mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-29 02:54:18 +01:00
Clarify DEST column in DNAT rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
4dad6d2bb9
commit
e021285199
@ -991,7 +991,10 @@
|
|||||||
When the <emphasis role="bold">ACTION</emphasis> is <emphasis
|
When the <emphasis role="bold">ACTION</emphasis> is <emphasis
|
||||||
role="bold">DNAT</emphasis> or <emphasis
|
role="bold">DNAT</emphasis> or <emphasis
|
||||||
role="bold">DNAT-</emphasis>, the connections will be assigned to
|
role="bold">DNAT-</emphasis>, the connections will be assigned to
|
||||||
addresses in the range in a round-robin fashion.</para>
|
addresses in the range in a round-robin fashion. <emphasis
|
||||||
|
role="bold">DNAT</emphasis> and <emphasis
|
||||||
|
role="bold">DNAT-</emphasis> do not allow a list of addresses and/or
|
||||||
|
ranges.</para>
|
||||||
|
|
||||||
<para>If you kernel and iptables have ipset match support then you
|
<para>If you kernel and iptables have ipset match support then you
|
||||||
may give the name of an ipset prefaced by "+". The ipset name may be
|
may give the name of an ipset prefaced by "+". The ipset name may be
|
||||||
|
@ -934,6 +934,17 @@
|
|||||||
<para>Restriction: MAC addresses are not allowed (this is a
|
<para>Restriction: MAC addresses are not allowed (this is a
|
||||||
Netfilter restriction).</para>
|
Netfilter restriction).</para>
|
||||||
|
|
||||||
|
<para>Like in the <emphasis role="bold">SOURCE</emphasis> column,
|
||||||
|
you may specify a range of IP addresses using the syntax
|
||||||
|
<emphasis>lowaddress</emphasis>-<emphasis>highaddress</emphasis>.
|
||||||
|
When the <emphasis role="bold">ACTION</emphasis> is <emphasis
|
||||||
|
role="bold">DNAT</emphasis> or <emphasis
|
||||||
|
role="bold">DNAT-</emphasis>, the connections will be assigned to
|
||||||
|
addresses in the range in a round-robin fashion. <emphasis
|
||||||
|
role="bold">DNAT</emphasis> and <emphasis
|
||||||
|
role="bold">DNAT-</emphasis> do not allow a list of addresses and/or
|
||||||
|
ranges.</para>
|
||||||
|
|
||||||
<para>If you kernel and ip6tables have ipset match support then you
|
<para>If you kernel and ip6tables have ipset match support then you
|
||||||
may give the name of an ipset prefaced by "+". The ipset name may be
|
may give the name of an ipset prefaced by "+". The ipset name may be
|
||||||
optionally followed by a number from 1 to 6 enclosed in square
|
optionally followed by a number from 1 to 6 enclosed in square
|
||||||
|
Loading…
Reference in New Issue
Block a user