Update the description of BLACKLISTNEWONLY to match the implementation.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-22 09:11:15 -08:00 · 2013-01-22 09:11:15 -08:00 · 17eae4adee
commit 17eae4adee
parent f61f5a8183
2 changed files with 12 additions and 7 deletions
--- a/Shorewall/manpages/shorewall.conf.xml
+++ b/Shorewall/manpages/shorewall.conf.xml
@ -424,10 +424,11 @@
        <listitem>
          <para>When set to <emphasis role="bold">Yes</emphasis> or <emphasis
          role="bold">yes</emphasis>, blacklists are only consulted for new
-          connections. That includes entries in the <ulink
-          url="???">shorewall-blrules</ulink> (5) file and in the BLACKLIST
-          section of <ulink url="shorewall-rules.html">shorewall-rules</ulink>
-          (5).</para>
+          connections and for packets in the INVALID connection state (such as
+          TCP SYN,ACK when there has been no corresponding SYN). That includes
+          entries in the <ulink url="???">shorewall-blrules</ulink> (5) file
+          and in the BLACKLIST section of <ulink
+          url="shorewall-rules.html">shorewall-rules</ulink> (5).</para>

          <para>When set to <emphasis role="bold">No</emphasis> or <emphasis
          role="bold">no</emphasis>, blacklists are consulted for every packet
--- a/Shorewall6/manpages/shorewall6.conf.xml
+++ b/Shorewall6/manpages/shorewall6.conf.xml
@ -356,9 +356,13 @@
        <listitem>
          <para>When set to <emphasis role="bold">Yes</emphasis> or <emphasis
          role="bold">yes</emphasis>, blacklists are only consulted for new
-          connections. This includes entries in the <ulink
-          url="???">shorewall-blrules</ulink> (5) file and in the BLACKLIST
-          section of <ulink
+          connections, for packets in the INVALID connection state (such as a
+          TCP SYN,ACK when there has been no corresponding SYN), and for
+          packets that are UNTRACKED due to entries in <ulink
+          url="shorewall6-conntrack.html">shorewall6-conntrack</ulink>(5).
+          This includes entries in the <ulink
+          url="shorewall6-blrules.html">shorewall6-blrules</ulink> (5) file
+          and in the BLACKLIST section of <ulink
          url="shorewall6-rules.html">shorewall6-rules</ulink> (5).</para>

          <para>When set to <emphasis role="bold">No</emphasis> or <emphasis