diff --git a/Shorewall/manpages/shorewall.xml b/Shorewall/manpages/shorewall.xml index 92ebd4d1f..86f35a73f 100644 --- a/Shorewall/manpages/shorewall.xml +++ b/Shorewall/manpages/shorewall.xml @@ -6,6 +6,8 @@ shorewall 8 + + Administrative Commands @@ -742,9 +744,9 @@ role="bold">v and q. If the options are omitted, the amount of output is determined by the setting of the VERBOSITY parameter in shorewall.conf(5). Each v adds one to the effective verbosity and each - q subtracts one from the effective + url="/manpages/shorewall.conf.html">shorewall.conf(5). Each + v adds one to the effective verbosity and + each q subtracts one from the effective VERBOSITY. Alternatively, v may be followed immediately with one of -1,0,1,2 to specify a specify VERBOSITY. There may be no white-space between v and @@ -784,10 +786,10 @@ Beginning with Shorewall 4.5.9, the dynamic_shared zone option (shorewall-zones(5)) allows a - single ipset to handle entries for multiple interfaces. When that - option is specified for a zone, the add command - has the alternative syntax in which the + url="/manpages/shorewall-zones.html">shorewall-zones(5)) + allows a single ipset to handle entries for multiple interfaces. + When that option is specified for a zone, the add + command has the alternative syntax in which the zone name precedes the host-list. @@ -839,7 +841,8 @@ warning message to be issued if the line current line contains alternative input specifications following a semicolon (";"). Such lines will be handled incorrectly if INLINE_MATCHES is set to Yes in - shorewall.conf(5). + shorewall.conf(5). @@ -912,7 +915,8 @@ warning message to be issued if the line current line contains alternative input specifications following a semicolon (";"). Such lines will be handled incorrectly if INLINE_MATCHES is set to Yes in - shorewall.conf(5). + shorewall.conf(5). @@ -931,11 +935,11 @@ Beginning with Shorewall 4.5.9, the dynamic_shared zone option (shorewall-zones(5)) allows a - single ipset to handle entries for multiple interfaces. When that - option is specified for a zone, the delete - command has the alternative syntax in which the - zone name precedes the + url="/manpages/shorewall-zones.html">shorewall-zones(5)) + allows a single ipset to handle entries for multiple interfaces. + When that option is specified for a zone, the + delete command has the alternative syntax in + which the zone name precedes the host-list. @@ -954,8 +958,8 @@ any optional network interface. interface may be either the logical or physical name of the interface. The command removes any routes added from shorewall-routes(5) and any - traffic shaping configuration for the interface. + url="/manpages/shorewall-routes.html">shorewall-routes(5) + and any traffic shaping configuration for the interface. @@ -1001,8 +1005,9 @@ may be either the logical or physical name of the interface. The command sets /proc entries for the interface, adds any route specified in shorewall-routes(5) and installs - the interface's traffic shaping configuration, if any. + url="/manpages/shorewall-routes.html">shorewall-routes(5) + and installs the interface's traffic shaping configuration, if + any. @@ -1148,7 +1153,8 @@ warning message to be issued if the line current line contains alternative input specifications following a semicolon (";"). Such lines will be handled incorrectly if INLINE_MATCHES is set to Yes in - shorewall.conf(5). + shorewall.conf(5). @@ -1159,7 +1165,8 @@ Causes traffic from the listed addresses to be logged then discarded. Logging occurs at the log level specified by the BLACKLIST_LOGLEVEL setting in shorewall.conf (5). + url="/manpages/shorewall.conf.html">shorewall.conf + (5). @@ -1168,16 +1175,16 @@ Monitors the log file specified by the LOGFILE option in - shorewall.conf(5) and - produces an audible alarm when new Shorewall messages are logged. - The -m option causes the MAC - address of each packet source to be displayed if that information is - available. The refresh-interval specifies - the time in seconds between screen refreshes. You can enter a - negative number by preceding the number with "--" (e.g., - shorewall logwatch -- -30). In this case, when a - packet count changes, you will be prompted to hit any key to resume - screen refreshes. + shorewall.conf(5) + and produces an audible alarm when new Shorewall messages are + logged. The -m option causes the + MAC address of each packet source to be displayed if that + information is available. The + refresh-interval specifies the time in + seconds between screen refreshes. You can enter a negative number by + preceding the number with "--" (e.g., shorewall logwatch -- + -30). In this case, when a packet count changes, you will + be prompted to hit any key to resume screen refreshes. @@ -1188,7 +1195,8 @@ Causes traffic from the listed addresses to be logged then rejected. Logging occurs at the log level specified by the BLACKLIST_LOGLEVEL setting in shorewall.conf (5). + url="/manpages/shorewall.conf.html">shorewall.conf + (5). @@ -1238,7 +1246,8 @@ warning message to be issued if the line current line contains alternative input specifications following a semicolon (";"). Such lines will be handled incorrectly if INLINE_MATCHES is set to Yes in - shorewall.conf(5). + shorewall.conf(5). The - option was added in Shorewall 4.5.3 and causes Shorewall to look in the given @@ -1306,7 +1315,8 @@ warning message to be issued if the line current line contains alternative input specifications following a semicolon (";"). Such lines will be handled incorrectly if INLINE_MATCHES is set to Yes in - shorewall.conf(5). + shorewall.conf(5). @@ -1348,9 +1358,9 @@ The option was added in Shorewall 4.4.20 and performs the compilation step unconditionally, overriding the AUTOMAKE setting in shorewall.conf(5). When both - and are present, the result - is determined by the option that appears last. + url="/manpages/shorewall.conf.html">shorewall.conf(5). When + both and are present, the + result is determined by the option that appears last. The option was added in Shorewall 4.5.3 and causes a Perl stack trace to be included with each @@ -1360,7 +1370,8 @@ warning message to be issued if the line current line contains alternative input specifications following a semicolon (";"). Such lines will be handled incorrectly if INLINE_MATCHES is set to Yes in - shorewall.conf(5). + shorewall.conf(5). @@ -1575,8 +1586,8 @@ Displays the last 20 Shorewall messages from the log file specified by the LOGFILE option in shorewall.conf(5). The - -m option causes the MAC + url="/manpages/shorewall.conf.html">shorewall.conf(5). + The -m option causes the MAC address of each packet source to be displayed if that information is available. @@ -1690,15 +1701,17 @@ Shorewall will look in that directory first for configuration files. If -f is specified, the saved configuration specified by the RESTOREFILE - option in shorewall.conf(5) - will be restored if that saved configuration exists and has been - modified more recently than the files in /etc/shorewall. When - -f is given, a + option in shorewall.conf(5) will + be restored if that saved configuration exists and has been modified + more recently than the files in /etc/shorewall. When -f is given, a directory may not be specified. Update: In Shorewall 4.4.20, a new LEGACY_FASTSTART option was - added to shorewall.conf(5). - When LEGACY_FASTSTART=No, the modification times of files in + added to shorewall.conf(5). When + LEGACY_FASTSTART=No, the modification times of files in /etc/shorewall are compared with that of /var/lib/shorewall/firewall (the compiled script that last started/restarted the firewall). @@ -1713,9 +1726,9 @@ The option was added in Shorewall 4.4.20 and performs the compilation step unconditionally, overriding the AUTOMAKE setting in shorewall.conf(5). When both - and are present, the result - is determined by the option that appears last. + url="/manpages/shorewall.conf.html">shorewall.conf(5). When + both and are present, the + result is determined by the option that appears last. The option was added in Shorewall 4.5.3 and causes a Perl stack trace to be included with each @@ -1725,7 +1738,8 @@ warning message to be issued if the line current line contains alternative input specifications following a semicolon (";"). Such lines will be handled incorrectly if INLINE_MATCHES is set to Yes in - shorewall.conf(5). + shorewall.conf(5). @@ -1737,9 +1751,9 @@ listed in shorewall-routestopped(5) or permitted by the ADMINISABSENTMINDED option in shorewall.conf(5), are taken down. - The only new traffic permitted through the firewall is from systems - listed in shorewall.conf(5), are + taken down. The only new traffic permitted through the firewall is + from systems listed in shorewall-routestopped(5) or by ADMINISABSENTMINDED. @@ -1814,14 +1828,16 @@ The option was added in Shorewall 4.4.26 and causes legacy blacklisting rules (shorewall-blacklist (5) ) to - be converted to entries in the blrules file (shorewall-blrules (5) ). The - blacklist keyword is removed from shorewall-zones (5), shorewall-interfaces (5) and - shorewall-hosts (5). The - unmodified files are saved with a .bak suffix. + url="/manpages/shorewall-blacklist.html">shorewall-blacklist + (5) ) to be converted to entries in the blrules file (shorewall-blrules (5) + ). The blacklist keyword is removed from shorewall-zones (5), + shorewall-interfaces + (5) and shorewall-hosts (5). + The unmodified files are saved with a .bak suffix. The option was added in Shorewall 4.5.11. When this option is specified, the compiler will walk through the @@ -1834,7 +1850,8 @@ warning message to be issued if the line current line contains alternative input specifications following a semicolon (";"). Such lines will be handled incorrectly if INLINE_MATCHES is set to Yes in - shorewall.conf(5). + shorewall.conf(5). For a description of the other options, see the check command above.