Update .conf documents for 'reload'

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2015-08-01 12:58:08 -07:00
parent ef9e75753a
commit 2165f746e6
2 changed files with 54 additions and 74 deletions

View File

@ -245,8 +245,10 @@
<warning> <warning>
<para>Addresses added by ADD_IP_ALIASES=Yes are deleted and <para>Addresses added by ADD_IP_ALIASES=Yes are deleted and
re-added during shorewall restart. As a consequence, connections re-added during <emphasis role="bold">shorewall reload</emphasis>
using those addresses may be severed.</para> and <emphasis role="bold">shorewall restart</emphasis>. As a
consequence, connections using those addresses may be
severed.</para>
</warning> </warning>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -271,8 +273,10 @@
<warning> <warning>
<para>Addresses added by ADD_SNAT_ALIASES=Yes are deleted and <para>Addresses added by ADD_SNAT_ALIASES=Yes are deleted and
re-added during shorewall restart. As a consequence, connections re-added during <emphasis role="bold">shorewall reload</emphasis>
using those addresses may be severed.</para> and <emphasis role="bold">shorewall restart</emphasis>. As a
consequence, connections using those addresses may be
severed.</para>
</warning> </warning>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -360,11 +364,6 @@
comment when a macro is invoked, the behavior is as if the first comment when a macro is invoked, the behavior is as if the first
line of the macro file was "COMMENT &lt;macro name&gt;". The line of the macro file was "COMMENT &lt;macro name&gt;". The
AUTO_COMMENT option has a default value of 'Yes'.</para> AUTO_COMMENT option has a default value of 'Yes'.</para>
<para>The setting of the AUTOMAKE option is ignored if the
<command>start</command> or <command>restart</command> command
includes a directory name (e.g.,<command> shorewall restart
/etc/shorewall.new</command>).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -422,14 +421,21 @@
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term> role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
<listitem> <listitem>
<para>If set, the behavior of the <command>start</command> and <para>If set, the behavior of the <command>start</command>,
<emphasis role="bold">reload</emphasis> and
<command>restart</command> commands are changed; if no files in <command>restart</command> commands are changed; if no files in
/etc/shorewall have been changed since the last successful CONFIG_PATH (see below) have been changed since the last successful
<command>start</command> or <command>restart</command> command, then <command>start, reload</command> or <command>restart</command>
the compilation step is skipped and the compiled script that command, then the compilation step is skipped and the compiled
executed the last <command>start</command> or script that executed the last <command>start</command>, <emphasis
<command>restart</command> command is used. The default is role="bold">reload</emphasis> or <command>restart</command> command
AUTOMAKE=No.</para> is used. The default is AUTOMAKE=No.</para>
<para>The setting of the AUTOMAKE option is ignored if the
<command>start</command>, <emphasis role="bold">reload</emphasis> or
<command>restart</command> command includes a directory name
(e.g.,<command> shorewall restart
/etc/shorewall.new</command>).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -688,10 +694,10 @@
associated with the DNS name is subject to change. When associated with the DNS name is subject to change. When
DEFER_DNS_RESOLUTION=No, DNS names are converted into IP addresses DEFER_DNS_RESOLUTION=No, DNS names are converted into IP addresses
by the compiler. This has the advantage that when AUTOMAKE=Yes, the by the compiler. This has the advantage that when AUTOMAKE=Yes, the
<command>start</command> and <command>restart</command> commands <command>start</command>, <emphasis role="bold">reload</emphasis>
will succeed even if no DNS server is reachable (assuming that the and <command>restart</command> commands will succeed even if no DNS
configuration hasn't changed since the compiled script was last server is reachable (assuming that the configuration hasn't changed
