Hi, here's the patch set for shorewall6's man pages.
I am not yet happy with the formation of the EXIT codes, when I compare with the curl man page for example. But I don't know how to create the same output with DocBook. Patch sets for shorewall-lite will follow. -Thomas
>From aaef886ddffafeddfce25083b9a8b61e873da912 Mon Sep 17 00:00:00 2001 From: Thomas D <[email protected]> Date: Mon, 10 Nov 2014 12:24:17 +0100 Subject: [PATCH 5/7] Screen output is now marked as screen output. --- Shorewall6/manpages/shorewall6.xml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/Shorewall6/manpages/shorewall6.xml b/Shorewall6/manpages/shorewall6.xml index 840607e..9ee904a 100644 --- a/Shorewall6/manpages/shorewall6.xml +++ b/Shorewall6/manpages/shorewall6.xml @@ -1360,12 +1360,9 @@ <para>If there are files in the CONFIG_PATH that were modified after the current firewall script was generated, the following warning message is issued before the script's run command is - executed:</para> - - <simplelist> - <member>WARNING: /var/lib/shorewall6/firewall is not up to - date</member> - </simplelist> + executed: + <screen>WARNING: /var/lib/shorewall6/firewall is not up to + date</screen></para> </listitem> </varlistentry> -- 2.1.3
>From c5835a0fdad49f6752a3a41ff29c8b0fb6c30f89 Mon Sep 17 00:00:00 2001 From: Thomas D <[email protected]> Date: Mon, 10 Nov 2014 13:36:12 +0100 Subject: [PATCH 6/7] "refresh" example is now marked as exxample and updated to match the current ZONE2ZONE value. --- Shorewall6/manpages/shorewall6.xml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Shorewall6/manpages/shorewall6.xml b/Shorewall6/manpages/shorewall6.xml index 9ee904a..ba1babe 100644 --- a/Shorewall6/manpages/shorewall6.xml +++ b/Shorewall6/manpages/shorewall6.xml @@ -1188,7 +1188,12 @@ and causes Shorewall to look in the given <emphasis>directory</emphasis> first for configuration files.</para> - <para>Example:<programlisting><command>shorewall6 refresh net2fw nat:net_dnat</command> #Refresh the 'net2loc' chain in the filter table and the 'net_dnat' chain in the nat table</programlisting></para> + <example> + <title>Refresh the 'net-fw' chain in the filter table and the + 'net_dnat' chain in the nat table</title> + <programlisting><command>shorewall6 refresh net-fw nat:net_dnat + </command></programlisting> + </example> </listitem> </varlistentry> -- 2.1.3
>From f07835de169d62699f96a7a4d6225eb89d1ef948 Mon Sep 17 00:00:00 2001 From: Thomas D <[email protected]> Date: Mon, 10 Nov 2014 13:45:23 +0100 Subject: [PATCH 7/7] "-e" option from "compile" command wasn't marked as an option. --- Shorewall6/manpages/shorewall6.xml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/Shorewall6/manpages/shorewall6.xml b/Shorewall6/manpages/shorewall6.xml index ba1babe..d13dedb 100644 --- a/Shorewall6/manpages/shorewall6.xml +++ b/Shorewall6/manpages/shorewall6.xml @@ -839,14 +839,15 @@ compile -- -</command>) to suppress the 'Compiling...' message normally generated by <filename>/sbin/shorewall6</filename>.</para> - <para>When -e is specified, the compilation is being performed on a - system other than where the compiled script will run. This option - disables certain configuration options that require the script to be - compiled where it is to be run. The use of -e requires the presence - of a configuration file named <filename>capabilities</filename> - which may be produced using the command <command>shorewall6-lite show - -f capabilities > capabilities</command> on a system with Shorewall6 - Lite installed.</para> + <para>When <option>-e</option> is specified, the compilation is + being performed on a system other than where the compiled script will + run. This option disables certain configuration options that require + the script to be compiled where it is to be run. The use of + <option>-e</option> requires the presence of a configuration file named + <filename>capabilities</filename> which may be produced using the + command <command>shorewall6-lite show -f capabilities > + capabilities</command> on a system with Shorewall6 Lite + installed.</para> <para>The <option>-c</option> option was added in Shorewall 4.5.17 and causes conditional compilation of a script. The -- 2.1.3
