From 372f436520618277e9ae6021102acb789e16687b Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 27 Feb 2006 23:09:24 +0000 Subject: [PATCH] Update macro documentation for 3.1 git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3601 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/capabilities | 6 ++++++ docs/Macros.xml | 46 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) diff --git a/Shorewall/capabilities b/Shorewall/capabilities index 0b4b67b25..e96ed4c0e 100644 --- a/Shorewall/capabilities +++ b/Shorewall/capabilities @@ -9,6 +9,12 @@ # the output of "shorewall show capabilities". If the capability # is available, set the corresponding variable to "Yes". Otherwise # leave it empty. +# +# You may generate the contents of this file programatically using the +# 'shorecap' program included with your Shorewall distribution. If you +# installed using the RPM, the file will be in the Shorewall +# documentation directory. Otherwise, please find the program in the +# directory created when you expanded the Shorewall distribution tarball. NAT_ENABLED=Yes # NAT MANGLE_ENABLED=Yes # Packet Mangling diff --git a/docs/Macros.xml b/docs/Macros.xml index 46e05b15e..f9fbae56b 100644 --- a/docs/Macros.xml +++ b/docs/Macros.xml @@ -186,6 +186,48 @@ SMTP/DNAT:info net loc #ACTION SOURCE DEST PROTO DEST PORT(S) DNAT:info net loc:192.168.1.5 tcp 25 + + Beginning with Shorewall 3.1, you may also specify SOURCE or + DEST in the SOURCE and DEST columns. This allows you to define + macros that work in both directions. + + Example 3: + +
+ /etc/shorewall/macro.SMBBI (Note: there + is already a macro like this released as part of Shorewall 3.1 and + later): + + #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ +# PORT PORT(S) DEST LIMIT GROUP +PARAM - - udp 135,445 +PARAM - - udp 137:139 +PARAM - - udp 1024: 137 +PARAM - - tcp 135,139,445 +PARAM DEST SOURCE udp 135,445 +PARAM DEST SOURCE udp 137:139 +PARAM DEST SOURCE udp 1024: 137 +PARAM DEST SOURCE tcp 135,139,445 +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE + + /etc/shorewall/rules: + + #ACTION SOURCE DEST PROTO DEST PORT(S) +SMBBI/ACCEPT loc fw + + This would be equivalent to coding the following directly in + /etc/shorewall/rules + + #ACTION SOURCE DEST PROTO DEST PORT(S) +ACCEPT loc fw udp 135,445 +ACCEPT loc fw udp 137:139 +ACCEPT loc fw udp 1024: 137 +ACCEPT loc fw tcp 135,139,445 +ACCEPT fw loc udp 135,445 +ACCEPT fw loc udp 137:139 +ACCEPT fw loc udp 1024: 137 +ACCEPT fw loc tcp 135,139,445 +
@@ -299,6 +341,8 @@ DNAT:info net loc:192.168.1.5 tcp 25 system through eth1. This may be optionally followed by another colon (:) and an IP/MAC/subnet address as described above (e.g. eth1:192.168.1.5). + + May also contain 'DEST' as described above. @@ -308,6 +352,8 @@ DNAT:info net loc:192.168.1.5 tcp 25 Unlike in the SOURCE column, you may specify a range of up to 256 IP addresses using the syntax <first ip>-<last ip>. + + May also contain 'SOURCE' as described above.