From 92e6f2d0012bfbcc5d91c64b400ab4ebb104189d Mon Sep 17 00:00:00 2001 From: teastep Date: Fri, 20 Mar 2009 16:47:27 +0000 Subject: [PATCH] Update manpages with COMMENT documented. Signed-off-by: Tom Eastep git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9718 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/Accounting.xml | 19 ++++++++++--------- docs/configuration_file_basics.xml | 2 +- manpages/shorewall-accounting.xml | 12 ++++++++++++ manpages/shorewall-masq.xml | 12 ++++++++++-- manpages/shorewall-nat.xml | 14 ++++++++++++-- manpages/shorewall-notrack.xml | 10 +++++++++- manpages/shorewall-tunnels.xml | 14 ++++++++++++-- manpages6/shorewall6-accounting.xml | 12 ++++++++++++ 8 files changed, 78 insertions(+), 17 deletions(-) diff --git a/docs/Accounting.xml b/docs/Accounting.xml index b829abd6c..def2df87c 100644 --- a/docs/Accounting.xml +++ b/docs/Accounting.xml @@ -45,15 +45,16 @@ Accounting Basics Shorewall accounting rules are described in the file - /etc/shorewall/accounting. By default, the accounting - rules are placed in a chain called accounting and can thus - be displayed using shorewall[-lite] show accounting. All - traffic passing into, out of, or through the firewall traverses the - accounting chain including traffic that will later be rejected by - interface options such as tcpflags and - maclist. If your kernel doesn't support the connection - tracking match extension (Kernel 2.4.21) then some traffic rejected under - norfc1918 will not traverse the accounting chain. + /etc/shorewall/accounting. By + default, the accounting rules are placed in a chain called + accounting and can thus be displayed using + shorewall[-lite] show -x accounting. All traffic passing + into, out of, or through the firewall traverses the accounting chain + including traffic that will later be rejected by interface options such as + tcpflags and maclist. If your kernel doesn't + support the connection tracking match extension (Kernel 2.4.21) then some + traffic rejected under norfc1918 will not traverse the + accounting chain. The columns in the accounting file are as follows: diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml index 942cf1c54..832fc2957 100644 --- a/docs/configuration_file_basics.xml +++ b/docs/configuration_file_basics.xml @@ -286,7 +286,7 @@ ACCEPT net $FW tcp www #This is an end-of-line comment - /etc/shorewall/raw + /etc/shorewall/notrack diff --git a/manpages/shorewall-accounting.xml b/manpages/shorewall-accounting.xml index a5bf59e05..068d08263 100644 --- a/manpages/shorewall-accounting.xml +++ b/manpages/shorewall-accounting.xml @@ -75,6 +75,18 @@ chain + + + COMMENT + + + The remainder of the line is treated as a comment which + is attached to subsequent rules until another COMMENT line is + found or until the end of the file is reached. To stop adding + comments to rules, use a line with only the word + COMMENT. + + diff --git a/manpages/shorewall-masq.xml b/manpages/shorewall-masq.xml index 82d7bb3b3..e97fac3d8 100644 --- a/manpages/shorewall-masq.xml +++ b/manpages/shorewall-masq.xml @@ -43,11 +43,11 @@ - INTERFACE - [INTERFACE - {[+]interfacelist[:[digit]][:[address[,address]...[exclusion]] + role="bold">,address]...[exclusion]]|COMMENT} Outgoing interfacelist. Prior to @@ -99,6 +99,14 @@ This feature should only be required if you need to insert rules in this file that preempt entries in shorewall-nat(5). + + Comments may be attached to Netfilter rules generated from + entries in this file through the use of COMMENT lines. These lines + begin with the word COMMENT; the remainder of the line is treated as + a comment which is attached to subsequent rules until another + COMMENT line is found or until the end of the file is reached. To + stop adding comments to rules, use a line with only the word + COMMENT. diff --git a/manpages/shorewall-nat.xml b/manpages/shorewall-nat.xml index b2045e118..7578559a7 100644 --- a/manpages/shorewall-nat.xml +++ b/manpages/shorewall-nat.xml @@ -1,4 +1,6 @@ + shorewall-nat @@ -38,7 +40,7 @@ EXTERNAL - - address + {address|COMMENT} External IP Address - this should NOT be the primary IP @@ -52,6 +54,14 @@ To stop the comment from being attached to further rules, simply include COMMENT on a line by itself. + + Comments may be attached to Netfilter rules generated from + entries in this file through the use of COMMENT lines. These lines + begin with the word COMMENT; the remainder of the line is treated as + a comment which is attached to subsequent rules until another + COMMENT line is found or until the end of the file is reached. To + stop adding comments to rules, use a line with only the word + COMMENT. @@ -151,4 +161,4 @@ shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5) - \ No newline at end of file + diff --git a/manpages/shorewall-notrack.xml b/manpages/shorewall-notrack.xml index ae53bc057..49edcff23 100644 --- a/manpages/shorewall-notrack.xml +++ b/manpages/shorewall-notrack.xml @@ -35,7 +35,7 @@ SOURCE ‒ - zone[:interface][:address-list] + {zone[:interface][:address-list]|COMMENT} where zone is the name of a zone, @@ -44,6 +44,14 @@ list of addresses (may contain exclusion - see shorewall-exclusion (5)). + + Comments may be attached to Netfilter rules generated from + entries in this file through the use of COMMENT lines. These lines + begin with the word COMMENT; the remainder of the line is treated as + a comment which is attached to subsequent rules until another + COMMENT line is found or until the end of the file is reached. To + stop adding comments to rules, use a line with only the word + COMMENT. diff --git a/manpages/shorewall-tunnels.xml b/manpages/shorewall-tunnels.xml index 20c96a841..e92469c35 100644 --- a/manpages/shorewall-tunnels.xml +++ b/manpages/shorewall-tunnels.xml @@ -1,4 +1,6 @@ + shorewall-tunnels @@ -39,7 +41,7 @@ role="bold">ipip|gre|l2tp|pptpclient|pptpserver|{pptpserver|COMMENT|{openvpn|openvpnclient|openvpnserver}[:{tcp or udp (6 or 17), then it may optionally be followed by ":" and a port number. + + Comments may be attached to Netfilter rules generated from + entries in this file through the use of COMMENT lines. These lines + begin with the word COMMENT; the remainder of the line is treated as + a comment which is attached to subsequent rules until another + COMMENT line is found or until the end of the file is reached. To + stop adding comments to rules, use a line with only the word + COMMENT. @@ -272,4 +282,4 @@ shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-zones(5) - \ No newline at end of file + diff --git a/manpages6/shorewall6-accounting.xml b/manpages6/shorewall6-accounting.xml index a2c405083..ace3485d6 100644 --- a/manpages6/shorewall6-accounting.xml +++ b/manpages6/shorewall6-accounting.xml @@ -75,6 +75,18 @@ chain + + + COMMENT + + + The remainder of the line is treated as a comment which + is attached to subsequent rules until another COMMENT line is + found or until the end of the file is reached. To stop adding + comments to rules, use a line with only the word + COMMENT. + +