mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-26 17:43:15 +01:00
Update man pages to allow interface name in DEST column of notrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net> git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9832 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
7d2b410904
commit
c8b48a9bbd
@ -56,13 +56,40 @@
|
|||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>DEST ‒ [<replaceable>address-list</replaceable>]</term>
|
<term>DEST ‒
|
||||||
|
[<replaceable>interface</replaceable>|<replaceable>address-list</replaceable>]</term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>where <replaceable>address-list</replaceable> is a
|
<para>where <replaceable>interface</replaceable> is the name of a
|
||||||
|
network interface and <replaceable>address-list</replaceable> is a
|
||||||
comma-separated list of addresses (may contain exclusion - see
|
comma-separated list of addresses (may contain exclusion - see
|
||||||
<ulink url="shorewall-exclusion.html">shorewall-exclusion</ulink>
|
<ulink url="shorewall-exclusion.html">shorewall-exclusion</ulink>
|
||||||
(5)).</para>
|
(5)). If an interface is given:</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>It must be up and configured with an IPv4 address when
|
||||||
|
Shorewall is started or restarted.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>All routes out of the interface must be configured when
|
||||||
|
Shorewall is started or restarted.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Default routes out of the interface will result in a
|
||||||
|
warning message and will be ignored.</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
<para>These restrictions are because Netfilter doesn't support
|
||||||
|
NOTRACK rules that specify a destination interface (these rules are
|
||||||
|
applied before packets are routed and hence the destination
|
||||||
|
interface is unknown). Shorewall uses the routes out of the
|
||||||
|
interface to replace the interface with an address list
|
||||||
|
corresponding to the networks routed out of the named
|
||||||
|
interface.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
@ -48,13 +48,31 @@
|
|||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>DEST ‒ [<replaceable>address-list</replaceable>]</term>
|
<term>DEST ‒
|
||||||
|
[<replaceable>interface</replaceable>|<replaceable>address-list</replaceable>]</term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>where <replaceable>address-list</replaceable> is a
|
<para>where <replaceable>address-list</replaceable> is a
|
||||||
comma-separated list of addresses (may contain exclusion - see
|
comma-separated list of addresses (may contain exclusion - see
|
||||||
<ulink url="shorewall-exclusion.html">shorewall6-exclusion</ulink>
|
<ulink url="shorewall-exclusion.html">shorewall6-exclusion</ulink>
|
||||||
(5)).</para>
|
(5)). If an interface is given:</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>It must be up and configured with an IPv6 address when
|
||||||
|
Shorewall is started or restarted.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>All routes out of the interface must be configured when
|
||||||
|
Shorewall is started or restarted.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Default routes out of the interface will result in a
|
||||||
|
warning message and will be ignored.</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user