>From 1fdd1b3756b4383c12c38ec67262a3ab6f1fa614 Mon Sep 17 00:00:00 2001 From: Thomas D <[email protected]> Date: Sun, 9 Nov 2014 17:08:23 +0100 Subject: [PATCH 1/7] "-i" option marked as option where it wasn't already marked as option. --- Shorewall6/manpages/shorewall6.xml | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/Shorewall6/manpages/shorewall6.xml b/Shorewall6/manpages/shorewall6.xml index f7cd420..a9ee103 100644 --- a/Shorewall6/manpages/shorewall6.xml +++ b/Shorewall6/manpages/shorewall6.xml @@ -802,8 +802,8 @@ and causes a Perl stack trace to be included with each compiler-generated error and warning message.</para> - <para>The -i option was added in Shorewall 4.6.0 and causes a - warning message to be issued if the line current line contains + <para>The <option>-i</option> option was added in Shorewall 4.6.0 + and causes a warning message to be issued if the line current line contains alternative input specifications following a semicolon (";"). Such lines will be handled incorrectly if INLINE_MATCHES is set to Yes in <ulink @@ -869,8 +869,8 @@ and causes a Perl stack trace to be included with each compiler-generated error and warning message.</para> - <para>The -i option was added in Shorewall 4.6.0 and causes a - warning message to be issued if the line current line contains + <para>The <option>-i</option> option was added in Shorewall 4.6.0 + and causes a warning message to be issued if the line current line contains alternative input specifications following a semicolon (";"). Such lines will be handled incorrectly if INLINE_MATCHES is set to Yes in <ulink @@ -1079,8 +1079,8 @@ and causes a Perl stack trace to be included with each compiler-generated error and warning message.</para> - <para>The -i option was added in Shorewall 4.6.0 and causes a - warning message to be issued if the line current line contains + <para>The <option>-i</option> option was added in Shorewall 4.6.0 + and causes a warning message to be issued if the line current line contains alternative input specifications following a semicolon (";"). Such lines will be handled incorrectly if INLINE_MATCHES is set to Yes in <ulink @@ -1175,8 +1175,8 @@ and causes a Perl stack trace to be included with each compiler-generated error and warning message.</para> - <para>The -i option was added in Shorewall 4.6.0 and causes a - warning message to be issued if the line current line contains + <para>The <option>-i</option> option was added in Shorewall 4.6.0 + and causes a warning message to be issued if the line current line contains alternative input specifications following a semicolon (";"). Such lines will be handled incorrectly if INLINE_MATCHES is set to Yes in <ulink @@ -1236,8 +1236,8 @@ and causes a Perl stack trace to be included with each compiler-generated error and warning message.</para> - <para>The -i option was added in Shorewall 4.6.0 and causes a - warning message to be issued if the line current line contains + <para>The <option>-i</option> option was added in Shorewall 4.6.0 + and causes a warning message to be issued if the line current line contains alternative input specifications following a semicolon (";"). Such lines will be handled incorrectly if INLINE_MATCHES is set to Yes in <ulink @@ -1294,8 +1294,8 @@ and causes a Perl stack trace to be included with each compiler-generated error and warning message.</para> - <para>The -i option was added in Shorewall 4.6.0 and causes a - warning message to be issued if the line current line contains + <para>The <option>-i</option> option was added in Shorewall 4.6.0 + and causes a warning message to be issued if the line current line contains alternative input specifications following a semicolon (";"). Such lines will be handled incorrectly if INLINE_MATCHES is set to Yes in <ulink @@ -1688,8 +1688,8 @@ and causes a Perl stack trace to be included with each compiler-generated error and warning message.</para> - <para>The -i option was added in Shorewall 4.6.0 and causes a - warning message to be issued if the line current line contains + <para>The <option>-i</option> option was added in Shorewall 4.6.0 + and causes a warning message to be issued if the line current line contains alternative input specifications following a semicolon (";"). Such lines will be handled incorrectly if INLINE_MATCHES is set to Yes in <ulink @@ -1727,7 +1727,7 @@ <para>Produces a short report about the state of the Shorewall6-configured firewall.