diff --git a/Shorewall-lite/manpages/shorewall-lite.xml b/Shorewall-lite/manpages/shorewall-lite.xml index 78d038bfc..c78787bfe 100644 --- a/Shorewall-lite/manpages/shorewall-lite.xml +++ b/Shorewall-lite/manpages/shorewall-lite.xml @@ -326,8 +326,6 @@ - - directory @@ -613,7 +611,10 @@ - add + add { + interface[:host-list]... + zone | zone + host-list } Adds a list of hosts or subnets to a dynamic zone usually used @@ -638,7 +639,8 @@ - allow + allow + address Re-enables receipt of packets from hosts previously @@ -650,7 +652,8 @@ - clear + clear + [-] Clear will remove all rules and chains installed by @@ -688,7 +691,10 @@ - delete + delete { + interface[:host-list]... + zone | zone + host-list } The delete command reverses the effect of an earlier - disable + disable { + interface | + provider } Added in Shorewall 4.4.26. Disables the optional provider @@ -715,7 +723,8 @@ - drop + drop + address Causes traffic from the listed addresses @@ -724,7 +733,9 @@ - dump + dump [-] + [-] [-] + [-] Produces a verbose report about the firewall configuration for @@ -745,7 +756,9 @@ - enable + enable { + interface | + provider } Added in Shorewall 4.4.26. Enables the optional provider @@ -757,7 +770,8 @@ - forget + forget [ + filename ] Deletes /var/lib/shorewall-lite/filename @@ -778,7 +792,8 @@ - hits + hits [-] + Generates several reports from Shorewall-lite log messages in @@ -788,7 +803,8 @@ - ipcalc + ipcalc { address mask | + address/vlsm } Ipcalc displays the network address, broadcast address, @@ -798,7 +814,8 @@ - iprange + iprange + address1-address2 Iprange decomposes the specified range of IP addresses into @@ -807,7 +824,8 @@ - iptrace + iptrace iptables + match expression This is a low-level debugging command that causes iptables @@ -835,7 +853,8 @@ - logdrop + logdrop + address Causes traffic from the listed addresses @@ -846,7 +865,8 @@ - logwatch + logwatch [-] + [refresh-interval] Monitors the log file specified by the LOGFILE option in @@ -865,7 +885,8 @@ - logreject + logreject + address Causes traffic from the listed addresses @@ -885,7 +906,8 @@ - noiptrace + noiptrace iptables + match expression This is a low-level debugging command that cancels a trace @@ -937,16 +959,30 @@ - reset + reject + address - All the packet and byte counters in the firewall are - reset. + Causes traffic from the listed addresses + to be silently rejected. - restart + reset [chain, + ...] + + + Resets the packet and byte counters in the specified + chain(s). If no + chain is specified, all the packet and + byte counters in the firewall are reset. + + + + + restart [-n] [-p] + [-] Restart is similar to shorewall-lite @@ -969,7 +1005,9 @@ - restore + restore [-] + [-] [-] [ + filename ] Restore Shorewall-lite to a state saved using the + The option causes Shorewall to avoid + updating the routing table(s). + + The option, added in Shorewall 4.6.5, + causes the connection tracking table to be flushed; the + conntrack utility must be installed to use this + option. + The option was added in Shorewall 4.6.5. If the option was specified during shorewall save, then the counters saved by @@ -997,7 +1043,9 @@ - run + run + command [ + parameter ... ] Added in Shorewall 4.6.3. Executes @@ -1014,7 +1062,8 @@ - save + save [-] [ + filename ] The dynamic blacklist is stored in @@ -1054,7 +1103,8 @@ - bl|blacklists + bl|blacklists + [-] Added in Shorewall 4.6.2. Displays the dynamic chain @@ -1067,7 +1117,8 @@ - capabilities + [-] capabilities Displays your kernel/iptables capabilities. The @@ -1078,8 +1129,10 @@ - [ [ ] chain... - ] + [-] [-] + [-] [- + {||||}] + [ chain... ] The rules in each chain are @@ -1280,7 +1333,9 @@ - start + start [-] + [-] [] + [-] Start Shorewall Lite. Existing connections through @@ -1292,7 +1347,7 @@ table to be flushed; the conntrack utility must be installed to use this option. - The option prevents the firewall script + The option prevents the firewall script from