extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-22 14:20:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add a TIME Columns section to the config file basics doc

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-09-22 15:45:18 -07:00
parent 8065e62f12
commit ef4b1c2030
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
5 changed files with 181 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/manpages/shorewall-mangle.xml
View File

@ -1262,7 +1262,7 @@ Normal-Service =&gt; 0x00</programlisting>
<para>Added in Shoreawll 5.0.12. When <emphasis <para>Added in Shoreawll 5.0.12. When <emphasis
role="bold">timestop</emphasis> is smaller than <emphasis role="bold">timestop</emphasis> is smaller than <emphasis
role="bold">timestart</emphasis> value, match this as a single role="bold">timestart</emphasis> value, match this as a single
time period instead distinct intervals.</para> time period instead of distinct intervals.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

2
Shorewall/manpages/shorewall-rules.xml
View File

@ -1689,7 +1689,7 @@
<para>Added in Shoreawll 5.0.12. When <emphasis <para>Added in Shoreawll 5.0.12. When <emphasis
role="bold">timestop</emphasis> is smaller than <emphasis role="bold">timestop</emphasis> is smaller than <emphasis
role="bold">timestart</emphasis> value, match this as a single role="bold">timestart</emphasis> value, match this as a single
time period instead distinct intervals.</para> time period instead of distinct intervals.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

2
Shorewall6/manpages/shorewall6-mangle.xml
View File

@ -1338,7 +1338,7 @@ Normal-Service =&gt; 0x00</programlisting>
<para>Added in Shoreawll 5.0.12. When <emphasis <para>Added in Shoreawll 5.0.12. When <emphasis
role="bold">timestop</emphasis> is smaller than <emphasis role="bold">timestop</emphasis> is smaller than <emphasis
role="bold">timestart</emphasis> value, match this as a single role="bold">timestart</emphasis> value, match this as a single
time period instead distinct intervals.</para> time period instead of distinct intervals.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

2
Shorewall6/manpages/shorewall6-rules.xml
View File

@ -1554,7 +1554,7 @@
<para>Added in Shoreawll 5.0.12. When <emphasis <para>Added in Shoreawll 5.0.12. When <emphasis
role="bold">timestop</emphasis> is smaller than <emphasis role="bold">timestop</emphasis> is smaller than <emphasis
role="bold">timestart</emphasis> value, match this as a single role="bold">timestart</emphasis> value, match this as a single
time period instead distinct intervals.</para> time period instead of distinct intervals.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

178
docs/configuration_file_basics.xml
View File

@ -782,7 +782,7 @@ DNAT { source=net dest=loc:10.0.0.1 proto=tcp dport=80 mark=88 }</programlisting
<programlisting> ACCEPT net $FW { proto=tcp, dport=22, comment="Accept \"SSH\"" }</programlisting> <programlisting> ACCEPT net $FW { proto=tcp, dport=22, comment="Accept \"SSH\"" }</programlisting>
<para> As shown in that example, when the comment contains whitespace, it <para>As shown in that example, when the comment contains whitespace, it
must be enclosed in double quotes and any embedded double quotes must be must be enclosed in double quotes and any embedded double quotes must be
escaped using a backslash ("\").</para> escaped using a backslash ("\").</para>
</section> </section>
@ -2800,6 +2800,182 @@ redirect =&gt; 137</programlisting>
above.</para> above.</para>
</section> </section>
<section id="TIME">
<title>TIME Columns</title>
<para>Several of the files include a TIME colum that allows you to specify
times when the rule is to be applied. Contents of this column is a list of
<replaceable>timeelement</replaceable>s separated by apersands
(&amp;).</para>
<para>Each <replaceable>timeelement</replaceable> is one of the
following:</para>
<variablelist>
<varlistentry>
<term>timestart=<replaceable>hh</replaceable>:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]</term>
<listitem>
<para>Defines the starting time of day.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>timestop=<replaceable>hh</replaceable>:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]</term>
<listitem>
<para>Defines the ending time of day.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>contiguous</term>
<listitem>
<para>Added in Shoreawll 5.0.12. When <emphasis
role="bold">timestop</emphasis> is smaller than <emphasis
role="bold">timestart</emphasis> value, match this as a single time
period instead of distinct intervals. See the Examples below.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>utc</term>
<listitem>
<para>Times are expressed in Greenwich Mean Time.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>localtz</term>
<listitem>
<para>Deprecated by the Netfilter team in favor of <emphasis
role="bold">kerneltz</emphasis>. Times are expressed in Local Civil
Time (default).</para>
</listitem>
</varlistentry>
<varlistentry>
<term>kerneltz</term>
<listitem>
<para>Added in Shorewall 4.5.2. Times are expressed in Local Kernel
Time (requires iptables 1.4.12 or later).</para>
</listitem>
</varlistentry>
<varlistentry>
<term>weekdays=ddd[,ddd]...</term>
<listitem>
<para>where <replaceable>ddd</replaceable> is one of
<option>Mon</option>, <option>Tue</option>, <option>Wed</option>,
<option>Thu</option>, <option>Fri</option>, <option>Sat</option> or
<option>Sun</option></para>
</listitem>
</varlistentry>
<varlistentry>
<term>monthdays=dd[,dd],...</term>
<listitem>
<para>where <replaceable>dd</replaceable> is an ordinal day of the
month</para>
</listitem>
</varlistentry>
<varlistentry>
<term>datestart=<replaceable>yyyy</replaceable>[-<replaceable>mm</replaceable>[-<replaceable>dd</replaceable>[<option>T</option><replaceable>hh</replaceable>[:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]]]]]</term>
<listitem>
<para>Defines the starting date and time.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>datestop=<replaceable>yyyy</replaceable>[-<replaceable>mm</replaceable>[-<replaceable>dd</replaceable>[<option>T</option><replaceable>hh</replaceable>[:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]]]]]</term>
<listitem>
<para>Defines the ending date and time.</para>
</listitem>
</varlistentry>
</variablelist>
<para>Examples:</para>
<variablelist>
<varlistentry>
<term>To match on weekends, use:</term>
<listitem>
<para/>
<para>weekdays=Sat,Sun</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Or, to match (once) on a national holiday block:</term>
<listitem>
<para/>
<para>datestart=2016-12-24&amp;datestop=2016-12-27</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Since the stop time is actually inclusive, you would need the
following stop time to not match the first second of the new
day:</term>
<listitem>
<para/>
<para>datestart=2016-12-24T17:00&amp;datestop=2016-12-27T23:59:59</para>
</listitem>
</varlistentry>
<varlistentry>
<term>During Lunch Hour</term>
<listitem>
<para/>
</listitem>
</varlistentry>
<varlistentry>
<term>The fourth Friday in the month:</term>
<listitem>
<para/>
<para>weekdays=Fri&amp;monthdays=22,23,24,25,26,27,28</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Matching across days might not do what is expected. For
instance,</term>
<listitem>
<para/>
<para>weekdays=Mon&amp;timestart=23:00&amp;timestop=01:00</para>
<para>Will match Monday, for one hour from midnight to 1 a.m., and
then again for another hour from 23:00 onwards. If this is unwanted,
e.g. if you would like 'match for two hours from Montay 23:00
onwards' you need to also specify the <emphasis
role="bold">contiguous</emphasis> option in the example above.
</para>
</listitem>
</varlistentry>
</variablelist>
</section>
<section id="Switches"> <section id="Switches">
<title>Switches</title> <title>Switches</title>