From 43d247111e9f5a22a3f43bbb9491e83dd2e69762 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Thu, 18 Jan 2007 18:33:26 +0000
Subject: [PATCH] Add rfc1918 manpage

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5262 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 manpages/shorewall-rfc1918.xml | 100 +++++++++++++++++++++++++++++++++
 manpages/shorewall.conf.xml    |   3 +-
 web/Manpages.html              |   1 +
 3 files changed, 103 insertions(+), 1 deletion(-)
 create mode 100644 manpages/shorewall-rfc1918.xml

diff --git a/manpages/shorewall-rfc1918.xml b/manpages/shorewall-rfc1918.xml
new file mode 100644
index 000000000..a3bf4dcc8
--- /dev/null
+++ b/manpages/shorewall-rfc1918.xml
@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<refentry>
+  <refmeta>
+    <refentrytitle>shorewall-rfc1918</refentrytitle>
+
+    <manvolnum>5</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>rfc1918</refname>
+
+    <refpurpose>Shorewall file</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>/usr/share/shorewall/rfc1918</command>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para>The rfc1918 file determines the handling of connections under the
+    norfc1918 option in <ulink
+    url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5). Do not
+    modify <filename>/usr/share/shorewall/rfc1918</filename>; if you need to
+    change norfc1918 handling, then copy
+    <filename>/usr/share/shorewall/rfc1918</filename> to
+    <filename>/etc/shorewall/rfc1918</filename> and modify the copy.</para>
+
+    <para>The released version of this file logs and drops packets from the
+    three address ranges reserved by RFC 1918:</para>
+
+    <blockquote>
+      <programlisting>10.0.0.0/8
+172.16.0.0/12
+192.168.0.0/16</programlisting>
+    </blockquote>
+
+    <para>The columns in the file are as follows.</para>
+
+    <variablelist>
+      <varlistentry>
+        <term><emphasis role="bold">SUBNET -
+        <replaceable>address</replaceable></emphasis></term>
+
+        <listitem>
+          <para>Subnet address in CIDR format.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><emphasis role="bold">TARGET</emphasis> - {<emphasis
+        role="bold">RETURN</emphasis>|<emphasis
+        role="bold">DROP</emphasis>|<emphasis
+        role="bold">logdrop</emphasis>}</term>
+
+        <listitem>
+          <para><emphasis role="bold">RETURN</emphasis> causes packets to/from
+          the specified subnet to be processed normally by the applicable
+          rules and policies.</para>
+
+          <para><emphasis role="bold">DROP</emphasis> causes packets from the
+          specified subnet to be silently dropped.</para>
+
+          <para><emphasis role="bold">logdrop</emphasis> causes packets from
+          the specified subnet to be logged at the level specified by the
+          RFC1918_LOG_LEVEL option in <ulink
+          url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+
+    <para>Also, please see the RFC1918_STRICT option in <ulink
+    url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
+  </refsect1>
+
+  <refsect1>
+    <title>FILES</title>
+
+    <para>/usr/share/shorewall/rfc1918</para>
+
+    <para>/etc/shorewall/rfc1918</para>
+  </refsect1>
+
+  <refsect1>
+    <title>See ALSO</title>
+
+    <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
+    shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
+    shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
+    shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
+    shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
+    shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5),
+    shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
+    shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
+    shorewall-zones(5)</para>
+  </refsect1>
+</refentry>
\ No newline at end of file
diff --git a/manpages/shorewall.conf.xml b/manpages/shorewall.conf.xml
index 906929a13..6dd9eacca 100644
--- a/manpages/shorewall.conf.xml
+++ b/manpages/shorewall.conf.xml
@@ -963,7 +963,8 @@
           <para>Traditionally, the RETURN target in the 'rfc1918' file has
           caused norfc1918 processing to cease for a packet if the packet's
           source IP address matches the rule. Thus, if you have this entry in
-          /etc/shorewall/rfc1918:</para>
+          <ulink
+          url="shorewall-rfc1918.html">shorewall-rfc1918</ulink>(5):</para>
 
           <programlisting>    #SUBNETS                 TARGET
     192.168.1.0/24           RETURN</programlisting>
diff --git a/web/Manpages.html b/web/Manpages.html
index b05848586..1e4a26665 100644
--- a/web/Manpages.html
+++ b/web/Manpages.html
@@ -50,6 +50,7 @@ your patience.<br>
 <a href="shorewall-policy.html">policy</a><br>
 <a href="shorewall-providers.html">providers</a><br>
 <a href="shorewall-proxyarp.html">proxyarp</a><br>
+<a href="shorewall-rfc1918.html">rfc1918</a><br>
 <a href="shorewall-route_rules.html">route_rules</a><br>
 <a href="shorewall-routestopped.html">routestopped</a><br>
 <a href="shorewall-rules.html">rules</a><br>