Update documentation for content merged from the 4.5.8 (master) path

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/manpages/shorewall-rules.xml

@@ -806,7 +806,7 @@
             </orderedlist></para>
 
           <blockquote>
-            <para/>
+            <para></para>
 
             <para>Except when <emphasis role="bold">all</emphasis>[<emphasis
             role="bold">+]|[-</emphasis>] is specified, the server may be
@@ -1351,6 +1351,47 @@
           restart</command>.</para>
         </listitem>
       </varlistentry>
+
+      <varlistentry>
+        <term><emphasis role="bold">HELPER</emphasis> - [helper]</term>
+
+        <listitem>
+          <para>Added in Shorewall 4.5.7. Causes the named conntrack
+          <replaceable>helper</replaceable> to be associated with this
+          connection. The contents of this column are ignored unless ACTION is
+          ACCEPT*, DNAT* or REDIRECT*. The <replaceable>helper</replaceable>
+          may be one of:</para>
+
+          <simplelist>
+            <member><option>amanda</option></member>
+
+            <member><option>ftp</option></member>
+
+            <member><option>irc</option></member>
+
+            <member><option>netbios-ns</option></member>
+
+            <member><option>pptp</option></member>
+
+            <member><option>Q.931</option></member>
+
+            <member><option>RAS</option></member>
+
+            <member><option>sane</option></member>
+
+            <member><option>sip</option></member>
+
+            <member><option>snmp</option></member>
+
+            <member><option>tftp</option></member>
+          </simplelist>
+
+          <para>If the HELPERS option is specified in <ulink
+          url="shorewall.conf.html">shorewall.conf</ulink>(5), then any module
+          specified in this column most be listed in the HELPERS
+          setting.</para>
+        </listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 

Shorewall/manpages/shorewall.conf.xml

@@ -304,7 +304,7 @@
         role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
 
         <listitem>
-          <para>Added in Shorewall 4.5.8. When set to <option>Yes</option>
+          <para>Added in Shorewall 4.5.7. When set to <option>Yes</option>
           (the default), the generated ruleset will automatically associate
           helpers with applications that require them (FTP, IRC, etc.). When
           configuring your firewall on systems running kernel 3.5 or later, it

Shorewall6/manpages/shorewall6-rules.xml

@@ -1189,6 +1189,47 @@
           restart</command>.</para>
         </listitem>
       </varlistentry>
+
+      <varlistentry>
+        <term><emphasis role="bold">HELPER</emphasis> - [helper]</term>
+
+        <listitem>
+          <para>Added in Shorewall 4.5.7. Causes the named conntrack
+          <replaceable>helper</replaceable> to be associated with this
+          connection. The contents of this column are ignored unless ACTION is
+          ACCEPT*, DNAT* or REDIRECT*. The <replaceable>helper</replaceable>
+          may be one of:</para>
+
+          <simplelist>
+            <member><option>amanda</option></member>
+
+            <member><option>ftp</option></member>
+
+            <member><option>irc</option></member>
+
+            <member><option>netbios-ns</option></member>
+
+            <member><option>pptp</option></member>
+
+            <member><option>Q.931</option></member>
+
+            <member><option>RAS</option></member>
+
+            <member><option>sane</option></member>
+
+            <member><option>sip</option></member>
+
+            <member><option>snmp</option></member>
+
+            <member><option>tftp</option></member>
+          </simplelist>
+
+          <para>If the HELPERS option is specified in <ulink
+          url="shorewall.conf.html">shorewall6.conf</ulink>(5), then any
+          module specified in this column most be listed in the HELPERS
+          setting.</para>
+        </listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 

Shorewall6/manpages/shorewall6.conf.xml

@@ -233,7 +233,7 @@
         role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
 
         <listitem>
-          <para>Added in Shorewall 4.5.8. When set to <option>Yes</option>
+          <para>Added in Shorewall 4.5.7. When set to <option>Yes</option>
           (the default), the generated ruleset will automatically associate
           helpers with applications that require them (FTP, IRC, etc.). When
           configuring your firewall on systems running kernel 3.5 or later, it

docs/Helpers.xml

@@ -300,6 +300,17 @@
             role="bold">tftp</emphasis>.</para>
           </listitem>
         </varlistentry>
+
+        <varlistentry>
+          <term>AUTOHELPERS</term>
+
+          <listitem>
+            <para>This option was also added in Shorewall 4.5.7. When enabled
+            on systems that support the CT Target capability, it provides
+            automatic association of helpers to connections in the same manner
+            as in pre-3.5 kernels (and with the same vulnerabilities).</para>
+          </listitem>
+        </varlistentry>
       </variablelist>
 
       <para>The helper modules to be loaded are listed in the file
@@ -375,6 +386,12 @@
 
       <para>In these files, Shorewall supports the same module names as
       iptables; see the table above.</para>
+
+      <para>Beginning with Shorewall 4.5.7, there is a HELPER column in <ulink
+      url="manpages/shorewall-rules.html">shorewall-rules</ulink> (5). This
+      column allows the explicit association of a helper with connections
+      allowed by a given rules. The column may contain any of the helper names
+      recognized by iptables (see the table above).</para>
     </section>
 
     <section>