extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 20:24:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove BLACKLIST section from the rules file manpages

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-12-27 15:29:37 -08:00
parent ea9c59a297
commit d827b6ae5d
2 changed files with 34 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
manpages/shorewall-rules.xml
View File

@ -46,26 +46,6 @@
<para>Sections are as follows and must appear in the order listed:</para>
<variablelist>
<varlistentry>
<term><emphasis role="bold">BLACKLIST</emphasis></term>
<listitem>
<para>This section was added in Shorewall 4.4.25.</para>
<para>Rules in this section are applied depending on the setting of
BLACKLISTNEWONLY in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5). If
BLACKLISTNEWONLY=No, then they are applied regardless of the
connection tracking state of the packet. If BLACKLISTNEWONLY=Yes,
they are applied to connections in the NEW and INVALID
states.</para>
<para>When there are rules in this sectionas well as in
shorewall-blrules (5), those in this section are processed
last.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">ALL</emphasis></term>
@ -129,7 +109,7 @@
<warning>
<para>If you specify FASTACCEPT=Yes in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5) then the <emphasis
role="bold">BLACKLIST, ALL, ESTABLISHED</emphasis> and <emphasis
role="bold">ALL, ESTABLISHED</emphasis> and <emphasis
role="bold">RELATED</emphasis> sections must be empty.</para>
<para>An except is made if you are running Shorewall 4.4.27 or later and
@ -197,8 +177,7 @@
role="bold">DNAT</emphasis>[<emphasis
role="bold">-</emphasis>] or <emphasis
role="bold">REDIRECT</emphasis>[<emphasis
role="bold">-</emphasis>] rules. Not available in the
<emphasis role="bold">BLACKLIST</emphasis> section.</para>
role="bold">-</emphasis>] rules.</para>
</listitem>
</varlistentry>
@ -208,9 +187,7 @@
<listitem>
<para>like ACCEPT but exempts the rule from being suppressed
by OPTIMIZE=1 in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5). Not
available in the <emphasis role="bold">BLACKLIST</emphasis>
section.</para>
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</listitem>
</varlistentry>
@ -220,9 +197,7 @@
<listitem>
<para>Added in Shorewall 4.4.20. Audited versions of ACCEPT,
ACCEPT+ and ACCEPT! respectively. Require AUDIT_TARGET support
in the kernel and iptables. A_ACCEPT+ and A_ACCEPT! are not
available in the <emphasis role="bold">BLACKLIST</emphasis>
section.</para>
in the kernel and iptables.</para>
</listitem>
</varlistentry>
@ -233,8 +208,7 @@
<para>Excludes the connection from any subsequent <emphasis
role="bold">DNAT</emphasis>[-] or <emphasis
role="bold">REDIRECT</emphasis>[-] rules but doesn't generate
a rule to accept the traffic. Not available in the <emphasis
role="bold">BLACKLIST</emphasis> section.</para>
a rule to accept the traffic.</para>
</listitem>
</varlistentry>
@ -252,10 +226,7 @@
<listitem>
<para>like DROP but exempts the rule from being suppressed by
OPTIMIZE=1 in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5). Not
available in the <emphasis role="bold">BLACKLIST</emphasis>
section. Not available in the <emphasis
role="bold">BLACKLIST</emphasis> section.</para>
url="shorewall.conf.html">shorewall.conf</ulink>(5). </para>
</listitem>
</varlistentry>
@ -265,10 +236,7 @@
<listitem>
<para>Added in Shorewall 4.4.20. Audited versions of DROP and
DROP! respectively. Require AUDIT_TARGET support in the kernel
and iptables. A_DROP! is not available in the <emphasis
role="bold">BLACKLIST</emphasis> section. A_DROP! is not
available in the <emphasis role="bold">BLACKLIST</emphasis>
section.</para>
and iptables.</para>
</listitem>
</varlistentry>
@ -287,9 +255,7 @@
<listitem>
<para>like REJECT but exempts the rule from being suppressed
by OPTIMIZE=1 in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5). Not
available in the <emphasis role="bold">BLACKLIST</emphasis>
section.</para>
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</listitem>
</varlistentry>
@ -299,8 +265,7 @@
<listitem>
<para>Added in Shorewall 4.4.20. Audited versions of REJECT
and REJECT! respectively. Require AUDIT_TARGET support in the
kernel and iptables. A_REJECT! is not available in the
<emphasis role="bold">BLACKLIST</emphasis> section.</para>
kernel and iptables.</para>
</listitem>
</varlistentry>
@ -322,8 +287,7 @@
<para>Like <emphasis role="bold">DNAT</emphasis> but only
generates the <emphasis role="bold">DNAT</emphasis> iptables
rule and not the companion <emphasis
role="bold">ACCEPT</emphasis> rule. Not available in the
<emphasis role="bold">BLACKLIST</emphasis> section.</para>
role="bold">ACCEPT</emphasis> rule.</para>
</listitem>
</varlistentry>
@ -345,8 +309,7 @@
<para>Like <emphasis role="bold">REDIRECT</emphasis> but only
generates the <emphasis role="bold">REDIRECT</emphasis>
iptables rule and not the companion <emphasis
role="bold">ACCEPT</emphasis> rule. Not available in the
<emphasis role="bold">BLACKLIST</emphasis> section.</para>
role="bold">ACCEPT</emphasis> rule.</para>
</listitem>
</varlistentry>
@ -374,9 +337,7 @@
<listitem>
<para>like CONTINUE but exempts the rule from being suppressed
by OPTIMIZE=1 in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5). Not
available in the <emphasis role="bold">BLACKLIST</emphasis>
section.</para>
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</listitem>
</varlistentry>
@ -405,9 +366,7 @@
<listitem>
<para>like QUEUE but exempts the rule from being suppressed by
OPTIMIZE=1 in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5). Not
available in the <emphasis role="bold">BLACKLIST</emphasis>
section.</para>
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
</listitem>
</varlistentry>
@ -544,16 +503,6 @@
rule, it is passed on to the next rule.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">WHITELIST</emphasis></term>
<listitem>
<para>Added in Shorewall 4.4.25. May only appear in the
<emphasis role="bold">BLACKLIST</emphasis> section and exempts
the packet from following rules in that section.</para>
</listitem>
</varlistentry>
</variablelist>
<para>The <replaceable>target</replaceable> may optionally be
@ -1595,13 +1544,13 @@
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5),
shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
shorewall-route_rules(5), shorewall-routestopped(5), shorewall.conf(5),
shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
shorewall-zones(5)</para>
shorewall-blacklist(5), shorweall-blrules(5), shorewall-hosts(5),
shorewall_interfaces(5), shorewall-ipsets(5), shorewall-maclist(5),
shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5),
shorewall-params(5), shorewall-policy(5), shorewall-providers(5),
shorewall-proxyarp(5), shorewall-route_rules(5),
shorewall-routestopped(5), shorewall.conf(5), shorewall-secmarks(5),
shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</para>
</refsect1>
</refentry>

