From b61ee2d75e13ceb224b5b378063d629fb9be1d4b Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 1 Jan 2014 07:18:54 -0800 Subject: [PATCH] Manpage updates for IP[6]TABLES Signed-off-by: Tom Eastep --- Shorewall/manpages/shorewall-actions.xml | 14 +++++++++ Shorewall/manpages/shorewall-conntrack.xml | 21 +++++++++++++- Shorewall/manpages/shorewall-mangle.xml | 2 +- Shorewall/manpages/shorewall-rules.xml | 30 ++++++++++++++++++++ Shorewall6/manpages/shorewall6-actions.xml | 13 +++++++++ Shorewall6/manpages/shorewall6-conntrack.xml | 21 +++++++++++++- Shorewall6/manpages/shorewall6-mangle.xml | 2 +- 7 files changed, 99 insertions(+), 4 deletions(-) diff --git a/Shorewall/manpages/shorewall-actions.xml b/Shorewall/manpages/shorewall-actions.xml index 56bbbdfa1..f6313aa28 100644 --- a/Shorewall/manpages/shorewall-actions.xml +++ b/Shorewall/manpages/shorewall-actions.xml @@ -59,6 +59,20 @@ supported by Shorewall. The action may be used as the rule target in an INLINE rule in shorewall-rules(5). + + Beginning with Shorewall 4.6.0, the Netfilter table(s) + in which the builtin can be + used may be specified: filter, nat, mangle and raw. If no table name(s) are given, + then filter is assumed. The + table names follow builtin + and are separated by commas; for example, + "FOOBAR,filter,mangle" would specify FOOBAR as a builtin + target that can be used in the filter and mangle + tables. diff --git a/Shorewall/manpages/shorewall-conntrack.xml b/Shorewall/manpages/shorewall-conntrack.xml index c8e3c6c09..4c5aa6d8c 100644 --- a/Shorewall/manpages/shorewall-conntrack.xml +++ b/Shorewall/manpages/shorewall-conntrack.xml @@ -88,7 +88,7 @@ role="bold">NOTRACK|CT:helper:name[(arg=val[,...])|CT:notrack|DROP|LOG|ULOG(ulog-parameters):NFLOG(nflog-parameters)}[log-level[:log-tag]][:chain-designator] + role="bold">CT:notrack|DROP|LOG|ULOG(ulog-parameters):NFLOG(nflog-parameters)|IPTABLES(target)}[log-level[:log-tag]][:chain-designator] This column is only present when FORMAT >= 2. Values other @@ -250,6 +250,25 @@ will also be logged at that level. + + (target) + + Added in Shorewall 4.6.0. Allows you to specify any + iptables target with target options + (e.g., "IPTABLES(AUDIT --type drop)"). If the target is not one + recognized by Shorewall, the following error message will be + issued: + + + ERROR: Unknown target + (target) + + + This error message may be eliminated by adding + target as a builtin action in shorewall-actions(5). + + diff --git a/Shorewall/manpages/shorewall-mangle.xml b/Shorewall/manpages/shorewall-mangle.xml index ba219f85f..3463f5017 100644 --- a/Shorewall/manpages/shorewall-mangle.xml +++ b/Shorewall/manpages/shorewall-mangle.xml @@ -443,7 +443,7 @@ INLINE eth0 - ; -p tcp -j MARK --set-mark This error message may be eliminated by adding the target as a builtin action in shorewall-actions(5). + url="shorewall-actions.html">shorewall-actions(5). diff --git a/Shorewall/manpages/shorewall-rules.xml b/Shorewall/manpages/shorewall-rules.xml index 071dd51bb..88b4df638 100644 --- a/Shorewall/manpages/shorewall-rules.xml +++ b/Shorewall/manpages/shorewall-rules.xml @@ -472,6 +472,28 @@ + + IPTABLES({target + [option ...]) + + + This action allows you to specify an iptables target + with options (e.g., 'IPTABLES(MARK --set-xmark 0x01/0xff)'. If + the target is not one recognized by Shorewall, the following + error message will be issued: + + + ERROR: Unknown target + (target) + + + This error message may be eliminated by adding the + target as a builtin action in + shorewall-actions(5). + + + LOG:level @@ -863,6 +885,14 @@ + + + + + + + + DEST - {zone|zone-list[+]|{shorewall6-rules(5). + + Beginning with Shorewall 4.6.0, the Netfilter table(s) + in which the builtin can be + used may be specified: filter, nat, mangle and raw. If no table name(s) are given, + then filter is assumed. The + table names follow builtin and are separated by commas; for + example, "FOOBAR,filter,mangle" would specify FOOBAR as a + builtin target that can be used in the filter and mangle + tables. diff --git a/Shorewall6/manpages/shorewall6-conntrack.xml b/Shorewall6/manpages/shorewall6-conntrack.xml index a2b71296c..12184f741 100644 --- a/Shorewall6/manpages/shorewall6-conntrack.xml +++ b/Shorewall6/manpages/shorewall6-conntrack.xml @@ -88,7 +88,7 @@ role="bold">NOTRACK|CT:helper:name[(arg=val[,...])|CT:notrack|DROP|LOG|NFLOG(nflog-parameters)}[:log-level[:log-tag]][:chain-designator] + role="bold">CT:notrack|DROP|LOG|NFLOG(nflog-parameters)|IP6TABLES(target)}[:log-level[:log-tag]][:chain-designator] This column is only present when FORMAT >= 2. Values other @@ -250,6 +250,25 @@ will also be logged at that level. + + (target) + + Added in Shorewall 4.6.0. Allows you to specify any + iptables target with target options + (e.g., "IP6TABLES(AUDIT --type drop)"). If the target is not one + recognized by Shorewall, the following error message will be + issued: + + + ERROR: Unknown target + (target) + + + This error message may be eliminated by adding + target as a builtin action in shorewall6-actions(5). + + diff --git a/Shorewall6/manpages/shorewall6-mangle.xml b/Shorewall6/manpages/shorewall6-mangle.xml index cb75b9b1c..efb47d1ba 100644 --- a/Shorewall6/manpages/shorewall6-mangle.xml +++ b/Shorewall6/manpages/shorewall6-mangle.xml @@ -445,7 +445,7 @@ INLINE eth0 - ; -p tcp -j MARK --set-mark This error message may be eliminated by adding the target as a builtin action in shorewall6-actions(5). + url="shorewall6-actions.html">shorewall6-actions(5).