mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-20 17:58:07 +02:00
fix multiple typos
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2191 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
judas_iscariote
parent
a511f5db63
commit
94571c8baf
@ -58,8 +58,8 @@
|
|||||||
underscore characters) as well as valid Netfilter chain names. If you
|
underscore characters) as well as valid Netfilter chain names. If you
|
||||||
intend to log from the action, the name must have a maximum of 11
|
intend to log from the action, the name must have a maximum of 11
|
||||||
characters. It is recommended that the name you select for a new
|
characters. It is recommended that the name you select for a new
|
||||||
action begins with with a capital letter; that way, the name won't
|
action begins with a capital letter; that way, the name won't conflict
|
||||||
conflict with a Shorewall-defined chain name.</para>
|
with a Shorewall-defined chain name.</para>
|
||||||
|
|
||||||
<para>Beginning with Shorewall-2.0.0-Beta1, the name of the action may
|
<para>Beginning with Shorewall-2.0.0-Beta1, the name of the action may
|
||||||
be optionally followed by a colon (<quote>:</quote>) and ACCEPT, DROP
|
be optionally followed by a colon (<quote>:</quote>) and ACCEPT, DROP
|
||||||
@ -149,8 +149,8 @@
|
|||||||
port</emphasis>>:<<emphasis>high port</emphasis>>.</para>
|
port</emphasis>>:<<emphasis>high port</emphasis>>.</para>
|
||||||
|
|
||||||
<para>This column is ignored if PROTOCOL = all but must be entered if
|
<para>This column is ignored if PROTOCOL = all but must be entered if
|
||||||
any of the following ields are supplied. In that case, it is suggested
|
any of the following fields are supplied. In that case, it is
|
||||||
that this field contain <quote>-</quote>.</para>
|
suggested that this field contain <quote>-</quote>.</para>
|
||||||
|
|
||||||
<para>If your kernel contains multi-port match support, then only a
|
<para>If your kernel contains multi-port match support, then only a
|
||||||
single Netfilter rule will be generated if in this list and in the
|
single Netfilter rule will be generated if in this list and in the
|
||||||
@ -266,7 +266,7 @@ LogAndAccept loc fw tcp 22</programlisting>
|
|||||||
or Shorewall-defined action will cause each rule in the action to be
|
or Shorewall-defined action will cause each rule in the action to be
|
||||||
logged with the specified level (and tag).</para>
|
logged with the specified level (and tag).</para>
|
||||||
|
|
||||||
<para>The extent to which logging of action rules occur is goverend by the
|
<para>The extent to which logging of action rules occur is governed by the
|
||||||
following:</para>
|
following:</para>
|
||||||
|
|
||||||
<orderedlist>
|
<orderedlist>
|
||||||
@ -427,8 +427,8 @@ Reject:REJECT #Common Action for REJECT policy</programlisting>
|
|||||||
|
|
||||||
<para>These entries designate the action named <firstterm>Drop</firstterm>
|
<para>These entries designate the action named <firstterm>Drop</firstterm>
|
||||||
as the common action for DROP policies and the common action
|
as the common action for DROP policies and the common action
|
||||||
<firstterm>Reject</firstterm> as the common action for REJECT policies.
|
<firstterm>Reject</firstterm> as the common action for REJECT
|
||||||
</para>
|
policies.</para>
|
||||||
|
|
||||||
<para>The purpose of common actions is:</para>
|
<para>The purpose of common actions is:</para>
|
||||||
|
|
||||||
@ -436,7 +436,7 @@ Reject:REJECT #Common Action for REJECT policy</programlisting>
|
|||||||
<listitem>
|
<listitem>
|
||||||
<para>To avoid filling your log with useless clutter. For example, one
|
<para>To avoid filling your log with useless clutter. For example, one
|
||||||
of the things that the Drop action does is to silently drop SMB
|
of the things that the Drop action does is to silently drop SMB
|
||||||
traffic by invoking the <firstterm>DropSMB</firstterm> action. </para>
|
traffic by invoking the <firstterm>DropSMB</firstterm> action.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
@ -457,7 +457,7 @@ Reject:REJECT #Common Action for REJECT policy</programlisting>
|
|||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="Extension">
|
<section id="Extension">
|
||||||
<title> Creating an Action using an Extension Script</title>
|
<title>Creating an Action using an Extension Script</title>
|
||||||
|
|
||||||
<para>There may be cases where you wish to create a chain with rules that
|
<para>There may be cases where you wish to create a chain with rules that
|
||||||
can't be constructed using the tools defined in the action.template. In
|
can't be constructed using the tools defined in the action.template. In
|
||||||
|
|||||||
@ -98,7 +98,7 @@
|
|||||||
<para><emphasis role="bold">Local-host-to-local-gateway</emphasis>.
