extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 09:47:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update manpages for interface exclusion

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2018-06-15 08:23:35 -07:00
parent bfb9852eb6
commit 780eb0402c
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
3 changed files with 48 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Shorewall/manpages/shorewall-addresses.xml
View File

@ -107,6 +107,10 @@
<para>INTERFACE — The name of an interface that matches an entry in <para>INTERFACE — The name of an interface that matches an entry in
<filename>/etc/shorewall/interfaces</filename> <filename>/etc/shorewall/interfaces</filename>
(<filename>/etc/shorewall6/interfaces</filename>).</para> (<filename>/etc/shorewall6/interfaces</filename>).</para>
<para>Beginning with Shorweall 5.2.1, the
<replaceable>interface</replaceable> may be preceded with '!' which
matches all interfaces except the one specified.</para>
</listitem> </listitem>
<listitem> <listitem>
@ -157,7 +161,7 @@
<listitem> <listitem>
<para>The primary IP address of eth0 in the $FW zone - <emphasis <para>The primary IP address of eth0 in the $FW zone - <emphasis
role="bold">$FW:&amp;eth0</emphasis> </para> role="bold">$FW:&amp;eth0</emphasis></para>
</listitem> </listitem>
<listitem> <listitem>
@ -175,7 +179,7 @@
support</emphasis>, you may use IP address ranges in Shorewall support</emphasis>, you may use IP address ranges in Shorewall
configuration file entries; IP address ranges have the syntax configuration file entries; IP address ranges have the syntax
&lt;<emphasis>low IP address</emphasis>&gt;-&lt;<emphasis>high IP &lt;<emphasis>low IP address</emphasis>&gt;-&lt;<emphasis>high IP
address</emphasis>&gt;. </para> address</emphasis>&gt;.</para>
<para>Example: 192.168.1.5-192.168.1.12.</para> <para>Example: 192.168.1.5-192.168.1.12.</para>
</refsect1> </refsect1>

21
Shorewall/manpages/shorewall-mangle.xml
View File

@ -857,15 +857,20 @@ Normal-Service =&gt; 0x00</programlisting>
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term><replaceable>interface</replaceable></term> <term>[!]<replaceable>interface</replaceable></term>
<listitem> <listitem>
<para>where <replaceable>interface</replaceable> is the <para>where <replaceable>interface</replaceable> is the
logical name of an interface defined in <ulink logical name of an <replaceable>interface</replaceable>
defined in <ulink
url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5). url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5).
Matches packets entering the firewall from the named Matches packets entering the firewall from the named
interface. May not be used in CLASSIFY rules or in rules using interface. May not be used in CLASSIFY rules or in rules using
the :T chain qualifier.</para> the :T chain qualifier.</para>
<para>Beginning with Shorweall 5.2.1, the
<replaceable>interface</replaceable> may be preceded with '!'
which matches all interfaces except the one specified.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -899,23 +904,31 @@ Normal-Service =&gt; 0x00</programlisting>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><replaceable>interface</replaceable>:<replaceable>address</replaceable>,[...][<replaceable>exclusion</replaceable>]</term> <term>[!]<replaceable>interface</replaceable>:<replaceable>address</replaceable>,[...][<replaceable>exclusion</replaceable>]</term>
<listitem> <listitem>
<para>This form combines the preceding two forms and matches <para>This form combines the preceding two forms and matches
when both the incoming interface and source IP address when both the incoming interface and source IP address
match.</para> match.</para>
<para>Beginning with Shorweall 5.2.1, the
<replaceable>interface</replaceable> may be preceded with '!'
which matches all interfaces except the one specified.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><replaceable>interface</replaceable>:<replaceable>exclusion</replaceable></term> <term>[!]<replaceable>interface</replaceable>:<replaceable>exclusion</replaceable></term>
<listitem> <listitem>
<para>This form matches packets arriving through the named <para>This form matches packets arriving through the named
<replaceable>interface</replaceable> and whose source IP <replaceable>interface</replaceable> and whose source IP
address does not match any of the addresses in the address does not match any of the addresses in the
<replaceable>exclusion</replaceable>.</para> <replaceable>exclusion</replaceable>.</para>
<para>Beginning with Shorweall 5.2.1, the
<replaceable>interface</replaceable> may be preceded with '!'
which matches all interfaces except the one specified.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

