holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Patches for shorewall manpage

Browse Source 
Hi,

here is the patch set for the shorewall6-lite man page.

-Thomas

>From d3fc3bd79f6313e8c940f6df49ae6ea3e05fa590 Mon Sep 17 00:00:00 2001
From: Thomas D <whissi@whissi.de>
Date: Tue, 11 Nov 2014 01:23:44 +0100
Subject: [PATCH 2/2] Fixes for the "commands" section.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Thomas D 2014-11-11 01:27:33 +01:00 committed by Tom Eastep
parent 22ac37b51e
commit 2bf80ee3d9
1 changed files with 93 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
Shorewall6-lite/manpages/shorewall6-lite.xml
View File

@ -534,7 +534,7 @@
used for debugging. See <ulink used for debugging. See <ulink
url="http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace">http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace</ulink>.</para> url="http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace">http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace</ulink>.</para>
<para>The nolock <option>option</option> prevents the command from <para>The <option>nolock</option> option prevents the command from
attempting to acquire the shorewall6-lite lockfile. It is useful if you attempting to acquire the shorewall6-lite lockfile. It is useful if you
need to include <command>shorewall</command> commands in need to include <command>shorewall</command> commands in
<filename>/etc/shorewall/started</filename>.</para> <filename>/etc/shorewall/started</filename>.</para>
@ -570,19 +570,21 @@
<para>Adds a list of hosts or subnets to a dynamic zone usually used <para>Adds a list of hosts or subnets to a dynamic zone usually used
with VPN's.</para> with VPN's.</para>
<para>The <emphasis>interface</emphasis> argument names an interface <para>The <replaceable>interface</replaceable> argument names an interface
defined in the <ulink defined in the <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5) url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
file. A <emphasis>host-list</emphasis> is comma-separated list whose file. A <replaceable>host-list</replaceable> is comma-separated list whose
elements are host or network addresses.<caution> elements are host or network addresses.</para>
<para>The <command>add</command> command is not very robust. If
there are errors in the <replaceable>host-list</replaceable>, <caution>
you may see a large number of error messages yet a subsequent <para>The <command>add</command> command is not very robust. If
<command>shorewall6-lite show zones</command> command will there are errors in the <replaceable>host-list</replaceable>,
indicate that all hosts were added. If this happens, replace you may see a large number of error messages yet a subsequent
<command>add</command> by <command>delete</command> and run the <command>shorewall6-lite show zones</command> command will
same command again. Then enter the correct command.</para> indicate that all hosts were added. If this happens, replace
</caution></para> <command>add</command> by <command>delete</command> and run the
same command again. Then enter the correct command.</para>
</caution>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -591,10 +593,9 @@
<listitem> <listitem>
<para>Re-enables receipt of packets from hosts previously <para>Re-enables receipt of packets from hosts previously
blacklisted by a <emphasis role="bold">drop</emphasis>, <emphasis blacklisted by a <command>drop</command>, <command>logdrop</command>,
role="bold">logdrop</emphasis>, <emphasis <command>reject</command>, or <command>logreject</command>
role="bold">reject</emphasis>, or <emphasis command.</para>
role="bold">logreject</emphasis> command.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -608,10 +609,9 @@
the firewall is causing connection problems.</para> the firewall is causing connection problems.</para>
<para>If <option>-f</option> is given, the command will be processed <para>If <option>-f</option> is given, the command will be processed
by the compiled script that executed the last successful <emphasis by the compiled script that executed the last successful
role="bold">start</emphasis>, <emphasis <command>start</command>, <command>restart</command> or
role="bold">restart</emphasis> or <emphasis <command>refresh</command> command if that script exists.</para>
role="bold">refresh</emphasis> command if that script exists.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -619,14 +619,14 @@
<term><emphasis role="bold">delete</emphasis></term> <term><emphasis role="bold">delete</emphasis></term>
<listitem> <listitem>
<para>The delete command reverses the effect of an earlier <emphasis <para>The delete command reverses the effect of an earlier
role="bold">add</emphasis> command.</para> <command>add</command> command.</para>
<para>The <emphasis>interface</emphasis> argument names an interface <para>The <replaceable>interface</replaceable> argument names an
defined in the <ulink interface defined in the <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5) url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
file. A <emphasis>host-list</emphasis> is comma-separated list whose file. A <replaceable>host-list</replaceable> is comma-separated
