diff --git a/docs/PortKnocking.xml b/docs/PortKnocking.xml
index 80a83afa6..1140c4e1c 100644
--- a/docs/PortKnocking.xml
+++ b/docs/PortKnocking.xml
@@ -111,11 +111,11 @@ if ( $level ) {
'',
$tag,
'add',
- '-p tcp --dport 22 -m recent --rcheck --name SSH );
+ '-p tcp --dport 22 -m recent --rcheck --name SSH' );
log_rule_limit( $level,
$chainref,
- 'SSHKnock'
+ 'SSHKnock',
'DROP'
'',
$tag,
@@ -313,4 +313,4 @@ add_rule $chainref, '-j ACCEPT';
1;
-
+
\ No newline at end of file
diff --git a/docs/shorewall_extension_scripts.xml b/docs/shorewall_extension_scripts.xml
index 1cd4b2fde..98246096c 100644
--- a/docs/shorewall_extension_scripts.xml
+++ b/docs/shorewall_extension_scripts.xml
@@ -148,14 +148,16 @@ case $1 in
return 0
;;
esac
+ We recommend that this script only be used with
+ ADMINISABSENTMINDED=Yes.
+
The firewall state when this script is invoked is
indeterminent. So if you have ADMINISABSENTMINDED=No in shorewall.conf(8) and
output on an interface is not allowed by routestopped(8) then
- the script must blow it's own holes in the firewall before
- probing. We recommend that this script only be used with
- ADMINISABSENTMINDED=Yes.
+ the isuasable script must blow it's own holes in the firewall
+ before probing.
@@ -469,9 +471,9 @@ esac
Compile-time extension scripts are executed using the Perl 'eval
- `cat <file>`' mechanism. Be sure that each script returns a 'true'
- value; otherwise, the compiler will assume that the script failed and
- will abort the compilation.
+ `cat <file>`' mechanism. Be sure that each
+ script returns a 'true' value; otherwise, the compiler will assume that
+ the script failed and will abort the compilation.
All scripts will need to begin with the following
line:use Shorewall::Chains;For more
@@ -480,20 +482,24 @@ esac
class="directory">/usr/share/shorewall-perl/Shorewall/ to see
what's available.
- When a script is invoked, the $chainref scalar variable will hold
- a reference to a chain table entry.
- $chainref->{name} contains the name of the chain
+ When a script is invoked, the $chainref scalar variable will hold a reference
+ to a chain table entry.
+ $chainref->{name}
+ contains the name of the chain
- $chainref->{table} holds the table name
+ $chainref->{table} holds
+ the table name
- To add a rule to the chain:add_rule( $chainref, <the rule> );Where
- <the rule> is a scalar argument holding the rule text.
- Do not include "-A <chain name>"
+ To add a rule to the chain:add_rule( $chainref, <the rule> );Where
+ <the rule> is a scalar argument
+ holding the rule text. Do not include "-A <chain
+ name>"
Example:add_rule( $chainref, '-j ACCEPT' );To
- insert a rule into the chain: insert_rule( $chainref, <rulenum>, <the rule> );The
- log_rule_limit function works like it does in the shell compiler with
- three exceptions:
+ insert a rule into the chain: insert_rule( $chainref, <rulenum>, <the rule> );The
+ log_rule_limit() function works like it
+ does in the shell compiler with three exceptions:
You pass the chain reference rather than the name of the
chain.
@@ -518,21 +524,23 @@ esac
'add', #Command
'-p tcp' #Pass as-is
);Note that in the 'initdone' script, there is
- no default chain ($chainref). You can obtain a reference to a standard
- chain by:my $chainref = $chain_table{<table>}{<chain name>};Example:my $chainref = $chain_table{filter}{INPUT};
+ no default chain ($chainref). You can
+ obtain a reference to a standard chain by:my $chainref = $chain_table{<table>}{<chain name>};Example:my $chainref = $chain_table{filter}{INPUT};
- You can also use the hash references $filter_table, $mangle_table
- and $nat_table to access chain references in the three main
- tables.
+ You can also use the hash references $filter_table, $mangle_table and $nat_table to access chain references in the
+ three main tables.
Example:
my $chainref = $filter_table->{INPUT}; #Same as above with a few less keystrokes; runs faster too
- The continue script has been eliminated because it no longer make
- any sense under Shorewall-perl. That script was designed to allow you to
- add special temporary rules during [re]start. Shorewall-perl doesn't
- need such rules since the ruleset is instantianted atomically by
+ The 'continue' script has been eliminated because it no longer
+ make any sense under Shorewall-perl. That script was designed to allow
+ you to add special temporary rules during [re]start. Shorewall-perl
+ doesn't need such rules since the ruleset is instantianted atomically by
table.