extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-24 08:33:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of ssh://teastep@shorewall.git.sourceforge.net/gitroot/shorewall/shorewall

Browse Source
This commit is contained in:
Tom Eastep 2009-10-13 17:51:45 -07:00
commit 94d039bf56
8 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
manpages/shorewall-interfaces.xml
View File

@ -161,7 +161,7 @@ loc eth2 -</programlisting>
<para>Only those interfaces with the <para>Only those interfaces with the
<option>arp_filter</option> option will have their setting <option>arp_filter</option> option will have their setting
changes; the value assigned to the setting will be the value changed; the value assigned to the setting will be the value
specified (if any) or 1 if no value is given.</para> specified (if any) or 1 if no value is given.</para>
<para></para> <para></para>
@ -188,7 +188,7 @@ loc eth2 -</programlisting>
<para>2 - reply only if the target IP address is local address <para>2 - reply only if the target IP address is local address
configured on the incoming interface and the sender's IP configured on the incoming interface and the sender's IP
address is part from same subnet on this interface</para> address is part from same subnet on this interface's address</para>
<para>3 - do not reply for local addresses configured with <para>3 - do not reply for local addresses configured with
scope host, only resolutions for global and link</para> scope host, only resolutions for global and link</para>
@ -290,11 +290,11 @@ loc eth2 -</programlisting>
role="bold">logmartians</emphasis>. Even if you do not specify role="bold">logmartians</emphasis>. Even if you do not specify
the <option>routefilter</option> option, it is a good idea to the <option>routefilter</option> option, it is a good idea to
specify <option>logmartians</option> because your distribution specify <option>logmartians</option> because your distribution
may be enabling route filtering without you knowing it.</para> may have enabled route filtering without you knowing it.</para>
<para>Only those interfaces with the <para>Only those interfaces with the
<option>logmartians</option> option will have their setting <option>logmartians</option> option will have their setting
changes; the value assigned to the setting will be the value changed; the value assigned to the setting will be the value
specified (if any) or 1 if no value is given.</para> specified (if any) or 1 if no value is given.</para>
<para>To find out if route filtering is set on a given <para>To find out if route filtering is set on a given
@ -510,12 +510,12 @@ loc eth2 -</programlisting>
(sets (sets
/proc/sys/net/ipv4/conf/<emphasis>interface</emphasis>/accept_source_route /proc/sys/net/ipv4/conf/<emphasis>interface</emphasis>/accept_source_route
to 1). Only set this option if you know what you are doing. to 1). Only set this option if you know what you are doing.
This might represent a security risk and is not usually This might represent a security risk and is usually
needed.</para> unneeded.</para>
<para>Only those interfaces with the <para>Only those interfaces with the
<option>sourceroute</option> option will have their setting <option>sourceroute</option> option will have their setting
changes; the value assigned to the setting will be the value changed; the value assigned to the setting will be the value
specified (if any) or 1 if no value is given.</para> specified (if any) or 1 if no value is given.</para>
<para></para> <para></para>
@ -579,7 +579,7 @@ loc eth2 -</programlisting>
<listitem> <listitem>
<para>Suppose you have eth0 connected to a DSL modem and eth1 <para>Suppose you have eth0 connected to a DSL modem and eth1
connected to your local network and that your local subnet is connected to your local network and that your local subnet is
192.168.1.0/24. The interface gets it's IP address via DHCP from 192.168.1.0/24. The interface gets its IP address via DHCP from
subnet 206.191.149.192/27. You have a DMZ with subnet 192.168.2.0/24 subnet 206.191.149.192/27. You have a DMZ with subnet 192.168.2.0/24
using eth2.</para> using eth2.</para>

2
manpages/shorewall-masq.xml
View File

@ -409,7 +409,7 @@
<para>Only locally-generated connections will match if this column <para>Only locally-generated connections will match if this column
is non-empty.</para> is non-empty.</para>
<para>When this column is non-empty, the rule applies only if the <para>When this column is non-empty, the rule matches only if the
program generating the output is running under the effective program generating the output is running under the effective
<emphasis>user</emphasis> and/or <emphasis>group</emphasis> <emphasis>user</emphasis> and/or <emphasis>group</emphasis>
specified (or is NOT running under that id if "!" is given).</para> specified (or is NOT running under that id if "!" is given).</para>

2
manpages/shorewall-nat.xml
View File

@ -63,7 +63,7 @@
role="bold">:</emphasis>[<emphasis>digit</emphasis>]]</term> role="bold">:</emphasis>[<emphasis>digit</emphasis>]]</term>
<listitem> <listitem>
<para>Interfacees that have the <emphasis <para>Interfaces that have the <emphasis
role="bold">EXTERNAL</emphasis> address. If ADD_IP_ALIASES=Yes in role="bold">EXTERNAL</emphasis> address. If ADD_IP_ALIASES=Yes in
<ulink url="shorewall.conf.html">shorewall.conf</ulink>(5), <ulink url="shorewall.conf.html">shorewall.conf</ulink>(5),
Shorewall will automatically add the EXTERNAL address to this Shorewall will automatically add the EXTERNAL address to this

