Correct comments in the Chains module.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-04-02 12:52:10 -07:00
parent 190e43ff51
commit ee66a45e2e
2 changed files with 4 additions and 4 deletions

View File

@ -315,13 +315,12 @@ our $VERSION = 'MODULEVERSION';
# 'loglevel', 'synparams', 'synchain', 'audit' and 'default' only apply to policy chains. # 'loglevel', 'synparams', 'synchain', 'audit' and 'default' only apply to policy chains.
########################################################################################################################################### ###########################################################################################################################################
# #
# For each ordered pair of zones, there may exist a 'canonical rules chain' in the filter table; the name if this chain is formed by # For each ordered pair of zones, there may exist a 'canonical rules chain' in the filter table; the name of this chain is formed by
# joining the names of the zones using the ZONE_SEPARATOR ('2' or '-'). This chain contains the rules that specifically deal with # joining the names of the zones using the ZONE_SEPARATOR ('2' or '-'). This chain contains the rules that specifically deal with
# connections from the first zone to the second. These chains will end with the policy rules when EXPAND_POLICIES=Yes and when there is an # connections from the first zone to the second. These chains will end with the policy rules when EXPAND_POLICIES=Yes and when there is an
# explicit policy for the order pair. Otherwise, unless the applicable policy is CONTINUE, the chain will terminate with a jump to a # explicit policy for the order pair. Otherwise, unless the applicable policy is CONTINUE, the chain will terminate with a jump to a
# wildcard policy chain (all[2-]zone, zone[2-]all, or all[2-]all). # wildcard policy chain (all[2-]zone, zone[2-]all, or all[2-]all).
# #
#
# Except in the most trivial one-interface configurations, each zone has a "forward chain" which is branched to from the filter table # Except in the most trivial one-interface configurations, each zone has a "forward chain" which is branched to from the filter table
# FORWARD chain. # FORWARD chain.
# #
@ -366,11 +365,12 @@ our $VERSION = 'MODULEVERSION';
# Zone-pair chains for rules chain <z12z2> # Zone-pair chains for rules chain <z12z2>
# #
# Syn Flood - @<z12z2> # Syn Flood - @<z12z2>
# Blacklist - ~<z12z2> # Blacklist - <z12z2>~
# Established - ^<z12z2> # Established - ^<z12z2>
# Related - +<z12z2> # Related - +<z12z2>
# Invalid - _<z12z2> # Invalid - _<z12z2>
# Untracked - &<z12z2> # Untracked - &<z12z2>
#
our %chain_table; our %chain_table;
our $raw_table; our $raw_table;
our $rawpost_table; our $rawpost_table;

View File

@ -56,7 +56,7 @@
<command>ethereal</command> or any other packet sniffing program. They can <command>ethereal</command> or any other packet sniffing program. They can
be seen in an iptables/ip6tables trace -- see the be seen in an iptables/ip6tables trace -- see the
<command>iptrace</command> command in <ulink <command>iptrace</command> command in <ulink
url="manpages/shorewall.html">shorewal</ulink>l(8) and <ulink url="manpages/shorewall.html">shorewall</ulink>(8) and <ulink
url="manpages6/shorewall6.html">shorewall6</ulink>(8).</para> url="manpages6/shorewall6.html">shorewall6</ulink>(8).</para>
<para>Example (output has been folded for display ):</para> <para>Example (output has been folded for display ):</para>