forked from extern/shorewall_code
More manpage updates for 4.4.13
This commit is contained in:
parent
94cdc73ec2
commit
10a9ae496a
@ -1885,7 +1885,7 @@ sub generate_matrix() {
|
||||
my $fw = firewall_zone;
|
||||
my $notrackref = $raw_table->{notrack_chain $fw};
|
||||
my $state = $config{BLACKLISTNEWONLY} ? $globals{UNTRACKED} ? "$globals{STATEMATCH} NEW,INVALID,UNTRACKED " : "$globals{STATEMATCH} NEW,INVALID " : '';
|
||||
my $blackout = $filter_table->{blackout} && @{$filter_table->{blackout}{rules}};
|
||||
my $blackout = $filter_table->{blackout};
|
||||
my @zones = off_firewall_zones;
|
||||
my @vservers = vserver_zones;
|
||||
my $interface_jumps_added = 0;
|
||||
@ -2034,7 +2034,7 @@ sub generate_matrix() {
|
||||
my $interfacematch = '';
|
||||
my $use_output = 0;
|
||||
|
||||
if ( @vservers || use_output_chain( $interface, $interfacechainref ) || ( ( $blacklist || @{$interfacechainref->{rules}} ) && ! $chain1ref ) ) {
|
||||
if ( @vservers || use_output_chain( $interface, $interfacechainref ) || $blacklist || ( @{$interfacechainref->{rules}} && ! $chain1ref ) ) {
|
||||
$outputref = $interfacechainref;
|
||||
add_jump $filter_table->{OUTPUT}, $outputref, 0, match_dest_dev( $interface ) unless $output_jump_added{$interface}++;
|
||||
$use_output = 1;
|
||||
@ -2048,7 +2048,6 @@ sub generate_matrix() {
|
||||
} else {
|
||||
$outputref = $filter_table->{OUTPUT};
|
||||
$interfacematch = match_dest_dev $interface;
|
||||
$needs_bl_jump{output_chain $interface} = 1 if $blacklist;
|
||||
}
|
||||
|
||||
add_jump $outputref , $nextchain, 0, join( '', $interfacematch, $dest, $ipsec_out_match );
|
||||
|
@ -231,13 +231,16 @@ loc eth2 -</programlisting>
|
||||
<ulink
|
||||
url="shorewall-blacklist.html">shorewall-blacklist</ulink>(5)
|
||||
file. The value may be specified when running Shorewall 4.4.13
|
||||
or later and can have a value in the range 1-2</para>
|
||||
or later and can have a value in the range 1-2; entering no
|
||||
value is equivalent to blacklist=1.</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>Input blacklisting (default if no value given).
|
||||
Traffic entering this interface are passed against the
|
||||
entries in <ulink
|
||||
<para>Input blacklisting (default if no value given). This
|
||||
setting is intended for Internet-facing interfaces.</para>
|
||||
|
||||
<para>Traffic entering this interface is passed against
|
||||
the entries in <ulink
|
||||
url="shorewall-blacklist.html">shorewall-blacklist</ulink>(5)
|
||||
that have the <emphasis role="bold">from</emphasis> option
|
||||
(specified or defaulted). Traffic originating on the
|
||||
@ -249,9 +252,11 @@ loc eth2 -</programlisting>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Output blacklisting. Forward traffic that entered
|
||||
through this interface is passed against the entries in
|
||||
<ulink
|
||||
<para>Output blacklisting. This setting is intended for
|
||||
internal interfaces.</para>
|
||||
|
||||
<para>Forwarded traffic that entered through this
|
||||
interface is passed against the entries in <ulink
|
||||
url="shorewall-blacklist.html">shorewall-blacklist</ulink>(5)
|
||||
that have the <emphasis role="bold">to</emphasis>
|
||||
option.</para>
|
||||
|
@ -18,14 +18,25 @@
|
||||
<cmdsynopsis>
|
||||
<command>/usr/share/shorewall/modules</command>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>/usr/share/shorewall/helpers</command>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>Description</title>
|
||||
|
||||
<para>This file specifies which kernel modules Shorewall will load before
|
||||
trying to determine your iptables/kernel's capabilities. Each record in
|
||||
the file has the following format:</para>
|
||||
<para>These files specify which kernel modules Shorewall will load before
|
||||
trying to determine your iptables/kernel's capabilities.</para>
|
||||
|
||||
<para>The <filename>modules</filename> file is used when
|
||||
LOAD_HELPERS_ONLY=No in <ulink
|
||||
url="shorewall.conf.html">shorewall.conf</ulink>(8); the
|
||||
<filename>helpers</filename> file is used when
|
||||
LOAD_HELPERS_ONLY=Yes</para>
|
||||
|
||||
<para>Each record in the files has the following format:</para>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>loadmodule</command>
|
||||
@ -45,7 +56,8 @@
|
||||
|
||||
<para>The /usr/share/shorewall/modules file contains a large number of
|
||||
modules. Users are encouraged to copy the file to /etc/shorewall/modules
|
||||
and modify the copy to load only the modules required.<note>
|
||||
and modify the copy to load only the modules required or to use
|
||||
LOAD_HELPERS_ONLY=Yes.<note>
|
||||
<para>If you build monolithic kernels and have not installed
|
||||
module-init-tools, then create an empty /etc/shorewall/modules file;
|
||||
that will prevent Shorewall from trying to load modules at all.</para>
|
||||
@ -63,7 +75,11 @@
|
||||
|
||||
<para>/usr/share/shorewall/modules</para>
|
||||
|
||||
<para>/usr/share/shorewall/helpers</para>
|
||||
|
||||
<para>/etc/shorewall/modules</para>
|
||||
|
||||
<para>/etc/shorewall/helpers</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
@ -74,8 +90,9 @@
|
||||
shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
|
||||
shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
|
||||
shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_rules(5),
|
||||
shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5),
|
||||
shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
|
||||
shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</para>
|
||||
shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
|
||||
shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
|
||||
shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
|
||||
shorewall-zones(5)</para>
|
||||
</refsect1>
|
||||
</refentry>
|
||||
|
@ -120,13 +120,16 @@ loc eth2 -</programlisting>
|
||||
|
||||
<listitem>
|
||||
<para>The value may be specified when running Shorewall 4.4.13
|
||||
or later and can have a value in the range 1-2</para>
|
||||
or later and can have a value in the range 1-2. Specifying no
|
||||
value is equivalent to blacklist=1.</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>Input blacklisting (default if no value given).
