From 21de50ae40071c6fdb50f652044e78392348ac87 Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 31 Aug 2005 19:06:30 +0000 Subject: [PATCH] Update Config file basics doc for 3.0 - take 2 git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2609 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-docs2/configuration_file_basics.xml | 43 +++++++++---------- 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/Shorewall-docs2/configuration_file_basics.xml b/Shorewall-docs2/configuration_file_basics.xml index c21236e13..b9246e399 100644 --- a/Shorewall-docs2/configuration_file_basics.xml +++ b/Shorewall-docs2/configuration_file_basics.xml @@ -320,9 +320,8 @@ smtp,www,pop3,imap #Services running on the firewall problems then don't say that you were not forewarned. - Beginning with Shorewall 1.3.9, Host addresses in Shorewall - configuration files may be specified as either IP addresses or DNS - Names. + Host addresses in Shorewall configuration files may be specified as + either IP addresses or DNS Names. DNS names in iptables rules aren't nearly as useful as they first appear. When a DNS name appears in a rule, the iptables utility resolves @@ -419,16 +418,6 @@ smtp,www,pop3,imap #Services running on the firewall Shorewall. -
- Complementing an Address or Subnet - - Where specifying an IP address, a subnet or an interface, you can - precede the item with ! to specify the complement of the - item. For example, !192.168.1.4 means any host but - 192.168.1.4. There must be no white space following the - !. -
-
Comma-separated Lists @@ -454,6 +443,16 @@ smtp,www,pop3,imap #Services running on the firewall
+
+ Complementing an Address or Subnet + + Where specifying an IP address, a subnet or an interface, you can + precede the item with ! to specify the complement of the + item. For example, !192.168.1.4 means any host but + 192.168.1.4. There must be no white space following the + !. +
+
Exclusion Lists @@ -482,16 +481,16 @@ smtp,www,pop3,imap #Services running on the firewall
IP Address Ranges - Beginning with Shorewall 2.2.0, if you kernel and iptables have - iprange match support, you may use IP address ranges in Shorewall - configuration file entries; IP address ranges have the syntax - <low IP address>-<high IP - address>. Example: 192.168.1.5-192.168.1.12. + If you kernel and iptables have iprange match support, you may use + IP address ranges in Shorewall configuration file entries; IP address + ranges have the syntax <low IP + address>-<high IP address>. + Example: 192.168.1.5-192.168.1.12. To see if your kernel and iptables have the required support, use - the shorewall check command: + the shorewall show capabilities command: - >~ shorewall check + >~ shorewall show capabilities ... Shorewall has detected the following iptables/netfilter capabilities: NAT: Available @@ -725,9 +724,7 @@ INT_IF=$(getcfg-interface bus-pci-0000:00:03.0) specifying the separate directory in a shorewall start or shorewall restart command (e.g., - shorewall restart /etc/testconfig using Shorewall - 2.2.0 and later or shorewall -c /etc/testconf - restart using earlier versions ) + shorewall restart /etc/testconfig )