diff --git a/docs/FAQ.xml b/docs/FAQ.xml
index cceb841e2..9f66355ef 100644
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@@ -176,7 +176,7 @@
port-forwarding rule to a local system is as follows:
#ACTION SOURCE DEST PROTO DEST PORT
-DNAT net loc:<local IP address>[:<local port>] <protocol> <port #>
+DNAT net loc:local-IP-address[:local-port] protocol port-number
So to forward UDP port 7777 to internal system 192.168.1.5, the
rule is:
@@ -185,23 +185,23 @@ DNAT net loc:<local IP address>[:<
If you want to forward requests directed to a particular address (
- <external IP> ) on your firewall to an
- internal system:
+ external-IP ) on your firewall to an internal
+ system:
- #ACTION SOURCE DEST PROTO DEST PORT SOURCE ORIGINAL
-# PORT DEST.
-DNAT net loc:<local IP address>[:<local port>] <protocol> <port #> - <external IP>
+ #ACTION SOURCE DEST PROTO DEST PORT SOURCE ORIGINAL
+# PORT DEST.
+DNAT net loc:local-IP-address>[:local-port] protocol port-number - external-IP
If you want to forward requests from a particular internet address
- ( <address> ):
+ ( address ):
- #ACTION SOURCE DEST PROTO DEST PORT SOURCE ORIGINAL
-# PORT DEST.
-DNAT net:<address> loc:<local IP address>[:<local port>] <protocol> <port #> -
+ #ACTION SOURCE DEST PROTO DEST PORT SOURCE ORIGINAL
+# PORT DEST.
+DNAT net:address loc:local-IP-address[:local-port] protocol port-number -
Finally, if you need to forward a range of ports, in the DEST PORT
column specify the range as
- <low-port>:<high-port>.
+ low-port:high-port.
(FAQ 1a) Okay -- I followed those instructions but it doesn't
@@ -628,8 +628,8 @@ dmz eth2 192.168.2.255 <emphasis role="bold">routeback</emphasis>
following:</para>
<para>In <filename>/etc/shorewall/params (or in your
- <filename><export directory>/init</filename> file if you are
- using Shorewall Lite on the firewall system)</filename>:</para>
+ <filename>export-directory/init</filename> file if you are using
+ Shorewall Lite on the firewall system)</filename>:</para>
<programlisting><command>ETH0_IP=`find_first_interface_address eth0`</command> </programlisting>
@@ -1240,7 +1240,8 @@ DROP net fw udp 10619</programlisting>
</varlistentry>
<varlistentry id="all2all">
- <term>all2<zone>, <zone>2all or all2all</term>
+ <term>all2<emphasis>zone</emphasis>, <emphasis>zone</emphasis>2all
+ or all2all</term>
<listitem>
<para>You have a <ulink
@@ -1259,36 +1260,36 @@ DROP net fw udp 10619</programlisting>
</varlistentry>
<varlistentry>
- <term><zone1>2<zone2></term>
+ <term><emphasis>zone</emphasis>12<emphasis>zone2</emphasis></term>
<listitem>
<para>Either you have a <ulink
- url="manpages/shorewall-policy.html">policy</ulink> for <emphasis
- role="bold"><zone1></emphasis> to <emphasis
- role="bold"><zone2></emphasis> that specifies a log level
- and this packet is being logged under that policy or this packet
- matches a <ulink url="manpages/shorewall-rules.html">rule</ulink>
- that includes a log level.</para>
+ url="manpages/shorewall-policy.html">policy</ulink> for
+ <emphasis>zone1</emphasis> to<emphasis> zone2</emphasis> that
+ specifies a log level and this packet is being logged under that
+ policy or this packet matches a <ulink
+ url="manpages/shorewall-rules.html">rule</ulink> that includes a
+ log level.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term>@<source>2<dest></term>
+ <term>@<emphasis>source</emphasis>2<emphasis>dest</emphasis></term>
<listitem>
- <para>You have a policy for traffic from <<emphasis
- role="bold">source</emphasis>> to <<emphasis
- role="bold">dest</emphasis>> that specifies TCP connection rate
- limiting (value in the LIMIT:BURST column). The logged packet
- exceeds that limit and was dropped. Note that these log messages
- themselves are severely rate-limited so that a syn-flood won't
- generate a secondary DOS because of excessive log message. These
- log messages were added in Shorewall 2.2.0 Beta 7.</para>
+ <para>You have a policy for traffic from
+ <emphasis>source</emphasis> to <emphasis>dest</emphasis> that
+ specifies TCP connection rate limiting (value in the LIMIT:BURST
+ column). The logged packet exceeds that limit and was dropped.
+ Note that these log messages themselves are severely rate-limited
+ so that a syn-flood won't generate a secondary DOS because of
+ excessive log message. These log messages were added in Shorewall
+ 2.2.0 Beta 7.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term><interface>_mac</term>
+ <term><emphasis>interface</emphasis>_mac</term>
<listitem>
<para>The packet is being logged under the <emphasis
@@ -1911,7 +1912,7 @@ iptables: Invalid argument
<programlisting>#MARK SOURCE DEST
1:P 0.0.0.0/0
1 $FW
-<other MARK rules></programlisting>
+<emphasis>other MARK rules</emphasis></programlisting>
<para>Now any traffic that isn't marked by one of your other MARK rules
will have mark = 1 and will be sent via ISP1. That will work whether