forked from extern/shorewall_code
Update blacklist file documentation
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3795 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
0ab2143d68
commit
78fb4c4ffd
@ -15,7 +15,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2006-02-27</pubdate>
|
||||
<pubdate>2006-04-15</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2001-2006</year>
|
||||
@ -3709,6 +3709,51 @@ all all tcp ftp-data - 8</programlisting
|
||||
<quote>iptables -h icmp</quote>).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>OPTIONS</term>
|
||||
|
||||
<listitem>
|
||||
<para>(Optional) A comma-separated list of options. The
|
||||
currently-supported options are:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>routeback - Set up a rule to ACCEPT traffic from these
|
||||
hosts back to themselves.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>source - Allow traffic from these hosts to ANY
|
||||
destination. Without this option or the 'dest option, only
|
||||
traffic from this host to other listed hosts (and the firewall)
|
||||
is allowed. If 'source' is specified then 'routeback' is
|
||||
redundant.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>dest - Allow traffic to these hosts from ANY source.
|
||||
Without this option or the 'source' option, only traffic from
|
||||
this host to other listed hosts (and the firewall) is allowed.
|
||||
If 'dest' is specified then 'routeback' is redundant.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>critical - Allow traffic between the firewall and these
|
||||
hosts throughout '[re]start', 'stop' and 'clear'. Specifying
|
||||
'critical' on one or more entries will cause your firewall to be
|
||||
"totally open" for a brief window during each of those
|
||||
operations.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<note>
|
||||
<para>The 'source' and 'dest' options work best when used in
|
||||
conjunction with ADMINISABSENTMINDED=Yes in
|
||||
/etc/shorewall/shorewall.conf.</para>
|
||||
</note>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
<para>Shorewall also has a <ulink url="blacklisting_support.htm">dynamic
|
||||
|
Loading…
Reference in New Issue
Block a user