</para> - <para>The <option>-i </option>option was added in Shorewall 4.6.2 + <para>The <option>-i</option> option was added in Shorewall 4.6.2 and causes the status of each optional or provider interface to be displayed.</para> </listitem> @@ -1805,8 +1805,8 @@ updated, the original is saved in a .bak file in the same directory.</para> - <para>The -i option was added in Shorewall 4.6.0 and causes a - warning message to be issued if the line current line contains + <para>The <option>-i</option> option was added in Shorewall 4.6.0 + and causes a warning message to be issued if the line current line contains alternative input specifications following a semicolon (";"). Such lines will be handled incorrectly if INLINE_MATCHES is set to Yes in <ulink -- 2.1.3
>From 1498e527c84679a27e1bb2d3dea3e2b80814f696 Mon Sep 17 00:00:00 2001 From: Thomas D <[email protected]> Date: Sun, 9 Nov 2014 17:10:53 +0100 Subject: [PATCH 2/7] The "nolock" option wasn't marked as option. --- Shorewall6/manpages/shorewall6.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Shorewall6/manpages/shorewall6.xml b/Shorewall6/manpages/shorewall6.xml index a9ee103..e0a972b 100644 --- a/Shorewall6/manpages/shorewall6.xml +++ b/Shorewall6/manpages/shorewall6.xml @@ -699,7 +699,7 @@ used for debugging. See <ulink url="/starting_and_stopping_shorewall.htm#Trace">http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace</ulink>.</para> - <para>The nolock <option>option</option> prevents the command from + <para>The <option>nolock</option> option prevents the command from attempting to acquire the Shorewall6 lockfile. It is useful if you need to include <command>shorewall6</command> commands in <filename>/etc/shorewall6/started</filename>.</para> -- 2.1.3
>From ad4dfd62e68d47ab325795f120930eefd97b9df4 Mon Sep 17 00:00:00 2001 From: Thomas D <[email protected]> Date: Mon, 10 Nov 2014 11:52:52 +0100 Subject: [PATCH 3/7] Unified command & emphasis usage. --- Shorewall6/manpages/shorewall6.xml | 160 ++++++++++++++++++------------------- 1 file changed, 79 insertions(+), 81 deletions(-) diff --git a/Shorewall6/manpages/shorewall6.xml b/Shorewall6/manpages/shorewall6.xml index e0a972b..69b9c3b 100644 --- a/Shorewall6/manpages/shorewall6.xml +++ b/Shorewall6/manpages/shorewall6.xml @@ -781,10 +781,10 @@ script. If no <emphasis>directory</emphasis> is given, then /etc/shorewall6 is assumed.</para> - <para>The <emphasis role="bold">-e</emphasis> option causes the + <para>The <option>-e</option> option causes the compiler to look for a file named capabilities. This file is - produced using the command <emphasis role="bold">shorewall6-lite - show -f capabilities > capabilities</emphasis> on a system with + produced using the command <command>shorewall6-lite + show -f capabilities > capabilities</command> on a system with Shorewall6 Lite installed.</para> <para>The <option>-d</option> option causes the compiler to be run @@ -843,12 +843,11 @@ disables certain configuration options that require the script to be compiled where it is to be run. The use of -e requires the presence of a configuration file named <filename>capabilities</filename> - which may be produced using the command <emphasis - role="bold">shorewall6-lite show -f capabilities > - capabilities</emphasis> on a system with Shorewall6 Lite - installed.</para> + which may be produced using the command <command>shorewall6-lite show + -f capabilities > capabilities</command> on a system with Shorewall6 + Lite installed.</para> - <para>The <emphasis role="bold">-c</emphasis> option was added in + <para>The <option>-c</option> option was added in Shorewall 4.5.17 and causes conditional compilation of a script. The script specified by <replaceable>pathname</replaceable> (or implied if <emphasis role="bold">pathname</emphasis> is omitted) is compiled @@ -938,13 +937,14 @@ <para>Produces a verbose report about the firewall configuration for the purpose of problem analysis.</para> - <para>The <emphasis role="bold">-x</emphasis> option causes actual + <para>The <option>-x</option> option causes actual packet and byte counts to be displayed. Without that option, these - counts are abbreviated. The <emphasis role="bold">-m</emphasis> - option causes any MAC addresses included in Shorewall6 log messages - to be displayed.