forked from extern/shorewall_code
Document tcp:!syn support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
a4768776f7
commit
e8a0142480
@ -729,7 +729,9 @@
|
|||||||
<member><option>icmp-admin-prohibited</option></member>
|
<member><option>icmp-admin-prohibited</option></member>
|
||||||
|
|
||||||
<member><option>icmp-tcp-reset</option> (the PROTO column
|
<member><option>icmp-tcp-reset</option> (the PROTO column
|
||||||
must specify TCP)</member>
|
must specify TCP). Beginning with Shorewall 5.1.3, this
|
||||||
|
option may also be specified as
|
||||||
|
<option>tcp-reset</option>.</member>
|
||||||
</simplelist>
|
</simplelist>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
@ -1592,7 +1594,7 @@
|
|||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis role="bold">PROTO</emphasis>- {<emphasis
|
<term><emphasis role="bold">PROTO</emphasis>- {<emphasis
|
||||||
role="bold">-</emphasis>|<emphasis
|
role="bold">-</emphasis>|<emphasis
|
||||||
role="bold">tcp:syn</emphasis>|<emphasis
|
role="bold">tcp:[!]syn</emphasis>|<emphasis
|
||||||
role="bold">ipp2p</emphasis>|<emphasis
|
role="bold">ipp2p</emphasis>|<emphasis
|
||||||
role="bold">ipp2p:udp</emphasis>|<emphasis
|
role="bold">ipp2p:udp</emphasis>|<emphasis
|
||||||
role="bold">ipp2p:all</emphasis>|<emphasis>protocol-number</emphasis>|<emphasis>protocol-name</emphasis>|<emphasis
|
role="bold">ipp2p:all</emphasis>|<emphasis>protocol-number</emphasis>|<emphasis>protocol-name</emphasis>|<emphasis
|
||||||
@ -1603,7 +1605,10 @@
|
|||||||
requires ipp2p match support in your kernel and iptables. <emphasis
|
requires ipp2p match support in your kernel and iptables. <emphasis
|
||||||
role="bold">tcp:syn</emphasis> implies <emphasis
|
role="bold">tcp:syn</emphasis> implies <emphasis
|
||||||
role="bold">tcp</emphasis> plus the SYN flag must be set and the
|
role="bold">tcp</emphasis> plus the SYN flag must be set and the
|
||||||
RST,ACK and FIN flags must be reset.</para>
|
RST, ACK and FIN flags must be reset. Beginning with Shorewall
|
||||||
|
5.1.3, you may also specify <emphasis
|
||||||
|
role="bold">tcp:!syn</emphasis>, which matches if SYN is not set or
|
||||||
|
if RST, ACK or FIN is set.</para>
|
||||||
|
|
||||||
<para>Beginning with Shorewall 4.4.19, this column can contain a
|
<para>Beginning with Shorewall 4.4.19, this column can contain a
|
||||||
comma-separated list of protocol-numbers and/or protocol
|
comma-separated list of protocol-numbers and/or protocol
|
||||||
|
@ -1392,7 +1392,7 @@
|
|||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis role="bold">PROTO</emphasis> - {<emphasis
|
<term><emphasis role="bold">PROTO</emphasis> - {<emphasis
|
||||||
role="bold">-</emphasis>|<emphasis
|
role="bold">-</emphasis>|<emphasis
|
||||||
role="bold">tcp:syn</emphasis>|<emphasis
|
role="bold">tcp:[!]syn</emphasis>|<emphasis
|
||||||
role="bold">ipp2p</emphasis>|<emphasis
|
role="bold">ipp2p</emphasis>|<emphasis
|
||||||
role="bold">ipp2p:udp</emphasis>|<emphasis
|
role="bold">ipp2p:udp</emphasis>|<emphasis
|
||||||
role="bold">ipp2p:all</emphasis>|<emphasis>protocol-number</emphasis>|<emphasis>protocol-name</emphasis>|<emphasis
|
role="bold">ipp2p:all</emphasis>|<emphasis>protocol-number</emphasis>|<emphasis>protocol-name</emphasis>|<emphasis
|
||||||
@ -1403,7 +1403,9 @@
|
|||||||
requires ipp2p match support in your kernel and ip6tables. <emphasis
|
requires ipp2p match support in your kernel and ip6tables. <emphasis
|
||||||
role="bold">tcp:syn</emphasis> implies <emphasis
|
role="bold">tcp:syn</emphasis> implies <emphasis
|
||||||
role="bold">tcp</emphasis> plus the SYN flag must be set and the
|
role="bold">tcp</emphasis> plus the SYN flag must be set and the
|
||||||
RST,ACK and FIN flags must be reset.</para>
|
RST,ACK and FIN flags must be reset. Beginning with Shorewall 5.1.3,
|
||||||
|
you may also specify <emphasis role="bold">tcp:!syn</emphasis>,
|
||||||
|
which matches if SYN is not set or if RST, ACK or FIN is set.</para>
|
||||||
|
|
||||||
<para>Beginning with Shorewall6 4.4.19, this column can contain a
|
<para>Beginning with Shorewall6 4.4.19, this column can contain a
|
||||||
comma-separated list of protocol-numbers and/or protocol names
|
comma-separated list of protocol-numbers and/or protocol names
|
||||||
|
Loading…
Reference in New Issue
Block a user