extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 04:04:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add Geoip match to config basics doc. Clarify variable search algorithm.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-05-18 07:27:33 -07:00
parent 55c88e8e81
commit cb72948739
1 changed files with 25 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
docs/configuration_file_basics.xml
View File

@ -834,7 +834,7 @@ DNAT { source=net dest=loc:10.0.0.1 proto=tcp dport=80 mark=88 }</programlisting
<listitem> <listitem>
<para>ADDRESS LIST — A list of one or more addresses (host or network) <para>ADDRESS LIST — A list of one or more addresses (host or network)
or address ranges, separated by commas. In an IPv6 configuration, this or address ranges, separated by commas. In an IPv6 configuration, this
list must be includef in square or angled brackets ("[...]" or list must be included in square or angled brackets ("[...]" or
"&lt;...&gt;"). The list may have <link "&lt;...&gt;"). The list may have <link
linkend="Exclusion">exclusion</link>.</para> linkend="Exclusion">exclusion</link>.</para>
</listitem> </listitem>
@ -875,7 +875,7 @@ DNAT { source=net dest=loc:10.0.0.1 proto=tcp dport=80 mark=88 }</programlisting
<listitem> <listitem>
<para>Host 2002:ce7c:92b4:1:a00:27ff:feb1:46a9 in the <emphasis <para>Host 2002:ce7c:92b4:1:a00:27ff:feb1:46a9 in the <emphasis
role="bold">loc</emphasis> zone — <emphasis role="bold">loc</emphasis> zone — <emphasis
role="bold">loc:[2002:ce7c:92b4:1:a00:27ff:feb1:46a9]</emphasis></para> role="bold">loc::[2002:ce7c:92b4:1:a00:27ff:feb1:46a9]</emphasis></para>
</listitem> </listitem>
<listitem> <listitem>
@ -883,6 +883,12 @@ DNAT { source=net dest=loc:10.0.0.1 proto=tcp dport=80 mark=88 }</programlisting
role="bold">$FW:&amp;eth0</emphasis> (see <link role="bold">$FW:&amp;eth0</emphasis> (see <link
linkend="Rvariables">Run-time Address Variables</link> below)</para> linkend="Rvariables">Run-time Address Variables</link> below)</para>
</listitem> </listitem>
<listitem>
<para>All hosts in Vatican City - <emphasis
role="bold">net:^VA</emphasis> (Shorwall 4.5.4 and later - See <ulink
url="ISO-3661.html">this article</ulink>).</para>
</listitem>
</orderedlist> </orderedlist>
</section> </section>
@ -1517,12 +1523,23 @@ SHELL cat /etc/shorewall/rules.d/*.rules 2&gt; /dev/null || true</programlisting
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>If the <replaceable>variable</replaceable> is still not found and it <para>If the <replaceable>variable</replaceable> is still not
begins with '__', then those leading characters are stripped off and the found:</para>
result is searched for in the defined <firstterm>capabilities</firstterm>.
The current set of capabilities may be obtained by the command <itemizedlist>
<command>shorewall show capabilities</command> (the capability names are <listitem>
in parentheses).</para> <para>it begins with '__', then those leading characters are stripped
off.</para>
</listitem>
<listitem>
<para>the variable is then searched for in the defined
<firstterm>capabilities</firstterm>. The current set of capabilities
may be obtained by the command <command>shorewall show
capabilities</command> (the capability names are in
parentheses).</para>
</listitem>
</itemizedlist>
<para>If it is not found in any of those places, the <para>If it is not found in any of those places, the
<replaceable>variable</replaceable> is assumed to have a value of 0 <replaceable>variable</replaceable> is assumed to have a value of 0