From 091b26acee0d240f3c3a906abdd6acb50b686c85 Mon Sep 17 00:00:00 2001 From: teastep Date: Thu, 16 Nov 2006 00:51:52 +0000 Subject: [PATCH] I'm cooking with man pages now... git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4893 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- manpages/shorewall-maclist.xml | 96 +++++++++++++++++++++++++ manpages/shorewall-nat.xml | 124 +++++++++++++++++++++++++++++++++ 2 files changed, 220 insertions(+) create mode 100644 manpages/shorewall-maclist.xml create mode 100644 manpages/shorewall-nat.xml diff --git a/manpages/shorewall-maclist.xml b/manpages/shorewall-maclist.xml new file mode 100644 index 000000000..e2a75237a --- /dev/null +++ b/manpages/shorewall-maclist.xml @@ -0,0 +1,96 @@ + + + + shorewall-maclist + + 5 + + + + maclist + + Shorewall MAC Verification file + + + + + /etc/shorewall/maclist + + + + + Description + + This file is used to define the MAC addresses and optionally their + associated IP addresses to be allowed to use the specified interface. The + feature is enabled by using the maclist + option in the shorewall-interfaces(5) or shorewall-hosts(5) configuration + file. + + The columns in the file are as follows. + + + + DISPOSITION + + + ACCEPT or DROP (if MACLIST_TABLE=filter in + shorewall.conf(5), then REJECT is also allowed) + + + + + INTERFACE + + + Network interface to a host. If the interface names a bridge, + it may be optionally followed by a colon (":") and a physical port + name (e.g., br0:eth4). + + + + + MAC + + + MAC address of the host -- you do not need to use the + Shorewall format for MAC addresses here. If IP + ADDRESSESES is supplied then MAC can be supplied as a dash (-) + + + + + IP ADDRESSES (Optional) + + + If specified, both the MAC and IP address must match. This + column can contain a comma-separated list of host and/or subnet + addresses. If your kernel and iptables have iprange match support + then IP address ranges are also allowed. + + + + + + + FILES + + /etc/shorewall/maclist + + + + See ALSO + + shorewall(8), shorewall-accounting(5), shorewall-actions(5), + shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5), + shorewall-ipsec(5), shorewall-masq(5), shorewall-nat(5), + shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), + shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_routes(5), + shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), + shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), + shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5) + + \ No newline at end of file diff --git a/manpages/shorewall-nat.xml b/manpages/shorewall-nat.xml new file mode 100644 index 000000000..45a4746f6 --- /dev/null +++ b/manpages/shorewall-nat.xml @@ -0,0 +1,124 @@ + + + + shorewall-nat + + 5 + + + + nat + + Shorewall one-to-one NAT file + + + + + /etc/shorewall/nat + + + + + Description + + This file is used to define one-to-one Network Address Translation + (NAT). + + + If all you want to do is simple port forwarding, do NOT use this + file. See http://www.shorewall.net/FAQ.htm#faq1. Also, in most cases, + Proxy ARP is a better solution that one-to-one NAT. + + + The columns in the file are as follows. + + + + EXTERNAL + + + External IP Address - this should NOT be the primary IP + address of the interface named in the next column and must not be a + DNS Name. + + If you put COMMENT in this column, the rest of the line will + be attached as a comment to the Netfilter rule(s) generated by the + following entries in the file. The comment will appear delimited by + "/* ... */" in the output of "shorewall show nat" + + To stop the comment from being attached to further rules, + simply include COMMENT on a line by itself. + + + + + INTERFACE + + + Interface that has the EXTERNAL address. If ADD_IP_ALIASES=Yes in + shorewall.conf(5), Shorewall will automatically add the EXTERNAL + address to this interface. Also if ADD_IP_ALIASES=Yes, you may + follow the interface name with ":" and a digit to indicate that you + want Shorewall to add the alias with this name (e.g., "eth0:0"). + That allows you to see the alias with ifconfig. That is the only thing that this name is good for -- you + cannot use it anwhere else in your Shorewall + configuration. + + If you want to override ADD_IP_ALIASES=Yes for a particular + entry, follow the interface name with ":" and no digit (e.g., + "eth0:"). + + + + + INTERNAL + + + Internal Address (must not be a DNS Name). + + + + + ALL INTERFACES + + + If Yes or yes, NAT will be effective from all hosts. If No or + no (or left empty) then NAT will be effective only through the + interface named in the INTERFACE + column. + + + + + LOCAL + + + If Yes or yes, NAT will be effective from the firewall + system + + + + + + + FILES + + /etc/shorewall/nat + + + + See ALSO + + shorewall(8), shorewall-accounting(5), shorewall-actions(5), + shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5), + shorewall-maclist(5), shorewall-masq(5), shorewall-netmap(5), + shorewall-params(5), shorewall-policy(5), shorewall-providers(5), + shorewall-proxyarp(5), shorewall-route_routes(5), + shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), + shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), + shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5) + + \ No newline at end of file