Hi,
here are the patches for shorewall-lite's man page.
@ Tom, please check the "Options" section of shorewall-lite man page:
It says
> [...] It is useful if you need to include shorewall commands
> in /etc/shorewall/started.
I think it must be
> [...] It is useful if you need to include shorewall-lite commands
> in /etc/shorewall-lite/started.
...but I am not sure.
Also,
> [...] v may be followed immediately with one of
> -1,0,1,2 to specify a specify VERBOSITY
^^^^^^^^^^^^^^^^^^^^
sounds wrong.
Patch set for shorewall6-lite man page will follow.
-Thomas
>From b1dbed667054ec6218d2404a4f4b28636525a1ef Mon Sep 17 00:00:00 2001
From: Thomas D <[email protected]>
Date: Mon, 10 Nov 2014 20:40:26 +0100
Subject: [PATCH 2/2] Fixes for the "commands" section.
---
Shorewall-lite/manpages/shorewall-lite.xml | 139 +++++++++++++++--------------
1 file changed, 72 insertions(+), 67 deletions(-)
diff --git a/Shorewall-lite/manpages/shorewall-lite.xml
b/Shorewall-lite/manpages/shorewall-lite.xml
index 78924ea..ff6afdf 100644
--- a/Shorewall-lite/manpages/shorewall-lite.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.xml
@@ -590,10 +590,9 @@
<listitem>
<para>Re-enables receipt of packets from hosts previously
- blacklisted by a <emphasis role="bold">drop</emphasis>, <emphasis
- role="bold">logdrop</emphasis>, <emphasis
- role="bold">reject</emphasis>, or <emphasis
- role="bold">logreject</emphasis> command.</para>
+ blacklisted by a <command>drop</command>, <command>logdrop</command>,
+ <command>reject</command>, or <command>logreject</command>
+ command.</para>
</listitem>
</varlistentry>
@@ -607,10 +606,9 @@
the firewall is causing connection problems.</para>
<para>If <option>-f</option> is given, the command will be processed
- by the compiled script that executed the last successful <emphasis
- role="bold">start</emphasis>, <emphasis
- role="bold">restart</emphasis> or <emphasis
- role="bold">refresh</emphasis> command if that script exists.</para>
+ by the compiled script that executed the last successful
+ <command>start</command>, <command>restart</command> or
+ <command>refresh</command> command if that script exists.</para>
</listitem>
</varlistentry>
@@ -618,14 +616,14 @@
<term><emphasis role="bold">delete</emphasis></term>
<listitem>
- <para>The delete command reverses the effect of an earlier <emphasis
- role="bold">add</emphasis> command.</para>
+ <para>The delete command reverses the effect of an earlier
+ <command>add</command> command.</para>
- <para>The <emphasis>interface</emphasis> argument names an interface
- defined in the <ulink
+ <para>The <replaceable>interface</replaceable> argument names an
+ interface defined in the <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
- file. A <emphasis>host-list</emphasis> is comma-separated list whose
- elements are a host or network address.</para>
+ file. A <replaceable>host-list</replaceable> is comma-separated
+ list whose elements are a host or network address.</para>
</listitem>
</varlistentry>
@@ -645,7 +643,7 @@
<term><emphasis role="bold">drop</emphasis></term>
<listitem>
- <para>Causes traffic from the listed <emphasis>address</emphasis>es
+ <para>Causes traffic from the listed
<replaceable>address</replaceable>es
to be silently dropped.</para>
</listitem>
</varlistentry>
@@ -657,13 +655,13 @@
<para>Produces a verbose report about the firewall configuration for
the purpose of problem analysis.</para>
- <para>The <emphasis role="bold">-x</emphasis> option causes actual
+ <para>The <option>-x</option> option causes actual
packet and byte counts to be displayed. Without that option, these
- counts are abbreviated. The <emphasis role="bold">-m</emphasis>
+ counts are abbreviated. The <option>-m</option>
option causes any MAC addresses included in Shorewall-lite log
messages to be displayed.</para>
- <para>The <emphasis role="bold">-l</emphasis> option causes the rule
+ <para>The <option>-l</option> option causes the rule
