forked from extern/shorewall_code
Make clear the relationship between logdrop, logreject and BLACKLIST_LOGLEVEL
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9330 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
827ad9a86c
commit
e0fc80bed5
@ -415,7 +415,7 @@ EOF
|
|||||||
if [ -f ${VARDIR}/proxyarp ]; then
|
if [ -f ${VARDIR}/proxyarp ]; then
|
||||||
while read address interface external haveroute; do
|
while read address interface external haveroute; do
|
||||||
qt arp -i $external -d $address pub
|
qt arp -i $external -d $address pub
|
||||||
[ -z "${haveroute}${NOROUTES}" ] && qt ip route del $address dev $interface
|
[ -z "${haveroute}${NOTCR}" ] && qt ip route del $address dev $interface
|
||||||
f=/proc/sys/net/ipv4/conf/$interface/proxy_arp
|
f=/proc/sys/net/ipv4/conf/$interface/proxy_arp
|
||||||
[ -f $f ] && echo 0 > $f
|
[ -f $f ] && echo 0 > $f
|
||||||
done < ${VARDIR}/proxyarp
|
done < ${VARDIR}/proxyarp
|
||||||
@ -709,7 +709,12 @@ sub generate_script_4($) {
|
|||||||
emit 'load_kernel_modules Yes';
|
emit 'load_kernel_modules Yes';
|
||||||
}
|
}
|
||||||
|
|
||||||
emit '';
|
emit ( '',
|
||||||
|
'if [ -n "$TCRONLY" ]; then' ,
|
||||||
|
' delete_tc1' ,
|
||||||
|
'else' );
|
||||||
|
|
||||||
|
push_indent;
|
||||||
|
|
||||||
if ( $family == F_IPV4 ) {
|
if ( $family == F_IPV4 ) {
|
||||||
for my $interface ( @{find_interfaces_by_option 'norfc1918'} ) {
|
for my $interface ( @{find_interfaces_by_option 'norfc1918'} ) {
|
||||||
@ -742,7 +747,6 @@ sub generate_script_4($) {
|
|||||||
"fi\n" );
|
"fi\n" );
|
||||||
}
|
}
|
||||||
|
|
||||||
emit "delete_tc1\n" if $config{CLEAR_TC};
|
|
||||||
emit "disable_ipv6\n" if $config{DISABLE_IPV6};
|
emit "disable_ipv6\n" if $config{DISABLE_IPV6};
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
@ -752,19 +756,25 @@ sub generate_script_4($) {
|
|||||||
''
|
''
|
||||||
);
|
);
|
||||||
|
|
||||||
emit "delete_tc1\n" if $config{CLEAR_TC};
|
|
||||||
}
|
}
|
||||||
|
|
||||||
emit '';
|
emit qq([ -n "\$NOTCR" ] && delete_tc1\n) if $config{CLEAR_TC};
|
||||||
|
|
||||||
|
pop_indent;
|
||||||
|
|
||||||
|
emit 'fi';
|
||||||
|
|
||||||
set_global_variables;
|
set_global_variables;
|
||||||
|
|
||||||
emit '';
|
emit '';
|
||||||
|
|
||||||
emit( 'setup_common_rules',
|
emit( '[ -n "$TCRONLY" ] && setup_common_rules',
|
||||||
'',
|
'',
|
||||||
'setup_routing_and_traffic_shaping',
|
'[ -n "$NOTCR" ] || setup_routing_and_traffic_shaping',
|
||||||
'');
|
'',
|
||||||
|
'if [ -z "$TCRONLY" ]; then' );
|
||||||
|
|
||||||
|
push_indent;
|
||||||
|
|
||||||
emit 'cat > ${VARDIR}/proxyarp << __EOF__';
|
emit 'cat > ${VARDIR}/proxyarp << __EOF__';
|
||||||
dump_proxy_arp;
|
dump_proxy_arp;
|
||||||
@ -834,6 +844,12 @@ EOF
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
date > ${VARDIR}/restarted
|
date > ${VARDIR}/restarted
|
||||||
|
EOF
|
||||||
|
|
||||||
|
pop_indent;
|
||||||
|
|
||||||
|
emit 'fi';
|
||||||
|
emit<<'EOF';
|
||||||
|
|
||||||
case $COMMAND in
|
case $COMMAND in
|
||||||
start)
|
start)
|
||||||
|
@ -123,7 +123,7 @@ sub setup_route_filtering() {
