diff --git a/Shorewall-docs2/three-interface.xml b/Shorewall-docs2/three-interface.xml
index bcd47bd9a..bfdabd088 100755
--- a/Shorewall-docs2/three-interface.xml
+++ b/Shorewall-docs2/three-interface.xml
@@ -741,15 +741,14 @@ DNS/ACCEPT $FW dmz:10.10.11.1
In the rules shown above, DNS/ACCEPT
is an example of
a defined macro. Shorewall includes a number of
- defined macros and you can add your own.
- To see the list of macros included with your version of Shorewall, look in
- the file /usr/share/shorewall/actions.std.
+ defined macros and you can add your own.
+ To see the list of macros included with your version of Shorewall, run the
+ command ls
+ /usr/share/shorewall/macro.*.
You don't have to use defined macros when coding a rule in
- /etc/shorewall/rules; the generated Netfilter ruleset
- is slightly more efficient if you code your rules directly rather than
- using defined macros. The first example above (name server on the
- firewall) could also have been coded as follows:
+ /etc/shorewall/rules. The first example above (name
+ server on the firewall) could also have been coded as follows:
#ACTION SOURCE DEST PROTO DEST PORT(S)
ACCEPT loc $FW tcp 53
@@ -759,7 +758,9 @@ ACCEPT dmz $FW udp 53 In cases where Shorewall doesn't include a defined macro to meet
your needs, you can either define the macro yourself or you can simply
- code the appropriate rules directly.
+ code the appropriate rules directly. This
+ page can be of help if you don't know the protocol and port
+ involved.
@@ -779,8 +780,8 @@ SSH/ACCEPT loc dmz Those rules allow you to run
connect to those servers from your local systems.
If you wish to enable other connections between your systems, the
- general format for using a defined macro is: #ACTION SOURCE DEST PROTO DEST PORT(S)
-<macro> <source zone> <destination zone>
+ general format for using a defined macro is: #ACTION SOURCE DEST PROTO DEST PORT(S)
+<macro>/ACCEPT <source zone> <destination zone>
The general format when not using a defined action
is:#ACTION SOURCE DEST PROTO DEST PORT(S)
diff --git a/Shorewall-docs2/two-interface.xml b/Shorewall-docs2/two-interface.xml
index b89053740..940aa978b 100644
--- a/Shorewall-docs2/two-interface.xml
+++ b/Shorewall-docs2/two-interface.xml
@@ -12,7 +12,7 @@
Eastep
- 2005-09-12
+ 2005-09-20
2002-
@@ -714,12 +714,12 @@ DNS/ACCEPT $FW netThis rule allows
ACCEPT $FW net udp 53
ACCEPT $FW net tcp 53
- In cases where Shorewall doesn't include a defined action to meet
- your needs, you can either define the action yourself or you can simply
+ In cases where Shorewall doesn't include a defined macro to meet
+ your needs, you can either define the macro yourself or you can simply
code the appropriate rules directly.
The sample also includes: #ACTION SOURCE DEST PROTO DEST PORT(S)
-SSH/ACCEPT loc $FWThat rule allows you to run an
+SSH/ACCEPT loc $FW That rule allows you to run an
SSH server on your firewall and connect to that server
from your local systems.