forked from extern/shorewall_code
Clean up Shorewall6[-lite] manpage links
- there were many links pointing to /manpages6/shorewall6... that should have been updated to point to /manpages/shorewall... - this commit corrects those links Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
157abcbd37
commit
9213d7e707
@ -1141,7 +1141,7 @@
|
||||
setting in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||
|
||||
<para>When no <replaceable>verbosity</replaceable> is specified,
|
||||
each instance of this option causes 1 to be added to the effective
|
||||
@ -1162,7 +1162,7 @@
|
||||
setting in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||
|
||||
<para>Each instance of this option causes 1 to be subtracted from
|
||||
the effective verbosity.</para>
|
||||
@ -1199,7 +1199,7 @@
|
||||
defined in the <ulink
|
||||
url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5))file.
|
||||
url="/manpages/shorewall-interfaces.html">shorewall6-interfaces</ulink>(5))file.
|
||||
A <emphasis>host-list</emphasis> is comma-separated list whose
|
||||
elements are host or network addresses.<caution>
|
||||
<para>The <command>add</command> command is not very robust. If
|
||||
@ -1214,7 +1214,7 @@
|
||||
<para>Beginning with Shorewall 4.5.9, the <emphasis
|
||||
role="bold">dynamic_shared</emphasis> zone option (<ulink
|
||||
url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5),<ulink
|
||||
url="???">shorewall6-zones</ulink>(5)) allows a single ipset to
|
||||
url="/manpages/shorewall-zones.html">shorewall6-zones</ulink>(5)) allows a single ipset to
|
||||
handle entries for multiple interfaces. When that option is
|
||||
specified for a zone, the <command>add</command> command has the
|
||||
alternative syntax in which the <replaceable>zone</replaceable> name
|
||||
@ -1332,7 +1332,7 @@
|
||||
set to Yes in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1440,7 +1440,7 @@
|
||||
set to Yes in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1458,7 +1458,7 @@
|
||||
defined in the <ulink
|
||||
url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5)
|
||||
url="/manpages/shorewall-interfaces.html">shorewall6-interfaces</ulink>(5)
|
||||
file. A <emphasis>host-list</emphasis> is comma-separated list whose
|
||||
elements are a host or network address.</para>
|
||||
|
||||
@ -1466,7 +1466,7 @@
|
||||
role="bold">dynamic_shared</emphasis> zone option (<ulink
|
||||
url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5),
|
||||
<ulink
|
||||
url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink>(5))
|
||||
url="/manpages/shorewall-zones.html">shorewall6-zones</ulink>(5))
|
||||
allows a single ipset to handle entries for multiple interfaces.
|
||||
When that option is specified for a zone, the
|
||||
<command>delete</command> command has the alternative syntax in
|
||||
@ -1493,7 +1493,7 @@
|
||||
command removes any routes added from <ulink
|
||||
url="/manpages/shorewall-routes.html">shorewall-routes</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages/shorewall6-routes.html">shorewall6-routes</ulink>(5))and
|
||||
url="/manpages/shorewall-routes.html">shorewall6-routes</ulink>(5))and
|
||||
any traffic shaping configuration for the interface.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -1554,7 +1554,7 @@
|
||||
adds any route specified in <ulink
|
||||
url="/manpages/shorewall-routes.html">shorewall-routes</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages/shorewall6-routes.html">shorewall6-routes</ulink>(5))
|
||||
url="/manpages/shorewall-routes.html">shorewall6-routes</ulink>(5))
|
||||
and installs the interface's traffic shaping configuration, if
|
||||
any.</para>
|
||||
</listitem>
|
||||
@ -1599,7 +1599,7 @@
|
||||
given then the file specified by RESTOREFILE in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)) is
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)) is
|
||||
assumed.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -1684,7 +1684,7 @@
|
||||
specified by the BLACKLIST_LOGLEVEL setting in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink> (5)
|
||||
(<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)).
|
||||
This command requires that the firewall be in the started state and
|
||||
that DYNAMIC_BLACKLIST=Yes in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf
|
||||
@ -1700,7 +1700,7 @@
|
||||
<para>Monitors the log file specified by the LOGFILE option in
|
||||
<ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5))
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5))
|
||||
and produces an audible alarm when new Shorewall messages are
|
||||
logged. The <emphasis role="bold">-m</emphasis> option causes the
|
||||
MAC address of each packet source to be displayed if that
|
||||
@ -1723,7 +1723,7 @@
|
||||
specified by the BLACKLIST_LOGLEVEL setting in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink> (5),
|
||||
(<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)).
