Merge branch '5.0.7'

Document + in the MODULESDIR setting.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-01 09:46:53 -07:00 · 2016-04-01 09:43:06 -07:00 · 2016-04-01 08:57:08 -07:00 · 2016-03-31 14:16:43 -07:00 · 2016-03-31 12:55:16 -07:00 · 2016-03-31 12:52:30 -07:00
16 changed files with 181 additions and 102 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -8172,6 +8172,15 @@ else
    rm -f \${VARDIR}/.dynamic
 fi
 EOF
 	if ( $config{MINIUPNPD} ) {
 	    emit << "EOF";
 if chain_exists 'MINIUPNPD-POSTROUTING -t nat'; then
    $tool -t nat -S MINIUPNPD-POSTROUTING | tail -n +2 > \${VARDIR}/.MINIUPNPD-POSTROUTING
 else
    rm -f \${VARDIR}/.MINIUPNPD-POSTROUTING
 fi
 EOF
 	}
    } else {
 	emit <<"EOF";
 if chain_exists 'UPnP -t nat'; then
@@ -8192,6 +8201,15 @@ else
    rm -f \${VARDIR}/.dynamic
 fi
 EOF
 	if ( $config{MINIUPNPD} ) {
 	    emit << "EOF";
 if chain_exists 'MINIUPNPD-POSTROUTING -t nat'; then
    $utility -t nat | grep '^-A MINIUPNPD-POSTROUTING' > \${VARDIR}/.MINIUPNPD-POSTROUTING
 else
    rm -f \${VARDIR}/.MINIUPNPD-POSTROUTING    
 fi
 EOF
 	}
    }
    pop_indent;
@@ -8627,12 +8645,12 @@ sub preview_netfilter_load() {
 			print( '[ -n "$g_docker" ] && echo ":DOCKER - [0:0]" >&3' );
 			print "\n";
 		    } elsif ( $name eq 'DOCKER-ISOLATION' ) {
-			enter_cmd_mode1 unless $mode = CMD_MODE;
+			enter_cmd_mode1 unless $mode == CMD_MODE;
 			print( '[ -n "$g_dockernetwork" ] && echo ":DOCKER-ISOLATION - [0:0]" >&3' );
 			print "\n";
 			enter_cat_mode1;
 		    } else {		    
-			enter_cmd_mode1 unless $mode = CMD_MODE;
+			enter_cmd_mode1 unless $mode == CMD_MODE;
 			print( ":$name - [0:0]\n" );
 		    }
 		} else {
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -885,6 +885,7 @@ sub initialize( $;$$) {
 	  RESTART => undef ,
 	  DOCKER => undef ,
 	  PAGER => undef ,
 	  MINIUPNPD => undef ,
 	  #
 	  # Packet Disposition
 	  #
@@ -5942,7 +5943,7 @@ sub get_configuration( $$$$ ) {
    default_yes_no 'INLINE_MATCHES'             , '';
    default_yes_no 'BASIC_FILTERS'              , '';
    default_yes_no 'WORKAROUNDS'                , 'Yes';
-    default_yes_no 'DOCKER'                      , '';
+    default_yes_no 'DOCKER'                     , '';
    if ( $config{DOCKER} ) {
 	fatal_error "DOCKER=Yes is not allowed in Shorewall6" if $family == F_IPV6;
@@ -6002,6 +6003,7 @@ sub get_configuration( $$$$ ) {
    default_yes_no 'IGNOREUNKNOWNVARIABLES'     , 'Yes';
    default_yes_no 'WARNOLDCAPVERSION'          , 'Yes';
    default_yes_no 'DEFER_DNS_RESOLUTION'       , 'Yes';
    default_yes_no 'MINIUPNPD'                  , 'No';
    $config{IPSET} = '' if supplied $config{IPSET} && $config{IPSET} eq 'ipset';
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -1095,10 +1095,18 @@ sub add_common_rules ( $ ) {
 	    add_commands( $chainref, '[ -s /${VARDIR}/.UPnP ] && cat ${VARDIR}/.UPnP >&3' );
 	    my $chainref1;
 	    if ( $config{MINIUPNPD} ) {
 		$chainref1 = set_optflags( new_nat_chain( 'MINIUPNPD-POSTROUTING' ), DONT_OPTIMIZE ); 
 		add_commands( $chainref, '[ -s /${VARDIR}/.MINIUPNPD-POSTROUTING ] && cat ${VARDIR}/.MINIUPNPD-POSTROUTING >&3' );
 	    }
 	    $announced = 1;
 	    for $interface ( @$list ) {
-		add_ijump_extended $nat_table->{PREROUTING} , j => 'UPnP', get_interface_origin($interface), imatch_source_dev ( $interface );
+		add_ijump_extended $nat_table->{PREROUTING} ,  j => 'UPnP',                   get_interface_origin($interface), imatch_source_dev ( $interface );