|
|||||||
emit 'echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter';
|
emit 'echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter';
|
||||||
}
|
}
|
||||||
|
|
||||||
emit "[ -n \"\$NOROUTES\" ] || ip -4 route flush cache";
|
emit "[ -n \"\$NOTCR\" ] || ip -4 route flush cache";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -568,7 +568,7 @@ sub setup_providers() {
|
|||||||
|
|
||||||
fatal_error "A non-empty providers file is not permitted with MANGLE_ENABLED=No" unless $config{MANGLE_ENABLED};
|
fatal_error "A non-empty providers file is not permitted with MANGLE_ENABLED=No" unless $config{MANGLE_ENABLED};
|
||||||
|
|
||||||
emit "\nif [ -z \"\$NOROUTES\" ]; then";
|
emit "\nif [ -z \"\$NOTCR\" ]; then";
|
||||||
|
|
||||||
push_indent;
|
push_indent;
|
||||||
|
|
||||||
@ -708,7 +708,7 @@ sub setup_providers() {
|
|||||||
emit "\nundo_routing";
|
emit "\nundo_routing";
|
||||||
emit 'restore_default_route';
|
emit 'restore_default_route';
|
||||||
if ( $config{NULL_ROUTE_RFC1918} ) {
|
if ( $config{NULL_ROUTE_RFC1918} ) {
|
||||||
emit "\nif [ -z \"\$NOROUTES\" ]; then";
|
emit "\nif [ -z \"\$NOTCR\" ]; then";
|
||||||
|
|
||||||
push_indent;
|
push_indent;
|
||||||
|
|
||||||
|
@ -79,7 +79,7 @@ sub setup_one_proxy_arp( $$$$$ ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
unless ( $haveroute ) {
|
unless ( $haveroute ) {
|
||||||
emit "[ -n \"\$NOROUTES\" ] || run_ip route replace $address dev $interface";
|
emit "run_ip route replace $address dev $interface";
|
||||||
$haveroute = 1 if $persistent;
|
$haveroute = 1 if $persistent;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -23,6 +23,8 @@ fi
|
|||||||
|
|
||||||
initialize
|
initialize
|
||||||
|
|
||||||
|
[ -n "${PRODUCT:=Shorewall}" ]
|
||||||
|
|
||||||
finished=0
|
finished=0
|
||||||
|
|
||||||
while [ $finished -eq 0 -a $# -gt 0 ]; do
|
while [ $finished -eq 0 -a $# -gt 0 ]; do
|
||||||
@ -43,8 +45,23 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
|
|||||||
VERBOSE=$(($VERBOSE - 1 ))
|
VERBOSE=$(($VERBOSE - 1 ))
|
||||||
option=${option#q}
|
option=${option#q}
|
||||||
;;
|
;;
|
||||||
|
t)
|
||||||
|
if [ -n "$NOTCR" ]; then
|
||||||
|
error_message "The 'n' and 't' options are mutually exclusive"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
TCRONLY=Yes
|
||||||
|
option=${option#t}
|
||||||
|
PRODUCT="$PRODUCT Traffic Control and Routing"
|
||||||
|
;;
|
||||||
n*)
|
n*)
|
||||||
NOROUTES=Yes
|
if [ -n "$TCRONLY" ]; then
|
||||||
|
error_message "The 'n' and 't' options are mutually exclusive"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
NOTCR=Yes
|
||||||
option=${option#n}
|
option=${option#n}
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
@ -62,12 +79,15 @@ done
|
|||||||
|
|
||||||
COMMAND="$1"
|
COMMAND="$1"
|
||||||
|
|
||||||
[ -n "${PRODUCT:=Shorewall}" ]
|
|
||||||
|
|
||||||
case "$COMMAND" in
|
case "$COMMAND" in
|
||||||
start)
|
start)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
if shorewall_is_started; then
|
if [ -n "$TCRONLY" ]; then
|
||||||
|
progress_message3 "Starting $PRODUCT...."