|
||||
This command requires that the firewall be in the started state and
|
||||
that DYNAMIC_BLACKLIST=Yes in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf
|
||||
@ -1878,13 +1878,13 @@
|
||||
INLINE_MATCHES is set to Yes in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5))..</para>
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5))..</para>
|
||||
|
||||
<para>The <option>-C</option> option was added in Shorewall
|
||||
4.6.5 and is only meaningful when AUTOMAKE=Yes in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)).
|
||||
If an existing firewall script is used and if that script was
|
||||
the one that generated the current running configuration, then
|
||||
the running netfilter configuration will be reloaded as is so
|
||||
@ -2006,7 +2006,7 @@
|
||||
<replaceable>system</replaceable> is omitted, then the FIREWALL
|
||||
option setting in <ulink
|
||||
url="shorewall.conf.html">shorewall.conf</ulink>(5) (<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink>) is
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf(5)</ulink>) is
|
||||
assumed. In that case, if you want to specify a
|
||||
<replaceable>directory</replaceable>, then the <option>-D</option>
|
||||
option must be given.</para>
|
||||
@ -2071,8 +2071,8 @@
|
||||
Beginning with Shorewall 5.0.13, if
|
||||
<replaceable>system</replaceable> is omitted, then the FIREWALL
|
||||
option setting in <ulink
|
||||
url="shorewall6.conf.html">shorewall6.conf(5)</ulink> (<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)) is
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf(5)</ulink> (<ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)) is
|
||||
assumed. In that case, if you want to specify a
|
||||
<replaceable>directory</replaceable>, then the <option>-D</option>
|
||||
option must be given.</para>
|
||||
@ -2104,7 +2104,7 @@
|
||||
set to Yes in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -2144,8 +2144,8 @@
|
||||
Beginning with Shorewall 5.0.13, if
|
||||
<replaceable>system</replaceable> is omitted, then the FIREWALL
|
||||
option setting in <ulink
|
||||
url="shorewall6.conf.html">shorewall6.conf(5)</ulink> (<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)) is
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf(5)</ulink> (<ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)) is
|
||||
assumed. In that case, if you want to specify a
|
||||
<replaceable>directory</replaceable>, then the <option>-D</option>
|
||||
option must be given.</para>
|
||||
@ -2177,7 +2177,7 @@
|
||||
set to Yes in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -2304,7 +2304,7 @@
|
||||
restored from the file specified by the RESTOREFILE option in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||
|
||||
<caution>
|
||||
<para>If your iptables ruleset depends on variables that are
|
||||
@ -2460,7 +2460,7 @@
|
||||
in the file specified by the RESTOREFILE option in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||
|
||||
<para>The <option>-C</option> option, added in Shorewall 4.6.5,
|
||||
causes the iptables packet and byte counters to be saved along with
|
||||
@ -2477,7 +2477,7 @@
|
||||
the SAVE_IPSETS option in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink> (5)
|
||||
(<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)).
|
||||
This command may be used to proactively save your ipset contents in
|
||||
the event that a system failure occurs prior to issuing a
|
||||
<command>stop</command> command.</para>
|
||||
@ -2645,7 +2645,7 @@
|
||||
accounting counters (<ulink
|
||||
url="/manpages/shorewall-accounting.html">shorewall-accounting</ulink>
|
||||
(5), <ulink
|
||||
url="/manpages6/shorewall6-accounting.html">shorewall6-accounting</ulink>(5)).</para>
|
||||
url="/manpages/shorewall-accounting.html">shorewall6-accounting</ulink>(5)).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -2669,7 +2669,7 @@
|
||||
file specified by the LOGFILE option in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)).
|
||||
The <emphasis role="bold">-m</emphasis> option causes the MAC
|
||||
address of each packet source to be displayed if that
|
||||
information is available.</para>
|
||||
@ -2851,7 +2851,7 @@
|
||||
in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5))
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5))
|
||||
will be restored if that saved configuration exists and has
|
||||
been modified more recently than the files in
|
||||
/etc/shorewall. When <emphasis role="bold">-f</emphasis> is
|
||||
@ -2862,7 +2862,7 @@
|
||||
option was added to <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)).
