extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-26 09:33:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update interfaces manpage

Browse Source
This commit is contained in:
Tom Eastep 2009-08-28 13:45:00 -07:00
parent 5db7e77462
commit a62d86aca7
3 changed files with 41 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Shorewall/releasenotes.txt
View File

@ -173,7 +173,8 @@ Shorewall 4.4.1
rules at the end of the INPUT and OUTPUT chains would still use the
LOG target rather than ULOG.
2) Using CONTINUE policies with a nested IPSEC zone was still broken.
2) Using CONTINUE policies with a nested IPSEC zone was still broken
in some cases.
3) The setting of IP_FORWARDING has been change to Off in the
one-interface sample configuration since forwarding is typically
@ -216,13 +217,14 @@ None.
accepts all SNAT flags without verifying them and returns them to
iptables when asked.
2) A 'clean' target has been added to the Makefiles.
2) A 'clean' target has been added to the Makefiles. It removes backup
files (*~ and .*~).
3) The meaning of 'full' has been redefined when used in the context
of a sub-class. Previously, 'full' always meant the OUT-BANDWIDTH
of the device. In the case of a sub-class, however, that definition
is awkward to use because the sub-class is limited by the parent
class.
of a traffic shaping sub-class. Previously, 'full' always meant the
OUT-BANDWIDTH of the device. In the case of a sub-class, however,
that definition is awkward to use because the sub-class is limited
by the parent class.
Beginning with this release, 'full' in a sub-class definition
refers to the specified rate defined for the parent class. So

29
manpages/shorewall-interfaces.xml
View File

@ -120,15 +120,17 @@ loc eth2 -</programlisting>
role="bold">detect</emphasis>|<emphasis>address</emphasis>[,<emphasis>address</emphasis>]...}</term>
<listitem>
<para>The broadcast address(es) for the network(s) to which the
interface belongs. For P-T-P interfaces, this column is left blank.
If the interface has multiple addresses on multiple subnets then
list the broadcast addresses as a comma-separated list.</para>
<para>If you use the special value <emphasis
role="bold">detect</emphasis>, Shorewall will detect the broadcast
address(es) for you. If you select this option, the interface must
be up before the firewall is started.</para>
address(es) for you if your iptables and kernel include Address Type
Match support. </para>
<para>If your iptables and/or kernel lack Address Type Match support
then you may list the broadcast address(es) for the network(s) to
which the interface belongs. For P-T-P interfaces, this column is
left blank. If the interface has multiple addresses on multiple
subnets then list the broadcast addresses as a comma-separated
list.</para>
<para>If you don't want to give a value for this column but you want
to enter a value in the OPTIONS column, enter <emphasis
@ -347,6 +349,19 @@ loc eth2 -</programlisting>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis
role="bold">nets=(<emphasis>net</emphasis>[,...])</emphasis></term>
<listitem>
<para>Limit the zone named in the ZONE column to only the
listed networks. The parentheses may be omitted if only a
single <replaceable>net</replaceable> is given (e.g.,
nets=192.168.1.0/24). Limited broadcast is supported on the
interface.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">nosmurfs</emphasis></term>

11
manpages6/shorewall6-interfaces.xml
View File

@ -142,6 +142,17 @@ loc eth2 -</programlisting>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis
role="bold">nets=(<emphasis>net</emphasis>[,...])</emphasis></term>
<listitem>
<para>Limit the zone named in the ZONE column to only the
listed networks. The parentheses may be omitted if only a
single <replaceable>net</replaceable> is given.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">optional</emphasis></term>