extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-25 04:01:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Get release notes changes for filter->sfilter

Browse Source
This commit is contained in:
Tom Eastep 2011-05-27 19:43:13 -07:00
parent bac640e731
commit 5082b0701a
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Shorewall/releasenotes.txt
View File

@ -36,28 +36,28 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
specified. The rule will dispose of hairpins according to the specified. The rule will dispose of hairpins according to the
setting of two new options in shorewall.conf and shorewall6.conf: setting of two new options in shorewall.conf and shorewall6.conf:
FILTER_LOG_LEVEL SFILTER_LOG_LEVEL
Specifies the logging level; default is 'info'. To omit Specifies the logging level; default is 'info'. To omit
logging, specify FILTER_LOG_LEVEL=none. logging, specify FILTER_LOG_LEVEL=none.
FILTER_DISPOSITION SFILTER_DISPOSITION
Specifies the disposition. Default is DROP and the possible Specifies the disposition. Default is DROP and the possible
values are DROP, A_DROP, REJECT and A_REJECT. values are DROP, A_DROP, REJECT and A_REJECT.
To deal with bridges and other routeback interfaces , there is now To deal with bridges and other routeback interfaces , there is now
a 'filter' option in /shorewall/interfaces and an 'sfilter' option in /shorewall/interfaces and
/etc/shorewall6/interfaces. /etc/shorewall6/interfaces.
The value of the 'filter' option is a list of network addresses The value of the 'sfilter' option is a list of network addresses
enclosed in in parentheses. Where only a single address is listed, enclosed in in parentheses. Where only a single address is listed,
the parentheses may be omitted. When a packet from a filtered the parentheses may be omitted. When a packet from a
address is received on the interface, it is disposed of based on source-filtered address is received on the interface, it is
the new FILTER_ options described above. disposed of based on the new SFILTER_ options described above.
For a bridge or other routeback interface, you should list all of For a bridge or other routeback interface, you should list all of
your other local networks (those networks not attached to the your other local networks (those networks not attached to the
bridge) in the bridge's filter list. bridge) in the bridge's sfilter list.
Example: Example:
@ -68,7 +68,7 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
In /etc/shorewall6/interfaces, I have: In /etc/shorewall6/interfaces, I have:
#ZONE INTERFACE BROADCAST OPTIONS #ZONE INTERFACE BROADCAST OPTIONS
loc br1 - filter=2001:470:b:227::40/124 loc br1 - sfilter=2001:470:b:227::40/124
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
I I. K N O W N P R O B L E M S R E M A I N I N G I I. K N O W N P R O B L E M S R E M A I N I N G