|
||||
When LEGACY_FASTSTART=No, the modification times of files in
|
||||
/etc/shorewall are compared with that of
|
||||
/var/lib/shorewall/firewall (the compiled script that last
|
||||
@ -2881,7 +2881,7 @@
|
||||
overriding the AUTOMAKE setting in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)).
|
||||
When both <option>-f</option> and <option>-c</option>are
|
||||
present, the result is determined by the option that appears
|
||||
last.</para>
|
||||
@ -2897,7 +2897,7 @@
|
||||
INLINE_MATCHES is set to Yes in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf(5)</ulink>
|
||||
(<ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||
|
||||
<para>The <option>-C</option> option was added in Shorewall
|
||||
4.6.5 and is only meaningful when the <option>-f</option>
|
||||
|
@ -901,7 +901,7 @@ DNAT { source=net dest=loc:10.0.0.1 proto=tcp dport=80 mark=88 }</programlisting
|
||||
reload</command> or <command>shorewall restart</command>. This may be
|
||||
accomplished using the SWITCH column in <ulink
|
||||
url="manpages/shorewall-rules.html">shorewall-rules</ulink> (5) or <ulink
|
||||
url="manpages6/shorewall6-rules.html">shorewall6-rules</ulink> (5). Using
|
||||
url="manpages/shorewall-rules.html">shorewall6-rules</ulink> (5). Using
|
||||
this column requires that your kernel and iptables include
|
||||
<firstterm>Condition Match Support</firstterm> and you must be running
|
||||
Shorewall 4.4.24 or later. See the output of <command>shorewall show
|
||||
|
@ -18,7 +18,7 @@
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>/etc/init.d/shorewall-init</command>
|
||||
<command>shorewall-init</command>
|
||||
|
||||
<arg>start|stop</arg>
|
||||
</cmdsynopsis>
|
||||
@ -149,7 +149,7 @@
|
||||
want to make both interfaces optional and set the REQUIRE_INTERFACE option
|
||||
to Yes in <ulink url="/manpages/shorewall.conf.html">shorewall.conf
|
||||
</ulink>(5) or <ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink> (5). This
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink> (5). This
|
||||
causes the firewall to remain stopped until at least one of the interfaces
|
||||
comes up.</para>
|
||||
</refsect1>
|
||||
|
@ -155,7 +155,7 @@ loc eth2 -</programlisting>
|
||||
<para>Beginning with Shorewall 4.5.17, if you specify a zone for the
|
||||
'lo' interface, then that zone must be defined as type
|
||||
<option>local</option> in <ulink
|
||||
url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink>(5).</para>
|
||||
url="/manpages/shorewall-zones.html">shorewall6-zones</ulink>(5).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -276,7 +276,7 @@
|
||||
|
||||
<para>By setting the LOGTAGONLY option to Yes in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf(5)</ulink> or <ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink>, the
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf(5)</ulink>, the
|
||||
disposition ('DROP' in the above example) will be omitted. Consider the
|
||||
following rule:</para>
|
||||
|
||||
@ -373,7 +373,7 @@ REJECT(icmp-proto-unreachable):notice:IPv6,tunneling loc net
|
||||
<para>Beginning with Shorewall 4.6.4, you can configure the backend using
|
||||
the LOG_BACKEND option in <ulink
|
||||
url="manpages/shorewall.conf.html">shorewall.conf(5)</ulink> and <ulink
|
||||
url="manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para>
|
||||
url="manpages/shorewall.conf.html">shorewall6.conf(5)</ulink>.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
|
@ -35,7 +35,7 @@
|
||||
in many cases, Proxy ARP (<ulink
|
||||
url="/manpages/shorewall-proxyarp.html">shorewall-proxyarp</ulink>(5))
|
||||
or Proxy-NDP(<ulink
|
||||
url="/manpages6/shorewall6-proxyndp.html">shorewall6-proxyndp</ulink>(5))
|
||||
url="/manpages/shorewall-proxyndp.html">shorewall6-proxyndp</ulink>(5))
|
||||
is a better solution that one-to-one NAT.</para>
|
||||
</warning>
|
||||
|
||||
|
@ -545,7 +545,7 @@
|
||||
the<replaceable>
|
||||
ip6tables-</replaceable><replaceable>target</replaceable> as a
|
||||
builtin action in <ulink
|
||||
url="/manpages6/shorewall6-actions.html">shorewall-actions</ulink>(5).</para>
|
||||
url="/manpages/shorewall-actions.html">shorewall-actions</ulink>(5).</para>
|
||||
|
||||
<important>
|
||||
<para>If you specify REJECT as the
|
||||
|
@ -54,9 +54,7 @@
|
||||
<quote>tcpflags</quote> and <quote>maclist</quote>.</para>
|
||||
|
||||
<para>The columns in the accounting file are described in <ulink
|
||||
url="manpages/shorewall-accounting.html">shorewall-accounting</ulink> (5)
|
||||
and <ulink
|
||||
url="manpages6/shorewall6-accounting.html">shorewall6-accounting</ulink>
|
||||
url="manpages/shorewall-accounting.html">shorewall-accounting</ulink>
|
||||
(5).</para>
|
||||
|
||||
<para>In all columns except ACTION and CHAIN, the values <quote>-</quote>,
|
||||
|
@ -499,16 +499,12 @@ REDIRECT net - tcp 80 - 1.2.3.4</programlisting>
|
||||
<title>Mangle Actions</title>
|
||||
|
||||
<para>Beginning with Shorewall 5.0.7, actions may be used in <ulink
|
||||
url="manpages/shorewall-mangle.html">shorewall-mangle(5)</ulink> and
|
||||
<ulink
|
||||
url="manpages6/shorewall6-mangle.html">shorewall6-mangle(5)</ulink>.