|
||||||
|
define_firewall
|
||||||
|
status=$?
|
||||||
|
progress_message3 "done."
|
||||||
|
elif shorewall6_is_started; then
|
||||||
error_message "$PRODUCT is already Running"
|
error_message "$PRODUCT is already Running"
|
||||||
status=0
|
status=0
|
||||||
else
|
else
|
||||||
@ -81,13 +101,20 @@ case "$COMMAND" in
|
|||||||
stop)
|
stop)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
progress_message3 "Stopping $PRODUCT...."
|
progress_message3 "Stopping $PRODUCT...."
|
||||||
|
if [ -n "$TCRONLY" ]; then
|
||||||
|
delete_tc1
|
||||||
|
else
|
||||||
stop_firewall
|
stop_firewall
|
||||||
|
fi
|
||||||
status=0
|
status=0
|
||||||
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
|
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
|
||||||
progress_message3 "done."
|
progress_message3 "done."
|
||||||
;;
|
;;
|
||||||
reset)
|
reset)
|
||||||
if ! shorewall_is_started ; then
|
if [ -n "${NOTCR}$"{TCRONLY} ]; then
|
||||||
|
error_message "The -n and -t options may not be used with 'reset'"
|
||||||
|
status=1
|
||||||
|
elif ! shorewall_is_started ; then
|
||||||
error_message "$PRODUCT is not running"
|
error_message "$PRODUCT is not running"
|
||||||
status=2
|
status=2
|
||||||
elif [ $# -eq 1 ]; then
|
elif [ $# -eq 1 ]; then
|
||||||
@ -133,7 +160,10 @@ case "$COMMAND" in
|
|||||||
;;
|
;;
|
||||||
refresh)
|
refresh)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
if shorewall_is_started; then
|
if [ -n "${NOTCR}$"{TCRONLY} ]; then
|
||||||
|
error_message "The -n and -t options may not be used with 'refresh'"
|
||||||
|
status=1
|
||||||
|
elif shorewall_is_started; then
|
||||||
progress_message3 "Refreshing $PRODUCT...."
|
progress_message3 "Refreshing $PRODUCT...."
|
||||||
define_firewall
|
define_firewall
|
||||||
status=$?
|
status=$?
|
||||||
@ -145,19 +175,29 @@ case "$COMMAND" in
|
|||||||
;;
|
;;
|
||||||
restore)
|
restore)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
|
if [ -n "${NOTCR}$"{TCRONLY} ]; then
|
||||||
|
error_message "The -n and -t options may not be used with 'restart'"
|
||||||
|
status=1
|
||||||
|
else
|
||||||
define_firewall
|
define_firewall
|
||||||
status=$?
|
status=$?
|
||||||
if [ -n "$SUBSYSLOCK" ]; then
|
if [ -n "$SUBSYSLOCK" ]; then
|
||||||
[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
|
[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
clear)
|
clear)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
|
if [ -n "${NOTCR}$"{TCRONLY} ]; then
|
||||||
|
error_message "The -n and -t options may not be used with 'clear'"
|
||||||
|
status=1
|
||||||
|
else
|
||||||
progress_message3 "Clearing $PRODUCT...."
|
progress_message3 "Clearing $PRODUCT...."
|
||||||
clear_firewall
|
clear_firewall
|
||||||
status=0
|
status=0
|
||||||
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
|
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
|
||||||
progress_message3 "done."
|
progress_message3 "done."
