mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-15 10:51:02 +01:00
fixed quotes, add CVS Id
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@991 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
9feb0d8e1d
commit
3d6746412c
@ -2,7 +2,7 @@
|
||||
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
||||
<article>
|
||||
<!---->
|
||||
<!--$Id$-->
|
||||
|
||||
<articleinfo>
|
||||
<title>User-defined Actions</title>
|
||||
@ -56,8 +56,8 @@
|
||||
<listitem>
|
||||
<para>Once you have defined your new action name (ActionName), then copy
|
||||
/etc/shorewall/action.template to /etc/shorewall/action.ActionName (for
|
||||
example, if your new action name is "Foo" then copy
|
||||
/etc/shorewall/action.template to /etc/shorewall/action.foo). </para>
|
||||
example, if your new action name is <quote>Foo</quote> then copy
|
||||
/etc/shorewall/action.template to /etc/shorewall/action.foo).</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
@ -71,24 +71,24 @@
|
||||
<listitem>
|
||||
<para>TARGET - Must be ACCEPT, DROP, REJECT, LOG, QUEUE or
|
||||
<action> where <action> is a previously-defined action.
|
||||
The TARGET may optionally be followed by a colon (":") and a
|
||||
syslog log level (e.g, REJECT:info or ACCEPT:debugging). This causes the
|
||||
packet to be logged at the specified level. You may also specify ULOG
|
||||
(must be in upper case) as a log level.This will log to the ULOG target
|
||||
for routing to a separate log through use of ulogd
|
||||
The TARGET may optionally be followed by a colon (<quote>:</quote>) and
|
||||
a syslog log level (e.g, REJECT:info or ACCEPT:debugging). This causes
|
||||
the packet to be logged at the specified level. You may also specify
|
||||
ULOG (must be in upper case) as a log level.This will log to the ULOG
|
||||
target for routing to a separate log through use of ulogd
|
||||
(http://www.gnumonks.org/projects/ulogd).</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>SOURCE - Source hosts to which the rule applies. A comma-separated
|
||||
list of subnets and/or hosts. Hosts may be specified by IP or MAC
|
||||
address; mac addresses must begin with "~" and must use
|
||||
"-" as a separator.</para>
|
||||
address; mac addresses must begin with <quote>~</quote> and must use
|
||||
<quote>-</quote> as a separator.</para>
|
||||
|
||||
<para>Alternatively, clients may be specified by interface name. For
|
||||
example, eth1 specifies a client that communicates with the firewall
|
||||
system through eth1. This may be optionally followed by another colon
|
||||
(":") and an IP/MAC/subnet address as described above (e.g.,
|
||||
system through eth1. This may be optionally followed by another colon (<quote>:</quote>)
|
||||
and an IP/MAC/subnet address as described above (e.g.,
|
||||
eth1:192.168.1.5).</para>
|
||||
</listitem>
|
||||
|
||||
@ -97,19 +97,18 @@
|
||||
MAC addresses are not allowed.</para>
|
||||
|
||||
<para>Unlike in the SOURCE column, you may specify a range of up to 256
|
||||
IP addresses using the syntax <first ip>-<last ip>.
|
||||
</para>
|
||||
IP addresses using the syntax <first ip>-<last ip>.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>PROTO - Protocol - Must be "tcp", "udp",
|
||||
"icmp", a number, or "all".</para>
|
||||
<para>PROTO - Protocol - Must be <quote>tcp</quote>, <quote>udp</quote>,
|
||||
<quote>icmp</quote>, a number, or <quote>all</quote>.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>DEST PORT(S) - Destination Ports. A comma-separated list of Port
|
||||
names (from /etc/services), port numbers or port ranges; if the protocol
|
||||
is "icmp", this column is interpreted as the destination
|
||||
is <quote>icmp</quote>, this column is interpreted as the destination
|
||||
icmp-type(s).</para>
|
||||
|
||||
<para>A port range is expressed as <low port>:<high
|
||||
@ -117,7 +116,7 @@
|
||||
|
||||
<para>This column is ignored if PROTOCOL = all but must be entered if
|
||||
any of the following ields are supplied. In that case, it is suggested
|
||||
that this field contain "-".</para>
|
||||
that this field contain <quote>-</quote>.</para>
|
||||
|
||||
<para>If your kernel contains multi-port match support, then only a
|
||||
single Netfilter rule will be generated if in this list and the CLIENT
|
||||
@ -141,10 +140,10 @@
|
||||
this column:</para>
|
||||
|
||||
<para><programlisting> <rate>/<interval>[:<burst>]</programlisting>where
|
||||
<rate> is the number of connections per <interval>
|
||||
("sec" or "min") and <burst> is the largest
|
||||
burst permitted. If no <burst> is given, a value of 5 is
|
||||
assumed. There may be no whitespace embedded in the specification.</para>
|
||||
<rate> is the number of connections per <interval> (<quote>sec</quote>
|
||||
or <quote>min</quote>) and <burst> is the largest burst
|
||||
permitted. If no <burst> is given, a value of 5 is assumed.
|
||||
There may be no whitespace embedded in the specification.</para>
|
||||
|
||||
<para><programlisting> Example: 10/sec:20</programlisting></para>
|
||||
</listitem>
|
||||
@ -157,6 +156,4 @@
|
||||
<para><programlisting> LogAndAccept</programlisting><emphasis
|
||||
role="bold">/etc/shorewall/action.LogAndAccept</emphasis><programlisting> LOG:info
|
||||
ACCEPT</programlisting></para>
|
||||
|
||||
<para> </para>
|
||||
</article>
|
Loading…
Reference in New Issue
Block a user