diff --git a/Shorewall-docs2/Macros.xml b/Shorewall-docs2/Macros.xml index a05e50f51..71d45d28a 100644 --- a/Shorewall-docs2/Macros.xml +++ b/Shorewall-docs2/Macros.xml @@ -70,7 +70,7 @@ Standard Macros. These actions are released as part of Shorewall. They are listed in the file /usr/share/shorewall/actions.std and are defined - in the corresponding action.* files in /usr/share/shorewall. Each macros.* file has a comment at the beginning of the file that describes what the action does. As an example, here is @@ -99,9 +99,9 @@ PARAM - - tcp 135,139,445 - User-defined Macros. These actions are created by end-users. - They are listed in the file /etc/shorewall/actions and are defined in - action.* files in /etc/shorewall/actions or in another directory + User-defined Macros. These macros are created by end-users. They + are listed in the file /etc/shorewall/actions and are defined in + macros.* files in /etc/shorewall/actions or in another directory listed in your CONFIG_PATH (defined in /etc/shorewall/shorewall.conf). @@ -157,7 +157,7 @@ Reject:REJECT #Common Action for REJECT policy
- Defining your own Actions + Defining your own Macros To define a new action: diff --git a/Shorewall-docs2/releasenotes.xml b/Shorewall-docs2/releasenotes.xml deleted file mode 100644 index 9998e15b2..000000000 --- a/Shorewall-docs2/releasenotes.xml +++ /dev/null @@ -1,122 +0,0 @@ - - -
- - - Shorewall 1.4.9 - -
- Problems Corrected - - These are the problems corrected since Shorewall 1.4.8 - - - - There has been a low continuing level of confusion over the - terms Source NAT (SNAT) and Static NAT. - To avoid future confusion, all instances of Static NAT - have been replaced with One-to-one NAT in the - documentation and configuration files. - - - - The description of NEWNOTSYN in shorewall.conf has been reworded - for clarity. - - - - Wild-card rules (those involving all as SOURCE or - DEST) will no longer produce an error if they attempt to add a rule - that would override a NONE policy. The logic for expanding these - wild-card rules now simply skips those (SOURCE,DEST) pairs that have a - NONE policy. - - -
- -
- Migration Considerations - - None. -
- -
- New Features - - These are the new features added since Shorewall 1.4.8 - - - - To cut down on the number of Why are these ports closed - rather than stealthed? questions, the SMB-related rules in - /etc/shorewall/common.def have been changed from reject - to DROP. - - - - For easier identification, packets logged under the - norfc1918 interface option are now logged out of chains - named rfc1918. Previously, such packets were logged - under chains named logdrop. - - - - Distributors and developers seem to be regularly inventing new - naming conventions for kernel modules. To avoid the need to change - Shorewall code for each new convention, the MODULE_SUFFIX option has - been added to shorewall.conf. MODULE_SUFFIX may be set to the suffix - for module names in your particular distribution. If MODULE_SUFFIX is - not set in shorewall.conf, Shorewall will use the list o gz ko - o.gz. To see what suffix is used by your distribution: - - ls /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter - - All of the files listed should have the same suffix (extension). - Set MODULE_SUFFIX to that suffix. Examples: - - - - If all files end in .kzo then set - MODULE_SUFFIX="kzo" - - - - If all files end in .kz.o then set - MODULE_SUFFIX="kz.o" - - - - - - Support for user defined rule ACTIONS has been implemented - through two new files: /etc/shorewall/actions - - used to list the user-defined ACTIONS./etc/shorewall/action.template - - For each user defined <action>:copy - this file to /etc/shorewall/action.<action>Add - the appropriate rules in that file for the <action>.Once - an <action> has been defined, it may be used like any of the - builtin ACTIONS (ACCEPT, DROP, etc.) in /etc/shorewall/rules. - - Example: You want an action that logs a packet at the - info level and accepts the connection. - - In /etc/shorewall/actions, you would add: - - - LogAndAccept - - - You would then copy /etc/shorewall/action.template to - /etc/shorewall/action.LogAndAccept and in that file, you would add the - two rules: - - - LOG:info - - ACCEPT - - - -
-
\ No newline at end of file