holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Work around formatting glitches in man pages

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4995 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-11-23 18:13:29 +00:00
parent a2b2f90473
commit 31ecbb4b82
4 changed files with 88 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
manpages/shorewall-hosts.xml
View File

@ -96,24 +96,6 @@
<para>The name of an <emphasis>ipset</emphasis>.</para>
</listitem>
</orderedlist>
<para>Examples:</para>
<simplelist>
<member>eth1:192.168.1.3</member>
<member>eth2:192.168.2.0/24</member>
<member>eth3:192.168.2.0/24,192.168.3.1</member>
<member>br0:eth4</member>
<member>br0:eth0:192.168.1.16/28</member>
<member>eth4:192.168.1.44-192.168.1.49</member>
<member>eth2:+Admin</member>
</simplelist>
</listitem>
</varlistentry>

46
manpages/shorewall-policy.xml
View File

@ -110,6 +110,29 @@
<listitem>
<para>For TCP, send RST. For all other, send an "unreachable"
ICMP.</para>
<para>If the policy is DROP or REJECT then the policy may be
followed by ":" and one of the following:</para>
<orderedlist numeration="loweralpha">
<listitem>
<para>The word "None" or "none". This causes any default
action defined in /etc/shorewall/shorewall.conf to be
omitted for this policy.</para>
</listitem>
<listitem>
<para>The name of an action (requires that USE_ACTIONS=Yes
in shorewall.conf). That action will be invoked before the
policy is enforced.</para>
</listitem>
<listitem>
<para>The name of a macro. The rules in that macro will be
applied before the policy is enforced. This does not
require USE_ACTIONS=Yes.</para>
</listitem>
</orderedlist>
</listitem>
</varlistentry>
@ -139,29 +162,6 @@
</listitem>
</varlistentry>
</variablelist>
<para>If the policy is DROP or REJECT then the policy may be
followed by ":" and one of the following:</para>
<orderedlist numeration="loweralpha">
<listitem>
<para>The word "None" or "none". This causes any default action
defined in /etc/shorewall/shorewall.conf to be omitted for this
policy.</para>
</listitem>
<listitem>
<para>The name of an action (requires that USE_ACTIONS=Yes in
shorewall.conf). That action will be invoked before the policy
is enforced.</para>
</listitem>
<listitem>
<para>The name of a macro. The rules in that macro will be
applied before the policy is enforced. This does not require
USE_ACTIONS=Yes.</para>
</listitem>
</orderedlist>
</listitem>
</varlistentry>

7
manpages/shorewall-route_rules.xml
View File

@ -77,7 +77,9 @@
<listitem>
<para>The rule's numeric <emphasis>priority</emphasis> which
determines the order in which the rules are processed.</para>
determines the order in which the rules are processed. Rules with
equal priority are applied in the order in which they appear in the
file.</para>
<variablelist>
<varlistentry>
@ -106,9 +108,6 @@
</listitem>
</varlistentry>
</variablelist>
<para>Rules with equal priority are applied in the order in which
they appear in the file.</para>
</listitem>
</varlistentry>
</variablelist>

