diff --git a/Shorewall-docs2/configuration_file_basics.xml b/Shorewall-docs2/configuration_file_basics.xml index 86b07dd5e..c21236e13 100644 --- a/Shorewall-docs2/configuration_file_basics.xml +++ b/Shorewall-docs2/configuration_file_basics.xml @@ -34,6 +34,13 @@ + + This article applies to Shorewall 3.0 and + later. If you are running a version of Shorewall earlier than Shorewall + 3.0.0 then please see the documentation for that + release. + + If you copy or edit your configuration files on a system running Microsoft Windows, you must run them through /etc/shorewall/actions and - /usr/share/shorewall/action.template - define - your own actions for rules in /etc/shorewall/rules (Shorewall 1.4.9 - and later). + /usr/share/shorewall/action.template. /etc/shorewall/providers - defines an - alternate routing table.(Shorewall 2.3.2 and later). - - - - /etc/shorewall/routes - see here (Shorewall - 2.3.2 and later,experimental) + alternate routing table. @@ -189,10 +188,15 @@ - /usr/share/shorewall/actions.* - Details + /usr/share/shorewall/action.* - Details of actions defined by Shorewall. + + /usr/share/shorewall/macro.* - Details of + macros defined by Shorewall. + + /usr/share/rfc1918 — Defines the behavior of the 'norfc1918' interface option in @@ -450,6 +454,31 @@ smtp,www,pop3,imap #Services running on the firewall +
+ Exclusion Lists + + Shorewall 3.0 differs from earlier versions in that in most contexts + where a comma-separated list of addresses is accepted, an + exclusion list may also be included. An exclusion + list is a comma-separated list of addresses that begins with "!". + + Example: + + !192.168.1.3,192.168.1.12,192.168.1.32/27 + + The above list refers to "All addresses except 192.168.1.3, + 192.168.1.12 and 192.168.1.32-192.168.1.63. + + Exclusion lists can also be added after a network address. + + Example: + + 192.168.1.0/24!192.168.1.3,192.168.1.12,192.168.1.32/27 + + The above list refers to "All addresses in 192.168.1.0-192.168.1.255 + except 192.168.1.3, 192.168.1.12 and 192.168.1.32-192.168.1.63. +
+
IP Address Ranges