forked from extern/shorewall_code
f407068d20
Signed-off-by: Tom Eastep <teastep@shorewall.net>
137 lines
4.5 KiB
XML
137 lines
4.5 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
|
|
<refentry>
|
|
<refmeta>
|
|
<refentrytitle>shorewall-actions</refentrytitle>
|
|
|
|
<manvolnum>5</manvolnum>
|
|
</refmeta>
|
|
|
|
<refnamediv>
|
|
<refname>actions</refname>
|
|
|
|
<refpurpose>Shorewall action declaration file</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv>
|
|
<cmdsynopsis>
|
|
<command>/etc/shorewall/actions</command>
|
|
</cmdsynopsis>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1>
|
|
<title>Description</title>
|
|
|
|
<para>This file allows you to define new ACTIONS for use in rules (see
|
|
<ulink url="shorewall-rules.html">shorewall-rules(5)</ulink>). You define
|
|
the iptables rules to be performed in an ACTION in
|
|
/etc/shorewall/action.<emphasis>action-name</emphasis>.</para>
|
|
|
|
<para>Columns are:</para>
|
|
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term>NAME</term>
|
|
|
|
<listitem>
|
|
<para>The name of the action. ACTION names should begin with an
|
|
upper-case letter to distinguish them from Shorewall-generated chain
|
|
names and be composed of letters, digits or numbers. If you intend
|
|
to log from the action then the name must be no longer than 11
|
|
characters in length if you use the standard LOGFORMAT.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>OPTIONS</term>
|
|
|
|
<listitem>
|
|
<para>Added in Shorewall 4.5.10. Available options are:</para>
|
|
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term>inline</term>
|
|
|
|
<listitem>
|
|
<para>Causes the action body (defined in
|
|
action.<replaceable>action-name</replaceable>) to be expanded
|
|
in-line like a macro rather than in its own chain. You can
|
|
list Shorewall Standard Actions in this file to specify the
|
|
<option>inline</option> option.</para>
|
|
|
|
<caution>
|
|
<para>Some of the Shorewall standard actions cannot be used
|
|
in-line and will generate a warning and the compiler will
|
|
ignore <option>inline</option> if you try to use them that
|
|
way:</para>
|
|
|
|
<simplelist>
|
|
<member>Broadcast</member>
|
|
|
|
<member>DropSmurfs</member>
|
|
|
|
<member>Invalid (Prior to Shorewall 4.5.13)</member>
|
|
|
|
<member>NotSyn (Prior to Shorewall 4.5.13)</member>
|
|
|
|
<member>RST (Prior to Shorewall 4.5.13)</member>
|
|
|
|
<member>TCPFlags</member>
|
|
</simplelist>
|
|
</caution>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>noinline</term>
|
|
|
|
<listitem>
|
|
<para>Causes any later <option>inline</option> option for the
|
|
same action to be ignored with a warning.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>nolog</term>
|
|
|
|
<listitem>
|
|
<para>Added in Shorewall 4.5.11. When this option is
|
|
specified, the compiler does not automatically apply the log
|
|
level and/or tag from the invocation of the action to all
|
|
rules inside of the action. Rather, it simply sets the
|
|
$_loglevel and $_logtag shell variables which can be used
|
|
within the action body to apply those logging options only to
|
|
a subset of the rules.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>FILES</title>
|
|
|
|
<para>/etc/shorewall/actions</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>See ALSO</title>
|
|
|
|
<para><ulink
|
|
url="http://shorewall.net/Actions.html">http://shorewall.net/Actions.html</ulink></para>
|
|
|
|
<para>shorewall(8), shorewall-accounting(5), shorewall-blacklist(5),
|
|
shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5),
|
|
shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
|
|
shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
|
|
shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5),
|
|
shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
|
|
shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
|
|
shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
|
|
shorewall-zones(5)</para>
|
|
</refsect1>
|
|
</refentry>
|