number for each Netfilter rule to be displayed.</para>
</listitem>
</varlistentry>
@@ -684,10 +682,10 @@
<term><emphasis role="bold">forget</emphasis></term>
<listitem>
- <para>Deletes /var/lib/shorewall-lite/<emphasis>filename</emphasis>
- and /var/lib/shorewall-lite/save. If no
- <emphasis>filename</emphasis> is given then the file specified by
- RESTOREFILE in <ulink
+ <para>Deletes
<filename>/var/lib/shorewall-lite/<replaceable>filename</replaceable></filename>
+ and <filename>/var/lib/shorewall-lite/save</filename>. If no
+ <replaceable>filename</replaceable> is given
+ then the file specified by RESTOREFILE in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5) is
assumed.</para>
</listitem>
@@ -753,7 +751,7 @@
<term><emphasis role="bold">logdrop</emphasis></term>
<listitem>
- <para>Causes traffic from the listed <emphasis>address</emphasis>es
+ <para>Causes traffic from the listed
<replaceable>address</replaceable>es
to be logged then discarded. Logging occurs at the log level
specified by the BLACKLIST_LOGLEVEL setting in <ulink
url="shorewall.conf.html">shorewall.conf</ulink> (5).</para>
@@ -767,10 +765,13 @@
<para>Monitors the log file specified by the LOGFILE option in
<ulink url="shorewall.conf.html">shorewall.conf</ulink>(5) and
produces an audible alarm when new Shorewall-lite messages are
- logged. The <emphasis role="bold">-m</emphasis> option causes the
+ logged.</para>
+
+ <para>The <option>-m</option> option causes the
MAC address of each packet source to be displayed if that
- information is available. The
- <replaceable>refresh-interval</replaceable> specifies the time in
+ information is available.</para>
+
+ <para>The <replaceable>refresh-interval</replaceable> specifies the
time in
seconds between screen refreshes. You can enter a negative number by
preceding the number with "--" (e.g., <command>shorewall-lite
logwatch -- -30</command>). In this case, when a packet count
@@ -783,7 +784,7 @@
<term><emphasis role="bold">logreject</emphasis></term>
<listitem>
- <para>Causes traffic from the listed <emphasis>address</emphasis>es
+ <para>Causes traffic from the listed
<replaceable>address</replaceable>es
to be logged then rejected. Logging occurs at the log level
specified by the BLACKLIST_LOGLEVEL setting in <ulink
url="shorewall.conf.html">shorewall.conf</ulink> (5).</para>
@@ -816,8 +817,8 @@
<term><emphasis role="bold">restart</emphasis></term>
<listitem>
- <para>Restart is similar to <emphasis role="bold">shorewall-lite
- start</emphasis> except that it assumes that the firewall is already
+ <para>Restart is similar to <command>shorewall-lite start</command>
+ except that it assumes that the firewall is already
started. Existing connections are maintained.</para>
<para>The <option>-n</option> option causes Shorewall-lite to avoid
@@ -839,12 +840,12 @@
<term><emphasis role="bold">restore</emphasis></term>
<listitem>
- <para>Restore Shorewall-lite to a state saved using the <emphasis
- role="bold">shorewall-lite save</emphasis> command. Existing
- connections are maintained. The <emphasis>filename</emphasis> names
- a restore file in /var/lib/shorewall-lite created using <emphasis
- role="bold">shorewall-lite save</emphasis>; if no
- <emphasis>filename</emphasis> is given then Shorewall-lite will be
+ <para>Restore Shorewall-lite to a state saved using the
+ <command>shorewall-lite save</command> command. Existing
+ connections are maintained. The <replaceable>filename</replaceable>
+ names a restore file in <filename
class="directory">/var/lib/shorewall-lite
+ </filename> created using <command>shorewall-lite save</command>; if
no
+ <replaceable>filename</replaceable> is given then Shorewall-lite
will be
restored from the file specified by the RESTOREFILE option in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
@@ -857,8 +858,8 @@
</caution>
<para>The <option>-C</option> option was added in Shorewall 4.6.5.
