etc/shorewall/tcdevices file. Suppose you
       have:
-	#INTERFACE	IN-BANDWIDTH	OUT-BANDWIDTH	OPTIONS
+        #INTERFACE  IN-BANDWIDTH  OUT-BANDWIDTH  OPTIONS
-	eth0		1300kbit        384kbit		-
+        eth0        1300kbit      384kbit        -
        Change it as follows:
-	#INTERFACE  IN-BANDWIDTH  OUT-BANDWIDTH	OPTIONS  REDIRECTED
+        #INTERFACE  IN-BANDWIDTH  OUT-BANDWIDTH  OPTIONS  REDIRECTED
-	#                                                DEVICES
+        #                                                 DEVICES
-	eth0	    -	          384kkbit	-
+        eth0        -             384kkbit       -
-	ifb0	    -		  1300kbit	-	 eth0
+        ifb0        -             1300kbit       -        eth0
       Note that the old IN-BANDWIDTH for eth0 has become the
       OUT-BANDWIDTH for ifb0 and that neither device has an
@ -695,32 +695,32 @@ New Features in Shorewall 4.2.
       INTERFACE:CLASS
-		The interface name or number followed by a colon (":")
+                The interface name or number followed by a colon (":")
-		and the class number.
+                and the class number.
       SOURCE
                Source IP address. May be a host or network address.
-		Specify "-" if any SOURCE address should match.
+                Specify "-" if any SOURCE address should match.
       DEST
-		Destination IP address. May be a host or network
+                Destination IP address. May be a host or network
-		address. Specify "-" if any DEST address should match.
+                address. Specify "-" if any DEST address should match.
       PROTO
-		Protocol Name/Number. Specify "-" if any PROTO should
+                Protocol Name/Number. Specify "-" if any PROTO should
-		match.
+                match.
       DEST PORT(S)
-	        A comma-separated list of destination ports. May only
+                A comma-separated list of destination ports. May only
-	        be given if the PROTO is tcp, udp, icmp or
+                be given if the PROTO is tcp, udp, icmp or
-	        sctp. Port ranges may be used, except when the PROTO is
+                sctp. Port ranges may be used, except when the PROTO is
-	        icmp. Specify "-" if any PORT should match.
+                icmp. Specify "-" if any PORT should match.
       SOURCE PORT(S)
-	        A comma-separated list of source port. May only be
+                A comma-separated list of source port. May only be
-	        given if the PROTO is tcp, udp or sctp. Port ranges
+                given if the PROTO is tcp, udp or sctp. Port ranges
-	        may be used unless the protocol is icmp. Specify "-" if
+                may be used unless the protocol is icmp. Specify "-" if
-	        any PORT should match.
+                any PORT should match.
    Entries in /etc/shorewall/tcfilters generate U32 tc filters which
    may be displayed using the "shorewall show filters" ("shorewall-lite
@ -745,23 +745,23 @@ New Features in Shorewall 4.2.
    where <gw> is the interface name:
-    	  - in upper case
+          - in upper case
-	  - with any characters not allowed in shell variable names
+          - with any characters not allowed in shell variable names
-	    replaced by '_'.
+            replaced by '_'.
    Example (from OpenWRT): 
-    	  Interface:           eth0.1
+          Interface:           eth0.1
-	  Variable:            ETH0_1_GATEWAY
+          Variable:            ETH0_1_GATEWAY
          /etc/shorewall/init: 
-	      ETH0_1_GATEWAY=$(uci get /var/state/network.wan0.gateway)
+              ETH0_1_GATEWAY=$(uci get /var/state/network.wan0.gateway)
 29) A new CONNBYTES column has been added to the tcrules file. The
    column defines a byte or packet range that the connection must fall
    within in order for the rule to match. The contents are:
-	     [!]<min>:[<max>[:{O|R|B}[:{B|P|A}]]]
+             [!]<min>:[<max>[:{O|R|B}[:{B|P|A}]]]
    !     matches if the the packet/byte count is not within the range 
          defined by <min> and <max>.
@ -790,7 +790,7 @@ New Features in Shorewall 4.2.
    Examples:
-	1000000:          - Connection has transferred a total of
+        1000000:          - Connection has transferred a total of
                            at least 1,000,000 bytes.
        1000000::R        - Connection has transferred at least
@ -799,8 +799,8 @@ New Features in Shorewall 4.2.
                            large download).
        1000000::O:P      - Connection has sent at least 1,000,000
-			    packets in the direction of the original
+                            packets in the direction of the original
-			    connection.
+                            connection.
 30) A new MANGLE_ENABLED option is added to shorewall.conf. The default
    setting is 'Yes' which causes Shorewall to assume responsibility for
@ -828,7 +828,7 @@ New Features in Shorewall 4.2.
    columns. So that Shorewall-perl can determine which column layout
    each macro has, a new FORMAT directive is added:
-    	 FORMAT {1|2}
+             FORMAT {1|2}
    The default is FORMAT 1 which is the old format. FORMAT 2 specifies
    that the macro is in the new format.
@ -839,12 +839,12 @@ New Features in Shorewall 4.2.
    The macro body is:
-    #ACTION		SOURCE		DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
+    #ACTION             SOURCE          DEST    PROTO   DEST    SOURCE  ORIGINAL        RATE    USER/
-    #							PORT(S)	PORT(S)	DEST		LIMIT	GROUP
+    #                                                   PORT(S) PORT(S) DEST            LIMIT   GROUP
    FORMAT 2
-    PARAM		SOURCE:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 \
+    PARAM               SOURCE:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 \
-					DEST	-	-	-	-		-	-
+                                        DEST    -       -       -       -               -       -
-    PARAM		SOURCE		DEST	-	-	-	10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+    PARAM               SOURCE          DEST    -       -       -       10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
    #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
    The 'norfc1918' option on the interface associated with zone 'z'
@ -875,7 +875,6 @@ New Features in Shorewall 4.2.
 35) Previously, when IP_FORWARDING=Yes in shorewall.conf, Shorewall
    would enable ip forwarding before instantiating the rules. This
    could lead to incorrect connection tracking entries being created
    between the time that forwarding was enabled and when the nat table
    rules were instantiated.
@ -904,12 +903,12 @@ New Features in Shorewall 4.2.
 39) A 'save' extension script is added. The script is run after
    iptables-save has completed successfully.
-   The 'load' and 'reload' commands copy the save script (if any) to
+    The 'load' and 'reload' commands copy the save script (if any) to
-   /etc/shorewall-lite/ on the remove firewall system. The 'export'
+    /etc/shorewall-lite/ on the remove firewall system. The 'export'
-   command copies the file to the same directory as the 'firewall' and
+    command copies the file to the same directory as the 'firewall' and
-   'firewall.conf' scripts.
+    'firewall.conf' scripts.
-   I have the following commands in my 'save' script:
+    I have the following commands in my 'save' script:
     [ -s /root/ipsets.save ] && cp -a /root/ipsets.save /root/ipsets.save.backup
     ipset -S > /root/ipsets.save
@ -921,10 +920,10 @@ New Features in Shorewall 4.2.
     if [ "$COMMAND" = start ]; then
         ipset -U :all: :all:
-   	 ipset -U :all: :default:
+            ipset -U :all: :default:
-   	 ipset -F
+            ipset -F
-   	 ipset -X
+            ipset -X
-   	 ipset -R < /root/ipsets.save
+            ipset -R < /root/ipsets.save
     fi
    Those two scripts allow me to save and restore the contents of my