extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-22 07:33:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Change 'Common Action' to 'Default Action'

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4477 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-08-29 17:36:13 +00:00
parent 671e5ac94f
commit 46a6163711
4 changed files with 39 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
docs/Actions.xml
View File

@ -101,31 +101,31 @@ ACCEPT - - tcp 135,139,445
<listitem>
<para>User-defined Actions. These actions are created by end-users.
They are listed in the file /etc/shorewall/actions and are defined in
action.* files in /etc/shorewall or in another directory
listed in your CONFIG_PATH (defined in <ulink
action.* files in /etc/shorewall or in another directory listed in
your CONFIG_PATH (defined in <ulink
url="Documentation.htm#Conf">/etc/shorewall/shorewall.conf</ulink>).</para>
</listitem>
</orderedlist>
</section>
<section>
<title>Common Actions</title>
<title>Default Actions (Formerly Common Actions)</title>
<para>Shorewall allows the association of a <firstterm>common
action</firstterm> with policies. A separate common action may be
associated with ACCEPT, DROP and REJECT policies. Common actions provide a
way to invoke a set of common rules just before the policy is enforced.
Common actions accomplish two goals:</para>
<para>Shorewall allows the association of a <firstterm>default
action</firstterm> with policies. A separate default action may be
associated with ACCEPT, DROP and REJECT policies. Default actions provide
a way to invoke a set of common rules just before the policy is enforced.
Default actions accomplish two goals:</para>
<orderedlist>
<listitem>
<para>Relieve log congestion. Common actions typically include rules
<para>Relieve log congestion. Default actions typically include rules
to silently drop or reject traffic that would otherwise be logged when
the policy is enforced.</para>
</listitem>
<listitem>
<para>Ensure correct operation. Common actions can also avoid common
<para>Ensure correct operation. Default actions can also avoid common
pitfalls like dropping connection requests on port TCP port 113. If
these connections are dropped (rather than rejected) then you may
encounter problems connecting to internet services that utilize the
@ -136,23 +136,23 @@ ACCEPT - - tcp 135,139,445
</listitem>
</orderedlist>
<para>Shorewall provides common actions for the REJECT and DROP policies.
The common action for REJECT is named <firstterm>Reject</firstterm> and
the common action for DROP is named <firstterm>Drop</firstterm>. These
<para>Shorewall provides default actions for the REJECT and DROP policies.
The default action for REJECT is named <firstterm>Reject</firstterm> and
the default action for DROP is named <firstterm>Drop</firstterm>. These
associations are made through two entries in
/usr/share/shorewall/actions.std:</para>
<programlisting>Drop:DROP #Common Action for DROP policy
Reject:REJECT #Common Action for REJECT policy</programlisting>
<programlisting>Drop:DROP #Default Action for DROP policy
Reject:REJECT #Default Action for REJECT policy</programlisting>
<para>These may be overridden by entries in your /etc/shorewall/actions
file.</para>
<warning>
<para>Entries in the DROP and REJECT common actions <emphasis
<para>Entries in the DROP and REJECT default actions <emphasis
role="bold">ARE NOT THE CAUSE OF CONNECTION PROBLEMS</emphasis>.
Remember — common actions are only invoked immediately before the packet
is going to be dropped or rejected anyway!!!</para>
Remember — default actions are only invoked immediately before the
packet is going to be dropped or rejected anyway!!!</para>
</warning>
</section>
@ -180,8 +180,8 @@ Reject:REJECT #Common Action for REJECT policy</programlisting>
<para>The name of the action may be optionally followed by a colon
(<quote>:</quote>) and ACCEPT, DROP or REJECT. When this is done, the
named action will become the <emphasis>common action </emphasis>for
policies of type ACCEPT, DROP or REJECT respectively. The common
named action will become the <emphasis>default action </emphasis>for
policies of type ACCEPT, DROP or REJECT respectively. The default
action is applied immediately before the policy is enforced (before
any logging is done under that policy) and is used mainly to suppress
logging of uninteresting traffic which would otherwise clog your logs.

