forked from extern/shorewall_code
Expand manpage text about trace/debug -> -T/-D change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
2604378646
commit
a6c1cd6d7b
@ -1035,15 +1035,10 @@
|
||||
<term>-T</term>
|
||||
|
||||
<listitem>
|
||||
<para>If the command invokes the generated firewall script, the
|
||||
script's execution will be traced to standard error. This option
|
||||
replaces the earlier <emphasis role="bold">trace</emphasis>
|
||||
keyword.</para>
|
||||
|
||||
<caution>
|
||||
<para>If both -T and -D are specified, only the last one specified
|
||||
will be in effect.</para>
|
||||
</caution>
|
||||
<para>Added in Shorewall 5.2.4 to replace the earlier
|
||||
<command>trace</command> keyword.. If the command invokes the
|
||||
generated firewall script, the script's execution will be traced to
|
||||
standard error.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1051,20 +1046,50 @@
|
||||
<term>-D</term>
|
||||
|
||||
<listitem>
|
||||
<para>If the command invokes the generated firewall script,
|
||||
individual invocations of the ip[6]tables utility will be used to
|
||||
configure the ruleset rather than ip[6]tables-restore. This is
|
||||
useful for diagnosing ip[6]tables-restore failures on a *COMMIT
|
||||
command. The option replaces the earlier <emphasis
|
||||
role="bold">debug</emphasis> keyword.</para>
|
||||
|
||||
<caution>
|
||||
<para>If both -T and -D are specified, only the last one specified
|
||||
will be in effect.</para>
|
||||
</caution>
|
||||
<para>Added in Shorewall 5.2.4 to replace the earlier debug keyword.
|
||||
If the command invokes the generated firewall script, individual
|
||||
invocations of the ip[6]tables utility will be used to configure the
|
||||
ruleset rather than ip[6]tables-restore. This is useful for
|
||||
diagnosing ip[6]tables-restore failures on a *COMMIT command.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
<note>
|
||||
<para>Prior to Shorewall 5.2.4, the general syntax for a CLI command
|
||||
was:</para>
|
||||
|
||||
<cmdsynopsis>
|
||||
<arg><option>trace|debug</option></arg>
|
||||
|
||||
<arg><option>nolock</option></arg>
|
||||
|
||||
<arg><replaceable>options</replaceable></arg>
|
||||
|
||||
<arg choice="plain"><replaceable>command</replaceable></arg>
|
||||
|
||||
<arg><replaceable>command-options</replaceable></arg>
|
||||
|
||||
<arg><replaceable>command-arguments</replaceable></arg>
|
||||
</cmdsynopsis>
|
||||
|
||||
<para>Examples:</para>
|
||||
|
||||
<programlisting> shorewall debug -tv2 reload
|
||||
shorewall trace check
|
||||
shorewall nolock enable eth0</programlisting>
|
||||
|
||||
<para>In Shorewall 5.2.4 and later, those commands would be:</para>
|
||||
|
||||
<programlisting> shorewall -Dtv2 reload
|
||||
shorewall check -D
|
||||
shorewall -N enable eth0</programlisting>
|
||||
|
||||
<para>While not shown in the command synopses at the top of this page,
|
||||
the <option>nolock</option> keyword is still supported in Shorewall
|
||||
5.2.4 and later, but is deprecated in favor of the -<option>N
|
||||
</option>option.</para>
|
||||
</note>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
|
Loading…
Reference in New Issue
Block a user