</para> + counts are abbreviated.</para> - <para>The <emphasis role="bold">-l</emphasis> option causes the rule + <para>The <option>-m</option> option causes any MAC addresses + included in Shorewall6 log messages to be displayed.</para> + + <para>The <option>-l</option> option causes the rule number for each Netfilter rule to be displayed.</para> </listitem> </varlistentry> @@ -1059,14 +1059,14 @@ Shorewall6 Lite on <replaceable>system</replaceable> is started via ssh.</para> - <para>If <emphasis role="bold">-s</emphasis> is specified and the + <para>If <option>-s</option> is specified and the <emphasis role="bold">start</emphasis> command succeeds, then the - remote Shorewall6-lite configuration is saved by executing <emphasis - role="bold">shorewall6-lite save</emphasis> via ssh.</para> + remote Shorewall6-lite configuration is saved by executing + <command>shorewall6-lite save</command> via ssh.</para> - <para>if <emphasis role="bold">-c</emphasis> is included, the - command <emphasis role="bold">shorewall6-lite show capabilities -f - > /var/lib/shorewall6-lite/capabilities</emphasis> is executed + <para>if <option>-c</option> is included, the + command <command>shorewall6-lite show capabilities -f + > /var/lib/shorewall6-lite/capabilities</command> is executed via ssh then the generated file is copied to <replaceable>directory</replaceable> using scp. This step is performed before the configuration is compiled.</para> @@ -1108,7 +1108,7 @@ <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) and produces an audible alarm when new Shorewall6 messages are logged. - The <emphasis role="bold">-m</emphasis> option causes the MAC + The <option>-m</option> option causes the MAC address of each packet source to be displayed if that information is available. The <replaceable>refresh-interval</replaceable> specifies the time in seconds between screen refreshes. You can enter a @@ -1152,11 +1152,11 @@ performed by <command>refresh</command> with the exception that <command>refresh</command> only recreates the chains specified in the command while <command>restart</command> recreates the entire - Netfilter ruleset.When no chain name is given to the <emphasis - role="bold">refresh</emphasis> command, the mangle table is + Netfilter ruleset.When no chain name is given to the + <command>refresh</command> command, the mangle table is refreshed along with the blacklist chain (if any). This allows you to modify <filename>/etc/shorewall6/tcrules</filename>and install - the changes using <emphasis role="bold">refresh</emphasis>.</para> + the changes using <command>refresh</command>.</para> <para>The listed chains are assumed to be in the filter table. You can refresh chains in other tables by prefixing the chain name with @@ -1168,7 +1168,7 @@ <para>The <option>-n</option> option was added in Shorewall 4.5.3 causes Shorewall to avoid updating the routing table(s).</para> - <para>The <option>-d </option>option was added in Shorewall 4.5.3 + <para>The <option>-d</option> option was added in Shorewall 4.5.3 causes the compiler to run under the Perl debugger.</para> <para>The <option>-T</option> option was added in Shorewall 4.5.3 @@ -1216,14 +1216,14 @@ Shorewall6 Lite on <emphasis>system</emphasis> is restarted via ssh.</para> - <para>If <emphasis role="bold">-s</emphasis> is specified and the - <emphasis role="bold">restart</emphasis> command succeeds, then the - remote Shorewall6-lite configuration is saved by executing <emphasis - role="bold">shorewall6-lite save</emphasis> via ssh.</para> + <para>If <option>-s</option> is specified and the + <command>restart</command> command succeeds, then the + remote Shorewall6-lite configuration is saved by executing + <command>shorewall6-lite save</command> via ssh.</para> - <para>if <emphasis role="bold">-c</emphasis> is included, the - command <emphasis role="bold">shorewall6-lite show capabilities -f - > /var/lib/shorewall6-lite/capabilities</emphasis> is executed + <para>if <option>-c</option> is included, the + command <command>shorewall6-lite show capabilities -f + > /var/lib/shorewall6-lite/capabilities</command> is executed via ssh then the generated file is copied to <emphasis>directory</emphasis> using scp. This step is performed before the configuration is compiled.