Update man pages for .1

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8175 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2008-02-10 06:00:33 +00:00 · 2008-02-10 06:00:33 +00:00 · a348da6636
commit a348da6636
parent 8946d7320c
3 changed files with 18 additions and 3 deletions
--- a/manpages/shorewall-tcclasses.xml
+++ b/manpages/shorewall-tcclasses.xml
@ -196,8 +196,8 @@
        role="bold">,</emphasis><emphasis>option</emphasis>]...]</term>

        <listitem>
-          <para>A comma-separated list of options including the
-          following:</para>
+          <para>Added in Shorewall-perl 4.1. A comma-separated list of options
+          including the following:</para>

          <variablelist>
            <varlistentry>
--- a/manpages/shorewall-tcrules.xml
+++ b/manpages/shorewall-tcrules.xml
@ -87,7 +87,14 @@
              <para>- If the SOURCE is <emphasis
              role="bold">$FW</emphasis>[<emphasis
              role="bold">:</emphasis><emphasis>address-or-range</emphasis>[,<emphasis>address-or-range</emphasis>]...],
-              then the rule is inserted into the OUTPUT chain.</para>
+              then the rule is inserted into the OUTPUT chain. The behavior
+              changed in Shorewall-perl 4.1. Previously, when
+              HIGH_ROUTE_MARKS=Yes, Shorewall allowed non-zero mark values
+              &lt; 256 to be assigned in the OUTPUT chain. This has been
+              changed so that only high mark values may be assigned there.
+              Packet marking rules for traffic shaping of packets originating
+              on the firewall must be coded in the POSTROUTING chain (see
+              below).</para>

              <para>- Otherwise, the chain is determined by the setting of
              MARK_IN_FORWARD_CHAIN in <ulink
--- a/manpages/shorewall.xml
+++ b/manpages/shorewall.xml
@ -944,6 +944,14 @@
          chains such as FORWARD may not be refreshed.</para>

          <para>Example:<programlisting><command>shorewall refresh net2fw nat:net_dnat</command> #Refresh the 'net2loc' chain in the filter table and the 'net_dnat' chain in the nat table</programlisting></para>
+
+          <para>Beginning with Shorewall 4.1, the <emphasis
+          role="bold">refresh</emphasis> command has slightly different
+          behavior. When no chain name is given to the <emphasis
+          role="bold">refresh</emphasis> command, the mangle table is
+          refreshed along with the blacklist chain (if any). This allows you
+          to modify <filename>/etc/shorewall/tcrules </filename>and install
+          the changes using <emphasis role="bold">refresh</emphasis>. </para>
        </listitem>
      </varlistentry>