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
status)
|
status)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
# Give Usage Information
|
# Give Usage Information
|
||||||
#
|
#
|
||||||
usage() {
|
usage() {
|
||||||
echo "Usage: $0 [ -q ] [ -v ] [ -n ] [ start|stop|clear|reset|refresh|restart|status|version ]"
|
echo "Usage: $0 [ -q ] [ -v ] [ -n ] [ -t ] [ start|stop|clear|reset|refresh|restart|status|version ]"
|
||||||
exit $1
|
exit $1
|
||||||
}
|
}
|
||||||
################################################################################
|
################################################################################
|
||||||
@ -43,8 +43,23 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
|
|||||||
VERBOSE=$(($VERBOSE - 1 ))
|
VERBOSE=$(($VERBOSE - 1 ))
|
||||||
option=${option#q}
|
option=${option#q}
|
||||||
;;
|
;;
|
||||||
|
t)
|
||||||
|
if [ -n "$NOTCR" ]; then
|
||||||
|
error_message "The -n and -t options are mutually exclusive"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
TCRONLY=Yes
|
||||||
|
option=${option#t}
|
||||||
|
PRODUCT="$PRODUCT Traffic Control and Routing"
|
||||||
|
;;
|
||||||
n*)
|
n*)
|
||||||
NOROUTES=Yes
|
if [ -n "$TCRONLY" ]; then
|
||||||
|
error_message "The -n and -t options are mutually exclusive"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
NOTCR=Yes
|
||||||
option=${option#n}
|
option=${option#n}
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
@ -72,7 +87,12 @@ else
|
|||||||
case "$COMMAND" in
|
case "$COMMAND" in
|
||||||
start)
|
start)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
if shorewall6_is_started; then
|
if [ -n "$TCRONLY" ]; then
|
||||||
|
progress_message3 "Starting $PRODUCT...."
|
||||||
|
define_firewall
|
||||||
|
status=$?
|
||||||
|
progress_message3 "done."
|
||||||
|
elif shorewall6_is_started; then
|
||||||
error_message "$PRODUCT is already Running"
|
error_message "$PRODUCT is already Running"
|
||||||
status=0
|
status=0
|
||||||
else
|
else
|
||||||
@ -86,13 +106,20 @@ else
|
|||||||
stop)
|
stop)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
progress_message3 "Stopping $PRODUCT...."
|
progress_message3 "Stopping $PRODUCT...."
|
||||||
|
if [ -n "$TCRONLY" ]; then
|
||||||
|
delete_tc1
|
||||||
|
else
|
||||||
stop_firewall
|
stop_firewall
|
||||||
|
fi
|
||||||
status=0
|
status=0
|
||||||
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
|
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
|
||||||
progress_message3 "done."
|
progress_message3 "done."
|
||||||
;;
|
;;
|
||||||
reset)
|
reset)
|
||||||
if ! shorewall6_is_started ; then
|
if [ -n "${NOTCR}$"{TCRONLY} ]; then
|
||||||
|
error_message "The -n and -t options may not be used with 'reset'"
|
||||||
|
status=1
|
||||||
|
elif ! shorewall6_is_started ; then
|
||||||
error_message "$PRODUCT is not running"
|
error_message "$PRODUCT is not running"
|
||||||
status=2
|
status=2
|
||||||
elif [ $# -eq 1 ]; then
|
elif [ $# -eq 1 ]; then
|
||||||
@ -121,6 +148,11 @@ else
|
|||||||
;;
|
;;
|
||||||
restart)
|
restart)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
|
if [ -n "$TCRONLY" ]; then
|
||||||
|
progress_message3 "Restarting $PRODUCT...."
|
||||||
|
define_firewall
|
||||||
|
status=$?
|
||||||
|
else
|
||||||
if shorewall6_is_started; then
|
if shorewall6_is_started; then
|
||||||
progress_message3 "Restarting $PRODUCT...."
|
progress_message3 "Restarting $PRODUCT...."
|
||||||
else
|
else
|
||||||
@ -133,11 +165,16 @@ else
|
|||||||
if [ -n "$SUBSYSLOCK" ]; then
|
if [ -n "$SUBSYSLOCK" ]; then
|
||||||
[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
|
[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
progress_message3 "done."
|
progress_message3 "done."
|
||||||
;;
|
;;
|
||||||
refresh)
|
refresh)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
if shorewall6_is_started; then
|
if [ -n "${NOTCR}$"{TCRONLY} ]; then
|
||||||
|
error_message "The -n and -t options may not be used with 'refresh'"
|
||||||
|
status=1
|
||||||
|
elif shorewall6_is_started; then
|
||||||
progress_message3 "Refreshing $PRODUCT...."
|
progress_message3 "Refreshing $PRODUCT...."
|
||||||
define_firewall
|
define_firewall
|
||||||
status=$?
