Change 'Common Action' to 'Default Action'

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4477 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-08-29 17:36:13 +00:00
parent 671e5ac94f
commit 46a6163711
4 changed files with 39 additions and 39 deletions

View File

@ -101,31 +101,31 @@ ACCEPT - - tcp 135,139,445
<listitem> <listitem>
<para>User-defined Actions. These actions are created by end-users. <para>User-defined Actions. These actions are created by end-users.
They are listed in the file /etc/shorewall/actions and are defined in They are listed in the file /etc/shorewall/actions and are defined in
action.* files in /etc/shorewall or in another directory action.* files in /etc/shorewall or in another directory listed in
listed in your CONFIG_PATH (defined in <ulink your CONFIG_PATH (defined in <ulink
url="Documentation.htm#Conf">/etc/shorewall/shorewall.conf</ulink>).</para> url="Documentation.htm#Conf">/etc/shorewall/shorewall.conf</ulink>).</para>
</listitem> </listitem>
</orderedlist> </orderedlist>
</section> </section>
<section> <section>
<title>Common Actions</title> <title>Default Actions (Formerly Common Actions)</title>
<para>Shorewall allows the association of a <firstterm>common <para>Shorewall allows the association of a <firstterm>default
action</firstterm> with policies. A separate common action may be action</firstterm> with policies. A separate default action may be
associated with ACCEPT, DROP and REJECT policies. Common actions provide a associated with ACCEPT, DROP and REJECT policies. Default actions provide
way to invoke a set of common rules just before the policy is enforced. a way to invoke a set of common rules just before the policy is enforced.
Common actions accomplish two goals:</para> Default actions accomplish two goals:</para>
<orderedlist> <orderedlist>
<listitem> <listitem>
<para>Relieve log congestion. Common actions typically include rules <para>Relieve log congestion. Default actions typically include rules
to silently drop or reject traffic that would otherwise be logged when to silently drop or reject traffic that would otherwise be logged when
the policy is enforced.</para> the policy is enforced.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Ensure correct operation. Common actions can also avoid common <para>Ensure correct operation. Default actions can also avoid common
pitfalls like dropping connection requests on port TCP port 113. If pitfalls like dropping connection requests on port TCP port 113. If
these connections are dropped (rather than rejected) then you may these connections are dropped (rather than rejected) then you may
encounter problems connecting to internet services that utilize the encounter problems connecting to internet services that utilize the
@ -136,23 +136,23 @@ ACCEPT - - tcp 135,139,445
</listitem> </listitem>
</orderedlist> </orderedlist>
<para>Shorewall provides common actions for the REJECT and DROP policies. <para>Shorewall provides default actions for the REJECT and DROP policies.
The common action for REJECT is named <firstterm>Reject</firstterm> and The default action for REJECT is named <firstterm>Reject</firstterm> and
the common action for DROP is named <firstterm>Drop</firstterm>. These the default action for DROP is named <firstterm>Drop</firstterm>. These
associations are made through two entries in associations are made through two entries in
/usr/share/shorewall/actions.std:</para> /usr/share/shorewall/actions.std:</para>
<programlisting>Drop:DROP #Common Action for DROP policy <programlisting>Drop:DROP #Default Action for DROP policy
Reject:REJECT #Common Action for REJECT policy</programlisting> Reject:REJECT #Default Action for REJECT policy</programlisting>
<para>These may be overridden by entries in your /etc/shorewall/actions <para>These may be overridden by entries in your /etc/shorewall/actions
file.</para> file.</para>
<warning> <warning>
<para>Entries in the DROP and REJECT common actions <emphasis <para>Entries in the DROP and REJECT default actions <emphasis
role="bold">ARE NOT THE CAUSE OF CONNECTION PROBLEMS</emphasis>. role="bold">ARE NOT THE CAUSE OF CONNECTION PROBLEMS</emphasis>.
Remember — common actions are only invoked immediately before the packet Remember — default actions are only invoked immediately before the
is going to be dropped or rejected anyway!!!</para> packet is going to be dropped or rejected anyway!!!</para>
</warning> </warning>
</section> </section>
@ -180,8 +180,8 @@ Reject:REJECT #Common Action for REJECT policy</programlisting>
<para>The name of the action may be optionally followed by a colon <para>The name of the action may be optionally followed by a colon
(<quote>:</quote>) and ACCEPT, DROP or REJECT. When this is done, the (<quote>:</quote>) and ACCEPT, DROP or REJECT. When this is done, the
named action will become the <emphasis>common action </emphasis>for named action will become the <emphasis>default action </emphasis>for
policies of type ACCEPT, DROP or REJECT respectively. The common policies of type ACCEPT, DROP or REJECT respectively. The default
action is applied immediately before the policy is enforced (before action is applied immediately before the policy is enforced (before
any logging is done under that policy) and is used mainly to suppress any logging is done under that policy) and is used mainly to suppress
logging of uninteresting traffic which would otherwise clog your logs. logging of uninteresting traffic which would otherwise clog your logs.

