mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 06:38:53 +01:00
Document IPv6 Dynamic Zones
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
119d38c92b
commit
c112f2381e
@ -210,6 +210,11 @@ webok eth0:dynamic</programlisting>
|
||||
ipset, such as <firstterm>macipmap</firstterm>, then you will want to
|
||||
manually create that ipset yourself before the next Shorewall
|
||||
start/restart.</para>
|
||||
|
||||
<para>The dynamic zone capability was added to Shorewall6 in Shorewall
|
||||
4.4.21. One limitation of that support is that you may not have an ipv6
|
||||
dynamic zone with the same name and same interface as an ipv4 dynamic
|
||||
zone.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
|
@ -62,7 +62,8 @@
|
||||
<term><emphasis role="bold">HOST(S)</emphasis> -
|
||||
<emphasis>interface</emphasis>:{[{<emphasis>address-or-range</emphasis>[<emphasis
|
||||
role="bold">,</emphasis><emphasis>address-or-range</emphasis>]...|<emphasis
|
||||
role="bold">+</emphasis><emphasis>ipset</emphasis>}[<emphasis>exclusion</emphasis>]</term>
|
||||
role="bold">+</emphasis><emphasis>ipset</emphasis>|<emphasis
|
||||
role="bold">dynamic</emphasis>}[<emphasis>exclusion</emphasis>]</term>
|
||||
|
||||
<listitem>
|
||||
<para>The name of an interface defined in the <ulink
|
||||
@ -89,6 +90,19 @@
|
||||
<listitem>
|
||||
<para>The name of an <emphasis>ipset</emphasis>.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>The word <option>dynamic</option> which makes the zone
|
||||
dynamic in that you can use the <command>shorewall add</command>
|
||||
and <command>shorewall delete</command> commands to change to
|
||||
composition of the zone.</para>
|
||||
|
||||
<warning>
|
||||
<para>You can not have a dynamic ipv6 zone with the same
|
||||
<replaceable>zone-name</replaceable> and
|
||||
<replaceable>interface</replaceable>.</para>
|
||||
</warning>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
<blockquote>
|
||||
|
@ -407,6 +407,12 @@ loc eth2 -</programlisting>
|
||||
<ulink
|
||||
url="http://www.shorewall.net/Dynamic.html">http://www.shorewall.net/Dynamic.html</ulink>
|
||||
for further information.</para>
|
||||
|
||||
<warning>
|
||||
<para>You may not have an ipv6 dynamic zone with the same
|
||||
<replaceable>zone-name</replaceable> and
|
||||
<replaceable>interface</replaceable>.</para>
|
||||
</warning>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -90,6 +90,20 @@
|
||||
<listitem>
|
||||
<para>The name of an <emphasis>ipset</emphasis>.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>The word <option>dynamic</option> which makes the zone
|
||||
dynamic in that you can use the <command>shorewall add</command>
|
||||
and <command>shorewall delete</command> commands to change to
|
||||
composition of the zone. This capability was added in Shorewall
|
||||
4.4.21.</para>
|
||||
|
||||
<warning>
|
||||
<para>You can not have a dynamic ipv4 zone with the
|
||||
same<replaceable> zone-name</replaceable> and<replaceable>
|
||||
interface</replaceable>.</para>
|
||||
</warning>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
<blockquote>
|
||||
|
@ -236,6 +236,24 @@ loc eth2 -</programlisting>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">nets=dynamic</emphasis></term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.4.21. Defines the zone as
|
||||
<firstterm>dynamic</firstterm>. Requires ipset match support
|
||||
in your iptables and kernel. See <ulink
|
||||
url="http://www.shorewall.net/Dynamic.html">http://www.shorewall.net/Dynamic.html</ulink>
|
||||
for further information.</para>
|
||||
|
||||
<warning>
|
||||
<para>You may not have an ipv4 dynamic zone with the same
|
||||
<replaceable>zone-name</replaceable> and
|
||||
<replaceable>interface</replaceable>.</para>
|
||||
</warning>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">optional</emphasis></term>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user