 		add_ijump_extended $nat_table->{POSTROUTING} , j => 'MINIUPNPD-POSTROUTING' , $origin{MINIUPNPD}              , imatch_dest_dev   ( $interface ) if $chainref1;
 	    }
 	}
--- a/Shorewall/Perl/Shorewall/Nat.pm
+++ b/Shorewall/Perl/Shorewall/Nat.pm
@@ -173,7 +173,9 @@ sub process_one_masq1( $$$$$$$$$$$ )
 	fatal_error "Unknown interface ($interface)" unless my $interfaceref = known_interface( $interface );
-	unless ( $interfaceref->{root} ) {
+	if ( $interfaceref->{root} ) {
 	    $interface = $interfaceref->{name} if $interface eq $interfaceref->{physical};
 	} else {
 	    $rule .= match_dest_dev( $interface );
 	    $interface = $interfaceref->{name};
 	}
@@ -457,7 +459,9 @@ sub do_one_nat( $$$$$ )
    fatal_error "Unknown interface ($interface)" unless my $interfaceref = known_interface( $interface );
-    unless ( $interfaceref->{root} ) {
+    if ( $interfaceref->{root} ) {
 	$interface = $interfaceref->{name} if $interface eq $interfaceref->{physical};
    } else {
 	$rulein  = match_source_dev $interface;
 	$ruleout = match_dest_dev $interface;
 	$interface = $interfaceref->{name};
@@ -559,7 +563,9 @@ sub setup_netmap() {
 		    $net1 = validate_net $net1, 0;
 		    $net2 = validate_net $net2, 0;
-		    unless ( $interfaceref->{root} ) {
+		    if ( $interfaceref->{root} ) {
 			$interface = $interfaceref->{name} if $interface eq $interfaceref->{physical};
 		    } else {
 			@rulein  = imatch_source_dev( $interface );
 			@ruleout = imatch_dest_dev( $interface );
 			$interface = $interfaceref->{name};
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -1798,6 +1798,7 @@ sub process_action(\$\$$) {
    my ( $action, $level, $tag, undef, $param ) = split /:/, $wholeaction, ACTION_TUPLE_ELEMENTS;
    my $type = $targets{$action};
    my $actionref = $actions{$action};
    my $matches   = fetch_inline_matches;
    if ( $type & BUILTIN ) {
 	$level = '' if $level =~ /none!?/;
@@ -1910,14 +1911,15 @@ sub process_action(\$\$$) {
 				      $dscp ,
 				      $state,
 				      $time );
 		set_inline_matches( $matches );
 	    }
 	} else {
-	    my ($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper );
+	    my ($target, $source, $dest, $protos, $ports, $sports, $origdest, $rate, $users, $mark, $connlimit, $time, $headers, $condition, $helper );
 	    if ( $file_format == 1 ) {
 		fatal_error( "FORMAT-1 actions are no longer supported" );
 	    } else {
-		($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper )
+		($target, $source, $dest, $protos, $ports, $sports, $origdest, $rate, $users, $mark, $connlimit, $time, $headers, $condition, $helper )
 		    = split_line2( 'action file',
 				   \%rulecolumns,
 				   $action_commands,
@@ -1941,26 +1943,32 @@ sub process_action(\$\$$) {
 		next;
 	    }
-	    process_rule( $chainref,
+	    for my $proto ( split_list( $protos, 'Protocol' ) ) {
-			  '',
+		for my $user ( split_list( $users, 'User/Group' ) ) {
-			  '',
+		    process_rule( $chainref,
-			  $nolog ? $target : merge_levels( join(':', @actparams{'chain','loglevel','logtag'}), $target ),
+				  '',
-			  '',
+				  '',
-			  $source,
+				  $nolog ? $target : merge_levels( join(':', @actparams{'chain','loglevel','logtag'}), $target ),
-			  $dest,
+				  '',
-			  $proto,
+				  $source,
-			  $ports,
+				  $dest,
-			  $sports,
+				  $proto,
-			  $origdest,
+				  $ports,
