mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 06:38:53 +01:00
Add EXPAND_POLICIES to shorewall.conf man page
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7003 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
d10cb1ba99
commit
3f8b0ae49c
@ -421,6 +421,26 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">EXPAND_POLICIES=</emphasis>{<emphasis
|
||||
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
|
||||
|
||||
<listitem>
|
||||
<para>Normally, when the SOURCE or DEST columns in
|
||||
shorewall-policy(5) contains 'all', a single policy chain is created
|
||||
and the policy is enforced in that chain. For example, if the policy
|
||||
entry is<programlisting>#SOURCE DEST POLICY LOG
|
||||
# LEVEL
|
||||
net all DROP info</programlisting>then the chain name is 'net2all'
|
||||
which is also the chain named in Shorewall log messages generated as
|
||||
a result of the policy. If EXPAND_POLICIES=Yes, then Shorewall-perl
|
||||
will create a separate chain for each pair of zones covered by the
|
||||
policy. This makes the resulting log messages easier to interpret
|
||||
since the chain in the messages will have a name of the form 'a2b'
|
||||
where 'a' is the SOURCE zone and 'b' is the DEST zone.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">EXPORTPARAMS=</emphasis>{<emphasis
|
||||
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
|
||||
|
Loading…
Reference in New Issue
Block a user