extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-19 08:07:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

More tweaking of action docs

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7229 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-08-26 15:14:54 +00:00
parent 5f6596a728
commit 9dfcca16dc
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
docs/Actions.xml
View File

@ -46,9 +46,9 @@
<para>Shorewall actions allow a symbolic name to be associated with a <para>Shorewall actions allow a symbolic name to be associated with a
series of one or more iptables rules. The symbolic name may appear in the series of one or more iptables rules. The symbolic name may appear in the
ACTION column of an <filename><ulink ACTION column of an <filename><ulink
url="manpages/shorewall-rules.html">/etc/shorewall/rules</ulink></filename> file url="manpages/shorewall-rules.html">/etc/shorewall/rules</ulink></filename>
entry, in which case the traffic matching that rules file entry will be file entry, in which case the traffic matching that rules file entry will
passed to the series of iptables rules named by the action.</para> be passed to the series of iptables rules named by the action.</para>
<para>Actions can be thought of as templates. When an action is invoked in <para>Actions can be thought of as templates. When an action is invoked in
an <filename>/etc/shorewall/rules</filename> entry, it may be qualified by an <filename>/etc/shorewall/rules</filename> entry, it may be qualified by
@ -194,8 +194,8 @@ Reject:REJECT #Default Action for REJECT policy</programlisting>
<important> <important>
<para>Debian users. This feature is broken in the Debian version 3.0.7 <para>Debian users. This feature is broken in the Debian version 3.0.7
of Shorewall (and possibly in other versions). The file of Shorewall (and possibly in other versions). The file
<filename>/usr/share/shorewall/Limit</filename> was inadvertently dropped <filename>/usr/share/shorewall/Limit</filename> was inadvertently
from the .deb. That file may be obtained from <ulink dropped from the .deb. That file may be obtained from <ulink
url="http://shorewall.svn.sourceforge.net/viewvc/*checkout*/shorewall/tags/3.0.7/Shorewall/Limit?revision=3888">Shorewall url="http://shorewall.svn.sourceforge.net/viewvc/*checkout*/shorewall/tags/3.0.7/Shorewall/Limit?revision=3888">Shorewall
SVN</ulink> and installed manually.</para> SVN</ulink> and installed manually.</para>
</important> </important>
@ -744,10 +744,12 @@ acton:info:test $FW net</programlisting>
using Shorewall-shell:</para> using Shorewall-shell:</para>
<para><blockquote> <para><blockquote>
<para>/etc/shorewall/DropBcasts<programlisting>run_iptables -A DropBcasts -m pkttype --pkttype broadcast -j DROP</programlisting></para> <para>/etc/shorewall/DropBcasts<programlisting>[ -n "$LEVEL" ] &amp;&amp; log_rule_limit $LEVEL $CHAIN DropBcasts DROP "" "$TAG" -A
run_iptables -A DropBcasts -m pkttype --pkttype broadcast -j DROP</programlisting></para>
</blockquote>When using Shorewall-Perl:<blockquote> </blockquote>When using Shorewall-Perl:<blockquote>
<para>/etc/shorewall/DropBcasts<programlisting>use Shorewall::Chains; <para>/etc/shorewall/DropBcasts<programlisting>use Shorewall::Chains;
log_rule_limit( $level, $chainref, 'DropBcasts', 'DROP', '', $tag, 'add', '' ) if $level ne '';
add_rule( $chainref, '-m pkttype --pkttype broadcast -j DROP' ); add_rule( $chainref, '-m pkttype --pkttype broadcast -j DROP' );
1;</programlisting></para> 1;</programlisting></para>