From 6c1369a5a879080be14e953b0aba577237c276ea Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 22 Dec 2012 09:51:51 -0800 Subject: [PATCH] Minor tweaks to the documentation Signed-off-by: Tom Eastep --- docs/Documentation_Index.xml | 5 +++ docs/configuration_file_basics.xml | 52 +++++++++++++++--------------- 2 files changed, 31 insertions(+), 26 deletions(-) diff --git a/docs/Documentation_Index.xml b/docs/Documentation_Index.xml index 265490003..734f87a8e 100644 --- a/docs/Documentation_Index.xml +++ b/docs/Documentation_Index.xml @@ -52,6 +52,11 @@ IPv6 Manpages + + Configuration + File Basics + + Beginner Documentation diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml index 7e1dd5b59..2cce8f05a 100644 --- a/docs/configuration_file_basics.xml +++ b/docs/configuration_file_basics.xml @@ -323,6 +323,28 @@ ACCEPT net $FW tcp www #This is an end-of-line comment +
+ Zone and Chain Names + + For a pair of zones, Shorewall creates two Netfilter chains; one for + connections in each direction. The names of these chains are formed by + separating the names of the two zones by either "2" or "-". + + Example: Traffic from zone A to zone B would go through chain A2B + (think "A to B") or "A-B". + + The default separator is "2" but you can override that by setting + ZONE_SEPARATOR="-" in shorewall.conf (5). + + Zones themselves have names that begin with a letter and are + composed of letters, numerals, and "_". The maximum length of a name is + dependent on the setting of LOGFORMAT in shorewall.conf (5). See shorewall-zones (5) for + details. +
+
Attach Comment to Netfilter Rules @@ -1407,7 +1429,7 @@ SHELL cat /etc/shorewall/rules.d/*.rules 2> /dev/null || true - Action variables are read only and cannot be ?SET (although you can + Action variables are read-only and cannot be ?SET (although you can change their values using embedded Perl).
@@ -1416,7 +1438,7 @@ SHELL cat /etc/shorewall/rules.d/*.rules 2> /dev/null || trueAddress Variables Given that shell variables are expanded at compile time, there is no - way to cause such variables to be expended at run time. Prior to Shorewall + way to cause such variables to be expanded at run time. Prior to Shorewall 4.4.17, this made it difficult (to impossible) to include dynamic IP addresses in a Shorewall-lite configuration. @@ -1814,8 +1836,8 @@ SHELL cat /etc/shorewall/rules.d/*.rules 2> /dev/null || true - it begins with '__', then those leading characters are stripped - off. + if it begins with '__', then those leading characters are + stripped off. @@ -2609,28 +2631,6 @@ Comcast 2 0x20000 main COM_IF class="devicefile">tun* in the COPY column. -
- Zone and Chain Names - - For a pair of zones, Shorewall creates two Netfilter chains; one for - connections in each direction. The names of these chains are formed by - separating the names of the two zones by either "2" or "-". - - Example: Traffic from zone A to zone B would go through chain A2B - (think "A to B") or "A-B". - - The default separator is "2" but you can override that by setting - ZONE_SEPARATOR="-" in shorewall.conf (5). - - Zones themselves have names that begin with a letter and are - composed of letters, numerals, and "_". The maximum length of a name is - dependent on the setting of LOGFORMAT in shorewall.conf (5). See shorewall-zones (5) for - details. -
-
Optional and Required Interfaces