elements are a host or network address.</para> list whose elements are a host or network address.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -646,7 +646,7 @@
<term><emphasis role="bold">drop</emphasis></term> <term><emphasis role="bold">drop</emphasis></term>
<listitem> <listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es <para>Causes traffic from the listed <replaceable>address</replaceable>es
to be silently dropped.</para> to be silently dropped.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -658,13 +658,14 @@
<para>Produces a verbose report about the firewall configuration for <para>Produces a verbose report about the firewall configuration for
the purpose of problem analysis.</para> the purpose of problem analysis.</para>
<para>The <emphasis role="bold">-x</emphasis> option causes actual <para>The <option>-x</option> option causes actual
packet and byte counts to be displayed. Without that option, these packet and byte counts to be displayed. Without that option, these
counts are abbreviated. The <emphasis role="bold">-m</emphasis> counts are abbreviated.</para>
option causes any MAC addresses included in shorewall6-lite log
messages to be displayed.</para>
<para>The <emphasis role="bold">-l</emphasis> option causes the rule <para>The <option>-m</option> option causes any MAC addresses
included in shorewall6-lite log messages to be displayed.</para>
<para>The <option>-l</option> option causes the rule
number for each Netfilter rule to be displayed.</para> number for each Netfilter rule to be displayed.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -685,9 +686,9 @@
<term><emphasis role="bold">forget</emphasis></term> <term><emphasis role="bold">forget</emphasis></term>
<listitem> <listitem>
<para>Deletes /var/lib/shorewall6-lite/<emphasis>filename</emphasis> <para>Deletes <filename>/var/lib/shorewall6-lite/<replaceable>filename</replaceable></filename>
and /var/lib/shorewall6-lite/save. If no and <filename>/var/lib/shorewall6-lite/save</filename>. If no
<emphasis>filename</emphasis> is given then the file specified by <replaceable>filename</replaceable> is given then the file specified by
RESTOREFILE in <ulink RESTOREFILE in <ulink
url="shorewall.conf.html">shorewall6.conf</ulink>(5) is url="shorewall.conf.html">shorewall6.conf</ulink>(5) is
assumed.</para> assumed.</para>
@ -754,7 +755,7 @@
<term><emphasis role="bold">logdrop</emphasis></term> <term><emphasis role="bold">logdrop</emphasis></term>
<listitem> <listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es <para>Causes traffic from the listed <replaceable>address</replaceable>es
to be logged then discarded. Logging occurs at the log level to be logged then discarded. Logging occurs at the log level
specified by the BLACKLIST_LOGLEVEL setting in <ulink specified by the BLACKLIST_LOGLEVEL setting in <ulink
url="shorewall.conf.html">shorewall6.conf</ulink> (5).</para> url="shorewall.conf.html">shorewall6.conf</ulink> (5).</para>
@ -768,15 +769,18 @@
<para>Monitors the log file specified by the LOGFILE option in <para>Monitors the log file specified by the LOGFILE option in
<ulink url="shorewall.conf.html">shorewall6.conf</ulink>(5) and <ulink url="shorewall.conf.html">shorewall6.conf</ulink>(5) and
produces an audible alarm when new shorewall6-lite messages are produces an audible alarm when new shorewall6-lite messages are
logged. The <emphasis role="bold">-m</emphasis> option causes the logged.</para>
<para>The <option>-m</option> option causes the
MAC address of each packet source to be displayed if that MAC address of each packet source to be displayed if that
information is available. The information is available.</para>
<replaceable>refresh-interval</replaceable> specifies the time in
seconds between screen refreshes. You can enter a negative number by <para>The <replaceable>refresh-interval</replaceable> specifies
preceding the number with "--" (e.g., <command>shorewall6-lite the time in seconds between screen refreshes. You can enter a
logwatch -- -30</command>). In this case, when a packet count negative number by preceding the number with "--" (e.g.,
changes, you will be prompted to hit any key to resume screen <command>shorewall6-lite logwatch -- -30</command>). In this
refreshes.</para> case, when a packet count changes, you will be prompted to hit
any key to resume screen refreshes.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -784,7 +788,7 @@
<term><emphasis role="bold">logreject</emphasis></term> <term><emphasis role="bold">logreject</emphasis></term>
<listitem> <listitem>
<para>Causes traffic from the listed <emphasis>address</emphasis>es <para>Causes traffic from the listed <replaceable>address</replaceable>es
to be logged then rejected. Logging occurs at the log level to be logged then rejected. Logging occurs at the log level
specified by the BLACKLIST_LOGLEVEL setting in <ulink specified by the BLACKLIST_LOGLEVEL setting in <ulink
url="shorewall.conf.html">shorewall6.conf</ulink> (5).</para> url="shorewall.conf.html">shorewall6.conf</ulink> (5).</para>
@ -817,8 +821,8 @@
<term><emphasis role="bold">restart</emphasis></term> <term><emphasis role="bold">restart</emphasis></term>
