Move and correct EXPORTMODULES in shorewall6.conf manpage

2011-04-04 08:32:18 -07:00 · 2011-04-04 08:32:18 -07:00 · 3730283b64
commit 3730283b64
parent 3b0da84b8d
3 changed files with 29 additions and 35 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -2,6 +2,10 @@ Changes in Shorewall 4.4.19 RC 1

 1)  Correct release notes.

+2)  Display mangle table in the output from 'shorewall show tc'.
+
+3)  Exit tcpost early if connection is marked.
+
 Changes in Shorewall 4.4.19 Beta 5

 1)  Fix logical naming and bridge.
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -121,6 +121,16 @@ Beta 1
 5)  A list of protocols is now permitted in the PROTO column of the
    rules file.

+6)  The contents of the Netfilter mangle table are now included in the
+    output from 'shorewall show tc'.
+
+7)  When simple traffic shaping is configured, the postrouting marking
+    chain 'tcpost' is now exited early if the connection was previously
+    marked.
+
+    Note: tcpost is usually deleted by optimization level 4 and its
+    rules appear in the POSTROUTING chain.
+
 ----------------------------------------------------------------------------
             I V.  R E L E A S E  4 . 4  H I G H L I G H T S
 ----------------------------------------------------------------------------
--- a/manpages6/shorewall6.conf.xml
+++ b/manpages6/shorewall6.conf.xml
@ -444,22 +444,23 @@
      </varlistentry>

      <varlistentry>
-        <term><emphasis role="bold">EXPAND_POLICIES=</emphasis>{<emphasis
-        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
+        <term><emphasis role="bold">EXPORTMODULES=</emphasis>[<emphasis
+        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>

        <listitem>
-          <para>Normally, when the SOURCE or DEST columns in
-          shorewall6-policy(5) contains 'all', a single policy chain is
-          created and the policy is enforced in that chain. For example, if
-          the policy entry is<programlisting>#SOURCE DEST POLICY LOG
-#                   LEVEL
-net     all  DROP   info</programlisting>then the chain name is 'net2all'
-          which is also the chain named in Shorewall6 log messages generated
-          as a result of the policy. If EXPAND_POLICIES=Yes, then Shorewall6
-          will create a separate chain for each pair of zones covered by the
-          policy. This makes the resulting log messages easier to interpret
-          since the chain in the messages will have a name of the form 'a2b'
-          where 'a' is the SOURCE zone and 'b' is the DEST zone.</para>
+          <para>Added in Shorewall 4.4.17. When set to Yes when compiling for
+          use by Shorewall6 Lite (<command>shorewall6 load</command>,
+          <command>shorewall6 reload </command>or <command>shorewall6
+          export</command> commands), the compiler will copy the modules or
+          helpers file from the administrative system into the script. When
+          set to No or not specified, the compiler will not copy the modules
+          or helpers file from <filename>/usr/share/shorewall6</filename> but
+          will copy the found in another location on the CONFIG_PATH.</para>
+
+          <para>When compiling for direct use by Shorewall6, causes the
+          contents of the local module or helpers file to be copied into the
+          compiled script. When set to No or not set, the compiled script
+          reads the file itself.</para>
        </listitem>
      </varlistentry>

@ -1492,27 +1493,6 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
        </listitem>
      </varlistentry>

-      <varlistentry>
-        <term><emphasis role="bold">EXPORTMODULES=</emphasis>[<emphasis
-        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
-
-        <listitem>
-          <para>Added in Shorewall 4.4.17. When set to Yes when compiling for
-          use by Shorewall6 LIte (<command>shorewall6 load</command>,
-          <command>shorewall6 reload </command>or <command>shorewall6
-          export</command> commands), the compiler will copy the modules or
-          helpers file from the administrative system into the script. When
-          set to No or not specified, the compiler will not copy the modules
-          or helpers file from <filename>/usr/share/shorewall6</filename> but
-          will copy the found in another location on the CONFIG_PATH.</para>
-
-          <para>When compiling for direct use by Shorewall6, causes the
-          contents of the local module or helpers file to be copied into the
-          compiled script. When set to No or not set, the compiled script
-          reads the file itself.</para>
-        </listitem>
-      </varlistentry>
-
      <varlistentry>
        <term><emphasis
        role="bold">VERBOSITY=</emphasis>[<emphasis>number</emphasis>]</term>