31
Shorewall/manpages/shorewall-rules.xml
View File

@ -461,8 +461,7 @@
<listitem> <listitem>
<para>Added in Shorewall 4.5.16. This action allows you to <para>Added in Shorewall 4.5.16. This action allows you to
construct most of the rule yourself using iptables syntax. The construct most of the rule yourself using iptables syntax. The
part that you specify must follow two semicolons (';;') part that you specify must follow two semicolons (';;') and is
and is
completely free-form. If the target of the rule (the part completely free-form. If the target of the rule (the part
following 'j') is something that Shorewall supports in the following 'j') is something that Shorewall supports in the
ACTION column, then you may enclose it in parentheses (e.g., ACTION column, then you may enclose it in parentheses (e.g.,
@ -1046,7 +1045,7 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><replaceable>zone</replaceable>:<replaceable>interface</replaceable></term> <term><replaceable>zone</replaceable>:[!]<replaceable>interface</replaceable></term>
<listitem> <listitem>
<para>When this form is used, <para>When this form is used,
@ -1059,6 +1058,11 @@
Only packets from hosts in the <replaceable>zone</replaceable> Only packets from hosts in the <replaceable>zone</replaceable>
that arrive through the named interface will match the that arrive through the named interface will match the
rule.</para> rule.</para>
<para>Beginning with Shorweall 5.2.1, the
<replaceable>interface</replaceable> may be preceded with '!'
which matches all interfaces associated with the zone except
the one specified.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1397,7 +1401,7 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><replaceable>zone</replaceable>:<replaceable>interface</replaceable></term> <term><replaceable>zone</replaceable>:[!]<replaceable>interface</replaceable></term>
<listitem> <listitem>
<para>When this form is used, <para>When this form is used,
@ -1410,6 +1414,11 @@
Only packets to hosts in the <replaceable>zone</replaceable> Only packets to hosts in the <replaceable>zone</replaceable>
that are sent through the named interface will match the that are sent through the named interface will match the
rule.</para> rule.</para>
<para>Beginning with Shorweall 5.2.1, the
<replaceable>interface</replaceable> may be preceded with '!'
which matches all interfaces associated with the zone except
the one specified.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1463,12 +1472,17 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><replaceable>zone</replaceable>:<replaceable>interface</replaceable>:<replaceable>address</replaceable>[,...]</term> <term><replaceable>zone</replaceable>:[!]<replaceable>interface</replaceable>:<replaceable>address</replaceable>[,...]</term>
<listitem> <listitem>
<para>This form combines the preceding two and requires that <para>This form combines the preceding two and requires that
both the outgoing interface and destinationaddress both the outgoing interface and destinationaddress
match.</para> match.</para>
<para>Beginning with Shorweall 5.2.1, the
<replaceable>interface</replaceable> may be preceded with '!'
which matches all interfaces associated with the zone except
the one specified.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1483,7 +1497,7 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><replaceable>zone</replaceable>:<replaceable>interface</replaceable>:<replaceable>exclusion</replaceable></term> <term><replaceable>zone</replaceable>:[!]<replaceable>interface</replaceable>:<replaceable>exclusion</replaceable></term>
<listitem> <listitem>
<para>This form matches packets to the named <para>This form matches packets to the named
@ -1491,6 +1505,11 @@
<replaceable>interface</replaceable> where the destination <replaceable>interface</replaceable> where the destination
address does not match any entry in the address does not match any entry in the
<replaceable>exclusion</replaceable>.</para> <replaceable>exclusion</replaceable>.</para>
<para>Beginning with Shorweall 5.2.1, the
<replaceable>interface</replaceable> may be preceded with '!'
which matches all interfaces associated with the zone except
the one specified.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>