Update 'interfaces' manpage with some advice regarding 'logmartians'

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5416 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-02-16 20:56:24 +00:00
parent 965cc55785
commit 7c10831bc4
2 changed files with 22 additions and 6 deletions

View File

@ -166,11 +166,27 @@ loc eth2 -</programlisting>
<listitem>
<para>Turn on kernel martian logging (logging of packets with
impossible source addresses. It is suggested that if you set
<emphasis role="bold">routefilter</emphasis> on an interface
that you also set <emphasis
role="bold">logmartians</emphasis>. This option may also be
enabled globally in the <ulink
impossible source addresses. It is strongly suggested that if
you set <emphasis role="bold">routefilter</emphasis> on an
interface that you also set <emphasis
role="bold">logmartians</emphasis>. Even if you do not specify
the <option>routefilter</option> option, it is a good idea to
specify <option>logmartians</option> because your distribution
may be enabling route filtering without you knowing it.</para>
<para>To find out if route filtering is set on a given
<replaceable>interface</replaceable>, check the contents of
<filename>/proc/sys/net/ipv4/conf/<replaceable>interface</replaceable>/rp_filter</filename>
— a non-zero value indicates that route filtering is
enabled.</para>
<para>Example:</para>
<programlisting> teastep@lists:~$ <command>cat /proc/sys/net/ipv4/conf/eth0/rp_filter </command>
1
teastep@lists:~$ </programlisting>
<para>This option may also be enabled globally in the <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5)
file.</para>
</listitem>

View File

@ -87,7 +87,7 @@
<note>
<para>If you are not familiar with Netfilter to the point where you are
comfortable with the differences between the various connection tracking
states, then I suggest that you omit the <emphasis
states, then it is suggested that you omit the <emphasis
role="bold">ESTABLISHED</emphasis> and <emphasis
role="bold">RELATED</emphasis> sections and place all of your rules in
the NEW section (That's after the line that reads SECTION NEW').</para>