mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 14:20:40 +01:00
Document 'findgw' in the extension script doc
This commit is contained in:
parent
d21c927d29
commit
eb5fc2c415
@ -57,6 +57,13 @@
|
||||
url="manpages/shorewall.html">shorewal</ulink>(8) and <ulink
|
||||
url="manpages6/shorewall6.html">shorewall6</ulink>(8).</para>
|
||||
|
||||
<para>Example (output has been folded for display ):</para>
|
||||
|
||||
<programlisting>[11692.096077] TRACE: mangle:tcout:return:3 IN= OUT=eth0 SRC=172.20.1.130
|
||||
DST=206.124.146.254 LEN=84 TOS=0x00 PREC=0x00 TTL=64
|
||||
ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7212 SEQ=3 UID=0
|
||||
GID=1000 <emphasis role="bold">MARK=0x10082</emphasis></programlisting>
|
||||
|
||||
<para>Each active connection (even those that are not yet in ESTABLISHED
|
||||
state) has a mark value that is distinct from the packet marks. Connection
|
||||
mark values can be seen using the <command>shorewall show
|
||||
|
@ -184,6 +184,15 @@ esac</programlisting><caution>
|
||||
completion of a successful <command>shorewall restore</command> and
|
||||
<command>shorewall-lite restore</command>.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>findgw -- This script is invoked when Shorewall is attempting to
|
||||
discover the gateway through a dynamic interface. The script is most
|
||||
often used when the interface is managed by dhclient which has no
|
||||
standardized location/name for its lease database. Scripts for use
|
||||
with dhclient on several distributions are available at <ulink
|
||||
url="http://www.shorewall.net/pub/shorewall/contrib/findgw/">http://www.shorewall.net/pub/shorewall/contrib/findgw/</ulink></para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para><emphasis role="bold">If your version of Shorewall doesn't have the
|
||||
|
@ -871,6 +871,12 @@
|
||||
<para>The <replaceable>iptables match expression</replaceable> must
|
||||
be one or more matches that may appear in both the raw table OUTPUT
|
||||
and raw table PREROUTING chains.</para>
|
||||
|
||||
<para>The trace records are written to the kernel's log buffer with
|
||||
faciility = kernel and priority = warning, and they are routed from
|
||||
there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) --
|
||||
Shorewall has no control over where the messages go; consult your
|
||||
logging daemon's documentation.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -703,9 +703,15 @@
|
||||
TRACE log records to be created. See ip6tables(8) for
|
||||
details.</para>
|
||||
|
||||
<para>The <replaceable>iptables match expression</replaceable> must
|
||||
<para>The <replaceable>ip6tables match expression</replaceable> must
|
||||
be one or more matches that may appear in both the raw table OUTPUT
|
||||
and raw table PREROUTING chains.</para>
|
||||
|
||||
<para>The trace records are written to the kernel's log buffer with
|
||||
faciility = kernel and priority = warning, and they are routed from
|
||||
there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) --
|
||||
Shorewall has no control over where the messages go; consult your
|
||||
logging daemon's documentation.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user