From 9dfcca16dc7affcf2fdb83ca18ced93a4c301b9f Mon Sep 17 00:00:00 2001 From: teastep Date: Sun, 26 Aug 2007 15:14:54 +0000 Subject: [PATCH] More tweaking of action docs git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7229 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/Actions.xml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/docs/Actions.xml b/docs/Actions.xml index ccbd63eb2..70eb09cf0 100644 --- a/docs/Actions.xml +++ b/docs/Actions.xml @@ -46,9 +46,9 @@ Shorewall actions allow a symbolic name to be associated with a series of one or more iptables rules. The symbolic name may appear in the ACTION column of an /etc/shorewall/rules file - entry, in which case the traffic matching that rules file entry will be - passed to the series of iptables rules named by the action. + url="manpages/shorewall-rules.html">/etc/shorewall/rules + file entry, in which case the traffic matching that rules file entry will + be passed to the series of iptables rules named by the action. Actions can be thought of as templates. When an action is invoked in an /etc/shorewall/rules entry, it may be qualified by @@ -194,8 +194,8 @@ Reject:REJECT #Default Action for REJECT policy Debian users. This feature is broken in the Debian version 3.0.7 of Shorewall (and possibly in other versions). The file - /usr/share/shorewall/Limit was inadvertently dropped - from the .deb. That file may be obtained from /usr/share/shorewall/Limit was inadvertently + dropped from the .deb. That file may be obtained from Shorewall SVN and installed manually. @@ -744,10 +744,12 @@ acton:info:test $FW net using Shorewall-shell:
- /etc/shorewall/DropBcastsrun_iptables -A DropBcasts -m pkttype --pkttype broadcast -j DROP + /etc/shorewall/DropBcasts[ -n "$LEVEL" ] && log_rule_limit $LEVEL $CHAIN DropBcasts DROP "" "$TAG" -A +run_iptables -A DropBcasts -m pkttype --pkttype broadcast -j DROP
When using Shorewall-Perl:
/etc/shorewall/DropBcastsuse Shorewall::Chains; +log_rule_limit( $level, $chainref, 'DropBcasts', 'DROP', '', $tag, 'add', '' ) if $level ne ''; add_rule( $chainref, '-m pkttype --pkttype broadcast -j DROP' ); 1; @@ -757,4 +759,4 @@ add_rule( $chainref, '-m pkttype --pkttype broadcast -j DROP' ); For a richer example, see this article. - + \ No newline at end of file