diff --git a/Shorewall-docs/shorewall_extension_scripts.xml b/Shorewall-docs/shorewall_extension_scripts.xml index 906279d24..b3c6949cb 100755 --- a/Shorewall-docs/shorewall_extension_scripts.xml +++ b/Shorewall-docs/shorewall_extension_scripts.xml @@ -2,7 +2,7 @@
- + Extension Scripts @@ -40,21 +40,21 @@ Extension scripts are user-provided scripts that are invoked at various points during firewall start, restart, stop and clear. The scripts are placed in /etc/shorewall and are processed using the Bourne shell - "source" mechanism. + source mechanism. Be sure that you actually need to use an extension script to do what you want. Shorewall has a wide range of features that cover most - requirements. + requirements. DO NOT SIMPLY COPY RULES THAT YOU FIND ON THE NET INTO AN EXTENSION SCRIPT AND EXPECT THEM TO WORK AND TO NOT BREAK SHOREWALL. TO USE SHOREWALL EXTENSION SCRIPTS YOU MUST KNOW WHAT YOU ARE DOING - WITH RESPECT TO iptables/Netfilter + WITH RESPECT TO iptables/Netfilter @@ -63,13 +63,12 @@ - init -- invoked early in "shorewall start" and - "shorewall restart" + init -- invoked early in shorewall start and + shorewall restart - start -- invoked after the firewall has been started or restarted. - + start -- invoked after the firewall has been started or restarted. @@ -78,22 +77,22 @@ - stopped -- invoked after the firewall has been stopped. + stopped -- invoked after the firewall has been stopped. - clear -- invoked after the firewall has been cleared. + clear -- invoked after the firewall has been cleared. refresh -- invoked while the firewall is being refreshed but - before the common and/or blacklst chains have been rebuilt. + before the common and/or blacklst chains have been rebuilt. newnotsyn (added in version 1.3.6) -- invoked after the - 'newnotsyn' chain has been created but before any rules have - been added to it. + newnotsyn chain has been created but before any rules + have been added to it. @@ -108,7 +107,7 @@ default rules are contained in the file /etc/shorewall/common.def which may be used as a starting point for making your own customized file. Rather than running iptables directly, you should run it using the function - run_iptables. Similarly, rather than running "ip" directly, you + run_iptables. Similarly, rather than running ip directly, you should use run_ip. These functions accept the same arguments as the underlying command but cause the firewall to be stopped if an error occurs during processing of the command. If you decide to create @@ -117,11 +116,10 @@ /etc/shorewall/common: . /etc/shorewall/common.def - <add your rules here> - + <add your rules here> If you need to supercede a rule in the released common.def file, you - can add the superceding rule before the '.' command. Using this + can add the superceding rule before the . command. Using this technique allows you to add new rules while still getting the benefit of the latest common.def file. Remember that /etc/shorewall/common defines rules that are only applied if the applicable policy is DROP or REJECT. These