holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Work around formatting glitches in man pages

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4995 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-11-23 18:13:29 +00:00
parent a2b2f90473
commit 31ecbb4b82
4 changed files with 88 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
manpages/shorewall-hosts.xml
View File

@ -96,24 +96,6 @@
<para>The name of an <emphasis>ipset</emphasis>.</para> <para>The name of an <emphasis>ipset</emphasis>.</para>
</listitem> </listitem>
</orderedlist> </orderedlist>
<para>Examples:</para>
<simplelist>
<member>eth1:192.168.1.3</member>
<member>eth2:192.168.2.0/24</member>
<member>eth3:192.168.2.0/24,192.168.3.1</member>
<member>br0:eth4</member>
<member>br0:eth0:192.168.1.16/28</member>
<member>eth4:192.168.1.44-192.168.1.49</member>
<member>eth2:+Admin</member>
</simplelist>
</listitem> </listitem>
</varlistentry> </varlistentry>

46
manpages/shorewall-policy.xml
View File

@ -110,6 +110,29 @@
<listitem> <listitem>
<para>For TCP, send RST. For all other, send an "unreachable" <para>For TCP, send RST. For all other, send an "unreachable"
ICMP.</para> ICMP.</para>
<para>If the policy is DROP or REJECT then the policy may be
followed by ":" and one of the following:</para>
<orderedlist numeration="loweralpha">
<listitem>
<para>The word "None" or "none". This causes any default
action defined in /etc/shorewall/shorewall.conf to be
omitted for this policy.</para>
</listitem>
<listitem>
<para>The name of an action (requires that USE_ACTIONS=Yes
in shorewall.conf). That action will be invoked before the
policy is enforced.</para>
</listitem>
<listitem>
<para>The name of a macro. The rules in that macro will be
applied before the policy is enforced. This does not
require USE_ACTIONS=Yes.</para>
</listitem>
</orderedlist>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -139,29 +162,6 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
<para>If the policy is DROP or REJECT then the policy may be
followed by ":" and one of the following:</para>
<orderedlist numeration="loweralpha">
<listitem>
<para>The word "None" or "none". This causes any default action
defined in /etc/shorewall/shorewall.conf to be omitted for this
policy.</para>
</listitem>
<listitem>
<para>The name of an action (requires that USE_ACTIONS=Yes in
shorewall.conf). That action will be invoked before the policy
is enforced.</para>
</listitem>
<listitem>
<para>The name of a macro. The rules in that macro will be
applied before the policy is enforced. This does not require
USE_ACTIONS=Yes.</para>
</listitem>
</orderedlist>
</listitem> </listitem>
</varlistentry> </varlistentry>

7
manpages/shorewall-route_rules.xml
View File

@ -77,7 +77,9 @@
<listitem> <listitem>
<para>The rule's numeric <emphasis>priority</emphasis> which <para>The rule's numeric <emphasis>priority</emphasis> which
determines the order in which the rules are processed.</para> determines the order in which the rules are processed. Rules with
equal priority are applied in the order in which they appear in the
file.</para>
<variablelist> <variablelist>
<varlistentry> <varlistentry>
@ -106,9 +108,6 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
<para>Rules with equal priority are applied in the order in which
they appear in the file.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>

