forked from extern/shorewall_code
Change 'Inline' to 'Embedded'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7573 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
bc4222c41b
commit
6cb1b35a33
@ -45,13 +45,13 @@
|
||||
<para>Manual chains work in conjunction with the
|
||||
<firstterm>compile</firstterm> <ulink
|
||||
url="shorewall_extension_scripts.htm">extension script</ulink> and <ulink
|
||||
url="configuration_file_basics.html%23Inline">Inline PERL scripts</ulink>.
|
||||
The general idea is like this:</para>
|
||||
url="configuration_file_basics.html#Embedded">Embedded PERL
|
||||
scripts</ulink>. The general idea is like this:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>In the compile extension script, you define functions that you
|
||||
can call later using Inline PERL. These functions create a
|
||||
can call later using Embedded PERL. These functions create a
|
||||
<firstterm>manual chain</firstterm> using
|
||||
Shorewall::Chains::new_manual_chain() and populate it with rules using
|
||||
Shorewall::Chains::add_rule().</para>
|
||||
@ -64,10 +64,10 @@
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>The functions defined in the compile script are called by Inline
|
||||
PERL statements. The arguments to those calls define the contents of
|
||||
the manual chains and the rule(s) passed back to Shorewall for normal
|
||||
processing.</para>
|
||||
<para>The functions defined in the compile script are called by
|
||||
embedded PERL statements. The arguments to those calls define the
|
||||
contents of the manual chains and the rule(s) passed back to Shorewall
|
||||
for normal processing.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
@ -383,63 +383,63 @@ smtp,www,pop3,imap #Services running on the firewall</programlisting>
|
||||
|
||||
<programlisting> shorewall/params.mgmt:
|
||||
|
||||
MGMT_SERVERS=1.1.1.1,2.2.2.2,3.3.3.3
|
||||
TIME_SERVERS=4.4.4.4
|
||||
BACKUP_SERVERS=5.5.5.5
|
||||
MGMT_SERVERS=1.1.1.1,2.2.2.2,3.3.3.3
|
||||
TIME_SERVERS=4.4.4.4
|
||||
BACKUP_SERVERS=5.5.5.5
|
||||
|
||||
----- end params.mgmt -----
|
||||
----- end params.mgmt -----
|
||||
|
||||
shorewall/params:
|
||||
shorewall/params:
|
||||
|
||||
# Shorewall 1.3 /etc/shorewall/params
|
||||
[..]
|
||||
#######################################
|
||||
|
||||
INCLUDE params.mgmt
|
||||
|
||||
# params unique to this host here
|
||||
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
|
||||
# Shorewall 1.3 /etc/shorewall/params
|
||||
[..]
|
||||
#######################################
|
||||
|
||||
INCLUDE params.mgmt
|
||||
|
||||
# params unique to this host here
|
||||
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
|
||||
|
||||
----- end params -----
|
||||
----- end params -----
|
||||
|
||||
shorewall/rules.mgmt:
|
||||
shorewall/rules.mgmt:
|
||||
|
||||
ACCEPT net:$MGMT_SERVERS $FW tcp 22
|
||||
ACCEPT $FW net:$TIME_SERVERS udp 123
|
||||
ACCEPT $FW net:$BACKUP_SERVERS tcp 22
|
||||
ACCEPT net:$MGMT_SERVERS $FW tcp 22
|
||||
ACCEPT $FW net:$TIME_SERVERS udp 123
|
||||
ACCEPT $FW net:$BACKUP_SERVERS tcp 22
|
||||
|
||||
----- end rules.mgmt -----
|
||||
----- end rules.mgmt -----
|
||||
|
||||
shorewall/rules:
|
||||
shorewall/rules:
|
||||
|
||||
# Shorewall version 1.3 - Rules File
|
||||
[..]
|
||||
#######################################
|
||||
|
||||
INCLUDE rules.mgmt
|
||||
|
||||
# rules unique to this host here
|
||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
||||
# Shorewall version 1.3 - Rules File
|
||||
[..]
