extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-27 18:13:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed quotes, add CVS Id

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1000 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
mhnoyes 2003-12-28 17:32:02 +00:00
parent f950138d8d
commit cd9e00aeda
1 changed files with 15 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
Shorewall-docs/shorewall_extension_scripts.xml
View File

@ -2,7 +2,7 @@
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<article>
<!---->
<!--$Id$-->
<articleinfo>
<title>Extension Scripts</title>
@ -40,21 +40,21 @@
<para>Extension scripts are user-provided scripts that are invoked at
various points during firewall start, restart, stop and clear. The scripts
are placed in /etc/shorewall and are processed using the Bourne shell
&#34;source&#34; mechanism.</para>
<quote>source</quote> mechanism.</para>
<caution>
<orderedlist>
<listitem>
<para>Be sure that you actually need to use an extension script to do
what you want. Shorewall has a wide range of features that cover most
requirements. </para>
requirements.</para>
</listitem>
<listitem>
<para>DO NOT SIMPLY COPY RULES THAT YOU FIND ON THE NET INTO AN
EXTENSION SCRIPT AND EXPECT THEM TO WORK AND TO NOT BREAK SHOREWALL.
TO USE SHOREWALL EXTENSION SCRIPTS YOU MUST KNOW WHAT YOU ARE DOING
WITH RESPECT TO iptables/Netfilter </para>
WITH RESPECT TO iptables/Netfilter</para>
</listitem>
</orderedlist>
</caution>
@ -63,13 +63,12 @@
<itemizedlist>
<listitem>
<para>init -- invoked early in &#34;shorewall start&#34; and
&#34;shorewall restart&#34; </para>
<para>init -- invoked early in <quote>shorewall start</quote> and
<quote>shorewall restart</quote></para>
</listitem>
<listitem>
<para>start -- invoked after the firewall has been started or restarted.
</para>
<para>start -- invoked after the firewall has been started or restarted.</para>
</listitem>
<listitem>
@ -78,22 +77,22 @@
</listitem>
<listitem>
<para>stopped -- invoked after the firewall has been stopped. </para>
<para>stopped -- invoked after the firewall has been stopped.</para>
</listitem>
<listitem>
<para>clear -- invoked after the firewall has been cleared. </para>
<para>clear -- invoked after the firewall has been cleared.</para>
</listitem>
<listitem>
<para>refresh -- invoked while the firewall is being refreshed but
before the common and/or blacklst chains have been rebuilt. </para>
before the common and/or blacklst chains have been rebuilt.</para>
</listitem>
<listitem>
<para>newnotsyn (added in version 1.3.6) -- invoked after the
&#39;newnotsyn&#39; chain has been created but before any rules have
been added to it. </para>
<quote>newnotsyn</quote> chain has been created but before any rules
have been added to it.</para>
</listitem>
</itemizedlist>
@ -108,7 +107,7 @@
default rules are contained in the file /etc/shorewall/common.def which may
be used as a starting point for making your own customized file. Rather than
running iptables directly, you should run it using the function
run_iptables. Similarly, rather than running &#34;ip&#34; directly, you
run_iptables. Similarly, rather than running <quote>ip</quote> directly, you
should use run_ip. These functions accept the same arguments as the
underlying command but cause the firewall to be stopped if an error occurs
during processing of the command. If you decide to create
@ -117,11 +116,10 @@
<para>/etc/shorewall/common:</para>
<programlisting> . /etc/shorewall/common.def
&#60;add your rules here&#62;
</programlisting>
&#60;add your rules here&#62;</programlisting>
<para>If you need to supercede a rule in the released common.def file, you
can add the superceding rule before the &#39;.&#39; command. Using this
can add the superceding rule before the <quote>.</quote> command. Using this
technique allows you to add new rules while still getting the benefit of the
latest common.def file. Remember that /etc/shorewall/common defines rules
that are only applied if the applicable policy is DROP or REJECT. These