diff --git a/Shorewall/firewall b/Shorewall/firewall index f4e3ecbee..80236d19e 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -31,13 +31,14 @@ # # Commands are: # -# shorewall start Starts the firewall # shorewall restart Restarts the firewall # shorewall stop Stops the firewall # shorewall reset Resets iptables packet and # byte counts # shorewall clear Remove all Shorewall chains # and rules/policies. +# shorewall add [:] zone Adds a host or subnet to a zone +# shorewall delete [:] zone Deletes a host or subnet from a zone # # Mutual exclusion -- These functions are jackets for the mutual exclusion # routines in $FUNCTIONS. They invoke diff --git a/manpages/shorewall-proxyarp.xml b/manpages/shorewall-proxyarp.xml index e26d11bf9..55a15d9f5 100644 --- a/manpages/shorewall-proxyarp.xml +++ b/manpages/shorewall-proxyarp.xml @@ -21,7 +21,8 @@ Description - This file is used to define Proxy ARP. + This file is used to define Proxy ARP. There is one entry in this + file for each IP address to be proxied. The columns in the file are as follows. @@ -40,7 +41,8 @@ interface - Local interface where system is connected. + Local interface where system with the ip address in ADDRESS is + connected. diff --git a/manpages/shorewall-rules.xml b/manpages/shorewall-rules.xml index 7b0880750..3f57199ae 100644 --- a/manpages/shorewall-rules.xml +++ b/manpages/shorewall-rules.xml @@ -21,19 +21,13 @@ Description - Rules in this file govern connection establishment. By default, + Entries in this file govern connection establishment. By default, subsequent requests and responses are automatically allowed using connection tracking. For any particular (source,dest) pair of zones, the rules are evaluated in the order in which they appear in this file and the first terminating match is the one that determines the disposition of the request. All rules are terminating except LOG and QUEUE rules. - In most places where an IP address or subnet is allowed, you can - preceed the address/subnet with "!" (e.g., !192.168.1.0/24) to indicate - that the rule matches all addresses except the address/subnet given. - Notice that no white space is permitted between "!" and the - address/subnet. - If you masquerade or use SNAT from a local system to the internet, you cannot use an ACCEPT rule to allow traffic from the internet to that @@ -347,7 +341,7 @@ rewritten. If the ACTION names an - action defined in action declared in shorewall-actions(5) or in /usr/share/shorewall/actions.std then: @@ -397,7 +391,7 @@ role="bold">+ipset} - Source hosts to which the rule applies. May be a zone defined + Source hosts to which the rule applies. May be a zone declared in /etc/shorewall/zones, $FW to indicate the firewall itself, all, all+, +ipset}] - Location of Server. May be a zone defined in Location of Server. May be a zone declared in shorewall-zones(5), $FW to indicate the firewall itself, all. all+ or diff --git a/web/Manpages.html b/web/Manpages.html index cd1a5b3fb..d4ae87f9a 100644 --- a/web/Manpages.html +++ b/web/Manpages.html @@ -20,10 +20,19 @@ Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”.

-

2007-01-14
+

2007-01-18

Warning: These manpages are for Shorewall 3.4.0 only.
+
+Note: The docbook to manpage +translation tool that we are using has some indentation issues which +require us to choose between correct output of the man command and correctly-indented +HTML. We've chosen in favor of the man +command so some of the manpages accessed through the links below have +indentation problems. We're working to resolve these issues and ask for +your patience.

Section 5 - Files