forked from extern/shorewall_code
Update shorewall(8) for single CLI
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
de553e7b18
commit
dae060bbb4
@ -898,8 +898,8 @@
|
|||||||
include <command>shorewall</command> commands in
|
include <command>shorewall</command> commands in
|
||||||
<filename>/etc/shorewall/started</filename>.</para>
|
<filename>/etc/shorewall/started</filename>.</para>
|
||||||
|
|
||||||
<para>Beginning with Shorewall 5.0.15, the <command>shorewall</command>
|
<para>Beginning with Shorewall 5.1.0, the <command>shorewall</command>
|
||||||
command may also be used to control Shorewall6, Shorewall-lite and
|
command is also be used to control Shorewall6, Shorewall-lite and
|
||||||
Shorewall6-lite.</para>
|
Shorewall6-lite.</para>
|
||||||
|
|
||||||
<orderedlist>
|
<orderedlist>
|
||||||
@ -923,9 +923,10 @@
|
|||||||
</orderedlist>
|
</orderedlist>
|
||||||
|
|
||||||
<para>When the Shorewall6 package is installed, the <option>6</option>
|
<para>When the Shorewall6 package is installed, the <option>6</option>
|
||||||
option is used to cause shorewall commands to operate on the Shorewall6
|
option is used to cause <command>shorewall</command> commands to operate
|
||||||
configuration. In other words, "<command>shorewall -6 ...</command>" is
|
on the Shorewall6 configuration. In other words, "<command>shorewall -6
|
||||||
equivalent to "<command>shorewall6 ...</command>".</para>
|
...</command>" is equivalent to the 5.0 command "<command>shorewall6
|
||||||
|
...</command>".</para>
|
||||||
|
|
||||||
<para>Similarly, when Shorewall is not installed but both Shorewall-lite
|
<para>Similarly, when Shorewall is not installed but both Shorewall-lite
|
||||||
and Shorewall6-lite are installed, the <option>6</option> option causes
|
and Shorewall6-lite are installed, the <option>6</option> option causes
|
||||||
@ -936,10 +937,10 @@
|
|||||||
and the corresponding -lite product(s) are installed, the
|
and the corresponding -lite product(s) are installed, the
|
||||||
<option>l</option> option causes <command>shorewall</command> commands to
|
<option>l</option> option causes <command>shorewall</command> commands to
|
||||||
operate on the -lite configuration rather than the standard configuration.
|
operate on the -lite configuration rather than the standard configuration.
|
||||||
In other words "<command>shorewall -l ...</command>" is equivalent to
|
In other words "<command>shorewall -l ...</command>" is equivalent to the
|
||||||
"<command>shorewall-lite -l ...</command>" and "<command>shorewall -6l
|
5.0 "<command>shorewall-lite -l ...</command>" command and
|
||||||
...</command>" is equivalent to "<command>shorewall6-lite
|
"<command>shorewall -6l ...</command>" is equivalent to
|
||||||
...</command>".</para>
|
"<command>shorewall6-lite ...</command>".</para>
|
||||||
|
|
||||||
<para>The remaining <emphasis>options</emphasis> control the amount of
|
<para>The remaining <emphasis>options</emphasis> control the amount of
|
||||||
output that the command produces. They consist of a sequence of the
|
output that the command produces. They consist of a sequence of the
|
||||||
@ -978,7 +979,9 @@
|
|||||||
<para>The <emphasis>interface</emphasis> argument names an interface
|
<para>The <emphasis>interface</emphasis> argument names an interface
|
||||||
defined in the <ulink
|
defined in the <ulink
|
||||||
url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
|
url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
|
||||||
file. A <emphasis>host-list</emphasis> is comma-separated list whose
|
(<ulink
|
||||||
|
url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5))file.
|
||||||
|
A <emphasis>host-list</emphasis> is comma-separated list whose
|
||||||
elements are host or network addresses.<caution>
|
elements are host or network addresses.<caution>
|
||||||
<para>The <command>add</command> command is not very robust. If
|
<para>The <command>add</command> command is not very robust. If
|
||||||
there are errors in the <replaceable>host-list</replaceable>,
|
there are errors in the <replaceable>host-list</replaceable>,
|
||||||
@ -991,12 +994,12 @@
|
|||||||
|
|
||||||
<para>Beginning with Shorewall 4.5.9, the <emphasis
|
<para>Beginning with Shorewall 4.5.9, the <emphasis
|
||||||
role="bold">dynamic_shared</emphasis> zone option (<ulink
|
role="bold">dynamic_shared</emphasis> zone option (<ulink
|
||||||
url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5))
|
url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5),<ulink
|
||||||
allows a single ipset to handle entries for multiple interfaces.
