diff --git a/docs/Accounting.xml b/docs/Accounting.xml
index b829abd6c..def2df87c 100644
--- a/docs/Accounting.xml
+++ b/docs/Accounting.xml
@@ -45,15 +45,16 @@
Accounting Basics
Shorewall accounting rules are described in the file
- /etc/shorewall/accounting. By default, the accounting
- rules are placed in a chain called accounting
and can thus
- be displayed using shorewall[-lite] show accounting
. All
- traffic passing into, out of, or through the firewall traverses the
- accounting chain including traffic that will later be rejected by
- interface options such as tcpflags
and
- maclist
. If your kernel doesn't support the connection
- tracking match extension (Kernel 2.4.21) then some traffic rejected under
- norfc1918
will not traverse the accounting chain.
+ /etc/shorewall/accounting. By
+ default, the accounting rules are placed in a chain called
+ accounting
and can thus be displayed using
+ shorewall[-lite] show -x accounting
. All traffic passing
+ into, out of, or through the firewall traverses the accounting chain
+ including traffic that will later be rejected by interface options such as
+ tcpflags
and maclist
. If your kernel doesn't
+ support the connection tracking match extension (Kernel 2.4.21) then some
+ traffic rejected under norfc1918
will not traverse the
+ accounting chain.
The columns in the accounting file are as follows:
diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml
index 942cf1c54..832fc2957 100644
--- a/docs/configuration_file_basics.xml
+++ b/docs/configuration_file_basics.xml
@@ -286,7 +286,7 @@ ACCEPT net $FW tcp www #This is an end-of-line comment
- /etc/shorewall/raw
+ /etc/shorewall/notrack
diff --git a/manpages/shorewall-accounting.xml b/manpages/shorewall-accounting.xml
index a5bf59e05..068d08263 100644
--- a/manpages/shorewall-accounting.xml
+++ b/manpages/shorewall-accounting.xml
@@ -75,6 +75,18 @@
chain
+
+
+ COMMENT
+
+
+ The remainder of the line is treated as a comment which
+ is attached to subsequent rules until another COMMENT line is
+ found or until the end of the file is reached. To stop adding
+ comments to rules, use a line with only the word
+ COMMENT.
+
+
diff --git a/manpages/shorewall-masq.xml b/manpages/shorewall-masq.xml
index 82d7bb3b3..e97fac3d8 100644
--- a/manpages/shorewall-masq.xml
+++ b/manpages/shorewall-masq.xml
@@ -43,11 +43,11 @@
- INTERFACE - [INTERFACE - {[+]interfacelist[:[digit]][:[address[,address]...[exclusion]]
+ role="bold">,address]...[exclusion]]|COMMENT}
Outgoing interfacelist. Prior to
@@ -99,6 +99,14 @@
This feature should only be required if you need to insert
rules in this file that preempt entries in shorewall-nat(5).
+
+ Comments may be attached to Netfilter rules generated from
+ entries in this file through the use of COMMENT lines. These lines
+ begin with the word COMMENT; the remainder of the line is treated as
+ a comment which is attached to subsequent rules until another
+ COMMENT line is found or until the end of the file is reached. To
+ stop adding comments to rules, use a line with only the word
+ COMMENT.
diff --git a/manpages/shorewall-nat.xml b/manpages/shorewall-nat.xml
index b2045e118..7578559a7 100644
--- a/manpages/shorewall-nat.xml
+++ b/manpages/shorewall-nat.xml
@@ -1,4 +1,6 @@
+
shorewall-nat
@@ -38,7 +40,7 @@
EXTERNAL -
- address
+ {address|COMMENT}
External IP Address - this should NOT be the primary IP
@@ -52,6 +54,14 @@
To stop the comment from being attached to further rules,
simply include COMMENT on a line by itself.
+
+ Comments may be attached to Netfilter rules generated from
+ entries in this file through the use of COMMENT lines. These lines
+ begin with the word COMMENT; the remainder of the line is treated as
+ a comment which is attached to subsequent rules until another
+ COMMENT line is found or until the end of the file is reached. To
+ stop adding comments to rules, use a line with only the word
+ COMMENT.
@@ -151,4 +161,4 @@
shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)
-
\ No newline at end of file
+
diff --git a/manpages/shorewall-notrack.xml b/manpages/shorewall-notrack.xml
index ae53bc057..49edcff23 100644
--- a/manpages/shorewall-notrack.xml
+++ b/manpages/shorewall-notrack.xml
@@ -35,7 +35,7 @@
SOURCE ‒
- zone[:interface][:address-list]
+ {zone[:interface][:address-list]|COMMENT}
where zone is the name of a zone,
@@ -44,6 +44,14 @@
list of addresses (may contain exclusion - see shorewall-exclusion
(5)).
+
+ Comments may be attached to Netfilter rules generated from
+ entries in this file through the use of COMMENT lines. These lines
+ begin with the word COMMENT; the remainder of the line is treated as
+ a comment which is attached to subsequent rules until another
+ COMMENT line is found or until the end of the file is reached. To
+ stop adding comments to rules, use a line with only the word
+ COMMENT.
diff --git a/manpages/shorewall-tunnels.xml b/manpages/shorewall-tunnels.xml
index 20c96a841..e92469c35 100644
--- a/manpages/shorewall-tunnels.xml
+++ b/manpages/shorewall-tunnels.xml
@@ -1,4 +1,6 @@
+
shorewall-tunnels
@@ -39,7 +41,7 @@
role="bold">ipip|gre|l2tp|pptpclient|pptpserver|{pptpserver|COMMENT|{openvpn|openvpnclient|openvpnserver}[:{tcp or udp
(6 or 17), then it may optionally be followed by ":" and a port
number.
+
+ Comments may be attached to Netfilter rules generated from
+ entries in this file through the use of COMMENT lines. These lines
+ begin with the word COMMENT; the remainder of the line is treated as
+ a comment which is attached to subsequent rules until another
+ COMMENT line is found or until the end of the file is reached. To
+ stop adding comments to rules, use a line with only the word
+ COMMENT.
@@ -272,4 +282,4 @@
shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
shorewall-tcrules(5), shorewall-tos(5), shorewall-zones(5)
-
\ No newline at end of file
+
diff --git a/manpages6/shorewall6-accounting.xml b/manpages6/shorewall6-accounting.xml
index a2c405083..ace3485d6 100644
--- a/manpages6/shorewall6-accounting.xml
+++ b/manpages6/shorewall6-accounting.xml
@@ -75,6 +75,18 @@
chain
+
+
+ COMMENT
+
+
+ The remainder of the line is treated as a comment which
+ is attached to subsequent rules until another COMMENT line is
+ found or until the end of the file is reached. To stop adding
+ comments to rules, use a line with only the word
+ COMMENT.
+
+