From 5fc6b9b2ab151d8b1c2da98e60dbd55cebd02398 Mon Sep 17 00:00:00 2001 From: teastep Date: Sat, 27 Jan 2007 18:53:50 +0000 Subject: [PATCH] More fiddling with manpages git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5317 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- manpages/shorewall-interfaces.xml | 8 ++++---- manpages/shorewall-providers.xml | 3 +++ manpages/shorewall-proxyarp.xml | 5 +++-- manpages/shorewall-rules.xml | 24 ++++++++++++++---------- manpages/shorewall-tcclasses.xml | 10 +++++++--- manpages/shorewall-tcdevices.xml | 5 +++-- manpages/shorewall-zones.xml | 28 ++++++++++------------------ 7 files changed, 44 insertions(+), 39 deletions(-) diff --git a/manpages/shorewall-interfaces.xml b/manpages/shorewall-interfaces.xml index 7832d33ce..cc9d8af17 100644 --- a/manpages/shorewall-interfaces.xml +++ b/manpages/shorewall-interfaces.xml @@ -259,9 +259,8 @@ loc eth2 - configured on the incoming interface 2 - reply only if the target IP address is local address - configured on the incoming interface and both with the - sender's IP address are part from same subnet on this - interface + configured on the incoming interface and the sender's IP + address is part from same subnet on this interface 3 - do not reply for local addresses configured with scope host, only resolutions for global and link @@ -327,7 +326,8 @@ loc eth2 - Incoming requests from this interface may be remapped - via UPNP (upnpd). + via UPNP (upnpd). See http://www.shorewall.net/UPnP.html. diff --git a/manpages/shorewall-providers.xml b/manpages/shorewall-providers.xml index c9da4930d..0e5b3eff3 100644 --- a/manpages/shorewall-providers.xml +++ b/manpages/shorewall-providers.xml @@ -42,6 +42,9 @@ Each entry in the file defines a single routing table. + If you wish to omit a column entry but want to include an entry in + the next column, use "-" for the omitted entry. + The columns in the file are as follows. diff --git a/manpages/shorewall-proxyarp.xml b/manpages/shorewall-proxyarp.xml index 55a15d9f5..f4831dcc0 100644 --- a/manpages/shorewall-proxyarp.xml +++ b/manpages/shorewall-proxyarp.xml @@ -51,7 +51,8 @@ interface - External Interface to be used to access this system. + External Interface to be used to access this system from the + Internet. @@ -89,7 +90,7 @@ Yes or yes then the route persists; If the column is empty or contains No or no then the route is deleted at + role="bold">no then the route is deleted by shorewall stop or shorewall clear. diff --git a/manpages/shorewall-rules.xml b/manpages/shorewall-rules.xml index 3f57199ae..b773753b2 100644 --- a/manpages/shorewall-rules.xml +++ b/manpages/shorewall-rules.xml @@ -122,7 +122,7 @@ role="bold">LOG|QUEUE|COMMENT|action|macro[/target}/target]}[:{log-level|none}[!][shorewall-zones(5) or in a parent zone of the source or destination zones, then this connection request will be passed to the rules defined - for that (those) zone(s). + for that (those) zone(s). See shorewall-nesting(5) for + additional information. @@ -366,8 +368,8 @@ You may also specify ULOG (must be in upper case) as a log level.This will log to the ULOG - target for routing to a separate log through use of ulogd - (http://www.gnumonks.org/projects/ulogd). + target for routing to a separate log through use of ulogd (http://www.netfilter.org/projects/ulogd/index.html). Actions specifying logging may be followed by a log tag (a string of alphanumeric characters) which is appended to the string @@ -676,7 +678,7 @@ numbers or port ranges. - Unless you really understand TCP/IP, you should leave this + Unless you really understand IP, you should leave this column empty or place a dash (-) in the column. Most people who try to use this column get it wrong. @@ -738,12 +740,14 @@ It is also possible to specify a set of addresses then exclude part of those addresses. For example, 192.168.1.0/24!192.168.1.16/28 specifies the - addresses 192.168.1.0-182.168.1.15 and - 