holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

More fiddling with manpages

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5317 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-01-27 18:53:50 +00:00
parent fc1cfcbfaf
commit 5fc6b9b2ab
7 changed files with 44 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
manpages/shorewall-interfaces.xml
View File

@ -259,9 +259,8 @@ loc eth2 -</programlisting>
configured on the incoming interface</para>
<para>2 - reply only if the target IP address is local address
configured on the incoming interface and both with the
sender's IP address are part from same subnet on this
interface</para>
configured on the incoming interface and the sender's IP
address is part from same subnet on this interface</para>
<para>3 - do not reply for local addresses configured with
scope host, only resolutions for global and link</para>
@ -327,7 +326,8 @@ loc eth2 -</programlisting>
<listitem>
<para>Incoming requests from this interface may be remapped
via UPNP (upnpd).</para>
via UPNP (upnpd). See <ulink
url="../UPnP.html">http://www.shorewall.net/UPnP.html</ulink>.</para>
</listitem>
</varlistentry>
</variablelist>

3
manpages/shorewall-providers.xml
View File

@ -42,6 +42,9 @@
<para>Each entry in the file defines a single routing table.</para>
<para>If you wish to omit a column entry but want to include an entry in
the next column, use "-" for the omitted entry.</para>
<para>The columns in the file are as follows.</para>
<variablelist>

5
manpages/shorewall-proxyarp.xml
View File

@ -51,7 +51,8 @@
<emphasis>interface</emphasis></term>
<listitem>
<para>External Interface to be used to access this system.</para>
<para>External Interface to be used to access this system from the
Internet.</para>
</listitem>
</varlistentry>
@ -89,7 +90,7 @@
<emphasis role="bold">Yes</emphasis> or <emphasis
role="bold">yes</emphasis> then the route persists; If the column is
empty or contains <emphasis role="bold">No</emphasis> or <emphasis
role="bold">no</emphasis> then the route is deleted at
role="bold">no</emphasis> then the route is deleted by
<command>shorewall stop</command> or <command>shorewall
clear</command>.</para>
</listitem>

24
manpages/shorewall-rules.xml
View File

@ -122,7 +122,7 @@
role="bold">LOG</emphasis>|<emphasis
role="bold">QUEUE</emphasis>|<emphasis
role="bold">COMMENT</emphasis>|<emphasis>action</emphasis>|<emphasis>macro</emphasis>[<emphasis
role="bold">/</emphasis><emphasis>target</emphasis>}<emphasis
role="bold">/</emphasis><emphasis>target</emphasis>]}<emphasis
role="bold">[:</emphasis>{<emphasis>log-level</emphasis>|<emphasis
role="bold">none</emphasis>}[<emphasis role="bold"><emphasis
role="bold">!</emphasis></emphasis>][<emphasis
@ -261,7 +261,9 @@
<ulink url="shorewall-zones.html">shorewall-zones</ulink>(5)
or in a parent zone of the source or destination zones, then
this connection request will be passed to the rules defined
for that (those) zone(s).</para>
for that (those) zone(s). See <ulink
url="shorewall-nesting.html">shorewall-nesting</ulink>(5) for
additional information.</para>
</listitem>
</varlistentry>
@ -366,8 +368,8 @@
<para>You may also specify <emphasis role="bold">ULOG</emphasis>
(must be in upper case) as a log level.This will log to the ULOG
target for routing to a separate log through use of ulogd
(http://www.gnumonks.org/projects/ulogd).</para>
target for routing to a separate log through use of ulogd (<ulink
url="http://www.netfilter.org/projects/ulogd/index.html">http://www.netfilter.org/projects/ulogd/index.html</ulink>).</para>
<para>Actions specifying logging may be followed by a log tag (a
string of alphanumeric characters) which is appended to the string
@ -676,7 +678,7 @@
numbers or port ranges.</para>
<warning>
<para>Unless you really understand TCP/IP, you should leave this
<para>Unless you really understand IP, you should leave this
column empty or place a dash (<emphasis role="bold">-</emphasis>)
in the column. Most people who try to use this column get it
wrong.</para>
@ -738,12 +740,14 @@
<para>It is also possible to specify a set of addresses then exclude
part of those addresses. For example, <emphasis
role="bold">192.168.1.0/24!192.168.1.16/28</emphasis> specifies the
addresses 192.168.1.0-182.168.1.15 and
192.168.1.32-192.168.1.255.</para>
addresses 192.168.1.0-182.168.1.15 and 192.168.1.32-192.168.1.255.
See <ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5).</para>
<para>See http://shorewall.net/PortKnocking.html for an example of
using an entry in this column with a user-defined action
rule.</para>
<para>See <ulink
url="../PortKnocking.html">http://shorewall.net/PortKnocking.html</ulink>
for an example of using an entry in this column with a user-defined
action rule.</para>
</listitem>
</varlistentry>

