holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

More 'shorewall' manpage updates

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4899 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-11-17 15:47:07 +00:00
parent 90846ee683
commit 66727c93b3
2 changed files with 205 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
manpages/shorewall.conf.xml Normal file
View File

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="UTF-8"?>
<refentry>
<refmeta>
<refentrytitle>shorewall.conf</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>
<refnamediv>
<refname>shorewall.conf</refname>
<refpurpose>Shorewall global configuration file</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>/etc/shorewall/shorewall.conf</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para>This file sets options that apply to Shorewall as a whole.</para>
<para>The file consists of Shell comments (lines beginning with '#'),
blank lines and assignment statements
(<emphasis>variable</emphasis>=<emphasis>value</emphasis>). Each
variable's setting is preceded by comments that describe the variable and
it's effect.</para>
</refsect1>
<refsect1>
<title>FILES</title>
<para>/etc/shorewall/shorewall.conf</para>
</refsect1>
<refsect1>
<title>See ALSO</title>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5),
shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</para>
</refsect1>
</refentry>

161
manpages/shorewall.xml
View File

@ -188,6 +188,8 @@
<arg>directory</arg>
<arg choice="plain">system</arg>
<arg></arg>
</cmdsynopsis>
<cmdsynopsis>
@ -333,9 +335,8 @@
<command>show</command>
<group choice="req">
<option>actions|classifiers|connectionsconfig|macros|zones</option>
</group>
<arg
choice="req"><option>actions|classifiers|connections|config|macros|zones</option></arg>
</cmdsynopsis>
<cmdsynopsis>
@ -347,9 +348,17 @@
<arg><option>-x</option></arg>
<group choice="req">
<option>nat|tos|mangle|nat</option>
</group>
<arg choice="req"><option>mangle|nat</option></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>shorewall</command>
<arg>-options</arg>
<command>show</command>
<arg choice="plain"><option>tc</option></arg>
</cmdsynopsis>
<cmdsynopsis>
@ -522,6 +531,15 @@
<listitem>
<para>The delete command reverses the effect of an earlier <emphasis
role="bold">add</emphasis> command.</para>
<para>The <emphasis>interface</emphasis> argument names an interface
defined in the shorewall-interfaces(5) file. A
<emphasis>host-list</emphasis> is comma-separated list whose
elements are:</para>
<programlisting> A host or network address
The name of a bridge port
The name of a bridge port followed by a colon (:) and a host or network address</programlisting>
</listitem>
</varlistentry>
@ -554,7 +572,7 @@
<listitem>
<para>If <emphasis>directory1</emphasis> is omitted, the current
working directory is assumed. </para>
working directory is assumed.</para>
<para>Allows a non-root user to compile a shorewall script and stage
it on a system (provided that the user has access to the system via
@ -855,6 +873,24 @@
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">classifiers</emphasis></term>
<listitem>
<para>Displays information about the packet classifiers
defined on the system as a result of traffic shaping
configuration.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">config</emphasis></term>
<listitem>
<para>Dispays distribution-specific defaults.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">connections</emphasis></term>
@ -863,9 +899,120 @@
the firewall.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">macros</emphasis></term>
<listitem>
<para>Displays information about each macro defined on the
firewall system.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">mangle</emphasis></term>
<listitem>
<para>Displays the Netfilter mangle table using the command
<emphasis role="bold">iptables -t mangle -L -n -v</emphasis>.
The <emphasis role="bold">-x</emphasis> option is passed
directly through to iptables.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">nat</emphasis></term>
<listitem>
<para>Displays the Netfilter nat table using the command
<emphasis role="bold">iptables -t nat -L -n -v</emphasis>. The
<emphasis role="bold">-x</emphasis> option is passed directly
through to iptables.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">tc</emphasis></term>
<listitem>
<para>Displays information about queuing disciplines, classes
and filters.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">zones</emphasis></term>
<listitem>
<para>Displays the current composition of the Shorewall zones
on the system.</para>
</listitem>
</varlistentry>
</variablelist>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">start</emphasis></term>
<listitem>
<para>Start shorewall. Existing connections through shorewall
managed interfaces are untouched. New connections will be allowed
only if they are allowed by the firewall rules or policies. If a
<emphasis>directory</emphasis> is included in the command, Shorewall
will look in that <emphasis>directory</emphasis> first for
configuration files.If <emphasis role="bold">-f</emphasis> is
specified, the saved configuration specified by the RESTOREFILE
option in shorewall.conf(5) will be restored if that saved
configuration exists and has been modified more recently than the
files in /etc/shorewall.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">stop</emphasis></term>
<listitem>
<para>Stops the firewall. All existing connections, except those
listed in shorewall-routestopped(5) or permitted by the
ADMINISABSENTMINDED option in shorewall.conf(5), are taken down. The
only new traffic permitted through the firewall is from systems
listed in shorewall-routestopped(5) or by
ADMINISABSENTMINDED.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">status</emphasis></term>
<listitem>
<para>Produces a short report about the state of the
Shorewall-configured firewall.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">try</emphasis> (Deprecated)</term>
<listitem>
<para>Restart shorewall using the specified configuration. If an
error occurs during the restart, then another <emphasis
role="bold">shorewall restart</emphasis> is performed using the
default configuration. If a timeout is specified then the restart is
always performed after the timeout occurs and uses the default
configuration. When restarting using the default configuration, if
the default restore script (as specified by the RESTOREFILE setting
in shorewall.conf(5) exists. then that script is used.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">version</emphasis></term>
<listitem>
<para>Displays Shorewall.s version.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>