forked from extern/shorewall_code
More SWTICH changes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
76707d29ba
commit
12bfc14c5f
@ -6,8 +6,8 @@
|
|||||||
# The manpage is also online at
|
# The manpage is also online at
|
||||||
# http://www.shorewall.net/manpages/shorewall-rules.html
|
# http://www.shorewall.net/manpages/shorewall-rules.html
|
||||||
#
|
#
|
||||||
####################################################################################################################################################
|
###################################################################################################################################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
|
||||||
# PORT PORT(S) DEST LIMIT GROUP
|
# PORT PORT(S) DEST LIMIT GROUP
|
||||||
#SECTION ALL
|
#SECTION ALL
|
||||||
#SECTION ESTABLISHED
|
#SECTION ESTABLISHED
|
||||||
|
|||||||
@ -10,8 +10,8 @@
|
|||||||
# See the file README.txt for further details.
|
# See the file README.txt for further details.
|
||||||
#------------------------------------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------------------------------------
|
||||||
# For information on entries in this file, type "man shorewall-rules"
|
# For information on entries in this file, type "man shorewall-rules"
|
||||||
#############################################################################################################
|
######################################################################################################################################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
|
||||||
# PORT PORT(S) DEST LIMIT GROUP
|
# PORT PORT(S) DEST LIMIT GROUP
|
||||||
#SECTION ALL
|
#SECTION ALL
|
||||||
#SECTION ESTABLISHED
|
#SECTION ESTABLISHED
|
||||||
|
|||||||
@ -10,8 +10,8 @@
|
|||||||
# See the file README.txt for further details.
|
# See the file README.txt for further details.
|
||||||
#------------------------------------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------------------------------------
|
||||||
# For information about entries in this file, type "man shorewall-rules"
|
# For information about entries in this file, type "man shorewall-rules"
|
||||||
#############################################################################################################
|
######################################################################################################################################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
|
||||||
# PORT PORT(S) DEST LIMIT GROUP
|
# PORT PORT(S) DEST LIMIT GROUP
|
||||||
#SECTION ALL
|
#SECTION ALL
|
||||||
#SECTION ESTABLISHED
|
#SECTION ESTABLISHED
|
||||||
|
|||||||
@ -10,8 +10,8 @@
|
|||||||
# See the file README.txt for further details.
|
# See the file README.txt for further details.
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
# For information about entries in this file, type "man shorewall-rules"
|
# For information about entries in this file, type "man shorewall-rules"
|
||||||
#############################################################################################################
|
######################################################################################################################################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
|
||||||
# PORT PORT(S) DEST LIMIT GROUP
|
# PORT PORT(S) DEST LIMIT GROUP
|
||||||
#SECTION ALL
|
#SECTION ALL
|
||||||
#SECTION ESTABLISHED
|
#SECTION ESTABLISHED
|
||||||
|
|||||||
@ -6,8 +6,8 @@
|
|||||||
# The manpage is also online at
|
# The manpage is also online at
|
||||||
# http://www.shorewall.net/manpages/shorewall-rules.html
|
# http://www.shorewall.net/manpages/shorewall-rules.html
|
||||||
#
|
#
|
||||||
####################################################################################################################################################
|
###########################################################################################################################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
|
||||||
# PORT PORT(S) DEST LIMIT GROUP
|
# PORT PORT(S) DEST LIMIT GROUP
|
||||||
#SECTION ALL
|
#SECTION ALL
|
||||||
#SECTION ESTABLISHED
|
#SECTION ESTABLISHED
|
||||||
|
|||||||
@ -10,8 +10,8 @@
|
|||||||
# See the file README.txt for further details.
|
# See the file README.txt for further details.
|
||||||
#------------------------------------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------------------------------------
|
||||||
# For information on entries in this file, type "man shorewall6-rules"
|
# For information on entries in this file, type "man shorewall6-rules"
|
||||||
#############################################################################################################
|
###########################################################################################################################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
|
||||||
# PORT PORT(S) DEST LIMIT GROUP
|
# PORT PORT(S) DEST LIMIT GROUP
|
||||||
#SECTION ALL
|
#SECTION ALL
|
||||||
#SECTION ESTABLISHED
|
#SECTION ESTABLISHED
|
||||||
|
|||||||
@ -10,8 +10,8 @@
|
|||||||
# See the file README.txt for further details.
|
# See the file README.txt for further details.
|
||||||
#------------------------------------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------------------------------------
|
||||||
# For information about entries in this file, type "man shorewall6-rules"
|
# For information about entries in this file, type "man shorewall6-rules"
|
||||||
#############################################################################################################
|
###########################################################################################################################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