modifying the current routing configuration. The option was added in Shorewall 4.6.5. diff --git a/Shorewall/manpages/shorewall.xml b/Shorewall/manpages/shorewall.xml index 5763a37c9..fbfef1fe9 100644 --- a/Shorewall/manpages/shorewall.xml +++ b/Shorewall/manpages/shorewall.xml @@ -637,8 +637,6 @@ - -c - event @@ -859,7 +857,10 @@ - add + add { + interface[:host-list]... + zone | zone + host-list } Adds a list of hosts or subnets to a dynamic zone usually used @@ -891,7 +892,8 @@ - allow + allow + address Re-enables receipt of packets from hosts previously @@ -903,7 +905,10 @@ - check + check [-] + [-] [-] [-] + [-] [-] + [directory] Compiles the configuration in the specified @@ -942,7 +947,8 @@ - clear + clear + [-] Clear will remove all rules and chains installed by Shorewall. @@ -980,7 +986,10 @@ - compile + compile [-] + [-] [-] [-] + [-] [-] [ directory + ] [ pathname ] Compiles the current configuration into the executable file @@ -1037,7 +1046,10 @@ - delete + delete { + interface[:host-list]... + zone | zone + host-list } The delete command reverses the effect of an earlier - disable + disable { + interface | + provider } Added in Shorewall 4.4.26. Disables the optional provider @@ -1080,7 +1094,8 @@ - drop + drop + address Causes traffic from the listed addresses @@ -1089,7 +1104,9 @@ - dump + dump [-] + [-] [-] + [-] Produces a verbose report about the firewall configuration for @@ -1111,7 +1128,9 @@ - enable + enable { + interface | + provider } Added in Shorewall 4.4.26. Enables the optional provider @@ -1132,7 +1151,10 @@ - export + export [ + directory1 ] [ + user@]system[:directory2 + ] If directory1 is omitted, the current @@ -1156,7 +1178,8 @@ - forget + forget [ + filename ] Deletes /var/lib/shorewall/filename and @@ -1176,7 +1199,8 @@ - hits + hits [-] + Generates several reports from Shorewall log messages in the @@ -1186,7 +1210,8 @@ - ipcalc + ipcalc { address mask | + address/vlsm } Ipcalc displays the network address, broadcast address, @@ -1196,7 +1221,8 @@ - iprange + iprange + address1-address2 Iprange decomposes the specified range of IP addresses into @@ -1205,7 +1231,8 @@ - iptrace + iptrace iptables + match expression This is a low-level debugging command that causes iptables @@ -1232,7 +1259,11 @@ - load + load [-] + [-] [- + root-user-name] [-] + [-] [ directory ] + system If directory is omitted, the current @@ -1287,7 +1318,8 @@ - logdrop + logdrop + address Causes traffic from the listed addresses @@ -1299,7 +1331,8 @@ - logwatch + logwatch [-] + [ refresh-interval ] Monitors the log file specified by the LOGFILE option in @@ -1317,7 +1350,8 @@ - logreject + logreject + address Causes traffic from the listed addresses @@ -1338,7 +1372,8 @@ - noiptrace + noiptrace iptables + match expression This is a low-level debugging command that cancels a trace @@ -1390,7 +1425,10 @@ - refresh + refresh [-] + [-] [-] [-i] [-directory ] [ + chain... ] All steps performed by restart are @@ -1442,7 +1480,21 @@ - reload + reject + address + + + Causes traffic from the listed addresses + to be silently rejected. + + + + + reload [-] + [-] [- + root-user-name] [-] + [-] [ directory ] + system If directory is omitted, the current @@ -1497,16 +1549,22 @@ - reset + reset [chain, + ...] - All the packet and byte counters in the firewall are - reset. + Resets the packet and byte counters in the specified + chain(s). If no + chain is specified, all the packet and + byte counters in the firewall are reset. - restart + restart [-] + [-] [-] [-] + [-] [-] [-] + [-] [ directory ] Restart is similar to shorewall @@ -1560,7 +1618,9 @@ - restore + restore [-] + [-] [-] [ + filename ] Restore Shorewall to a state saved using the - run + run + command [ + parameter ... ] Added in Shorewall 4.6.3. Executes @@ -1622,7 +1684,10 @@ - safe-restart + safe-restart + [-] [-] [-timeout ] [ + directory ] Only allowed if Shorewall is running. The current @@ -1647,7 +1712,10 @@ - safe-start + safe-start [-] [-] + [-timeout ] [ + directory ] Shorewall is started normally. You will then be prompted @@ -1669,7 +1737,8 @@ - save + save [-] [ + filename ] The dynamic blacklist is stored in /var/lib/shorewall/save. @@ -1719,7 +1788,8 @@ - bl|blacklists + bl|blacklists + [-] Added in Shorewall 4.6.2. Displays the dynamic chain @@ -1732,7 +1802,8 @@ - capabilities + [-] capabilities Displays your kernel/iptables capabilities. The @@ -1743,8 +1814,10 @@ - [ [ ] chain... - ] + [-] [-] + [-] [- + {||||}] + [ chain... ] The rules in each chain are @@ -1886,7 +1959,8 @@ - nat + [-] nat Displays the Netfilter nat table using the command @@ -1921,7 +1995,8 @@ - routing + [-] + routing Displays the system's IPv4 routing configuration. @@ -1931,7 +2006,8 @@ - raw + [-] raw Displays the Netfilter raw table using the command @@ -1965,7 +2041,11 @@ - start + start + [-] [-] + [-] [-] [-] + [-] [-] [-] [ + directory ] Start shorewall. Existing connections through shorewall @@ -2025,7 +2105,8 @@ - stop + stop + [-] Stops the firewall. All existing connections, except those @@ -2047,7 +2128,8 @@ - status + status + [-] Produces a short report about the state of the @@ -2060,7 +2142,9 @@ - try + try + directory [ + timeout ] If Shorewall is started then the firewall state is saved to a @@ -2095,7 +2179,11 @@ - update + update [-] + [-] [-] [-] + [-] [-] [-] + [-] [-] [ + directory ] Added in Shorewall 4.4.21 and causes the compiler to update @@ -2187,7 +2275,8 @@ - version + version + [-] Displays Shorewall's version. The option diff --git a/Shorewall6-lite/manpages/shorewall6-lite.xml b/Shorewall6-lite/manpages/shorewall6-lite.xml index 5916205d2..23146e42f 100644 --- a/Shorewall6-lite/manpages/shorewall6-lite.xml +++ b/Shorewall6-lite/manpages/shorewall6-lite.xml @@ -197,37 +197,6 @@ choice="plain"> - - shorewall6-lite - - | - - -options - - - - - address - mask - - address/vlsm - - - - - shorewall6-lite - - | - - -options - - - - address1address2 - - shorewall6-lite @@ -347,8 +316,6 @@ - - directory @@ -635,7 +602,10 @@ - add + add { + interface[:host-list]... + zone | zone + host-list } Adds a list of hosts or subnets to a dynamic zone usually used @@ -660,7 +630,8 @@ - allow + allow + address Re-enables receipt of packets from hosts previously @@ -671,7 +642,8 @@ - clear + clear + [-] Clear will remove all rules and chains installed by @@ -708,7 +680,10 @@ - delete + delete { + interface[:host-list]... + zone | zone + host-list } The delete command reverses the effect of an earlier @@ -723,7 +698,9 @@ - disable + disable { + interface | + provider } Added in Shorewall 4.4.26. Disables the optional provider @@ -735,7 +712,8 @@ - drop + drop + address Causes traffic from the listed @@ -744,7 +722,9 @@ - dump + dump [-] + [-] [-] + [-] Produces a verbose report about the firewall configuration for @@ -766,7 +746,9 @@ - enable + enable { + interface | + provider } Added in Shorewall 4.4.26. Enables the optional provider @@ -778,7 +760,8 @@ - forget + forget [ + filename ] Deletes @@ -810,26 +793,8 @@ - ipcalc - - - Ipcalc displays the network address, broadcast address, - network in CIDR notation and netmask corresponding to the - input[s]. - - - - - iprange - - - Iprange decomposes the specified range of IP addresses into - the equivalent list of network/host addresses. - - - - - iptrace + iptrace ip6tables + match expression This is a low-level debugging command that causes iptables @@ -857,7 +822,8 @@ - logdrop + logdrop + address Causes traffic from the listed @@ -869,7 +835,8 @@ - logwatch + logwatch [-] + [refresh-interval] Monitors the log file specified by the LOGFILE option in @@ -891,7 +858,8 @@ - logreject + logreject + address Causes traffic from the listed @@ -912,13 +880,15 @@ - noiptrace + noiptrace + ip6tables match + expression This is a low-level debugging command that cancels a trace started by a preceding iptrace command. - The iptables match expression must + The ip6tables