[Bug 1768] New: Issues in iptables man pages
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Wed Aug 28 19:19:38 CEST 2024
https://bugzilla.netfilter.org/show_bug.cgi?id=1768
Bug ID: 1768
Summary: Issues in iptables man pages
Product: iptables
Version: 1.8.x
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: iptables
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: debian at helgefjell.de
Dear iptables maintainer,
the manpage-l10n project maintains a large number of translations of
man pages both from a large variety of sources (including iptables) as
well for a large variety of target languages.
During their work translators notice different possible issues in the
original (English) man pages. Sometimes this is a straightforward
typo, sometimes a hard to read sentence, sometimes this is a
convention not held up and sometimes we simply do not understand the
original.
We use several distributions as sources and update regularly (at
least every 2 month). This means we are fairly recent (some
distributions like archlinux also update frequently) but might miss
the latest upstream version once in a while, so the error might be
already fixed. We apologize and ask you to close the issue immediately
if this should be the case, but given the huge volume of projects and
the very limited number of volunteers we are not able to double check
each and every issue.
Secondly we translators see the manpages in the neutral po format,
i.e. converted and harmonized, but not the original source (be it man,
groff, xml or other). So we cannot provide a true patch (where
possible), but only an approximation which you need to convert into
your source format.
Finally the issues I'm reporting have accumulated over time and are
not always discovered by me, so sometimes my description of the
problem my be a bit limited - do not hesitate to ask so we can clarify
them.
I'm now reporting the errors for your project. If future reports
should use another channel, please let me know.
Man page: iptables.8
Issue: "consult" sounds strange, maybe "used"?
"This table is consulted when a packet that creates a new connection is "
"encountered. It consists of four built-ins: B<PREROUTING> (for altering "
"packets as soon as they come in), B<INPUT> (for altering packets destined "
"for local sockets), B<OUTPUT> (for altering locally-generated packets before "
"routing), and B<POSTROUTING> (for altering packets as they are about to go "
"out). IPv6 NAT support is available since kernel 3.7."
--
Man page: iptables.8
Issue: B<iptables-nft> → B<iptables-nft>(8)
"Delete the chain specified. There must be no references to the chain. If "
"there are, you must delete or replace the referring rules before the chain "
"can be deleted. The chain must be empty, i.e. not contain any rules. If no "
"argument is given, it will delete all empty chains in the table. Empty "
"builtin chains can only be deleted with B<iptables-nft>."
--
Man page: iptables.8
Issue 1: iptables → B<iptables>
Issue 2: iptables-restore → B<iptables-restore>(8)
"This option has no effect in iptables and iptables-restore. If a rule using "
"the B<-4> option is inserted with (and only with) B<ip6tables-restore>, it "
"will be silently ignored. Any other uses will throw an error. This option "
"allows IPv4 and IPv6 rules in a single rule file for use with both iptables-"
"restore and ip6tables-restore."
--
Man page: iptables.8
Issue 1: ip6tables → B<ip6tables>
Issue 2: ip6tables-restore → B<ip6tables-restore>(8)
Issue 3: iptables-restore → B<iptables-restore>(8)
"If a rule using the B<-6> option is inserted with (and only with) "
"B<iptables-restore>, it will be silently ignored. Any other uses will throw "
"an error. This option allows IPv4 and IPv6 rules in a single rule file for "
"use with both iptables-restore and ip6tables-restore. This option has no "
"effect in ip6tables and ip6tables-restore."
--
Man page: iptables.8
Issue 1: B<icmpv6>,B<esp> → B<icmpv6>, B<esp>
Issue 2: ip6tables → B<ip6tables>
"The protocol of the rule or of the packet to check. The specified protocol "
"can be one of B<tcp>, B<udp>, B<udplite>, B<icmp>, B<icmpv6>, B<esp>, B<ah>, "
"B<sctp>, B<mh> or the special keyword \"B<all>\", or it can be a numeric "
"value, representing one of these protocols or a different one. A protocol "
"name from I</etc/protocols> is also allowed. A \"!\" argument before the "
"protocol inverts the test. The number zero is equivalent to B<all>. "
"\"B<all>\" will match with all protocols and is taken as default when this "
"option is omitted. Note that, in ip6tables, IPv6 extension headers except "
"B<esp> are not allowed. B<esp> and B<ipv6-nonext> can be used with Kernel "
"version 2.6.11 or later. The number zero is equivalent to B<all>, which "
"means that you cannot test the protocol field for the value 0 directly. To "
"match on a HBH header, even if it were the last, you cannot use B<-p 0>, but "
"always need B<-m hbh>."
