extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-02 19:49:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update Macro document for smart parameter merging

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3024 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-11-18 17:21:11 +00:00
parent fd834a4f64
commit 90c9e515c6
1 changed files with 28 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
Shorewall-docs2/Macros.xml
View File

@ -21,7 +21,7 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2005-11-02</pubdate> <pubdate>2005-11-18</pubdate>
<copyright> <copyright>
<year>2005</year> <year>2005</year>
@ -139,12 +139,14 @@ ACCEPT loc fw tcp 135,139,445</programlisting>
<term>SOURCE and DEST</term> <term>SOURCE and DEST</term>
<listitem> <listitem>
<para>If the rule in the macro file specifies a value and the <para>If a value other than "-" appears in both the macro body and
invocation of the rule also specifies a value then the value in the in the invocation of the macro, then the value in the invocation is
invocation is appended to the value in the rule using ":" as a examined and the appropriate action is taken. If the value in the
separator.</para> invocation appears to be an address (IP or MAC) or the name of an
ipset, then it is placed after the value in the macro body.
Otherwise, it is placed before the value in the macro body.</para>
<para>Example:</para> <para>Example 1:</para>
<blockquote> <blockquote>
<para>/etc/shorewall/macro.SMTP</para> <para>/etc/shorewall/macro.SMTP</para>
@ -163,6 +165,26 @@ SMTP/DNAT:info net 192.168.1.5</programlisting>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S) <programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
DNAT:info net loc:192.168.1.5 tcp 25</programlisting> DNAT:info net loc:192.168.1.5 tcp 25</programlisting>
</blockquote> </blockquote>
<para>Example 2:</para>
<blockquote>
<para>/etc/shorewall/macro.SMTP</para>
<programlisting>#TARGET SOURCE DEST PROTO DEST PORT(S)
PARAM - 192.168.1.5 tcp 25</programlisting>
<para>/etc/shorewall/rules</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
SMTP/DNAT:info net loc</programlisting>
<para>This would be equivalent to coding the following directly in
/etc/shorewall/rules</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
DNAT:info net loc:192.168.1.5 tcp 25</programlisting>
</blockquote>
</listitem> </listitem>
</varlistentry> </varlistentry>