|
||||
url="manpages/shorewall-mangle.html">shorewall-mangle(5)</ulink>.
|
||||
Because the rules and mangle files have different column layouts,
|
||||
actions can be defined to be used in one file or the other but not in
|
||||
both. To designate an action to be used in the mangle file, specify the
|
||||
<option>mangle</option> option in the action's entry in <ulink
|
||||
url="manpages/shorewall-actions.html">shorewall-actions</ulink>(5) or
|
||||
<ulink
|
||||
url="manpages6/shorewall6-actions.html">shorewall6-actions</ulink>(5).</para>
|
||||
url="manpages/shorewall-actions.html">shorewall-actions</ulink>(5).</para>
|
||||
|
||||
<para>To create a mangle action, follow the steps in the preceding
|
||||
section, but use the
|
||||
|
@ -45,11 +45,7 @@
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><ulink url="Manpages.html">IPv4 Manpages</ulink></entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><ulink url="Manpages6.html">IPv6 Manpages</ulink></entry>
|
||||
<entry><ulink url="Manpages.html">Manpages</ulink></entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
|
@ -178,7 +178,7 @@
|
||||
<para>Set KEEP_RT_TABLES=No in <ulink
|
||||
url="manpages/shorewall.conf.html">shorewall.conf</ulink>(5) and
|
||||
set KEEP_RT_TABLES=Yes in <ulink
|
||||
url="manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
|
||||
url="manpages/shorewall.conf.html">shorewall6.conf</ulink>(5).</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
@ -469,9 +469,9 @@ ACCEPT net:wlan0:<2002:ce7c:92b4::3> $FW tcp 22
|
||||
<para>The Linux IPv6 stack does not support balancing (multi-hop)
|
||||
routes. Thehe <option>balance</option> and <option>fallback</option>
|
||||
options in <ulink
|
||||
url="manpages6/shorewall6-providers.html">shorewall6-providers</ulink>(5)
|
||||
url="manpages/shorewall-providers.html">shorewall6-providers</ulink>(5)
|
||||
and USE_DEFAULT_RT=Yes in <ulink
|
||||
url="manpages6/shorewall.conf.html">shorewall6.conf</ulink>(5) are
|
||||
url="manpages/shorewall.conf.html">shorewall6.conf</ulink>(5) are
|
||||
supported, but at most one provider can have the
|
||||
<option>balance</option> option and at most one provider can have
|
||||
the <option>fallback</option> option.</para>
|
||||
|
@ -84,7 +84,7 @@
|
||||
any future ability to install the database at another location, Shorewall
|
||||
supports a GEOIPDIR option in <ulink
|
||||
url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5) and <ulink
|
||||
url="manpages6/shorewall6.conf.html">shorewall6.conf</ulink> (5). The
|
||||
url="manpages/shorewall.conf.html">shorewall6.conf</ulink> (5). The
|
||||
default value of that option is
|
||||
<filename>/usr/share/xt_geoip/LE</filename>.</para>
|
||||
|
||||
|
@ -131,9 +131,8 @@
|
||||
<member><ulink url="manpages/shorewall-proxyarp.html">proxyarp</ulink>
|
||||
- Define Proxy ARP (IPv4)</member>
|
||||
|
||||
<member><ulink
|
||||
url="manpages6/shorewall-proxyndp.html">proxyndp</ulink> - Define
|
||||
Proxy NDP (IPv6)</member>
|
||||
<member><ulink url="manpages/shorewall-proxyndp.html">proxyndp</ulink>
|
||||
- Define Proxy NDP (IPv6)</member>
|
||||
|
||||
<member><ulink url="manpages/shorewall-rtrules.html">rtrules</ulink> -
|
||||
Define routing rules.</member>
|
||||
@ -179,7 +178,7 @@
|
||||
values for global Shorewall options.</member>
|
||||
|
||||
<member><ulink
|
||||
url="manpages6/shorewall6.conf.html">shorewall6.conf</ulink> - Specify
|
||||
url="manpages/shorewall.conf.html">shorewall6.conf</ulink> - Specify
