extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-22 06:10:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

More tweaking of action docs

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7229 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-08-26 15:14:54 +00:00
parent 5f6596a728
commit 9dfcca16dc
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docs/Actions.xml
View File

@ -46,9 +46,9 @@
<para>Shorewall actions allow a symbolic name to be associated with a
series of one or more iptables rules. The symbolic name may appear in the
ACTION column of an <filename><ulink
url="manpages/shorewall-rules.html">/etc/shorewall/rules</ulink></filename> file
entry, in which case the traffic matching that rules file entry will be
passed to the series of iptables rules named by the action.</para>
url="manpages/shorewall-rules.html">/etc/shorewall/rules</ulink></filename>
file entry, in which case the traffic matching that rules file entry will
be passed to the series of iptables rules named by the action.</para>
<para>Actions can be thought of as templates. When an action is invoked in
an <filename>/etc/shorewall/rules</filename> entry, it may be qualified by
@ -194,8 +194,8 @@ Reject:REJECT #Default Action for REJECT policy</programlisting>
<important>
<para>Debian users. This feature is broken in the Debian version 3.0.7
of Shorewall (and possibly in other versions). The file
<filename>/usr/share/shorewall/Limit</filename> was inadvertently dropped
from the .deb. That file may be obtained from <ulink
<filename>/usr/share/shorewall/Limit</filename> was inadvertently
dropped from the .deb. That file may be obtained from <ulink
url="http://shorewall.svn.sourceforge.net/viewvc/*checkout*/shorewall/tags/3.0.7/Shorewall/Limit?revision=3888">Shorewall
SVN</ulink> and installed manually.</para>
</important>
@ -744,10 +744,12 @@ acton:info:test $FW net</programlisting>
using Shorewall-shell:</para>
<para><blockquote>
<para>/etc/shorewall/DropBcasts<programlisting>run_iptables -A DropBcasts -m pkttype --pkttype broadcast -j DROP</programlisting></para>
<para>/etc/shorewall/DropBcasts<programlisting>[ -n "$LEVEL" ] &amp;&amp; log_rule_limit $LEVEL $CHAIN DropBcasts DROP "" "$TAG" -A
run_iptables -A DropBcasts -m pkttype --pkttype broadcast -j DROP</programlisting></para>
</blockquote>When using Shorewall-Perl:<blockquote>
<para>/etc/shorewall/DropBcasts<programlisting>use Shorewall::Chains;
log_rule_limit( $level, $chainref, 'DropBcasts', 'DROP', '', $tag, 'add', '' ) if $level ne '';
add_rule( $chainref, '-m pkttype --pkttype broadcast -j DROP' );
1;</programlisting></para>
@ -757,4 +759,4 @@ add_rule( $chainref, '-m pkttype --pkttype broadcast -j DROP' );
<para>For a richer example, see <ulink url="PortKnocking.html">this
article</ulink>.</para>
</section>
</article>
</article>