</para> @@ -1261,8 +1261,8 @@ <term><emphasis role="bold">restart</emphasis></term> <listitem> - <para>Restart is similar to <emphasis role="bold">shorewall6 - start</emphasis> except that it assumes that the firewall is already + <para>Restart is similar to <command>shorewall6 + start</command> except that it assumes that the firewall is already started. Existing connections are maintained. If a <emphasis>directory</emphasis> is included in the command, Shorewall6 will look in that <emphasis>directory</emphasis> first @@ -1275,7 +1275,7 @@ table to be flushed; the <command>conntrack</command> utility must be installed to use this option.</para> - <para>The <option>-d </option>option causes the compiler to run + <para>The <option>-d</option> option causes the compiler to run under the Perl debugger.</para> <para>The <option>-f</option> option suppresses the compilation step @@ -1287,7 +1287,7 @@ and performs the compilation step unconditionally, overriding the AUTOMAKE setting in <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5). - When both <option>-f</option> and <option>-c </option>are present, + When both <option>-f</option> and <option>-c</option> are present, the result is determined by the option that appears last.</para> <para>The <option>-T</option> option was added in Shorewall 4.5.3 @@ -1315,12 +1315,11 @@ <term><emphasis role="bold">restore</emphasis></term> <listitem> - <para>Restore Shorewall6 to a state saved using the <emphasis - role="bold">shorewall6 save</emphasis> command. Existing connections + <para>Restore Shorewall6 to a state saved using the + <command>shorewall6 save</command> command. Existing connections are maintained. The <emphasis>filename</emphasis> names a restore - file in /var/lib/shorewall6 created using <emphasis - role="bold">shorewall6 save</emphasis>; if no - <emphasis>filename</emphasis> is given then Shorewall6 will be + file in /var/lib/shorewall6 created using <command>shorewall6 save</command>; + if no <emphasis>filename</emphasis> is given then Shorewall6 will be restored from the file specified by the RESTOREFILE option in <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para> @@ -1333,8 +1332,8 @@ </caution> <para>The <option>-C</option> option was added in Shorewall 4.6.5. - If the <option>-C</option> option was specified during <emphasis - role="bold">shorewall6 save</emphasis>, then the counters saved by + If the <option>-C</option> option was specified during + <command>shorewall6 save</command>, then the counters saved by that operation will be restored.</para> </listitem> </varlistentry> @@ -1372,8 +1371,8 @@ <listitem> <para>Only allowed if Shorewall6 is running. The current configuration is saved in /var/lib/shorewall6/safe-restart (see the - save command below) then a <emphasis role="bold">shorewall6 - restart</emphasis> is done. You will then be prompted asking if you + save command below) then a <command>shorewall6 + restart</command> is done. You will then be prompted asking if you want to accept the new configuration or not. If you answer "n" or if you fail to answer within 60 seconds (such as when your new configuration has disabled communication with your terminal), the @@ -1420,8 +1419,8 @@ <para>The dynamic blacklist is stored in /var/lib/shorewall6/save. The state of the firewall is stored in /var/lib/shorewall6/<emphasis>filename</emphasis> for use by the - <emphasis role="bold">shorewall6 restore</emphasis> and <emphasis - role="bold">shorewall6 -f start</emphasis> commands. If + <command>shorewall6 restore</command> and <command>shorewall6 -f + start</command> commands. If <emphasis>filename</emphasis> is not given then the state is saved in the file specified by the RESTOREFILE option in <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para> @@ -1455,7 +1454,7 @@ <listitem> <para>Added in Shorewall 4.6.2. Displays the dynamic chain along with any chains produced by entries in - shorewall-blrules(5).The <emphasis role="bold">-x</emphasis> + shorewall-blrules(5).The <option>-x</option> option is passed directly through to ip6tables and causes actual packet and byte counts to be displayed. Without this option, those counts are abbreviated.