From 798dde23c8442d0bc2bb158930069982e6e741f3 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 30 Apr 2009 19:11:16 -0700 Subject: [PATCH] Modest update to Packet processing doc --- Shorewall/releasenotes.txt | 3 +++ docs/PacketHandling.xml | 9 +++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 8246a290f..8a4014ead 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -63,6 +63,9 @@ released late in 2009. interface to be up and configured when Shorewall starts/restarts + To avoid this warning, replace interface names by the corresponding + network addresses (e.g., 192.168.144.0/24). + ---------------------------------------------------------------------------- P R O B L E M S C O R R E C T E D I N 4 . 3 . 10 ---------------------------------------------------------------------------- diff --git a/docs/PacketHandling.xml b/docs/PacketHandling.xml index d6fc4e550..50b9e837a 100644 --- a/docs/PacketHandling.xml +++ b/docs/PacketHandling.xml @@ -22,6 +22,8 @@ 2005 + 2009 + Thomas M. Eastep @@ -45,7 +47,7 @@ Overview handy to refer to. The discussion that follows assumes that you are running a current - kernel (2.4.2n or 2.6.m) with the recommended + kernel (2.6.20 or later) with the recommended options included. Otherwise processing may be somewhat different from described below depending on the features supported by your kernel. @@ -155,7 +157,10 @@ then the packet is ACCEPTed in the filter table's interface_in chain (for - example, eth0_in). + example, eth0_in). Note that if the interface is its associated zones + only interface, then the interface_in chain is + optimized away and its rules are transferred to another chain.