forked from extern/shorewall_code
Add <refmiscinfo>...</refmiscinfo>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
d44bc12df3
commit
5a649dc205
@ -6,6 +6,8 @@
|
||||
<refentrytitle>shorewall</refentrytitle>
|
||||
|
||||
<manvolnum>8</manvolnum>
|
||||
|
||||
<refmiscinfo>Administrative Commands</refmiscinfo>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
@ -742,9 +744,9 @@
|
||||
role="bold">v</emphasis> and <emphasis role="bold">q</emphasis>. If the
|
||||
options are omitted, the amount of output is determined by the setting of
|
||||
the VERBOSITY parameter in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). Each <emphasis
|
||||
role="bold">v</emphasis> adds one to the effective verbosity and each
|
||||
<emphasis role="bold">q</emphasis> subtracts one from the effective
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). Each
|
||||
<emphasis role="bold">v</emphasis> adds one to the effective verbosity and
|
||||
each <emphasis role="bold">q</emphasis> subtracts one from the effective
|
||||
VERBOSITY. Alternatively, <emphasis role="bold">v</emphasis> may be
|
||||
followed immediately with one of -1,0,1,2 to specify a specify VERBOSITY.
|
||||
There may be no white-space between <emphasis role="bold">v</emphasis> and
|
||||
@ -784,10 +786,10 @@
|
||||
|
||||
<para>Beginning with Shorewall 4.5.9, the <emphasis
|
||||
role="bold">dynamic_shared</emphasis> zone option (<ulink
|
||||
url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5)) allows a
|
||||
single ipset to handle entries for multiple interfaces. When that
|
||||
option is specified for a zone, the <command>add</command> command
|
||||
has the alternative syntax in which the
|
||||
url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5))
|
||||
allows a single ipset to handle entries for multiple interfaces.
|
||||
When that option is specified for a zone, the <command>add</command>
|
||||
command has the alternative syntax in which the
|
||||
<replaceable>zone</replaceable> name precedes the
|
||||
<replaceable>host-list</replaceable>.</para>
|
||||
</listitem>
|
||||
@ -839,7 +841,8 @@
|
||||
warning message to be issued if the line current line contains
|
||||
alternative input specifications following a semicolon (";"). Such
|
||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||
<ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
||||
<ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -912,7 +915,8 @@
|
||||
warning message to be issued if the line current line contains
|
||||
alternative input specifications following a semicolon (";"). Such
|
||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||
<ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
||||
<ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -931,11 +935,11 @@
|
||||
|
||||
<para>Beginning with Shorewall 4.5.9, the <emphasis
|
||||
role="bold">dynamic_shared</emphasis> zone option (<ulink
|
||||
url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5)) allows a
|
||||
single ipset to handle entries for multiple interfaces. When that
|
||||
option is specified for a zone, the <command>delete</command>
|
||||
command has the alternative syntax in which the
|
||||
<replaceable>zone</replaceable> name precedes the
|
||||
url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5))
|
||||
allows a single ipset to handle entries for multiple interfaces.
|
||||
When that option is specified for a zone, the
|
||||
<command>delete</command> command has the alternative syntax in
|
||||
which the <replaceable>zone</replaceable> name precedes the
|
||||
<replaceable>host-list</replaceable>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -954,8 +958,8 @@
|
||||
any optional network interface. <replaceable>interface</replaceable>
|
||||
may be either the logical or physical name of the interface. The
|
||||
command removes any routes added from <ulink
|
||||
url="/manpages/shorewall-routes.html">shorewall-routes</ulink>(5) and any
|
||||
traffic shaping configuration for the interface.</para>
|
||||
url="/manpages/shorewall-routes.html">shorewall-routes</ulink>(5)
|
||||
and any traffic shaping configuration for the interface.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1001,8 +1005,9 @@
|
||||
may be either the logical or physical name of the interface. The
|
||||
command sets <filename>/proc</filename> entries for the interface,
|
||||
adds any route specified in <ulink
|
||||
url="/manpages/shorewall-routes.html">shorewall-routes</ulink>(5) and installs
|
||||
the interface's traffic shaping configuration, if any.</para>
|
||||
url="/manpages/shorewall-routes.html">shorewall-routes</ulink>(5)
|
||||
and installs the interface's traffic shaping configuration, if
|
||||
any.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1148,7 +1153,8 @@
|
||||
warning message to be issued if the line current line contains
|
||||
alternative input specifications following a semicolon (";"). Such
|
||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||
<ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
||||
<ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1159,7 +1165,8 @@
|
||||
<para>Causes traffic from the listed <emphasis>address</emphasis>es
|
||||
to be logged then discarded. Logging occurs at the log level
|
||||
specified by the BLACKLIST_LOGLEVEL setting in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink> (5).</para>
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>
|
||||
(5).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1168,16 +1175,16 @@
|
||||
|
||||
<listitem>
|
||||
<para>Monitors the log file specified by the LOGFILE option in
|
||||
<ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) and
|
||||
produces an audible alarm when new Shorewall messages are logged.