View File

@ -64,8 +64,8 @@
<para>Beginning with Shorewall-2.0.0-Beta1, the name of the action may <para>Beginning with Shorewall-2.0.0-Beta1, the name of the action may
be optionally followed by a colon (<quote>:</quote>) and ACCEPT, DROP be optionally followed by a colon (<quote>:</quote>) and ACCEPT, DROP
or REJECT. When this is done, the named action will become the or REJECT. When this is done, the named action will become the
<emphasis>common action </emphasis>for policies of type ACCEPT, DROP <emphasis>default action </emphasis>for policies of type ACCEPT, DROP
or REJECT respectively. The common action is applied immediately or REJECT respectively. The default action is applied immediately
before the policy is enforced (before any logging is done under that before the policy is enforced (before any logging is done under that
policy) and is used mainly to suppress logging of uninteresting policy) and is used mainly to suppress logging of uninteresting
traffic which would otherwise clog your logs. The same policy name can traffic which would otherwise clog your logs. The same policy name can
@ -397,7 +397,7 @@ AllowFTP loc $FW</programlisting>
class="directory">/etc/shorewall and modify</filename> it to suit your class="directory">/etc/shorewall and modify</filename> it to suit your
needs. The next <command>shorewall restart</command> will cause your needs. The next <command>shorewall restart</command> will cause your
action to be installed in place of the standard one. In particular, if you action to be installed in place of the standard one. In particular, if you
want to modify the common actions <quote>Drop</quote> or want to modify the default actions <quote>Drop</quote> or
<quote>Reject</quote>, simply copy <filename>action.Drop</filename> or <quote>Reject</quote>, simply copy <filename>action.Drop</filename> or
<filename>Action.Reject</filename> to <filename <filename>Action.Reject</filename> to <filename
class="directory">/etc/shorewall</filename> and modify that copy as class="directory">/etc/shorewall</filename> and modify that copy as
@ -415,22 +415,22 @@ AllowFTP loc $FW</programlisting>
</section> </section>
<section id="Common"> <section id="Common">
<title>Common Actions</title> <title>Default Actions (Formerly Common Actions)</title>
<para>Also beginning with Shorewall version 2.2.0-Beta1, when an ACCEPT, <para>Also beginning with Shorewall version 2.2.0-Beta1, when an ACCEPT,
DROP or REJECT policy is about to be enforced, a <firstterm>common DROP or REJECT policy is about to be enforced, a <firstterm>default
action</firstterm> can first be invoked. In /etc/shorewall/actions.std are action</firstterm> can first be invoked. In /etc/shorewall/actions.std are
found these two entries:</para> found these two entries:</para>
<programlisting>Drop:DROP #Common Action for DROP policy <programlisting>Drop:DROP #Default Action for DROP policy
Reject:REJECT #Common Action for REJECT policy</programlisting> Reject:REJECT #Default Action for REJECT policy</programlisting>
<para>These entries designate the action named <firstterm>Drop</firstterm> <para>These entries designate the action named <firstterm>Drop</firstterm>
as the common action for DROP policies and the common action as the default action for DROP policies and the default action
<firstterm>Reject</firstterm> as the common action for REJECT <firstterm>Reject</firstterm> as the default action for REJECT
policies.</para> policies.</para>
<para>The purpose of common actions is:</para> <para>The purpose of default actions is:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
@ -448,7 +448,7 @@ Reject:REJECT #Common Action for REJECT policy</programlisting>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>It should be stressed that <emphasis role="bold">the common actions <para>It should be stressed that <emphasis role="bold">the default actions
do not cause any traffic to be dropped or rejected that isn't about to be do not cause any traffic to be dropped or rejected that isn't about to be
dropped or rejected anyway</emphasis> (remember that these actions are dropped or rejected anyway</emphasis> (remember that these actions are
invoked just before the connection request is going to be dropped or invoked just before the connection request is going to be dropped or