10
manpages/shorewall-tcclasses.xml
View File

@ -123,7 +123,9 @@
ppp interfaces, you need to put them all in here!</para>
<para>Please note that you can only use interface names in here that
have a bandwidth defined in the tcdevices file</para>
have a bandwidth defined in the <ulink
url="shorewall-tcdevices.html">shorewall-tcdevices</ulink>(5)
file</para>
</listitem>
</varlistentry>
@ -133,8 +135,10 @@
<listitem>
<para>The mark <emphasis>value</emphasis> which is an integer in the
range 1-255. You set mark values in the tcrules file, marking the
traffic you want to fit in the classes defined in here.</para>
range 1-255. You set mark values in the <ulink
url="shorewall-tcrules.html">shorewall-tcrules</ulink>(5) file,
marking the traffic you want to fit in the classes defined in
here.</para>
<para>You can use the same marks for different interfaces.</para>
</listitem>

5
manpages/shorewall-tcdevices.xml
View File

@ -137,8 +137,9 @@
<listitem>
<para>The outgoing <emphasis>bandwidth</emphasis> of that interface.
This is the maximum speed your connection can handle. It is also the
speed you can refer as "full" if you define the tc classes. Outgoing
traffic above this rate will be dropped.</para>
speed you can refer as "full" if you define the tc classes in <ulink
url="shorewall-tcclasses.html">shorewall-tcclasses</ulink>(5).
Outgoing traffic above this rate will be dropped.</para>
</listitem>
</varlistentry>
</variablelist>

28
manpages/shorewall-zones.xml
View File

@ -26,19 +26,6 @@
<filename>/etc/shorewall/interfaces</filename> or
<filename>/etc/shorewall/hosts</filename>.</para>
<warning>
<para>The format of this file changed in Shorewall 3.0.0. You can
continue to use your old records provided that you set IPSECFILE=ipsec
in /etc/shorewall/shorewall.conf. This will signal Shorewall that the
IPSEC-related zone options are still specified in /etc/shorewall/ipsec
rather than in this file.</para>
<para>To use records in the format described below, you must have
IPSECFILE=zones specified in
<filename>/etc/shorewall/shorewall.conf</filename> AND YOU MUST NOT SET
THE 'FW' VARIABLE IN THAT FILE.</para>
</warning>
<para>The columns in the file are as follows.</para>
<variablelist>
@ -52,8 +39,10 @@
<para>Name of the <emphasis>zone</emphasis>. The names "all" and
"none" are reserved and may not be used as zone names. The maximum
length of a zone name is determined by the setting of the LOGFORMAT
option in shorewall.conf. With the default LOGFORMAT, zone names can
be at most 5 characters long.</para>
option in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5). With the
default LOGFORMAT, zone names can be at most 5 characters
long.</para>
<para>Where a zone is nested in one or more other zones, you may
follow the (sub)zone name by ":" and a comma-separated list of the
@ -72,7 +61,7 @@ c:a,b ipv4</programlisting>
<para>Currently, Shorewall uses this information to reorder the zone
list so that parent zones appear after their subzones in the list.
The IMPLICIT_CONTINUE option in shorewall.conf can also create
implicit CONTINUE policies to/from the subzone. </para>
implicit CONTINUE policies to/from the subzone.</para>
<para>In the future, Shorewall may make additional use of nesting
information.</para>
@ -92,7 +81,8 @@ c:a,b ipv4</programlisting>
default if you leave this column empty or if you enter "-" in
the column. Communication with some zone hosts may be
encrypted. Encrypted hosts are designated using the
'ipsec'option in /etc/shorewall/hosts.</para>
'ipsec'option in <ulink
url="shorewall-hosts.html">shorewall-hosts</ulink>(5).</para>
</listitem>
</varlistentry>
@ -127,7 +117,9 @@ c:a,b ipv4</programlisting>
role="bold">,</emphasis><emphasis>option</emphasis>]...]</term>
<listitem>
<para>A comma-separated list of options.</para>
<para>A comma-separated list of options. With the exception of the
<option>mss</option> option, these only apply to TYPE
<option>ipsec</option> zones.</para>
<variablelist>
<varlistentry>