|
url="???">shorewall6-zones</ulink>(5)) allows a single ipset to
|
||||||
When that option is specified for a zone, the <command>add</command>
|
handle entries for multiple interfaces. When that option is
|
||||||
command has the alternative syntax in which the
|
specified for a zone, the <command>add</command> command has the
|
||||||
<replaceable>zone</replaceable> name precedes the
|
alternative syntax in which the <replaceable>zone</replaceable> name
|
||||||
<replaceable>host-list</replaceable>.</para>
|
precedes the <replaceable>host-list</replaceable>.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1076,6 +1079,8 @@
|
|||||||
[<replaceable>directory</replaceable>]</term>
|
[<replaceable>directory</replaceable>]</term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
|
<para>Not available with Shorewall[6]-lite.</para>
|
||||||
|
|
||||||
<para>Compiles the configuration in the specified
|
<para>Compiles the configuration in the specified
|
||||||
<emphasis>directory</emphasis> and discards the compiled output
|
<emphasis>directory</emphasis> and discards the compiled output
|
||||||
script. If no <emphasis>directory</emphasis> is given, then
|
script. If no <emphasis>directory</emphasis> is given, then
|
||||||
@ -1107,7 +1112,9 @@
|
|||||||
contains alternative input specifications following a semicolon
|
contains alternative input specifications following a semicolon
|
||||||
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
|
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
|
||||||
set to Yes in <ulink
|
set to Yes in <ulink
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||||
|
(<ulink
|
||||||
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1147,6 +1154,11 @@
|
|||||||
<para>When the second form of the command is used, the parameters
|
<para>When the second form of the command is used, the parameters
|
||||||
must match those given in the earlier <command>open</command>
|
must match those given in the earlier <command>open</command>
|
||||||
command.</para>
|
command.</para>
|
||||||
|
|
||||||
|
<para>This command requires that the firewall be in the started
|
||||||
|
state and that DYNAMIC_BLACKLIST=Yes in <ulink
|
||||||
|
url="/manpages/shorewall.conf.html">shorewall.conf
|
||||||
|
(5)</ulink>.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1157,6 +1169,8 @@
|
|||||||
</replaceable>] [<replaceable> pathname</replaceable> ]</term>
|
</replaceable>] [<replaceable> pathname</replaceable> ]</term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
|
<para>Not available with shorewall[6]-lite.</para>
|
||||||
|
|
||||||
<para>Compiles the current configuration into the executable file
|
<para>Compiles the current configuration into the executable file
|
||||||
<emphasis>pathname</emphasis>. If a
|
<emphasis>pathname</emphasis>. If a
|
||||||
<replaceable>directory</replaceable> is supplied, Shorewall will
|
<replaceable>directory</replaceable> is supplied, Shorewall will
|
||||||
@ -1206,7 +1220,9 @@
|
|||||||
contains alternative input specifications following a semicolon
|
contains alternative input specifications following a semicolon
|
||||||
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
|
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
|
||||||
set to Yes in <ulink
|
set to Yes in <ulink
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||||
|
(<ulink
|
||||||
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1223,12 +1239,16 @@
|
|||||||
<para>The <emphasis>interface</emphasis> argument names an interface
|
<para>The <emphasis>interface</emphasis> argument names an interface
|
||||||
defined in the <ulink
|
defined in the <ulink
|
||||||
url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
|
url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
|
||||||
|
(<ulink
|
||||||
|
url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5)
|
||||||
file. A <emphasis>host-list</emphasis> is comma-separated list whose
|
file. A <emphasis>host-list</emphasis> is comma-separated list whose
|
||||||
elements are a host or network address.</para>
|
elements are a host or network address.</para>
|
||||||
|
|
||||||
<para>Beginning with Shorewall 4.5.9, the <emphasis
|
<para>Beginning with Shorewall 4.5.9, the <emphasis
|
||||||
role="bold">dynamic_shared</emphasis> zone option (<ulink
|
role="bold">dynamic_shared</emphasis> zone option (<ulink
|
||||||
url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5))
|
url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5),
|
||||||
|
<ulink
|
||||||
|
url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink>(5))
|
||||||
allows a single ipset to handle entries for multiple interfaces.
|
allows a single ipset to handle entries for multiple interfaces.
|
||||||
When that option is specified for a zone, the
|
When that option is specified for a zone, the
|
||||||
<command>delete</command> command has the alternative syntax in
|
<command>delete</command> command has the alternative syntax in
|
||||||
@ -1254,7 +1274,9 @@
|
|||||||
may be either the logical or physical name of the interface. The
|
may be either the logical or physical name of the interface. The
|
||||||
command removes any routes added from <ulink
|
command removes any routes added from <ulink
|
||||||
url="/manpages/shorewall-routes.html">shorewall-routes</ulink>(5)
|
url="/manpages/shorewall-routes.html">shorewall-routes</ulink>(5)
|
||||||
and any traffic shaping configuration for the interface.</para>
|
(<ulink
|
||||||
|
url="/manpages/shorewall6-routes.html">shorewall6-routes</ulink>(5))and
|
||||||
|
any traffic shaping configuration for the interface.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1264,7 +1286,10 @@
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Causes traffic from the listed <emphasis>address</emphasis>es
|
<para>Causes traffic from the listed <emphasis>address</emphasis>es
|
||||||
to be silently dropped.</para>
|
to be silently dropped. This command requires that the firewall be
|
||||||
|
in the started state and that DYNAMIC_BLACKLIST=Yes in <ulink
|
||||||
|
url="/manpages/shorewall.conf.html">shorewall.conf
|
||||||
|
(5)</ulink>.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1310,6 +1335,8 @@
|
|||||||
command sets <filename>/proc</filename> entries for the interface,
|
command sets <filename>/proc</filename> entries for the interface,
|
||||||
adds any route specified in <ulink
|
adds any route specified in <ulink
|
||||||
url="/manpages/shorewall-routes.html">shorewall-routes</ulink>(5)
|
url="/manpages/shorewall-routes.html">shorewall-routes</ulink>(5)
|
||||||
|
(<ulink
|
||||||
|
url="/manpages/shorewall6-routes.html">shorewall6-routes</ulink>(5))
|
||||||
and installs the interface's traffic shaping configuration, if
|
and installs the interface's traffic shaping configuration, if
|
||||||
any.</para>
|
any.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
@ -1322,6 +1349,8 @@
|
|||||||
]</term>
|
]</term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
|
<para>Not available with Shorewall[6]-lite.</para>
|
||||||
|
|
||||||
<para>If <emphasis>directory1</emphasis> is omitted, the current
|
<para>If <emphasis>directory1</emphasis> is omitted, the current
|
||||||
working directory is assumed.</para>
|
working directory is assumed.</para>
|
||||||
|
|
||||||
@ -1350,7 +1379,9 @@
|
|||||||
<para>Deletes /var/lib/shorewall/<emphasis>filename</emphasis> and
|
<para>Deletes /var/lib/shorewall/<emphasis>filename</emphasis> and
|
||||||
/var/lib/shorewall/save. If no <emphasis>filename</emphasis> is
|
/var/lib/shorewall/save. If no <emphasis>filename</emphasis> is
|
||||||
given then the file specified by RESTOREFILE in <ulink
|
given then the file specified by RESTOREFILE in <ulink
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) is
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||||
|
(<ulink
|
||||||
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)) is
|
||||||
assumed.</para>
|
assumed.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
@ -1370,7 +1401,8 @@
|
|||||||
<listitem>
|
<listitem>
|
||||||
<para>Generates several reports from Shorewall log messages in the
|
<para>Generates several reports from Shorewall log messages in the
|
||||||
current log file. If the <option>-t</option> option is included, the
|
current log file. If the <option>-t</option> option is included, the
|
||||||
reports are restricted to log messages generated today.</para>
|
reports are restricted to log messages generated today. Not
|
||||||
|
available with Shorewall6[-lite].</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1380,8 +1412,8 @@
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Ipcalc displays the network address, broadcast address,
|
<para>Ipcalc displays the network address, broadcast address,
|
||||||
network in CIDR notation and netmask corresponding to the
|
network in CIDR notation and netmask corresponding to the input[s].
