extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-14 19:54:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add note about wild-card interfaces and /proc entries

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5975 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-04-17 17:06:49 +00:00
parent 0f7b542dc6
commit 57c9efe389
1 changed files with 39 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
manpages/shorewall-interfaces.xml
View File

@ -154,8 +154,15 @@ loc eth2 -</programlisting>
<listitem>
<para>Turn on kernel route filtering for this interface
(anti-spoofing measure). This option can also be enabled
globally in the <ulink
(anti-spoofing measure).</para>
<note>
<para>This option does not work with a wild-card
<replaceable>interface</replaceable> name (e.g., eth0.+) in
the INTERFACE column.</para>
</note>
<para>This option can also be enabled globally in the <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5)
file.</para>
</listitem>
@ -186,6 +193,12 @@ loc eth2 -</programlisting>
1
teastep@lists:~$ </programlisting>
<note>
<para>This option does not work with a wild-card
<replaceable>interface</replaceable> name (e.g., eth0.+) in
the INTERFACE column.</para>
</note>
<para>This option may also be enabled globally in the <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5)
file.</para>
@ -238,7 +251,11 @@ loc eth2 -</programlisting>
url="shorewall-proxyarp.html">shorewall-proxyarp</ulink>(5).
This option is intended solely for use with Proxy ARP
sub-networking as described at: <ulink
url="http://tldp.org/HOWTO/Proxy-ARP-Subnet/index.html">http://tldp.org/HOWTO/Proxy-ARP-Subnet/index.html</ulink></para>
url="http://tldp.org/HOWTO/Proxy-ARP-Subnet/index.html">http://tldp.org/HOWTO/Proxy-ARP-Subnet/index.html</ulink><note>
<para>This option does not work with a wild-card
<replaceable>interface</replaceable> name (e.g., eth0.+)
in the INTERFACE column.</para>
</note></para>
</listitem>
</varlistentry>
@ -264,6 +281,12 @@ loc eth2 -</programlisting>
If not specified, the interface can respond to ARP who-has
requests for IP addresses on any of the firewall's interface.
The interface must be up when Shorewall is started.</para>
<note>
<para>This option does not work with a wild-card
<replaceable>interface</replaceable> name (e.g., eth0.+) in
the INTERFACE column.</para>
</note>
</listitem>
</varlistentry>
@ -290,6 +313,12 @@ loc eth2 -</programlisting>
<para>8 - do not reply for all local addresses</para>
<note>
<para>This option does not work with a wild-card
<replaceable>interface</replaceable> name (e.g., eth0.+) in
the INTERFACE column.</para>
</note>
<warning>
<para>Do not specify <emphasis
role="bold">arp_ignore</emphasis> for any interface involved
@ -339,6 +368,12 @@ loc eth2 -</programlisting>
to 1). Only set this option if you know what you are doing.
This might represent a security risk and is not usually
needed.</para>
<note>
<para>This option does not work with a wild-card
<replaceable>interface</replaceable> name (e.g., eth0.+) in
the INTERFACE column.</para>
</note>
</listitem>
</varlistentry>
@ -429,4 +464,4 @@ net ppp0 -</programlisting>
shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</para>
</refsect1>
</refentry>
</refentry>