-			  $rate,
+				  $sports,
-			  $user,
+				  $origdest,
-			  $mark,
+				  $rate,
-			  $connlimit,
+				  $user,
-			  $time,
+				  $mark,
-			  $headers,
+				  $connlimit,
-			  $condition,
+				  $time,
-			  $helper,
+				  $headers,
-			  0 );
+				  $condition,
 				  $helper,
 				  0 );
 		    set_inline_matches( $matches );
 		}
 	    }
 	}
    }
@@ -2198,7 +2206,8 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$$$) {
    my $generated = 0;
-    my $macrofile = $macros{$macro};
+    my $macrofile    = $macros{$macro};
    my $save_matches = fetch_inline_matches;
    progress_message "..Expanding Macro $macrofile...";
@@ -2208,7 +2217,7 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$$$) {
    while ( read_a_line( NORMAL_READ ) ) {
-	my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $morigdest, $mrate, $muser, $mmark, $mconnlimit, $mtime, $mheaders, $mcondition, $mhelper);
+	my ( $mtarget, $msource, $mdest, $mprotos, $mports, $msports, $morigdest, $mrate, $musers, $mmark, $mconnlimit, $mtime, $mheaders, $mcondition, $mhelper);
 	if ( $file_format == 1 ) {
 	    fatal_error( "FORMAT-1 macros are no longer supported" );
@@ -2216,12 +2225,12 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$$$) {
 	    ( $mtarget,
 	      $msource,
 	      $mdest,
-	      $mproto,
+	      $mprotos,
 	      $mports,
 	      $msports,
 	      $morigdest,
 	      $mrate,
-	      $muser,
+	      $musers,
 	      $mmark,
 	      $mconnlimit,
 	      $mtime,
@@ -2282,37 +2291,38 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$$$) {
 	    $mdest = '';
 	}
-	$generated |= process_rule(
+	for my $mp ( split_list( $mprotos, 'Protocol' ) ) {
-				   $chainref,
+	    for my $mu ( split_list( $musers, 'User/Group' ) ) {
-	                           $matches,
+		$generated |= process_rule( $chainref,
-	                           $matches1,
+					    $matches,
-				   $mtarget,
+					    $matches1,
-				   $param,
+					    $mtarget,
-				   $msource,
+					    $param,
-				   $mdest,
+					    $msource,
-				   merge_macro_column( $mproto,     $proto ) ,
+					    $mdest,
-				   merge_macro_column( $mports,     $ports ) ,
+					    merge_macro_column( $mp,         $proto ) ,
-				   merge_macro_column( $msports,    $sports ) ,
+					    merge_macro_column( $mports,     $ports ) ,
-				   merge_macro_column( $morigdest,  $origdest ) ,
+					    merge_macro_column( $msports,    $sports ) ,
-				   merge_macro_column( $mrate,      $rate ) ,
+					    merge_macro_column( $morigdest,  $origdest ) ,
-				   merge_macro_column( $muser,      $user ) ,
+					    merge_macro_column( $mrate,      $rate ) ,
-				   merge_macro_column( $mmark,      $mark ) ,
+					    merge_macro_column( $mu,         $user ) ,
-				   merge_macro_column( $mconnlimit, $connlimit) ,
+					    merge_macro_column( $mmark,      $mark ) ,
-				   merge_macro_column( $mtime,      $time ),
+					    merge_macro_column( $mconnlimit, $connlimit) ,
-				   merge_macro_column( $mheaders,   $headers ),
+					    merge_macro_column( $mtime,      $time ),
-				   merge_macro_column( $mcondition, $condition ),
+					    merge_macro_column( $mheaders,   $headers ),
-				   merge_macro_column( $mhelper,    $helper ),
+					    merge_macro_column( $mcondition, $condition ),
-				   $wildcard
+					    merge_macro_column( $mhelper,    $helper ),
-				  );
+					    $wildcard
 		                          );