|
||||||
input[s].</para>
|
Not available with Shorewall6[-lite].</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1391,7 +1423,8 @@
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Iprange decomposes the specified range of IP addresses into
|
<para>Iprange decomposes the specified range of IP addresses into
|
||||||
the equivalent list of network/host addresses.</para>
|
the equivalent list of network/host addresses. Not available with
|
||||||
|
Shorewall6[-lite].</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1431,8 +1464,13 @@
|
|||||||
<para>Causes traffic from the listed <emphasis>address</emphasis>es
|
<para>Causes traffic from the listed <emphasis>address</emphasis>es
|
||||||
to be logged then discarded. Logging occurs at the log level
|
to be logged then discarded. Logging occurs at the log level
|
||||||
specified by the BLACKLIST_LOGLEVEL setting in <ulink
|
specified by the BLACKLIST_LOGLEVEL setting in <ulink
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink> (5)
|
||||||
(5).</para>
|
(<ulink
|
||||||
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).
|
||||||
|
This command requires that the firewall be in the started state and
|
||||||
|
that DYNAMIC_BLACKLIST=Yes in <ulink
|
||||||
|
url="/manpages/shorewall.conf.html">shorewall.conf
|
||||||
|
(5)</ulink>.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1443,6 +1481,8 @@
|
|||||||
<listitem>
|
<listitem>
|
||||||
<para>Monitors the log file specified by the LOGFILE option in
|
<para>Monitors the log file specified by the LOGFILE option in
|
||||||
<ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
<ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||||
|
(<ulink
|
||||||
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5))
|
||||||
and produces an audible alarm when new Shorewall messages are
|
and produces an audible alarm when new Shorewall messages are
|
||||||
logged. The <emphasis role="bold">-m</emphasis> option causes the
|
logged. The <emphasis role="bold">-m</emphasis> option causes the
|
||||||
MAC address of each packet source to be displayed if that
|
MAC address of each packet source to be displayed if that
|
||||||
@ -1463,8 +1503,13 @@
|
|||||||
<para>Causes traffic from the listed <emphasis>address</emphasis>es
|
<para>Causes traffic from the listed <emphasis>address</emphasis>es
|
||||||
to be logged then rejected. Logging occurs at the log level
|
to be logged then rejected. Logging occurs at the log level
|
||||||
specified by the BLACKLIST_LOGLEVEL setting in <ulink
|
specified by the BLACKLIST_LOGLEVEL setting in <ulink
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink> (5),
|
||||||
(5).</para>
|
(<ulink
|
||||||
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).
