From 2bf80ee3d962579d082dab3d9639eb3a162ef3fc Mon Sep 17 00:00:00 2001 From: Thomas D Date: Tue, 11 Nov 2014 01:27:33 +0100 Subject: [PATCH] Patches for shorewall manpage Hi, here is the patch set for the shorewall6-lite man page. -Thomas >From d3fc3bd79f6313e8c940f6df49ae6ea3e05fa590 Mon Sep 17 00:00:00 2001 From: Thomas D Date: Tue, 11 Nov 2014 01:23:44 +0100 Subject: [PATCH 2/2] Fixes for the "commands" section. Signed-off-by: Tom Eastep --- Shorewall6-lite/manpages/shorewall6-lite.xml | 178 ++++++++++--------- 1 file changed, 93 insertions(+), 85 deletions(-) diff --git a/Shorewall6-lite/manpages/shorewall6-lite.xml b/Shorewall6-lite/manpages/shorewall6-lite.xml index 3b81aa78b..6939334ab 100644 --- a/Shorewall6-lite/manpages/shorewall6-lite.xml +++ b/Shorewall6-lite/manpages/shorewall6-lite.xml @@ -534,7 +534,7 @@ used for debugging. See http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace. - The nolock prevents the command from + The option prevents the command from attempting to acquire the shorewall6-lite lockfile. It is useful if you need to include shorewall commands in /etc/shorewall/started. @@ -570,19 +570,21 @@ Adds a list of hosts or subnets to a dynamic zone usually used with VPN's. - The interface argument names an interface + The interface argument names an interface defined in the shorewall-interfaces(5) - file. A host-list is comma-separated list whose - elements are host or network addresses. - The add command is not very robust. If - there are errors in the host-list, - you may see a large number of error messages yet a subsequent - shorewall6-lite show zones command will - indicate that all hosts were added. If this happens, replace - add by delete and run the - same command again. Then enter the correct command. - + file. A host-list is comma-separated list whose + elements are host or network addresses. + + + The add command is not very robust. If + there are errors in the host-list, + you may see a large number of error messages yet a subsequent + shorewall6-lite show zones command will + indicate that all hosts were added. If this happens, replace + add by delete and run the + same command again. Then enter the correct command. + @@ -591,10 +593,9 @@ Re-enables receipt of packets from hosts previously - blacklisted by a drop, logdrop, reject, or logreject command. + blacklisted by a drop, logdrop, + reject, or logreject + command. @@ -608,10 +609,9 @@ the firewall is causing connection problems. If is given, the command will be processed - by the compiled script that executed the last successful start, restart or refresh command if that script exists. + by the compiled script that executed the last successful + start, restart or + refresh command if that script exists. @@ -619,14 +619,14 @@ delete - The delete command reverses the effect of an earlier add command. + The delete command reverses the effect of an earlier + add command. - The interface argument names an interface - defined in the The interface argument names an + interface defined in the shorewall-interfaces(5) - file. A host-list is comma-separated list whose - elements are a host or network address. + file. A host-list is comma-separated + list whose elements are a host or network address. @@ -646,7 +646,7 @@ drop - Causes traffic from the listed addresses + Causes traffic from the listed addresses to be silently dropped. @@ -658,13 +658,14 @@ Produces a verbose report about the firewall configuration for the purpose of problem analysis. - The -x option causes actual + The option causes actual packet and byte counts to be displayed. Without that option, these - counts are abbreviated. The -m - option causes any MAC addresses included in shorewall6-lite log - messages to be displayed. + counts are abbreviated. + + The option causes any MAC addresses + included in shorewall6-lite log messages to be displayed. - The -l option causes the rule + The option causes the rule number for each Netfilter rule to be displayed. @@ -685,9 +686,9 @@ forget - Deletes /var/lib/shorewall6-lite/filename - and /var/lib/shorewall6-lite/save. If no - filename is given then the file specified by + Deletes /var/lib/shorewall6-lite/filename + and /var/lib/shorewall6-lite/save. If no + filename is given then the file specified by RESTOREFILE in shorewall6.conf(5) is assumed. @@ -754,7 +755,7 @@ logdrop - Causes traffic from the listed addresses + Causes traffic from the listed addresses to be logged then discarded. Logging occurs at the log level specified by the BLACKLIST_LOGLEVEL setting in shorewall6.conf (5). @@ -768,15 +769,18 @@ Monitors the log file specified by the LOGFILE option in shorewall6.conf(5) and produces an audible alarm when new shorewall6-lite messages are - logged. The -m option causes the + logged. + + The option causes the MAC address of each packet source to be displayed if that - information is available. The - refresh-interval specifies the time in - seconds between screen refreshes. You can enter a negative number by - preceding the number with "--" (e.g., shorewall6-lite - logwatch -- -30). In this case, when a packet count - changes, you will be prompted to hit any key to resume screen - refreshes. + information is available. + + The refresh-interval specifies + the time in seconds between screen refreshes. You can enter a + negative number by preceding the number with "--" (e.g., + shorewall6-lite logwatch -- -30). In this + case, when a packet count changes, you will be prompted to hit + any key to resume screen refreshes. @@ -784,7 +788,7 @@ logreject - Causes