Add rule order warning to secmark manpages

2010-09-23 11:31:56 -07:00 · 2010-09-23 11:31:56 -07:00 · 611c33e052
commit 611c33e052
parent 6702fbbd40
2 changed files with 24 additions and 7 deletions
--- a/manpages/shorewall-secmarks.xml
+++ b/manpages/shorewall-secmarks.xml
@ -23,6 +23,14 @@
  <refsect1>
    <title>Description</title>

+    <important>
+      <para>Unlike rules in the <ulink
+      url="shorewall-rules.html">shorewall-rules</ulink>(5) file, evaluation
+      of rules in this file will continue after a match. So the final secmark
+      for each packet will be the one assigned by the LAST rule that
+      matches.</para>
+    </important>
+
    <para>The secmarks file is used to associate an SELinux context with
    packets. It was added in Shorewall version 4.4.13.</para>

@ -376,12 +384,13 @@ RESTORE                               I:ER</programlisting>
    url="http://james-morris.livejournal.com/11010.html">http://james-morris.livejournal.com/11010.html</ulink></para>

    <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
-    shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5),
-    shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
-    shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
-    shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_rules(5),
-    shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
-    shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
-    shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</para>
+    shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
+    shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5),
+    shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
+    shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
+    shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5),
+    shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
+    shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
+    shorewall-zones(5)</para>
  </refsect1>
 </refentry>
--- a/manpages6/shorewall6-secmarks.xml
+++ b/manpages6/shorewall6-secmarks.xml
@ -23,6 +23,14 @@
  <refsect1>
    <title>Description</title>

+    <important>
+      <para>Unlike rules in the <ulink
+      url="shorewall6-rules.html">shorewall6-rules</ulink>(5) file, evaluation
+      of rules in this file will continue after a match. So the final secmark
+      for each packet will be the one assigned by the LAST rule that
+      matches.</para>
+    </important>
+
    <para>The secmarks file is used to associate an SELinux context with
    packets. It was added in Shorewall6 version 4.4.13.</para>