|
||||
values for global Shorewall6 options.</member>
|
||||
|
||||
<member><ulink
|
||||
@ -212,7 +211,7 @@
|
||||
<simplelist>
|
||||
<member><ulink url="manpages/shorewall.html">shorewall</ulink> -
|
||||
/sbin/shorewall, /sbin/shorewall6/, /sbin/shorewall-lite and
|
||||
/sbin/shorewall6-line command syntax and semantics.</member>
|
||||
/sbin/shorewall6-lite command syntax and semantics.</member>
|
||||
</simplelist>
|
||||
</blockquote>
|
||||
</section>
|
||||
|
@ -1,182 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
|
||||
<article>
|
||||
<!--$Id: template.xml 5908 2007-04-12 23:04:36Z teastep $-->
|
||||
|
||||
<articleinfo>
|
||||
<title>Shorewall6 5.0 Manpages</title>
|
||||
|
||||
<authorgroup>
|
||||
<author>
|
||||
<firstname>Tom</firstname>
|
||||
|
||||
<surname>Eastep</surname>
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2007-2014</year>
|
||||
|
||||
<holder>Thomas M. Eastep</holder>
|
||||
</copyright>
|
||||
|
||||
<legalnotice>
|
||||
<para>Permission is granted to copy, distribute and/or modify this
|
||||
document under the terms of the GNU Free Documentation License, Version
|
||||
1.2 or any later version published by the Free Software Foundation; with
|
||||
no Invariant Sections, with no Front-Cover, and with no Back-Cover
|
||||
Texts. A copy of the license is included in the section entitled
|
||||
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation
|
||||
License</ulink></quote>.</para>
|
||||
</legalnotice>
|
||||
</articleinfo>
|
||||
|
||||
<warning>
|
||||
<para>These manpages are for Shorewall6 5.0 and later only. They describe
|
||||
features and options not available on earlier releases.The manpages for
|
||||
Shorewall 4.4-4.6 are available <ulink
|
||||
url="/manpages4/Manpages.html">here</ulink>.</para>
|
||||
</warning>
|
||||
|
||||
<section id="Section5">
|
||||
<title>Section 5 — Files and Concepts</title>
|
||||
|
||||
<blockquote>
|
||||
<simplelist>
|
||||
<member><ulink
|
||||
url="manpages6/shorewall6-accounting.html">accounting</ulink> - Define
|
||||
IP accounting rules.</member>
|
||||
|
||||
<member><ulink url="manpages6/shorewall6-actions.html">actions</ulink>
|
||||
- Declare user-defined actions.</member>
|
||||
|
||||
<member><ulink url="manpages6/shorewall6-blrules.html">blrules</ulink>
|
||||
- shorewall6 Blacklist file.</member>
|
||||
|
||||
<member><ulink
|
||||
url="manpages6/shorewall6-conntrack.html">conntrack</ulink> - Specify
|
||||
helpers for connections or exempt certain traffic from netfilter
|
||||
connection tracking.</member>
|
||||
|
||||
<member><ulink
|
||||
url="manpages6/shorewall6-exclusion.html">exclusion</ulink> -
|
||||
Excluding hosts from a network or zone</member>
|
||||
|
||||
<member><ulink url="manpages6/shorewall6-hosts.html">hosts</ulink> -
|
||||
Define multiple zones accessed through a single interface</member>
|
||||
|
||||
<member><ulink
|
||||
url="manpages6/shorewall6-interfaces.html">interfaces</ulink> - Define
|
||||
the interfaces on the system and optionally associate them with
|
||||
zones.</member>
|
||||
|
||||
<member><ulink url="manpages6/shorewall6-maclist.html">maclist</ulink>
|
||||
- Define MAC verification.</member>
|
||||
|
||||
<member><ulink url="manpages6/shorewall6-mangle.html">mangle</ulink> -
|
||||
Supersedes tcrules and describes packet/connection marking.</member>
|
||||
|
||||
<member><ulink url="manpages6/shorewall6-masq.html">masq</ulink> -
|
||||
