From 90c9e515c693c254d66e8436e7b58e64e450ecbc Mon Sep 17 00:00:00 2001 From: teastep Date: Fri, 18 Nov 2005 17:21:11 +0000 Subject: [PATCH] Update Macro document for smart parameter merging git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3024 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-docs2/Macros.xml | 34 ++++++++++++++++++++++++++++------ 1 file changed, 28 insertions(+), 6 deletions(-) diff --git a/Shorewall-docs2/Macros.xml b/Shorewall-docs2/Macros.xml index 3b86a425c..b0b1a5b32 100644 --- a/Shorewall-docs2/Macros.xml +++ b/Shorewall-docs2/Macros.xml @@ -21,7 +21,7 @@ - 2005-11-02 + 2005-11-18 2005 @@ -139,12 +139,14 @@ ACCEPT loc fw tcp 135,139,445 SOURCE and DEST - If the rule in the macro file specifies a value and the - invocation of the rule also specifies a value then the value in the - invocation is appended to the value in the rule using ":" as a - separator. + If a value other than "-" appears in both the macro body and + in the invocation of the macro, then the value in the invocation is + examined and the appropriate action is taken. If the value in the + invocation appears to be an address (IP or MAC) or the name of an + ipset, then it is placed after the value in the macro body. + Otherwise, it is placed before the value in the macro body. - Example: + Example 1:
/etc/shorewall/macro.SMTP @@ -163,6 +165,26 @@ SMTP/DNAT:info net 192.168.1.5 #ACTION SOURCE DEST PROTO DEST PORT(S) DNAT:info net loc:192.168.1.5 tcp 25
+ + Example 2: + +
+ /etc/shorewall/macro.SMTP + + #TARGET SOURCE DEST PROTO DEST PORT(S) +PARAM - 192.168.1.5 tcp 25 + + /etc/shorewall/rules + + #ACTION SOURCE DEST PROTO DEST PORT(S) +SMTP/DNAT:info net loc + + This would be equivalent to coding the following directly in + /etc/shorewall/rules + + #ACTION SOURCE DEST PROTO DEST PORT(S) +DNAT:info net loc:192.168.1.5 tcp 25 +