mirror of
https://gitlab.com/shorewall/code.git
synced 2025-04-11 12:58:21 +02:00
More Shorewall-perl doc updates
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6784 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
4203808d1e
commit
9b8d097a6a
57
docs/FAQ.xml
57
docs/FAQ.xml
@ -1159,10 +1159,11 @@ DROP net fw udp 10619</programlisting>
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>You have a <ulink
|
<para>You have a <ulink
|
||||||
url="manpages/shorewall-policy.html">policy</ulink> that specifies a log
|
url="manpages/shorewall-policy.html">policy</ulink> that specifies
|
||||||
level and this packet is being logged under that policy. If you
|
a log level and this packet is being logged under that policy. If
|
||||||
intend to ACCEPT this traffic then you need a <ulink
|
you intend to ACCEPT this traffic then you need a <ulink
|
||||||
url="manpages/shorewall-rules.html">rule</ulink> to that effect.</para>
|
url="manpages/shorewall-rules.html">rule</ulink> to that
|
||||||
|
effect.</para>
|
||||||
|
|
||||||
<para>Beginning with Shorewall 3.3.3, packets logged out of these
|
<para>Beginning with Shorewall 3.3.3, packets logged out of these
|
||||||
chains may have a source and/or destination that is not in any
|
chains may have a source and/or destination that is not in any
|
||||||
@ -1181,8 +1182,8 @@ DROP net fw udp 10619</programlisting>
|
|||||||
role="bold"><zone1></emphasis> to <emphasis
|
role="bold"><zone1></emphasis> to <emphasis
|
||||||
role="bold"><zone2></emphasis> that specifies a log level
|
role="bold"><zone2></emphasis> that specifies a log level
|
||||||
and this packet is being logged under that policy or this packet
|
and this packet is being logged under that policy or this packet
|
||||||
matches a <ulink url="manpages/shorewall-rules.html">rule</ulink> that
|
matches a <ulink url="manpages/shorewall-rules.html">rule</ulink>
|
||||||
includes a log level.</para>
|
that includes a log level.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1212,31 +1213,6 @@ DROP net fw udp 10619</programlisting>
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>logpkt</term>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>The packet is being logged under the <emphasis
|
|
||||||
role="bold">logunclean</emphasis> <ulink
|
|
||||||
url="manpages/shorewall-interfaces.html">interface
|
|
||||||
option</ulink>.</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>badpkt</term>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>The packet is being logged under the <emphasis
|
|
||||||
role="bold">dropunclean</emphasis> <ulink
|
|
||||||
url="manpages/shorewall-interfaces.html">interface option</ulink> as
|
|
||||||
specified in the <emphasis role="bold">LOGUNCLEAN</emphasis>
|
|
||||||
setting in <ulink url="manpages/shorewall.conf.html">
|
|
||||||
<filename>/etc/shorewall/shorewall.conf</filename>
|
|
||||||
</ulink>.</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>blacklst</term>
|
<term>blacklst</term>
|
||||||
|
|
||||||
@ -1267,9 +1243,9 @@ DROP net fw udp 10619</programlisting>
|
|||||||
url="manpages/shorewall-hosts.html">/etc/shorewall/hosts</ulink>.</filename></para>
|
url="manpages/shorewall-hosts.html">/etc/shorewall/hosts</ulink>.</filename></para>
|
||||||
|
|
||||||
<para>In Shorewall 3.3.3 and later versions with OPTIMIZE=1 in
|
<para>In Shorewall 3.3.3 and later versions with OPTIMIZE=1 in
|
||||||
<ulink url="manpages/shorewall.conf.html">shorewall.conf</ulink>, such
|
<ulink url="manpages/shorewall.conf.html">shorewall.conf</ulink>,
|
||||||
packets may also be logged out of a <zone>2all chain or the
|
such packets may also be logged out of a <zone>2all chain or
|
||||||
all2all chain.</para>
|
the all2all chain.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1282,9 +1258,9 @@ DROP net fw udp 10619</programlisting>
|
|||||||
and look at the printed zone definitions).</para>
|
and look at the printed zone definitions).</para>
|
||||||
|
|
||||||
<para>In Shorewall 3.3.3 and later versions with OPTIMIZE=1 in
|
<para>In Shorewall 3.3.3 and later versions with OPTIMIZE=1 in
|
||||||
<ulink url="manpages/shorewall.conf.html">shorewall.conf</ulink>, such
|
<ulink url="manpages/shorewall.conf.html">shorewall.conf</ulink>,
|
||||||
packets may also be logged out of the fw2all chain or the all2all
|
such packets may also be logged out of the fw2all chain or the
|
||||||
chain.</para>
|
all2all chain.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1930,7 +1906,8 @@ iptables: Invalid argument
|
|||||||
modem in/out but still block all other rfc1918 addresses?</para>
|
modem in/out but still block all other rfc1918 addresses?</para>
|
||||||
|
|
||||||
<para><emphasis role="bold">Answer:</emphasis> Add the following to
|
<para><emphasis role="bold">Answer:</emphasis> Add the following to
|
||||||
<ulink url="manpages/shorewall-rfc1918.html">/etc/shorewall/rfc1918</ulink>
|
<ulink
|
||||||
|
url="manpages/shorewall-rfc1918.html">/etc/shorewall/rfc1918</ulink>
|
||||||
(Note: If you are running Shorewall 2.0.0 or later, you may need to
|
(Note: If you are running Shorewall 2.0.0 or later, you may need to
|
||||||
first copy <filename>/usr/share/shorewall/rfc1918</filename> to
|
first copy <filename>/usr/share/shorewall/rfc1918</filename> to
|
||||||
<filename>/etc/shorewall/rfc1918</filename>):</para>
|
<filename>/etc/shorewall/rfc1918</filename>):</para>
|
||||||
@ -2021,8 +1998,8 @@ ACCEPT loc modem tcp 80</programlisting>
|
|||||||
eth0 eth1 # eth1 = interface to local network</programlisting>
|
eth0 eth1 # eth1 = interface to local network</programlisting>
|
||||||
|
|
||||||
<para>For an example of this when the ADSL/Cable modem is bridged, see
|
<para>For an example of this when the ADSL/Cable modem is bridged, see
|
||||||
<ulink url="XenMyWay.html">my configuration</ulink>. In that case, I
|
<ulink url="XenMyWay-Routed.html">my configuration</ulink>. In that
|
||||||
masquerade using the IP address of my local interface!</para>
|
case, I masquerade using the IP address of my local interface!</para>
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
|||||||
@ -367,14 +367,11 @@ insert_rule $filter_table->{OUTPUT}, 1, "-p udp --sport 1701 -j ACCEPT";
|
|||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Currently, support for ipsets is only lightly tested (any
|
<para>Shorewall is now out of the ipset load/reload business. With
|
||||||
volunteers?). That will change with future pre-releases but one
|
scripts generated by the Perl-based Compiler, the Netfilter
|
||||||
thing is certain -- Shorewall is now out of the ipset load/reload
|
ruleset is never cleared. That means that there is no opportunity
|
||||||
business. With scripts generated by the Perl-based Compiler, the
|
for Shorewall to load/reload your ipsets since that cannot be done
|
||||||
Netfilter ruleset is never cleared. That means that there is no
|
while there are any current rules using ipsets.</para>
|
||||||
opportunity for Shorewall to load/reload your ipsets since that
|
|
||||||
cannot be done while there are any current rules using
|
|
||||||
ipsets.</para>
|
|
||||||
|
|
||||||
<para>So:</para>
|
<para>So:</para>
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user