|
||||||
|
This command requires that the firewall be in the started state and
|
||||||
|
that DYNAMIC_BLACKLIST=Yes in <ulink
|
||||||
|
url="/manpages/shorewall.conf.html">shorewall.conf
|
||||||
|
(5)</ulink>.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1551,6 +1596,8 @@
|
|||||||
<replaceable>chain</replaceable>... ]</term>
|
<replaceable>chain</replaceable>... ]</term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
|
<para>Not available with Shorewall[6]-lite.</para>
|
||||||
|
|
||||||
<para>All steps performed by <command>restart</command> are
|
<para>All steps performed by <command>restart</command> are
|
||||||
performed by <command>refresh</command> with the exception that
|
performed by <command>refresh</command> with the exception that
|
||||||
<command>refresh</command> only recreates the chains specified in
|
<command>refresh</command> only recreates the chains specified in
|
||||||
@ -1605,7 +1652,10 @@
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Causes traffic from the listed <emphasis>address</emphasis>es
|
<para>Causes traffic from the listed <emphasis>address</emphasis>es
|
||||||
to be silently rejected.</para>
|
to be silently rejected. This command requires that the firewall be
|
||||||
|
in the started state and that DYNAMIC_BLACKLIST=Yes in <ulink
|
||||||
|
url="/manpages/shorewall.conf.html">shorewall.conf
|
||||||
|
(5)</ulink>.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1635,38 +1685,47 @@
|
|||||||
be installed to use this option.</para>
|
be installed to use this option.</para>
|
||||||
|
|
||||||
<para>The <option>-d</option> option causes the compiler to run
|
<para>The <option>-d</option> option causes the compiler to run
|
||||||
under the Perl debugger.</para>
|
under the Perl debugger (Shorewall and Shorewall6 only).</para>
|
||||||
|
|
||||||
<para>The <option>-f</option> option suppresses the compilation step
|
<para>The <option>-f</option> option suppresses the compilation step
|
||||||
and simply reused the compiled script which last started/restarted
|
and simply reused the compiled script which last started/restarted
|
||||||
Shorewall, provided that /etc/shorewall and its contents have not
|
Shorewall, provided that /etc/shorewall and its contents have not
|
||||||
been modified since the last start/restart.</para>
|
been modified since the last start/restart (Shorewall and Shorewall6
|
||||||
|
only).</para>
|
||||||
|
|
||||||
<para>The <option>-c</option> option was added in Shorewall 4.4.20
|
<para>The <option>-c</option> option was added in Shorewall 4.4.20
|
||||||
and performs the compilation step unconditionally, overriding the
|
and performs the compilation step unconditionally, overriding the
|
||||||
AUTOMAKE setting in <ulink
|
AUTOMAKE setting in <ulink
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). When
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||||
both <option>-f</option> and <option>-c</option> are present, the
|
(Shorewall and Shorewall6 only). When both <option>-f</option> and
|
||||||
result is determined by the option that appears last.</para>
|
<option>-c</option> are present, the result is determined by the
|
||||||
|
option that appears last.</para>
|
||||||
|
|
||||||
<para>The <option>-T</option> option was added in Shorewall 4.5.3
|
<para>The <option>-T</option> option was added in Shorewall 4.5.3
|
||||||
and causes a Perl stack trace to be included with each
|
and causes a Perl stack trace to be included with each
|
||||||
compiler-generated error and warning message.</para>
|
compiler-generated error and warning message (Shorewall and
|
||||||
|
Shorewall6 only).</para>
|
||||||
|
|
||||||
<para>The <option>-i</option> option was added in Shorewall 4.6.0
|
<para>The <option>-i</option> option was added in Shorewall 4.6.0
|
||||||
and causes a warning message to be issued if the current line
|
and causes a warning message to be issued if the current line
|
||||||
contains alternative input specifications following a semicolon
|
contains alternative input specifications following a semicolon
|
||||||
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
|
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
|
||||||
set to Yes in <ulink
|
set to Yes in <ulink
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||||
|
(<ulink
|
||||||
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).
|
||||||
|
This option is available in Shorewall and Shorewall6 only.</para>
|
||||||
|
|
||||||
<para>The <option>-C</option> option was added in Shorewall 4.6.5
|
<para>The <option>-C</option> option was added in Shorewall 4.6.5
|
||||||
and is only meaningful when AUTOMAKE=Yes in <ulink
|
and is only meaningful when AUTOMAKE=Yes in <ulink
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). If an
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||||
existing firewall script is used and if that script was the one that
|
(<ulink
|
||||||
generated the current running configuration, then the running
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).
|
||||||
netfilter configuration will be reloaded as is so as to preserve the
|
If an existing firewall script is used and if that script was the
|
||||||
iptables packet and byte counters.</para>
|
one that generated the current running configuration, then the
|
||||||
|
running netfilter configuration will be reloaded as is so as to
|
||||||
|
preserve the iptables packet and byte counters. This option is
|
||||||
|
available in Shorewall and Shorewall6 only.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1679,7 +1738,8 @@
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>This command was renamed from <command>load</command> in
|
<para>This command was renamed from <command>load</command> in
|
||||||
Shorewall 5.0.0.</para>
|
Shorewall 5.0.0 and is only available in Shorewall and
|
||||||
|
Shoreawall6.</para>
|
||||||
|
|
||||||
<para>If <emphasis>directory</emphasis> is omitted, the current
|
<para>If <emphasis>directory</emphasis> is omitted, the current
|
||||||
working directory is assumed. Allows a non-root user to compile a
|
working directory is assumed. Allows a non-root user to compile a
|
||||||
@ -1704,8 +1764,9 @@
|
|||||||
ssh. Beginning with Shorewall 5.0.13, if
|
ssh. Beginning with Shorewall 5.0.13, if
|
||||||
<replaceable>system</replaceable> is omitted, then the FIREWALL
|