192.168.1.32-192.168.1.255. + addresses 192.168.1.0-182.168.1.15 and 192.168.1.32-192.168.1.255. + See shorewall-exclusion(5). - See http://shorewall.net/PortKnocking.html for an example of - using an entry in this column with a user-defined action - rule. + See http://shorewall.net/PortKnocking.html + for an example of using an entry in this column with a user-defined + action rule. diff --git a/manpages/shorewall-tcclasses.xml b/manpages/shorewall-tcclasses.xml index 89538deb0..fadd39ec7 100644 --- a/manpages/shorewall-tcclasses.xml +++ b/manpages/shorewall-tcclasses.xml @@ -123,7 +123,9 @@ ppp interfaces, you need to put them all in here! Please note that you can only use interface names in here that - have a bandwidth defined in the tcdevices file + have a bandwidth defined in the shorewall-tcdevices(5) + file @@ -133,8 +135,10 @@ The mark value which is an integer in the - range 1-255. You set mark values in the tcrules file, marking the - traffic you want to fit in the classes defined in here. + range 1-255. You set mark values in the shorewall-tcrules(5) file, + marking the traffic you want to fit in the classes defined in + here. You can use the same marks for different interfaces. diff --git a/manpages/shorewall-tcdevices.xml b/manpages/shorewall-tcdevices.xml index 689f34df8..f8be1ae30 100644 --- a/manpages/shorewall-tcdevices.xml +++ b/manpages/shorewall-tcdevices.xml @@ -137,8 +137,9 @@ The outgoing bandwidth of that interface. This is the maximum speed your connection can handle. It is also the - speed you can refer as "full" if you define the tc classes. Outgoing - traffic above this rate will be dropped. + speed you can refer as "full" if you define the tc classes in shorewall-tcclasses(5). + Outgoing traffic above this rate will be dropped. diff --git a/manpages/shorewall-zones.xml b/manpages/shorewall-zones.xml index f94a27fac..73c07bb67 100644 --- a/manpages/shorewall-zones.xml +++ b/manpages/shorewall-zones.xml @@ -26,19 +26,6 @@ /etc/shorewall/interfaces or /etc/shorewall/hosts. - - The format of this file changed in Shorewall 3.0.0. You can - continue to use your old records provided that you set IPSECFILE=ipsec - in /etc/shorewall/shorewall.conf. This will signal Shorewall that the - IPSEC-related zone options are still specified in /etc/shorewall/ipsec - rather than in this file. - - To use records in the format described below, you must have - IPSECFILE=zones specified in - /etc/shorewall/shorewall.conf AND YOU MUST NOT SET - THE 'FW' VARIABLE IN THAT FILE. - - The columns in the file are as follows. @@ -52,8 +39,10 @@ Name of the zone. The names "all" and "none" are reserved and may not be used as zone names. The maximum length of a zone name is determined by the setting of the LOGFORMAT - option in shorewall.conf. With the default LOGFORMAT, zone names can - be at most 5 characters long. + option in shorewall.conf(5). With the + default LOGFORMAT, zone names can be at most 5 characters + long. Where a zone is nested in one or more other zones, you may follow the (sub)zone name by ":" and a comma-separated list of the @@ -72,7 +61,7 @@ c:a,b ipv4 Currently, Shorewall uses this information to reorder the zone list so that parent zones appear after their subzones in the list. The IMPLICIT_CONTINUE option in shorewall.conf can also create - implicit CONTINUE policies to/from the subzone. + implicit CONTINUE policies to/from the subzone. In the future, Shorewall may make additional use of nesting information. @@ -92,7 +81,8 @@ c:a,b ipv4 default if you leave this column empty or if you enter "-" in the column. Communication with some zone hosts may be encrypted. Encrypted hosts are designated using the - 'ipsec'option in /etc/shorewall/hosts. + 'ipsec'option in shorewall-hosts(5). @@ -127,7 +117,9 @@ c:a,b ipv4 role="bold">,option]...] - A comma-separated list of options. + A comma-separated list of options. With the exception of the + option, these only apply to TYPE + zones.