Documentation updates

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-11-10 14:38:55 -08:00 · 2010-11-10 14:38:55 -08:00 · a1e3683651
commit a1e3683651
parent ff61d4dba4
3 changed files with 34 additions and 0 deletions
--- a/docs/configuration_file_basics.xml
+++ b/docs/configuration_file_basics.xml
@ -1448,6 +1448,28 @@ Comcast 2        0x20000 main       COM_IF     detect          balance
    class="devicefile">tun*</filename> in the COPY column.</para>
  </section>

+  <section>
+    <title>Zone and Chain Names</title>
+
+    <para>For a pair of zones, Shorewall creates two Netfilter chains; one for
+    connections in each direction. The names of these chains are formed by
+    separating the names of the two zones by either "2" or "-".</para>
+
+    <para>Example: Traffic from zone A to zone B would go through chain A2B
+    (think "A to B") or "A-B".</para>
+
+    <para>The default separator is "2" but you can override that by setting
+    ZONE_SEPARATOR="-" in <ulink
+    url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5).</para>
+
+    <para>Zones themselves have names that begin with a letter and are
+    composed of letters, numerals, and "_". The maximum length of a name is
+    dependent on the setting of LOGFORMAT in <ulink
+    url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5). See <ulink
+    url="manpages/shorewall-zones.html">shorewall-zones</ulink> (5) for
+    details.</para>
+  </section>
+
  <section id="Levels">
    <title>Shorewall Configurations</title>

--- a/manpages/shorewall.conf.xml
+++ b/manpages/shorewall.conf.xml
@ -954,6 +954,12 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
          that substring is not included then the rule number is not included.
          If not supplied or supplied as empty (LOGFORMAT="") then
          “Shorewall:%s:%s:” is assumed.</para>
+
+          <note>
+            <para>The setting of LOGFORMAT has an effect of the permitted
+            length of zone names. See <ulink
+            url="shorewall-zones.html">shorewall-zones</ulink> (5).</para>
+          </note>
        </listitem>
      </varlistentry>

--- a/manpages6/shorewall6.conf.xml
+++ b/manpages6/shorewall6.conf.xml
@ -836,6 +836,12 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
          that substring is not included then the rule number is not included.
          If not supplied or supplied as empty (LOGFORMAT="") then
          “Shorewall6:%s:%s:” is assumed.</para>
+
+          <note>
+            <para>The setting of LOGFORMAT has an effect of the permitted
+            length of zone names. See <ulink
+            url="shorewall6-zones.html">shorewall6-zones</ulink> (5).</para>
+          </note>
        </listitem>
      </varlistentry>