match expression must be one given in the iptrace command being canceled. @@ -964,16 +934,30 @@ - reset + reject + address - All the packet and byte counters in the firewall are - reset. + Causes traffic from the listed addresses + to be silently rejected. - restart + reset [chain, + ...] + + + Resets the packet and byte counters in the specified + chain(s). If no + chain is specified, all the packet and + byte counters in the firewall are reset. + + + + + restart [-n] [-p] + [-] Restart is similar to shorewall6-lite start @@ -1004,7 +988,9 @@ - restore + restore [-] + [-] [-] [ + filename ] Restore shorewall6-lite to a state saved using the @@ -1026,7 +1012,9 @@ - run + run + command [ + parameter ... ] Added in Shorewall 4.6.3. Executes @@ -1043,7 +1031,8 @@ - save + save [-] [ + filename ] The dynamic blacklist is stored in @@ -1084,7 +1073,8 @@ - bl|blacklists + [-] bl|blacklists Added in Shorewall 4.6.2. Displays the dynamic chain @@ -1097,7 +1087,8 @@ - capabilities + [-] capabilities Displays your kernel/iptables capabilities. The @@ -1108,8 +1099,10 @@ - [ [ ] chain... - ] + [-] [-] + [-] [- + {||||}][ + chain... ] The rules in each chain are @@ -1243,11 +1236,12 @@ - nat + [-] nat Displays the Netfilter nat table using the command - iptables -t nat -L -n -v.The + ip6tables -t nat -L -n -v.The option is passed directly through to iptables and causes actual packet and byte counts to be displayed. Without this option, those counts are @@ -1268,17 +1262,8 @@ - routing - - - Displays the system's IPv4 routing configuration. The -c - option causes the route cache to be displayed in addition to - the other routing information. - - - - - raw + [-] raw Displays the Netfilter raw table using the command @@ -1290,6 +1275,17 @@ + + [-] + routing + + + Displays the system's IPv4 routing configuration. The -c + option causes the route cache to be displayed in addition to + the other routing information. + + + tc @@ -1312,7 +1308,9 @@ - start + start [-] + [-] [] + [-] Start Shorewall6 Lite. Existing connections through @@ -1324,7 +1322,7 @@ table to be flushed; the conntrack utility must be installed to use this option. - The option prevents the firewall script + The option prevents the firewall script from modifying the current routing configuration. The option was added in Shorewall 4.6.5. @@ -1343,7 +1341,8 @@ - stop + stop + [-] Stops the firewall. All existing connections, except those @@ -1377,7 +1376,8 @@ - version + version + [-] Displays Shorewall's version. The option diff --git a/Shorewall6/manpages/shorewall6.xml b/Shorewall6/manpages/shorewall6.xml index 38d97c7cc..ec0d3d9c4 100644 --- a/Shorewall6/manpages/shorewall6.xml +++ b/Shorewall6/manpages/shorewall6.xml @@ -799,7 +799,10 @@ - add + add { + interface[:host-list]... + zone | zone + host-list } Added in Shorewall 4.4.21. Adds a list of hosts or subnets to @@ -831,7 +834,8 @@ - allow + allow + address Re-enables receipt of packets from hosts previously @@ -843,7 +847,10 @@ - check + check [-] + [-] [-] [-] + [-] [-] + [directory] Compiles the configuration in the specified @@ -883,7 +890,8 @@ - clear + clear + [-] Clear will remove all rules and chains installed by @@ -915,7 +923,11 @@ - compile + compile [-] + [-] [-] [-] + [-] [-] + [directory] + [pathname ] Compiles the current configuration into the executable file @@ -971,7 +983,10 @@ - delete + delete { + interface[:host-list]... + zone | zone + host-list } Added in Shorewall 4.4.21. The delete command reverses the @@ -996,7 +1011,9 @@ - disable + disable + { interface | + provider } Added in Shorewall 4.4.26. Disables the optional provider @@ -1015,7 +1032,8 @@ - drop + drop + address Causes traffic from the listed addresses @@ -1024,7 +1042,9 @@ - dump + dump [-] + [-] [-] + [-] Produces a verbose report about the firewall configuration for @@ -1046,7 +1066,9 @@ - enable + enable { + interface | + provider } Added in Shorewall 4.4.26. Enables the optional