Improve comments in the policy file

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@512 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-03-21 05:07:18 +00:00 · 2003-03-21 05:07:18 +00:00 · 4f8c8857e4
commit 4f8c8857e4
parent 6e843ec524
1 changed files with 20 additions and 1 deletions
--- a/Shorewall/policy
+++ b/Shorewall/policy
@ -22,7 +22,26 @@
 #			 Shorewall will not start!
 #
 #	POLICY		Policy if no match from the rules file is found. Must
-#			be "ACCEPT", "DROP", "REJECT", "CONTINUE" or "NONE"..
+#			be "ACCEPT", "DROP", "REJECT", "CONTINUE" or "NONE".
+#
+#			ACCEPT		- Accept the connection
+#			DROP		- Ignore the connection request
+#			REJECT		- For TCP, send RST. For all other, send
+#					  "port unreachable" ICMP.
+#			CONTINUE	- Pass the connection request past
+#					  any other rules that it might also
+#					  match (where the source or destination
+#					  zone in those rules is a superset of
+#					  the SOURCE or DEST in this policy).
+#			NONE		- Assume that there will never be any
+#					  packets from this SOURCE
+#					  to this DEST. Shorewall will not set up
+#					  any infrastructure to handle such
+#				 	  packets and you may not have any rules
+#					  with this SOURCE and DEST in the
+#					  /etc/shorewall/rules file. If such a 
+#					  packet _is_ received, the result is 
+#					  undefined.
 #
 #	LOG LEVEL	If supplied, each connection handled under the default
 #			POLICY is logged at that level. If not supplied, no