Update blacklist file documentation

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3795 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-08 16:54:10 +01:00 · 2006-04-17 00:37:35 +00:00 · 2006-04-17 00:37:35 +00:00 · 78fb4c4ffd
commit 78fb4c4ffd
parent 0ab2143d68
1 changed files with 46 additions and 1 deletions
--- a/docs/Documentation.xml
+++ b/docs/Documentation.xml
@ -15,7 +15,7 @@
      </author>
    </authorgroup>

-    <pubdate>2006-02-27</pubdate>
+    <pubdate>2006-04-15</pubdate>

    <copyright>
      <year>2001-2006</year>
@ -3709,6 +3709,51 @@ all      all     tcp         ftp-data          -               8</programlisting
          <quote>iptables -h icmp</quote>).</para>
        </listitem>
      </varlistentry>
+
+      <varlistentry>
+        <term>OPTIONS</term>
+
+        <listitem>
+          <para>(Optional) A comma-separated list of options. The
+          currently-supported options are:</para>
+
+          <itemizedlist>
+            <listitem>
+              <para>routeback - Set up a rule to ACCEPT traffic from these
+              hosts back to themselves.</para>
+            </listitem>
+
+            <listitem>
+              <para>source - Allow traffic from these hosts to ANY
+              destination. Without this option or the 'dest option, only
+              traffic from this host to other listed hosts (and the firewall)
+              is allowed. If 'source' is specified then 'routeback' is
+              redundant.</para>
+            </listitem>
+
+            <listitem>
+              <para>dest - Allow traffic to these hosts from ANY source.
+              Without this option or the 'source' option, only traffic from
+              this host to other listed hosts (and the firewall) is allowed.
+              If 'dest' is specified then 'routeback' is redundant.</para>
+            </listitem>
+
+            <listitem>
+              <para>critical - Allow traffic between the firewall and these
+              hosts throughout '[re]start', 'stop' and 'clear'. Specifying
+              'critical' on one or more entries will cause your firewall to be
+              "totally open" for a brief window during each of those
+              operations.</para>
+            </listitem>
+          </itemizedlist>
+
+          <note>
+            <para>The 'source' and 'dest' options work best when used in
+            conjunction with ADMINISABSENTMINDED=Yes in
+            /etc/shorewall/shorewall.conf.</para>
+          </note>
+        </listitem>
+      </varlistentry>
    </variablelist>

    <para>Shorewall also has a <ulink url="blacklisting_support.htm">dynamic