provider @@ -1067,7 +1089,10 @@ - export + export + [directory1 ] + [user@]system[:directory2 + ] If directory1 is omitted, the current @@ -1091,7 +1116,8 @@ - forget + forget [ + filename ] Deletes /var/lib/shorewall6/filename @@ -1112,7 +1138,8 @@ - iptrace + iptrace ip6tables + match expression This is a low-level debugging command that causes iptables @@ -1140,7 +1167,11 @@ - load + load [-] + [-] [- + root-user-name] [-] + [-] [ directory ] + system If directory is omitted, the current @@ -1195,7 +1226,8 @@ - logdrop + logdrop + address Causes traffic from the listed addresses @@ -1207,7 +1239,8 @@ - logwatch + logwatch [-] + [refresh-interval] Monitors the log file specified by the LOGFILE option in @@ -1225,7 +1258,8 @@ - logreject + logreject + address Causes traffic from the listed addresses @@ -1246,7 +1280,9 @@ - noiptrace + noiptrace + ip6tables match + expression This is a low-level debugging command that cancels a trace @@ -1298,7 +1334,10 @@ - refresh + refresh [-] + [-] [-] [-i] + [-directory ] [ + chain... ] All steps performed by restart are @@ -1350,7 +1389,21 @@ - reload + reject + address + + + Causes traffic from the listed addresses + to be silently rejected. + + + + + reload [-] + [-] [- + root-user-name] [-] + [-] [ directory ] + system If directory is omitted, the current @@ -1417,7 +1470,10 @@ - restart + restart [-] + [-] [-] [-] + [-] [-] [-] + [-] [ directory ] Restart is similar to shorewall6 start @@ -1472,7 +1528,9 @@ - restore + restore [-] + [-] [-] [ + filename ] Restore Shorewall6 to a state saved using the @@ -1500,7 +1558,9 @@ - run + run + command [ + parameter ... ] Added in Shorewall 4.6.3. Executes @@ -1523,7 +1583,10 @@ - safe-restart + safe-restart + [-] [-] + [-timeout ] [ + directory ] Only allowed if Shorewall6 is running. The current @@ -1549,7 +1612,10 @@ - safe-start + safe-start + [-] [-] + [-timeout ] [ + directory ] Shorewall6 is started normally. You will then be prompted @@ -1571,7 +1637,8 @@ - save + save [-] [ + filename ] The dynamic blacklist is stored in @@ -1622,7 +1689,8 @@ - bl|blacklists + [-] bl|blacklists + Added in Shorewall 4.6.2. Displays the dynamic chain @@ -1635,7 +1703,8 @@ - capabilities + [-] capabilities Displays your kernel/ip6tables capabilities. The @@ -1646,8 +1715,10 @@ - [ [ ] chain... - ] + [-] [-] + [-] [- + {||||}][ + chain... ] The rules in each chain are @@ -1776,6 +1847,20 @@ + + [-] nat + + + Displays the Netfilter nat table using the command + ip6tables -t nat -L -n -v. + The -x option is passed + directly through to ip6tables and causes actual packet and + byte counts to be displayed. Without this option, those counts + are abbreviated. + + + opens @@ -1799,7 +1884,22 @@ - routing + [-] raw + + + Displays the Netfilter raw table using the command + ip6tables -t raw -L -n -v. + The -x option is passed + directly through to ip6tables and causes actual packet and + byte counts to be displayed. Without this option, those counts + are abbreviated. + + + + + [-] routing Displays the system's IPv6 routing configuration. The -c @@ -1830,7 +1930,11 @@ - start + start + [-] [-] + [-] [-] [-] + [-] [-] [-] [ + directory ] Start shorewall6. Existing connections through shorewall6 @@ -1886,7 +1990,8 @@ - stop + stop + [-] Stops the firewall. All existing connections, except those @@ -1898,6 +2003,12 @@ is from systems listed in shorewall6-routestopped(5) or by ADMINISABSENTMINDED. + + If is given, the command will be processed + by the compiled script that executed the last successful start, restart or refresh command if that script exists. @@ -1915,7 +2026,9 @@ - try + try + directory [ + timeout ] If Shorewall6 is started then the firewall state is saved to a @@ -1949,7 +2062,11 @@ - update + update [-] + [-] [-] [-] + [-] [-] [-] + [-] [-] [ + directory ] Added in Shorewall 4.4.21 and causes the compiler to update @@ -2041,7 +2158,8 @@ - version + version + [-] Displays Shorewall6's version. If the