- If the <option>-C</option> option was specified during <emphasis
- role="bold">shorewall save</emphasis>, then the counters saved by
+ If the <option>-C</option> option was specified during
+ <command>shorewall-lite save</command>, then the counters saved by
that operation will be restored.</para>
</listitem>
</varlistentry>
@@ -876,7 +877,7 @@
<para>Before executing the <replaceable>command</replaceable>, the
script will detect the configuration, setting all SW_* variables and
will run your <filename>init</filename> extension script with
- $COMMAND = 'run'.</para>
+ <computeroutput>$COMMAND = 'run'</computeroutput>.</para>
</listitem>
</varlistentry>
@@ -885,11 +886,13 @@
<listitem>
<para>The dynamic blacklist is stored in
- /var/lib/shorewall-lite/save. The state of the firewall is stored in
- /var/lib/shorewall-lite/<emphasis>filename</emphasis> for use by the
- <emphasis role="bold">shorewall-lite restore</emphasis>. If
- <emphasis>filename</emphasis> is not given then the state is saved
- in the file specified by the RESTOREFILE option in <ulink
+ <filename>/var/lib/shorewall-lite/save</filename>. The state of
+ the firewall is stored in
+ <filename
class="directory">/var/lib/shorewall-lite/<replaceable>filename</replaceable></filename>
+ for use by the <command>shorewall-lite restore</command>.
+ If <replaceable>filename</replaceable> is not given
+ then the state is saved in the file specified by the RESTOREFILE
+ option in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
<para>The <option>-C</option> option, added in Shorewall 4.6.5,
@@ -912,7 +915,7 @@
<listitem>
<para>Added in Shorewall 4.6.2. Displays the dynamic chain
along with any chains produced by entries in
- shorewall-blrules(5).The <emphasis role="bold">-x</emphasis>
+ shorewall-blrules(5).The <option>-x</option>
option is passed directly through to iptables and causes
actual packet and byte counts to be displayed. Without this
option, those counts are abbreviated.</para>
@@ -924,9 +927,9 @@
<listitem>
<para>Displays your kernel/iptables capabilities. The
- <emphasis role="bold">-f</emphasis> option causes the display
- to be formatted as a capabilities file for use with <emphasis
- role="bold">compile -e</emphasis>.</para>
+ <option>-f</option> option causes the display
+ to be formatted as a capabilities file for use with
+ <command>compile <option>-e</option></command>.</para>
</listitem>
</varlistentry>
@@ -940,25 +943,28 @@
-L</emphasis> <emphasis>chain</emphasis> <emphasis
role="bold">-n -v</emphasis> command. If no
<emphasis>chain</emphasis> is given, all of the chains in the
- filter table are displayed. The <emphasis
- role="bold">-x</emphasis> option is passed directly through to
- iptables and causes actual packet and byte counts to be
- displayed. Without this option, those counts are abbreviated.
