Attempt to clarify LOGALLNEW

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7597 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-01-22 13:39:06 +01:00 · 2007-10-30 20:37:47 +00:00 · 2007-10-30 20:37:47 +00:00 · 4c8b80b0d4
commit 4c8b80b0d4
parent 29027aecdb
2 changed files with 12 additions and 8 deletions
--- a/manpages/shorewall-rules.xml
+++ b/manpages/shorewall-rules.xml
@ -723,7 +723,10 @@
            a service name. Additionally, Shorewall-perl 4.0.5 and later
            permit specifying a port range in the form
            <emphasis>lowport-highport</emphasis> to cause connections to be
-            assigned to ports in the range in round-robin fashion.</para>
+            assigned to ports in the range in round-robin fashion. In that
+            case, <emphasis>lowport</emphasis> and
+            <emphasis>highport</emphasis> must be given as integers; service
+            names are not permitted.</para>

            <para>If the <emphasis role="bold">ACTION</emphasis> is <emphasis
            role="bold">REDIRECT</emphasis> or <emphasis
--- a/manpages/shorewall.conf.xml
+++ b/manpages/shorewall.conf.xml
@ -729,9 +729,9 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
        role="bold">LOGALLNEW=</emphasis>[<emphasis>log-level</emphasis>]</term>

        <listitem>
-          <para>When set to a log level, this option causes Shorewall to
-          generate a logging rule as the first rule in each builtin
-          chain.</para>
+          <para>This option is intended for use as a debugging aid. When set
+          to a log level, this option causes Shorewall to generate a logging
+          rule as the first rule in each builtin chain.</para>

          <itemizedlist>
            <listitem>
@ -755,10 +755,11 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
 </programlisting>

            <important>
-              <para>There is no rate limiting on these logging rules so use
-              LOGALLNEW at your own risk; it may cause high CPU and disk
-              utilization and you may not be able to control your firewall
-              after you enable this option.</para>
+              <para>To help insure that all packets in the NEW state are
+              logged, rate limiting (LOGBURST and LOGLIMIT) should be disabled
+              when using LOGALLNEW. Use LOGALLNEW at your own risk; it may
+              cause high CPU and disk utilization and you may not be able to
+              control your firewall after you enable this option.</para>
            </important>

            <para></para>