2
manpages/shorewall-netmap.xml
View File

@ -43,7 +43,7 @@
<para>Must be DNAT or SNAT.</para> <para>Must be DNAT or SNAT.</para>
<para>If DNAT, traffic entering INTERFACE and addressed to NET1 has <para>If DNAT, traffic entering INTERFACE and addressed to NET1 has
it's destination address rewritten to the corresponding address in its destination address rewritten to the corresponding address in
NET2.</para> NET2.</para>
<para>If SNAT, traffic leaving INTERFACE with a source address in <para>If SNAT, traffic leaving INTERFACE with a source address in

4
manpages/shorewall-policy.xml
View File

@ -41,7 +41,7 @@
<para>For $FW and for all of the zones defined in /etc/shorewall/zones, <para>For $FW and for all of the zones defined in /etc/shorewall/zones,
the POLICY for connections from the zone to itself is ACCEPT (with no the POLICY for connections from the zone to itself is ACCEPT (with no
logging or TCP connection rate limiting but may be overridden by an logging or TCP connection rate limiting) but may be overridden by an
entry in this file. The overriding entry must be explicit (cannot use entry in this file. The overriding entry must be explicit (cannot use
"all" in the SOURCE or DEST).</para> "all" in the SOURCE or DEST).</para>
@ -95,7 +95,7 @@
<listitem> <listitem>
<para>Policy if no match from the rules file is found.</para> <para>Policy if no match from the rules file is found.</para>
<para>If the policy is other than CONTINUE or NONE then the policy <para>If the policy is neither CONTINUE nor NONE then the policy
may be followed by ":" and one of the following:</para> may be followed by ":" and one of the following:</para>
<orderedlist numeration="loweralpha"> <orderedlist numeration="loweralpha">

2
manpages/shorewall-providers.xml
View File

@ -175,7 +175,7 @@
specified will get outbound traffic load-balanced among them. specified will get outbound traffic load-balanced among them.
By default, all interfaces with <option>balance</option> By default, all interfaces with <option>balance</option>
specified will have the same weight (1). You can change the specified will have the same weight (1). You can change the
weight of an interface by specifiying weight of an interface by specifying
<option>balance=</option><replaceable>weight</replaceable> <option>balance=</option><replaceable>weight</replaceable>
where <replaceable>weight</replaceable> is the weight of the where <replaceable>weight</replaceable> is the weight of the
route out of this interface.</para> route out of this interface.</para>

4
manpages/shorewall-proxyarp.xml
View File

@ -67,8 +67,8 @@
or <emphasis role="bold">yes</emphasis> in this column. Otherwise, or <emphasis role="bold">yes</emphasis> in this column. Otherwise,
enter <emphasis role="bold">no</emphasis> or <emphasis enter <emphasis role="bold">no</emphasis> or <emphasis
role="bold">No</emphasis> or leave the column empty and Shorewall role="bold">No</emphasis> or leave the column empty and Shorewall
will add the route for you. If Shorewall adds the route,the route will add the route for you. If Shorewall adds the route, its
will be persistent if the <emphasis persistence depends on the value of the<emphasis
role="bold">PERSISTENT</emphasis> column contains <emphasis role="bold">PERSISTENT</emphasis> column contains <emphasis
role="bold">Yes</emphasis>; otherwise, <emphasis role="bold">Yes</emphasis>; otherwise, <emphasis
role="bold">shorewall stop</emphasis> or <emphasis role="bold">shorewall stop</emphasis> or <emphasis

6
manpages/shorewall.conf.xml
View File

@ -68,7 +68,7 @@
(although it probably isn't installed by default). Ulogd is also available (although it probably isn't installed by default). Ulogd is also available
from <ulink from <ulink
url="http://www.netfilter.org/projects/ulogd/index.html">http://www.netfilter.org/projects/ulogd/index.html</ulink> url="http://www.netfilter.org/projects/ulogd/index.html">http://www.netfilter.org/projects/ulogd/index.html</ulink>
and can be configured to log all Shorewall message to their own log and can be configured to log all Shorewall messages to their own log
file</para> file</para>
<para>The following options may be set in shorewall.conf.</para> <para>The following options may be set in shorewall.conf.</para>
@ -262,7 +262,7 @@
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term> role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
<listitem> <listitem>
<para>If set, the behavior of the 'start' command is change; if no <para>If set, the behavior of the 'start' command is changed; if no
files in /etc/shorewall have been changed since the last successful files in /etc/shorewall have been changed since the last successful
<command>start</command> or <command>restart</command> command, then <command>start</command> or <command>restart</command> command, then
the compilation step is skipped and the compiled script that the compilation step is skipped and the compiled script that
@ -362,7 +362,7 @@
<listitem> <listitem>
<para>If this option is set to <emphasis role="bold">No</emphasis> <para>If this option is set to <emphasis role="bold">No</emphasis>
then Shorewall won't clear the current traffic control rules during then Shorewall won't clear the current traffic control rules during
[re]start. This setting is intended for use by people that prefer to [re]start. This setting is intended for use by people who prefer to
configure traffic shaping when the network interfaces come up rather configure traffic shaping when the network interfaces come up rather
than when the firewall is started. If that is what you want to do, than when the firewall is started. If that is what you want to do,
set TC_ENABLED=Yes and CLEAR_TC=No and do not supply an set TC_ENABLED=Yes and CLEAR_TC=No and do not supply an