|
status=$?
|
||||||
@ -149,19 +186,29 @@ else
|
|||||||
;;
|
;;
|
||||||
restore)
|
restore)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
|
if [ -n "${NOTCR}$"{TCRONLY} ]; then
|
||||||
|
error_message "The -n and -t options may not be used with 'restore'"
|
||||||
|
status=1
|
||||||
|
else
|
||||||
define_firewall
|
define_firewall
|
||||||
status=$?
|
status=$?
|
||||||
if [ -n "$SUBSYSLOCK" ]; then
|
if [ -n "$SUBSYSLOCK" ]; then
|
||||||
[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
|
[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
clear)
|
clear)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
|
if [ -n "${NOTCR}$"{TCRONLY} ]; then
|
||||||
|
error_message "The -n and -t options may not be used with 'restore'"
|
||||||
|
status=1
|
||||||
|
else
|
||||||
progress_message3 "Clearing $PRODUCT...."
|
progress_message3 "Clearing $PRODUCT...."
|
||||||
clear_firewall
|
clear_firewall
|
||||||
status=0
|
status=0
|
||||||
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
|
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
|
||||||
progress_message3 "done."
|
progress_message3 "done."
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
status)
|
status)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
|
13
docs/FAQ.xml
13
docs/FAQ.xml
@ -1611,6 +1611,19 @@ modprobe: Can't locate module iptable_raw</programlisting>
|
|||||||
Shorewall probes your system to determine the features that it support.
|
Shorewall probes your system to determine the features that it support.
|
||||||
They are completely harmless.</para>
|
They are completely harmless.</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section id="faq81">
|
||||||
|
<title>(FAQ 81) logdrop and logreject don't log.</title>
|
||||||
|
|
||||||
|
<para>I love the ability to type 'shorewall logdrop ww.xx.yy.zz' and
|
||||||
|
>> completely block a particular IP address. However, the log part
|
||||||
|
doesn't happen. When I look in the logdrop chain, there is no LOG
|
||||||
|
prefix.</para>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Answer</emphasis>: You haven't set a value
|
||||||
|
for BLACKLIST_LOGLEVEL in <ulink
|
||||||
|
url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5).</para>
|
||||||
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="Routing">
|
<section id="Routing">
|
||||||
|
@ -919,7 +919,9 @@
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Causes traffic from the listed <emphasis>address</emphasis>es
|
<para>Causes traffic from the listed <emphasis>address</emphasis>es
|
||||||
to be logged then discarded.</para>
|
to be logged then discarded. Logging occurs at the log level
|
||||||
|
specified by the BLACKLIST_LOGLEVEL setting in <ulink
|
||||||
|
url="shorewall.conf.html">shorewall.conf</ulink> (5).</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -946,7 +948,9 @@
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Causes traffic from the listed <emphasis>address</emphasis>es
|
<para>Causes traffic from the listed <emphasis>address</emphasis>es
|
||||||
to be logged then rejected.</para>
|
to be logged then rejected. Logging occurs at the log level
|
||||||
|
specified by the BLACKLIST_LOGLEVEL setting in <ulink
|
||||||
|
url="shorewall.conf.html">shorewall.conf</ulink> (5).</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
@ -721,7 +721,9 @@
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Causes traffic from the listed <emphasis>address</emphasis>es
|
<para>Causes traffic from the listed <emphasis>address</emphasis>es
|
||||||
to be logged then discarded.</para>
|
to be logged then discarded. Logging occurs at the log level
|
||||||
|
specified by the BLACKLIST_LOGLEVEL setting in <ulink
|
||||||
|
url="shorewall6.conf.html">shorewall6.conf</ulink> (5).</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -748,7 +750,9 @@
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Causes traffic from the listed <emphasis>address</emphasis>es
|
<para>Causes traffic from the listed <emphasis>address</emphasis>es
|
||||||
to be logged then rejected.</para>
|
to be logged then rejected. Logging occurs at the log level
|
||||||
|
specified by the BLACKLIST_LOGLEVEL setting in <ulink
|
||||||
|
url="shorewall6.conf.html">shorewall6.conf</ulink> (5).</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user