From c663f91ec7ede5c0d2a363734289928ff8e4ac31 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 19 Apr 2014 08:01:21 -0700 Subject: [PATCH] Add HEADERS to shorewall6-mangle(5) Signed-off-by: Tom Eastep --- Shorewall6/manpages/shorewall6-mangle.xml | 94 +++++++++++++++++++++++ 1 file changed, 94 insertions(+) diff --git a/Shorewall6/manpages/shorewall6-mangle.xml b/Shorewall6/manpages/shorewall6-mangle.xml index df70a0cfa..9772d079f 100644 --- a/Shorewall6/manpages/shorewall6-mangle.xml +++ b/Shorewall6/manpages/shorewall6-mangle.xml @@ -1035,6 +1035,100 @@ Normal-Service => 0x00 + + HEADERS - + [!][any:|exactly:]header-list + + + + The header-list consists of a + comma-separated list of headers from the following list. + + + + auth, ah, or 51 + + + Authentication Headers extension + header. + + + + + esp, or 50 + + + Encrypted Security Payload + extension header. + + + + + hop, hop-by-hop or 0 + + + Hop-by-hop options extension header. + + + + + route, ipv6-route or 41 + + + IPv6 Route extension header. + + + + + frag, ipv6-frag or 44 + + + IPv6 fragmentation extension header. + + + + + none, ipv6-nonxt or 59 + + + No next header + + + + + proto, protocol or 255 + + + Any protocol header. + + + + + If any: is specified, the + rule will match if any of the listed headers are present. If + exactly: is specified, the will + match packets that exactly include all specified headers. If neither + is given, any: is assumed. + + If ! is entered, the rule + will match those packets which would not be matched when ! is omitted. + + + PROBABILITY - [probability]