Define Masquerade/SNAT</member>
|
||||
|
||||
<member><ulink url="manpages6/shorewall6-modules.html">modules</ulink>
|
||||
- Specify which kernel modules to load.</member>
|
||||
|
||||
<member><ulink url="manpages6/shorewall6-nat.html">nat</ulink> -
|
||||
(added in Shorewall 4.6.4) Specify 1:1 NAT</member>
|
||||
|
||||
<member><ulink url="manpages6/shorewall6-nesting.html">nesting</ulink>
|
||||
- How to define nested zones.</member>
|
||||
|
||||
<member><ulink url="manpages6/shorewall6-params.html">params</ulink> -
|
||||
Assign values to shell variables used in other files.</member>
|
||||
|
||||
<member><ulink url="manpages6/shorewall6-policy.html">policy</ulink> -
|
||||
Define high-level policies for connections between zones.</member>
|
||||
|
||||
<member><ulink
|
||||
url="manpages6/shorewall6-providers.html">providers</ulink> - Define
|
||||
routing tables, usually for multiple Internet links.</member>
|
||||
|
||||
<member><ulink
|
||||
url="manpages6/shorewall6-proxyndp.html">proxyndp</ulink> - Defines
|
||||
Proxy NDP</member>
|
||||
|
||||
<member><ulink url="manpages6/shorewall6-rtrules.html">rtrules</ulink>
|
||||
- Define routing rules.</member>
|
||||
|
||||
<member><ulink url="manpages6/shorewall6-routes.html">routes</ulink> -
|
||||
(Added in Shorewall 4.4.15) Add additional routes to provider routing
|
||||
tables.</member>
|
||||
|
||||
<member><ulink url="manpages6/shorewall6-rules.html">rules</ulink> -
|
||||
Specify exceptions to policies, including DNAT and REDIRECT.</member>
|
||||
|
||||
<member><ulink
|
||||
url="manpages6/shorewall6-secmarks.html">secmarks</ulink> - Attached
|
||||
an SELinux context to a packet.</member>
|
||||
|
||||
<member><ulink
|
||||
url="manpages6/shorewall6-stoppedrules.html">stoppedrules</ulink> -
|
||||
Specify connections to be permitted when Shorewall6 is in the stopped
|
||||
state (Added in Shoreall 4.5.8).</member>
|
||||
|
||||
<member><ulink
|
||||
url="manpages6/shorewall6-tcclasses.html">tcclasses</ulink> - Define
|
||||
htb classes for traffic shaping.</member>
|
||||
|
||||
<member><ulink
|
||||
url="manpages6/shorewall6-tcdevices.html">tcdevices</ulink> - Specify
|
||||
speed of devices for traffic shaping.</member>
|
||||
|
||||
<member><ulink
|
||||
url="manpages6/shorewall6-tcinterfaces.html">tcinterfaces</ulink> -
|
||||
Specify interfaces for simplified traffic shaping.</member>
|
||||
|
||||
<member><ulink url="manpages6/shorewall6-tcpri.html">tcpri</ulink> -
|
||||
Classify traffic for simplified traffic shaping.</member>
|
||||
|
||||
<member><ulink url="manpages6/shorewall6-tunnels.html">tunnels</ulink>
|
||||
- Define VPN connections with endpoints on the firewall.</member>
|
||||
|
||||
<member><ulink
|
||||
url="manpages6/shorewall6.conf.html">shorewall6.conf</ulink> - Specify
|
||||
values for global Shorewall6 options.</member>
|
||||
|
||||
<member><ulink
|
||||
url="manpages6/shorewall6-lite.conf.html">shorewall6-lite.conf</ulink>
|
||||
- Specify values for global Shorewall6 Lite options.</member>
|
||||
|
||||
<member><ulink url="manpages6/shorewall6-vardir.html">vardir</ulink> -
|
||||
Redefine the directory where Shorewall6 keeps its state
|
||||
information.</member>
|
||||
|
||||
<member><ulink
|
||||
url="manpages6/shorewall6-lite-vardir.html">vardir-lite</ulink> -
|
||||
Redefine the directory where Shorewall6 Lite keeps its state
|
||||
information.</member>
|
||||
|
||||
<member><ulink url="manpages6/shorewall6-zones.html">zones</ulink> -
