extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-26 04:32:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update 'interfaces' manpage with some advice regarding 'logmartians'

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5416 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-02-16 20:56:24 +00:00
parent 965cc55785
commit 7c10831bc4
2 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
manpages/shorewall-interfaces.xml
View File

@ -166,11 +166,27 @@ loc eth2 -</programlisting>
<listitem> <listitem>
<para>Turn on kernel martian logging (logging of packets with <para>Turn on kernel martian logging (logging of packets with
impossible source addresses. It is suggested that if you set impossible source addresses. It is strongly suggested that if
<emphasis role="bold">routefilter</emphasis> on an interface you set <emphasis role="bold">routefilter</emphasis> on an
that you also set <emphasis interface that you also set <emphasis
role="bold">logmartians</emphasis>. This option may also be role="bold">logmartians</emphasis>. Even if you do not specify
enabled globally in the <ulink the <option>routefilter</option> option, it is a good idea to
specify <option>logmartians</option> because your distribution
may be enabling route filtering without you knowing it.</para>
<para>To find out if route filtering is set on a given
<replaceable>interface</replaceable>, check the contents of
<filename>/proc/sys/net/ipv4/conf/<replaceable>interface</replaceable>/rp_filter</filename>
— a non-zero value indicates that route filtering is
enabled.</para>
<para>Example:</para>
<programlisting> teastep@lists:~$ <command>cat /proc/sys/net/ipv4/conf/eth0/rp_filter </command>
1
teastep@lists:~$ </programlisting>
<para>This option may also be enabled globally in the <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5) url="shorewall.conf.html">shorewall.conf</ulink>(5)
file.</para> file.</para>
</listitem> </listitem>

2
manpages/shorewall-rules.xml
View File

@ -87,7 +87,7 @@
<note> <note>
<para>If you are not familiar with Netfilter to the point where you are <para>If you are not familiar with Netfilter to the point where you are
comfortable with the differences between the various connection tracking comfortable with the differences between the various connection tracking
states, then I suggest that you omit the <emphasis states, then it is suggested that you omit the <emphasis
role="bold">ESTABLISHED</emphasis> and <emphasis role="bold">ESTABLISHED</emphasis> and <emphasis
role="bold">RELATED</emphasis> sections and place all of your rules in role="bold">RELATED</emphasis> sections and place all of your rules in
the NEW section (That's after the line that reads SECTION NEW').</para> the NEW section (That's after the line that reads SECTION NEW').</para>