mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 06:38:53 +01:00
Update samples with latest documentary comments
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2894 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
4d1f687d08
commit
a4dc2b8af9
@ -113,28 +113,7 @@
|
||||
# sub-networking as described at:
|
||||
# http://www.tldp.org/HOWTO/mini/Proxy-ARP-Subnet
|
||||
#
|
||||
# newnotsyn - TCP packets that don't have the SYN
|
||||
# flag set and which are not part of an
|
||||
# established connection will be accepted
|
||||
# from this interface, even if
|
||||
# NEWNOTSYN=No has been specified in
|
||||
# /etc/shorewall/shorewall.conf. In other
|
||||
# words, packets coming in on this
|
||||
# interface are processed as if
|
||||
# NEWNOTSYN=Yes had been specified in
|
||||
# /etc/shorewall/shorewall.conf.
|
||||
#
|
||||
# This option has no effect if
|
||||
# NEWNOTSYN=Yes.
|
||||
#
|
||||
# It is the opinion of the author that
|
||||
# NEWNOTSYN=No creates more problems than
|
||||
# it solves and I recommend against using
|
||||
# that setting in shorewall.conf (hence
|
||||
# making the use of the 'newnotsyn'
|
||||
# interface option unnecessary).
|
||||
#
|
||||
# routeback - If specified, indicates that Shorewall
|
||||
routeback - If specified, indicates that Shorewall
|
||||
# should include rules that allow
|
||||
# filtering traffic arriving on this
|
||||
# interface back out that same interface.
|
||||
|
@ -115,9 +115,16 @@
|
||||
# <action> -- The name of an action defined in
|
||||
# /etc/shorewall/actions or in
|
||||
# /usr/share/shorewall/actions.std.
|
||||
#
|
||||
# <macro> -- The name of a macro defined in a
|
||||
# file named macro.<macro-name>.
|
||||
# <macro> -- The name of a macro defined in a
|
||||
# file named macro.<macro-name>. If
|
||||
# the macro accepts an action
|
||||
# parameter (Look at the macro
|
||||
# source to see if it has PARAM in
|
||||
# the TARGET column) then the macro
|
||||
# name is followed by "/" and the
|
||||
# action (ACCEPT, DROP, REJECT, ...)
|
||||
# to be substituted for the
|
||||
# parameter. Example: FTP/ACCEPT.
|
||||
#
|
||||
# The ACTION may optionally be followed
|
||||
# by ":" and a syslog log level (e.g, REJECT:info or
|
||||
@ -262,8 +269,9 @@
|
||||
# request should be redirected to.
|
||||
#
|
||||
# PROTO Protocol - Must be "tcp", "udp", "icmp", "ipp2p",
|
||||
# a number, or "all". "ipp2p" requires ipp2p match
|
||||
# support in your kernel and iptables.
|
||||
# "ipp2p:udp", "ipp2p:all" a number, or "all".
|
||||
# "ipp2p*" requires ipp2p match support in your kernel
|
||||
# and iptables.
|
||||
#
|
||||
# DEST PORT(S) Destination Ports. A comma-separated list of Port
|
||||
# names (from /etc/services), port numbers or port
|
||||
|
@ -113,27 +113,6 @@
|
||||
# sub-networking as described at:
|
||||
# http://www.tldp.org/HOWTO/mini/Proxy-ARP-Subnet
|
||||
#
|
||||
# newnotsyn - TCP packets that don't have the SYN
|
||||
# flag set and which are not part of an
|
||||
# established connection will be accepted
|
||||
# from this interface, even if
|
||||
# NEWNOTSYN=No has been specified in
|
||||
# /etc/shorewall/shorewall.conf. In other
|
||||
# words, packets coming in on this
|
||||
# interface are processed as if
|
||||
# NEWNOTSYN=Yes had been specified in
|
||||
# /etc/shorewall/shorewall.conf.
|
||||
#
|
||||
# This option has no effect if
|
||||
# NEWNOTSYN=Yes.
|
||||
#
|
||||
# It is the opinion of the author that
|
||||
# NEWNOTSYN=No creates more problems than
|
||||
# it solves and I recommend against using
|
||||
# that setting in shorewall.conf (hence
|
||||
# making the use of the 'newnotsyn'
|
||||
# interface option unnecessary).
|
||||
#
|
||||
# routeback - If specified, indicates that Shorewall
|
||||
# should include rules that allow
|
||||
