Merge branch 'master' of ssh://teastep@shorewall.git.sourceforge.net/gitroot/shorewall

Shorewall/Macros/macro.template

@@ -365,7 +365,4 @@ FORMAT 2
 #######################################################################################################
 #ACTION		SOURCE		DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/	ORIGINAL
 #						PORT(S)	PORT(S)	DEST		LIMIT	GROUP   DEST
-# Don't delete the next line
-FORMAT 2
-# Add your rules below
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

docs/Macros.xml

@@ -426,6 +426,45 @@ ACCEPT           fw       loc             tcp      135,139,445</programlisting>
         port.</para>
       </listitem>
 
+      <listitem>
+        <para>ORIGINAL DEST (Shorewall-perl 4.2.0 and later)</para>
+
+        <para>To use this column, you must include 'FORMAT 2' as the first
+        non-comment line in your macro file.</para>
+
+        <para>If ACTION is DNAT[-] or REDIRECT[-] then if this column is
+        included and is different from the IP address given in the SERVER
+        column, then connections destined for that address will be forwarded
+        to the IP and port specified in the DEST column.</para>
+
+        <para>A comma-separated list of addresses may also be used. This is
+        most useful with the REDIRECT target where you want to redirect
+        traffic destined for particular set of hosts. Finally, if the list of
+        addresses begins with "!" (exclusion) then the rule will be followed
+        only if the original destination address in the connection request
+        does not match any of the addresses listed.</para>
+
+        <para>For other actions, this column may be included and may contain
+        one or more addresses (host or network) separated by commas. Address
+        ranges are not allowed. When this column is supplied, rules are
+        generated that require that the original destination address matches
+        one of the listed addresses. This feature is most useful when you want
+        to generate a filter rule that corresponds to a DNAT- or REDIRECT-
+        rule. In this usage, the list of addresses should not begin with
+        "!".</para>
+
+        <para>It is also possible to specify a set of addresses then exclude
+        part of those addresses. For example, 192.168.1.0/24!192.168.1.16/28
+        specifies the addresses 192.168.1.0-182.168.1.15 and
+        192.168.1.32-192.168.1.255. See <ulink
+        url="manpages/shorewall_exclusion.html">shorewall-exclusion</ulink>(5).</para>
+
+        <para>See <ulink
+        url="http://shorewall.net/PortKnocking.html">http://shorewall.net/PortKnocking.html</ulink>
+        for an example of using an entry in this column with a user-defined
+        action rule.</para>
+      </listitem>
+
       <listitem>
         <para>RATE LIMIT - You may rate-limit the rule by placing a value in
         this column:</para>

tools/build/buildshorewall

@@ -889,7 +889,7 @@ if [ -n "${BUILDXML}${BUILDHTML}" ]; then
     if [ -n "$MANPAGE6TAG" ]; then
 	progress_message "Exporting $MANPAGE6TAG from SVN..."
 	do_or_die "svn export --non-interactive --force ${SVN}/$MANPAGE6TAG manpages >> $LOGFILE 2>&1"
-	do_or_die mv manpages/* manpages6.save/
+	do_or_die mv manpages manpages6.save/
     fi
 
     progress_message "Exporting $LITEMANPAGETAG from SVN..."