mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-20 09:47:51 +02:00
Update manpages for interface exclusion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
bfb9852eb6
commit
780eb0402c
@ -107,6 +107,10 @@
|
||||
<para>INTERFACE — The name of an interface that matches an entry in
|
||||
<filename>/etc/shorewall/interfaces</filename>
|
||||
(<filename>/etc/shorewall6/interfaces</filename>).</para>
|
||||
|
||||
<para>Beginning with Shorweall 5.2.1, the
|
||||
<replaceable>interface</replaceable> may be preceded with '!' which
|
||||
matches all interfaces except the one specified.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
@ -157,7 +161,7 @@
|
||||
|
||||
<listitem>
|
||||
<para>The primary IP address of eth0 in the $FW zone - <emphasis
|
||||
role="bold">$FW:&eth0</emphasis> </para>
|
||||
role="bold">$FW:&eth0</emphasis></para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
@ -175,7 +179,7 @@
|
||||
support</emphasis>, you may use IP address ranges in Shorewall
|
||||
configuration file entries; IP address ranges have the syntax
|
||||
<<emphasis>low IP address</emphasis>>-<<emphasis>high IP
|
||||
address</emphasis>>. </para>
|
||||
address</emphasis>>.</para>
|
||||
|
||||
<para>Example: 192.168.1.5-192.168.1.12.</para>
|
||||
</refsect1>
|
||||
|
||||
@ -857,15 +857,20 @@ Normal-Service => 0x00</programlisting>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><replaceable>interface</replaceable></term>
|
||||
<term>[!]<replaceable>interface</replaceable></term>
|
||||
|
||||
<listitem>
|
||||
<para>where <replaceable>interface</replaceable> is the
|
||||
logical name of an interface defined in <ulink
|
||||
logical name of an <replaceable>interface</replaceable>
|
||||
defined in <ulink
|
||||
url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5).
|
||||
Matches packets entering the firewall from the named
|
||||
interface. May not be used in CLASSIFY rules or in rules using
|
||||
the :T chain qualifier.</para>
|
||||
|
||||
<para>Beginning with Shorweall 5.2.1, the
|
||||
<replaceable>interface</replaceable> may be preceded with '!'
|
||||
which matches all interfaces except the one specified.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -899,23 +904,31 @@ Normal-Service => 0x00</programlisting>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><replaceable>interface</replaceable>:<replaceable>address</replaceable>,[...][<replaceable>exclusion</replaceable>]</term>
|
||||
<term>[!]<replaceable>interface</replaceable>:<replaceable>address</replaceable>,[...][<replaceable>exclusion</replaceable>]</term>
|
||||
|
||||
<listitem>
|
||||
<para>This form combines the preceding two forms and matches
|
||||
when both the incoming interface and source IP address
|
||||
match.</para>
|
||||
|
||||
<para>Beginning with Shorweall 5.2.1, the
|
||||
<replaceable>interface</replaceable> may be preceded with '!'
|
||||
which matches all interfaces except the one specified.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><replaceable>interface</replaceable>:<replaceable>exclusion</replaceable></term>
|
||||
<term>[!]<replaceable>interface</replaceable>:<replaceable>exclusion</replaceable></term>
|
||||
|
||||
<listitem>
|
||||
<para>This form matches packets arriving through the named
|
||||
<replaceable>interface</replaceable> and whose source IP
|
||||
address does not match any of the addresses in the
|
||||
<replaceable>exclusion</replaceable>.</para>
|
||||
|
||||
<para>Beginning with Shorweall 5.2.1, the
|
||||
<replaceable>interface</replaceable> may be preceded with '!'
|
||||
which matches all interfaces except the one specified.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
@ -461,8 +461,7 @@
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.5.16. This action allows you to
|
||||
construct most of the rule yourself using iptables syntax. The
|
||||
part that you specify must follow two semicolons (';;')
|
||||
and is
|
||||
part that you specify must follow two semicolons (';;') and is
|
||||
completely free-form. If the target of the rule (the part
|
||||
following 'j') is something that Shorewall supports in the
|
||||
ACTION column, then you may enclose it in parentheses (e.g.,
|
||||
@ -1046,7 +1045,7 @@
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><replaceable>zone</replaceable>:<replaceable>interface</replaceable></term>
|
||||
<term><replaceable>zone</replaceable>:[!]<replaceable>interface</replaceable></term>
|
||||
|
||||
<listitem>
|
||||
<para>When this form is used,
|
||||
@ -1059,6 +1058,11 @@
|
||||
Only packets from hosts in the <replaceable>zone</replaceable>
|
||||
that arrive through the named interface will match the
|
||||
rule.</para>
|
||||
|
||||
<para>Beginning with Shorweall 5.2.1, the
|
||||
<replaceable>interface</replaceable> may be preceded with '!'
|
||||
which matches all interfaces associated with the zone except
|
||||
the one specified.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1397,7 +1401,7 @@
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><replaceable>zone</replaceable>:<replaceable>interface</replaceable></term>
|
||||
<term><replaceable>zone</replaceable>:[!]<replaceable>interface</replaceable></term>
|
||||
|
||||
<listitem>
|
||||
<para>When this form is used,
|
||||
@ -1410,6 +1414,11 @@
|
||||
Only packets to hosts in the <replaceable>zone</replaceable>
|
||||
that are sent through the named interface will match the
|
||||
rule.</para>
|
||||
|
||||
<para>Beginning with Shorweall 5.2.1, the
|
||||
<replaceable>interface</replaceable> may be preceded with '!'
|
||||
which matches all interfaces associated with the zone except
|
||||
the one specified.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1463,12 +1472,17 @@
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><replaceable>zone</replaceable>:<replaceable>interface</replaceable>:<replaceable>address</replaceable>[,...]</term>
|
||||
<term><replaceable>zone</replaceable>:[!]<replaceable>interface</replaceable>:<replaceable>address</replaceable>[,...]</term>
|
||||
|
||||
<listitem>
|
||||
<para>This form combines the preceding two and requires that
|
||||
both the outgoing interface and destinationaddress
|
||||
match.</para>
|
||||
|
||||
<para>Beginning with Shorweall 5.2.1, the
|
||||
<replaceable>interface</replaceable> may be preceded with '!'
|
||||
which matches all interfaces associated with the zone except
|
||||
the one specified.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1483,7 +1497,7 @@
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><replaceable>zone</replaceable>:<replaceable>interface</replaceable>:<replaceable>exclusion</replaceable></term>
|
||||
<term><replaceable>zone</replaceable>:[!]<replaceable>interface</replaceable>:<replaceable>exclusion</replaceable></term>
|
||||
|
||||
<listitem>
|
||||
<para>This form matches packets to the named
|
||||
@ -1491,6 +1505,11 @@
|
||||
<replaceable>interface</replaceable> where the destination
|
||||
address does not match any entry in the
|
||||
<replaceable>exclusion</replaceable>.</para>
|
||||
|
||||
<para>Beginning with Shorweall 5.2.1, the
|
||||
<replaceable>interface</replaceable> may be preceded with '!'
|
||||
which matches all interfaces associated with the zone except
|
||||
the one specified.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user