Correct Format-3 syntax for the SOURCE column of the conntrack file.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-11-26 07:48:43 -08:00
parent e7dee420ee
commit 21c2963691
2 changed files with 4 additions and 24 deletions

View File

@ -307,22 +307,12 @@
<para>Beginning with Shorewall 4.5.10, <option>all-</option> can be <para>Beginning with Shorewall 4.5.10, <option>all-</option> can be
used as the <replaceable>zone</replaceable> name to mean all used as the <replaceable>zone</replaceable> name to mean all
<firstterm>off-firewall zone</firstterm>s.</para> <firstterm>off-firewall zone</firstterm>s.</para>
<note>
<para>In 4.5.10, handling of <option>all</option> was changed.
<option>all</option> now causes the generated netfilter rule to be
appended to the raw table PREROUTING and OUTPUT chains directly.
<option>all-</option> rules are added directly to PREROUTING.
<option>all</option> and <option>all-</option> rules are processed
after the more specific rules that specify an individual
zone.</para>
</note>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>SOURCE (formats 3) <term>SOURCE (format 3)
{-|[:<emphasis>interface</emphasis>][:<emphasis>address-list</emphasis>}</term> {-|<emphasis>interface</emphasis>[:<emphasis>address-list</emphasis>]|<replaceable>address-list</replaceable>}</term>
<listitem> <listitem>
<para>Where <replaceable>interface</replaceable> is an interface to <para>Where <replaceable>interface</replaceable> is an interface to

View File

@ -203,22 +203,12 @@
<para>Beginning with Shorewall 4.5.10, <option>all-</option> can be <para>Beginning with Shorewall 4.5.10, <option>all-</option> can be
used as the <replaceable>zone</replaceable> name to mean all used as the <replaceable>zone</replaceable> name to mean all
<firstterm>off-firewall zone</firstterm>s.</para> <firstterm>off-firewall zone</firstterm>s.</para>
<note>
<para>In 4.5.10, handling of <option>all</option> was changed.
<option>all</option> now causes the generated netfilter rule to be
appended to the raw table PREROUTING and OUTPUT chains directly.
<option>all-</option> rules are added directly to PREROUTING.
<option>all</option> and <option>all-</option> rules are processed
after the more specific rules that specify an individual
zone.</para>
</note>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>SOURCE (formats 3) <term>SOURCE (format 3)
{-|[:<emphasis>interface</emphasis>][:<emphasis>address-list</emphasis>}</term> {-|<emphasis>interface</emphasis>[:<emphasis>address-list</emphasis>]|<replaceable>address-list</replaceable>}</term>
<listitem> <listitem>
<para>Where <replaceable>interface</replaceable> is an interface to <para>Where <replaceable>interface</replaceable> is an interface to