Bring masq file ipsec capability in line with documentation

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1880 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-01-01 16:51:00 +00:00
parent db822c621e
commit d7b00b618e

View File

@ -15,7 +15,7 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2004-12-11</pubdate> <pubdate>2004-12-31</pubdate>
<copyright> <copyright>
<year>2001-2004</year> <year>2001-2004</year>
@ -2223,6 +2223,67 @@ eth0 192.168.1.0/24 :4000-5000 tcp</programlisting>
</itemizedlist> </itemizedlist>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>IPSEC (Added in Shorewall version 2.2.0)</term>
<listitem>
<para>If you specify a value other than "-" in this column, you must
be running kernel 2.6 and your kernel and iptables must include
policy match support.</para>
<para>The value in this column is a comma-separated list of options
from the following. Only packets that will be encrypted via an SA
that matches these options will have their source address
changed.</para>
<itemizedlist>
<listitem>
<para>Yes or yes ― Match any SA. Normally used as the only
option.</para>
</listitem>
<listitem>
<para>reqid=&lt;<emphasis>number</emphasis>&gt; where
&lt;<emphasis>number</emphasis>&gt; is specified using setkey(8)
using the 'unique:&lt;<emphasis>number</emphasis>&gt;' option
for the SPD level.</para>
</listitem>
<listitem>
<para>spi=&lt;<emphasis>number</emphasis>&gt; where
&lt;<emphasis>number</emphasis>&gt; is the SPI of the SA.</para>
</listitem>
<listitem>
<para>proto=ah|esp|ipcomp</para>
</listitem>
<listitem>
<para>mode=transport|tunnel</para>
</listitem>
<listitem>
<para>tunnel-src=&lt;<emphasis>address</emphasis>&gt;[/&lt;<emphasis>mask</emphasis>&gt;]
(only available with mode=tunnel)</para>
</listitem>
<listitem>
<para>tunnel-dst=&lt;<emphasis>address</emphasis>&gt;[/&lt;<emphasis>mask</emphasis>&gt;]
(only available with mode=tunnel)</para>
</listitem>
<listitem>
<para>strict — Means that packets must match all rules.</para>
</listitem>
<listitem>
<para>next — Separates rules; can only be used with
strict.</para>
</listitem>
</itemizedlist>
</listitem>
</varlistentry>
</variablelist> </variablelist>
<example> <example>