From bb3eda9845bc5584a23bba1ffb79c791e93d2195 Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 6 Oct 2008 19:52:59 +0000 Subject: [PATCH] Flesh out description of HELPER git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8755 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-common/changelog.txt | 2 +- manpages/shorewall-tcrules.xml | 11 ++++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/Shorewall-common/changelog.txt b/Shorewall-common/changelog.txt index 5db61f05d..958323853 100644 --- a/Shorewall-common/changelog.txt +++ b/Shorewall-common/changelog.txt @@ -1,6 +1,6 @@ Changes in Shorewall 4.2.1 -1) Added CONNBYTES to tcrules manpage. +1) Added CONNBYTES to tcrules manpage. Flesh out description of HELPER. 2) Fixed minor CONNBYTES editing issue. diff --git a/manpages/shorewall-tcrules.xml b/manpages/shorewall-tcrules.xml index cee19132a..41edd5ac1 100644 --- a/manpages/shorewall-tcrules.xml +++ b/manpages/shorewall-tcrules.xml @@ -555,7 +555,16 @@ Added in Shorewall-perl 4.2.0. Names a Netfiler protocol helper module such as , - , , etc. + , , etc. A packet will + match if it was accepted by the named helper module. You can also + append "-" and a port number to the helper module name (e.g., + ftp-21) to specify the port number + that the original connection was made on. + + Example: Mark all FTP data connections with mark + 4:#MARK/ SOURCE DEST PROTO PORT(S) SOURCE USER TEST LENGTH TOS CONNBYTES HELPER +#CLASSIFY PORT(S) +4 0.0.0.0/0 0.0.0.0/0 TCP - - - - - - - ftp