|
||||
The <emphasis role="bold">-m</emphasis> option causes the MAC
|
||||
address of each packet source to be displayed if that information is
|
||||
available. The <replaceable>refresh-interval</replaceable> specifies
|
||||
the time in seconds between screen refreshes. You can enter a
|
||||
negative number by preceding the number with "--" (e.g.,
|
||||
<command>shorewall logwatch -- -30</command>). In this case, when a
|
||||
packet count changes, you will be prompted to hit any key to resume
|
||||
screen refreshes.</para>
|
||||
<ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||
and produces an audible alarm when new Shorewall messages are
|
||||
logged. The <emphasis role="bold">-m</emphasis> option causes the
|
||||
MAC address of each packet source to be displayed if that
|
||||
information is available. The
|
||||
<replaceable>refresh-interval</replaceable> specifies the time in
|
||||
seconds between screen refreshes. You can enter a negative number by
|
||||
preceding the number with "--" (e.g., <command>shorewall logwatch --
|
||||
-30</command>). In this case, when a packet count changes, you will
|
||||
be prompted to hit any key to resume screen refreshes.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1188,7 +1195,8 @@
|
||||
<para>Causes traffic from the listed <emphasis>address</emphasis>es
|
||||
to be logged then rejected. Logging occurs at the log level
|
||||
specified by the BLACKLIST_LOGLEVEL setting in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink> (5).</para>
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>
|
||||
(5).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1238,7 +1246,8 @@
|
||||
warning message to be issued if the line current line contains
|
||||
alternative input specifications following a semicolon (";"). Such
|
||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||
<ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
||||
<ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
||||
|
||||
<para>The -<option>D</option> option was added in Shorewall 4.5.3
|
||||
and causes Shorewall to look in the given
|
||||
@ -1306,7 +1315,8 @@
|
||||
warning message to be issued if the line current line contains
|
||||
alternative input specifications following a semicolon (";"). Such
|
||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||
<ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
||||
<ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1348,9 +1358,9 @@
|
||||
<para>The <option>-c</option> option was added in Shorewall 4.4.20
|
||||
and performs the compilation step unconditionally, overriding the
|
||||
AUTOMAKE setting in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). When both
|
||||
<option>-f</option> and <option>-c</option>are present, the result
|
||||
is determined by the option that appears last.</para>
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). When
|
||||
both <option>-f</option> and <option>-c</option>are present, the
|
||||
result is determined by the option that appears last.</para>
|
||||
|
||||
<para>The <option>-T</option> option was added in Shorewall 4.5.3
|
||||
and causes a Perl stack trace to be included with each
|
||||
@ -1360,7 +1370,8 @@
|
||||
warning message to be issued if the line current line contains
|
||||
alternative input specifications following a semicolon (";"). Such
|
||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||
<ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
||||
<ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1575,8 +1586,8 @@
|
||||
<listitem>
|
||||
<para>Displays the last 20 Shorewall messages from the log
|
||||
file specified by the LOGFILE option in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). The
|
||||
<emphasis role="bold">-m</emphasis> option causes the MAC
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).
|
||||
The <emphasis role="bold">-m</emphasis> option causes the MAC
|
||||
address of each packet source to be displayed if that
|
||||
information is available.</para>
|
||||
</listitem>
|
||||
@ -1690,15 +1701,17 @@
|
||||
Shorewall will look in that <emphasis>directory</emphasis> first for
|
||||
configuration files. If <emphasis role="bold">-f</emphasis> is
|
||||
specified, the saved configuration specified by the RESTOREFILE
|
||||
option in <ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||
will be restored if that saved configuration exists and has been
|
||||
modified more recently than the files in /etc/shorewall. When
|
||||
<emphasis role="bold">-f</emphasis> is given, a
|
||||
option in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) will
|
||||
be restored if that saved configuration exists and has been modified
|
||||
more recently than the files in /etc/shorewall. When <emphasis
|
||||
role="bold">-f</emphasis> is given, a
|
||||
<replaceable>directory</replaceable> may not be specified.</para>
|
||||
|
||||
<para>Update: In Shorewall 4.4.20, a new LEGACY_FASTSTART option was
|
||||
added to <ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).
