Merge branch '4.5.21'

2013-12-08 09:02:44 -08:00 · 2013-12-08 09:02:44 -08:00 · f22dfcaa75
commit f22dfcaa75
parent 95abeaea24 d71c2688dc
3 changed files with 38 additions and 0 deletions
--- a/Shorewall/manpages/shorewall.conf.xml
+++ b/Shorewall/manpages/shorewall.conf.xml
@ -74,6 +74,20 @@
    and can be configured to log all Shorewall messages to their own log
    file.</para>

+    <note>
+      <para>If you want to specify parameters to ULOG or NFLOG (e.g.,
+      NFLOG(1,0,1)), then you must either quote the setting or you must escape
+      the parentheses.</para>
+
+      <para>Examples:</para>
+
+      <programlisting>MACLIST_LOG_LEVEL="NFLOG(1,0,1)"</programlisting>
+
+      <para>or</para>
+
+      <programlisting>MACLIST_LOG_LEVEL=NFLOG\(1,0,1\)</programlisting>
+    </note>
+
    <para>Beginning with Shorewall 4.4.22, LOGMARK is also a valid level which
    logs the packet's mark value along with the other usual information. The
    syntax is:</para>
--- a/Shorewall6/manpages/shorewall6.conf.xml
+++ b/Shorewall6/manpages/shorewall6.conf.xml
@ -73,6 +73,20 @@
    and can be configured to log all Shorewall6 message to their own log
    file</para>

+    <note>
+      <para>If you want to specify parameters to ULOG or NFLOG (e.g.,
+      NFLOG(1,0,1)), then you must either quote the setting or you must escape
+      the parentheses.</para>
+
+      <para>Examples:</para>
+
+      <programlisting>MACLIST_LOG_LEVEL="NFLOG(1,0,1)"</programlisting>
+
+      <para>or</para>
+
+      <programlisting>MACLIST_LOG_LEVEL=NFLOG\(1,0,1\)</programlisting>
+    </note>
+
    <para>The following options may be set in shorewall6.conf.</para>

    <variablelist>
--- a/docs/UPnP.xml
+++ b/docs/UPnP.xml
@ -22,6 +22,8 @@

      <year>2010</year>

+      <year>2013</year>
+
      <holder>Thomas M. Eastep</holder>
    </copyright>

@ -120,6 +122,14 @@ forwardUPnP        net     loc</programlisting>
      <para>Shorewall versions prior to 4.4.10 do not retain the dynamic rules
      added by linux-idg over a <command>shorewall restart</command>.</para>
    </caution>
+
+    <para>If your firewall-&gt;loc policy is not ACCEPT, then you also need to
+    allow UDP traffic from the fireawll to the local zone.</para>
+
+    <programlisting>ACCEPT      $FW          loc        udp            -         &lt;<replaceable>dynamic port range</replaceable>&gt;</programlisting>
+
+    <para>The dynamic port range is obtained by <emphasis role="bold">cat
+    /proc/sys/net/ip_local_port_range</emphasis>.</para>
  </section>

  <section>