<replaceable>system</replaceable> is omitted, then the FIREWALL
|
||||||
option setting in <ulink
|
option setting in <ulink
|
||||||
url="shorewall6.conf.html">shorewall6.conf(5)</ulink> is assumed. In
|
url="shorewall.conf.html">shorewall.conf</ulink>(5) (<ulink
|
||||||
that case, if you want to specify a
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink>) is
|
||||||
|
assumed. In that case, if you want to specify a
|
||||||
<replaceable>directory</replaceable>, then the <option>-D</option>
|
<replaceable>directory</replaceable>, then the <option>-D</option>
|
||||||
option must be given.</para>
|
option must be given.</para>
|
||||||
|
|
||||||
@ -1747,7 +1808,8 @@
|
|||||||
<replaceable>system</replaceable> ]</term>
|
<replaceable>system</replaceable> ]</term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>This command was added in Shorewall 5.0.0.</para>
|
<para>This command was added in Shorewall 5.0.0 and is only
|
||||||
|
available in Shorewall and Shorewall6.</para>
|
||||||
|
|
||||||
<para>If <emphasis>directory</emphasis> is omitted, the current
|
<para>If <emphasis>directory</emphasis> is omitted, the current
|
||||||
working directory is assumed. Allows a non-root user to compile a
|
working directory is assumed. Allows a non-root user to compile a
|
||||||
@ -1772,8 +1834,9 @@
|
|||||||
Beginning with Shorewall 5.0.13, if
|
Beginning with Shorewall 5.0.13, if
|
||||||
<replaceable>system</replaceable> is omitted, then the FIREWALL
|
<replaceable>system</replaceable> is omitted, then the FIREWALL
|
||||||
option setting in <ulink
|
option setting in <ulink
|
||||||
url="shorewall6.conf.html">shorewall6.conf(5)</ulink> is assumed. In
|
url="shorewall6.conf.html">shorewall6.conf(5)</ulink> (<ulink
|
||||||
that case, if you want to specify a
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)) is
|
||||||
|
assumed. In that case, if you want to specify a
|
||||||
<replaceable>directory</replaceable>, then the <option>-D</option>
|
<replaceable>directory</replaceable>, then the <option>-D</option>
|
||||||
option must be given.</para>
|
option must be given.</para>
|
||||||
|
|
||||||
@ -1802,7 +1865,9 @@
|
|||||||
contains alternative input specifications following a semicolon
|
contains alternative input specifications following a semicolon
|
||||||
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
|
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
|
||||||
set to Yes in <ulink
|
set to Yes in <ulink
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||||
|
(<ulink
|
||||||
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1816,7 +1881,8 @@
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>This command was renamed from <command>reload</command> in
|
<para>This command was renamed from <command>reload</command> in
|
||||||
Shorewall 5.0.0.</para>
|
Shorewall 5.0.0 and is available in Shorewall and Shorewall6
|
||||||
|
only.</para>
|
||||||
|
|
||||||
<para>If <emphasis>directory</emphasis> is omitted, the current
|
<para>If <emphasis>directory</emphasis> is omitted, the current
|
||||||
working directory is assumed. Allows a non-root user to compile a
|
working directory is assumed. Allows a non-root user to compile a
|
||||||
@ -1841,8 +1907,9 @@
|
|||||||
Beginning with Shorewall 5.0.13, if
|
Beginning with Shorewall 5.0.13, if
|
||||||
<replaceable>system</replaceable> is omitted, then the FIREWALL
|
<replaceable>system</replaceable> is omitted, then the FIREWALL
|
||||||
option setting in <ulink
|
option setting in <ulink
|
||||||
url="shorewall6.conf.html">shorewall6.conf(5)</ulink> is assumed. In
|
url="shorewall6.conf.html">shorewall6.conf(5)</ulink> (<ulink
|
||||||
that case, if you want to specify a
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)) is
|
||||||
|
assumed. In that case, if you want to specify a
|
||||||
<replaceable>directory</replaceable>, then the <option>-D</option>
|
<replaceable>directory</replaceable>, then the <option>-D</option>
|
||||||
option must be given.</para>
|
option must be given.</para>
|
||||||
|
|
||||||
@ -1871,7 +1938,9 @@
|
|||||||
contains alternative input specifications following a semicolon
|
contains alternative input specifications following a semicolon
|
||||||
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
|
(";"). Such lines will be handled incorrectly if INLINE_MATCHES is
|
||||||
set to Yes in <ulink
|
set to Yes in <ulink
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||||
|
(<ulink
|
||||||
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1904,7 +1973,8 @@
|
|||||||
<para>Beginning with Shorewall 5.0.0, this command performs a true
|
<para>Beginning with Shorewall 5.0.0, this command performs a true
|
||||||
restart. The firewall is completely stopped as if a
|
restart. The firewall is completely stopped as if a
|
||||||
<command>stop</command> command had been issued then it is started
|
<command>stop</command> command had been issued then it is started
|
||||||
again.</para>
|
again. The command is available on Shorewall and Shorewall6
|
||||||
|
only.</para>
|
||||||
|
|
||||||
<para>If a <emphasis>directory</emphasis> is included in the
|
<para>If a <emphasis>directory</emphasis> is included in the
|
||||||
command, Shorewall will look in that <emphasis>directory</emphasis>
|
command, Shorewall will look in that <emphasis>directory</emphasis>
|
||||||
@ -1966,7 +2036,9 @@
|
|||||||
role="bold">shorewall save</emphasis>; if no
|
role="bold">shorewall save</emphasis>; if no
|
||||||
<emphasis>filename</emphasis> is given then Shorewall will be
|
<emphasis>filename</emphasis> is given then Shorewall will be
|
||||||
restored from the file specified by the RESTOREFILE option in <ulink
|
restored from the file specified by the RESTOREFILE option in <ulink
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||||
|
(<ulink
|
||||||
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||||
|
|
||||||
<caution>
|
<caution>
|
||||||
<para>If your iptables ruleset depends on variables that are
|
<para>If your iptables ruleset depends on variables that are
|
||||||
@ -2027,8 +2099,8 @@
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Added in Shorewall 5.0.0, this command performs the same
|
<para>Added in Shorewall 5.0.0, this command performs the same
|
||||||
function as did <command>safe_restart</command> in earlier
|
function as did <command>safe_restart</command> in earlier releases.