114
manpages/shorewall-rules.xml
View File

@ -318,48 +318,52 @@
parameter.</para> parameter.</para>
<para>Example: FTP/ACCEPT.</para> <para>Example: FTP/ACCEPT.</para>
<programlisting></programlisting>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
<para>The <emphasis role="bold">ACTION</emphasis> may optionally be <blockquote>
followed by ":" and a syslog log level (e.g, REJECT:info or <para>The <emphasis role="bold">ACTION</emphasis> may optionally
DNAT:debug). This causes the packet to be logged at the specified be followed by ":" and a syslog log level (e.g, REJECT:info or
level.</para> DNAT:debug). This causes the packet to be logged at the specified
level.</para>
<para>If the <emphasis role="bold">ACTION</emphasis> names an <para>If the <emphasis role="bold">ACTION</emphasis> names an
<emphasis>action</emphasis> defined in shorewall-actions(5) or in <emphasis>action</emphasis> defined in shorewall-actions(5) or in
/usr/share/shorewall/actions.std then:</para> /usr/share/shorewall/actions.std then:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>If the log level is followed by "!' then all rules in the <para>If the log level is followed by "!' then all rules in
action are logged at the log level.</para> the action are logged at the log level.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>If the log level is not followed by "!" then only those <para>If the log level is not followed by "!" then only those
rules in the action that do not specify logging are logged at rules in the action that do not specify logging are logged at
the specified level.</para> the specified level.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>The special log level 'none!' suppresses logging by the <para>The special log level 'none!' suppresses logging by the
action.</para> action.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>You may also specify ULOG (must be in upper case) as a log <para>You may also specify ULOG (must be in upper case) as a log
level.This will log to the ULOG target for routing to a separate log level.This will log to the ULOG target for routing to a separate
through use of ulogd log through use of ulogd
(http://www.gnumonks.org/projects/ulogd).</para> (http://www.gnumonks.org/projects/ulogd).</para>
<para>Actions specifying logging may be followed by a log tag (a <para>Actions specifying logging may be followed by a log tag (a
string of alphanumeric characters) are appended to the string string of alphanumeric characters) are appended to the string
generated by the LOGPREFIX (in shorewall.conf(5)).</para> generated by the LOGPREFIX (in shorewall.conf(5)).</para>
<para>Example: ACCEPT:info:ftp would include 'ftp ' at the end of <para>Example: ACCEPT:info:ftp would include 'ftp ' at the end of
the log prefix generated by the LOGPREFIX setting.</para> the log prefix generated by the LOGPREFIX setting.</para>
</blockquote>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -458,12 +462,14 @@
</varlistentry> </varlistentry>
</variablelist> </variablelist>
<para>Alternatively, clients may be specified by interface by <blockquote>
appending ":" to the zone name followed by the interface name. For <para>Alternatively, clients may be specified by interface by
example, loc:eth1 specifies a client that communicates with the appending ":" to the zone name followed by the interface name. For
firewall system through eth1. This may be optionally followed by example, loc:eth1 specifies a client that communicates with the
another colon (":") and an IP/MAC/subnet address as described above firewall system through eth1. This may be optionally followed by
(e.g., loc:eth1:192.168.1.5).</para> another colon (":") and an IP/MAC/subnet address as described
above (e.g., loc:eth1:192.168.1.5).</para>
</blockquote>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -547,10 +553,12 @@
</varlistentry> </varlistentry>
</variablelist> </variablelist>
<para>if the <emphasis role="bold">ACTION</emphasis> is <emphasis <blockquote>
role="bold">REDIRECT</emphasis>, this column needs only to contain <para>if the <emphasis role="bold">ACTION</emphasis> is <emphasis
the port number on the firewall that the request should be role="bold">REDIRECT</emphasis>, this column needs only to contain
redirected to.</para> the port number on the firewall that the request should be
redirected to.</para>
</blockquote>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -631,21 +639,23 @@
wrong.</para> wrong.</para>
</warning> </warning>
<para>If you don't want to restrict client ports but need to specify <blockquote>
an <emphasis role="bold">ORIGINAL DEST</emphasis> in the next <para>If you don't want to restrict client ports but need to
column, then place "-" in this column.</para> specify an <emphasis role="bold">ORIGINAL DEST</emphasis> in the
next column, then place "-" in this column.</para>
<para>If your kernel contains multi-port match support, then only a <para>If your kernel contains multi-port match support, then only
single Netfilter rule will be generated if in this list and the a single Netfilter rule will be generated if in this list and the
<emphasis role="bold">DEST PORT(S)</emphasis> list above:</para> <emphasis role="bold">DEST PORT(S)</emphasis> list above:</para>
<para>1. There are 15 or less ports listed.</para> <para>1. There are 15 or less ports listed.</para>
<para>2. No port ranges are included or your kernel and iptables <para>2. No port ranges are included or your kernel and iptables
contain extended multiport match support.</para> contain extended multiport match support.</para>
<para>Otherwise, a separate rule will be generated for each <para>Otherwise, a separate rule will be generated for each
port.</para> port.</para>
</blockquote>
</listitem> </listitem>
</varlistentry> </varlistentry>