mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 14:20:40 +01:00
Change 'Inline' to 'Embedded'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7573 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
bc4222c41b
commit
6cb1b35a33
@ -45,13 +45,13 @@
|
|||||||
<para>Manual chains work in conjunction with the
|
<para>Manual chains work in conjunction with the
|
||||||
<firstterm>compile</firstterm> <ulink
|
<firstterm>compile</firstterm> <ulink
|
||||||
url="shorewall_extension_scripts.htm">extension script</ulink> and <ulink
|
url="shorewall_extension_scripts.htm">extension script</ulink> and <ulink
|
||||||
url="configuration_file_basics.html%23Inline">Inline PERL scripts</ulink>.
|
url="configuration_file_basics.html#Embedded">Embedded PERL
|
||||||
The general idea is like this:</para>
|
scripts</ulink>. The general idea is like this:</para>
|
||||||
|
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>In the compile extension script, you define functions that you
|
<para>In the compile extension script, you define functions that you
|
||||||
can call later using Inline PERL. These functions create a
|
can call later using Embedded PERL. These functions create a
|
||||||
<firstterm>manual chain</firstterm> using
|
<firstterm>manual chain</firstterm> using
|
||||||
Shorewall::Chains::new_manual_chain() and populate it with rules using
|
Shorewall::Chains::new_manual_chain() and populate it with rules using
|
||||||
Shorewall::Chains::add_rule().</para>
|
Shorewall::Chains::add_rule().</para>
|
||||||
@ -64,10 +64,10 @@
|
|||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>The functions defined in the compile script are called by Inline
|
<para>The functions defined in the compile script are called by
|
||||||
PERL statements. The arguments to those calls define the contents of
|
embedded PERL statements. The arguments to those calls define the
|
||||||
the manual chains and the rule(s) passed back to Shorewall for normal
|
contents of the manual chains and the rule(s) passed back to Shorewall
|
||||||
processing.</para>
|
for normal processing.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
|
@ -383,63 +383,63 @@ smtp,www,pop3,imap #Services running on the firewall</programlisting>
|
|||||||
|
|
||||||
<programlisting> shorewall/params.mgmt:
|
<programlisting> shorewall/params.mgmt:
|
||||||
|
|
||||||
MGMT_SERVERS=1.1.1.1,2.2.2.2,3.3.3.3
|
MGMT_SERVERS=1.1.1.1,2.2.2.2,3.3.3.3
|
||||||
TIME_SERVERS=4.4.4.4
|
TIME_SERVERS=4.4.4.4
|
||||||
BACKUP_SERVERS=5.5.5.5
|
BACKUP_SERVERS=5.5.5.5
|
||||||
|
|
||||||
----- end params.mgmt -----
|
----- end params.mgmt -----
|
||||||
|
|
||||||
shorewall/params:
|
shorewall/params:
|
||||||
|
|
||||||
# Shorewall 1.3 /etc/shorewall/params
|
# Shorewall 1.3 /etc/shorewall/params
|
||||||
[..]
|
[..]
|
||||||
#######################################
|
#######################################
|
||||||
|
|
||||||
INCLUDE params.mgmt
|
INCLUDE params.mgmt
|
||||||
|
|
||||||
# params unique to this host here
|
# params unique to this host here
|
||||||
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
|
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
|
||||||
|
|
||||||
----- end params -----
|
----- end params -----
|
||||||
|
|
||||||
shorewall/rules.mgmt:
|
shorewall/rules.mgmt:
|
||||||
|
|
||||||
ACCEPT net:$MGMT_SERVERS $FW tcp 22
|
ACCEPT net:$MGMT_SERVERS $FW tcp 22
|
||||||
ACCEPT $FW net:$TIME_SERVERS udp 123
|
ACCEPT $FW net:$TIME_SERVERS udp 123
|
||||||
ACCEPT $FW net:$BACKUP_SERVERS tcp 22
|
ACCEPT $FW net:$BACKUP_SERVERS tcp 22
|
||||||
|
|
||||||
----- end rules.mgmt -----
|
----- end rules.mgmt -----
|
||||||
|
|
||||||
shorewall/rules:
|
shorewall/rules:
|
||||||
|
|
||||||
# Shorewall version 1.3 - Rules File
|
# Shorewall version 1.3 - Rules File
|
||||||
[..]
|
[..]