 		set_inline_matches( $save_matches );
 	    }
 	}
 	progress_message "   Rule \"$currentline\" $done";
    }
    pop_open;
    #
    # Clear the inline matches if we are the lowest level macro/inline invocation
    #
    set_inline_matches( '' ) if $macro_nest_level == 1;
    progress_message "..End Macro $macrofile";
@@ -2337,10 +2347,11 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$$$$) {
 					 $chainref->{name} ,
 				       );
-    my $actionref  = $actions{$inline};
+    my $actionref    = $actions{$inline};
-    my $inlinefile = $actionref->{file};
+    my $inlinefile   = $actionref->{file};
-    my $options    = $actionref->{options};
+    my $options      = $actionref->{options};
-    my $nolog      = $options & NOLOG_OPT;
+    my $nolog        = $options & NOLOG_OPT;
    my $save_matches = fetch_inline_matches;
    setup_audit_action( $inline ) if $options & AUDIT_OPT;
@@ -2354,12 +2365,12 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$$$$) {
 	my  ( $mtarget,
 	      $msource,
 	      $mdest,
-	      $mproto,
+	      $mprotos,
 	      $mports,
 	      $msports,
 	      $morigdest,
 	      $mrate,
-	      $muser,
+	      $musers,
 	      $mmark,
 	      $mconnlimit,
 	      $mtime,
@@ -2424,28 +2435,33 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$$$$) {
 	    $mdest = '';
 	}
-	$generated |= process_rule(
+	for my $mp ( split_list( $mprotos, 'Protocol' ) ) {
-				   $chainref,
+	    for my $mu ( split_list( $musers, 'User/Group' ) ) {
-	                           $matches,
+		$generated |= process_rule( $chainref,
-	                           $matches1,
+					    $matches,
-				   $mtarget,
+					    $matches1,
-				   $param,
+					    $mtarget,
-				   $msource,
+					    $param,
-				   $mdest,
+					    $msource,
-				   merge_macro_column( $mproto,     $proto ) ,
+					    $mdest,
-				   merge_macro_column( $mports,     $ports ) ,
+					    merge_macro_column( $mp,          $proto ) ,
-				   merge_macro_column( $msports,    $sports ) ,
+					    merge_macro_column( $mports,     $ports ) ,
-				   merge_macro_column( $morigdest,  $origdest ) ,
+					    merge_macro_column( $msports,    $sports ) ,
-				   merge_macro_column( $mrate,      $rate ) ,
+					    merge_macro_column( $morigdest,  $origdest ) ,
-				   merge_macro_column( $muser,      $user ) ,
+					    merge_macro_column( $mrate,      $rate ) ,
-				   merge_macro_column( $mmark,      $mark ) ,
+					    merge_macro_column( $mu,         $user ) ,
-				   merge_macro_column( $mconnlimit, $connlimit) ,
+					    merge_macro_column( $mmark,      $mark ) ,
-				   merge_macro_column( $mtime,      $time ),
+					    merge_macro_column( $mconnlimit, $connlimit) ,
-				   merge_macro_column( $mheaders,   $headers ),
+					    merge_macro_column( $mtime,      $time ),
-				   merge_macro_column( $mcondition, $condition ),
+					    merge_macro_column( $mheaders,   $headers ),
-				   merge_macro_column( $mhelper,    $helper ),
+					    merge_macro_column( $mcondition, $condition ),
-				   $wildcard
+					    merge_macro_column( $mhelper,    $helper ),
-				  );
+					    $wildcard
 		                          );
 		set_inline_matches( $save_matches );
 	    }
 	}
 	progress_message "   Rule \"$currentline\" $done";
    }
@@ -2457,10 +2473,6 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$$$$) {
    progress_message "..End inline action $inlinefile";
    pop_action_params( $oldparms );
