holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Merge branch '4.4.19' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall into 4.4.19

Browse Source
This commit is contained in:
Tom Eastep 2011-04-30 22:08:18 -07:00
commit 8beb80c9c7
2 changed files with 41 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
manpages/shorewall-tcrules.xml
View File

@ -80,18 +80,19 @@
marks (see below).</para>
<para>May optionally be followed by <emphasis
role="bold">:P</emphasis>, <emphasis
role="bold">:F</emphasis>,<emphasis role="bold">:T</emphasis> or
<emphasis role="bold">:I</emphasis> where<emphasis role="bold">
:P</emphasis> indicates that marking should occur in the
PREROUTING chain, <emphasis role="bold">:F</emphasis> indicates
that marking should occur in the FORWARD chain, <emphasis
role="bold">:I </emphasis>indicates that marking should occur in
the INPUT chain (added in Shorewall 4.4.13), and <emphasis
role="bold">:T</emphasis> indicates that marking should occur in
the POSTROUTING chain. If neither <emphasis
role="bold">:P</emphasis>, <emphasis role="bold">:F</emphasis>
or <emphasis role="bold">:T</emphasis> where<emphasis
role="bold"> :P</emphasis> indicates that marking should occur
in the PREROUTING chain, <emphasis role="bold">:F</emphasis>
indicates that marking should occur in the FORWARD chain, :I
indicates that marking should occur in the INPUT chain (added in
Shorewall 4.4.13), and <emphasis role="bold">:T</emphasis>
indicates that marking should occur in the POSTROUTING chain. If
neither <emphasis role="bold">:P</emphasis>, <emphasis
role="bold">:F</emphasis> nor <emphasis
role="bold">:T</emphasis> follow the mark value then the chain
is determined as follows:</para>
nor <emphasis role="bold">:T</emphasis> follow the mark value
then the chain is determined as follows:</para>
<para>- If the SOURCE is <emphasis
role="bold">$FW</emphasis>[<emphasis
@ -106,13 +107,17 @@
MARK_IN_FORWARD_CHAIN in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
<para>Please note that <emphasis role="bold">:I</emphasis> is
included for completeness and affects neither traffic shaping
nor policy routing.</para>
<para>If your kernel and iptables include CONNMARK support then
you can also mark the connection rather than the packet.</para>
<para>The mark value may be optionally followed by "/" and a
mask value (used to determine those bits of the connection mark
to actually be set). The mark and optional mask are then
followed by one of:+</para>
followed by one of:</para>
<variablelist>
<varlistentry>
@ -147,6 +152,16 @@
<para>Mark the connecdtion in the POSTROUTING chain</para>
</listitem>
</varlistentry>
<varlistentry>
<term>CI</term>
<listitem>
<para>Mark the connection in the INPUT chain. This option
is included for completeness and has no applicability to
traffic shaping or policy routing.</para>
</listitem>
</varlistentry>
</variablelist>
<para><emphasis role="bold">Special considerations for If

14
manpages6/shorewall6-tcrules.xml
View File

@ -103,6 +103,10 @@
MARK_IN_FORWARD_CHAIN in <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
<para>Please note that <emphasis role="bold">:I</emphasis> is
included for completeness and affects neither traffic shaping
nor policy routing.</para>
<para>If your kernel and ip6tables include CONNMARK support then
you can also mark the connection rather than the packet.</para>
@ -144,6 +148,16 @@
<para>Mark the connection in the POSTROUTING chain</para>
</listitem>
</varlistentry>
<varlistentry>
<term>CI</term>
<listitem>
<para>Mark the connection in the INPUT chain. This option
is included for completeness and has no applicability to
traffic shaping or policy routing.</para>
</listitem>
</varlistentry>
</variablelist>
<para><emphasis role="bold">Special considerations for If