mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-07 16:24:01 +01:00
Documentation updates on top of those by Tuomo Soini
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
4c5eb2fc1c
commit
0d1d2c881f
@ -26,6 +26,8 @@
|
||||
|
||||
<year>2005</year>
|
||||
|
||||
<year>2016</year>
|
||||
|
||||
<holder>Thomas M. Eastep</holder>
|
||||
</copyright>
|
||||
|
||||
@ -118,5 +120,5 @@
|
||||
</example>
|
||||
</section>
|
||||
|
||||
<lot></lot>
|
||||
<lot/>
|
||||
</article>
|
||||
|
11
docs/FAQ.xml
11
docs/FAQ.xml
@ -412,7 +412,7 @@ DNAT net loc:192.168.1.3:22 tcp 1022</programlisting>
|
||||
following rule, then you will have access on port 4104 from the net
|
||||
and on port 22 from your LAN.</para>
|
||||
|
||||
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
|
||||
<programlisting>#ACTION SOURCE DEST PROTO DPORT
|
||||
DNAT net fw:192.168.1.1:22 tcp 4104</programlisting>
|
||||
</section>
|
||||
|
||||
@ -1476,8 +1476,9 @@ net-fw DROP eth2 5 packets from 61.158.162.9 to 206.124.146.177</programlisting
|
||||
|
||||
DROP net $FW udp 10619</programlisting>
|
||||
|
||||
<para>Alternatively, if you do not set BLACKLIST_LOGLEVEL you can blacklist
|
||||
the port. In <filename>/etc/shorewall/blrules</filename>:</para>
|
||||
<para>Alternatively, if you do not set BLACKLIST_LOGLEVEL you can
|
||||
blacklist the port. In
|
||||
<filename>/etc/shorewall/blrules</filename>:</para>
|
||||
|
||||
<programlisting>#ACTION SOURCE DEST PROTO DPORT
|
||||
|
||||
@ -3039,8 +3040,8 @@ REJECT fw net:pagead2.googlesyndication.com all</programlist
|
||||
|
||||
<para><programlisting>#ACTION SOURCE DEST PROTO
|
||||
REJECT $FW net:216.239.37.99 all
|
||||
REJECT $FW net:216.239.39.99 all</programlisting>Given that
|
||||
name-based multiple hosting is a common practice (another example:
|
||||
REJECT $FW net:216.239.39.99 all</programlisting>Given
|
||||
that name-based multiple hosting is a common practice (another example:
|
||||
lists.shorewall.net and www1.shorewall.net are both hosted on the same
|
||||
system with a single IP address), it is not possible to filter
|
||||
connections to a particular name by examination of protocol headers
|
||||
|
@ -26,6 +26,8 @@
|
||||
|
||||
<year>2009</year>
|
||||
|
||||
<year>2016</year>
|
||||
|
||||
<holder>Thomas M. Eastep</holder>
|
||||
</copyright>
|
||||
|
||||
|
@ -22,6 +22,8 @@
|
||||
|
||||
<year>2009</year>
|
||||
|
||||
<year>2016</year>
|
||||
|
||||
<holder>Thomas M. Eastep</holder>
|
||||
</copyright>
|
||||
|
||||
@ -515,7 +517,7 @@ ACCEPT net:wlan0:<2002:ce7c:92b4::3> $FW tcp 22
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para></para>
|
||||
<para/>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -523,9 +525,9 @@ ACCEPT net:wlan0:<2002:ce7c:92b4::3> $FW tcp 22
|
||||
<term>Macros</term>
|
||||
|
||||
<listitem>
|
||||
<para>The Shorewall6 package depends on Shorewall-common for
|
||||
application macros. Only certain address-family specific macros such
|
||||
as macro.AllowICMPs are included in Shorewall6. As a consequence,
|
||||
<para>The Shorewall6 package depends on Shorewall for application
|
||||
macros. Only certain address-family specific macros such as
|
||||
macro.AllowICMPs are included in Shorewall6. As a consequence,
|
||||
/usr/share/shorewall/ is included in the default Shorewall6
|
||||
CONFIG_PATH.</para>
|
||||
</listitem>
|
||||
|
@ -26,6 +26,8 @@
|
||||
<copyright>
|
||||
<year>2005</year>
|
||||
|
||||
<year>2016</year>
|
||||
|
||||
<holder>Thomas M. Eastep</holder>
|
||||
</copyright>
|
||||
|
||||
@ -252,9 +254,6 @@ ACCEPT $FW loc tcp 135,139,445</programlist
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
<para>One additional restriction should be noted: macros that are invoked
|
||||
from actions cannot themselves invoke other actions.</para>
|
||||
</section>
|
||||
|
||||
<section id="Defining">
|
||||
@ -282,6 +281,13 @@ ACCEPT $FW loc tcp 135,139,445</programlist
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
<section>
|
||||
<title>Shorewall 5.0.0 and Later</title>
|
||||
|
||||
<para>The columns in a macro file are the same as those in <ulink
|
||||
url="manpages/shorewall-rules.html">shorewall-rules(5)</ulink>.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Shorewall 4.4.16 and Later</title>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user