holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Update FAQ 17

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-04-25 09:44:24 -07:00
parent c9b4d3d8c8
commit 3a362a7004
1 changed files with 39 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
docs/FAQ.xml
View File

@ -1486,8 +1486,11 @@ teastep@ursa:~$ </programlisting>The first number determines the maximum log
<variablelist> <variablelist>
<varlistentry id="all2all"> <varlistentry id="all2all">
<term>all2<emphasis>zone</emphasis>, <emphasis>zone</emphasis>2all <term><emphasis role="bold"><replaceable>zone</replaceable>2all,
or all2all</term> <replaceable>zone</replaceable>-all,
all2<replaceable>zone</replaceable>,
all-<replaceable>zone</replaceable>, all2all or
all-all</emphasis></term>
<listitem> <listitem>
<para>You have a <filename><ulink <para>You have a <filename><ulink
@ -1506,7 +1509,9 @@ teastep@ursa:~$ </programlisting>The first number determines the maximum log
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis>zone</emphasis>12<emphasis>zone2</emphasis></term> <term><emphasis
role="bold"><replaceable>zone1</replaceable>2<replaceable>zone2</replaceable>
or <replaceable>zone1-zone2</replaceable></emphasis></term>
<listitem> <listitem>
<para>Either you have a <ulink <para>Either you have a <ulink
@ -1520,23 +1525,39 @@ teastep@ursa:~$ </programlisting>The first number determines the maximum log
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>@<emphasis>source</emphasis>2<emphasis>dest</emphasis></term> <term><emphasis
role="bold">@<replaceable>zone1</replaceable>2<replaceable>zone2</replaceable>
or
@<replaceable>zone1</replaceable>-<replaceable>zone2</replaceable></emphasis></term>
<listitem> <listitem>
<para>You have a policy for traffic from <para>You have a policy for traffic from
<emphasis>source</emphasis> to <emphasis>dest</emphasis> that <replaceable>zone1</replaceable> to
specifies TCP connection rate limiting (value in the LIMIT:BURST <replaceable>zone2</replaceable> that specifies TCP connection
column). The logged packet exceeds that limit and was dropped. rate limiting (value in the LIMIT:BURST column). The logged packet
Note that these log messages themselves are severely rate-limited exceeds that limit and was dropped. Note that these log messages
so that a syn-flood won't generate a secondary DOS because of themselves are severely rate-limited so that a syn-flood won't
excessive log message. These log messages were added in Shorewall generate a secondary DOS because of excessive log message. These
2.2.0 Beta 7.</para> log messages were added in Shorewall 2.2.0 Beta 7.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis>interface</emphasis>_mac or <term><emphasis
<emphasis>interface</emphasis>_rec</term> role="bold"><replaceable>zone1</replaceable>2<replaceable>zone2</replaceable>~,
<replaceable>zone1</replaceable>-<replaceable>zone2</replaceable>~
or ~blacklist<replaceable>nn</replaceable></emphasis></term>
<listitem>
<para>These are the result of entries in the <ulink
url="manpages/shorewall-blrules.html">/etc/shorewall/blrules</ulink>
file.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold"><emphasis>interface</emphasis>_mac or
<emphasis>interface</emphasis>_rec</emphasis></term>
<listitem> <listitem>
<para>The packet is being logged under the <emphasis <para>The packet is being logged under the <emphasis
@ -1547,7 +1568,7 @@ teastep@ursa:~$ </programlisting>The first number determines the maximum log
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>blacklist</term> <term><emphasis role="bold">blacklist</emphasis></term>
<listitem> <listitem>
<para>The packet is being logged because the source IP is <para>The packet is being logged because the source IP is
@ -1558,7 +1579,7 @@ teastep@ursa:~$ </programlisting>The first number determines the maximum log
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>INPUT or FORWARD</term> <term><emphasis role="bold">INPUT or FORWARD</emphasis></term>
<listitem> <listitem>
<para>The packet has a source IP address that isn't in any of your <para>The packet has a source IP address that isn't in any of your
@ -1585,7 +1606,7 @@ teastep@ursa:~$ </programlisting>The first number determines the maximum log
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>OUTPUT</term> <term><emphasis role="bold">OUTPUT</emphasis></term>
<listitem> <listitem>
<para>The packet has a destination IP address that isn't in any of <para>The packet has a destination IP address that isn't in any of
@ -1600,7 +1621,7 @@ teastep@ursa:~$ </programlisting>The first number determines the maximum log
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>logflags</term> <term><emphasis role="bold">logflags</emphasis></term>
<listitem> <listitem>
<para>The packet is being logged because it failed the checks <para>The packet is being logged because it failed the checks
@ -1611,7 +1632,7 @@ teastep@ursa:~$ </programlisting>The first number determines the maximum log
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>sfilter</term> <term><emphasis role="bold">sfilter</emphasis></term>
<listitem> <listitem>
<para>On systems running Shorewall 4.4.20 or later, either the <para>On systems running Shorewall 4.4.20 or later, either the