diff --git a/manpages/shorewall-tos.xml b/manpages/shorewall-tos.xml
new file mode 100644
index 000000000..42220b41a
--- /dev/null
+++ b/manpages/shorewall-tos.xml
@@ -0,0 +1,125 @@
+
+
+
+ shorewall-tos
+
+ 5
+
+
+
+ tos
+
+ Shorewall Type of Service rules file
+
+
+
+
+ /etc/shorewall/tos
+
+
+
+
+ Description
+
+ This file defines rules for setting Type Of Service (TOS)
+
+ The columns in the file are as follows.
+
+
+
+ SOURCE
+
+
+ Name of a zone declared in shorewall.zones(5), all or $FW.
+
+ If not all or $FW, may optionally be followed by ":" and an
+ IP address, a MAC address, a subnet specification or the name of an
+ interface.
+
+ Example: loc:192.168.2.3
+
+ MAC addresses must be prefixed with "~" and use "-" as a
+ separator.
+
+ Example: ~00-A0-C9-15-39-78
+
+
+
+
+ DEST
+
+
+ Name of a zone declared in shorewall.zones(5), all or $FW.
+
+ If not all or $FW, may optionally be followed by ":" and an
+ IP address or a subnet specification
+
+ Example: loc:192.168.2.3
+
+
+
+
+ PROTOCOL
+
+
+ Protocol name or number.
+
+
+
+
+ SOURCE PORTS
+
+
+ Source port or port range. If all ports, use "-".
+
+
+
+
+ DEST PORTS
+
+
+ Destination port or port range. If all ports, use "-"
+
+
+
+
+ TOS
+
+
+ Must be one of the following;
+
+ tos-minimize-delay (16)
+ tos-maximize-throughput (8)
+ tos-maximize-reliability (4)
+ tos-minimize-cost (2)
+ tos-normal-service (0)
+
+
+
+
+
+
+ FILES
+
+ /etc/shorewall/tos
+
+
+
+ See ALSO
+
+ shorewall(8), shorewall-accounting(5), shorewall-actions(5),
+ shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
+ shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
+ shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
+ shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
+ shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5),
+ shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
+ shorewall-tcrules(5), shorewall-tunnels(5), shorewall-zones(5)
+
+
\ No newline at end of file
diff --git a/manpages/shorewall-tunnels.xml b/manpages/shorewall-tunnels.xml
new file mode 100644
index 000000000..4b9172068
--- /dev/null
+++ b/manpages/shorewall-tunnels.xml
@@ -0,0 +1,232 @@
+
+
+
+ shorewall-tunnels
+
+ 5
+
+
+
+ tunnels
+
+ Shorewall VPN definition file
+
+
+
+
+ /etc/shorewall/tunnels
+
+
+
+
+ Description
+
+ The columns in the file are as follows.
+
+
+
+ TYPE
+
+
+ Must be ipsec, ipsecnat, ipip, gre,
+ 6to4, pptpclient, pptpserver, openvpn, openvpnclient, openvpnserver or generic
+
+ If the type is ipsec or
+ ipsecnat, it may be followed by
+ :noah to indicate that the
+ Authentication Header protocol (51) is not used by the
+ tunnel.
+
+ If type is openvpn, openvpnclient or openvpnserver it may optionally be followed
+ by ":" and tcp or udp to specify the protocol to be used. If
+ not specified, udp is
+ assumed.
+
+ If type is openvpn, openvpnclient or openvpnserver it may optionally be followed
+ by ":" and the port number used by the tunnel. if no ":" and port
+ number are included, then the default port of 1194 will be used. .
+ Where both the protocol and port are specified, the protocol must be
+ given first (e.g., openvpn:tcp:4444).
+
+ If type is generic, it must
+ be followed by ":" and a protocol name (from /etc/protocols) or a
+ protocol number. If the protocol is tcp or udp
+ (6 or 17), then it may optionally be followed by ":" and a port
+ number.
+
+
+
+
+ ZONE
+
+
+ The zone of the physical interface through which tunnel
+ traffic passes. This is normally your internet zone.
+
+
+
+
+ GATEWAY
+
+
+ The IP address of the remote tunnel gateway. If the remote
+ gateway has no fixed address (Road Warrior) then specify the gateway
+ as 0.0.0.0/0. May be specified as a
+ network address and if your kernel and iptables include iprange
+ match support then IP address ranges are also allowed.
+
+
+
+
+ GATEWAY ZONES (Optional)
+
+
+ If the gateway system specified in the third column is a
+ standalone host then this column should contain a comma-separated
+ list of the names of the zones that the host might be in. This
+ column only applies to IPSEC tunnels where it enables ISAKMP traffic
+ to flow through the tunnel to the remote gateway.
+
+
+
+
+
+
+ Example
+
+
+
+ Example 1:
+
+
+ IPSec tunnel.
+
+ The remote gateway is 4.33.99.124 and the remote subnet is
+ 192.168.9.0/24. The tunnel does not use the AH protocol
+
+ #TYPE ZONE GATEWAY
+ ipsec:noah net 4.33.99.124
+
+
+
+
+ Example 2:
+
+
+ Road Warrior (LapTop that may connect from anywhere) where the
+ "gw" zone is used to represent the remote LapTop
+
+ #TYPE ZONE GATEWAY GATEWAY ZONES
+ ipsec net 0.0.0.0/0 gw
+
+
+
+
+ Example 3:
+
+
+ Host 4.33.99.124 is a standalone system connected via an ipsec
+ tunnel to the firewall system. The host is in zone gw.
+
+ #TYPE ZONE GATEWAY GATEWAY ZONES
+ ipsec net 4.33.99.124 gw
+
+
+
+
+ Example 4:
+
+
+ Road Warriors that may belong to zones vpn1, vpn2 or vpn3. The
+ FreeS/Wan _updown script will add the host to the appropriate zone
+ using the shorewall add command on connect and
+ will remove the host from the zone at disconnect time.
+
+ #TYPE ZONE GATEWAY GATEWAY ZONES
+ ipsec net 0.0.0.0/0 vpn1,vpn2,vpn3
+
+
+
+
+ Example 5:
+
+
+ You run the Linux PPTP client on your firewall and connect to
+ server 192.0.2.221.
+
+ #TYPE ZONE GATEWAY GATEWAY ZONES
+ pptpclient net 192.0.2.221
+
+
+
+
+ Example 6:
+
+
+ You run a PPTP server on your firewall.
+
+ #TYPE ZONE GATEWAY GATEWAY ZONES
+ pptpserver net
+
+
+
+
+ Example 7:
+
+
+ OPENVPN tunnel. The remote gateway is 4.33.99.124 and openvpn
+ uses port 7777.
+
+ #TYPE ZONE GATEWAY GATEWAY ZONES
+ openvpn:7777 net 4.33.99.124
+
+
+
+
+ Example 8:
+
+
+ You have a tunnel that is not one of the supported types. Your
+ tunnel uses UDP port 4444. The other end of the tunnel is
+ 4.3.99.124.
+
+ #TYPE ZONE GATEWAY GATEWAY ZONES
+ generic:udp:4444 net 4.3.99.124
+
+
+
+
+
+
+ FILES
+
+ /etc/shorewall/tunnels
+
+
+
+ See ALSO
+
+ shorewall(8), shorewall-accounting(5), shorewall-actions(5),
+ shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
+ shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
+ shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
+ shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
+ shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5),
+ shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
+ shorewall-tcrules(5), shorewall-tos(5), shorewall-zones(5)
+
+
\ No newline at end of file