holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Add note about non-ACCEPT fw->loc policy.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-12-08 08:33:58 -08:00
parent dac037b597
commit 8faf756113
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/UPnP.xml
View File

@ -22,6 +22,8 @@
<year>2010</year>
<year>2013</year>
<holder>Thomas M. Eastep</holder>
</copyright>
@ -120,6 +122,14 @@ forwardUPnP net loc</programlisting>
<para>Shorewall versions prior to 4.4.10 do not retain the dynamic rules
added by linux-idg over a <command>shorewall restart</command>.</para>
</caution>
<para>If your firewall-&gt;loc policy is not ACCEPT, then you also need to
allow UDP traffic from the fireawll to the local zone.</para>
<programlisting>ACCEPT $FW loc udp - &lt;<replaceable>dynamic port range</replaceable>&gt;</programlisting>
<para>The dynamic port range is obtained by <emphasis role="bold">cat
/proc/sys/net/ip_local_port_range</emphasis>.</para>
</section>
<section>