    #
    # Clear the inline matches if we are the lowest level macro/inline invocation
    #
    set_inline_matches( '' ) if $macro_nest_level == 1;
    return $generated;
 }
@@ -3029,8 +3041,8 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
 	my $generated = process_inline( $basictarget,
 					$chainref,
-					$prerule . $rule . $raw_matches,
+					$prerule . $rule,
-					$matches1,
+					$matches1 . $raw_matches,
 					$loglevel,
 					$target,
 					$param,
@@ -3791,6 +3803,7 @@ sub process_mangle_inline( $$$$$$$$$$$$$$$$$$$ ) {
 					 $chainref->{name} );
    my $inlinefile = $actions{$inline}{file};
    my $matches    = fetch_inline_matches;
    progress_message "..Expanding inline action $inlinefile...";
@@ -3885,6 +3898,8 @@ sub process_mangle_inline( $$$$$$$$$$$$$$$$$$$ ) {
 	}
 	progress_message "   Rule \"$currentline\" $done";
 	set_inline_matches( $matches );
    }
    pop_comment( $save_comment );
--- a/Shorewall/Samples/Universal/shorewall.conf
+++ b/Shorewall/Samples/Universal/shorewall.conf
@@ -192,6 +192,8 @@ MANGLE_ENABLED=Yes
 MAPOLDACTIONS=No
 MINIUPNPD=No
 MARK_IN_FORWARD_CHAIN=No
 MODULE_SUFFIX="ko ko.xz"
--- a/Shorewall/Samples/one-interface/shorewall.conf
+++ b/Shorewall/Samples/one-interface/shorewall.conf
@@ -203,6 +203,8 @@ MANGLE_ENABLED=Yes
 MAPOLDACTIONS=No
 MINIUPNPD=No
 MARK_IN_FORWARD_CHAIN=No
 MODULE_SUFFIX="ko ko.xz"
--- a/Shorewall/Samples/three-interfaces/shorewall.conf
+++ b/Shorewall/Samples/three-interfaces/shorewall.conf
@@ -200,6 +200,8 @@ MANGLE_ENABLED=Yes
 MAPOLDACTIONS=No
 MINIUPNPD=No
 MARK_IN_FORWARD_CHAIN=No
 MODULE_SUFFIX="ko ko.xz"
--- a/Shorewall/Samples/two-interfaces/shorewall.conf
+++ b/Shorewall/Samples/two-interfaces/shorewall.conf
@@ -203,6 +203,8 @@ MANGLE_ENABLED=Yes
 MAPOLDACTIONS=No
 MINIUPNPD=No
 MARK_IN_FORWARD_CHAIN=No
 MODULE_SUFFIX="ko ko.xz"
--- a/Shorewall/configfiles/shorewall.conf
+++ b/Shorewall/configfiles/shorewall.conf
@@ -194,6 +194,8 @@ MAPOLDACTIONS=No
 MARK_IN_FORWARD_CHAIN=No
 MINIUPNPD=No
 MODULE_SUFFIX=ko
 MULTICAST=No
--- a/Shorewall/manpages/shorewall-mangle.xml
+++ b/Shorewall/manpages/shorewall-mangle.xml
@@ -390,7 +390,7 @@ DIVERTHA        -               -               tcp</programlisting>
                <para>Allows you to place your own ip[6]tables matches at the
                end of the line following a semicolon (";"). If an
                <replaceable>action</replaceable> is specified, the compiler
-                procedes as if that <replaceable>action</replaceable> had been
+                proceeds as if that <replaceable>action</replaceable> had been
                specified in this column. If no action is specified, then you
                may include your own jump ("-j
                <replaceable>target</replaceable>
--- a/Shorewall/manpages/shorewall-rules.xml
+++ b/Shorewall/manpages/shorewall-rules.xml
@@ -1441,7 +1441,7 @@
          <para>When <option>s:</option> or <option>d:</option> is specified,
          the rate applies per source IP address or per destination IP address
          respectively. The <replaceable>name</replaceable>s may be chosen by
-          the user and specifiy a hash table to be used to count matching
+          the user and specify a hash table to be used to count matching
          connections. If not given, the name <emphasis
          role="bold">shorewallN</emphasis> (where N is a unique integer) is
