Flesh out description of HELPER

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8755 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-23 08:03:11 +01:00 · 2008-10-06 19:52:59 +00:00 · 2008-10-06 19:52:59 +00:00 · bb3eda9845
commit bb3eda9845
parent fe8e1f4d1d
2 changed files with 11 additions and 2 deletions
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@ -1,6 +1,6 @@
 Changes in Shorewall 4.2.1

-1) Added CONNBYTES to tcrules manpage.
+1) Added CONNBYTES to tcrules manpage. Flesh out description of HELPER.

 2) Fixed minor CONNBYTES editing issue.

--- a/manpages/shorewall-tcrules.xml
+++ b/manpages/shorewall-tcrules.xml
@ -555,7 +555,16 @@
        <listitem>
          <para>Added in Shorewall-perl 4.2.0. Names a Netfiler protocol
          <firstterm>helper</firstterm> module such as <option>ftp</option>,
-          <option>sip</option>, <option>amanda</option>, etc.</para>
+          <option>sip</option>, <option>amanda</option>, etc. A packet will
+          match if it was accepted by the named helper module. You can also
+          append "-" and a port number to the helper module name (e.g.,
+          <emphasis role="bold">ftp-21</emphasis>) to specify the port number
+          that the original connection was made on.</para>
+
+          <para>Example: Mark all FTP data connections with mark
+          4:<programlisting>#MARK/    SOURCE    DEST      PROTO   PORT(S)    SOURCE  USER TEST LENGTH TOS CONNBYTES HELPER
+#CLASSIFY                                        PORT(S)
+4         0.0.0.0/0 0.0.0.0/0 TCP     -          -       -    -    -      -   -         ftp</programlisting></para>
        </listitem>
      </varlistentry>
    </variablelist>