forked from extern/shorewall_code
Merge branch '4.5.21'
This commit is contained in:
Tom Eastep
commit
f22dfcaa75
@ -74,6 +74,20 @@
|
|||||||
and can be configured to log all Shorewall messages to their own log
|
and can be configured to log all Shorewall messages to their own log
|
||||||
file.</para>
|
file.</para>
|
||||||
|
|
||||||
|
<note>
|
||||||
|
<para>If you want to specify parameters to ULOG or NFLOG (e.g.,
|
||||||
|
NFLOG(1,0,1)), then you must either quote the setting or you must escape
|
||||||
|
the parentheses.</para>
|
||||||
|
|
||||||
|
<para>Examples:</para>
|
||||||
|
|
||||||
|
<programlisting>MACLIST_LOG_LEVEL="NFLOG(1,0,1)"</programlisting>
|
||||||
|
|
||||||
|
<para>or</para>
|
||||||
|
|
||||||
|
<programlisting>MACLIST_LOG_LEVEL=NFLOG\(1,0,1\)</programlisting>
|
||||||
|
</note>
|
||||||
|
|
||||||
<para>Beginning with Shorewall 4.4.22, LOGMARK is also a valid level which
|
<para>Beginning with Shorewall 4.4.22, LOGMARK is also a valid level which
|
||||||
logs the packet's mark value along with the other usual information. The
|
logs the packet's mark value along with the other usual information. The
|
||||||
syntax is:</para>
|
syntax is:</para>
|
||||||
|
|||||||
@ -73,6 +73,20 @@
|
|||||||
and can be configured to log all Shorewall6 message to their own log
|
and can be configured to log all Shorewall6 message to their own log
|
||||||
file</para>
|
file</para>
|
||||||
|
|
||||||
|
<note>
|
||||||
|
<para>If you want to specify parameters to ULOG or NFLOG (e.g.,
|
||||||
|
NFLOG(1,0,1)), then you must either quote the setting or you must escape
|
||||||
|
the parentheses.</para>
|
||||||
|
|
||||||
|
<para>Examples:</para>
|
||||||
|
|
||||||
|
<programlisting>MACLIST_LOG_LEVEL="NFLOG(1,0,1)"</programlisting>
|
||||||
|
|
||||||
|
<para>or</para>
|
||||||
|
|
||||||
|
<programlisting>MACLIST_LOG_LEVEL=NFLOG\(1,0,1\)</programlisting>
|
||||||
|
</note>
|
||||||
|
|
||||||
<para>The following options may be set in shorewall6.conf.</para>
|
<para>The following options may be set in shorewall6.conf.</para>
|
||||||
|
|
||||||
<variablelist>
|
<variablelist>
|
||||||
|
|||||||
@ -22,6 +22,8 @@
|
|||||||
|
|
||||||
<year>2010</year>
|
<year>2010</year>
|
||||||
|
|
||||||
|
<year>2013</year>
|
||||||
|
|
||||||
<holder>Thomas M. Eastep</holder>
|
<holder>Thomas M. Eastep</holder>
|
||||||
</copyright>
|
</copyright>
|
||||||
|
|
||||||
@ -120,6 +122,14 @@ forwardUPnP net loc</programlisting>
|
|||||||
<para>Shorewall versions prior to 4.4.10 do not retain the dynamic rules
|
<para>Shorewall versions prior to 4.4.10 do not retain the dynamic rules
|
||||||
added by linux-idg over a <command>shorewall restart</command>.</para>
|
added by linux-idg over a <command>shorewall restart</command>.</para>
|
||||||
</caution>
|
</caution>
|
||||||
|
|
||||||
|
<para>If your firewall->loc policy is not ACCEPT, then you also need to
|
||||||
|
allow UDP traffic from the fireawll to the local zone.</para>
|
||||||
|
|
||||||
|
<programlisting>ACCEPT $FW loc udp - <<replaceable>dynamic port range</replaceable>></programlisting>
|
||||||
|
|
||||||
|
<para>The dynamic port range is obtained by <emphasis role="bold">cat
|
||||||
|
/proc/sys/net/ip_local_port_range</emphasis>.</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user