Add CONNBYTES to shorewall-tcrules(5)

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8751 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-09 01:04:06 +01:00 · 2008-10-06 14:51:25 +00:00 · 2008-10-06 14:51:25 +00:00 · 3188a94901
commit 3188a94901
parent 30a6728e82
1 changed files with 49 additions and 1 deletions
--- a/manpages/shorewall-tcrules.xml
+++ b/manpages/shorewall-tcrules.xml
@ -1,4 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
+"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
 <refentry>
  <refmeta>
    <refentrytitle>shorewall-tcrules</refentrytitle>
@ -498,6 +500,52 @@
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term><emphasis role="bold">CONNBYTES</emphasis> -
+        [!]<emphasis>min</emphasis>:[<emphasis>max</emphasis>[:{<emphasis
+        role="bold">O</emphasis>|<emphasis role="bold">R</emphasis>|<emphasis
+        role="bold">B</emphasis>}[:{<emphasis
+        role="bold">B</emphasis>|<emphasis role="bold">P</emphasis>|<emphasis
+        role="bold">A</emphasis>}]]] </term>
+
+        <listitem>
+          <para>Connection Bytes; defines a byte or packet range that the
+          connection must fall within in order for the rule to match.</para>
+
+          <para>A packet matches if the the packet/byte count is within the
+          range defined by <emphasis>min</emphasis> and
+          <emphasis>max</emphasis> (unless ! is given in which case, a packet
+          matches if the packet/byte count is not within the range).
+          <emphasis>min</emphasis> is an integer which defines the beginning
+          of the byte/packet range. <emphasis>max</emphasis> is an integer
+          which defines the end of the byte/packet range; if omitted, only the
+          beginning of the range is checked. The first letter gives the
+          direction which the range refers to:<blockquote>
+              <para><emphasis role="bold">O</emphasis> - The original
+              direction of the connection.</para>
+
+              <para><emphasis role="bold">R</emphasis> - The opposite
+              direction from the original connection.</para>
+
+              <para><emphasis role="bold">B</emphasis> - The total of both
+              directions.</para>
+            </blockquote></para>
+
+          <para>If omitted, <emphasis role="bold">B</emphasis> is assumed.
+          </para>
+
+          <para>The second letter determines what the range refers
+          to.<blockquote>
+              <para><emphasis role="bold">B</emphasis> - Bytes</para>
+
+              <para><emphasis role="bold">P</emphasis> - Packets</para>
+
+              <para><emphasis role="bold">A</emphasis> - Average packet
+              size.</para>
+            </blockquote></para>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term><emphasis role="bold">HELPER -
        "<emphasis>helper</emphasis>"</emphasis></term>
@ -576,4 +624,4 @@
    shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tos(5),
    shorewall-tunnels(5), shorewall-zones(5)</para>
  </refsect1>
-</refentry>
+</refentry>