|
||||
Declare Shorewall6 zones.</member>
|
||||
</simplelist>
|
||||
</blockquote>
|
||||
</section>
|
||||
|
||||
<section id="Section8">
|
||||
<title>Section 8 — Administrative Commands</title>
|
||||
|
||||
<blockquote>
|
||||
<simplelist>
|
||||
<member><ulink url="manpages6/shorewall6.html">shorewall6</ulink> -
|
||||
/sbin/shorewall6 command syntax and semantics.</member>
|
||||
|
||||
<member><ulink
|
||||
url="manpages6/shorewall6-lite.html">shorewall6-lite</ulink> -
|
||||
/sbin/shorewall6-lite command syntax and semantics.</member>
|
||||
</simplelist>
|
||||
</blockquote>
|
||||
</section>
|
||||
</article>
|
@ -63,8 +63,7 @@
|
||||
<command>ethereal</command> or any other packet sniffing program. They can
|
||||
be seen in an iptables/ip6tables trace -- see the
|
||||
<command>iptrace</command> command in <ulink
|
||||
url="manpages/shorewall.html">shorewall</ulink>(8) and <ulink
|
||||
url="manpages6/shorewall6.html">shorewall6</ulink>(8).</para>
|
||||
url="manpages/shorewall.html">shorewall</ulink>(8).</para>
|
||||
|
||||
<para>Example (output has been folded for display ):</para>
|
||||
|
||||
|
@ -311,7 +311,7 @@ shorewall start</programlisting>
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>The configuration file is /etc/shorewall6/proxyndp (see <ulink
|
||||
url="manpages6/shorewall6-proxyndp.html">shorewall6-proxyndp
|
||||
url="manpages/shorewall-proxyndp.html">shorewall6-proxyndp
|
||||
</ulink>(5)).</para>
|
||||
</listitem>
|
||||
|
||||
|
@ -348,7 +348,7 @@ ZONE_BITS=0
|
||||
# For information about the settings in this file, type "man shorewall6.conf"
|
||||
#
|
||||
# Manpage also online at
|
||||
# http://www.shorewall.net/manpages6/shorewall6.conf.html
|
||||
# http://www.shorewall.net/manpages/shorewall.conf.html
|
||||
###############################################################################
|
||||
# S T A R T U P E N A B L E D
|
||||
###############################################################################
|
||||
|
@ -28,6 +28,8 @@
|
||||
|
||||
<year>2017</year>
|
||||
|
||||
<year>2019</year>
|
||||
|
||||
<holder>Thomas M. Eastep</holder>
|
||||
</copyright>
|
||||
|
||||
@ -182,7 +184,7 @@ ACCEPT net:+sshok $FW tcp 22</programlisting></para>
|
||||
together with the ipsets supporting dynamic zones are saved. Shorewall6
|
||||
support for the SAVE_IPSETS option was also added in 4.6.4. When
|
||||
SAVE_IPSETS=Yes in <ulink
|
||||
url="manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink>, only ipv6
|
||||
url="manpages/shorewall.conf.html">shorewall6.conf(5)</ulink>, only ipv6
|
||||
ipsets are saved. For Shorewall, if SAVE_IPSETS=ipv4 in <ulink
|
||||
url="manpages/shorewall.conf.html">shorewall.conf(5)</ulink>, then only
|
||||
ipv4 ipsets are saved. Both features require ipset version 5 or
|
||||
@ -201,9 +203,9 @@ ACCEPT net:+sshok $FW tcp 22</programlisting></para>
|
||||
<para>Ipset support in Shorewall6 was added in Shorewall 4.4.21.</para>
|
||||
|
||||
<para>Beginning with Shorewall 4.6.4, SAVE_IPSETS is available in <ulink
|
||||
url="manpages6/shorewall6.conf.html">shorewall6-conf(5)</ulink>. When set
|
||||
to Yes, the ipv6 ipsets will be saved. You can also save selective ipsets
|
||||
by setting SAVE_IPSETS to a comma-separated list of ipset names.</para>
|
||||
url="manpages/shorewall.conf.html">shorewall6-conf(5)</ulink>. When set to
|
||||
Yes, the ipv6 ipsets will be saved. You can also save selective ipsets by
|
||||