114
manpages/shorewall-rules.xml
View File

@ -318,48 +318,52 @@
parameter.</para>
<para>Example: FTP/ACCEPT.</para>
<programlisting></programlisting>
</listitem>
</varlistentry>
</variablelist>
<para>The <emphasis role="bold">ACTION</emphasis> may optionally be
followed by ":" and a syslog log level (e.g, REJECT:info or
DNAT:debug). This causes the packet to be logged at the specified
level.</para>
<blockquote>
<para>The <emphasis role="bold">ACTION</emphasis> may optionally
be followed by ":" and a syslog log level (e.g, REJECT:info or
DNAT:debug). This causes the packet to be logged at the specified
level.</para>
<para>If the <emphasis role="bold">ACTION</emphasis> names an
<emphasis>action</emphasis> defined in shorewall-actions(5) or in
/usr/share/shorewall/actions.std then:</para>
<para>If the <emphasis role="bold">ACTION</emphasis> names an
<emphasis>action</emphasis> defined in shorewall-actions(5) or in
/usr/share/shorewall/actions.std then:</para>
<itemizedlist>
<listitem>
<para>If the log level is followed by "!' then all rules in the
action are logged at the log level.</para>
</listitem>
<itemizedlist>
<listitem>
<para>If the log level is followed by "!' then all rules in
the action are logged at the log level.</para>
</listitem>
<listitem>
<para>If the log level is not followed by "!" then only those
rules in the action that do not specify logging are logged at
the specified level.</para>
</listitem>
<listitem>
<para>If the log level is not followed by "!" then only those
rules in the action that do not specify logging are logged at
the specified level.</para>
</listitem>
<listitem>
<para>The special log level 'none!' suppresses logging by the
action.</para>
</listitem>
</itemizedlist>
<listitem>
<para>The special log level 'none!' suppresses logging by the
action.</para>
</listitem>
</itemizedlist>
<para>You may also specify ULOG (must be in upper case) as a log
level.This will log to the ULOG target for routing to a separate log
through use of ulogd
(http://www.gnumonks.org/projects/ulogd).</para>
<para>You may also specify ULOG (must be in upper case) as a log
level.This will log to the ULOG target for routing to a separate
log through use of ulogd
(http://www.gnumonks.org/projects/ulogd).</para>
<para>Actions specifying logging may be followed by a log tag (a
string of alphanumeric characters) are appended to the string
generated by the LOGPREFIX (in shorewall.conf(5)).</para>
<para>Actions specifying logging may be followed by a log tag (a
string of alphanumeric characters) are appended to the string
generated by the LOGPREFIX (in shorewall.conf(5)).</para>
<para>Example: ACCEPT:info:ftp would include 'ftp ' at the end of
the log prefix generated by the LOGPREFIX setting.</para>
<para>Example: ACCEPT:info:ftp would include 'ftp ' at the end of
the log prefix generated by the LOGPREFIX setting.</para>
</blockquote>
</listitem>
</varlistentry>
@ -458,12 +462,14 @@
</varlistentry>
</variablelist>
<para>Alternatively, clients may be specified by interface by
appending ":" to the zone name followed by the interface name. For
example, loc:eth1 specifies a client that communicates with the
firewall system through eth1. This may be optionally followed by
another colon (":") and an IP/MAC/subnet address as described above
(e.g., loc:eth1:192.168.1.5).</para>
<blockquote>
<para>Alternatively, clients may be specified by interface by
appending ":" to the zone name followed by the interface name. For
example, loc:eth1 specifies a client that communicates with the
firewall system through eth1. This may be optionally followed by
another colon (":") and an IP/MAC/subnet address as described
above (e.g., loc:eth1:192.168.1.5).</para>
</blockquote>
</listitem>
</varlistentry>
@ -547,10 +553,12 @@
</varlistentry>
</variablelist>
<para>if the <emphasis role="bold">ACTION</emphasis> is <emphasis
role="bold">REDIRECT</emphasis>, this column needs only to contain
the port number on the firewall that the request should be
redirected to.</para>
<blockquote>
<para>if the <emphasis role="bold">ACTION</emphasis> is <emphasis
role="bold">REDIRECT</emphasis>, this column needs only to contain
the port number on the firewall that the request should be
redirected to.</para>
</blockquote>
</listitem>
</varlistentry>
@ -631,21 +639,23 @@
wrong.</para>
</warning>
<para>If you don't want to restrict client ports but need to specify
an <emphasis role="bold">ORIGINAL DEST</emphasis> in the next
column, then place "-" in this column.</para>
<blockquote>
<para>If you don't want to restrict client ports but need to
specify an <emphasis role="bold">ORIGINAL DEST</emphasis> in the
next column, then place "-" in this column.</para>
<para>If your kernel contains multi-port match support, then only a
single Netfilter rule will be generated if in this list and the
<emphasis role="bold">DEST PORT(S)</emphasis> list above:</para>
<para>If your kernel contains multi-port match support, then only
a single Netfilter rule will be generated if in this list and the
<emphasis role="bold">DEST PORT(S)</emphasis> list above:</para>
<para>1. There are 15 or less ports listed.</para>
<para>1. There are 15 or less ports listed.</para>
<para>2. No port ranges are included or your kernel and iptables
contain extended multiport match support.</para>
<para>2. No port ranges are included or your kernel and iptables
contain extended multiport match support.</para>
<para>Otherwise, a separate rule will be generated for each
port.</para>
<para>Otherwise, a separate rule will be generated for each
port.</para>
</blockquote>
</listitem>
</varlistentry>