extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-23 22:18:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

More INLINE_MATCHES changes

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>

# Conflicts:
#	Shorewall/manpages/shorewall-mangle.xml
#	Shorewall/manpages/shorewall-rules.xml
This commit is contained in:
Tom Eastep 2018-02-10 10:38:45 -08:00
parent 7ad7598d5b
commit 4a714b3ab9
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
3 changed files with 55 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
Shorewall/manpages/shorewall-conntrack.xml
View File

@ -84,7 +84,7 @@
role="bold">CT</emphasis>:<emphasis
role="bold">helper</emphasis>:<replaceable>name</replaceable>[(<replaceable>arg</replaceable>=<replaceable>val</replaceable>[,...])|<emphasis
role="bold">CT:ctevents:<replaceable>event</replaceable>[,...]|CT:expevents:new</emphasis><emphasis
role="bold">|CT:notrack</emphasis>|DROP|LOG|ULOG(<replaceable>ulog-parameters</replaceable>):NFLOG(<replaceable>nflog-parameters</replaceable>)|IPTABLES(<replaceable>target</replaceable>)}[<replaceable>log-level</replaceable>[:<replaceable>log-tag</replaceable>]][:<replaceable>chain-designator</replaceable>]</term>
role="bold">|CT:notrack</emphasis>|DROP|LOG|ULOG(<replaceable>ulog-parameters</replaceable>):NFLOG(<replaceable>nflog-parameters</replaceable>)|IP[6]TABLES(<replaceable>target</replaceable>)}[<replaceable>log-level</replaceable>[:<replaceable>log-tag</replaceable>]][:<replaceable>chain-designator</replaceable>]</term>
<listitem>
<para>This column is only present when FORMAT &gt;= 2. Values other
@ -272,9 +272,32 @@
will also be logged at that level.</para>
</listitem>
<listitem>
<para><option>IP6TABLES</option>(<replaceable>target</replaceable>)</para>
<para>IPv6 only.</para>
<para>Added in Shorewall 4.6.0. Allows you to specify any
iptables <replaceable>target</replaceable> with target options
(e.g., "IP6TABLES(AUDIT --type drop)"). If the target is not one
recognized by Shorewall, the following error message will be
issued:</para>
<simplelist>
<member>ERROR: Unknown target
(<replaceable>target</replaceable>)</member>
</simplelist>
<para>This error message may be eliminated by adding
<replaceable>target</replaceable> as a builtin action in <ulink
url="/manpages/shorewall-actions.html">shorewall-actions</ulink>(5).</para>
</listitem>
<listitem>
<para><option>IPTABLES</option>(<replaceable>target</replaceable>)</para>
<para>IPv4 only.</para>
<para>Added in Shorewall 4.6.0. Allows you to specify any
iptables <replaceable>target</replaceable> with target options
(e.g., "IPTABLES(AUDIT --type drop)"). If the target is not one

33
Shorewall/manpages/shorewall-mangle.xml
View File

@ -396,12 +396,6 @@ INLINE(MARK(2)):P eth0 - ;; -p tcp
INLINE eth0 - tcp 22 ;; -j MARK --set-mark 2
INLINE eth0 - ;; -p tcp -j MARK --set-mark 2
</programlisting>
<para>If INLINE_MATCHES=Yes in <ulink
url="/manpages/shorewall.conf.html">shorewall6.conf(5)</ulink>
then the third rule above can be specified as follows:</para>
<programlisting>MARK(2):P eth0 - ;; -p tcp</programlisting>
</listitem>
</varlistentry>
@ -513,12 +507,39 @@ INLINE eth0 - ;; -p tcp -j MARK --se
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis
role="bold">IP6TABLES({<replaceable>target</replaceable>
[<replaceable>option</replaceable> ...])</emphasis></term>
<listitem>
<para>IPv6 only.</para>
<para>This action allows you to specify an iptables target
with options (e.g., 'IP6TABLES(MARK --set-xmark 0x01/0xff)'.
If the target is not one recognized by Shorewall, the
following error message will be issued:</para>
<simplelist>
<member>ERROR: Unknown target
(<replaceable>target</replaceable>)</member>
</simplelist>
<para>This error message may be eliminated by adding the
<replaceable>target</replaceable> as a builtin action in
<ulink
url="/manpages/shorewall-actions.html">shorewall-actions(5)</ulink>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis
role="bold">IPTABLES({<replaceable>target</replaceable>
[<replaceable>option</replaceable> ...])</emphasis></term>
<listitem>
<para>IPv4 only.</para>
<para>This action allows you to specify an iptables target
with options (e.g., 'IPTABLES(MARK --set-xmark 0x01/0xff)'. If
the target is not one recognized by Shorewall, the following

8
Shorewall/manpages/shorewall-rules.xml
View File

@ -461,13 +461,13 @@
<listitem>
<para>Added in Shorewall 4.5.16. This action allows you to
construct most of the rule yourself using iptables syntax. The
part that you specify must follow a semicolon (';')
(deprecated) or two semicolons(';;') (preferred) and is
part that you specify must follow two semicolons (';;')
and is
completely free-form. If the target of the rule (the part
following 'j') is something that Shorewall supports in the
ACTION column, then you may enclose it in parentheses (e.g.,
INLINE(ACCEPT)). Otherwise, you can include it after the
semicolon. In this case, you must declare the target as a
semicolon(s). In this case, you must declare the target as a
builtin action in <ulink
url="/manpages/shorewall-actions.html">shorewall-actions</ulink>(5).</para>
@ -490,7 +490,7 @@
necessarily be at the end of the generated rule. For
example, if addresses are specified in the SOURCE and/or
DEST columns, their generated matches will appear after
those specified using ';;' (or ';').</para>
those specified using ';;' or ';'.</para>
</listitem>
</itemizedlist>
</listitem>