View File

@ -5,7 +5,7 @@
<!--$Id$--> <!--$Id$-->
<articleinfo> <articleinfo>
<title>Extension Scripts and Common Actions</title> <title>Extension Scripts and Default Actions</title>
<authorgroup> <authorgroup>
<author> <author>
@ -101,7 +101,7 @@
<listitem> <listitem>
<para>refresh -- invoked while the firewall is being refreshed but <para>refresh -- invoked while the firewall is being refreshed but
before the common and/or blacklst chains have been rebuilt.</para> before the blacklst chains have been rebuilt.</para>
</listitem> </listitem>
<listitem> <listitem>
@ -274,11 +274,11 @@
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>You can also define a <emphasis>common action</emphasis> to be <para>You can also define a <emphasis>default action</emphasis> to be
performed immediately before a policy of ACCEPT, DROP or REJECT is applied. performed immediately before a policy of ACCEPT, DROP or REJECT is applied.
Separate <ulink url="Actions.html">actions</ulink> can be assigned to each Separate <ulink url="Actions.html">actions</ulink> can be assigned to each
policy type so for example you can have a different common action for DROP policy type so for example you can have a different default action for DROP
and REJECT policies. The most common usage of common actions is to silently and REJECT policies. The most common usage of default actions is to silently
drop traffic that you don't wish to have logged by the policy.</para> drop traffic that you don't wish to have logged by the policy.</para>
<para>As released, Shorewall defines a number of actions which are cataloged <para>As released, Shorewall defines a number of actions which are cataloged
@ -297,7 +297,7 @@ Reject:REJECT</programlisting>
<para>You can override these defaults with entries in your <para>You can override these defaults with entries in your
/etc/shorewall/actions file. For example, if that file were to contain /etc/shorewall/actions file. For example, if that file were to contain
<quote>MyDrop:DROP</quote> then the common action for DROP policies would <quote>MyDrop:DROP</quote> then the default action for DROP policies would
become <quote>MyDrop</quote>.</para> become <quote>MyDrop</quote>.</para>
<para>One final note. The chain created to perform an action has the same <para>One final note. The chain created to perform an action has the same

View File

@ -258,7 +258,7 @@ dmz ipv4</programlisting>
If no rule in that file matches the connection request then the first If no rule in that file matches the connection request then the first
policy in <filename>/etc/shorewall/policy</filename> that matches the policy in <filename>/etc/shorewall/policy</filename> that matches the
request is applied after the request is passed to the appropriate <ulink request is applied after the request is passed to the appropriate <ulink
url="Actions.html">common action</ulink> (if any).</para> url="Actions.html">default action</ulink> (if any).</para>
<para>Prior to Shorewall 2.2.0, the default <para>Prior to Shorewall 2.2.0, the default
<filename>/etc/shorewall/policy</filename> file had the following <filename>/etc/shorewall/policy</filename> file had the following
@ -947,7 +947,7 @@ loc eth2 detect</programlisting>
netmask 255.255.255.248.</para> netmask 255.255.255.248.</para>
</example> </example>
<para> /sbin/shorewall supports an ipcalc command that automatically <para>/sbin/shorewall supports an ipcalc command that automatically
calculates information about a [sub]network.</para> calculates information about a [sub]network.</para>
<example> <example>