Document filter priority algorithm

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-12-22 22:30:58 +01:00 · 2012-09-13 16:31:39 -07:00 · 2012-09-13 16:31:39 -07:00 · a581958042
commit a581958042
parent e0f85edab3
2 changed files with 52 additions and 3 deletions
--- a/Shorewall/manpages/shorewall-tcfilters.xml
+++ b/Shorewall/manpages/shorewall-tcfilters.xml
@ -198,7 +198,32 @@
          <para>Added in Shorewall 4.5.8. Specifies the rule
          <replaceable>priority</replaceable>. If not given,
          <replaceable>priority</replaceable> 10 is assumed. The
-          <replaceable>priority</replaceable> value must be &gt; 0.</para>
+          <replaceable>priority</replaceable> value must be &gt; 0 and &lt;=
+          65535.</para>
+
+          <para>When a <replaceable>priority</replaceable> is not
+          given:</para>
+
+          <itemizedlist>
+            <listitem>
+              <para>For Shorewall versions prior to 4.5.8, all filters have
+              priority 10.</para>
+            </listitem>
+
+            <listitem>
+              <para>For Shorewall 4.5.8 and later, the compiler maintains a
+              <firstterm>high-water priority</firstterm> that has an initial
+              value of 1. When a filter has no
+              <replaceable>priority</replaceable>, the high-water priority is
+              assigned to the filter and the high-wanter priority is
+              incremented by 1. When a <replaceable>priority</replaceable>
+              greater than or equal than the high-water priority is entered in
+              this column, the high-water priority is set to the specified
+              <replaceable>priority</replaceable> plus 1. An attempt to assign
+              a priority value greater than 65535 (explicitly or implicitly),
+              an error is raised.</para>
+            </listitem>
+          </itemizedlist>

          <para>The default priority values used by other Shorewall-generated
          filters are as follows:</para>
--- a/Shorewall6/manpages/shorewall6-tcfilters.xml
+++ b/Shorewall6/manpages/shorewall6-tcfilters.xml
@ -192,8 +192,32 @@

        <listitem>
          <para>Added in Shorewall 4.5.8. Specifies the rule priority. If not
-          given, priority 11 is assumed. The priority value must be &gt;
-          0.</para>
+          given, priority 11 is assumed. The priority value must be &gt; 0 and
+          &lt;= 65535.</para>
+
+          <para>When a <replaceable>priority</replaceable> is not
+          given:</para>
+
+          <itemizedlist>
+            <listitem>
+              <para>For Shorewall versions prior to 4.5.8, all filters have
+              priority 11.</para>
+            </listitem>
+
+            <listitem>
+              <para>For Shorewall 4.5.8 and later, the compiler maintains a
+              <firstterm>high-water priority</firstterm> that has an initial
+              value of 1. When a filter has no
+              <replaceable>priority</replaceable>, the high-water priority is
+              assigned to the filter and the high-wanter priority is
+              incremented by 1. When a <replaceable>priority</replaceable>
+              greater than or equal than the high-water priority is entered in
+              this column, the high-water priority is set to the specified
+              <replaceable>priority</replaceable> plus 1. An attempt to assign
+              a priority value greater than 65535 (explicitly or implicitly),
+              an error is raised.</para>
+            </listitem>
+          </itemizedlist>

          <para>The default priority values used by other Shorewall-generated
          filters are as follows:</para>