diff --git a/Shorewall/manpages/shorewall-interfaces.xml b/Shorewall/manpages/shorewall-interfaces.xml
index 48bbb9bf5..58361014d 100644
--- a/Shorewall/manpages/shorewall-interfaces.xml
+++ b/Shorewall/manpages/shorewall-interfaces.xml
@@ -70,8 +70,7 @@
in this column.
If the interface serves multiple zones that will be defined in
- the shorewall-hosts(5)
+ the shorewall-hosts(5)
file, you should place "-" in this column.If there are multiple interfaces to the same zone, you must
@@ -109,8 +108,8 @@ loc eth2 -
When using Shorewall versions before 4.1.4, care must be
exercised when using wildcards where there is another zone that uses
a matching specific interface. See shorewall-nesting(5)
- for a discussion of this problem.
+ url="shorewall-nesting.html">shorewall-nesting(5) for a
+ discussion of this problem.Shorewall allows '+' as an interface name, but that usage is
deprecated. A better approach is to specify
@@ -370,8 +369,7 @@ loc eth2 -
firewall through this interface and whether the source address
and/or destination address is to be compared against the
ipset-based dynamic blacklist (DYNAMIC_BLACKLIST=ipset... in
- shorewall.conf(5)).
+ shorewall.conf(5)).
The default is determine by the setting of
DYNAMIC_BLACKLIST:
@@ -459,8 +457,8 @@ loc eth2 -
the interface is a simple bridge with a DHCP
- server on one port and DHCP clients on another
+ url="../SimpleBridge.html">simple bridge with a
+ DHCP server on one port and DHCP clients on another
port.
@@ -585,8 +583,8 @@ loc eth2 -
Connection requests from this interface are compared
against the contents of shorewall-maclist(5).
- If this option is specified, the interface must be an Ethernet
+ url="shorewall-maclist.html">shorewall-maclist(5). If
+ this option is specified, the interface must be an Ethernet
NIC and must be up before Shorewall is started.
@@ -650,8 +648,8 @@ loc eth2 -
Smurfs will be optionally logged based on the setting of
SMURF_LOG_LEVEL in shorewall.conf(5).
- After logging, the packets are dropped.
+ url="shorewall.conf.html">shorewall.conf(5). After
+ logging, the packets are dropped.
@@ -659,6 +657,11 @@ loc eth2 -
optional
+ This option indicates that the firewall should be able
+ to start, even if the interface is not usable for handling
+ traffic. It allows use of the enable and
+ disable commands on the interface.
+
When is specified for an
interface, Shorewall will be silent when:
@@ -674,6 +677,16 @@ loc eth2 -
The first address of the interface cannot be
obtained.
+
+
+ The gateway of the interface can not be obtained
+ (provider interface).
+
+
+
+ The interface has been disabled using the
+ disable command.
+ May not be specified with If ROUTE_FILTER=Yes in shorewall.conf(5),
- or if your distribution sets net.ipv4.conf.all.rp_filter=1
- in /etc/sysctl.conf, then setting
+ url="shorewall.conf.html">shorewall.conf(5), or if
+ your distribution sets net.ipv4.conf.all.rp_filter=1 in
+ /etc/sysctl.conf, then setting
routefilter=0 in an
interface entry will not disable
route filtering on that
@@ -848,8 +861,8 @@ loc eth2 -
If USE_DEFAULT_RT=Yes in shorewall.conf(5)
- and the interface is listed in shorewall.conf(5) and
+ the interface is listed in shorewall-providers(5).