60
manpages6/shorewall6-rules.xml
View File

@ -39,26 +39,6 @@
<para>Sections are as follows and must appear in the order listed:</para>
<variablelist>
<varlistentry>
<term><emphasis role="bold">BLACKLIST</emphasis></term>
<listitem>
<para>This section was added in Shorewall 4.4.25.</para>
<para>Rules in this section are applied depending on the setting of
BLACKLISTNEWONLY in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5). If
BLACKLISTNEWONLY=No, then they are applied regardless of the
connection tracking state of the packet. If BLACKLISTNEWONLY=Yes,
they are applied to connections in the NEW and INVALID
states.</para>
<para>When there are rules in this sectionas well as in
shorewall-blrules (5), those in this section are processed
last.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">ALL</emphasis></term>
@ -182,9 +162,7 @@
<listitem>
<para>like ACCEPT but exempts the rule from being suppressed
by OPTIMIZE=1 in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5). Not
available in the <emphasis role="bold">BLACKLIST</emphasis>
section.</para>
url="shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
</listitem>
</varlistentry>
@ -194,8 +172,7 @@
<listitem>
<para>Added in Shorewall 4.4.20. Audited versions of ACCEPT
and ACCEPT! respectively. Require AUDIT_TARGET support in the
kernel and ip6tables. A_ACCEPT! is not available in the
<emphasis role="bold">BLACKLIST</emphasis> section.</para>
kernel and ip6tables.</para>
</listitem>
</varlistentry>
@ -213,9 +190,7 @@
<listitem>
<para>like DROP but exempts the rule from being suppressed by
OPTIMIZE=1 in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5). Not
available in the <emphasis role="bold">BLACKLIST</emphasis>
section.</para>
url="shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
</listitem>
</varlistentry>
@ -225,8 +200,7 @@
<listitem>
<para>Added in Shorewall 4.4.20. Audited versions of DROP and
DROP! respectively. Require AUDIT_TARGET support in the kernel
and ip6tables. A_DROP! is not available in the <emphasis
role="bold">BLACKLIST</emphasis> section.</para>
and ip6tables.</para>
</listitem>
</varlistentry>
@ -245,9 +219,7 @@
<listitem>
<para>like REJECT but exempts the rule from being suppressed
by OPTIMIZE=1 in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5). Not
available in the <emphasis role="bold">BLACKLIST</emphasis>
section.</para>
url="shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
</listitem>
</varlistentry>
@ -257,8 +229,7 @@
<listitem>
<para>Added in Shorewall 4.4.20. Audited versions of REJECT
and REJECT! respectively. Require AUDIT_TARGET support in the
kernel and ip6tables. A_REJECT! is not available in the
<emphasis role="bold">BLACKLIST</emphasis> section.</para>
kernel and ip6tables.</para>
</listitem>
</varlistentry>
@ -286,9 +257,7 @@
<listitem>
<para>like CONTINUE but exempts the rule from being suppressed
by OPTIMIZE=1 in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5). Not
available in the <emphasis role="bold">BLACKLIST</emphasis>
section.</para>
url="shorewall6.conf.html">shorewall6.conf</ulink>(5). </para>
</listitem>
</varlistentry>
@ -317,9 +286,7 @@
<listitem>
<para>like QUEUE but exempts the rule from being suppressed by
OPTIMIZE=1 in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5). Not
available in the <emphasis role="bold">BLACKLIST</emphasis>
section.</para>
url="shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
</listitem>
</varlistentry>
@ -351,9 +318,7 @@
<listitem>
<para>like NFQUEUE but exempts the rule from being suppressed
by OPTIMIZE=1 in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5). Not
available in the <emphasis role="bold">BLACKLIST</emphasis>
section.</para>
url="shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
</listitem>
</varlistentry>
@ -1256,9 +1221,10 @@
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5),
shorewall6-policy(5), shorewall6-providers(5), shorewall6-route_rules(5),
shorewall6-blacklist(5), shorewall6-blrules(5), shorewall6-hosts(5),
shorewall6-interfaces(5), shorewall6-maclist(5),
shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-providers(5), shorewall6-route_rules(5),
shorewall6-routestopped(5), shorewall6.conf(5), shorewall6-secmarks(5),
shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),
shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)</para>