--
Man page: iptables.8
Issue: iptables → B<iptables>
"Source specification. I<Address> can be either a network name, a hostname, a "
"network IP address (with B</>I<mask>), or a plain IP address. Hostnames will "
"be resolved once only, before the rule is submitted to the kernel. Please "
"note that specifying any name to be resolved with a remote query such as DNS "
"is a really bad idea. The I<mask> can be either an ipv4 network mask (for "
"iptables) or a plain number, specifying the number of 1's at the left side "
"of the network mask. Thus, an iptables mask of I<24> is equivalent to "
"I<255.255.255.0>. A \"!\" argument before the address specification inverts "
"the sense of the address. The flag B<--src> is an alias for this option. "
"Multiple addresses can be specified, but this will B<expand to multiple "
"rules> (when adding with -A), or will cause multiple rules to be deleted "
"(with -D)."
--
Man page: iptables.8
Issue: ip6tables. → B<ip6tables>.
"This means that the rule only refers to second and further IPv4 fragments of "
"fragmented packets. Since there is no way to tell the source or destination "
"ports of such a packet (or ICMP type), such a packet will not match any "
"rules which specify them. When the \"!\" argument precedes the \"-f\" flag, "
"the rule will only match head fragments, or unfragmented packets. This "
"option is IPv4 specific, it is not available in ip6tables."
--
Man page: iptables.8
Issue: iptables. → B<iptables>.
"There are several other changes in iptables."
--
Man page: iptables.8
Issue: iptables/ip6tables → B<iptables>/B<ip6tables>
"This manual page applies to iptables/ip6tables 1.8.10."
--
Man page: iptables-apply.8
Issue: "-c" in bold?
"B<iptables-apply> [-B<hV>] [B<-t> I<timeout>] [B<-w> I<savefile>] "
"{[I<rulesfile]|-c [runcmd]}>"
--
Man page: iptables-apply.8
Issue 1: iptables-apply → B<iptables-apply>
Issue 2: rulesfile → I<rulesfile>
Issue 3: iptables-save → B<iptables-save>(8)
Issue 4: iptables-restore → B<iptables-restore>(8)
issue 5: iptables → B<iptables>(8)
"iptables-apply will try to apply a new rulesfile (as output by iptables-"
"save, read by iptables-restore) or run a command to configure iptables and "
"then prompt the user whether the changes are okay. If the new iptables rules "
"cut the existing connection, the user will not be able to answer "
"affirmatively. In this case, the script rolls back to the previous working "
"iptables rules after the timeout expires."
--
Man page: iptables-apply.8
Issue 1: savefile → I<savefile>
Issue 2: store last → store of last
"Successfully applied rules can also be written to savefile and later used to "
"roll back to this state. This can be used to implement a store last good "
"configuration mechanism when experimenting with an iptables setup script: "
"iptables-apply -w /etc/iptables/iptables.rules -c /etc/iptables/iptables.run"
--
Man page: iptables-apply.8
Issue 1: ip6tables-apply → B<ip6tables-apply>
Issue 2: rulesfile → I<rulesfile>
Issue 3: '/etc/iptables/iptables.rules' -> I</etc/iptables/iptables.rules>
Issue 4: ip6tables-save/-restore →
B<ip6tables-save>(8)/B<ip6tables-restore>(8)
"When called as ip6tables-apply, the script will use ip6tables-save/-restore "
"and IPv6 default values instead. Default value for rulesfile is '/etc/"
"iptables/iptables.rules'."
--
Man page: iptables-apply.8
Issue 1: /etc/iptables/iptables.rules → I</etc/iptables/iptables.rules>
Issue 2: savefile → I<savefile>
"Specify the savefile where successfully applied rules will be written to "
"(default if empty string is given: /etc/iptables/iptables.rules)."
--
Man page: iptables-apply.8
Issue: /etc/iptables/iptables.run → I</etc/iptables/iptables.run>
"Run command runcmd to configure iptables instead of applying a rulesfile "
"(default: /etc/iptables/iptables.run)."
--
Man page: iptables-apply.8
Issue: Is the word "information" actually required?
"Display version information."
--
Man page: iptables-apply.8
Issue: iptables-apply → B<iptables-apply>
"Original iptables-apply - Copyright 2006 Martin F. Krafft "
"E<lt>madduck at madduck.netE<gt>. Version 1.1 - Copyright 2010 GW "
"E<lt>gw.2010 at tnode.com or http://gw.tnode.com/E<gt>."
--
Man page: iptables-apply.8
Issue 1: ip6tables-apply → B<ip6tables-apply>
Issue 2: ip6tables-save/-restore → <ip6tables-save>(8)/B<ip6tables-restore>(8)
"When called as ip6tables-apply, the script will use ip6tables-save/-restore "
"and IPv6 default values instead. Default value for rulesfile is '/etc/"
"network/iptables.up.rules'."
--
Man page: iptables-apply.8
Issue: /etc/network/iptables.up.rules → I</etc/network/iptables.up.rules>
"Specify the savefile where successfully applied rules will be written to "
"(default if empty string is given: /etc/network/iptables.up.rules)."
--
Man page: iptables-apply.8
Issue: /etc/network/iptables.up.run → B</etc/network/iptables.up.run>
"Run command runcmd to configure iptables instead of applying a rulesfile "
"(default: /etc/network/iptables.up.run)."
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240828/e24507d6/attachment.html>
More information about the netfilter-buglog
mailing list