Add EXPAND_POLICIES to shorewall.conf man page

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7003 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-07-30 14:44:35 +00:00
parent d10cb1ba99
commit 3f8b0ae49c

View File

@ -421,6 +421,26 @@
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">EXPAND_POLICIES=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
<listitem>
<para>Normally, when the SOURCE or DEST columns in
shorewall-policy(5) contains 'all', a single policy chain is created
and the policy is enforced in that chain. For example, if the policy
entry is<programlisting>#SOURCE DEST POLICY LOG
# LEVEL
net all DROP info</programlisting>then the chain name is 'net2all'
which is also the chain named in Shorewall log messages generated as
a result of the policy. If EXPAND_POLICIES=Yes, then Shorewall-perl
will create a separate chain for each pair of zones covered by the
policy. This makes the resulting log messages easier to interpret
since the chain in the messages will have a name of the form 'a2b'
where 'a' is the SOURCE zone and 'b' is the DEST zone.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">EXPORTPARAMS=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>