forked from extern/shorewall_code
Document filter priority algorithm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
e0f85edab3
commit
a581958042
@ -198,7 +198,32 @@
|
|||||||
<para>Added in Shorewall 4.5.8. Specifies the rule
|
<para>Added in Shorewall 4.5.8. Specifies the rule
|
||||||
<replaceable>priority</replaceable>. If not given,
|
<replaceable>priority</replaceable>. If not given,
|
||||||
<replaceable>priority</replaceable> 10 is assumed. The
|
<replaceable>priority</replaceable> 10 is assumed. The
|
||||||
<replaceable>priority</replaceable> value must be > 0.</para>
|
<replaceable>priority</replaceable> value must be > 0 and <=
|
||||||
|
65535.</para>
|
||||||
|
|
||||||
|
<para>When a <replaceable>priority</replaceable> is not
|
||||||
|
given:</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>For Shorewall versions prior to 4.5.8, all filters have
|
||||||
|
priority 10.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>For Shorewall 4.5.8 and later, the compiler maintains a
|
||||||
|
<firstterm>high-water priority</firstterm> that has an initial
|
||||||
|
value of 1. When a filter has no
|
||||||
|
<replaceable>priority</replaceable>, the high-water priority is
|
||||||
|
assigned to the filter and the high-wanter priority is
|
||||||
|
incremented by 1. When a <replaceable>priority</replaceable>
|
||||||
|
greater than or equal than the high-water priority is entered in
|
||||||
|
this column, the high-water priority is set to the specified
|
||||||
|
<replaceable>priority</replaceable> plus 1. An attempt to assign
|
||||||
|
a priority value greater than 65535 (explicitly or implicitly),
|
||||||
|
an error is raised.</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
<para>The default priority values used by other Shorewall-generated
|
<para>The default priority values used by other Shorewall-generated
|
||||||
filters are as follows:</para>
|
filters are as follows:</para>
|
||||||
|
@ -192,8 +192,32 @@
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Added in Shorewall 4.5.8. Specifies the rule priority. If not
|
<para>Added in Shorewall 4.5.8. Specifies the rule priority. If not
|
||||||
given, priority 11 is assumed. The priority value must be >
|
given, priority 11 is assumed. The priority value must be > 0 and
|
||||||
0.</para>
|
<= 65535.</para>
|
||||||
|
|
||||||
|
<para>When a <replaceable>priority</replaceable> is not
|
||||||
|
given:</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>For Shorewall versions prior to 4.5.8, all filters have
|
||||||
|
priority 11.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>For Shorewall 4.5.8 and later, the compiler maintains a
|
||||||
|
<firstterm>high-water priority</firstterm> that has an initial
|
||||||
|
value of 1. When a filter has no
|
||||||
|
<replaceable>priority</replaceable>, the high-water priority is
|
||||||
|
assigned to the filter and the high-wanter priority is
|
||||||
|
incremented by 1. When a <replaceable>priority</replaceable>
|
||||||
|
greater than or equal than the high-water priority is entered in
|
||||||
|
this column, the high-water priority is set to the specified
|
||||||
|
<replaceable>priority</replaceable> plus 1. An attempt to assign
|
||||||
|
a priority value greater than 65535 (explicitly or implicitly),
|
||||||
|
an error is raised.</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
<para>The default priority values used by other Shorewall-generated
|
<para>The default priority values used by other Shorewall-generated
|
||||||
filters are as follows:</para>
|
filters are as follows:</para>
|
||||||
|
Loading…
Reference in New Issue
Block a user