generated).</para> since the compiled script was last generated).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -751,7 +757,7 @@
</listitem> </listitem>
<listitem> <listitem>
<para>Restart Shorewall</para> <para>Reload Shorewall</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</listitem> </listitem>
@ -1241,29 +1247,13 @@ net all DROP info</programlisting>then the chain name is 'net-all'
<filename>/var/lib/shorewall/rt_tables</filename> <filename>/var/lib/shorewall/rt_tables</filename>
(<filename>/var/lib/shorewall-lite/rt_tables</filename>) before your (<filename>/var/lib/shorewall-lite/rt_tables</filename>) before your
next <command>stop</command>, <command>refresh</command>, next <command>stop</command>, <command>refresh</command>,
<command>restore</command> on <command>restart</command> <command>restore</command>, <emphasis role="bold">reload</emphasis>
command.</para> or <command>restart</command> command.</para>
<para>The default is KEEP_RT_TABLES=No.</para> <para>The default is KEEP_RT_TABLES=No.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis role="bold">LEGACY_FASTSTART=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
<listitem>
<para>Added in Shorewall 4.4.20. If not specified, the default is
Yes which preserves the legacy behavior of <command>start
-f</command> (the modification times of the files in
<filename>/etc/shorewall</filename> are compared with that of
<filename>/var/lib/shorewall/restore)</filename>. If set to No, then
the times are compared with that of /var/lib/shorewall/firewall,
which is consistent with the way that <command>restart -f</command>
works.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">LEGACY_RESTART=</emphasis>{<emphasis <term><emphasis role="bold">LEGACY_RESTART=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term> role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
@ -1276,9 +1266,10 @@ net all DROP info</programlisting>then the chain name is 'net-all'
restart (equivalent to <emphasis role="bold">stop</emphasis> restart (equivalent to <emphasis role="bold">stop</emphasis>
followed by <emphasis role="bold">start</emphasis>). When followed by <emphasis role="bold">start</emphasis>). When
LEGACY_FASTSTART=Yes, the <emphasis role="bold">restart</emphasis> LEGACY_FASTSTART=Yes, the <emphasis role="bold">restart</emphasis>
command performs the same operation as the reload command making it command performs the same operation as the <emphasis
compatible with earlier releases. If not specified, role="bold">reload</emphasis> command making it compatible with
LAGACY_RESTART=No is assumed.</para> earlier releases. If not specified, LAGACY_RESTART=No is
assumed.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -2345,7 +2336,8 @@ INLINE - - - ; -j REJECT
not be deleted. Regardless of the setting of RETAIN_ALIASES, not be deleted. Regardless of the setting of RETAIN_ALIASES,
addresses added during <emphasis role="bold">shorewall addresses added during <emphasis role="bold">shorewall
start</emphasis> are still deleted at a subsequent <emphasis start</emphasis> are still deleted at a subsequent <emphasis
role="bold">shorewall stop</emphasis> or <emphasis role="bold">shorewall stop</emphasis>, <emphasis
role="bold">shorewall reload</emphasis> or <emphasis
role="bold">shorewall restart</emphasis>.</para> role="bold">shorewall restart</emphasis>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -2538,6 +2530,7 @@ INLINE - - - ; -j REJECT
<listitem> <listitem>
<para>If specified, determines where Shorewall will log the details <para>If specified, determines where Shorewall will log the details
of each <emphasis role="bold">start</emphasis>, <emphasis of each <emphasis role="bold">start</emphasis>, <emphasis
role="bold">reload</emphasis>, <emphasis
role="bold">restart</emphasis> and <emphasis role="bold">restart</emphasis> and <emphasis
role="bold">refresh</emphasis> command. Logging verbosity is role="bold">refresh</emphasis> command. Logging verbosity is
determined by the setting of LOG_VERBOSITY above.</para> determined by the setting of LOG_VERBOSITY above.</para>

