diff --git a/docs/IPv6Support.xml b/docs/IPv6Support.xml
index f26f9c7ff..e1b558606 100644
--- a/docs/IPv6Support.xml
+++ b/docs/IPv6Support.xml
@@ -400,15 +400,18 @@
Specifying Addresses
+ Shorewall follows the usual convention of distinguishing IPv6
+ address by enclosing them in square brackets ("[" and "]").
+
Anywhere that an address or address list follows a colon
- (":"), the address or list may be enclosed in angled brackets
- ("<" and ">") to improve readability.
+ (":"), the address or list may be enclosed in square brackets to
+ improve readability.
Example (/etc/shorewall6/rules):
#ACTION SOURCE DEST PROTO DEST
# PORT(S)
-ACCEPT net $FW:<2002:ce7c:92b4::3> tcp 22
+ACCEPT net $FW:[2002:ce7c:92b4::3] tcp 22
When the colon is preceeded by an interface name,
the angle brackets are required. This is true
@@ -418,22 +421,28 @@ ACCEPT net $FW:<2002:ce7c:92b4::3> tcp
#ACTION SOURCE DEST PROTO DEST
# PORT(S)
-ACCEPT net:wlan0:<2002:ce7c:92b4::3> tcp 22
+ACCEPT net:wlan0:[2002:ce7c:92b4::3] tcp 22
- Beginning with Shorewall 4.4.6 and 4.5.4, square brackets ("["
- and "]") may also be used.
+ Prior to Shorewall 4.5.4, angled brackets ("<" and ">")
+ were used. While these are still accepted, their use is deprecated
+ in favor of square brackets.
Example (/etc/shorewall6/rules):
#ACTION SOURCE DEST PROTO DEST
# PORT(S)
-ACCEPT net:wlan0:[2002:ce7c:92b4::3] tcp 22
+ACCEPT net:wlan0:<2002:ce7c:92b4::3> tcp 22
Prior to Shorewall 4.5.9, network addresses were required to
be enclosed in either angle brackets or square brackets (e.g.
[2001:470:b:787::/64]). Beginning with Shorewall 4.5.9, the more
common representation that places the VLSM outside the brackets is
- also accepted (e.g., [2001:470:b:787::]/64).
+ accepted and preferred (e.g., [2001:470:b:787::]/64).
+
+ Beginning with Shorewall 4.5.14, the rules compiler translates
+ "<" and ">" to "[" and "]" respectively before parsing. So
+ square brackets may appear in error messages even when angled
+ brackets were used.
diff --git a/docs/Shorewall-Lite.xml b/docs/Shorewall-Lite.xml
index 01faeff2b..5eec0c762 100644
--- a/docs/Shorewall-Lite.xml
+++ b/docs/Shorewall-Lite.xml
@@ -149,20 +149,26 @@
- The /etc/shorewall/shorewall.conf file is
- used to determine the VERBOSITY setting which determines how much
- output the compiler generates. All other settings are taken from the
+ Prior to Shorewall 4.5.8, the
+ /etc/shorewall/shorewall.conf file was used to
+ determine the VERBOSITY setting which determines how much output the
+ compiler generates. All other settings were taken from the
shorewall.conf file in the remote systems
export directory.
- If you want to be able to allow non-root users to manage
- remote firewall systems, then the files
+ Prior to Shorewall 4.5.8, if you want to be able to allow
+ non-root users to manage remote firewall systems, then the files
/etc/shorewall/params and
/etc/shorewall/shorewall.conf must be
readable by all users on the administrative system. Not all
packages secure the files that way and you may have to change the
file permissions yourself.
+
+ Prior to Shorewall 4.5.14,
+ /etc/shorewall/params must be readable by
+ non-root users or each export directory must have its own params
+ file.