extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-08 08:44:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Clarify logging of DNAT rules in the FAQ

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3030 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-11-18 22:21:53 +00:00
parent d0feffd526
commit 888e69b392
2 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Shorewall-docs2/FAQ.xml
View File

@ -17,7 +17,7 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2005-10-25</pubdate> <pubdate>2005-11-18</pubdate>
<copyright> <copyright>
<year>2001-2005</year> <year>2001-2005</year>
@ -1082,7 +1082,14 @@ LOGBURST=""</programlisting>
<listitem> <listitem>
<para>if accepted, the packet would be sent on eth1. If you see <para>if accepted, the packet would be sent on eth1. If you see
<quote>OUT=</quote> with no interface name, the packet would be <quote>OUT=</quote> with no interface name, the packet would be
processed by the firewall itself.</para> processed by the firewall itself. </para>
<note>
<para>When a DNAT rule is logged, there will never be an OUT=
shown because the packet is being logged before it is routed.
Also, DNAT logging will show the <emphasis>original</emphasis>
destination IP address and destination port number.</para>
</note>
</listitem> </listitem>
</varlistentry> </varlistentry>

9
Shorewall-docs2/Macros.xml
View File

@ -141,10 +141,11 @@ ACCEPT loc fw tcp 135,139,445</programlisting>
<listitem> <listitem>
<para>If a value other than "-" appears in both the macro body and <para>If a value other than "-" appears in both the macro body and
in the invocation of the macro, then the value in the invocation is in the invocation of the macro, then the value in the invocation is
examined and the appropriate action is taken. If the value in the examined and the appropriate action is taken (you will want to be
invocation appears to be an address (IP or MAC) or the name of an running Shorewall 3.0.1 or later). If the value in the invocation
ipset, then it is placed after the value in the macro body. appears to be an address (IP or MAC) or the name of an ipset, then
Otherwise, it is placed before the value in the macro body.</para> it is placed after the value in the macro body. Otherwise, it is
placed before the value in the macro body.</para>
<para>Example 1:</para> <para>Example 1:</para>