forked from extern/shorewall_code
Some more 3.2.0 Documentation Updates
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3893 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
0e62b7338f
commit
d31e897793
@ -1426,17 +1426,16 @@ DNAT net loc:192.168.1.5 tcp www
|
||||
|
||||
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
|
||||
...
|
||||
DNAT sam $FW tcp ssh
|
||||
ACCEPT+ sam $FW tcp ssh
|
||||
DNAT net loc:192.168.1.3 tcp ssh
|
||||
...</programlisting>
|
||||
|
||||
<para>The first rule allows Sam SSH access to the firewall. The second
|
||||
rule says that any clients from the net zone with the exception of those
|
||||
in the <quote>sam</quote> zone should have their connection port
|
||||
forwarded to 192.168.1.3. If you need to exclude more than one zone in
|
||||
this way, you can list the zones separated by commas (e.g.,
|
||||
net!sam,joe,fred). This technique also may be used when the ACTION is
|
||||
REDIRECT.</para>
|
||||
forwarded to 192.168.1.3. If you need to exclude more than one zone,
|
||||
simply use multiple ACCEPT+ rules. This technique also may be used when
|
||||
the ACTION is REDIRECT.</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
@ -1697,11 +1696,16 @@ DNAT net loc:192.168.1.3 tcp ssh
|
||||
url="Shorewall_and_Kazaa.html">Kazaa filtering</ulink>.</para>
|
||||
|
||||
<note>
|
||||
<para>When the protocol specified in the PROTO column is TCP
|
||||
<para>With Shorewall versions prior to 3.2.0, when the
|
||||
protocol specified in the PROTO column is TCP
|
||||
(<quote>tcp</quote>, <quote>TCP</quote> or
|
||||
<quote>6</quote>), Shorewall will only pass connection
|
||||
requests (SYN packets) to user space. This is for
|
||||
compatibility with ftwall.</para>
|
||||
|
||||
<para>With Shorewall version 3.2.0 and later, this special
|
||||
treatment no longer applies. Rather, use tcp:syn in the
|
||||
PROTOCOL column to acheive this behavior.</para>
|
||||
</note>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -1779,11 +1783,7 @@ ACCEPT<emphasis role="bold">:info</emphasis> - - tc
|
||||
<listitem>
|
||||
<para>Describes the source hosts to which the rule applies.. The
|
||||
contents of this field must begin with the name of a zone defined in
|
||||
/etc/shorewall/zones, $FW, <quote>all</quote> or "none". If the
|
||||
ACTION is DNAT or REDIRECT, sub-zones may be excluded from the rule
|
||||
by following the initial zone name with <quote>!</quote> and a
|
||||
comma-separated list of those sub-zones to be excluded. There is an
|
||||
<link linkend="Exclude">example</link> above.</para>
|
||||
/etc/shorewall/zones, $FW, <quote>all</quote> or "none".</para>
|
||||
|
||||
<para>If the source is "none" then the rule is ignored. This is most
|
||||
commonly used with <ulink
|
||||
|
Loading…
Reference in New Issue
Block a user