|
||||||
releases.</para>
|
The command is available in Shorewall and Shorewall6 only.</para>
|
||||||
|
|
||||||
<para>Only allowed if Shorewall is running. The current
|
<para>Only allowed if Shorewall is running. The current
|
||||||
configuration is saved in /var/lib/shorewall/safe-reload (see the
|
configuration is saved in /var/lib/shorewall/safe-reload (see the
|
||||||
@ -2058,16 +2130,17 @@
|
|||||||
<replaceable>directory</replaceable> ]</term>
|
<replaceable>directory</replaceable> ]</term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Only allowed if Shorewall is running. The current
|
<para>Only allowed if Shorewall[6] is running and is not available
|
||||||
configuration is saved in /var/lib/shorewall/safe-restart (see the
|
in Shorewall-lite and Shorewall6-lite. The current configuration is
|
||||||
save command below) then a <emphasis role="bold">shorewall
|
saved in /var/lib/shorewall/safe-restart (see the save command
|
||||||
restart</emphasis> is done. You will then be prompted asking if you
|
below) then a <emphasis role="bold">shorewall restart</emphasis> is
|
||||||
want to accept the new configuration or not. If you answer "n" or if
|
done. You will then be prompted asking if you want to accept the new
|
||||||
you fail to answer within 60 seconds (such as when your new
|
configuration or not. If you answer "n" or if you fail to answer
|
||||||
configuration has disabled communication with your terminal), the
|
within 60 seconds (such as when your new configuration has disabled
|
||||||
configuration is restored from the saved configuration. If a
|
communication with your terminal), the configuration is restored
|
||||||
directory is given, then Shorewall will look in that directory first
|
from the saved configuration. If a directory is given, then
|
||||||
when opening configuration files.</para>
|
Shorewall will look in that directory first when opening
|
||||||
|
configuration files.</para>
|
||||||
|
|
||||||
<para>Beginning with Shorewall 4.5.0, you may specify a different
|
<para>Beginning with Shorewall 4.5.0, you may specify a different
|
||||||
<replaceable>timeout</replaceable> value using the
|
<replaceable>timeout</replaceable> value using the
|
||||||
@ -2101,6 +2174,9 @@
|
|||||||
<option>s</option>, <option>m</option> or <option>h</option> suffix
|
<option>s</option>, <option>m</option> or <option>h</option> suffix
|
||||||
(e.g., 5m) to specify seconds, minutes or hours respectively. If the
|
(e.g., 5m) to specify seconds, minutes or hours respectively. If the
|
||||||
suffix is omitted, seconds is assumed.</para>
|
suffix is omitted, seconds is assumed.</para>
|
||||||
|
|
||||||
|
<para>This command is available in Shorewall and Shorewall6
|
||||||
|
only.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -2116,7 +2192,9 @@
|
|||||||
role="bold">shorewall -f start</emphasis> commands. If
|
role="bold">shorewall -f start</emphasis> commands. If
|
||||||
<emphasis>filename</emphasis> is not given then the state is saved
|
<emphasis>filename</emphasis> is not given then the state is saved
|
||||||
in the file specified by the RESTOREFILE option in <ulink
|
in the file specified by the RESTOREFILE option in <ulink
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||||
|
(<ulink
|
||||||
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||||
|
|
||||||
<para>The <option>-C</option> option, added in Shorewall 4.6.5,
|
<para>The <option>-C</option> option, added in Shorewall 4.6.5,
|
||||||
causes the iptables packet and byte counters to be saved along with
|
causes the iptables packet and byte counters to be saved along with
|
||||||
@ -2131,7 +2209,9 @@
|
|||||||
<para>Added in shorewall 4.6.8. Performs the same action as the
|
<para>Added in shorewall 4.6.8. Performs the same action as the
|
||||||
<command>stop</command> command with respect to saving ipsets (see
|
<command>stop</command> command with respect to saving ipsets (see
|
||||||
the SAVE_IPSETS option in <ulink
|
the SAVE_IPSETS option in <ulink
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink> (5)).
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink> (5)
|
||||||
|
(<ulink
|
||||||
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).
|
||||||
This command may be used to proactively save your ipset contents in
|
This command may be used to proactively save your ipset contents in
|
||||||
the event that a system failure occurs prior to issuing a
|
the event that a system failure occurs prior to issuing a
|
||||||
<command>stop</command> command.</para>
|
<command>stop</command> command.</para>
|
||||||
@ -2287,7 +2367,8 @@
|
|||||||
<para>Added in Shorewall 4.4.17. Displays the per-IP
|
<para>Added in Shorewall 4.4.17. Displays the per-IP
|
||||||
accounting counters (<ulink
|
accounting counters (<ulink
|
||||||
url="/manpages/shorewall-accounting.html">shorewall-accounting</ulink>
|
url="/manpages/shorewall-accounting.html">shorewall-accounting</ulink>
|
||||||
(5)).</para>
|
(5), <ulink
|
||||||
|
url="/manpages6/shorewall6-accounting.html">shorewall6-accounting</ulink>(5)).</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -2298,7 +2379,9 @@
|
|||||||
<listitem>
|
<listitem>
|
||||||
<para>Displays the last 20 Shorewall messages from the log
|
<para>Displays the last 20 Shorewall messages from the log
|
||||||
file specified by the LOGFILE option in <ulink
|
file specified by the LOGFILE option in <ulink
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||||
|
(<ulink
|
||||||
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).
|
||||||
The <emphasis role="bold">-m</emphasis> option causes the MAC
|
The <emphasis role="bold">-m</emphasis> option causes the MAC
|
||||||
address of each packet source to be displayed if that
|
address of each packet source to be displayed if that
|
||||||
information is available.</para>
|
information is available.</para>
|
||||||
@ -2310,7 +2393,7 @@
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Displays information about each macro defined on the
|
<para>Displays information about each macro defined on the
|
||||||
firewall system.</para>
|
firewall system (Shorewall and Shorewall6 only)</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -2322,7 +2405,8 @@
|
|||||||
<para>Added in Shorewall 4.4.6. Displays the file that
|
<para>Added in Shorewall 4.4.6. Displays the file that
|
||||||
implements the specified <replaceable>macro</replaceable>
|
implements the specified <replaceable>macro</replaceable>
|
||||||
(usually
|
(usually
|
||||||
<filename>/usr/share/shorewall/macro</filename>.<replaceable>macro</replaceable>).</para>
|
<filename>/usr/share/shorewall/macro</filename>.<replaceable>macro</replaceable>).