<listitem> <listitem>
<para>Restart is similar to <emphasis role="bold">shorewall6-lite <para>Restart is similar to <command>shorewall6-lite start</command>
start</emphasis> except that it assumes that the firewall is already except that it assumes that the firewall is already
started. Existing connections are maintained.</para> started. Existing connections are maintained.</para>
<caution> <caution>
@ -848,19 +852,19 @@
<term><emphasis role="bold">restore</emphasis></term> <term><emphasis role="bold">restore</emphasis></term>
<listitem> <listitem>
<para>Restore shorewall6-lite to a state saved using the <emphasis <para>Restore shorewall6-lite to a state saved using the
role="bold">shorewall6-lite save</emphasis> command. Existing <command>shorewall6-lite save</command> command. Existing
connections are maintained. The <emphasis>filename</emphasis> names connections are maintained. The <replaceable>filename</replaceable> names
a restore file in /var/lib/shorewall6-lite created using <emphasis a restore file in <filename class="directory">/var/lib/shorewall6-lite</filename>
role="bold">shorewall6-lite save</emphasis>; if no created using <command>shorewall6-lite save</command>; if no
<emphasis>filename</emphasis> is given then shorewall6-lite will be <replaceable>filename</replaceable> is given then shorewall6-lite will be
restored from the file specified by the RESTOREFILE option in <ulink restored from the file specified by the RESTOREFILE option in <ulink
url="shorewall.conf.html">shorewall6.conf</ulink>(5).</para> url="shorewall.conf.html">shorewall6.conf</ulink>(5).</para>
<para>The <option>-C</option> option was added in Shorewall 4.6.5. <para>The <option>-C</option> option was added in Shorewall 4.6.5.
If the <option>-C</option> option was specified during <emphasis If the <option>-C</option> option was specified during
role="bold">shorewall save</emphasis>, then the counters saved by <command>shorewall7-lite save</command>, then the counters saved
that operation will be restored.</para> by that operation will be restored.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -886,10 +890,11 @@
<listitem> <listitem>
<para>The dynamic blacklist is stored in <para>The dynamic blacklist is stored in
/var/lib/shorewall6-lite/save. The state of the firewall is stored <filename>/var/lib/shorewall6-lite/save</filename>. The state of
in /var/lib/shorewall6-lite/<emphasis>filename</emphasis> for use by the firewall is stored in
the <emphasis role="bold">shorewall6-lite restore</emphasis>. If <filename>/var/lib/shorewall6-lite/<replaceable>filename</replaceable></filename>
<emphasis>filename</emphasis> is not given then the state is saved for use by the <command>shorewall6-lite restore</command> command.
If <replaceable>filename</replaceable> is not given then the state is saved
in the file specified by the RESTOREFILE option in <ulink in the file specified by the RESTOREFILE option in <ulink
url="shorewall.conf.html">shorewall6.conf</ulink>(5).</para> url="shorewall.conf.html">shorewall6.conf</ulink>(5).</para>
@ -913,7 +918,7 @@
<listitem> <listitem>
<para>Added in Shorewall 4.6.2. Displays the dynamic chain <para>Added in Shorewall 4.6.2. Displays the dynamic chain
along with any chains produced by entries in along with any chains produced by entries in
shorewall6-blrules(5).The <emphasis role="bold">-x</emphasis> shorewall6-blrules(5).The <option>-x</option>
option is passed directly through to ip6tables and causes option is passed directly through to ip6tables and causes
actual packet and byte counts to be displayed. Without this actual packet and byte counts to be displayed. Without this
option, those counts are abbreviated.</para> option, those counts are abbreviated.</para>
@ -925,9 +930,9 @@
<listitem> <listitem>
<para>Displays your kernel/iptables capabilities. The <para>Displays your kernel/iptables capabilities. The
<emphasis role="bold">-f</emphasis> option causes the display <option>-f</option> option causes the display
to be formatted as a capabilities file for use with <emphasis to be formatted as a capabilities file for use with
role="bold">compile -e</emphasis>.</para> <command>compile -e</command>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -941,25 +946,28 @@
-L</emphasis> <emphasis>chain</emphasis> <emphasis -L</emphasis> <emphasis>chain</emphasis> <emphasis
role="bold">-n -v</emphasis> command. If no role="bold">-n -v</emphasis> command. If no
<emphasis>chain</emphasis> is given, all of the chains in the <emphasis>chain</emphasis> is given, all of the chains in the
filter table are displayed. The <emphasis filter table are displayed.</para>
role="bold">-x</emphasis> option is passed directly through to
iptables and causes actual packet and byte counts to be <para>The <option>-x</option> option
displayed. Without this option, those counts are abbreviated. is passed directly through to iptables and causes actual
The <emphasis role="bold">-t</emphasis> option specifies the packet and byte counts to be displayed. Without this option,
those counts are abbreviated.</para>
<para>The <option>-t</option> option specifies the
Netfilter table to display. The default is <emphasis Netfilter table to display. The default is <emphasis
