mirror of
https://gitlab.com/shorewall/code.git
synced 2025-02-02 02:49:54 +01:00
Move and correct EXPORTMODULES in shorewall6.conf manpage
This commit is contained in:
Tom Eastep
parent
3b0da84b8d
commit
3730283b64
@ -2,6 +2,10 @@ Changes in Shorewall 4.4.19 RC 1
|
|||||||
|
|
||||||
1) Correct release notes.
|
1) Correct release notes.
|
||||||
|
|
||||||
|
2) Display mangle table in the output from 'shorewall show tc'.
|
||||||
|
|
||||||
|
3) Exit tcpost early if connection is marked.
|
||||||
|
|
||||||
Changes in Shorewall 4.4.19 Beta 5
|
Changes in Shorewall 4.4.19 Beta 5
|
||||||
|
|
||||||
1) Fix logical naming and bridge.
|
1) Fix logical naming and bridge.
|
||||||
|
|||||||
@ -121,6 +121,16 @@ Beta 1
|
|||||||
5) A list of protocols is now permitted in the PROTO column of the
|
5) A list of protocols is now permitted in the PROTO column of the
|
||||||
rules file.
|
rules file.
|
||||||
|
|
||||||
|
6) The contents of the Netfilter mangle table are now included in the
|
||||||
|
output from 'shorewall show tc'.
|
||||||
|
|
||||||
|
7) When simple traffic shaping is configured, the postrouting marking
|
||||||
|
chain 'tcpost' is now exited early if the connection was previously
|
||||||
|
marked.
|
||||||
|
|
||||||
|
Note: tcpost is usually deleted by optimization level 4 and its
|
||||||
|
rules appear in the POSTROUTING chain.
|
||||||
|
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
I V. R E L E A S E 4 . 4 H I G H L I G H T S
|
I V. R E L E A S E 4 . 4 H I G H L I G H T S
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
|
|||||||
@ -444,22 +444,23 @@
|
|||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis role="bold">EXPAND_POLICIES=</emphasis>{<emphasis
|
<term><emphasis role="bold">EXPORTMODULES=</emphasis>[<emphasis
|
||||||
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
|
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Normally, when the SOURCE or DEST columns in
|
<para>Added in Shorewall 4.4.17. When set to Yes when compiling for
|
||||||
shorewall6-policy(5) contains 'all', a single policy chain is
|
use by Shorewall6 Lite (<command>shorewall6 load</command>,
|
||||||
created and the policy is enforced in that chain. For example, if
|
<command>shorewall6 reload </command>or <command>shorewall6
|
||||||
the policy entry is<programlisting>#SOURCE DEST POLICY LOG
|
export</command> commands), the compiler will copy the modules or
|
||||||
# LEVEL
|
helpers file from the administrative system into the script. When
|
||||||
net all DROP info</programlisting>then the chain name is 'net2all'
|
set to No or not specified, the compiler will not copy the modules
|
||||||
which is also the chain named in Shorewall6 log messages generated
|
or helpers file from <filename>/usr/share/shorewall6</filename> but
|
||||||
as a result of the policy. If EXPAND_POLICIES=Yes, then Shorewall6
|
will copy the found in another location on the CONFIG_PATH.</para>
|
||||||
will create a separate chain for each pair of zones covered by the
|
|
||||||
policy. This makes the resulting log messages easier to interpret
|
<para>When compiling for direct use by Shorewall6, causes the
|
||||||
since the chain in the messages will have a name of the form 'a2b'
|
contents of the local module or helpers file to be copied into the
|
||||||
where 'a' is the SOURCE zone and 'b' is the DEST zone.</para>
|
compiled script. When set to No or not set, the compiled script
|
||||||
|
reads the file itself.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1492,27 +1493,6 @@ net all DROP info</programlisting>then the chain name is 'net2all'
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term><emphasis role="bold">EXPORTMODULES=</emphasis>[<emphasis
|
|
||||||
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Added in Shorewall 4.4.17. When set to Yes when compiling for
|
|
||||||
use by Shorewall6 LIte (<command>shorewall6 load</command>,
|
|
||||||
<command>shorewall6 reload </command>or <command>shorewall6
|
|
||||||
export</command> commands), the compiler will copy the modules or
|
|
||||||
helpers file from the administrative system into the script. When
|
|
||||||
set to No or not specified, the compiler will not copy the modules
|
|
||||||
or helpers file from <filename>/usr/share/shorewall6</filename> but
|
|
||||||
will copy the found in another location on the CONFIG_PATH.</para>
|
|
||||||
|
|
||||||
<para>When compiling for direct use by Shorewall6, causes the
|
|
||||||
contents of the local module or helpers file to be copied into the
|
|
||||||
compiled script. When set to No or not set, the compiled script
|
|
||||||
reads the file itself.</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis
|
<term><emphasis
|
||||||
role="bold">VERBOSITY=</emphasis>[<emphasis>number</emphasis>]</term>
|
role="bold">VERBOSITY=</emphasis>[<emphasis>number</emphasis>]</term>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user