|
||||||
|
Available only in Shorewall and Shorewall6.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -2440,59 +2524,114 @@
|
|||||||
<replaceable>directory</replaceable> ]</term>
|
<replaceable>directory</replaceable> ]</term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Start shorewall. Existing connections through shorewall
|
<para><variablelist>
|
||||||
managed interfaces are untouched. New connections will be allowed
|
<varlistentry>
|
||||||
only if they are allowed by the firewall rules or policies. If a
|
<term>Shorewall and Shorewall6</term>
|
||||||
<replaceable>directory</replaceable> is included in the command,
|
|
||||||
Shorewall will look in that <emphasis>directory</emphasis> first for
|
|
||||||
configuration files. If <emphasis role="bold">-f</emphasis> is
|
|
||||||
specified, the saved configuration specified by the RESTOREFILE
|
|
||||||
option in <ulink
|
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) will
|
|
||||||
be restored if that saved configuration exists and has been modified
|
|
||||||
more recently than the files in /etc/shorewall. When <emphasis
|
|
||||||
role="bold">-f</emphasis> is given, a
|
|
||||||
<replaceable>directory</replaceable> may not be specified.</para>
|
|
||||||
|
|
||||||
<para>Update: In Shorewall 4.4.20, a new LEGACY_FASTSTART option was
|
<listitem>
|
||||||
added to <ulink
|
<para>Start shorewall[6]. Existing connections through
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). When
|
shorewall managed interfaces are untouched. New connections
|
||||||
LEGACY_FASTSTART=No, the modification times of files in
|
will be allowed only if they are allowed by the firewall
|
||||||
/etc/shorewall are compared with that of /var/lib/shorewall/firewall
|
rules or policies. If a <replaceable>directory</replaceable>
|
||||||
(the compiled script that last started/restarted the
|
is included in the command, Shorewall will look in that
|
||||||
firewall).</para>
|
<emphasis>directory</emphasis> first for configuration
|
||||||
|
files. If <emphasis role="bold">-f</emphasis> is specified,
|
||||||
|
the saved configuration specified by the RESTOREFILE option
|
||||||
|
in <ulink
|
||||||
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||||
|
(<ulink
|
||||||
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5))
|
||||||
|
will be restored if that saved configuration exists and has
|
||||||
|
been modified more recently than the files in
|
||||||
|
/etc/shorewall. When <emphasis role="bold">-f</emphasis> is
|
||||||
|
given, a <replaceable>directory</replaceable> may not be
|
||||||
|
specified.</para>
|
||||||
|
|
||||||
<para>The <option>-n</option> option causes Shorewall to avoid
|
<para>Update: In Shorewall 4.4.20, a new LEGACY_FASTSTART
|
||||||
updating the routing table(s).</para>
|
option was added to <ulink
|
||||||
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||||
|
(<ulink
|
||||||
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).
|
||||||
|
When LEGACY_FASTSTART=No, the modification times of files in
|
||||||
|
/etc/shorewall are compared with that of
|
||||||
|
/var/lib/shorewall/firewall (the compiled script that last
|
||||||
|
started/restarted the firewall).</para>
|
||||||
|
|
||||||
<para>The <option>-p</option> option causes the connection tracking
|
<para>The <option>-n</option> option causes Shorewall to
|
||||||
table to be flushed; the <command>conntrack</command> utility must
|
avoid updating the routing table(s).</para>
|
||||||
be installed to use this option.</para>
|
|
||||||
|
|
||||||
<para>The <option>-c</option> option was added in Shorewall 4.4.20
|
<para>The <option>-p</option> option causes the connection
|
||||||
and performs the compilation step unconditionally, overriding the
|
tracking table to be flushed; the
|
||||||
AUTOMAKE setting in <ulink
|
<command>conntrack</command> utility must be installed to
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). When
|
use this option.</para>
|
||||||
both <option>-f</option> and <option>-c</option>are present, the
|
|
||||||
result is determined by the option that appears last.</para>
|
|
||||||
|
|
||||||
<para>The <option>-T</option> option was added in Shorewall 4.5.3
|
<para>The <option>-c</option> option was added in Shorewall
|
||||||
and causes a Perl stack trace to be included with each
|
4.4.20 and performs the compilation step unconditionally,
|
||||||
compiler-generated error and warning message.</para>
|
overriding the AUTOMAKE setting in <ulink
|
||||||
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||||
|
(<ulink
|
||||||
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).