          assumed. Where more than one rule or POLICY specifies the same name,
--- a/Shorewall/manpages/shorewall.conf.xml
+++ b/Shorewall/manpages/shorewall.conf.xml
@@ -998,7 +998,7 @@ net     all  DROP   info</programlisting>then the chain name is 'net-all'
          iptables text in a rule. You may simply preface that text with a
          pair of semicolons (";;"). If alternate input is also specified in
          the rule, it should appear before the semicolons and may be
-          seperated from normal column input by a single semicolon.</para>
+          separated from normal column input by a single semicolon.</para>
        </listitem>
      </varlistentry>
@@ -1548,6 +1548,18 @@ LOG:info:,bar                        net                    fw</programlisting>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">MINIUPNPD=</emphasis>[<emphasis
        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
        <listitem>
          <para>Added in Shorewall 5.0.8. If set to Yes, Shorewall will create
          a chain in the nat table named MINIUPNPD-POSTROUTING and will add
          jumps from POSTROUTING to that chain for each interface with the
          <option>upnpd</option> option specified. Default is No.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis
        role="bold">MARK_IN_FORWARD_CHAIN=</emphasis>[<emphasis
@@ -1636,7 +1648,7 @@ LOG:info:,bar                        net                    fw</programlisting>
      <varlistentry>
        <term><emphasis
-        role="bold">MODULESDIR=</emphasis>[<emphasis>pathname</emphasis>[<emphasis
+        role="bold">MODULESDIR=</emphasis>[[+]<emphasis>pathname</emphasis>[<emphasis
        role="bold">:</emphasis><emphasis>pathname</emphasis>]...]</term>
        <listitem>
@@ -1647,6 +1659,10 @@ LOG:info:,bar                        net                    fw</programlisting>
          where <emphasis role="bold">uname</emphasis> holds the output of
          '<command>uname -r</command>' and <emphasis
          role="bold">g_family</emphasis> holds '4'.</para>
          <para>The option plus sign ('+') was added in Shorewall 5.0.3 and
          causes the listed pathnames to be appended to the default list
          above.</para>
        </listitem>
      </varlistentry>
--- a/Shorewall6/manpages/shorewall6-mangle.xml
+++ b/Shorewall6/manpages/shorewall6-mangle.xml
@@ -401,7 +401,7 @@ DIVERTHA        -               -               tcp</programlisting>
                <para>Allows you to place your own ip[6]tables matches at the
                end of the line following a semicolon (";"). If an
                <replaceable>action</replaceable> is specified, the compiler
-                procedes as if that <replaceable>action</replaceable> had been
+                proceeds as if that <replaceable>action</replaceable> had been
                specified in this column. If no action is specified, then you
                may include your own jump ("-j
                <replaceable>target</replaceable>
--- a/Shorewall6/manpages/shorewall6-rules.xml
+++ b/Shorewall6/manpages/shorewall6-rules.xml
@@ -1306,7 +1306,7 @@
          <para>When <option>s:</option> or <option>d:</option> is specified,
          the rate applies per source IP address or per destination IP address
          respectively. The <replaceable>name</replaceable>s may be chosen by
-          the user and specifiy a hash table to be used to count matching