|
<para><emphasis role="bold">Local-host-to-local-gateway</emphasis>.
|
||||||
This traffic has a source address in the local network or on the
|
This traffic has a source address in the local network or on the
|
||||||
gateway itself. The destination IP address is that of a remote host;
|
gateway itself. The destination IP address is that of a remote host;
|
||||||
either the remote gateway itself or a host behind that gaeway.</para>
|
either the remote gateway itself or a host behind that gateway.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
@ -115,7 +115,7 @@
|
|||||||
<section>
|
<section>
|
||||||
<title>What does this mean with Shorewall?</title>
|
<title>What does this mean with Shorewall?</title>
|
||||||
|
|
||||||
<para>When Shorewall is installed on a VPN gateway system, it catagorizes
|
<para>When Shorewall is installed on a VPN gateway system, it categorizes
|
||||||
the VPN-related traffic slightly differently:</para>
|
the VPN-related traffic slightly differently:</para>
|
||||||
|
|
||||||
<orderedlist>
|
<orderedlist>
|
||||||
|
|||||||
@ -21,7 +21,7 @@
|
|||||||
|
|
||||||
<year>2004</year>
|
<year>2004</year>
|
||||||
|
|
||||||
<holder>Thomas M. Eastep</holder>
|
<holder>2005 Thomas M. Eastep</holder>
|
||||||
</copyright>
|
</copyright>
|
||||||
|
|
||||||
<legalnotice>
|
<legalnotice>
|
||||||
@ -176,7 +176,7 @@ DNAT loc loc:192.168.1.12 tcp 80 - 130.252.100.69</p
|
|||||||
variable names the iptables executable that Shorewall will use. The
|
variable names the iptables executable that Shorewall will use. The
|
||||||
variable is set to "/sbin/iptables". If you use the new
|
variable is set to "/sbin/iptables". If you use the new
|
||||||
shorewall.conf, you may need to change this setting to maintain
|
shorewall.conf, you may need to change this setting to maintain
|
||||||
compabibility with your current setup (if you use your existing
|
compatibility with your current setup (if you use your existing
|
||||||
shorewall.conf that does not set IPTABLES then you should experience
|
shorewall.conf that does not set IPTABLES then you should experience
|
||||||
no change in behavior).</para>
|
no change in behavior).</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
@ -211,9 +211,9 @@ DNAT loc loc:192.168.1.12 tcp 80 - 130.252.100.69</p
|
|||||||
<command>iptables</command> then those commands must also be written
|
<command>iptables</command> then those commands must also be written
|
||||||
to the restore file (a temporary file in <filename
|
to the restore file (a temporary file in <filename
|
||||||
class="directory">/var/lib/shorewall</filename> that is renamed
|
class="directory">/var/lib/shorewall</filename> that is renamed
|
||||||
<filename>/var/lib/shorewall/restore-base</filename> at the
|
<filename>/var/lib/shorewall/restore-base</filename> at the completion
|
||||||
completeion of the <filename>/sbin/shorewall</filename> command). The
|
of the <filename>/sbin/shorewall</filename> command). The following
|
||||||
following functions should be of help:</para>
|
functions should be of help:</para>
|
||||||
|
|
||||||
<orderedlist>
|
<orderedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
@ -306,7 +306,7 @@ DNAT loc loc:192.168.1.12 tcp 80 - 130.252.100.69</p
|
|||||||
<para>The NAT_BEFORE_RULES option has been removed from
|
<para>The NAT_BEFORE_RULES option has been removed from
|
||||||
<filename>shorewall.conf</filename>. The behavior of Shorewall 2.0 is
|
<filename>shorewall.conf</filename>. The behavior of Shorewall 2.0 is
|
||||||
as if NAT_BEFORE_RULES=No had been specified. In other words, DNAT
|
as if NAT_BEFORE_RULES=No had been specified. In other words, DNAT
|
||||||
rules now always take precidence over one-to-one NAT
|
rules now always take precedence over one-to-one NAT
|
||||||
specifications.</para>
|
specifications.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
@ -587,8 +587,8 @@ z1 z2 NONE
|
|||||||
z2 z1 NONE
|
z2 z1 NONE
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</example> Note that NONE policies are generally used in pairs
|
</example> Note that NONE policies are generally used in pairs
|
||||||
unless there is asymetric routing where only the traffic on one
|
unless there is asymmetric routing where only the traffic on one
|
||||||
direction flows through the firewall and you are using a NONE polciy
|
direction flows through the firewall and you are using a NONE policy
|
||||||
in the other direction.</para>
|
in the other direction.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user