holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Update 3.0 docs for cmd-owner removal in kernel 2.6.14

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2955 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-11-03 15:30:41 +00:00
parent 0163b261ab
commit 85af2b901a
5 changed files with 57 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Shorewall-docs2/Accounting.xml
View File

@ -15,7 +15,7 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2005-09-16</pubdate> <pubdate>2005-11-02</pubdate>
<copyright> <copyright>
<year>2003-2005</year> <year>2003-2005</year>
@ -129,7 +129,7 @@
<para><emphasis role="bold">USER/GROUP</emphasis> - This column may only <para><emphasis role="bold">USER/GROUP</emphasis> - This column may only
be non-empty if the CHAIN is OUTPUT. The column may contain:</para> be non-empty if the CHAIN is OUTPUT. The column may contain:</para>
<programlisting> [!][&lt;user name or number&gt;][:&lt;group name or number&gt;]</programlisting> <programlisting> [!][&lt;user name or number&gt;][:&lt;group name or number&gt;][+&lt;program name&gt;]</programlisting>
<para>When this column is non-empty, the rule applies only if the <para>When this column is non-empty, the rule applies only if the
program generating the output is running under the effective program generating the output is running under the effective
@ -146,6 +146,9 @@
<member>!:kids #program must not be run by a member of the 'kids' <member>!:kids #program must not be run by a member of the 'kids'
group</member> group</member>
<member>+upnpd #program named upnpd (This feature was removed from
Netfilter in kernel version 2.6.14).</member>
</simplelist> </simplelist>
</listitem> </listitem>
</itemizedlist> </itemizedlist>

6
Shorewall-docs2/Actions.xml
View File

@ -15,7 +15,7 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2005-10-02</pubdate> <pubdate>2005-11-02</pubdate>
<copyright> <copyright>
<year>2005</year> <year>2005</year>
@ -363,6 +363,10 @@ Reject:REJECT #Common Action for REJECT policy</programlisting>
<member>[!]&lt;<emphasis>user <member>[!]&lt;<emphasis>user
name</emphasis>&gt;:&lt;<emphasis>group name</emphasis>&gt;</member> name</emphasis>&gt;:&lt;<emphasis>group name</emphasis>&gt;</member>
<member>[!]+&lt;<emphasis>program name</emphasis>&gt; (Note: support
for this form was removed from Netfilter in kernel version
2.6.14).</member>
</simplelist> </simplelist>
</listitem> </listitem>
</itemizedlist> </itemizedlist>

22
Shorewall-docs2/Documentation.xml
View File

@ -15,7 +15,7 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2005-10-13</pubdate> <pubdate>2005-11-02</pubdate>
<copyright> <copyright>
<year>2001-2005</year> <year>2001-2005</year>
@ -2007,9 +2007,23 @@ ACCEPT<emphasis role="bold">:info</emphasis> - - tc
<listitem> <listitem>
<para>Output rules from the firewall itself may be restricted to a <para>Output rules from the firewall itself may be restricted to a
particular set of users and/or user groups. See the <ulink particular user or group.</para>
url="UserSets.html">User Set Documentation</ulink> for
details.</para> <para>The column may contain:</para>
<programlisting> [!][&lt;user name or number&gt;][:&lt;group name or number&gt;][+&lt;program name&gt;]</programlisting>
<para>When this column is non-empty, the rule applies only if the
program generating the output is running under the effective
&lt;user&gt; and/or &lt;group&gt; specified (or is NOT running under
that id if "!" is given). </para>
<para>Examples:</para>
<programlisting>joe #program must be run by joe
:kids #program must be run by a member of the 'kids' group
!:kids #program must not be run by a member of the 'kids' group
+upnpd #program named upnpd (This feature was removed from Netfilter in kernel version 2.6.14).</programlisting>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>

6
Shorewall-docs2/Macros.xml
View File

@ -21,7 +21,7 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2005-10-01</pubdate> <pubdate>2005-11-02</pubdate>
<copyright> <copyright>
<year>2005</year> <year>2005</year>
@ -394,6 +394,10 @@ DNAT:info net loc:192.168.1.5 tcp 25</programlisting>
<member>[!]&lt;<emphasis>user <member>[!]&lt;<emphasis>user
name</emphasis>&gt;:&lt;<emphasis>group name</emphasis>&gt;</member> name</emphasis>&gt;:&lt;<emphasis>group name</emphasis>&gt;</member>
<member>[!]+&lt;<emphasis>program name</emphasis>&gt; (Note: support
for this form was removed from Netfilter in kernel version
2.6.14).</member>
</simplelist> </simplelist>
</listitem> </listitem>
</itemizedlist> </itemizedlist>

35
Shorewall-docs2/traffic_shaping.xml
View File

@ -294,18 +294,23 @@
</listitem> </listitem>
<listitem> <listitem>
<para>USER (Added in Shorewall version 1.4.10) - (Optional) This <para>USER/GROUP (Added in Shorewall version 1.4.10) - (Optional)
column may only be non-empty if the SOURCE is the firewall itself. This column may only be non-empty if the SOURCE is the firewall
When this column is non-empty, the rule applies only if the program itself. When this column is non-empty, the rule applies only if the
generating the output is running under the effective user and/or program generating the output is running under the effective user
group. It may contain :</para> and/or group. It may contain :</para>
<para>[&lt;user name or number&gt;]:[&lt;group name or <para>[!][&lt;user name or number&gt;]:[&lt;group name or
number&gt;]</para> number&gt;][+&lt;program name&gt;]</para>
<para>The colon is optionnal when specifying only a user.</para> <para>The colon is optionnal when specifying only a user.</para>
<para>Examples : john: / john / :users / john:users</para> <para>Examples:</para>
<programlisting>joe #program must be run by joe
:kids #program must be run by a member of the 'kids' group
!:kids #program must not be run by a member of the 'kids' group
+upnpd #program named upnpd (This feature was removed from Netfilter in kernel version 2.6.14).</programlisting>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
@ -503,19 +508,17 @@ ppp0 6000kbit 500kbit</programlisting>
<para>If you use ppp/pppoe/pppoa) to connect to your internet provider <para>If you use ppp/pppoe/pppoa) to connect to your internet provider
and you use traffic shaping you need to restart shorewall traffic and you use traffic shaping you need to restart shorewall traffic
shaping. The reason for this is, that if the ppp connection gets shaping. The reason for this is, that if the ppp connection gets
restartet (and it usally does this at least daily), all <quote>tc</quote> restartet (and it usally does this at least daily), all
filters/qdiscs related to that interface are deleted.</para> <quote>tc</quote> filters/qdiscs related to that interface are
deleted.</para>
<para>The easiest way to achieve this, is just to restart shorewall <para>The easiest way to achieve this, is just to restart shorewall once
once the link is up. To achieve this add a small executable the link is up. To achieve this add a small executable script
script to<quote>/etc/ppp/ip-up.d</quote>.</para> to<quote>/etc/ppp/ip-up.d</quote>.</para>
<programlisting>#! /bin/sh <programlisting>#! /bin/sh
/sbin/shorewall restart</programlisting> /sbin/shorewall restart</programlisting>
</section> </section>
<section> <section>