Correct INPUT marking documentation

This commit is contained in:
Tom Eastep 2010-09-11 12:47:32 -07:00
parent e93a7fe9df
commit 37a5a01185
3 changed files with 20 additions and 27 deletions

View File

@ -181,8 +181,8 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
See the shorewall-secmarks and shorewall6-secmarks manpages for
details.
As part of this change, the tcrules file now accepts chain
designators 'I' and 'CI' for marking packets in the input chain.
As part of this change, the tcrules file now accepts $FW in the
DEST column for marking packets in the INPUT chain.
4) The 'blacklist' interface option may now have one of 2 values:

View File

@ -147,15 +147,6 @@
<para>Mark the connecdtion in the POSTROUTING chain</para>
</listitem>
</varlistentry>
<varlistentry>
<term>CI</term>
<listitem>
<para>Added in Shorewall 4.4.13. Mark the connecdtion in
the POSTROUTING chain</para>
</listitem>
</varlistentry>
</variablelist>
<para><emphasis role="bold">Special considerations for If
@ -456,7 +447,7 @@ SAME $FW 0.0.0.0/0 tcp 80,443</programlisting>
<varlistentry>
<term><emphasis role="bold">DEST</emphasis> - {<emphasis
role="bold">-</emphasis>|{<emphasis>interface</emphasis>|[<emphasis>interface</emphasis>:]<emphasis>address-or-range</emphasis>[<emphasis
role="bold">-</emphasis>|{<emphasis>interface</emphasis>|$FW}|[<emphasis>{interface</emphasis>|$FW}:]<emphasis>address-or-range</emphasis>[<emphasis
role="bold">,</emphasis><emphasis>address-or-range</emphasis>]...}[<emphasis>exclusion</emphasis>]</term>
<listitem>
@ -477,6 +468,12 @@ SAME $FW 0.0.0.0/0 tcp 80,443</programlisting>
The list may include ip address ranges if your kernel and
iptables include iprange support.</para>
</listitem>
<listitem>
<para>Beginning with Shorewall 4.4.13, $FW may be specified by
itself or qualified by an address list. This causes marking to
occur in the INPUT chain.</para>
</listitem>
</orderedlist>
<para>You may exclude certain hosts from the set already defined
@ -812,8 +809,8 @@ SAME $FW 0.0.0.0/0 tcp 80,443</programlisting>
shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5),
shorewall-params(5), shorewall-policy(5), shorewall-providers(5),
shorewall-proxyarp(5), shorewall-route_rules(5),
shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5),
shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tos(5),
shorewall-tunnels(5), shorewall-zones(5)</para>
shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</para>
</refsect1>
</refentry>

View File

@ -144,14 +144,6 @@
<para>Mark the connection in the POSTROUTING chain</para>
</listitem>
</varlistentry>
<varlistentry>
<term>CI (added in Shorewall 4.4.13)</term>
<listitem>
<para>Mark the connection in the INPUT chain.</para>
</listitem>
</varlistentry>
</variablelist>
<para><emphasis role="bold">Special considerations for If
@ -330,7 +322,7 @@ SAME $FW 0.0.0.0/0 tcp 80,443</programlisting>
<varlistentry>
<term><emphasis role="bold">DEST</emphasis> - {<emphasis
role="bold">-</emphasis>|{<emphasis>interface</emphasis>|[<emphasis>interface</emphasis>:]&lt;<emphasis>address-or-range</emphasis>[<emphasis
role="bold">-</emphasis>|{<emphasis>interface</emphasis>|$FW}[{<emphasis>interface</emphasis>|$FW}:]&lt;<emphasis>address-or-range</emphasis>[<emphasis
role="bold">,</emphasis><emphasis>address-or-range</emphasis>]...}[<emphasis>exclusion</emphasis>]&gt;</term>
<listitem>
@ -348,6 +340,10 @@ SAME $FW 0.0.0.0/0 tcp 80,443</programlisting>
('&lt;' and '&gt;') surrounding the address(es) may be
omitted.</para>
<para>Beginning with Shorewall 4.4.13, $FW may be given by itself or
qualified by an address list. This causes marking to occur in the
INPUT chain.</para>
<para>You may exclude certain hosts from the set already defined
through use of an <emphasis>exclusion</emphasis> (see <ulink
url="shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para>
@ -666,8 +662,8 @@ SAME $FW 0.0.0.0/0 tcp 80,443</programlisting>
shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),
shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5),
shorewall6-route_rules(5), shorewall6-routestopped(5),
shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5),
shorewall6-tcdevices(5), shorewall6-tos(5), shorewall6-tunnels(5),
shorewall6-zones(5)</para>
shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5),
shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tos(5),
shorewall6-tunnels(5), shorewall6-zones(5)</para>
</refsect1>
</refentry>