From eb5fc2c415cae3438910d386bcba828846aa0a6e Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 17 Jun 2009 16:46:20 -0700 Subject: [PATCH] Document 'findgw' in the extension script doc --- docs/PacketMarking.xml | 7 +++++++ docs/shorewall_extension_scripts.xml | 9 +++++++++ manpages/shorewall.xml | 6 ++++++ manpages6/shorewall6.xml | 8 +++++++- 4 files changed, 29 insertions(+), 1 deletion(-) diff --git a/docs/PacketMarking.xml b/docs/PacketMarking.xml index f269fc720..eb30ad4d1 100644 --- a/docs/PacketMarking.xml +++ b/docs/PacketMarking.xml @@ -57,6 +57,13 @@ url="manpages/shorewall.html">shorewal(8) and shorewall6(8). + Example (output has been folded for display ): + + [11692.096077] TRACE: mangle:tcout:return:3 IN= OUT=eth0 SRC=172.20.1.130 + DST=206.124.146.254 LEN=84 TOS=0x00 PREC=0x00 TTL=64 + ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7212 SEQ=3 UID=0 + GID=1000 MARK=0x10082 + Each active connection (even those that are not yet in ESTABLISHED state) has a mark value that is distinct from the packet marks. Connection mark values can be seen using the shorewall show diff --git a/docs/shorewall_extension_scripts.xml b/docs/shorewall_extension_scripts.xml index 082f80433..93ce87f96 100644 --- a/docs/shorewall_extension_scripts.xml +++ b/docs/shorewall_extension_scripts.xml @@ -184,6 +184,15 @@ esac completion of a successful shorewall restore and shorewall-lite restore. + + + findgw -- This script is invoked when Shorewall is attempting to + discover the gateway through a dynamic interface. The script is most + often used when the interface is managed by dhclient which has no + standardized location/name for its lease database. Scripts for use + with dhclient on several distributions are available at http://www.shorewall.net/pub/shorewall/contrib/findgw/ + If your version of Shorewall doesn't have the diff --git a/manpages/shorewall.xml b/manpages/shorewall.xml index 7622cda50..876a84f7b 100644 --- a/manpages/shorewall.xml +++ b/manpages/shorewall.xml @@ -871,6 +871,12 @@ The iptables match expression must be one or more matches that may appear in both the raw table OUTPUT and raw table PREROUTING chains. + + The trace records are written to the kernel's log buffer with + faciility = kernel and priority = warning, and they are routed from + there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) -- + Shorewall has no control over where the messages go; consult your + logging daemon's documentation. diff --git a/manpages6/shorewall6.xml b/manpages6/shorewall6.xml index f49ae243a..b2509fd7e 100644 --- a/manpages6/shorewall6.xml +++ b/manpages6/shorewall6.xml @@ -703,9 +703,15 @@ TRACE log records to be created. See ip6tables(8) for details. - The iptables match expression must + The ip6tables match expression must be one or more matches that may appear in both the raw table OUTPUT and raw table PREROUTING chains. + + The trace records are written to the kernel's log buffer with + faciility = kernel and priority = warning, and they are routed from + there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) -- + Shorewall has no control over where the messages go; consult your + logging daemon's documentation.