22
docs/User_defined_Actions.xml
View File

@ -64,8 +64,8 @@
<para>Beginning with Shorewall-2.0.0-Beta1, the name of the action may
be optionally followed by a colon (<quote>:</quote>) and ACCEPT, DROP
or REJECT. When this is done, the named action will become the
<emphasis>common action </emphasis>for policies of type ACCEPT, DROP
or REJECT respectively. The common action is applied immediately
<emphasis>default action </emphasis>for policies of type ACCEPT, DROP
or REJECT respectively. The default action is applied immediately
before the policy is enforced (before any logging is done under that
policy) and is used mainly to suppress logging of uninteresting
traffic which would otherwise clog your logs. The same policy name can
@ -397,7 +397,7 @@ AllowFTP loc $FW</programlisting>
class="directory">/etc/shorewall and modify</filename> it to suit your
needs. The next <command>shorewall restart</command> will cause your
action to be installed in place of the standard one. In particular, if you
want to modify the common actions <quote>Drop</quote> or
want to modify the default actions <quote>Drop</quote> or
<quote>Reject</quote>, simply copy <filename>action.Drop</filename> or
<filename>Action.Reject</filename> to <filename
class="directory">/etc/shorewall</filename> and modify that copy as
@ -415,22 +415,22 @@ AllowFTP loc $FW</programlisting>
</section>
<section id="Common">
<title>Common Actions</title>
<title>Default Actions (Formerly Common Actions)</title>
<para>Also beginning with Shorewall version 2.2.0-Beta1, when an ACCEPT,
DROP or REJECT policy is about to be enforced, a <firstterm>common
DROP or REJECT policy is about to be enforced, a <firstterm>default
action</firstterm> can first be invoked. In /etc/shorewall/actions.std are
found these two entries:</para>
<programlisting>Drop:DROP #Common Action for DROP policy
Reject:REJECT #Common Action for REJECT policy</programlisting>
<programlisting>Drop:DROP #Default Action for DROP policy
Reject:REJECT #Default Action for REJECT policy</programlisting>
<para>These entries designate the action named <firstterm>Drop</firstterm>
as the common action for DROP policies and the common action
<firstterm>Reject</firstterm> as the common action for REJECT
as the default action for DROP policies and the default action
<firstterm>Reject</firstterm> as the default action for REJECT
policies.</para>
<para>The purpose of common actions is:</para>
<para>The purpose of default actions is:</para>
<itemizedlist>
<listitem>
@ -448,7 +448,7 @@ Reject:REJECT #Common Action for REJECT policy</programlisting>
</listitem>
</itemizedlist>
<para>It should be stressed that <emphasis role="bold">the common actions
<para>It should be stressed that <emphasis role="bold">the default actions
do not cause any traffic to be dropped or rejected that isn't about to be
dropped or rejected anyway</emphasis> (remember that these actions are
invoked just before the connection request is going to be dropped or

12
docs/shorewall_extension_scripts.xml
View File

@ -5,7 +5,7 @@
<!--$Id$-->
<articleinfo>
<title>Extension Scripts and Common Actions</title>
<title>Extension Scripts and Default Actions</title>
<authorgroup>
<author>
@ -101,7 +101,7 @@
<listitem>
<para>refresh -- invoked while the firewall is being refreshed but
before the common and/or blacklst chains have been rebuilt.</para>
before the blacklst chains have been rebuilt.</para>
</listitem>
<listitem>
@ -274,11 +274,11 @@
</listitem>
</itemizedlist>
<para>You can also define a <emphasis>common action</emphasis> to be
<para>You can also define a <emphasis>default action</emphasis> to be
performed immediately before a policy of ACCEPT, DROP or REJECT is applied.
Separate <ulink url="Actions.html">actions</ulink> can be assigned to each
policy type so for example you can have a different common action for DROP
and REJECT policies. The most common usage of common actions is to silently
policy type so for example you can have a different default action for DROP
and REJECT policies. The most common usage of default actions is to silently
drop traffic that you don't wish to have logged by the policy.</para>
<para>As released, Shorewall defines a number of actions which are cataloged
@ -297,7 +297,7 @@ Reject:REJECT</programlisting>
<para>You can override these defaults with entries in your
/etc/shorewall/actions file. For example, if that file were to contain
<quote>MyDrop:DROP</quote> then the common action for DROP policies would
<quote>MyDrop:DROP</quote> then the default action for DROP policies would
become <quote>MyDrop</quote>.</para>
<para>One final note. The chain created to perform an action has the same

2
docs/shorewall_setup_guide.xml
View File

@ -258,7 +258,7 @@ dmz ipv4</programlisting>
If no rule in that file matches the connection request then the first
policy in <filename>/etc/shorewall/policy</filename> that matches the
request is applied after the request is passed to the appropriate <ulink
url="Actions.html">common action</ulink> (if any).</para>
url="Actions.html">default action</ulink> (if any).</para>
<para>Prior to Shorewall 2.2.0, the default
<filename>/etc/shorewall/policy</filename> file had the following