mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-26 09:33:14 +01:00
Improve formatting of 'rules' manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
af893b6296
commit
18bb6c94ca
@ -413,31 +413,34 @@
|
|||||||
<para>The older syntax where the macro name and the target are
|
<para>The older syntax where the macro name and the target are
|
||||||
separated by a slash (e.g. FTP/ACCEPT) is still allowed but is
|
separated by a slash (e.g. FTP/ACCEPT) is still allowed but is
|
||||||
deprecated.</para>
|
deprecated.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
|
||||||
<para>The <emphasis role="bold">ACTION</emphasis> may
|
<para>The <emphasis role="bold">ACTION</emphasis> may optionally be
|
||||||
optionally be followed by ":" and a syslog log level (e.g,
|
followed by ":" and a syslog log level (e.g, REJECT:info or
|
||||||
REJECT:info or DNAT:debug). This causes the packet to be
|
DNAT:debug). This causes the packet to be logged at the specified
|
||||||
logged at the specified level. Note that if the <emphasis
|
level. Note that if the <emphasis role="bold">ACTION</emphasis>
|
||||||
role="bold">ACTION</emphasis> involves destination network
|
involves destination network address translation (DNAT, REDIRECT,
|
||||||
address translation (DNAT, REDIRECT, etc.) then the packet is
|
etc.) then the packet is logged <emphasis
|
||||||
logged <emphasis role="bold">before</emphasis> the destination
|
role="bold">before</emphasis> the destination address is
|
||||||
address is rewritten.</para>
|
rewritten.</para>
|
||||||
|
|
||||||
<para>If the <emphasis role="bold">ACTION</emphasis> names an
|
<para>If the <emphasis role="bold">ACTION</emphasis> names an
|
||||||
<emphasis>action</emphasis> declared in <ulink
|
<emphasis>action</emphasis> declared in <ulink
|
||||||
url="shorewall-actions.html">shorewall-actions</ulink>(5) or
|
url="shorewall-actions.html">shorewall-actions</ulink>(5) or in
|
||||||
in /usr/share/shorewall/actions.std then:</para>
|
/usr/share/shorewall/actions.std then:</para>
|
||||||
|
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>If the log level is followed by "!' then all rules
|
<para>If the log level is followed by "!' then all rules in the
|
||||||
in the action are logged at the log level.</para>
|
action are logged at the log level.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>If the log level is not followed by "!" then only
|
<para>If the log level is not followed by "!" then only those
|
||||||
those rules in the action that do not specify logging are
|
rules in the action that do not specify logging are logged at
|
||||||
logged at the specified level.</para>
|
the specified level.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
@ -447,23 +450,19 @@
|
|||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
|
||||||
<para>You may also specify <emphasis
|
<para>You may also specify <emphasis role="bold">ULOG</emphasis> or
|
||||||
role="bold">ULOG</emphasis> or <emphasis
|
<emphasis role="bold">NFLOG</emphasis> (must be in upper case) as a
|
||||||
role="bold">NFLOG</emphasis> (must be in upper case) as a log
|
log level.This will log to the ULOG or NFLOG target for routing to a
|
||||||
level.This will log to the ULOG or NFLOG target for routing to
|
separate log through use of ulogd (<ulink
|
||||||
a separate log through use of ulogd (<ulink
|
|
||||||
url="http://www.netfilter.org/projects/ulogd/index.html">http://www.netfilter.org/projects/ulogd/index.html</ulink>).</para>
|
url="http://www.netfilter.org/projects/ulogd/index.html">http://www.netfilter.org/projects/ulogd/index.html</ulink>).</para>
|
||||||
|
|
||||||
<para>Actions specifying logging may be followed by a log tag
|
<para>Actions specifying logging may be followed by a log tag (a
|
||||||
(a string of alphanumeric characters) which is appended to the
|
string of alphanumeric characters) which is appended to the string
|
||||||
string generated by the LOGPREFIX (in <ulink
|
generated by the LOGPREFIX (in <ulink
|
||||||
url="shorewall.conf.html">shorewall.conf</ulink>(5)).</para>
|
url="shorewall.conf.html">shorewall.conf</ulink>(5)).</para>
|
||||||
|
|
||||||
<para>Example: ACCEPT:info:ftp would include 'ftp ' at the end
|
<para>Example: ACCEPT:info:ftp would include 'ftp ' at the end of
|
||||||
of the log prefix generated by the LOGPREFIX setting.</para>
|
the log prefix generated by the LOGPREFIX setting.</para>
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
</variablelist>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
|||||||
@ -308,17 +308,14 @@
|
|||||||
<para>The older syntax where the macro name and the target are
|
<para>The older syntax where the macro name and the target are
|
||||||
separated by a slash (e.g. FTP/ACCEPT) is still allowed but is
|
separated by a slash (e.g. FTP/ACCEPT) is still allowed but is
|
||||||
deprecated.</para>
|
deprecated.</para>
|
||||||
|
|
||||||
<programlisting></programlisting>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
</variablelist>
|
</variablelist>
|
||||||
|
|
||||||
<blockquote>
|
<para>The <emphasis role="bold">ACTION</emphasis> may optionally be
|
||||||
<para>The <emphasis role="bold">ACTION</emphasis> may optionally
|
followed by ":" and a syslog log level (e.g, REJECT:info or
|
||||||
be followed by ":" and a syslog log level (e.g, REJECT:info or
|
ACCEPT:debug). This causes the packet to be logged at the specified
|
||||||
ACCEPT:debug). This causes the packet to be logged at the
|
level.</para>
|
||||||
specified level.</para>
|
|
||||||
|
|
||||||
<para>If the <emphasis role="bold">ACTION</emphasis> names an
|
<para>If the <emphasis role="bold">ACTION</emphasis> names an
|
||||||
<emphasis>action</emphasis> declared in <ulink
|
<emphasis>action</emphasis> declared in <ulink
|
||||||
@ -327,8 +324,8 @@
|
|||||||
|
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>If the log level is followed by "!' then all rules in
|
<para>If the log level is followed by "!' then all rules in the
|
||||||
the action are logged at the log level.</para>
|
action are logged at the log level.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
@ -356,7 +353,6 @@
|
|||||||
|
|
||||||
<para>Example: ACCEPT:info:ftp would include 'ftp ' at the end of
|
<para>Example: ACCEPT:info:ftp would include 'ftp ' at the end of
|
||||||
the log prefix generated by the LOGPREFIX setting.</para>
|
the log prefix generated by the LOGPREFIX setting.</para>
|
||||||
</blockquote>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user