|
||||||
#######################################
|
#######################################
|
||||||
|
|
||||||
INCLUDE rules.mgmt
|
INCLUDE rules.mgmt
|
||||||
|
|
||||||
# rules unique to this host here
|
# rules unique to this host here
|
||||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
||||||
|
|
||||||
----- end rules -----</programlisting>
|
----- end rules -----</programlisting>
|
||||||
</example>
|
</example>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="Inline">
|
<section id="Embedded">
|
||||||
<title>Inline Shell and Perl (Added in Shorewall-perl 4.0.6)</title>
|
<title>Embedded Shell and Perl (Added in Shorewall-perl 4.0.6)</title>
|
||||||
|
|
||||||
<para>Earlier versions of Shorewall offered <ulink
|
<para>Earlier versions of Shorewall offered <ulink
|
||||||
url="shorewall_extension_scripts.htm">extension scripts</ulink> to allow
|
url="shorewall_extension_scripts.htm">extension scripts</ulink> to allow
|
||||||
users to extend Shorewall's functionality. Extension scripts were designed
|
users to extend Shorewall's functionality. Extension scripts were designed
|
||||||
to work under the limitations of the Bourne Shell. With Shorewall-perl,
|
to work under the limitations of the Bourne Shell. With Shorewall-perl,
|
||||||
<firstterm>inline scripts</firstterm> offer a richer and more flexible
|
<firstterm>Embedded scripts</firstterm> offer a richer and more flexible
|
||||||
extension capability.</para>
|
extension capability.</para>
|
||||||
|
|
||||||
<para>While inline scripts scripts may be written in either Shell or Perl,
|
<para>While inline scripts scripts may be written in either Shell or Perl,
|
||||||
those written in Perl have a lot more power.</para>
|
those written in Perl have a lot more power.</para>
|
||||||
|
|
||||||
<para>Inline scripts can be either single-line or multi-line. Single line
|
<para>Embedded scripts can be either single-line or multi-line. Single
|
||||||
scripts take one of the following forms:</para>
|
line scripts take one of the following forms:</para>
|
||||||
|
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
@ -472,7 +472,7 @@ ACCEPT dmz fw tcp 22</programlisting></para>
|
|||||||
<programlisting>package Shorewall::User;
|
<programlisting>package Shorewall::User;
|
||||||
use Shorewall::Config qw/shorewall/;</programlisting>
|
use Shorewall::Config qw/shorewall/;</programlisting>
|
||||||
|
|
||||||
<para>As part of the change that added inline scripts:</para>
|
<para>As part of the change that added embedded scripts:</para>
|
||||||
|
|
||||||
<orderedlist>
|
<orderedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
@ -484,7 +484,7 @@ use Shorewall::Config qw/shorewall/;</programlisting>
|
|||||||
<para>A <emphasis role="bold">compile</emphasis> extension script was
|
<para>A <emphasis role="bold">compile</emphasis> extension script was
|
||||||
added for use by Shorewall-perl. That script is run early in the
|
added for use by Shorewall-perl. That script is run early in the
|
||||||
compilation process and allows users to load additional modules and to
|
compilation process and allows users to load additional modules and to
|
||||||
define data and functions for use in subsequent inline scripts and
|
define data and functions for use in subsequent embedded scripts and
|
||||||
extension scripts.</para>
|
extension scripts.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</orderedlist>
|
</orderedlist>
|
||||||
@ -618,7 +618,7 @@ use Shorewall::Config qw/shorewall/;</programlisting>
|
|||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Must not have any embedded white space.<programlisting> Valid: routefilter,dhcp,norfc1918
|
<para>Must not have any embedded white space.<programlisting> Valid: routefilter,dhcp,norfc1918
|
||||||
Invalid: routefilter, dhcp, norfc1818</programlisting></para>
|
Invalid: routefilter, dhcp, norfc1818</programlisting></para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
@ -791,17 +791,17 @@ DNAT net loc:192.168.1.3 tcp 4000:4100</programlisting>
|
|||||||
<para>Example:</para>
|
<para>Example:</para>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<programlisting> /etc/shorewall/params
|
<programlisting> /etc/shorewall/params
|
||||||
|
|
||||||
NET_IF=eth0
|
NET_IF=eth0
|
||||||
NET_BCAST=130.252.100.255
|
NET_BCAST=130.252.100.255
|
||||||
NET_OPTIONS=routefilter,norfc1918
|
NET_OPTIONS=routefilter,norfc1918
|
||||||
|
|
||||||
/etc/shorewall/interfaces record:
|
/etc/shorewall/interfaces record:
|
||||||
|
|
||||||
net $NET_IF $NET_BCAST $NET_OPTIONS
|
net $NET_IF $NET_BCAST $NET_OPTIONS
|
||||||
|
|
||||||
The result will be the same as if the record had been written
|
The result will be the same as if the record had been written
|
||||||
|
|
||||||
net eth0 130.252.100.255 routefilter,norfc1918
|
net eth0 130.252.100.255 routefilter,norfc1918
|
||||||
</programlisting>
|
</programlisting>
|
||||||
@ -887,16 +887,15 @@ DNAT net loc:192.168.1.3 tcp 4000:4100</programlisting>
|
|||||||
<example id="mac">
|
<example id="mac">
|
||||||
<title>MAC Address of an Ethernet Controller</title>
|
<title>MAC Address of an Ethernet Controller</title>
|
||||||
|
|
||||||
<programlisting> [root@gateway root]# <command>ifconfig eth0</command>
|
<programlisting> [root@gateway root]# <command>ifconfig eth0</command>
|
||||||
eth0 Link encap:Ethernet HWaddr <emphasis
|
eth0 Link encap:Ethernet HWaddr <emphasis role="bold">02:00:08:E3:FA:55</emphasis>
|
||||||
role="bold">02:00:08:E3:FA:55</emphasis>
|
inet addr:206.124.146.176 Bcast:206.124.146.255 Mask:255.255.255.0
|
||||||
inet addr:206.124.146.176 Bcast:206.124.146.255 Mask:255.255.255.0
|
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||||||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
RX packets:2398102 errors:0 dropped:0 overruns:0 frame:0
|
||||||
RX packets:2398102 errors:0 dropped:0 overruns:0 frame:0
|
TX packets:3044698 errors:0 dropped:0 overruns:0 carrier:0
|
||||||
TX packets:3044698 errors:0 dropped:0 overruns:0 carrier:0
|
collisions:30394 txqueuelen:100
|
||||||
collisions:30394 txqueuelen:100
|
RX bytes:419871805 (400.4 Mb) TX bytes:1659782221 (1582.8 Mb)
|
||||||
RX bytes:419871805 (400.4 Mb) TX bytes:1659782221 (1582.8 Mb)
|
Interrupt:11 Base address:0x1800
|
||||||
Interrupt:11 Base address:0x1800
|
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</example>
|
</example>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user