mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-22 15:43:30 +01:00
Documentation updates on top of those by Tuomo Soini
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
4c5eb2fc1c
commit
0d1d2c881f
@ -26,6 +26,8 @@
|
|||||||
|
|
||||||
<year>2005</year>
|
<year>2005</year>
|
||||||
|
|
||||||
|
<year>2016</year>
|
||||||
|
|
||||||
<holder>Thomas M. Eastep</holder>
|
<holder>Thomas M. Eastep</holder>
|
||||||
</copyright>
|
</copyright>
|
||||||
|
|
||||||
@ -118,5 +120,5 @@
|
|||||||
</example>
|
</example>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<lot></lot>
|
<lot/>
|
||||||
</article>
|
</article>
|
||||||
|
|||||||
11
docs/FAQ.xml
11
docs/FAQ.xml
@ -412,7 +412,7 @@ DNAT net loc:192.168.1.3:22 tcp 1022</programlisting>
|
|||||||
following rule, then you will have access on port 4104 from the net
|
following rule, then you will have access on port 4104 from the net
|
||||||
and on port 22 from your LAN.</para>
|
and on port 22 from your LAN.</para>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DEST PROTO DPORT
|
||||||
DNAT net fw:192.168.1.1:22 tcp 4104</programlisting>
|
DNAT net fw:192.168.1.1:22 tcp 4104</programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
@ -1476,8 +1476,9 @@ net-fw DROP eth2 5 packets from 61.158.162.9 to 206.124.146.177</programlisting
|
|||||||
|
|
||||||
DROP net $FW udp 10619</programlisting>
|
DROP net $FW udp 10619</programlisting>
|
||||||
|
|
||||||
<para>Alternatively, if you do not set BLACKLIST_LOGLEVEL you can blacklist
|
<para>Alternatively, if you do not set BLACKLIST_LOGLEVEL you can
|
||||||
the port. In <filename>/etc/shorewall/blrules</filename>:</para>
|
blacklist the port. In
|
||||||
|
<filename>/etc/shorewall/blrules</filename>:</para>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DEST PROTO DPORT
|
<programlisting>#ACTION SOURCE DEST PROTO DPORT
|
||||||
|
|
||||||
@ -3039,8 +3040,8 @@ REJECT fw net:pagead2.googlesyndication.com all</programlist
|
|||||||
|
|
||||||
<para><programlisting>#ACTION SOURCE DEST PROTO
|
<para><programlisting>#ACTION SOURCE DEST PROTO
|
||||||
REJECT $FW net:216.239.37.99 all
|
REJECT $FW net:216.239.37.99 all
|
||||||
REJECT $FW net:216.239.39.99 all</programlisting>Given that
|
REJECT $FW net:216.239.39.99 all</programlisting>Given
|
||||||
name-based multiple hosting is a common practice (another example:
|
that name-based multiple hosting is a common practice (another example:
|
||||||
lists.shorewall.net and www1.shorewall.net are both hosted on the same
|
lists.shorewall.net and www1.shorewall.net are both hosted on the same
|
||||||
system with a single IP address), it is not possible to filter
|
system with a single IP address), it is not possible to filter
|
||||||
connections to a particular name by examination of protocol headers
|
connections to a particular name by examination of protocol headers
|
||||||
|
|||||||
@ -26,6 +26,8 @@
|
|||||||
|
|
||||||
<year>2009</year>
|
<year>2009</year>
|
||||||
|
|
||||||
|
<year>2016</year>
|
||||||
|
|
||||||
<holder>Thomas M. Eastep</holder>
|
<holder>Thomas M. Eastep</holder>
|
||||||
</copyright>
|
</copyright>
|
||||||
|
|
||||||
|
|||||||
@ -22,6 +22,8 @@
|
|||||||
|
|
||||||
<year>2009</year>
|
<year>2009</year>
|
||||||
|
|
||||||
|
<year>2016</year>
|
||||||
|
|
||||||
<holder>Thomas M. Eastep</holder>
|
<holder>Thomas M. Eastep</holder>
|
||||||
</copyright>
|
</copyright>
|
||||||
|
|
||||||
@ -515,7 +517,7 @@ ACCEPT net:wlan0:<2002:ce7c:92b4::3> $FW tcp 22
|
|||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
|
||||||
<para></para>
|
<para/>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -523,9 +525,9 @@ ACCEPT net:wlan0:<2002:ce7c:92b4::3> $FW tcp 22
|
|||||||
<term>Macros</term>
|
<term>Macros</term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>The Shorewall6 package depends on Shorewall-common for
|
<para>The Shorewall6 package depends on Shorewall for application
|
||||||
application macros. Only certain address-family specific macros such
|
macros. Only certain address-family specific macros such as
|
||||||
as macro.AllowICMPs are included in Shorewall6. As a consequence,
|
macro.AllowICMPs are included in Shorewall6. As a consequence,
|
||||||
/usr/share/shorewall/ is included in the default Shorewall6
|
/usr/share/shorewall/ is included in the default Shorewall6
|
||||||
CONFIG_PATH.</para>
|
CONFIG_PATH.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|||||||
@ -26,6 +26,8 @@
|
|||||||
<copyright>
|
<copyright>
|
||||||
<year>2005</year>
|
<year>2005</year>
|
||||||
|
|
||||||
|
<year>2016</year>
|
||||||
|
|
||||||
<holder>Thomas M. Eastep</holder>
|
<holder>Thomas M. Eastep</holder>
|
||||||
</copyright>
|
</copyright>
|
||||||
|
|
||||||
@ -252,9 +254,6 @@ ACCEPT $FW loc tcp 135,139,445</programlist
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
</variablelist>
|
</variablelist>
|
||||||
|
|
||||||
<para>One additional restriction should be noted: macros that are invoked
|
|
||||||
from actions cannot themselves invoke other actions.</para>
|
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="Defining">
|
<section id="Defining">
|
||||||
@ -282,6 +281,13 @@ ACCEPT $FW loc tcp 135,139,445</programlist
|
|||||||
</listitem>
|
</listitem>
|
||||||
</orderedlist>
|
</orderedlist>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>Shorewall 5.0.0 and Later</title>
|
||||||
|
|
||||||
|
<para>The columns in a macro file are the same as those in <ulink
|
||||||
|
url="manpages/shorewall-rules.html">shorewall-rules(5)</ulink>.</para>
|
||||||
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>Shorewall 4.4.16 and Later</title>
|
<title>Shorewall 4.4.16 and Later</title>
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user