- The <emphasis role="bold">-t</emphasis> option specifies the
+ filter table are displayed.</para>
+
+ <para>The <option>-x</option> option is
+ passed directly through to iptables and causes actual packet
+ and byte counts to be displayed. Without this option, those
+ counts are abbreviated.</para>
+
+ <para>The <option>-t</option> option specifies the
Netfilter table to display. The default is <emphasis
role="bold">filter</emphasis>.</para>
- <para>The <emphasis role="bold">-b</emphasis> ('brief') option
+ <para>The <option>-b</option> ('brief') option
causes rules which have not been used (i.e. which have zero
packet and byte counts) to be omitted from the output. Chains
with no rules displayed are also omitted from the
output.</para>
- <para>The <emphasis role="bold">-l</emphasis> option causes
+ <para>The <option>-l</option> option causes
the rule number for each Netfilter rule to be
displayed.</para>
- <para>If the <emphasis role="bold">t</emphasis> option and the
+ <para>If the <option>-t</option> option and the
<option>chain</option> keyword are both omitted and any of the
listed <replaceable>chain</replaceable>s do not exist, a usage
message is displayed.</para>
@@ -1037,7 +1043,7 @@
<para>Displays the last 20 Shorewall-lite messages from the
log file specified by the LOGFILE option in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5). The
- <emphasis role="bold">-m</emphasis> option causes the MAC
+ <option>-m</option> option causes the MAC
address of each packet source to be displayed if that
information is available.</para>
</listitem>
@@ -1058,8 +1064,8 @@
<listitem>
<para>Displays the Netfilter nat table using the command
- <emphasis role="bold">iptables -t nat -L -n -v</emphasis>.The
- <emphasis role="bold">-x</emphasis> option is passed directly
+ <command>iptables -t nat -L -n -v</command>.The
+ <option>-x</option> option is passed directly
through to iptables and causes actual packet and byte counts
to be displayed. Without this option, those counts are
abbreviated.</para>
@@ -1091,8 +1097,8 @@
<listitem>
<para>Displays the Netfilter raw table using the command
- <emphasis role="bold">iptables -t raw -L -n -v</emphasis>.The
- <emphasis role="bold">-x</emphasis> option is passed directly
+ <command>iptables -t raw -L -n -v</command>. The
+ <option>-x</option> option is passed directly
through to iptables and causes actual packet and byte counts
to be displayed. Without this option, those counts are
abbreviated.</para>
@@ -1145,8 +1151,8 @@
<para>The <option>-C</option> option was added in Shorewall 4.6.5
and is only meaningful when the <option>-f</option> option is also
specified. If the previously-saved configuration is restored, and if
- the <option>-C</option> option was also specified in the <emphasis
- role="bold">save</emphasis> command, then the packet and byte
+ the <option>-C</option> option was also specified in the
+ <command>save</command> command, then the packet and byte
counters will be restored.</para>
</listitem>
</varlistentry>
@@ -1166,10 +1172,9 @@
or by ADMINISABSENTMINDED.</para>
<para>If <option>-f</option> is given, the command will be processed
- by the compiled script that executed the last successful <emphasis
- role="bold">start</emphasis>, <emphasis
- role="bold">restart</emphasis> or <emphasis
- role="bold">refresh</emphasis> command if that script exists.</para>
+ by the compiled script that executed the last successful
+ <command>start</command>, <command>restart</command> or
+ <command>refresh</command> command if that script exists.</para>
</listitem>
</varlistentry>
@@ -1180,7 +1185,7 @@
<para>Produces a short report about the state of the
Shorewall-configured firewall.</para>
- <para>The <option>-i </option>option was added in Shorewall 4.6.2
+ <para>The <option>-i</option> option was added in Shorewall 4.6.2
and causes the status of each optional or provider interface to be
displayed.</para>
</listitem>
--
2.1.3
>From 0037c9789c8ae8c3e28f66e4549227adb8d8c1b8 Mon Sep 17 00:00:00 2001
From: Thomas D <[email protected]>
Date: Mon, 10 Nov 2014 19:49:09 +0100
Subject: [PATCH 1/2] Fixes for the "options" section.
---
Shorewall-lite/manpages/shorewall-lite.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Shorewall-lite/manpages/shorewall-lite.xml
b/Shorewall-lite/manpages/shorewall-lite.xml
index ae3b19b..78924ea 100644
--- a/Shorewall-lite/manpages/shorewall-lite.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.xml
@@ -531,7 +531,7 @@
used for debugging. See <ulink
url="http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace";>http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace</ulink>.</para>
- <para>The nolock <option>option</option> prevents the command from
+ <para>The <option>nolock</option> option prevents the command from
attempting to acquire the Shorewall-lite lockfile. It is useful if you
need to include <command>shorewall</command> commands in
<filename>/etc/shorewall/started</filename>.</para>
--
2.1.3
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
