From 6345fa2a4089361ab4fdb742282ad62c6c391f90 Mon Sep 17 00:00:00 2001 From: teastep Date: Tue, 22 Jan 2008 21:18:28 +0000 Subject: [PATCH] Update Shorewall-perl documenation with another difference between shorewall-shell and -perl git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8089 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/Shorewall-perl.xml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/docs/Shorewall-perl.xml b/docs/Shorewall-perl.xml index d129a8061..d263b88a1 100644 --- a/docs/Shorewall-perl.xml +++ b/docs/Shorewall-perl.xml @@ -497,6 +497,25 @@ eth0 eth1:!192.168.4.9 ... all all REJECT info loc net ACCEPT + + + In the SOURCE column of the rules file, when an interface + name is followed by a list of IP addresses, the behavior of + Shorewall-perl differs from that of Shorewall-shell. + + Example:#ACTION SOURCE DEST PROTO DEST +# PORT(S) +ACCEPT loc:eth0:192.168.1.3,192.168.1.5 $FW tcp 22With + Shorewall-shell, this rule accepts SSH connection to the firewall + from 192.168.1.3 through eth0 or from 192.168.1.5 through any + interface. With Shorewall-perl, the rule accepts SSH connections + through eth0 from 192.168.1.3 and through eth0 from 192.168.1.5. + Shorewall-shell supports this syntax that gives the same result as + Shorewall-perl.#ACTION SOURCE DEST PROTO DEST +# PORT(S) +ACCEPT loc:eth0:192.168.1.3,eth0:192.168.1.5 $fw tcp 22 + Shorewall-perl does not support this alternative syntax. +