From 2322635ac4fc1e4c807ad17ff986ae1d5e4e3abf Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Wed, 10 Nov 2004 21:10:06 +0000
Subject: [PATCH] Update for Shorewall 2.2.0 -- take 2

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1746 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Samples/one-interface/rules | 40 +++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/Samples/one-interface/rules b/Samples/one-interface/rules
index 428bdad1c..378d49fcd 100755
--- a/Samples/one-interface/rules
+++ b/Samples/one-interface/rules
@@ -26,6 +26,15 @@
 #
 #				ACCEPT
 #						Allow the connection request
+#				ACCEPT+
+#						Like ACCEPT but also excludes the
+#						connection from any subsequent
+#						DNAT[-] or REDIRECT[-] rules
+#				NONAT
+#						Excludes the connection from any
+#						subsequent DNAT[-] or REDIRECT[-]
+#						rules but doesn't generate a rule
+#						to accept the traffic.
 #				DROP
 #						Ignore the request
 #				REJECT
@@ -73,11 +82,34 @@
 #			log level (e.g, REJECT:info or DNAT:debug). This causes the 
 #			packet to be logged at the specified level.
 #		
+#			If the ACTION names an action defined in
+#			/etc/shorewall/actions or in
+#			/usr/share/shorewall/actions.std then:
+#
+#			- If the log level is followed by "!' then all rules
+#			  in the action are logged at the log level.
+#
+#			- If the log level is not followed by "!" then only
+#			  those rules in the action that do not specify
+#			  logging are logged at the specified level.
+#
+#			- The special log level 'none!' suppresses logging
+#			  by the action.
+#
 #			You may also specify ULOG (Must be in upper case) as a log
 #			level. This will log to the ULOG target for routing to a
 #			seperate log through the use of ulogd.
 #			(http://www.gnumonks.org/projects/ulogd).						
 #
+#			Actions specifying logging may be followed by a
+#			log tag (a string of alphanumeric characters)
+#			are appended to the string generated by the
+#			LOGPREFIX (in /etc/shorewall/shorewall.conf).
+#
+#			Example: ACCEPT:info:ftp would include 'ftp '
+#			at the end of the log prefix generated by the
+#			LOGPREFIX setting.
+##
 #	SOURCE		Source hosts to which the rule applies. May be a zone
 #			defined in /etc/shorewall/zones, $FW to indicate the
 #			firewall itself, or "all" If the ACTION is DNAT or
@@ -85,6 +117,10 @@
 #			excluded from the rule by following the zone name with
 #			"!' and a comma-separated list of sub-zone names.
 #
+#			When "all" is used either in the SOURCE or DEST column
+#			intra-zone traffic is not affected. You must add
+#			separate rules to handle that traffic.
+#
 #			Except when "all" is specified, clients may be further
 #			restricted to a list of subnets and/or hosts by
 #			appending ":" and a comma-separated list of subnets
@@ -109,6 +145,10 @@
 #						Host on the Internet with
 #						MAC address 00:A0:C9:15:39:78.
 #
+#			net:192.0.2.11-192.0.2.17
+#						Hosts 192.0.2.11-192.0.2.17 in
+#						the net zone.
+#
 #			Alternatively, clients may be specified by interface
 #			by appending ":" to the zone name followed by the
 #			interface name. For example, net:eth0 specifies a