Manpage updates:

- interfaces: Clarify the 'bridge' option - rtrules: Warn about similar rules with same priority
2017-02-10 11:43:04 -08:00 · 2017-02-10 11:43:04 -08:00 · 09fda9eb6c
commit 09fda9eb6c
parent 7e984af094
4 changed files with 34 additions and 0 deletions
--- a/Shorewall/manpages/shorewall-interfaces.xml
+++ b/Shorewall/manpages/shorewall-interfaces.xml
@ -303,6 +303,12 @@ loc     eth2            -</programlisting>
                <para>Designates the interface as a bridge. Beginning with
                Shorewall 4.4.7, setting this option also sets
                <option>routeback</option>.</para>
+
+                <note>
+                  <para>If you have a bridge that you don't intend to define
+                  bport zones on, then it is best to omit this option and
+                  simply specify <option>routeback</option>.</para>
+                </note>
              </listitem>
            </varlistentry>

--- a/Shorewall/manpages/shorewall-rtrules.xml
+++ b/Shorewall/manpages/shorewall-rtrules.xml
@ -129,6 +129,17 @@
          <para>Beginning with Shorewall 5.0.2, the priority may be followed
          optionally by an exclaimation mark ("!"). This causes the rule to
          remain in place if the interface is disabled.</para>
+
+          <caution>
+            <para>Be careful when using rules of the same PRIORITY as some
+            unexpected behavior can occur when multiple rules have the same
+            SOURCE. For example, in the following rules, the second rule
+            overwrites the first unless the priority in the second is changed
+            to 19001 or higher:</para>
+
+            <programlisting>10.10.0.0/24    192.168.5.6 provider1 19000
+10.10.0.0/24    -           provider2 19000</programlisting>
+          </caution>
        </listitem>
      </varlistentry>

--- a/Shorewall6/manpages/shorewall6-interfaces.xml
+++ b/Shorewall6/manpages/shorewall6-interfaces.xml
@ -234,6 +234,12 @@ loc     eth2            -</programlisting>
                <para>Designates the interface as a bridge. Beginning with
                Shorewall 4.4.7, setting this option also sets
                <option>routeback</option>.</para>
+
+                <note>
+                  <para>If you have a bridge that you don't intend to define
+                  bport zones on, then it is best to omit this option and
+                  simply specify <option>routeback</option>.</para>
+                </note>
              </listitem>
            </varlistentry>

--- a/Shorewall6/manpages/shorewall6-rtrules.xml
+++ b/Shorewall6/manpages/shorewall6-rtrules.xml
@ -129,6 +129,17 @@
          <para>Beginning with Shorewall 5.0.2, the priority may be followed
          optionally by an exclaimation mark ("!"). This causes the rule to
          remain in place if the interface is disabled.</para>
+
+          <caution>
+            <para>Be careful when using rules of the same PRIORITY as some
+            unexpected behavior can occur when multiple rules have the same
+            SOURCE. For example, in the following rules, the second rule
+            overwrites the first unless the priority in the second is changed
+            to 19001 or higher:</para>
+
+            <programlisting>2601:601:8b00:bf0::/64 2001:470:b:787::542 provider1 19000
+2601:601:8b00:bf0::/64 -                   provider2 19000</programlisting>
+          </caution>
        </listitem>
      </varlistentry>