|
||||
When LEGACY_FASTSTART=No, the modification times of files in
|
||||
added to <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). When
|
||||
LEGACY_FASTSTART=No, the modification times of files in
|
||||
/etc/shorewall are compared with that of /var/lib/shorewall/firewall
|
||||
(the compiled script that last started/restarted the
|
||||
firewall).</para>
|
||||
@ -1713,9 +1726,9 @@
|
||||
<para>The <option>-c</option> option was added in Shorewall 4.4.20
|
||||
and performs the compilation step unconditionally, overriding the
|
||||
AUTOMAKE setting in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). When both
|
||||
<option>-f</option> and <option>-c</option>are present, the result
|
||||
is determined by the option that appears last.</para>
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). When
|
||||
both <option>-f</option> and <option>-c</option>are present, the
|
||||
result is determined by the option that appears last.</para>
|
||||
|
||||
<para>The <option>-T</option> option was added in Shorewall 4.5.3
|
||||
and causes a Perl stack trace to be included with each
|
||||
@ -1725,7 +1738,8 @@
|
||||
warning message to be issued if the line current line contains
|
||||
alternative input specifications following a semicolon (";"). Such
|
||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||
<ulink url="/manpages/shorewall.conf.html">shorewall.conf(5)</ulink>.</para>
|
||||
<ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf(5)</ulink>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1737,9 +1751,9 @@
|
||||
listed in <ulink
|
||||
url="/manpages/shorewall-routestopped.html">shorewall-routestopped</ulink>(5)
|
||||
or permitted by the ADMINISABSENTMINDED option in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5), are taken down.
|
||||
The only new traffic permitted through the firewall is from systems
|
||||
listed in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5), are
|
||||
taken down. The only new traffic permitted through the firewall is
|
||||
from systems listed in <ulink
|
||||
url="/manpages/shorewall-routestopped.html">shorewall-routestopped</ulink>(5)
|
||||
or by ADMINISABSENTMINDED.</para>
|
||||
|
||||
@ -1814,14 +1828,16 @@
|
||||
|
||||
<para>The <option>-b</option> option was added in Shorewall 4.4.26
|
||||
and causes legacy blacklisting rules (<ulink
|
||||
url="/manpages/shorewall-blacklist.html">shorewall-blacklist</ulink> (5) ) to
|
||||
be converted to entries in the blrules file (<ulink
|
||||
url="/manpages/shorewall-blrules.html">shorewall-blrules</ulink> (5) ). The
|
||||
blacklist keyword is removed from <ulink
|
||||
url="/manpages/shorewall-zones.html">shorewall-zones</ulink> (5), <ulink
|
||||
url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink> (5) and
|
||||
<ulink url="/manpages/shorewall-hosts.html">shorewall-hosts</ulink> (5). The
|
||||
unmodified files are saved with a .bak suffix.</para>
|
||||
url="/manpages/shorewall-blacklist.html">shorewall-blacklist</ulink>
|
||||
(5) ) to be converted to entries in the blrules file (<ulink
|
||||
url="/manpages/shorewall-blrules.html">shorewall-blrules</ulink> (5)
|
||||
). The blacklist keyword is removed from <ulink
|
||||
url="/manpages/shorewall-zones.html">shorewall-zones</ulink> (5),
|
||||
<ulink
|
||||
url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>
|
||||
(5) and <ulink
|
||||
url="/manpages/shorewall-hosts.html">shorewall-hosts</ulink> (5).
|
||||
The unmodified files are saved with a .bak suffix.</para>
|
||||
|
||||
<para>The <option>-D</option> option was added in Shorewall 4.5.11.
|
||||
When this option is specified, the compiler will walk through the
|
||||
@ -1834,7 +1850,8 @@
|
||||
warning message to be issued if the line current line contains
|
||||
alternative input specifications following a semicolon (";"). Such
|
||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
||||
<ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
||||
<ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
||||
|
||||
<para>For a description of the other options, see the <emphasis
|
||||
role="bold">check</emphasis> command above.</para>
|
||||
|
Loading…
Reference in New Issue
Block a user