mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 06:38:53 +01:00
Add SAME to tcrules manpage
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9529 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
491f7d6b6d
commit
81e3001f02
@ -220,30 +220,6 @@ loc eth2 -</programlisting>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">detectnets</emphasis>
|
||||
(Deprecated)</term>
|
||||
|
||||
<listitem>
|
||||
<para>Automatically tailors the zone named in the ZONE column
|
||||
to include only those hosts routed through the
|
||||
interface.</para>
|
||||
|
||||
<para></para>
|
||||
|
||||
<warning>
|
||||
<para>Do not set the <emphasis
|
||||
role="bold">detectnets</emphasis> option on your internet
|
||||
interface.</para>
|
||||
|
||||
<para>Support for this option will be removed in a future
|
||||
release of Shorewall-perl. Better to use the <emphasis
|
||||
role="bold">routefilter</emphasis> option together with the
|
||||
<emphasis role="bold">logmartians</emphasis> option.</para>
|
||||
</warning>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">dhcp</emphasis></term>
|
||||
|
||||
|
@ -49,7 +49,7 @@
|
||||
role="bold">/</emphasis><emphasis>mask</emphasis>]|<emphasis
|
||||
role="bold">SAVE</emphasis>[<emphasis
|
||||
role="bold">/</emphasis><emphasis>mask</emphasis>]|<emphasis
|
||||
role="bold">CONTINUE</emphasis>|<emphasis
|
||||
role="bold">CONTINUE</emphasis>|SAME|<emphasis
|
||||
role="bold">COMMENT</emphasis>}[<emphasis
|
||||
role="bold">:</emphasis>{<emphasis role="bold">C</emphasis>|<emphasis
|
||||
role="bold">F</emphasis>|<emphasis role="bold">P</emphasis>|<emphasis
|
||||
@ -234,6 +234,25 @@
|
||||
iptables/Netfilter provides the necessary support.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><emphasis role="bold">SAME</emphasis> (Added in Shorewall
|
||||
4.3.5) -- Some websites run applications that require multiple
|
||||
connections from a client browser. Where multiple 'balanced'
|
||||
providers are configured, this can lead to problems when some of
|
||||
the connections are routed through one provider and some through
|
||||
another. The SAME target allows you to work around that problem.
|
||||
SAME may currently be used only in the PREROUTING chain and
|
||||
causes matching connections from an individual local system to
|
||||
all use the same provider. For example: <programlisting>#MARK/ SOURCE DEST PROTO DEST
|
||||
#CLASSIFY PORT(S)
|
||||
SAME:P 192.168.1.0/24 0.0.0.0/0 tcp 80,443</programlisting>
|
||||
If a host in 192.168.1.0/24 attempts a connection on TCP port 80
|
||||
or 443 and it has sent a packet on either of those ports in the
|
||||
last two minutes then the new connection will use the same
|
||||
provider as the connection over which that last packet was sent.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><emphasis role="bold">COMMENT</emphasis> -- the rest of
|
||||
the line will be attached as a comment to the Netfilter rule(s)
|
||||
|
Loading…
Reference in New Issue
Block a user