extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-02 19:49:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add caution about macros and non-standard ports.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2014-03-05 09:24:41 -08:00
parent 3cfee0e43c
commit 3ca3b8b552
3 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/standalone.xml
View File

@ -536,6 +536,12 @@ Web(ACCEPT) net $FW
IMAP(ACCEPT)net $FW</programlisting> IMAP(ACCEPT)net $FW</programlisting>
</example> </example>
<caution>
<para>The Shorewall-provided macros assume that the associated service
is using it's standard port and will not work with services listening on
a non-standard port.</para>
</caution>
<para>You may also choose to code your rules directly without using the <para>You may also choose to code your rules directly without using the
pre-defined macros. This will be necessary in the event that there is not pre-defined macros. This will be necessary in the event that there is not
a pre-defined macro that meets your requirements. In that case the general a pre-defined macro that meets your requirements. In that case the general

6
docs/three-interface.xml
View File

@ -971,6 +971,12 @@ ACCEPT dmz $FW udp 53 </programlist
code the appropriate rules directly. <ulink url="ports.html">This code the appropriate rules directly. <ulink url="ports.html">This
page</ulink> can be of help if you don't know the protocol and port page</ulink> can be of help if you don't know the protocol and port
involved.</para> involved.</para>
<caution>
<para>The Shorewall-provided macros assume that the service is using its
standard port and will not work with a service listening on a
non-standard port.</para>
</caution>
</section> </section>
<section id="Open"> <section id="Open">

8
docs/two-interface.xml
View File

@ -807,6 +807,12 @@ FTP(DNAT) net loc:10.10.10.1</programlisting> For
url="FTP.html">Shorewall FTP documentation</ulink> for more url="FTP.html">Shorewall FTP documentation</ulink> for more
information.</para> information.</para>
</example> A couple of important points to keep in mind: <itemizedlist> </example> A couple of important points to keep in mind: <itemizedlist>
<listitem>
<para>The Shorewall-provided macros assume that the service is using
its standard port and will not work with a service listening on a
non-standard port.</para>
</listitem>
<listitem> <listitem>
<para>You must test the above rule from a client outside of your <para>You must test the above rule from a client outside of your
local network (i.e., don't test from a browser running on computers local network (i.e., don't test from a browser running on computers
@ -1080,7 +1086,7 @@ ACCEPT loc $FW tcp 80 #Allow Weblet to work</progra
</listitem> </listitem>
</orderedlist> </orderedlist>
<para> Also, I don't recommend using <quote><command>shorewall <para>Also, I don't recommend using <quote><command>shorewall
restart</command></quote>; it is better to create an alternate restart</command></quote>; it is better to create an alternate
configuration and test it using the <quote><command>shorewall configuration and test it using the <quote><command>shorewall
try</command></quote> command.</para> try</command></quote> command.</para>