forked from extern/shorewall_code
Add NFQUEUE support
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7218 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
b64e6f2c2e
commit
a6ed41303b
@ -85,6 +85,7 @@
|
||||
role="bold">REJECT</emphasis>|<emphasis
|
||||
role="bold">CONTINUE</emphasis>|<emphasis
|
||||
role="bold">QUEUE</emphasis>|<emphasis
|
||||
role="bold">NFQUEUE</emphasis>[/<emphasis>queuenumber</emphasis>]|<emphasis
|
||||
role="bold">NONE</emphasis>}[<emphasis
|
||||
role="bold">:</emphasis>{<emphasis>default-action-or-macro</emphasis>|<emphasis
|
||||
role="bold">None</emphasis>}]</term>
|
||||
@ -158,6 +159,17 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>NFQUEUE</term>
|
||||
|
||||
<listitem>
|
||||
<para>Queue the request for a user-space application using the
|
||||
nfnetlink_queue mechanism. If a
|
||||
<replaceable>queuenumber</replaceable> is not given, queue
|
||||
zero (0) is assumed.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">CONTINUE</emphasis></term>
|
||||
|
||||
|
@ -123,7 +123,8 @@
|
||||
role="bold">CONTINUE</emphasis>[<option>!</option>]|<emphasis
|
||||
role="bold">LOG</emphasis>|<emphasis
|
||||
role="bold">QUEUE</emphasis>[<option>!</option>]|<emphasis
|
||||
role="bold">COMMENT</emphasis>|<emphasis>action</emphasis>|<emphasis>macro</emphasis>[<emphasis
|
||||
role="bold">NFQUEUE</emphasis>[/<emphasis>queuenumber</emphasis>]<emphasis
|
||||
role="bold">|COMMENT</emphasis>|<emphasis>action</emphasis>|<emphasis>macro</emphasis>[<emphasis
|
||||
role="bold">/</emphasis><emphasis>target</emphasis>]}<emphasis
|
||||
role="bold">[:</emphasis>{<emphasis>log-level</emphasis>|<emphasis
|
||||
role="bold">none</emphasis>}[<emphasis role="bold"><emphasis
|
||||
@ -341,6 +342,29 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>NFQUEUE</term>
|
||||
|
||||
<listitem>
|
||||
<para>Only supported by Shorewall-perl >= 4.0.3.</para>
|
||||
|
||||
<para>Queues the packet to a user-space application using the
|
||||
nfnetlink_queue mechanism. If a
|
||||
<replaceable>queuenumber</replaceable> is not specified, queue
|
||||
zero (0) is assumed.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>NFQUEUE!</term>
|
||||
|
||||
<listitem>
|
||||
<para>like NFQUEUE but exempts the rule from being suppressed
|
||||
by OPTIMIZE=1 in <ulink
|
||||
url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">COMMENT</emphasis></term>
|
||||
|
||||
|
@ -106,20 +106,30 @@
|
||||
role="bold">QUEUE_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis>macro</emphasis>|<emphasis
|
||||
role="bold">none</emphasis>}</term>
|
||||
|
||||
<listitem>
|
||||
<para></para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">NFQUEUE_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis>macro</emphasis>|<emphasis
|
||||
role="bold">none</emphasis>} (Shorewall-perl 4.0.3 and later)</term>
|
||||
|
||||
<listitem>
|
||||
<para>In earlier Shorewall versions, a "default action" for DROP and
|
||||
REJECT policies was specified in the file
|
||||
/usr/share/shorewall/actions.std.</para>
|
||||
|
||||
<para>To allow for default rules to be applied when USE_ACTIONS=No,
|
||||
the DROP_DEFAULT, REJECT_DEFAULT, ACCEPT_DEFAULT and QUEUE_DEFAULT
|
||||
options have been added.</para>
|
||||
the DROP_DEFAULT, REJECT_DEFAULT, ACCEPT_DEFAULT, QUEUE_DEFAULT and
|
||||
NFQUEUE_DEFAULT options have been added.</para>
|
||||
|
||||
<para>DROP_DEFAULT describes the rules to be applied before a
|
||||
connection request is dropped by a DROP policy; REJECT_DEFAULT
|
||||
describes the rules to be applied if a connection request is
|
||||
rejected by a REJECT policy. The other two are similar for ACCEPT
|
||||
and QUEUE policies.</para>
|
||||
rejected by a REJECT policy. The other three are similar for ACCEPT,
|
||||
QUEUE and NFQUEUE policies.</para>
|
||||
|
||||
<para>The value applied to these may be:</para>
|
||||
|
||||
@ -144,6 +154,8 @@
|
||||
<member>ACCEPT_DEFAULT="none"</member>
|
||||
|
||||
<member>QUEUE_DEFAULT="none"</member>
|
||||
|
||||
<member>NFQUEUE_DEFAULT="None"</member>
|
||||
</simplelist>
|
||||
|
||||
<para>If USE_ACTIONS=Yes, then these values refer to action.Drop and
|
||||
|
Loading…
Reference in New Issue
Block a user