|
||||||
# PORT PORT(S) DEST LIMIT GROUP
|
# PORT PORT(S) DEST LIMIT GROUP
|
||||||
#SECTION ALL
|
#SECTION ALL
|
||||||
#SECTION ESTABLISHED
|
#SECTION ESTABLISHED
|
||||||
|
|||||||
@ -10,8 +10,8 @@
|
|||||||
# See the file README.txt for further details.
|
# See the file README.txt for further details.
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
# For information about entries in this file, type "man shorewall6-rules"
|
# For information about entries in this file, type "man shorewall6-rules"
|
||||||
#############################################################################################################
|
###########################################################################################################################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
|
||||||
# PORT PORT(S) DEST LIMIT GROUP
|
# PORT PORT(S) DEST LIMIT GROUP
|
||||||
#SECTION ALL
|
#SECTION ALL
|
||||||
#SECTION ESTABLISHED
|
#SECTION ESTABLISHED
|
||||||
|
|||||||
@ -18,7 +18,7 @@
|
|||||||
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
|
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
|
||||||
|
|
||||||
<copyright>
|
<copyright>
|
||||||
<year>2001-2010</year>
|
<year>2001-2011</year>
|
||||||
|
|
||||||
<holder>Thomas M. Eastep</holder>
|
<holder>Thomas M. Eastep</holder>
|
||||||
</copyright>
|
</copyright>
|
||||||
@ -1624,7 +1624,7 @@ DNAT net loc:192.168.1.3 tcp 4000:4100</programlisting>
|
|||||||
above.</para>
|
above.</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section id="Switches">
|
||||||
<title>Switches</title>
|
<title>Switches</title>
|
||||||
|
|
||||||
<para>There are times when you would like to enable or disable one or more
|
<para>There are times when you would like to enable or disable one or more
|
||||||
@ -1640,9 +1640,9 @@ DNAT net loc:192.168.1.3 tcp 4000:4100</programlisting>
|
|||||||
Support requires that you install xtables-addons.</para>
|
Support requires that you install xtables-addons.</para>
|
||||||
|
|
||||||
<para>The SWITCH column contains the name of a
|
<para>The SWITCH column contains the name of a
|
||||||
<firstterm>switch.</firstterm> Each switch that is normally initially in
|
<firstterm>switch.</firstterm> Each switch that is initially in the
|
||||||
the off position. You can turn on the switch condition named
|
<emphasis role="bold">off</emphasis> position. You can turn on the switch
|
||||||
<emphasis>switch1</emphasis> by:</para>
|
named <emphasis>switch1</emphasis> by:</para>
|
||||||
|
|
||||||
<simplelist>
|
<simplelist>
|
||||||
<member><command>echo 1 >
|
<member><command>echo 1 >
|
||||||
@ -1657,9 +1657,10 @@ DNAT net loc:192.168.1.3 tcp 4000:4100</programlisting>
|
|||||||
</simplelist>
|
</simplelist>
|
||||||
|
|
||||||
<para>If you simply include the switch name in the SWITCH column, then the
|
<para>If you simply include the switch name in the SWITCH column, then the
|
||||||
rule is enabled only when the switch is on. If you precede the switch name
|
rule is enabled only when the switch is <emphasis
|
||||||
with ! (e.g., !switch1), then the rule is enabled only when the switch is
|
role="bold">on</emphasis>. If you precede the switch name with ! (e.g.,
|
||||||
off. </para>
|
!switch1), then the rule is enabled only when the switch is <emphasis
|
||||||
|
role="bold">off</emphasis>. </para>
|
||||||
|
|
||||||
<warning>
|
<warning>
|
||||||
<para>The <command>shorewall restart</command> command resets all
|
<para>The <command>shorewall restart</command> command resets all
|
||||||
@ -1667,7 +1668,19 @@ DNAT net loc:192.168.1.3 tcp 4000:4100</programlisting>
|
|||||||
</warning>
|
</warning>
|
||||||
|
|
||||||
<para>Shorewall requires that switch names begin with a letter and be
|
<para>Shorewall requires that switch names begin with a letter and be
|
||||||
composed of letters, digits, underscore ('_') or hyphen ('-').</para>
|
composed of letters, digits, underscore ('_') or hyphen ('-'). Multiple
|
||||||
|
rules can be controlled by the same switch.</para>
|
||||||
|
|
||||||
|
<para>Example:</para>
|
||||||
|
|
||||||
|
<blockquote>
|
||||||
|
<para>Forward port 80 to dmz host $BACKUP if switch 'primary_down' is
|
||||||
|
on.</para>
|
||||||
|
|
||||||
|
<programlisting>#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
|
||||||
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
|
DNAT net dmz:$BACKUP tcp 80 - - - - - - - - primary_down </programlisting>
|
||||||
|
</blockquote>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="Logical">
|
<section id="Logical">
|
||||||
|
|||||||
@ -1184,10 +1184,10 @@
|
|||||||
<term>Example 6:</term>
|
<term>Example 6:</term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Forward port 80 to dmz host $BACKUP if condition
|
<para>Forward port 80 to dmz host $BACKUP if switch 'primary_down'
|
||||||
'primary_down' is set.</para>
|
is set.</para>
|
||||||
|
|
||||||
<programlisting> #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS CONDITION
|
<programlisting> #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
DNAT net dmz:$BACKUP tcp 80 - - - - - - - - primary_down</programlisting>
|
DNAT net dmz:$BACKUP tcp 80 - - - - - - - - primary_down</programlisting>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user