role="bold">filter</emphasis>.</para> role="bold">filter</emphasis>.</para>
<para>The <emphasis role="bold">-b</emphasis> ('brief') option <para>The <option>-b</option> ('brief') option
causes rules which have not been used (i.e. which have zero causes rules which have not been used (i.e. which have zero
packet and byte counts) to be omitted from the output. Chains packet and byte counts) to be omitted from the output. Chains
with no rules displayed are also omitted from the with no rules displayed are also omitted from the
output.</para> output.</para>
<para>The <emphasis role="bold">-l</emphasis> option causes <para>The <option>-l</option> option causes
the rule number for each Netfilter rule to be the rule number for each Netfilter rule to be
displayed.</para> displayed.</para>
<para>If the <emphasis role="bold">t</emphasis> option and the <para>If the <option>-t</option> option and the
<option>chain</option> keyword are both omitted and any of the <option>chain</option> keyword are both omitted and any of the
listed <replaceable>chain</replaceable>s do not exist, a usage listed <replaceable>chain</replaceable>s do not exist, a usage
message is displayed.</para> message is displayed.</para>
@ -1037,8 +1045,9 @@
<listitem> <listitem>
<para>Displays the last 20 shorewall6-lite messages from the <para>Displays the last 20 shorewall6-lite messages from the
log file specified by the LOGFILE option in <ulink log file specified by the LOGFILE option in <ulink
url="shorewall.conf.html">shorewall6.conf</ulink>(5). The url="shorewall.conf.html">shorewall6.conf</ulink>(5).</para>
<emphasis role="bold">-m</emphasis> option causes the MAC
<para>The <option>-m</option> option causes the MAC
address of each packet source to be displayed if that address of each packet source to be displayed if that
information is available.</para> information is available.</para>
</listitem> </listitem>
@ -1059,8 +1068,8 @@
<listitem> <listitem>
<para>Displays the Netfilter nat table using the command <para>Displays the Netfilter nat table using the command
<emphasis role="bold">iptables -t nat -L -n -v</emphasis>.The <command>iptables -t nat -L -n -v</command>.The
<emphasis role="bold">-x</emphasis> option is passed directly <option>-x</option> option is passed directly
through to iptables and causes actual packet and byte counts through to iptables and causes actual packet and byte counts
to be displayed. Without this option, those counts are to be displayed. Without this option, those counts are
abbreviated.</para> abbreviated.</para>
@ -1092,8 +1101,8 @@
<listitem> <listitem>
<para>Displays the Netfilter raw table using the command <para>Displays the Netfilter raw table using the command
<emphasis role="bold">iptables -t raw -L -n -v</emphasis>.The <command>iptables -t raw -L -n -v</command>.The
<emphasis role="bold">-x</emphasis> option is passed directly <option>-x</option> option is passed directly
through to iptables and causes actual packet and byte counts through to iptables and causes actual packet and byte counts
to be displayed. Without this option, those counts are to be displayed. Without this option, those counts are
abbreviated.</para> abbreviated.</para>
@ -1146,8 +1155,8 @@
<para>The <option>-C</option> option was added in Shorewall 4.6.5 <para>The <option>-C</option> option was added in Shorewall 4.6.5
and is only meaningful when the <option>-f</option> option is also and is only meaningful when the <option>-f</option> option is also
specified. If the previously-saved configuration is restored, and if specified. If the previously-saved configuration is restored, and if
the <option>-C</option> option was also specified in the <emphasis the <option>-C</option> option was also specified in the
role="bold">save</emphasis> command, then the packet and byte <command>save</command> command, then the packet and byte
counters will be restored.</para> counters will be restored.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1167,10 +1176,9 @@
or by ADMINISABSENTMINDED.</para> or by ADMINISABSENTMINDED.</para>
<para>If <option>-f</option> is given, the command will be processed <para>If <option>-f</option> is given, the command will be processed
by the compiled script that executed the last successful <emphasis by the compiled script that executed the last successful
role="bold">start</emphasis>, <emphasis <command>start</command>, <command>restart</command> or
role="bold">restart</emphasis> or <emphasis <command>refresh</command> command if that script exists.</para>
role="bold">refresh</emphasis> command if that script exists.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1181,7 +1189,7 @@
<para>Produces a short report about the state of the <para>Produces a short report about the state of the
Shorewall-configured firewall.</para> Shorewall-configured firewall.</para>
<para>The <option>-i </option>option was added in Shorewall 4.6.2 <para>The <option>-i</option> option was added in Shorewall 4.6.2
and causes the status of each optional or provider interface to be and causes the status of each optional or provider interface to be
displayed.</para> displayed.</para>
</listitem> </listitem>