Update Shorewall-perl documenation with another difference between shorewall-shell and -perl

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8089 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2008-01-22 21:18:28 +00:00 · 2008-01-22 21:18:28 +00:00 · 6345fa2a40
commit 6345fa2a40
parent 15a0732984
1 changed files with 19 additions and 0 deletions
--- a/docs/Shorewall-perl.xml
+++ b/docs/Shorewall-perl.xml
@ -497,6 +497,25 @@ eth0             eth1:!192.168.4.9       ...</programlisting></para>
 all     all      REJECT    info
 loc     net      ACCEPT</programlisting>
        </listitem>
+
+        <listitem>
+          <para> In the SOURCE column of the rules file, when an interface
+          name is followed by a list of IP addresses, the behavior of
+          Shorewall-perl differs from that of Shorewall-shell.</para>
+
+          <para>Example:<programlisting>#ACTION SOURCE                                 DEST PROTO DEST
+#                                                         PORT(S)
+ACCEPT  loc:eth0:192.168.1.3,192.168.1.5       $FW  tcp   22</programlisting>With
+          Shorewall-shell, this rule accepts SSH connection to the firewall
+          from 192.168.1.3 through eth0 or from 192.168.1.5 through any
+          interface. With Shorewall-perl, the rule accepts SSH connections
+          through eth0 from 192.168.1.3 and through eth0 from 192.168.1.5.
+          Shorewall-shell supports this syntax that gives the same result as
+          Shorewall-perl.<programlisting>#ACTION SOURCE                                 DEST PROTO DEST
+#                                                         PORT(S)
+ACCEPT loc:eth0:192.168.1.3,eth0:192.168.1.5   $fw  tcp   22</programlisting>
+          Shorewall-perl does not support this alternative syntax. </para>
+        </listitem>
      </orderedlist>
    </section>