|
||||
#######################################
|
||||
|
||||
INCLUDE rules.mgmt
|
||||
|
||||
# rules unique to this host here
|
||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
||||
|
||||
----- end rules -----</programlisting>
|
||||
----- end rules -----</programlisting>
|
||||
</example>
|
||||
</section>
|
||||
|
||||
<section id="Inline">
|
||||
<title>Inline Shell and Perl (Added in Shorewall-perl 4.0.6)</title>
|
||||
<section id="Embedded">
|
||||
<title>Embedded Shell and Perl (Added in Shorewall-perl 4.0.6)</title>
|
||||
|
||||
<para>Earlier versions of Shorewall offered <ulink
|
||||
url="shorewall_extension_scripts.htm">extension scripts</ulink> to allow
|
||||
users to extend Shorewall's functionality. Extension scripts were designed
|
||||
to work under the limitations of the Bourne Shell. With Shorewall-perl,
|
||||
<firstterm>inline scripts</firstterm> offer a richer and more flexible
|
||||
<firstterm>Embedded scripts</firstterm> offer a richer and more flexible
|
||||
extension capability.</para>
|
||||
|
||||
<para>While inline scripts scripts may be written in either Shell or Perl,
|
||||
those written in Perl have a lot more power.</para>
|
||||
|
||||
<para>Inline scripts can be either single-line or multi-line. Single line
|
||||
scripts take one of the following forms:</para>
|
||||
<para>Embedded scripts can be either single-line or multi-line. Single
|
||||
line scripts take one of the following forms:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
@ -472,7 +472,7 @@ ACCEPT dmz fw tcp 22</programlisting></para>
|
||||
<programlisting>package Shorewall::User;
|
||||
use Shorewall::Config qw/shorewall/;</programlisting>
|
||||
|
||||
<para>As part of the change that added inline scripts:</para>
|
||||
<para>As part of the change that added embedded scripts:</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
@ -484,7 +484,7 @@ use Shorewall::Config qw/shorewall/;</programlisting>
|
||||
<para>A <emphasis role="bold">compile</emphasis> extension script was
|
||||
added for use by Shorewall-perl. That script is run early in the
|
||||
compilation process and allows users to load additional modules and to
|
||||
define data and functions for use in subsequent inline scripts and
|
||||
define data and functions for use in subsequent embedded scripts and
|
||||
extension scripts.</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
@ -618,7 +618,7 @@ use Shorewall::Config qw/shorewall/;</programlisting>
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>Must not have any embedded white space.<programlisting> Valid: routefilter,dhcp,norfc1918
|
||||
Invalid: routefilter, dhcp, norfc1818</programlisting></para>
|
||||
Invalid: routefilter, dhcp, norfc1818</programlisting></para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
@ -791,17 +791,17 @@ DNAT net loc:192.168.1.3 tcp 4000:4100</programlisting>
|
||||
<para>Example:</para>
|
||||
|
||||
<blockquote>
|
||||
<programlisting> /etc/shorewall/params
|
||||
<programlisting> /etc/shorewall/params
|
||||
|
||||
NET_IF=eth0
|
||||
NET_BCAST=130.252.100.255
|
||||
NET_OPTIONS=routefilter,norfc1918
|
||||
|
||||
/etc/shorewall/interfaces record:
|
||||
/etc/shorewall/interfaces record:
|
||||
|
||||
net $NET_IF $NET_BCAST $NET_OPTIONS
|
||||
|
||||
The result will be the same as if the record had been written
|
||||
The result will be the same as if the record had been written
|
||||
|
||||
net eth0 130.252.100.255 routefilter,norfc1918
|
||||
</programlisting>
|
||||
@ -887,16 +887,15 @@ DNAT net loc:192.168.1.3 tcp 4000:4100</programlisting>
|
||||
<example id="mac">
|
||||
<title>MAC Address of an Ethernet Controller</title>
|
||||
|
||||
<programlisting> [root@gateway root]# <command>ifconfig eth0</command>
|
||||
eth0 Link encap:Ethernet HWaddr <emphasis
|
||||
role="bold">02:00:08:E3:FA:55</emphasis>
|
||||
inet addr:206.124.146.176 Bcast:206.124.146.255 Mask:255.255.255.0
|
||||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||||
RX packets:2398102 errors:0 dropped:0 overruns:0 frame:0
|
||||
TX packets:3044698 errors:0 dropped:0 overruns:0 carrier:0
|
||||
collisions:30394 txqueuelen:100
|
||||
RX bytes:419871805 (400.4 Mb) TX bytes:1659782221 (1582.8 Mb)
|
||||
Interrupt:11 Base address:0x1800
|
||||
<programlisting> [root@gateway root]# <command>ifconfig eth0</command>
|
||||
eth0 Link encap:Ethernet HWaddr <emphasis role="bold">02:00:08:E3:FA:55</emphasis>
|
||||
inet addr:206.124.146.176 Bcast:206.124.146.255 Mask:255.255.255.0
|
||||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||||
RX packets:2398102 errors:0 dropped:0 overruns:0 frame:0
|
||||
TX packets:3044698 errors:0 dropped:0 overruns:0 carrier:0
|
||||
collisions:30394 txqueuelen:100
|
||||
RX bytes:419871805 (400.4 Mb) TX bytes:1659782221 (1582.8 Mb)
|
||||
Interrupt:11 Base address:0x1800
|
||||
</programlisting>
|
||||
</example>
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user