Add comment to masq file regarding multi-ISP

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3009 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-11-16 17:08:09 +00:00 · 2005-11-16 17:08:09 +00:00 · 76929fb432
commit 76929fb432
parent 34dbd6ef28
5 changed files with 24 additions and 3 deletions
--- a/Samples/three-interfaces/masq
+++ b/Samples/three-interfaces/masq
@ -6,6 +6,11 @@
 #	Use this file to define dynamic NAT (Masquerading) and to define
 #	Source NAT (SNAT).
 #
+#	WARNING: If you have more than one ISP, adding entries to this
+#	file will *not* force connections to go out through a particular
+#	ISP. You must use PREROUTING entries in /etc/shorewall/tcrules
+#	to do that.
+#
 # Columns are:
 #
 #	INTERFACE -- Outgoing interface. This is usually your internet
--- a/Samples/two-interfaces/masq
+++ b/Samples/two-interfaces/masq
@ -6,6 +6,11 @@
 #	Use this file to define dynamic NAT (Masquerading) and to define
 #	Source NAT (SNAT).
 #
+#	WARNING: If you have more than one ISP, adding entries to this
+#	file will *not* force connections to go out through a particular
+#	ISP. You must use PREROUTING entries in /etc/shorewall/tcrules
+#	to do that.
+#
 # Columns are:
 #
 #	INTERFACE -- Outgoing interface. This is usually your internet
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -7,6 +7,8 @@ Changes in 3.0.1
 3) Add Farkas ordering to generated SOURCE and DEST column when expanding
   macros.

+4) Clarify PORTS column in blacklist file.
+
 Changes in 3.0.0 Final

 None.
--- a/Shorewall/masq
+++ b/Shorewall/masq
@ -6,6 +6,11 @@
 #	Use this file to define dynamic NAT (Masquerading) and to define
 #	Source NAT (SNAT).
 #
+#	WARNING: If you have more than one ISP, adding entries to this
+#	file will *not* force connections to go out through a particular
+#	ISP. You must use PREROUTING entries in /etc/shorewall/tcrules
+#	to do that.
+#
 # Columns are:
 #
 #	INTERFACE -- Outgoing interface. This is usually your internet
@ -80,7 +85,7 @@
 #				a port range with the format <low port>-
 #				<high port>. If this is done, you must
 #				specify "tcp" or "udp" in the PROTO column.
-#				
+#
 #				Examples:
 #
 #					192.0.2.4:5000-6000
@ -117,12 +122,12 @@
 #				/etc/services) separated by commas or you
 #				may list a single port range
 #				(<low port>:<high port>).
-#				
+#
 #				Where a comma-separated list is given, your
 #				kernel and iptables must have multiport match
 #				support and a maximum of 15 ports may be
 #				listed.
-#				
+#
 #	IPSEC -- (Optional)	If you specify a value other than "-" in this
 #				column, you must be running kernel 2.6 and
 #				your kernel and iptables must include policy
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -13,6 +13,10 @@ Problems Corrected in 3.0.1
   ("-") appeared in the corresponding column of an invocation of that
   macro, then an invalid rule was generated.

+4) The comments in the /etc/shorewall/blacklist file have been updated to
+   clarify that the PORTS column refers to destination port number/service
+   names.
+
 New Features in 3.0.1

 1)  To make the macro facility more flexible, Shorewall now examines the