extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-05-20 08:01:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update the Macros article

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2018-02-05 16:56:28 -08:00
parent 8ea9d0bbef
commit 99ddb17c9e
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
1 changed files with 19 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
docs/Macros.xml
View File

@ -102,6 +102,14 @@ PARAM - - tcp 135,139,445</programlisting>
somewhere else on your CONFIG_PATH) and modify the copy.</para> somewhere else on your CONFIG_PATH) and modify the copy.</para>
</listitem> </listitem>
<listitem>
<para>You can see a list of the Standard Macros in your version of
Shorewall using the <command>shorewall show macros</command> command.
You can see the contents of the file
macro.<replaceable>name</replaceable> by typing <command>shorewall
show macro <replaceable>name</replaceable></command>.</para>
</listitem>
<listitem> <listitem>
<para>User-defined Macros. These macros are created by end-users. They <para>User-defined Macros. These macros are created by end-users. They
are defined in macro.* files in /etc/shorewall or in another directory are defined in macro.* files in /etc/shorewall or in another directory
@ -796,19 +804,20 @@ bar:debug</programlisting>
<orderedlist> <orderedlist>
<listitem> <listitem>
<para>You can not associate an Extension Script with a macro <ulink <para>Embedded Perl is <ulink url="???">much more useful in an
url="Actions.html#Extension">the way that you can with an action</ulink> than it is in a macro. So if you need access to
Action</ulink>. So if you need access to iptables features not iptables features not directly supported by Shorewall then you should
directly supported by Shorewall then you must use an action.</para> use an action.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Macros are expanded in-line while each action is its own chain. <para>Macros are expanded in-line while each action (that doesn't
So if there are a lot of rules involved in your new action/macro then specify the inline option) is its own chain. So if there are a lot of
it is generally better to use an action than a macro. Only the packets rules involved in your new action/macro then it is generally better to
selected when you invoke the action are directed to the corresponding use an action than a macro. Only the packets selected when you invoke
chain. On the other hand, if there are only one or two rules involved the action are directed to the corresponding chain. On the other hand,
in what you want to do then a macro is more efficient.</para> if there are only one or two rules involved in what you want to do
then a macro is more efficient.</para>
</listitem> </listitem>
</orderedlist> </orderedlist>