holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Manpage updates for IP[6]TABLES

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2014-01-01 07:18:54 -08:00
parent 2c2aaf262c
commit b61ee2d75e
7 changed files with 99 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Shorewall/manpages/shorewall-actions.xml
View File

@ -59,6 +59,20 @@
supported by Shorewall. The action may be used as the rule
target in an INLINE rule in <ulink
url="shorewall-rules.html">shorewall-rules</ulink>(5).</para>
<para>Beginning with Shorewall 4.6.0, the Netfilter table(s)
in which the <emphasis role="bold">builtin</emphasis> can be
used may be specified: <emphasis
role="bold">filter</emphasis>, <emphasis
role="bold">nat</emphasis>, <emphasis
role="bold">mangle</emphasis> and <emphasis
role="bold">raw</emphasis>. If no table name(s) are given,
then <emphasis role="bold">filter</emphasis> is assumed. The
table names follow <emphasis role="bold">builtin</emphasis>
and are separated by commas; for example,
"FOOBAR,filter,mangle" would specify FOOBAR as a builtin
target that can be used in the filter and mangle
tables.</para>
</listitem>
</varlistentry>

21
Shorewall/manpages/shorewall-conntrack.xml
View File

@ -88,7 +88,7 @@
role="bold">NOTRACK</emphasis>|<emphasis
role="bold">CT</emphasis>:<emphasis
role="bold">helper</emphasis>:<replaceable>name</replaceable>[(<replaceable>arg</replaceable>=<replaceable>val</replaceable>[,...])|<emphasis
role="bold">CT:notrack</emphasis>|DROP|LOG|ULOG(<replaceable>ulog-parameters</replaceable>):NFLOG(<replaceable>nflog-parameters</replaceable>)}[<replaceable>log-level</replaceable>[:<replaceable>log-tag</replaceable>]][:<replaceable>chain-designator</replaceable>]</term>
role="bold">CT:notrack</emphasis>|DROP|LOG|ULOG(<replaceable>ulog-parameters</replaceable>):NFLOG(<replaceable>nflog-parameters</replaceable>)|IPTABLES(<replaceable>target</replaceable>)}[<replaceable>log-level</replaceable>[:<replaceable>log-tag</replaceable>]][:<replaceable>chain-designator</replaceable>]</term>
<listitem>
<para>This column is only present when FORMAT &gt;= 2. Values other
@ -250,6 +250,25 @@
will also be logged at that level.</para>
</listitem>
<listitem>
<para><option>IPTABLES</option>(<replaceable>target</replaceable>)</para>
<para>Added in Shorewall 4.6.0. Allows you to specify any
iptables <replaceable>target</replaceable> with target options
(e.g., "IPTABLES(AUDIT --type drop)"). If the target is not one
recognized by Shorewall, the following error message will be
issued:</para>
<simplelist>
<member>ERROR: Unknown target
(<replaceable>target</replaceable>)</member>
</simplelist>
<para>This error message may be eliminated by adding
<replaceable>target</replaceable> as a builtin action in <ulink
url="manpages/shorewall-actions.html">shorewall-actions(5)</ulink>.</para>
</listitem>
<listitem>
<para><option>LOG</option></para>

2
Shorewall/manpages/shorewall-mangle.xml
View File

@ -443,7 +443,7 @@ INLINE eth0 - ; -p tcp -j MARK --set-mark
<para>This error message may be eliminated by adding the
<replaceable>target</replaceable> as a builtin action in
<ulink
url="manpages/shorewall-actions.html">shorewall-actions(5)</ulink>.</para>
url="shorewall-actions.html">shorewall-actions(5)</ulink>.</para>
</listitem>
</varlistentry>

