From 3730283b6435a447d7e969a260e5e1716f447331 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 4 Apr 2011 08:32:18 -0700 Subject: [PATCH] Move and correct EXPORTMODULES in shorewall6.conf manpage --- Shorewall/changelog.txt | 4 +++ Shorewall/releasenotes.txt | 10 +++++++ manpages6/shorewall6.conf.xml | 50 +++++++++++------------------------ 3 files changed, 29 insertions(+), 35 deletions(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index e8c5f5250..3504dee9c 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -2,6 +2,10 @@ Changes in Shorewall 4.4.19 RC 1 1) Correct release notes. +2) Display mangle table in the output from 'shorewall show tc'. + +3) Exit tcpost early if connection is marked. + Changes in Shorewall 4.4.19 Beta 5 1) Fix logical naming and bridge. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 0eae4c2a0..e8d3a18c5 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -121,6 +121,16 @@ Beta 1 5) A list of protocols is now permitted in the PROTO column of the rules file. +6) The contents of the Netfilter mangle table are now included in the + output from 'shorewall show tc'. + +7) When simple traffic shaping is configured, the postrouting marking + chain 'tcpost' is now exited early if the connection was previously + marked. + + Note: tcpost is usually deleted by optimization level 4 and its + rules appear in the POSTROUTING chain. + ---------------------------------------------------------------------------- I V. R E L E A S E 4 . 4 H I G H L I G H T S ---------------------------------------------------------------------------- diff --git a/manpages6/shorewall6.conf.xml b/manpages6/shorewall6.conf.xml index a8937f84a..53ea68b26 100644 --- a/manpages6/shorewall6.conf.xml +++ b/manpages6/shorewall6.conf.xml @@ -444,22 +444,23 @@ - EXPAND_POLICIES={Yes|No} + EXPORTMODULES=[Yes|No] - Normally, when the SOURCE or DEST columns in - shorewall6-policy(5) contains 'all', a single policy chain is - created and the policy is enforced in that chain. For example, if - the policy entry is#SOURCE DEST POLICY LOG -# LEVEL -net all DROP infothen the chain name is 'net2all' - which is also the chain named in Shorewall6 log messages generated - as a result of the policy. If EXPAND_POLICIES=Yes, then Shorewall6 - will create a separate chain for each pair of zones covered by the - policy. This makes the resulting log messages easier to interpret - since the chain in the messages will have a name of the form 'a2b' - where 'a' is the SOURCE zone and 'b' is the DEST zone. + Added in Shorewall 4.4.17. When set to Yes when compiling for + use by Shorewall6 Lite (shorewall6 load, + shorewall6 reload or shorewall6 + export commands), the compiler will copy the modules or + helpers file from the administrative system into the script. When + set to No or not specified, the compiler will not copy the modules + or helpers file from /usr/share/shorewall6 but + will copy the found in another location on the CONFIG_PATH. + + When compiling for direct use by Shorewall6, causes the + contents of the local module or helpers file to be copied into the + compiled script. When set to No or not set, the compiled script + reads the file itself. @@ -1492,27 +1493,6 @@ net all DROP infothen the chain name is 'net2all' - - EXPORTMODULES=[Yes|No] - - - Added in Shorewall 4.4.17. When set to Yes when compiling for - use by Shorewall6 LIte (shorewall6 load, - shorewall6 reload or shorewall6 - export commands), the compiler will copy the modules or - helpers file from the administrative system into the script. When - set to No or not specified, the compiler will not copy the modules - or helpers file from /usr/share/shorewall6 but - will copy the found in another location on the CONFIG_PATH. - - When compiling for direct use by Shorewall6, causes the - contents of the local module or helpers file to be copied into the - compiled script. When set to No or not set, the compiled script - reads the file itself. - - - VERBOSITY=[number]