Document 'findgw' in the extension script doc

2024-11-22 07:33:43 +01:00 · 2009-06-17 16:46:20 -07:00 · 2009-06-17 16:46:20 -07:00 · eb5fc2c415
commit eb5fc2c415
parent d21c927d29
4 changed files with 29 additions and 1 deletions
--- a/docs/PacketMarking.xml
+++ b/docs/PacketMarking.xml
@ -57,6 +57,13 @@
    url="manpages/shorewall.html">shorewal</ulink>(8) and <ulink
    url="manpages6/shorewall6.html">shorewall6</ulink>(8).</para>

+    <para>Example (output has been folded for display ):</para>
+
+    <programlisting>[11692.096077] TRACE: mangle:tcout:return:3 IN= OUT=eth0 SRC=172.20.1.130
+                                            DST=206.124.146.254 LEN=84 TOS=0x00 PREC=0x00 TTL=64
+                                            ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7212 SEQ=3 UID=0 
+                                            GID=1000 <emphasis role="bold">MARK=0x10082</emphasis></programlisting>
+
    <para>Each active connection (even those that are not yet in ESTABLISHED
    state) has a mark value that is distinct from the packet marks. Connection
    mark values can be seen using the <command>shorewall show
--- a/docs/shorewall_extension_scripts.xml
+++ b/docs/shorewall_extension_scripts.xml
@ -184,6 +184,15 @@ esac</programlisting><caution>
        completion of a successful <command>shorewall restore</command> and
        <command>shorewall-lite restore</command>.</para>
      </listitem>
+
+      <listitem>
+        <para>findgw -- This script is invoked when Shorewall is attempting to
+        discover the gateway through a dynamic interface. The script is most
+        often used when the interface is managed by dhclient which has no
+        standardized location/name for its lease database. Scripts for use
+        with dhclient on several distributions are available at <ulink
+        url="http://www.shorewall.net/pub/shorewall/contrib/findgw/">http://www.shorewall.net/pub/shorewall/contrib/findgw/</ulink></para>
+      </listitem>
    </itemizedlist>

    <para><emphasis role="bold">If your version of Shorewall doesn't have the
--- a/manpages/shorewall.xml
+++ b/manpages/shorewall.xml
@ -871,6 +871,12 @@
          <para>The <replaceable>iptables match expression</replaceable> must
          be one or more matches that may appear in both the raw table OUTPUT
          and raw table PREROUTING chains.</para>
+
+          <para>The trace records are written to the kernel's log buffer with
+          faciility = kernel and priority = warning, and they are routed from
+          there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) --
+          Shorewall has no control over where the messages go; consult your
+          logging daemon's documentation.</para>
        </listitem>
      </varlistentry>

--- a/manpages6/shorewall6.xml
+++ b/manpages6/shorewall6.xml
@ -703,9 +703,15 @@
          TRACE log records to be created. See ip6tables(8) for
          details.</para>

-          <para>The <replaceable>iptables match expression</replaceable> must
+          <para>The <replaceable>ip6tables match expression</replaceable> must
          be one or more matches that may appear in both the raw table OUTPUT
          and raw table PREROUTING chains.</para>
+
+          <para>The trace records are written to the kernel's log buffer with
+          faciility = kernel and priority = warning, and they are routed from
+          there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) --
+          Shorewall has no control over where the messages go; consult your
+          logging daemon's documentation.</para>
        </listitem>
      </varlistentry>