mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 06:38:53 +01:00
Correct INPUT marking documentation
This commit is contained in:
parent
e93a7fe9df
commit
37a5a01185
@ -181,8 +181,8 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
||||
See the shorewall-secmarks and shorewall6-secmarks manpages for
|
||||
details.
|
||||
|
||||
As part of this change, the tcrules file now accepts chain
|
||||
designators 'I' and 'CI' for marking packets in the input chain.
|
||||
As part of this change, the tcrules file now accepts $FW in the
|
||||
DEST column for marking packets in the INPUT chain.
|
||||
|
||||
4) The 'blacklist' interface option may now have one of 2 values:
|
||||
|
||||
|
@ -147,15 +147,6 @@
|
||||
<para>Mark the connecdtion in the POSTROUTING chain</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>CI</term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.4.13. Mark the connecdtion in
|
||||
the POSTROUTING chain</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
<para><emphasis role="bold">Special considerations for If
|
||||
@ -456,7 +447,7 @@ SAME $FW 0.0.0.0/0 tcp 80,443</programlisting>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">DEST</emphasis> - {<emphasis
|
||||
role="bold">-</emphasis>|{<emphasis>interface</emphasis>|[<emphasis>interface</emphasis>:]<emphasis>address-or-range</emphasis>[<emphasis
|
||||
role="bold">-</emphasis>|{<emphasis>interface</emphasis>|$FW}|[<emphasis>{interface</emphasis>|$FW}:]<emphasis>address-or-range</emphasis>[<emphasis
|
||||
role="bold">,</emphasis><emphasis>address-or-range</emphasis>]...}[<emphasis>exclusion</emphasis>]</term>
|
||||
|
||||
<listitem>
|
||||
@ -477,6 +468,12 @@ SAME $FW 0.0.0.0/0 tcp 80,443</programlisting>
|
||||
The list may include ip address ranges if your kernel and
|
||||
iptables include iprange support.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Beginning with Shorewall 4.4.13, $FW may be specified by
|
||||
itself or qualified by an address list. This causes marking to
|
||||
occur in the INPUT chain.</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>You may exclude certain hosts from the set already defined
|
||||
@ -812,8 +809,8 @@ SAME $FW 0.0.0.0/0 tcp 80,443</programlisting>
|
||||
shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5),
|
||||
shorewall-params(5), shorewall-policy(5), shorewall-providers(5),
|
||||
shorewall-proxyarp(5), shorewall-route_rules(5),
|
||||
shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5),
|
||||
shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tos(5),
|
||||
shorewall-tunnels(5), shorewall-zones(5)</para>
|
||||
shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
|
||||
shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
|
||||
shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</para>
|
||||
</refsect1>
|
||||
</refentry>
|
||||
|
@ -144,14 +144,6 @@
|
||||
<para>Mark the connection in the POSTROUTING chain</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>CI (added in Shorewall 4.4.13)</term>
|
||||
|
||||
<listitem>
|
||||
<para>Mark the connection in the INPUT chain.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
<para><emphasis role="bold">Special considerations for If
|
||||
@ -330,7 +322,7 @@ SAME $FW 0.0.0.0/0 tcp 80,443</programlisting>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">DEST</emphasis> - {<emphasis
|
||||
role="bold">-</emphasis>|{<emphasis>interface</emphasis>|[<emphasis>interface</emphasis>:]<<emphasis>address-or-range</emphasis>[<emphasis
|
||||
role="bold">-</emphasis>|{<emphasis>interface</emphasis>|$FW}[{<emphasis>interface</emphasis>|$FW}:]<<emphasis>address-or-range</emphasis>[<emphasis
|
||||
role="bold">,</emphasis><emphasis>address-or-range</emphasis>]...}[<emphasis>exclusion</emphasis>]></term>
|
||||
|
||||
<listitem>
|
||||
@ -348,6 +340,10 @@ SAME $FW 0.0.0.0/0 tcp 80,443</programlisting>
|
||||
('<' and '>') surrounding the address(es) may be
|
||||
omitted.</para>
|
||||
|
||||
<para>Beginning with Shorewall 4.4.13, $FW may be given by itself or
|
||||
qualified by an address list. This causes marking to occur in the
|
||||
INPUT chain.</para>
|
||||
|
||||
<para>You may exclude certain hosts from the set already defined
|
||||
through use of an <emphasis>exclusion</emphasis> (see <ulink
|
||||
url="shorewall6-exclusion.html">shorewall6-exclusion</ulink>(5)).</para>
|
||||
@ -666,8 +662,8 @@ SAME $FW 0.0.0.0/0 tcp 80,443</programlisting>
|
||||
shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),
|
||||
shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5),
|
||||
shorewall6-route_rules(5), shorewall6-routestopped(5),
|
||||
shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5),
|
||||
shorewall6-tcdevices(5), shorewall6-tos(5), shorewall6-tunnels(5),
|
||||
shorewall6-zones(5)</para>
|
||||
shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5),
|
||||
shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tos(5),
|
||||
shorewall6-tunnels(5), shorewall6-zones(5)</para>
|
||||
</refsect1>
|
||||
</refentry>
|
||||
|
Loading…
Reference in New Issue
Block a user