View File

@ -351,19 +351,21 @@
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term> role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
<listitem> <listitem>
<para>If set, the behavior of the <command>start</command> and <para>If set, the behavior of the <command>start</command>,
<command>restart</command> commands is changed; if no files in <emphasis role="bold">reload</emphasis> and
<filename><filename <command>restart</command> commands is changed; if no files in the
class="directory">/etc/shorewall</filename></filename> have been CONFIG_PATH (see below) have been changed since the last successful
changed since the last successful <command>start</command> or <command>start</command>, <emphasis role="bold">reload</emphasis> or
<command>restart</command> command, then the compilation step is <command>restart</command> command, then the compilation step is
skipped and the compiled script that executed the last skipped and the compiled script that executed the last
<command>start</command> or <command>restart</command> command is <command>start</command>, <emphasis role="bold">reload</emphasis> or
used. The default is AUTOMAKE=No.</para> <command>restart</command> command is used. The default is
AUTOMAKE=No.</para>
<para>The setting of the AUTOMAKE option is ignored if the <para>The setting of the AUTOMAKE option is ignored if the
<command>start</command> or <command>restart</command> command <command>start</command>, <emphasis role="bold">reload</emphasis> or
includes a directory name (e.g.,<command> shorewall6 restart <command>restart</command> command includes a directory name
(e.g.,<command> shorewall6 restart
/etc/shorewall.new</command>).</para> /etc/shorewall.new</command>).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -621,10 +623,10 @@
associated with the DNS name is subject to change. When associated with the DNS name is subject to change. When
DEFER_DNS_RESOLUTION=No, DNS names are converted into IP addresses DEFER_DNS_RESOLUTION=No, DNS names are converted into IP addresses
by the compiler. This has the advantage that when AUTOMAKE=Yes the by the compiler. This has the advantage that when AUTOMAKE=Yes the
<command>start</command> and <command>restart</command> commands <command>start</command>, <emphasis role="bold">reload</emphasis>
will succeed even if no DNS server is reachable (assuming that the and <command>restart</command> commands will succeed even if no DNS
configuration hasn't changed since the compiled script was last server is reachable (assuming that the configuration hasn't changed
generated).</para> since the compiled script was last generated).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1092,29 +1094,13 @@ net all DROP info</programlisting>then the chain name is 'net-all'
<filename>/var/lib/shorewall6/rt_tables</filename> <filename>/var/lib/shorewall6/rt_tables</filename>
(<filename>/var/lib/shorewall6-lite/rt_tables</filename>) before (<filename>/var/lib/shorewall6-lite/rt_tables</filename>) before
your next <command>stop</command>, <command>refresh</command>, your next <command>stop</command>, <command>refresh</command>,
<command>restore</command> on <command>restart</command> <command>restore</command>, <emphasis role="bold">reload</emphasis>
command.</para> or <command>restart</command> command.</para>
<para>The default is KEEP_RT_TABLES=No.</para> <para>The default is KEEP_RT_TABLES=No.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis role="bold">LEGACY_FASTSTART=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
<listitem>
<para>Added in Shorewall6 4.4.20. If not specified, the default is
Yes which preserves the legacy behavior of <command>start
-f</command> (the modification times of the files in
<filename>/etc/shorewall6</filename> are compared with that of
<filename>/var/lib/shorewall6/restore</filename>). If set to No,
then the times are compared with that of
/var/lib/shorewall6/firewall, which is consistent with the way that
<command>restart -f</command> works.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">LEGACY_RESTART=</emphasis>{<emphasis <term><emphasis role="bold">LEGACY_RESTART=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term> role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
@ -2191,6 +2177,7 @@ INLINE - - - ; -j REJECT
<listitem> <listitem>
<para>If specified, determines where Shorewall6 will log the details <para>If specified, determines where Shorewall6 will log the details
of each <emphasis role="bold">start</emphasis>, <emphasis of each <emphasis role="bold">start</emphasis>, <emphasis
role="bold">reload</emphasis>, <emphasis
role="bold">restart</emphasis> and <emphasis role="bold">restart</emphasis> and <emphasis
role="bold">refresh</emphasis> command. Logging verbosity is role="bold">refresh</emphasis> command. Logging verbosity is
determined by the setting of LOG_VERBOSITY above.</para> determined by the setting of LOG_VERBOSITY above.</para>