extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-01 15:35:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update 'notrack' man pages

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-12-05 06:56:23 -08:00
parent 7fcdfd6655
commit f56b56a59f
2 changed files with 77 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
manpages/shorewall-notrack.xml
View File

@ -23,15 +23,51 @@
<refsect1> <refsect1>
<title>Description</title> <title>Description</title>
<para>The notrack file is used to exempt certain traffic from Netfilter <para>The original intent of the notrack file was to exempt certain
connection tracking. Traffic matching entries in this file will not be traffic from Netfilter connection tracking. Traffic matching entries in
tracked.</para> this file were not to be tracked.</para>
<para>The role of the file was expanded in Shorewall 4.4.27 to include all
rules tht can be added in the Netfilter <emphasis
role="bold">raw</emphasis> table.</para>
<para>The file supports two different column layouts: FORMAT 1 and FORMAT
2, FORMAT 1 being the default. The two differ in that FORMAT 2 has an
additional leading ACTION column. When an entry in the file of this form
is encountered, the format of the following entries are assumed to be of
the specified <replaceable>format</replaceable>.</para>
<simplelist>
<member><emphasis role="bold">FORMAT</emphasis>
<replaceable>format</replaceable></member>
</simplelist>
<para>where <replaceable>format</replaceable> is either <emphasis
role="bold">1</emphasis> or <emphasis role="bold">2</emphasis>.</para>
<para>The columns in the file are as follows (where the column name is <para>The columns in the file are as follows (where the column name is
followed by a different name in parentheses, the different name is used in followed by a different name in parentheses, the different name is used in
the alternate specification syntax).</para> the alternate specification syntax).</para>
<variablelist> <variablelist>
<varlistentry>
<term><emphasis role="bold">ACTION</emphasis> - {<emphasis
role="bold">NOTRACK</emphasis>|<emphasis
role="bold">CT</emphasis>:<replaceable>option</replaceable>:<replaceable>args</replaceable>}</term>
<listitem>
<para>This column is only present when FORMAT = 2. Values other than
NOTRACK require <firstterm>CT Target </firstterm>support in your
iptables and kernel. Type <command>man iptables</command> and search
for the CT target extension. The text will describe the
<replaceable>option</replaceable>s and
<replaceable>args</replaceable> supported.</para>
<para>When FORMAT = 1, this column is not present and the rule is
processed as if NOTRACK had been entered in this column.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term>SOURCE <term>SOURCE
{<emphasis>zone</emphasis>[:<emphasis>interface</emphasis>][:<emphasis>address-list</emphasis>]|COMMENT}</term> {<emphasis>zone</emphasis>[:<emphasis>interface</emphasis>][:<emphasis>address-list</emphasis>]|COMMENT}</term>

41
manpages6/shorewall6-notrack.xml
View File

@ -23,15 +23,50 @@
<refsect1> <refsect1>
<title>Description</title> <title>Description</title>
<para>The notrack file is used to exempt certain traffic from Netfilter <para>The original intent of the notrack file was to exempt certain
connection tracking. Traffic matching entries in this file will not be traffic from Netfilter connection tracking. Traffic matching entries in
tracked.</para> this file were not to be tracked.</para>
<para>The role of the file was expanded in Shorewall 4.4.27 to include all
rules tht can be added in the Netfilter <emphasis
role="bold">raw</emphasis> table.</para>
<para>The file supports two different column layouts: FORMAT 1 and FORMAT
2, FORMAT 1 being the default. The two differ in that FORMAT 2 has an
additional leading ACTION column. When an entry in the file of this form
is encountered, the format of the following entries are assumed to be of
the specified <replaceable>format</replaceable>.</para>
<simplelist>
<member>FORMAT <replaceable>format</replaceable></member>
</simplelist>
<para>where <replaceable>format</replaceable> is either <emphasis
role="bold">1</emphasis> or <emphasis role="bold">2</emphasis>.</para>
<para>The columns in the file are as follows (where the column name is <para>The columns in the file are as follows (where the column name is
followed by a different name in parentheses, the different name is used in followed by a different name in parentheses, the different name is used in
the alternate specification syntax).</para> the alternate specification syntax).</para>
<variablelist> <variablelist>
<varlistentry>
<term><emphasis role="bold">ACTION</emphasis> - {<emphasis
role="bold">NOTRACK</emphasis>|<emphasis
role="bold">CT</emphasis>:<replaceable>option</replaceable>:<replaceable>args</replaceable>}</term>
<listitem>
<para>This column is only present when FORMAT = 2. Values other than
NOTRACK require <firstterm>CT Target </firstterm>support in your
iptables and kernel. Type <command>man iptables</command> and search
for the CT target extension. The text will describe the
<replaceable>option</replaceable>s and
<replaceable>args</replaceable> supported.</para>
<para>When FORMAT = 1, this column is not present and the rule is
processed as if NOTRACK had been entered in this column.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term>SOURCE <term>SOURCE
<emphasis>zone</emphasis>[:<emphasis>interface</emphasis>][:<emphasis>address-list</emphasis>]</term> <emphasis>zone</emphasis>[:<emphasis>interface</emphasis>][:<emphasis>address-list</emphasis>]</term>