# filtering traffic arriving on this
|
||||
|
@ -115,9 +115,16 @@
|
||||
# <action> -- The name of an action defined in
|
||||
# /etc/shorewall/actions or in
|
||||
# /usr/share/shorewall/actions.std.
|
||||
#
|
||||
# <macro> -- The name of a macro defined in a
|
||||
# file named macro.<macro-name>.
|
||||
# <macro> -- The name of a macro defined in a
|
||||
# file named macro.<macro-name>. If
|
||||
# the macro accepts an action
|
||||
# parameter (Look at the macro
|
||||
# source to see if it has PARAM in
|
||||
# the TARGET column) then the macro
|
||||
# name is followed by "/" and the
|
||||
# action (ACCEPT, DROP, REJECT, ...)
|
||||
# to be substituted for the
|
||||
# parameter. Example: FTP/ACCEPT.
|
||||
#
|
||||
# The ACTION may optionally be followed
|
||||
# by ":" and a syslog log level (e.g, REJECT:info or
|
||||
@ -262,8 +269,9 @@
|
||||
# request should be redirected to.
|
||||
#
|
||||
# PROTO Protocol - Must be "tcp", "udp", "icmp", "ipp2p",
|
||||
# a number, or "all". "ipp2p" requires ipp2p match
|
||||
# support in your kernel and iptables.
|
||||
# "ipp2p:udp", "ipp2p:all" a number, or "all".
|
||||
# "ipp2p*" requires ipp2p match support in your kernel
|
||||
# and iptables.
|
||||
#
|
||||
# DEST PORT(S) Destination Ports. A comma-separated list of Port
|
||||
# names (from /etc/services), port numbers or port
|
||||
|
@ -113,27 +113,6 @@
|
||||
# sub-networking as described at:
|
||||
# http://www.tldp.org/HOWTO/mini/Proxy-ARP-Subnet
|
||||
#
|
||||
# newnotsyn - TCP packets that don't have the SYN
|
||||
# flag set and which are not part of an
|
||||
# established connection will be accepted
|
||||
# from this interface, even if
|
||||
# NEWNOTSYN=No has been specified in
|
||||
# /etc/shorewall/shorewall.conf. In other
|
||||
# words, packets coming in on this
|
||||
# interface are processed as if
|
||||
# NEWNOTSYN=Yes had been specified in
|
||||
# /etc/shorewall/shorewall.conf.
|
||||
#
|
||||
# This option has no effect if
|
||||
# NEWNOTSYN=Yes.
|
||||
#
|
||||
# It is the opinion of the author that
|
||||
# NEWNOTSYN=No creates more problems than
|
||||
# it solves and I recommend against using
|
||||
# that setting in shorewall.conf (hence
|
||||
# making the use of the 'newnotsyn'
|
||||
# interface option unnecessary).
|
||||
#
|
||||
# routeback - If specified, indicates that Shorewall
|
||||
# should include rules that allow
|
||||
# filtering traffic arriving on this
|
||||
|
@ -115,9 +115,16 @@
|
||||
# <action> -- The name of an action defined in
|
||||
# /etc/shorewall/actions or in
|
||||
# /usr/share/shorewall/actions.std.
|
||||
#
|
||||
# <macro> -- The name of a macro defined in a
|
||||
# file named macro.<macro-name>.
|
||||
# <macro> -- The name of a macro defined in a
|
||||
# file named macro.<macro-name>. If
|
||||
# the macro accepts an action
|
||||
# parameter (Look at the macro
|
||||
# source to see if it has PARAM in
|
||||
# the TARGET column) then the macro
|
||||
# name is followed by "/" and the
|
||||
# action (ACCEPT, DROP, REJECT, ...)
|
||||
# to be substituted for the
|
||||
# parameter. Example: FTP/ACCEPT.
|
||||
#
|
||||
# The ACTION may optionally be followed
|
||||
# by ":" and a syslog log level (e.g, REJECT:info or
|
||||
@ -262,8 +269,9 @@
|
||||
# request should be redirected to.
|
||||
#
|
||||
# PROTO Protocol - Must be "tcp", "udp", "icmp", "ipp2p",
|
||||
# a number, or "all". "ipp2p" requires ipp2p match
|
||||
# support in your kernel and iptables.
|
||||
# "ipp2p:udp", "ipp2p:all" a number, or "all".
|
||||
# "ipp2p*" requires ipp2p match support in your kernel
|
||||
# and iptables.
|
||||
#
|
||||
# DEST PORT(S) Destination Ports. A comma-separated list of Port
|
||||
# names (from /etc/services), port numbers or port
|
||||
|
Loading…
Reference in New Issue
Block a user