|
||||||
|
When both <option>-f</option> and <option>-c</option>are
|
||||||
|
present, the result is determined by the option that appears
|
||||||
|
last.</para>
|
||||||
|
|
||||||
<para>The -i option was added in Shorewall 4.6.0 and causes a
|
<para>The <option>-T</option> option was added in Shorewall
|
||||||
warning message to be issued if the current line contains
|
4.5.3 and causes a Perl stack trace to be included with each
|
||||||
alternative input specifications following a semicolon (";"). Such
|
compiler-generated error and warning message.</para>
|
||||||
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
|
|
||||||
<ulink
|
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf(5)</ulink>.</para>
|
|
||||||
|
|
||||||
<para>The <option>-C</option> option was added in Shorewall 4.6.5
|
<para>The -i option was added in Shorewall 4.6.0 and causes
|
||||||
and is only meaningful when the <option>-f</option> option is also
|
a warning message to be issued if the current line contains
|
||||||
specified. If the previously-saved configuration is restored, and if
|
alternative input specifications following a semicolon
|
||||||
the <option>-C</option> option was also specified in the <emphasis
|
(";"). Such lines will be handled incorrectly if
|
||||||
role="bold">save</emphasis> command, then the packet and byte
|
INLINE_MATCHES is set to Yes in <ulink
|
||||||
counters will be restored.</para>
|
url="/manpages/shorewall.conf.html">shorewall.conf(5)</ulink>
|
||||||
|
(<ulink
|
||||||
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||||
|
|
||||||
|
<para>The <option>-C</option> option was added in Shorewall
|
||||||
|
4.6.5 and is only meaningful when the <option>-f</option>
|
||||||
|
option is also specified. If the previously-saved
|
||||||
|
configuration is restored, and if the <option>-C</option>
|
||||||
|
option was also specified in the <emphasis
|
||||||
|
role="bold">save</emphasis> command, then the packet and
|
||||||
|
byte counters will be restored.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>Shorewall-lite and Shorewall6-lite</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Start Shorewall[6] Lite. Existing connections through
|
||||||
|
shorewall[6]-lite managed interfaces are untouched. New
|
||||||
|
connections will be allowed only if they are allowed by the
|
||||||
|
firewall rules or policies.</para>
|
||||||
|
|
||||||
|
<para>The <option>-p</option> option causes the connection
|
||||||
|
tracking table to be flushed; the
|
||||||
|
<command>conntrack</command> utility must be installed to
|
||||||
|
use this option.</para>
|
||||||
|
|
||||||
|
<para>The <option>-n</option> option prevents the firewall
|
||||||
|
script from modifying the current routing
|
||||||
|
configuration.</para>
|
||||||
|
|
||||||
|
<para>The <option>-f</option> option was added in Shorewall
|
||||||
|
4.6.5. If the RESTOREFILE named in <ulink
|
||||||
|
url="shorewall.conf.html">shorewall.conf</ulink>(5) exists,
|
||||||
|
is executable and is not older than the current filewall
|
||||||
|
script, then that saved configuration is restored.</para>
|
||||||
|
|
||||||
|
<para>The <option>-C</option> option was added in Shorewall
|
||||||
|
4.6.5 and is only meaningful when the <option>-f</option>
|
||||||
|
option is also specified. If the previously-saved
|
||||||
|
configuration is restored, and if the <option>-C</option>
|
||||||
|
option was also specified in the <emphasis
|
||||||
|
role="bold">save</emphasis> command, then the packet and
|
||||||
|
byte counters will be restored.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist></para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -2539,18 +2678,21 @@
|
|||||||
<replaceable>timeout</replaceable> ]</term>
|
<replaceable>timeout</replaceable> ]</term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>If Shorewall is started then the firewall state is saved to a
|
<para>This command is available in Shorewall and Shorewall6
|
||||||
temporary saved configuration
|
only.</para>
|
||||||
(<filename>/var/lib/shorewall/.try</filename>). Next, if Shorewall
|
|
||||||
is currently started then a <emphasis role="bold">restart</emphasis>
|
<para>If Shorewall[6] is started then the firewall state is saved to
|
||||||
command is issued using the specified configuration
|
a temporary saved configuration
|
||||||
<replaceable>directory</replaceable>; otherwise, a <emphasis
|
(<filename>/var/lib/shorewall/.try</filename>). Next, if
|
||||||
role="bold">start</emphasis> command is performed using the
|
Shorewall[6] is currently started then a <emphasis
|
||||||
specified configuration <replaceable>directory</replaceable>. if an
|
role="bold">restart</emphasis> command is issued using the specified
|
||||||
error occurs during the compilation phase of the <emphasis
|
configuration <replaceable>directory</replaceable>; otherwise, a
|
||||||
|
<emphasis role="bold">start</emphasis> command is performed using
|
||||||
|
the specified configuration <replaceable>directory</replaceable>. if
|
||||||
|
an error occurs during the compilation phase of the <emphasis
|
||||||
role="bold">restart</emphasis> or <emphasis
|
role="bold">restart</emphasis> or <emphasis
|
||||||
role="bold">start</emphasis>, the command terminates without
|
role="bold">start</emphasis>, the command terminates without
|
||||||
changing the Shorewall state. If an error occurs during the
|
changing the Shorewall[6] state. If an error occurs during the
|
||||||
<emphasis role="bold">restart</emphasis> phase, then a <emphasis
|
<emphasis role="bold">restart</emphasis> phase, then a <emphasis
|
||||||
role="bold">shorewall restore</emphasis> is performed using the
|
role="bold">shorewall restore</emphasis> is performed using the
|
||||||
saved configuration. If an error occurs during the <emphasis
|
saved configuration. If an error occurs during the <emphasis
|
||||||
@ -2577,6 +2719,9 @@
|
|||||||
<replaceable>directory</replaceable> ]</term>
|
<replaceable>directory</replaceable> ]</term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
|
<para>This command is available only in Shorewall and
|
||||||
|
Shorewall6.</para>
|
||||||
|
|
||||||
<para>Added in Shorewall 4.4.21 and causes the compiler to update
|
<para>Added in Shorewall 4.4.21 and causes the compiler to update
|
||||||
<filename>/etc/shorewall/shorewall.conf then validate the
|
<filename>/etc/shorewall/shorewall.conf then validate the
|
||||||
configuration</filename>. The update will add options not present in
|
configuration</filename>. The update will add options not present in
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user