</para> @@ -1467,9 +1466,9 @@ <listitem> <para>Displays your kernel/ip6tables capabilities. The - <emphasis role="bold">-f</emphasis> option causes the display - to be formatted as a capabilities file for use with <emphasis - role="bold">compile -e</emphasis>.</para> + <option>-f</option> option causes the display + to be formatted as a capabilities file for use with + <command>shorewall6 compile -e</command>.</para> </listitem> </varlistentry> @@ -1479,29 +1478,29 @@ <listitem> <para>The rules in each <emphasis>chain</emphasis> are - displayed using the <emphasis role="bold">ip6tables - -L</emphasis> <emphasis>chain</emphasis> <emphasis + displayed using the <command>ip6tables + -L</command> <emphasis>chain</emphasis> <emphasis role="bold">-n -v</emphasis> command. If no <emphasis>chain</emphasis> is given, all of the chains in the - filter table are displayed. The <emphasis - role="bold">-x</emphasis> option is passed directly through to - ip6tables and causes actual packet and byte counts to be - displayed. Without this option, those counts are abbreviated. - The <emphasis role="bold">-t</emphasis> option specifies the + filter table are displayed. The <option>-x</option> option is + passed directly through to ip6tables and causes actual packet + and byte counts to be displayed. Without this option, those + counts are abbreviated. + The <option>-t</option> option specifies the Netfilter table to display. The default is <emphasis role="bold">filter</emphasis>.</para> - <para>The <emphasis role="bold">-b</emphasis> ('brief') option + <para>The <option>-b</option> ('brief') option causes rules which have not been used (i.e. which have zero packet and byte counts) to be omitted from the output. Chains with no rules displayed are also omitted from the output.</para> - <para>The <emphasis role="bold">-l</emphasis> option causes + <para>The <option>-l</option> option causes the rule number for each Netfilter rule to be displayed.</para> - <para>If the <emphasis role="bold">-t</emphasis> option and + <para>If the <option>-t</option> option and the <option>chain</option> keyword are both omitted and any of the listed <replaceable>chain</replaceable>s do not exist, a usage message is displayed.</para> @@ -1569,7 +1568,7 @@ <para>Displays the last 20 Shorewall6 messages from the log file specified by the LOGFILE option in <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5). - The <emphasis role="bold">-m</emphasis> option causes the MAC + The <option>-m</option> option causes the MAC address of each packet source to be displayed if that information is available.</para> </listitem> @@ -1589,8 +1588,8 @@ <listitem> <para>Displays the Netfilter mangle table using the command - <emphasis role="bold">ip6tables -t mangle -L -n - -v</emphasis>.The <emphasis role="bold">-x</emphasis> option + <command>ip6tables -t mangle -L -n + -v</command>.The <option>-x</option> option is passed directly through to ip6tables and causes actual packet and byte counts to be displayed. Without this option, those counts are abbreviated.</para> @@ -1657,13 +1656,13 @@ only if they are allowed by the firewall rules or policies. If a <replaceable>directory</replaceable> is included in the command, Shorewall6 will look in that <emphasis>directory</emphasis> first - for configuration files. If <emphasis role="bold">-f</emphasis> is + for configuration files. If <option>-f</option> is specified, the saved configuration specified by the RESTOREFILE option in <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) will be restored if that saved configuration exists and has been modified more recently than the files in /etc/shorewall6. When - <emphasis role="bold">-f</emphasis> is given, a + <option>-f</option> is given, a <replaceable>directory</replaceable> may not be specified.</para> <para>Update: In Shorewall6 4.4.20, a new LEGACY_FASTSTART option @@ -1681,7 +1680,7 @@ and performs the compilation step unconditionally, overriding the AUTOMAKE setting in <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5). - When both <option>-f</option> and <option>-c </option>are present, + When both <option>-f</option> and <option>-c</option> are present, the result is determined by the option that appears last.