Documentation updates on top of those by Tuomo Soini

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-02-16 14:14:40 -08:00
parent 4c5eb2fc1c
commit 0d1d2c881f
5 changed files with 26 additions and 13 deletions

View File

@ -26,6 +26,8 @@
<year>2005</year>
<year>2016</year>
<holder>Thomas M. Eastep</holder>
</copyright>
@ -118,5 +120,5 @@
</example>
</section>
<lot></lot>
<lot/>
</article>

View File

@ -412,7 +412,7 @@ DNAT net loc:192.168.1.3:22 tcp 1022</programlisting>
following rule, then you will have access on port 4104 from the net
and on port 22 from your LAN.</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
<programlisting>#ACTION SOURCE DEST PROTO DPORT
DNAT net fw:192.168.1.1:22 tcp 4104</programlisting>
</section>
@ -1476,8 +1476,9 @@ net-fw DROP eth2 5 packets from 61.158.162.9 to 206.124.146.177</programlisting
DROP net $FW udp 10619</programlisting>
<para>Alternatively, if you do not set BLACKLIST_LOGLEVEL you can blacklist
the port. In <filename>/etc/shorewall/blrules</filename>:</para>
<para>Alternatively, if you do not set BLACKLIST_LOGLEVEL you can
blacklist the port. In
<filename>/etc/shorewall/blrules</filename>:</para>
<programlisting>#ACTION SOURCE DEST PROTO DPORT
@ -3039,8 +3040,8 @@ REJECT fw net:pagead2.googlesyndication.com all</programlist
<para><programlisting>#ACTION SOURCE DEST PROTO
REJECT $FW net:216.239.37.99 all
REJECT $FW net:216.239.39.99 all</programlisting>Given that
name-based multiple hosting is a common practice (another example:
REJECT $FW net:216.239.39.99 all</programlisting>Given
that name-based multiple hosting is a common practice (another example:
lists.shorewall.net and www1.shorewall.net are both hosted on the same
system with a single IP address), it is not possible to filter
connections to a particular name by examination of protocol headers

View File

@ -26,6 +26,8 @@
<year>2009</year>
<year>2016</year>
<holder>Thomas M. Eastep</holder>
</copyright>

View File

@ -22,6 +22,8 @@
<year>2009</year>
<year>2016</year>
<holder>Thomas M. Eastep</holder>
</copyright>
@ -515,7 +517,7 @@ ACCEPT net:wlan0:&lt;2002:ce7c:92b4::3&gt; $FW tcp 22
</listitem>
</itemizedlist>
<para></para>
<para/>
</listitem>
</varlistentry>
@ -523,9 +525,9 @@ ACCEPT net:wlan0:&lt;2002:ce7c:92b4::3&gt; $FW tcp 22
<term>Macros</term>
<listitem>
<para>The Shorewall6 package depends on Shorewall-common for
application macros. Only certain address-family specific macros such
as macro.AllowICMPs are included in Shorewall6. As a consequence,
<para>The Shorewall6 package depends on Shorewall for application
macros. Only certain address-family specific macros such as
macro.AllowICMPs are included in Shorewall6. As a consequence,
/usr/share/shorewall/ is included in the default Shorewall6
CONFIG_PATH.</para>
</listitem>

View File

@ -26,6 +26,8 @@
<copyright>
<year>2005</year>
<year>2016</year>
<holder>Thomas M. Eastep</holder>
</copyright>
@ -252,9 +254,6 @@ ACCEPT $FW loc tcp 135,139,445</programlist
</listitem>
</varlistentry>
</variablelist>
<para>One additional restriction should be noted: macros that are invoked
from actions cannot themselves invoke other actions.</para>
</section>
<section id="Defining">
@ -282,6 +281,13 @@ ACCEPT $FW loc tcp 135,139,445</programlist
</listitem>
</orderedlist>
<section>
<title>Shorewall 5.0.0 and Later</title>
<para>The columns in a macro file are the same as those in <ulink
url="manpages/shorewall-rules.html">shorewall-rules(5)</ulink>.</para>
</section>
<section>
<title>Shorewall 4.4.16 and Later</title>