diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 959e1e224..07ef186bd 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -315,13 +315,12 @@ our $VERSION = 'MODULEVERSION'; # 'loglevel', 'synparams', 'synchain', 'audit' and 'default' only apply to policy chains. ########################################################################################################################################### # -# For each ordered pair of zones, there may exist a 'canonical rules chain' in the filter table; the name if this chain is formed by +# For each ordered pair of zones, there may exist a 'canonical rules chain' in the filter table; the name of this chain is formed by # joining the names of the zones using the ZONE_SEPARATOR ('2' or '-'). This chain contains the rules that specifically deal with # connections from the first zone to the second. These chains will end with the policy rules when EXPAND_POLICIES=Yes and when there is an # explicit policy for the order pair. Otherwise, unless the applicable policy is CONTINUE, the chain will terminate with a jump to a # wildcard policy chain (all[2-]zone, zone[2-]all, or all[2-]all). # -# # Except in the most trivial one-interface configurations, each zone has a "forward chain" which is branched to from the filter table # FORWARD chain. # @@ -366,11 +365,12 @@ our $VERSION = 'MODULEVERSION'; # Zone-pair chains for rules chain # # Syn Flood - @ -# Blacklist - ~ +# Blacklist - ~ # Established - ^ # Related - + # Invalid - _ # Untracked - & +# our %chain_table; our $raw_table; our $rawpost_table; diff --git a/docs/PacketMarking.xml b/docs/PacketMarking.xml index 98085768d..8f89fdadc 100644 --- a/docs/PacketMarking.xml +++ b/docs/PacketMarking.xml @@ -56,7 +56,7 @@ ethereal or any other packet sniffing program. They can be seen in an iptables/ip6tables trace -- see the iptrace command in shorewall(8) and shorewall(8) and shorewall6(8). Example (output has been folded for display ):