Update Config file basics doc for 3.0

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2608 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-25 09:03:30 +01:00 · 2005-08-31 18:58:40 +00:00 · 2005-08-31 18:58:40 +00:00 · 4a9a0467f7
commit 4a9a0467f7
parent 7ca53ce6b8
1 changed files with 40 additions and 11 deletions
--- a/Shorewall-docs2/configuration_file_basics.xml
+++ b/Shorewall-docs2/configuration_file_basics.xml
@ -34,6 +34,13 @@
    </legalnotice>
  </articleinfo>

+  <caution>
+    <para><emphasis role="bold">This article applies to Shorewall 3.0 and
+    later. If you are running a version of Shorewall earlier than Shorewall
+    3.0.0 then please see the documentation for that
+    release.</emphasis></para>
+  </caution>
+
  <caution>
    <para>If you copy or edit your configuration files on a system running
    Microsoft Windows, you must run them through <ulink
@ -167,20 +174,12 @@

        <listitem>
          <para><filename>/etc/shorewall/actions</filename> and
-          <filename>/usr/share/shorewall/action.template</filename> - define
-          your own actions for rules in /etc/shorewall/rules (Shorewall 1.4.9
-          and later).</para>
+          <filename>/usr/share/shorewall/action.template</filename>.</para>
        </listitem>

        <listitem>
          <para><filename>/etc/shorewall/providers</filename> - defines an
-          alternate routing table.(Shorewall 2.3.2 and later).</para>
-        </listitem>
-
-        <listitem>
-          <para><filename>/etc/shorewall/routes</filename> - see <ulink
-          url="Shorewall_and_Routing.html#RouteTarget">here</ulink> (Shorewall
-          2.3.2 and later,experimental)</para>
+          alternate routing table.</para>
        </listitem>

        <listitem>
@ -189,10 +188,15 @@
        </listitem>

        <listitem>
-          <para><filename>/usr/share/shorewall/actions.*</filename> - Details
+          <para><filename>/usr/share/shorewall/action.*</filename> - Details
          of actions defined by Shorewall.</para>
        </listitem>

+        <listitem>
+          <para><filename>/usr/share/shorewall/macro.*</filename> - Details of
+          macros defined by Shorewall.</para>
+        </listitem>
+
        <listitem>
          <para><filename>/usr/share/rfc1918</filename> — Defines the behavior
          of the 'norfc1918' interface option in
@ -450,6 +454,31 @@ smtp,www,pop3,imap  #Services running on the firewall</programlisting>
    </itemizedlist>
  </section>

+  <section id="Exclusion">
+    <title>Exclusion Lists</title>
+
+    <para>Shorewall 3.0 differs from earlier versions in that in most contexts
+    where a comma-separated list of addresses is accepted, an
+    <firstterm>exclusion list</firstterm> may also be included. An exclusion
+    list is a comma-separated list of addresses that begins with "!".</para>
+
+    <para>Example:</para>
+
+    <programlisting>!192.168.1.3,192.168.1.12,192.168.1.32/27</programlisting>
+
+    <para>The above list refers to "All addresses except 192.168.1.3,
+    192.168.1.12 and 192.168.1.32-192.168.1.63.</para>
+
+    <para>Exclusion lists can also be added after a network address.</para>
+
+    <para>Example:</para>
+
+    <programlisting>192.168.1.0/24!192.168.1.3,192.168.1.12,192.168.1.32/27</programlisting>
+
+    <para>The above list refers to "All addresses in 192.168.1.0-192.168.1.255
+    except 192.168.1.3, 192.168.1.12 and 192.168.1.32-192.168.1.63.</para>
+  </section>
+
  <section id="IPRanges">
    <title>IP Address Ranges</title>