forked from extern/shorewall_code
Add UNTRACKED match to the secmarks file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
ab381ed95e
commit
5265cd5bb7
@ -2221,7 +2221,10 @@ sub process_secmark_rule() {
|
||||
|
||||
my %state = ( N => 'NEW' ,
|
||||
I => 'INVALID',
|
||||
U => 'UNTRACKED',
|
||||
NI => 'NEW,INVALID',
|
||||
NU => 'NEW,UNTRACKED',
|
||||
NIU => 'NEW,INVALID,UNTRACKED',
|
||||
E => 'ESTABLISHED' ,
|
||||
ER => 'ESTABLISHED,RELATED',
|
||||
);
|
||||
|
@ -92,7 +92,7 @@
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">CHAIN:STATE (chain) -
|
||||
{P|I|F|O|T}[:{N|I|NI|E|ER}]</emphasis></term>
|
||||
{P|I|F|O|T}[:{N|I|U|NI|NU|NIU|NUI:E|ER}]</emphasis></term>
|
||||
|
||||
<listitem>
|
||||
<para>This column determines the CHAIN where the SElinux context is
|
||||
@ -125,6 +125,17 @@
|
||||
|
||||
<member>:ER - ESTABLISHED or RELATED connection</member>
|
||||
</simplelist>
|
||||
|
||||
<para>Beginning with Shorewall 4.5.10, the following additional
|
||||
options are available</para>
|
||||
|
||||
<simplelist>
|
||||
<member>:U - UNTRACKED connection</member>
|
||||
|
||||
<member>:NU - NEW or UNTRACKED connection</member>
|
||||
|
||||
<member>:NIU - NEW, INVALID or UNTRACKED connection.</member>
|
||||
</simplelist>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
@ -122,6 +122,17 @@
|
||||
|
||||
<member>:ER - ESTABLISHED or RELATED connection</member>
|
||||
</simplelist>
|
||||
|
||||
<para>Beginning with Shorewall 4.5.10, the following additional
|
||||
options are available</para>
|
||||
|
||||
<simplelist>
|
||||
<member>:U - UNTRACKED connection</member>
|
||||
|
||||
<member>:NU - NEW or UNTRACKED connection</member>
|
||||
|
||||
<member>:NIU - NEW, INVALID or UNTRACKED connection.</member>
|
||||
</simplelist>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
Loading…
Reference in New Issue
Block a user