setting SAVE_IPSETS to a comma-separated list of ipset names.</para>
|
||||
|
||||
<para>Prior to Shorewall 4.6.4, SAVE_IPSETS=Yes in <ulink
|
||||
url="manpages/shorewall.conf.html">shorewall.conf(5)</ulink> won't work
|
||||
@ -221,7 +223,7 @@ ACCEPT net:+sshok $FW tcp 22</programlisting></para>
|
||||
|
||||
<para>If you configure SAVE_IPSETS in <ulink
|
||||
url="manpages/shorewall.conf.html">shorewall.conf(5)</ulink> and/or <ulink
|
||||
url="manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink> then do
|
||||
not set SAVE_IPSETS in shorewall-init.</para>
|
||||
url="manpages/shorewall.conf.html">shorewall6.conf(5)</ulink> then do not
|
||||
set SAVE_IPSETS in shorewall-init.</para>
|
||||
</section>
|
||||
</article>
|
||||
|
@ -431,7 +431,7 @@ sync=1</programlisting>
|
||||
<para>Beginning with Shorewall 4.6.4, you can configure the backend using
|
||||
the LOG_BACKEND option in <ulink
|
||||
url="manpages/shorewall.conf.html">shorewall.conf(5)</ulink> and <ulink
|
||||
url="manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para>
|
||||
url="manpages/shorewall.conf.html">shorewall6.conf(5)</ulink>.</para>
|
||||
</section>
|
||||
|
||||
<section id="Syslog-ng">
|
||||
@ -477,7 +477,7 @@ sync=1</programlisting>
|
||||
|
||||
<para>By setting the LOGTAGONLY option to Yes in <ulink
|
||||
url="manpages/shorewall.conf.html">shorewall.conf(5)</ulink> or <ulink
|
||||
url="manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink>, the
|
||||
url="manpages/shorewall.conf.html">shorewall6.conf(5)</ulink>, the
|
||||
disposition ('DROP' in the above example) will be omitted. Consider the
|
||||
following rule:</para>
|
||||
|
||||
@ -511,7 +511,7 @@ REJECT(icmp-proto-unreachable):notice:IPv6,tunneling loc net
|
||||
|
||||
<para><ulink
|
||||
url="manpages/shorewall.conf.html">shorewall.conf(5)</ulink> and <ulink
|
||||
url="manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink> have a
|
||||
url="manpages/shorewall.conf.html">shorewall6.conf(5)</ulink> have a
|
||||
number of options whose values are log levels. Beginning with Shorewall
|
||||
5.0.0, these specifcations may include a log tag as described <link
|
||||
linkend="LogTags">above</link>.</para>
|
||||
|
@ -1049,7 +1049,7 @@ SAVE 0.0.0.0/0 0.0.0.0/0 all - - -
|
||||
|
||||
<listitem>
|
||||
<para>Set TC_ENABLED=Shared in <ulink
|
||||
url="manpages6/shorewall6.conf.html">shorewall6.conf</ulink>
|
||||
url="manpages/shorewall.conf.html">shorewall6.conf</ulink>
|
||||
(5).</para>
|
||||
</listitem>
|
||||
|
||||
|
@ -771,7 +771,7 @@
|
||||
<para>If your <ulink
|
||||
url="manpages/shorewall-params.html">/etc/shorewall/params</ulink> (or
|
||||
<ulink
|
||||
url="manpages6/shorewall6-params.html">/etc/shorewall6/params</ulink>)
|
||||
url="manpages/shorewall-params.html">/etc/shorewall6/params</ulink>)
|
||||
file sends output to Standard Output, you need to be aware that the
|
||||
output will be redirected to Standard Error beginning with Shorewall
|
||||
4.4.16.</para>
|
||||
@ -782,7 +782,7 @@
|
||||
deprecated. With EXPORTPARAMS=No, the variables set by <ulink
|
||||
url="manpages/shorewall-params.html">/etc/shorewall/params</ulink>
|
||||
(<ulink
|
||||
url="manpages6/shorewall6-params.html">/etc/shorewall6/params</ulink>)
|
||||
url="manpages/shorewall-params.html">/etc/shorewall6/params</ulink>)
|
||||
at compile time are now available in the compiled firewall
|
||||
script.</para>
|
||||
</listitem>
|
||||
|
Loading…
Reference in New Issue
Block a user