+          the user and specify a hash table to be used to count matching
          connections. If not given, the name <emphasis
          role="bold">shorewallN</emphasis> (where N is a unique integer) is
          assumed. Where more than one rule or POLICY specifies the same name,
--- a/Shorewall6/manpages/shorewall6.conf.xml
+++ b/Shorewall6/manpages/shorewall6.conf.xml
@@ -846,7 +846,7 @@ net     all  DROP   info</programlisting>then the chain name is 'net-all'
          iptables text in a rule. You may simply preface that text with a
          pair of semicolons (";;"). If alternate input is also specified in
          the rule, it should appear before the semicolons and may be
-          seperated from normal column input by a single semicolon.</para>
+          separated from normal column input by a single semicolon.</para>
        </listitem>
      </varlistentry>
@@ -1436,7 +1436,7 @@ LOG:info:,bar                        net                    fw</programlisting>
      <varlistentry>
        <term><emphasis
-        role="bold">MODULESDIR=</emphasis>[<emphasis>pathname</emphasis>[<emphasis
+        role="bold">MODULESDIR=</emphasis>[[+]<emphasis>pathname</emphasis>[<emphasis
        role="bold">:</emphasis><emphasis>pathname</emphasis>]...]</term>
        <listitem>
@@ -1447,6 +1447,10 @@ LOG:info:,bar                        net                    fw</programlisting>
          where <emphasis role="bold">uname</emphasis> holds the output of
          '<command>uname -r</command>' and <emphasis
          role="bold">g_family</emphasis> holds '6'.</para>
          <para>The option plus sign ('+') was added in Shorewall 5.0.3 and
          causes the listed pathnames to be appended to the default list
          above.</para>
        </listitem>
      </varlistentry>
Author	SHA1	Message	Date
Tom Eastep	3cbfdadb32	Merge branch '5.0.7'	2016-04-01 09:46:53 -07:00
Tom Eastep	81d76e3817	Document + in the MODULESDIR setting. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-04-01 09:43:06 -07:00
Tom Eastep	df1b1f6768	Add MINIUPNPD option Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-04-01 08:57:08 -07:00
Tom Eastep	3881b38e02	Fix similar INTERFACE column issue in the nat and netmap files. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-31 14:16:43 -07:00
Tom Eastep	8a8f3b6f59	Merge branch '5.0.7'	2016-03-31 12:55:16 -07:00
Tom Eastep	b9bed00123	Correct handling of a physical name in a masq rule Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-31 12:52:30 -07:00
Tom Eastep	38aa7797c4	Allow protocol and user lists in actions and macros Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-30 08:34:42 -07:00
Tom Eastep	404540ffe1	Merge branch '5.0.7'	2016-03-30 08:17:19 -07:00
Tom Eastep	dd3c0daa08	Handle inline matches correctly in the mangle file Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-29 13:33:47 -07:00
Tom Eastep	4fddfcfba0	More complete fix for inline matches Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-29 13:15:01 -07:00
Tom Eastep	421d5f6043	Move Raw matches to last. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-29 09:31:27 -07:00
Tom Eastep	382ab380a2	Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code	2016-03-29 07:36:49 -07:00
Tuomo Soini	2342c7cd9c	Perl/Shorewall/Chains.pm: Fix warning with older perl	2016-03-29 09:58:33 +03:00
Roberto C. Sánchez	899a317c95	Fix typos	2016-03-26 22:25:30 -04:00