extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-25 09:03:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add emphasis in some examples; correct a typo.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-04-07 07:38:38 -07:00
parent 7204220991
commit 55cd81747d
1 changed files with 22 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
docs/configuration_file_basics.xml
View File

@ -2000,7 +2000,7 @@ redirect =&gt; 137</programlisting>
192.168.1.3, the entry in /etc/shorewall/rules is:</para> 192.168.1.3, the entry in /etc/shorewall/rules is:</para>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORTS(S) <programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORTS(S)
DNAT net loc:192.168.1.3 tcp 4000:4100</programlisting> DNAT net loc:192.168.1.3 tcp <emphasis role="bold">4000:4100</emphasis></programlisting>
<para>If you omit the low port number, a value of zero is assumed; if you <para>If you omit the low port number, a value of zero is assumed; if you
omit the high port number, a value of 65535 is assumed.</para> omit the high port number, a value of 65535 is assumed.</para>
@ -2136,9 +2136,9 @@ DNAT net loc:192.168.1.3 tcp 4000:4100</programlisting>
Support requires that you install xtables-addons.</para> Support requires that you install xtables-addons.</para>
<para>The SWITCH column contains the name of a <para>The SWITCH column contains the name of a
<firstterm>switch.</firstterm> Each switch that is initially in the <firstterm>switch.</firstterm> Each switch is initially in the <emphasis
<emphasis role="bold">off</emphasis> position. You can turn on the switch role="bold">off</emphasis> position. You can turn on the switch named
named <emphasis>switch1</emphasis> by:</para> <emphasis>switch1</emphasis> by:</para>
<simplelist> <simplelist>
<member><command>echo 1 &gt; <member><command>echo 1 &gt;
@ -2182,7 +2182,8 @@ DNAT net loc:192.168.1.3 tcp 4000:4100</programlisting>
<programlisting>#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH <programlisting>#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
# PORT(S) PORT(S) DEST LIMIT GROUP # PORT(S) PORT(S) DEST LIMIT GROUP
DNAT net dmz:$BACKUP tcp 80 - - - - - - - - primary_down </programlisting> DNAT net dmz:$BACKUP tcp 80 - - - - - - - - <emphasis
role="bold">primary_down</emphasis> </programlisting>
</blockquote> </blockquote>
</section> </section>
@ -2212,11 +2213,16 @@ DNAT net dmz:$BACKUP tcp 80 - -
<para>Here is an example:</para> <para>Here is an example:</para>
<programlisting>#ZONE INTERFACE BROADCAST OPTIONS <programlisting>#ZONE INTERFACE BROADCAST OPTIONS
net COM_IF detect dhcp,blacklist,tcpflags,optional,upnp,routefilter=0,nosmurfs,logmartians=0,physical=eth0 net <emphasis role="bold">COM_IF </emphasis> detect dhcp,blacklist,tcpflags,optional,upnp,routefilter=0,nosmurfs,logmartians=0,<emphasis
net EXT_IF detect dhcp,blacklist,tcpflags,optional,routefilter=0,nosmurfs,logmartians=0,proxyarp=1,physical=eth2 role="bold">physical=eth0</emphasis>
loc INT_IF detect dhcp,logmartians=1,routefilter=1,tcpflags,nets=172.20.1.0/24,physical=eth1 net <emphasis role="bold">EXT_IF</emphasis> detect dhcp,blacklist,tcpflags,optional,routefilter=0,nosmurfs,logmartians=0,proxyarp=1,<emphasis
dmz VPS_IF detect logmartians=1,routefilter=0,routeback,physical=venet0 role="bold">physical=eth2</emphasis>
loc TUN_IF detect physical=tun+</programlisting> loc <emphasis role="bold">INT_IF </emphasis> detect dhcp,logmartians=1,routefilter=1,tcpflags,nets=172.20.1.0/24,<emphasis
role="bold">physical=eth1</emphasis>
dmz <emphasis role="bold">VPS_IF </emphasis> detect logmartians=1,routefilter=0,routeback,<emphasis
role="bold">physical=venet0</emphasis>
loc <emphasis role="bold">TUN_IF</emphasis> detect <emphasis
role="bold">physical=tun+</emphasis></programlisting>
<para>In this example, COM_IF is a logical interface name that refers to <para>In this example, COM_IF is a logical interface name that refers to
Ethernet interface <filename class="devicefile">eth0</filename>, EXT_IF is Ethernet interface <filename class="devicefile">eth0</filename>, EXT_IF is
@ -2231,16 +2237,18 @@ loc TUN_IF detect physical=tun+</programlisting>
<programlisting>#INTERFACE SOURCE ADDRESS <programlisting>#INTERFACE SOURCE ADDRESS
COMMENT Masquerade Local Network COMMENT Masquerade Local Network
COM_IF 0.0.0.0/0 <emphasis role="bold">COM_IF</emphasis> 0.0.0.0/0
EXT_IF !206.124.146.0/24 206.124.146.179:persistent</programlisting> <emphasis role="bold">EXT_IF </emphasis> !206.124.146.0/24 206.124.146.179:persistent</programlisting>
<para><ulink <para><ulink
url="manpages/shorewall-providers.html">shorewall-providers</ulink> url="manpages/shorewall-providers.html">shorewall-providers</ulink>
(5)</para> (5)</para>
<programlisting>#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY <programlisting>#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
Avvanta 1 0x10000 main EXT_IF 206.124.146.254 loose,fallback INT_IF,VPS_IF,TUN_IF Avvanta 1 0x10000 main <emphasis role="bold">EXT_IF </emphasis> 206.124.146.254 loose,fallback <emphasis
Comcast 2 0x20000 main COM_IF detect balance INT_IF,VPS_IF,TUN_IF</programlisting> role="bold">INT_IF,VPS_IF,TUN_IF</emphasis>
Comcast 2 0x20000 main <emphasis role="bold">COM_IF</emphasis> detect balance <emphasis
role="bold">INT_IF,VPS_IF,TUN_IF</emphasis></programlisting>
<para>Note in particular that Shorewall translates TUN_IF to <filename <para>Note in particular that Shorewall translates TUN_IF to <filename
class="devicefile">tun*</filename> in the COPY column.</para> class="devicefile">tun*</filename> in the COPY column.</para>