</para> <para>The <option>-T</option> option was added in Shorewall 4.5.3 @@ -1698,8 +1697,8 @@ <para>The <option>-C</option> option was added in Shorewall 4.6.5 and is only meaningful when the <option>-f</option> option is also specified. If the previously-saved configuration is restored, and if - the <option>-C</option> option was also specified in the <emphasis - role="bold">save</emphasis> command, then the packet and byte + the <option>-C</option> option was also specified in the + <command>save</command> command, then the packet and byte counters will be restored along with the chains and rules.</para> </listitem> </varlistentry> @@ -1746,19 +1745,18 @@ role="bold">start</emphasis> command is performed using the specified configuration <replaceable>directory</replaceable>. if an error occurs during the compilation phase of the <emphasis - role="bold">restart</emphasis> or <emphasis - role="bold">start</emphasis>, the command terminates without - changing the Shorewall6 state. If an error occurs during the - <emphasis role="bold">restart</emphasis> phase, then a <emphasis - role="bold">shorewall6 restore</emphasis> is performed using the - saved configuration. If an error occurs during the <emphasis - role="bold">start</emphasis> phase, then Shorewall6 is cleared. If - the <emphasis role="bold">start</emphasis>/<emphasis - role="bold">restart</emphasis> succeeds and a + role="bold">restart</emphasis> or <emphasis role="bold">start + </emphasis>, the command terminates without changing the Shorewall6 + state. If an error occurs during the <emphasis role="bold">restart + </emphasis> phase, then a <command>shorewall6 restore</command> is + performed using the saved configuration. If an error occurs during + the <emphasis role="bold">start</emphasis> phase, then Shorewall6 + is cleared. If the <emphasis role="bold">start</emphasis>/ + <emphasis role="bold">restart</emphasis> succeeds and a <replaceable>timeout</replaceable> is specified then a <emphasis - role="bold">clear</emphasis> or <emphasis - role="bold">restore</emphasis> is performed after - <replaceable>timeout</replaceable> seconds.</para> + role="bold">clear</emphasis> or <emphasis role="bold">restore + </emphasis> is performed after <replaceable>timeout</replaceable> + seconds.</para> <para>Beginning with Shorewall 4.5.0, the numeric <replaceable>timeout</replaceable> may optionally be followed by an @@ -1779,7 +1777,7 @@ options with non-defaults to a deprecated options section at the bottom of the file. Your existing <filename>shorewall6.conf</filename> file is renamed - <filename>shorewall6.conf.bak.</filename></para> + <filename>shorewall6.conf.bak</filename>.</para> <para>The <option>-a</option> option causes the updated <filename>shorewall6.conf</filename> file to be annotated with -- 2.1.3
>From d2a06caed3054d4cd577f8b3f18081306ff84e11 Mon Sep 17 00:00:00 2001 From: Thomas D <[email protected]> Date: Mon, 10 Nov 2014 12:12:49 +0100 Subject: [PATCH 4/7] Filename usage unified. --- Shorewall6/manpages/shorewall6.xml | 50 ++++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 21 deletions(-) diff --git a/Shorewall6/manpages/shorewall6.xml b/Shorewall6/manpages/shorewall6.xml index 69b9c3b..840607e 100644 --- a/Shorewall6/manpages/shorewall6.xml +++ b/Shorewall6/manpages/shorewall6.xml @@ -779,7 +779,8 @@ <para>Compiles the configuration in the specified <emphasis>directory</emphasis> and discards the compiled output script. If no <emphasis>directory</emphasis> is given, then - /etc/shorewall6 is assumed.</para> + <filename class="directory">/etc/shorewall6</filename> is + assumed.</para> <para>The <option>-e</option> option causes the compiler to look for a file named capabilities. This file is @@ -998,8 +999,9 @@ <term><emphasis role="bold">forget</emphasis></term> <listitem> - <para>Deletes /var/lib/shorewall6/<emphasis>filename</emphasis> and - /var/lib/shorewall6/save. If no <emphasis>filename</emphasis> is + <para>Deletes <filename>/var/lib/shorewall6/<replaceable>filename + </replaceable></filename> and <filename>/var/lib/shorewall6/save + </filename>. If no <emphasis>filename</emphasis> is given then the file specified by RESTOREFILE in <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) is assumed.