traffic from the listed addresses + Causes traffic from the listed addresses to be logged then rejected. Logging occurs at the log level specified by the BLACKLIST_LOGLEVEL setting in shorewall6.conf (5). @@ -817,8 +821,8 @@ restart - Restart is similar to shorewall6-lite - start except that it assumes that the firewall is already + Restart is similar to shorewall6-lite start + except that it assumes that the firewall is already started. Existing connections are maintained. @@ -848,19 +852,19 @@ restore - Restore shorewall6-lite to a state saved using the shorewall6-lite save command. Existing - connections are maintained. The filename names - a restore file in /var/lib/shorewall6-lite created using shorewall6-lite save; if no - filename is given then shorewall6-lite will be + Restore shorewall6-lite to a state saved using the + shorewall6-lite save command. Existing + connections are maintained. The filename names + a restore file in /var/lib/shorewall6-lite + created using shorewall6-lite save; if no + filename is given then shorewall6-lite will be restored from the file specified by the RESTOREFILE option in shorewall6.conf(5). The option was added in Shorewall 4.6.5. - If the option was specified during shorewall save, then the counters saved by - that operation will be restored. + If the option was specified during + shorewall7-lite save, then the counters saved + by that operation will be restored. @@ -886,10 +890,11 @@ The dynamic blacklist is stored in - /var/lib/shorewall6-lite/save. The state of the firewall is stored - in /var/lib/shorewall6-lite/filename for use by - the shorewall6-lite restore. If - filename is not given then the state is saved + /var/lib/shorewall6-lite/save. The state of + the firewall is stored in + /var/lib/shorewall6-lite/filename + for use by the shorewall6-lite restore command. + If filename is not given then the state is saved in the file specified by the RESTOREFILE option in shorewall6.conf(5). @@ -913,7 +918,7 @@ Added in Shorewall 4.6.2. Displays the dynamic chain along with any chains produced by entries in - shorewall6-blrules(5).The -x + shorewall6-blrules(5).The option is passed directly through to ip6tables and causes actual packet and byte counts to be displayed. Without this option, those counts are abbreviated. @@ -925,9 +930,9 @@ Displays your kernel/iptables capabilities. The - -f option causes the display - to be formatted as a capabilities file for use with compile -e. + option causes the display + to be formatted as a capabilities file for use with + compile -e. @@ -941,25 +946,28 @@ -L chain -n -v command. If no chain is given, all of the chains in the - filter table are displayed. The -x option is passed directly through to - iptables and causes actual packet and byte counts to be - displayed. Without this option, those counts are abbreviated. - The -t option specifies the + filter table are displayed. + + The option + is passed directly through to iptables and causes actual + packet and byte counts to be displayed. Without this option, + those counts are abbreviated. + + The option specifies the Netfilter table to display. The default is filter. - The -b ('brief') option + The ('brief') option causes rules which have not been used (i.e. which have zero packet and byte counts) to be omitted from the output. Chains with no rules displayed are also omitted from the output. - The -l option causes + The option causes the rule number for each Netfilter rule to be displayed. - If the t option and the + If the option and the keyword are both omitted and any of the listed chains do not exist, a usage message is displayed. @@ -1037,8 +1045,9 @@ Displays the last 20 shorewall6-lite messages from the log file specified by the LOGFILE option in shorewall6.conf(5). The - -m option causes the MAC + url="shorewall.conf.html">shorewall6.conf(5). + + The option causes the MAC address of each packet source to be displayed if that information is available. @@ -1059,8 +1068,8 @@ Displays the Netfilter nat table using the command - iptables -t nat -L -n -v.The - -x option is passed directly + iptables -t nat -L -n -v.The + option is passed directly through to iptables and causes actual packet and byte counts to be displayed. Without this option, those counts are abbreviated. @@ -1092,8 +1101,8 @@ Displays the Netfilter raw table using the command - iptables -t raw -L -n -v.The - -x option is passed directly + iptables -t raw -L -n -v.The + option is passed directly through to iptables and causes actual packet and byte counts to be displayed. Without this option, those counts are abbreviated. @@ -1146,8 +1155,8 @@ The option was added in Shorewall 4.6.5 and is only meaningful when the option is also specified. If the previously-saved configuration is restored, and if - the option was also specified in the save command, then the packet and byte + the option was also specified in the + save command, then the packet and byte counters will be restored. @@ -1167,10 +1176,9 @@ or by ADMINISABSENTMINDED. If is given, the command will be processed - by the compiled script that executed the last successful start, restart or refresh command if that script exists. + by the compiled script that executed the last successful + start, restart or + refresh command if that script exists. @@ -1181,7 +1189,7 @@ Produces a short report about the state of the Shorewall-configured firewall. - The option was added in Shorewall 4.6.2 + The option was added in Shorewall 4.6.2 and causes the status of each optional or provider interface to be displayed.