|
||||
Traffic entering this interface are passed against the
|
||||
entries in <ulink
|
||||
<para>Input blacklisting (default if no value given). This
|
||||
setting is intended for Internet-facing interfaces.</para>
|
||||
|
||||
<para>Traffic entering this interface is passed against
|
||||
the entries in <ulink
|
||||
url="shorewall6-blacklist.html">shorewall6-blacklist</ulink>(5)
|
||||
that have the <emphasis role="bold">from</emphasis> option
|
||||
(specified or defaulted). Traffic originating on the
|
||||
@ -138,8 +141,11 @@ loc eth2 -</programlisting>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Output blacklisting. Traffic entering on this
|
||||
interface is passed against the entries in <ulink
|
||||
<para>Output blacklisting. This setting is intended for
|
||||
internal interfaces.</para>
|
||||
|
||||
<para>Traffic entering on this interface is passed against
|
||||
the entries in <ulink
|
||||
url="shorewall6-blacklist.html">shorewall6-blacklist</ulink>(5)
|
||||
that have the <emphasis role="bold">to</emphasis>
|
||||
option.</para>
|
||||
@ -382,8 +388,8 @@ dmz eth2 -</programlisting>
|
||||
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-maclist(5),
|
||||
shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5),
|
||||
shorewall6-route_rules(5), shorewall6-routestopped(5),
|
||||
shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5),
|
||||
shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5),
|
||||
shorewall6-tunnels(5), shorewall6-zones(5)</para>
|
||||
shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5),
|
||||
shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),
|
||||
shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)</para>
|
||||
</refsect1>
|
||||
</refentry>
|
||||
|
@ -18,14 +18,23 @@
|
||||
<cmdsynopsis>
|
||||
<command>/usr/share/shorewall6/modules</command>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>/usr/share/shorewall6/helpers</command>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>Description</title>
|
||||
|
||||
<para>This file specifies which kernel modules shorewall6 will load before
|
||||
trying to determine your ip6tables/kernel's capabilities. Each record in
|
||||
the file has the following format:</para>
|
||||
<para>These files specify which kernel modules shorewall6 will load before
|
||||
trying to determine your ip6tables/kernel's capabilities. The
|
||||
<filename>modules</filename> file is used when LOAD_HELPERS_ONLY=No in
|
||||
<ulink url="shorewall6.conf.html">shorewall6.conf</ulink>(8); the
|
||||
<filename>helpers</filename> file is used when
|
||||
LOAD_HELPERS_ONLY=Yes.</para>
|
||||
|
||||
<para>Each record in the files has the following format:</para>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>loadmodule</command>
|
||||
@ -45,7 +54,8 @@
|
||||
|
||||
<para>The /usr/share/shorewall6/modules file contains a large number of
|
||||
modules. Users are encouraged to copy the file to /etc/shorewall6/modules
|
||||
and modify the copy to load only the modules required.<note>
|
||||
and modify the copy to load only the modules required or use
|
||||
LOAD_HELPERS_ONLY=Yes.<note>
|
||||
<para>If you build monolithic kernels and have not installed
|
||||
module-init-tools, then create an empty /etc/shorewall6/modules file;
|
||||
that will prevent shorewall6 from trying to load modules at
|
||||
@ -64,7 +74,11 @@
|
||||
|
||||
<para>/usr/share/shorewall6/modules</para>
|
||||
|
||||
<para>/usr/share/shorewall6/helpers</para>
|
||||
|
||||
<para>/etc/shorewall6/modules</para>
|
||||
|
||||
<para>/etc/shorewall6/helpers</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
@ -74,8 +88,9 @@
|
||||
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
|
||||
shorewall6-maclist(5), shorewall6-params(5), shorewall6-policy(5),
|
||||
shorewall6-providers(5), shorewall6-route_rules(5),
|
||||
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5),
|
||||
shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),
|
||||
shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)</para>
|
||||
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
|
||||
shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),
|
||||
shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5),
|
||||
shorewall6-zones(5)</para>
|
||||
</refsect1>
|
||||
</refentry>
|
||||
|
Loading…
Reference in New Issue
Block a user