mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-27 13:11:57 +02:00
Document 'findgw' in the extension script doc
This commit is contained in:
parent
d21c927d29
commit
eb5fc2c415
@ -57,6 +57,13 @@
|
|||||||
url="manpages/shorewall.html">shorewal</ulink>(8) and <ulink
|
url="manpages/shorewall.html">shorewal</ulink>(8) and <ulink
|
||||||
url="manpages6/shorewall6.html">shorewall6</ulink>(8).</para>
|
url="manpages6/shorewall6.html">shorewall6</ulink>(8).</para>
|
||||||
|
|
||||||
|
<para>Example (output has been folded for display ):</para>
|
||||||
|
|
||||||
|
<programlisting>[11692.096077] TRACE: mangle:tcout:return:3 IN= OUT=eth0 SRC=172.20.1.130
|
||||||
|
DST=206.124.146.254 LEN=84 TOS=0x00 PREC=0x00 TTL=64
|
||||||
|
ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7212 SEQ=3 UID=0
|
||||||
|
GID=1000 <emphasis role="bold">MARK=0x10082</emphasis></programlisting>
|
||||||
|
|
||||||
<para>Each active connection (even those that are not yet in ESTABLISHED
|
<para>Each active connection (even those that are not yet in ESTABLISHED
|
||||||
state) has a mark value that is distinct from the packet marks. Connection
|
state) has a mark value that is distinct from the packet marks. Connection
|
||||||
mark values can be seen using the <command>shorewall show
|
mark values can be seen using the <command>shorewall show
|
||||||
|
@ -184,6 +184,15 @@ esac</programlisting><caution>
|
|||||||
completion of a successful <command>shorewall restore</command> and
|
completion of a successful <command>shorewall restore</command> and
|
||||||
<command>shorewall-lite restore</command>.</para>
|
<command>shorewall-lite restore</command>.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>findgw -- This script is invoked when Shorewall is attempting to
|
||||||
|
discover the gateway through a dynamic interface. The script is most
|
||||||
|
often used when the interface is managed by dhclient which has no
|
||||||
|
standardized location/name for its lease database. Scripts for use
|
||||||
|
with dhclient on several distributions are available at <ulink
|
||||||
|
url="http://www.shorewall.net/pub/shorewall/contrib/findgw/">http://www.shorewall.net/pub/shorewall/contrib/findgw/</ulink></para>
|
||||||
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
|
||||||
<para><emphasis role="bold">If your version of Shorewall doesn't have the
|
<para><emphasis role="bold">If your version of Shorewall doesn't have the
|
||||||
|
@ -871,6 +871,12 @@
|
|||||||
<para>The <replaceable>iptables match expression</replaceable> must
|
<para>The <replaceable>iptables match expression</replaceable> must
|
||||||
be one or more matches that may appear in both the raw table OUTPUT
|
be one or more matches that may appear in both the raw table OUTPUT
|
||||||
and raw table PREROUTING chains.</para>
|
and raw table PREROUTING chains.</para>
|
||||||
|
|
||||||
|
<para>The trace records are written to the kernel's log buffer with
|
||||||
|
faciility = kernel and priority = warning, and they are routed from
|
||||||
|
there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) --
|
||||||
|
Shorewall has no control over where the messages go; consult your
|
||||||
|
logging daemon's documentation.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
@ -703,9 +703,15 @@
|
|||||||
TRACE log records to be created. See ip6tables(8) for
|
TRACE log records to be created. See ip6tables(8) for
|
||||||
details.</para>
|
details.</para>
|
||||||
|
|
||||||
<para>The <replaceable>iptables match expression</replaceable> must
|
<para>The <replaceable>ip6tables match expression</replaceable> must
|
||||||
be one or more matches that may appear in both the raw table OUTPUT
|
be one or more matches that may appear in both the raw table OUTPUT
|
||||||
and raw table PREROUTING chains.</para>
|
and raw table PREROUTING chains.</para>
|
||||||
|
|
||||||
|
<para>The trace records are written to the kernel's log buffer with
|
||||||
|
faciility = kernel and priority = warning, and they are routed from
|
||||||
|
there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) --
|
||||||
|
Shorewall has no control over where the messages go; consult your
|
||||||
|
logging daemon's documentation.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user