From 51590da0b8204517442f518b72625da3e1ad4633 Mon Sep 17 00:00:00 2001 From: teastep Date: Sun, 20 May 2007 17:21:59 +0000 Subject: [PATCH] More 4.0 documentation updates git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6425 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/Actions.xml | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/docs/Actions.xml b/docs/Actions.xml index 763450859..e3d354b20 100644 --- a/docs/Actions.xml +++ b/docs/Actions.xml @@ -35,8 +35,8 @@ - This article applies to Shorewall 3.0 and later. If you are running - a version of Shorewall earlier than Shorewall 3.0.0 then please see the + This article applies to Shorewall 4.0 and later. If you are running + a version of Shorewall earlier than Shorewall 4.0.0 then please see the documentation for that release. @@ -537,7 +537,8 @@ acton:info:test $FW net There may be cases where you wish to create a chain with rules that can't be constructed using the tools defined in the action.template. In - that case, you can use an extension script. + that case, you can use an extension script. If you actually need an action to drop broadcast packets, use the dropBcast standard action rather than create one like this. @@ -548,9 +549,16 @@ acton:info:test $FW net /etc/shorewall/actionsDropBcasts - /etc/shorewall/action.DropBcasts# This file is empty + /etc/shorewall/action.DropBcasts# This file is emptyWhen + using Shorewall-shell: - /etc/shorewall/DropBcastsrun_iptables -A DropBcasts -m pkttype --pkttype broadcast -j DROP +
+ /etc/shorewall/DropBcastsrun_iptables -A DropBcasts -m pkttype --pkttype broadcast -j DROP +
When using Shorewall-Perl:
+ /etc/shorewall/DropBcastsuse Shorewall::Chains; + +add_rule( $chainref, '-m pkttype --pkttype broadcast -j DROP' ); +
For a richer example, see this