mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-26 01:23:14 +01:00
Clarify REJECT handling in IP[6]TABLE rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
fa8c3b3b6c
commit
4347190f82
@ -476,24 +476,35 @@
|
|||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>IPTABLES({<replaceable>target</replaceable>
|
<term>IPTABLES({<replaceable>iptables-target</replaceable>
|
||||||
[<replaceable>option</replaceable> ...])</term>
|
[<replaceable>option</replaceable> ...])</term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>This action allows you to specify an iptables target
|
<para>This action allows you to specify an iptables target
|
||||||
with options (e.g., 'IPTABLES(MARK --set-xmark 0x01/0xff)'. If
|
with options (e.g., 'IPTABLES(MARK --set-xmark 0x01/0xff)'. If
|
||||||
the target is not one recognized by Shorewall, the following
|
the <replaceable>iptables-target</replaceable> is not one
|
||||||
error message will be issued:</para>
|
recognized by Shorewall, the following error message will be
|
||||||
|
issued:</para>
|
||||||
|
|
||||||
<simplelist>
|
<simplelist>
|
||||||
<member>ERROR: Unknown target
|
<member>ERROR: Unknown target
|
||||||
(<replaceable>target</replaceable>)</member>
|
(<replaceable>iptables-target</replaceable>)</member>
|
||||||
</simplelist>
|
</simplelist>
|
||||||
|
|
||||||
<para>This error message may be eliminated by adding the
|
<para>This error message may be eliminated by adding the
|
||||||
<replaceable>target</replaceable> as a builtin action in
|
<replaceable>iptables-</replaceable><replaceable>target</replaceable>
|
||||||
<ulink
|
as a builtin action in <ulink
|
||||||
url="/manpages/shorewall-actions.html">shorewall-actions</ulink>(5).</para>
|
url="/manpages/shorewall-actions.html">shorewall-actions</ulink>(5).</para>
|
||||||
|
|
||||||
|
<important>
|
||||||
|
<para>If you specify REJECT as the
|
||||||
|
<replaceable>iptables-target</replaceable>, the target of
|
||||||
|
the rule will be the iptables REJECT target and not
|
||||||
|
Shorewall's builtin 'reject' chain which is used when REJECT
|
||||||
|
(see below) is specified as the
|
||||||
|
<replaceable>target</replaceable> in the ACTION
|
||||||
|
column.</para>
|
||||||
|
</important>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
@ -450,24 +450,36 @@
|
|||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>IP6TABLES({<replaceable>target</replaceable>
|
<term>IP6TABLES({<replaceable>ip6tables-target</replaceable>
|
||||||
[<replaceable>option</replaceable> ...])</term>
|
[<replaceable>option</replaceable> ...])</term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>This action allows you to specify an iptables target
|
<para>This action allows you to specify an ip6tables target
|
||||||
with options (e.g., 'IP6TABLES(MARK --set-xmark 0x01/0xff)'.
|
with options (e.g., 'IPTABLES(MARK --set-xmark 0x01/0xff)'. If
|
||||||
If the target is not one recognized by Shorewall, the
|
the <replaceable>ip6tables-target</replaceable> is not one
|
||||||
following error message will be issued:</para>
|
recognized by Shorewall, the following error message will be
|
||||||
|
issued:</para>
|
||||||
|
|
||||||
<simplelist>
|
<simplelist>
|
||||||
<member>ERROR: Unknown target
|
<member>ERROR: Unknown target
|
||||||
(<replaceable>target</replaceable>)</member>
|
(<replaceable>ip6tables-target</replaceable>)</member>
|
||||||
</simplelist>
|
</simplelist>
|
||||||
|
|
||||||
<para>This error message may be eliminated by adding the
|
<para>This error message may be eliminated by adding
|
||||||
<replaceable>target</replaceable> as a builtin action in
|
the<replaceable>
|
||||||
<ulink
|
ip6tables-</replaceable><replaceable>target</replaceable> as a
|
||||||
url="/manpages6/shorewall6-actions.html">shorewall6-actions(5)</ulink>.</para>
|
builtin action in <ulink
|
||||||
|
url="shorewall6-actions.html">shorewall6-actions</ulink>(5).</para>
|
||||||
|
|
||||||
|
<important>
|
||||||
|
<para>If you specify REJECT as the
|
||||||
|
<replaceable>ip6tables-target</replaceable>, the target of
|
||||||
|
the rule will be the i6ptables REJECT target and not
|
||||||
|
Shorewall's builtin 'reject' chain which is used when REJECT
|
||||||
|
(see below) is specified as the
|
||||||
|
<replaceable>target</replaceable> in the ACTION
|
||||||
|
column.</para>
|
||||||
|
</important>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user