extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-08-09 23:54:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add support for condition match in the rules file

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
2011-09-21 15:20:50 -07:00
parent 7978993d2b
commit 75b4540d26
10 changed files with 123 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
manpages/shorewall-rules.xml
View File

@ -1267,6 +1267,30 @@
</variablelist>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">HEADERS</emphasis></term>
<listitem>
<para>Added in Shorewall 4.4.15. Not used in IPv4 configurations. If
you with to supply a value for one of the later columns, enter '-'
in this column.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">CONDITION -
[!]<replaceable>condition-name</replaceable></emphasis></term>
<listitem>
<para>Added in Shorewall 4.4.24. Matches if the value stored in
<filename>/proc/net/nf_condition/<replaceable>condition-name</replaceable></filename>
is 1. Does not match if that file contains 0 (the default). If '!'
is supplied, the test is inverted such that there is a match if the
file contains 0. The condition-name must begin with a letter and be
composed of letters, decimal digits or underscores.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
@ -1457,6 +1481,19 @@
SSH(ACCEPT) net all - - - - s:1/min:3</programlisting>
</listitem>
</varlistentry>
<varlistentry>
<term>Example 12:</term>
<listitem>
<para>Forward port 80 to dmz host $BACKUP if condition
'primary_down' is set.</para>
<programlisting> #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS CONDITION
# PORT(S) PORT(S) DEST LIMIT GROUP
DNAT net dmz:$BACKUP tcp 80 - - - - - - - - primary_down</programlisting>
</listitem>
</varlistentry>
</variablelist>
</refsect1>