</para> @@ -1280,7 +1282,8 @@ <para>The <option>-f</option> option suppresses the compilation step and simply reused the compiled script which last started/restarted - Shorewall, provided that /etc/shorewall6 and its contents have not + Shorewall, provided that <filename class="directory">/etc/shorewall6 + </filename> and its contents have not been modified since the last start/restart.</para> <para>The <option>-c</option> option was added in Shorewall 4.4.20 @@ -1318,7 +1321,8 @@ <para>Restore Shorewall6 to a state saved using the <command>shorewall6 save</command> command. Existing connections are maintained. The <emphasis>filename</emphasis> names a restore - file in /var/lib/shorewall6 created using <command>shorewall6 save</command>; + file in <filename class="directory">/var/lib/shorewall6</filename> + created using <command>shorewall6 save</command>; if no <emphasis>filename</emphasis> is given then Shorewall6 will be restored from the file specified by the RESTOREFILE option in <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para> @@ -1370,9 +1374,10 @@ <listitem> <para>Only allowed if Shorewall6 is running. The current - configuration is saved in /var/lib/shorewall6/safe-restart (see the - save command below) then a <command>shorewall6 - restart</command> is done. You will then be prompted asking if you + configuration is saved in <filename>/var/lib/shorewall6/safe-restart + </filename> (see the <emphasis role="bold">save</emphasis> + command below) then a <command>shorewall6 restart</command> is + done. You will then be prompted asking if you want to accept the new configuration or not. If you answer "n" or if you fail to answer within 60 seconds (such as when your new configuration has disabled communication with your terminal), the @@ -1416,13 +1421,14 @@ <term><emphasis role="bold">save</emphasis></term> <listitem> - <para>The dynamic blacklist is stored in /var/lib/shorewall6/save. - The state of the firewall is stored in - /var/lib/shorewall6/<emphasis>filename</emphasis> for use by the - <command>shorewall6 restore</command> and <command>shorewall6 -f - start</command> commands. If - <emphasis>filename</emphasis> is not given then the state is saved - in the file specified by the RESTOREFILE option in <ulink + <para>The dynamic blacklist is stored in <filename> + /var/lib/shorewall6/save</filename>. + The state of the firewall is stored in <filename> + /var/lib/shorewall6/<replaceable>filename</replaceable></filename> + for use by the <command>shorewall6 restore</command> and <command> + shorewall6 -f start</command> commands. If <emphasis>filename + </emphasis> is not given then the state is saved in the file + specified by the RESTOREFILE option in <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para> <para>The <option>-C</option> option, added in Shorewall 4.6.5, @@ -1661,17 +1667,19 @@ option in <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) will be restored if that saved configuration exists and has been - modified more recently than the files in /etc/shorewall6. When - <option>-f</option> is given, a - <replaceable>directory</replaceable> may not be specified.</para> + modified more recently than the files in <filename + class="directory">/etc/shorewall6</filename>. When <option>-f + </option> is given, a <replaceable>directory</replaceable> may + not be specified.</para> <para>Update: In Shorewall6 4.4.20, a new LEGACY_FASTSTART option was added to <ulink url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5). When LEGACY_FASTSTART=No, the modification times of files in - /etc/shorewall6 are compared with that of - /var/lib/shorewall6/firewall (the compiled script that last - started/restarted the firewall).</para> + <filename class="directory">/etc/shorewall6</filename> are + compared with that of <filename>/var/lib/shorewall6/firewall + </filename> (the compiled script that last started/restarted the + firewall).</para> <para>The <option>-n</option> option causes Shorewall6 to avoid updating the routing table(s).</para> -- 2.1.3
------------------------------------------------------------------------------
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
