extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-24 19:51:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update interfaces manpage

Browse Source
This commit is contained in:
Tom Eastep 2009-08-28 13:45:00 -07:00
parent 5db7e77462
commit a62d86aca7
3 changed files with 41 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Shorewall/releasenotes.txt
View File

@ -173,7 +173,8 @@ Shorewall 4.4.1
rules at the end of the INPUT and OUTPUT chains would still use the rules at the end of the INPUT and OUTPUT chains would still use the
LOG target rather than ULOG. LOG target rather than ULOG.
2) Using CONTINUE policies with a nested IPSEC zone was still broken. 2) Using CONTINUE policies with a nested IPSEC zone was still broken
in some cases.
3) The setting of IP_FORWARDING has been change to Off in the 3) The setting of IP_FORWARDING has been change to Off in the
one-interface sample configuration since forwarding is typically one-interface sample configuration since forwarding is typically
@ -216,13 +217,14 @@ None.
accepts all SNAT flags without verifying them and returns them to accepts all SNAT flags without verifying them and returns them to
iptables when asked. iptables when asked.
2) A 'clean' target has been added to the Makefiles. 2) A 'clean' target has been added to the Makefiles. It removes backup
files (*~ and .*~).
3) The meaning of 'full' has been redefined when used in the context 3) The meaning of 'full' has been redefined when used in the context
of a sub-class. Previously, 'full' always meant the OUT-BANDWIDTH of a traffic shaping sub-class. Previously, 'full' always meant the
of the device. In the case of a sub-class, however, that definition OUT-BANDWIDTH of the device. In the case of a sub-class, however,
is awkward to use because the sub-class is limited by the parent that definition is awkward to use because the sub-class is limited
class. by the parent class.
Beginning with this release, 'full' in a sub-class definition Beginning with this release, 'full' in a sub-class definition
refers to the specified rate defined for the parent class. So refers to the specified rate defined for the parent class. So

29
manpages/shorewall-interfaces.xml
View File

@ -120,15 +120,17 @@ loc eth2 -</programlisting>
role="bold">detect</emphasis>|<emphasis>address</emphasis>[,<emphasis>address</emphasis>]...}</term> role="bold">detect</emphasis>|<emphasis>address</emphasis>[,<emphasis>address</emphasis>]...}</term>
<listitem> <listitem>
<para>The broadcast address(es) for the network(s) to which the
interface belongs. For P-T-P interfaces, this column is left blank.
If the interface has multiple addresses on multiple subnets then
list the broadcast addresses as a comma-separated list.</para>
<para>If you use the special value <emphasis <para>If you use the special value <emphasis
role="bold">detect</emphasis>, Shorewall will detect the broadcast role="bold">detect</emphasis>, Shorewall will detect the broadcast
address(es) for you. If you select this option, the interface must address(es) for you if your iptables and kernel include Address Type
be up before the firewall is started.</para> Match support. </para>
<para>If your iptables and/or kernel lack Address Type Match support
then you may list the broadcast address(es) for the network(s) to
which the interface belongs. For P-T-P interfaces, this column is
left blank. If the interface has multiple addresses on multiple
subnets then list the broadcast addresses as a comma-separated
list.</para>
<para>If you don't want to give a value for this column but you want <para>If you don't want to give a value for this column but you want
to enter a value in the OPTIONS column, enter <emphasis to enter a value in the OPTIONS column, enter <emphasis
@ -347,6 +349,19 @@ loc eth2 -</programlisting>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis
role="bold">nets=(<emphasis>net</emphasis>[,...])</emphasis></term>
<listitem>
<para>Limit the zone named in the ZONE column to only the
listed networks. The parentheses may be omitted if only a
single <replaceable>net</replaceable> is given (e.g.,
nets=192.168.1.0/24). Limited broadcast is supported on the
interface.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">nosmurfs</emphasis></term> <term><emphasis role="bold">nosmurfs</emphasis></term>

11
manpages6/shorewall6-interfaces.xml
View File

@ -142,6 +142,17 @@ loc eth2 -</programlisting>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis
role="bold">nets=(<emphasis>net</emphasis>[,...])</emphasis></term>
<listitem>
<para>Limit the zone named in the ZONE column to only the
listed networks. The parentheses may be omitted if only a
single <replaceable>net</replaceable> is given.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">optional</emphasis></term> <term><emphasis role="bold">optional</emphasis></term>