30
Shorewall/manpages/shorewall-rules.xml
View File

@ -472,6 +472,28 @@
</listitem>
</varlistentry>
<varlistentry>
<term>IPTABLES({<replaceable>target</replaceable>
[<replaceable>option</replaceable> ...])</term>
<listitem>
<para>This action allows you to specify an iptables target
with options (e.g., 'IPTABLES(MARK --set-xmark 0x01/0xff)'. If
the target is not one recognized by Shorewall, the following
error message will be issued:</para>
<simplelist>
<member>ERROR: Unknown target
(<replaceable>target</replaceable>)</member>
</simplelist>
<para>This error message may be eliminated by adding the
<replaceable>target</replaceable> as a builtin action in
<ulink
url="shorewall-actions.html">shorewall-actions(5)</ulink>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis
role="bold">LOG:<replaceable>level</replaceable></emphasis></term>
@ -863,6 +885,14 @@
</listitem>
</varlistentry>
<varlistentry>
<term></term>
<listitem>
<para></para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">DEST</emphasis> -
{<emphasis>zone</emphasis>|<emphasis>zone-list</emphasis>[+]|{<emphasis

13
Shorewall6/manpages/shorewall6-actions.xml
View File

@ -59,6 +59,19 @@
supported by Shorewall. The action may be used as the rule
target in an INLINE rule in <ulink
url="shorewall6-rules.html">shorewall6-rules</ulink>(5).</para>
<para>Beginning with Shorewall 4.6.0, the Netfilter table(s)
in which the <emphasis role="bold">builtin</emphasis> can be
used may be specified: <emphasis
role="bold">filter</emphasis>, <emphasis
role="bold">nat</emphasis>, <emphasis
role="bold">mangle</emphasis> and <emphasis
role="bold">raw</emphasis>. If no table name(s) are given,
then <emphasis role="bold">filter</emphasis> is assumed. The
table names follow builtin and are separated by commas; for
example, "FOOBAR,filter,mangle" would specify FOOBAR as a
builtin target that can be used in the filter and mangle
tables.</para>
</listitem>
</varlistentry>

21
Shorewall6/manpages/shorewall6-conntrack.xml
View File

@ -88,7 +88,7 @@
role="bold">NOTRACK</emphasis>|<emphasis
role="bold">CT</emphasis>:<emphasis
role="bold">helper</emphasis>:<replaceable>name</replaceable>[(<replaceable>arg</replaceable>=<replaceable>val</replaceable>[,...])|<emphasis
role="bold">CT:notrack</emphasis>|DROP|LOG|NFLOG(<replaceable>nflog-parameters</replaceable>)}[:<replaceable>log-level</replaceable>[:<replaceable>log-tag</replaceable>]][:<replaceable>chain-designator</replaceable>]</term>
role="bold">CT:notrack</emphasis>|DROP|LOG|NFLOG(<replaceable>nflog-parameters</replaceable>)|IP6TABLES(<replaceable>target</replaceable>)}[:<replaceable>log-level</replaceable>[:<replaceable>log-tag</replaceable>]][:<replaceable>chain-designator</replaceable>]</term>
<listitem>
<para>This column is only present when FORMAT &gt;= 2. Values other
@ -250,6 +250,25 @@
will also be logged at that level.</para>
</listitem>
<listitem>
<para><option>IP6TABLES</option>(<replaceable>target</replaceable>)</para>
<para>Added in Shorewall 4.6.0. Allows you to specify any
iptables <replaceable>target</replaceable> with target options
(e.g., "IP6TABLES(AUDIT --type drop)"). If the target is not one
recognized by Shorewall, the following error message will be
issued:</para>
<simplelist>
<member>ERROR: Unknown target
(<replaceable>target</replaceable>)</member>
</simplelist>
<para>This error message may be eliminated by adding
<replaceable>target</replaceable> as a builtin action in <ulink
url="manpages/shorewall-actions.html">shorewall6-actions(5)</ulink>.</para>
</listitem>
<listitem>
<para><option>LOG</option></para>

2
Shorewall6/manpages/shorewall6-mangle.xml
View File

@ -445,7 +445,7 @@ INLINE eth0 - ; -p tcp -j MARK --set-mark
<para>This error message may be eliminated by adding the
<replaceable>target</replaceable> as a builtin action in
<ulink
url="manpages6/shorewall6-actions.html">shorewall6-actions(5)</ulink>.</para>
url="shorewall6-actions.html">shorewall6-actions(5)</ulink>.</para>
</listitem>
</varlistentry>