More 'shorewall' manpage updates

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4899 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

manpages/shorewall.conf.xml

@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<refentry>
+  <refmeta>
+    <refentrytitle>shorewall.conf</refentrytitle>
+
+    <manvolnum>5</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>shorewall.conf</refname>
+
+    <refpurpose>Shorewall global configuration file</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>/etc/shorewall/shorewall.conf</command>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para>This file sets options that apply to Shorewall as a whole.</para>
+
+    <para>The file consists of Shell comments (lines beginning with '#'),
+    blank lines and assignment statements
+    (<emphasis>variable</emphasis>=<emphasis>value</emphasis>). Each
+    variable's setting is preceded by comments that describe the variable and
+    it's effect.</para>
+  </refsect1>
+
+  <refsect1>
+    <title>FILES</title>
+
+    <para>/etc/shorewall/shorewall.conf</para>
+  </refsect1>
+
+  <refsect1>
+    <title>See ALSO</title>
+
+    <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
+    shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
+    shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
+    shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
+    shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
+    shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5),
+    shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
+    shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</para>
+  </refsect1>
+</refentry>

manpages/shorewall.xml

@@ -188,6 +188,8 @@
       <arg>directory</arg>
 
       <arg choice="plain">system</arg>
+
+      <arg></arg>
     </cmdsynopsis>
 
     <cmdsynopsis>
@@ -333,9 +335,8 @@
 
       <command>show</command>
 
-      <group choice="req">
+      <arg
-        <option>actions|classifiers|connectionsconfig|macros|zones</option>
+      choice="req"><option>actions|classifiers|connections|config|macros|zones</option></arg>
-      </group>
     </cmdsynopsis>
 
     <cmdsynopsis>
@@ -347,9 +348,17 @@
 
       <arg><option>-x</option></arg>
 
-      <group choice="req">
+      <arg choice="req"><option>mangle|nat</option></arg>
-        <option>nat|tos|mangle|nat</option>
+    </cmdsynopsis>
-      </group>
+
+    <cmdsynopsis>
+      <command>shorewall</command>
+
+      <arg>-options</arg>
+
+      <command>show</command>
+
+      <arg choice="plain"><option>tc</option></arg>
     </cmdsynopsis>
 
     <cmdsynopsis>
@@ -522,6 +531,15 @@
         <listitem>
           <para>The delete command reverses the effect of an earlier <emphasis
           role="bold">add</emphasis> command.</para>
+
+          <para>The <emphasis>interface</emphasis> argument names an interface
+          defined in the shorewall-interfaces(5) file. A
+          <emphasis>host-list</emphasis> is comma-separated list whose
+          elements are:</para>
+
+          <programlisting>        A host or network address
+        The name of a bridge port
+        The name of a bridge port followed by a colon (:) and a host or network address</programlisting>
         </listitem>
       </varlistentry>
 
@@ -554,7 +572,7 @@
 
         <listitem>
           <para>If <emphasis>directory1</emphasis> is omitted, the current
-          working directory is assumed. </para>
+          working directory is assumed.</para>
 
           <para>Allows a non-root user to compile a shorewall script and stage
           it on a system (provided that the user has access to the system via
@@ -855,6 +873,24 @@
               </listitem>
             </varlistentry>
 
+            <varlistentry>
+              <term><emphasis role="bold">classifiers</emphasis></term>
+
+              <listitem>
+                <para>Displays information about the packet classifiers
+                defined on the system as a result of traffic shaping
+                configuration.</para>
+              </listitem>
+            </varlistentry>
+
+            <varlistentry>
+              <term><emphasis role="bold">config</emphasis></term>
+
+              <listitem>
+                <para>Dispays distribution-specific defaults.</para>
+              </listitem>
+            </varlistentry>
+
             <varlistentry>
               <term><emphasis role="bold">connections</emphasis></term>
 
@@ -863,9 +899,120 @@
                 the firewall.</para>
               </listitem>
             </varlistentry>
+
+            <varlistentry>
+              <term><emphasis role="bold">macros</emphasis></term>
+
+              <listitem>
+                <para>Displays information about each macro defined on the
+                firewall system.</para>
+              </listitem>
+            </varlistentry>
+
+            <varlistentry>
+              <term><emphasis role="bold">mangle</emphasis></term>
+
+              <listitem>
+                <para>Displays the Netfilter mangle table using the command
+                <emphasis role="bold">iptables -t mangle -L -n -v</emphasis>.
+                The <emphasis role="bold">-x</emphasis> option is passed
+                directly through to iptables.</para>
+              </listitem>
+            </varlistentry>
+
+            <varlistentry>
+              <term><emphasis role="bold">nat</emphasis></term>
+
+              <listitem>
+                <para>Displays the Netfilter nat table using the command
+                <emphasis role="bold">iptables -t nat -L -n -v</emphasis>. The
+                <emphasis role="bold">-x</emphasis> option is passed directly
+                through to iptables.</para>
+              </listitem>
+            </varlistentry>
+
+            <varlistentry>
+              <term><emphasis role="bold">tc</emphasis></term>
+
+              <listitem>
+                <para>Displays information about queuing disciplines, classes
+                and filters.</para>
+              </listitem>
+            </varlistentry>
+
+            <varlistentry>
+              <term><emphasis role="bold">zones</emphasis></term>
+
+              <listitem>
+                <para>Displays the current composition of the Shorewall zones
+                on the system.</para>
+              </listitem>
+            </varlistentry>
           </variablelist>
         </listitem>
       </varlistentry>
+
+      <varlistentry>
+        <term><emphasis role="bold">start</emphasis></term>
+
+        <listitem>
+          <para>Start shorewall. Existing connections through shorewall
+          managed interfaces are untouched. New connections will be allowed
+          only if they are allowed by the firewall rules or policies. If a
+          <emphasis>directory</emphasis> is included in the command, Shorewall
+          will look in that <emphasis>directory</emphasis> first for
+          configuration files.If <emphasis role="bold">-f</emphasis> is
+          specified, the saved configuration specified by the RESTOREFILE
+          option in shorewall.conf(5) will be restored if that saved
+          configuration exists and has been modified more recently than the
+          files in /etc/shorewall.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><emphasis role="bold">stop</emphasis></term>
+
+        <listitem>
+          <para>Stops the firewall. All existing connections, except those
+          listed in shorewall-routestopped(5) or permitted by the
+          ADMINISABSENTMINDED option in shorewall.conf(5), are taken down. The
+          only new traffic permitted through the firewall is from systems
+          listed in shorewall-routestopped(5) or by
+          ADMINISABSENTMINDED.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><emphasis role="bold">status</emphasis></term>
+
+        <listitem>
+          <para>Produces a short report about the state of the
+          Shorewall-configured firewall.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><emphasis role="bold">try</emphasis> (Deprecated)</term>
+
+        <listitem>
+          <para>Restart shorewall using the specified configuration. If an
+          error occurs during the restart, then another <emphasis
+          role="bold">shorewall restart</emphasis> is performed using the
+          default configuration. If a timeout is specified then the restart is
+          always performed after the timeout occurs and uses the default
+          configuration. When restarting using the default configuration, if
+          the default restore script (as specified by the RESTOREFILE setting
+          in shorewall.conf(5) exists. then that script is used.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><emphasis role="bold">version</emphasis></term>
+
+        <listitem>
+          <para>Displays Shorewall.s version.</para>
+        </listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>