"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "doc/ferm.pod" between
ferm-2.5.1.tar.xz and ferm-2.6.tar.xz

About: ferm is a tool to maintain and setup complicated firewall rules.

ferm.pod  (ferm-2.5.1.tar.xz):ferm.pod  (ferm-2.6.tar.xz)
# #
# ferm pod manual file # ferm pod manual file
# #
# #
# ferm, a firewall setup program that makes firewall rules easy! # ferm, a firewall setup program that makes firewall rules easy!
# #
# Copyright 2001-2017 Max Kellermann, Auke Kok # Copyright 2001-2021 Max Kellermann, Auke Kok
# #
# Bug reports and patches for this program may be sent to the GitHub # Bug reports and patches for this program may be sent to the GitHub
# repository: L<https://github.com/MaxKellermann/ferm> # repository: L<https://github.com/MaxKellermann/ferm>
# #
# #
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or # the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version. # (at your option) any later version.
skipping to change at line 466 skipping to change at line 466
chain (foo bar) @preserve; chain (foo bar) @preserve;
With this option, B<ferm> loads the previous rule set using With this option, B<ferm> loads the previous rule set using
B<iptables-save>, extracts all "preserved" chains and inserts their B<iptables-save>, extracts all "preserved" chains and inserts their
data into the output. data into the output.
"Preserved" chains must not be modified with B<ferm>: no rules and no "Preserved" chains must not be modified with B<ferm>: no rules and no
policies. policies.
If the chain name starts and ends with a slash, B<ferm> will interpret it
as as Perl regular expression and preserve all matching chains. For example,
the following preserves all chains with the prefix KUBE-SEP-:
chain "/^KUBE-SEP-.*/" @preserve;
=back =back
=head2 Basic iptables match keywords =head2 Basic iptables match keywords
=over 8 =over 8
=item B<interface [interface-name]> =item B<interface [interface-name]>
Define the interface name, your outside network card, like eth0, Define the interface name, your outside network card, like eth0,
or dialup like ppp1, or whatever device you want to match for or dialup like ppp1, or whatever device you want to match for
skipping to change at line 1248 skipping to change at line 1254
=item B<CONNSECMARK> =item B<CONNSECMARK>
This module copies security markings from packets to connections (if This module copies security markings from packets to connections (if
unlabeled), and from connections back to packets (also only if unlabeled), and from connections back to packets (also only if
unlabeled). Typically used in conjunction with SECMARK, it is only unlabeled). Typically used in conjunction with SECMARK, it is only
valid in the mangle table. valid in the mangle table.
CONNSECMARK save; CONNSECMARK save;
CONNSECMARK restore; CONNSECMARK restore;
=item B<CT>
Set connection tracking parameters.
CT notrack;
CT helper ftp;
CT ctevents new,related;
CT expevents new;
CT zone 1;
CT zone mark;
CT zone-orig mark;
CT zone-reply mark;
CT timeout 180;
=item B<DNAT to [ip-address|ip-range|ip-port-range]> =item B<DNAT to [ip-address|ip-range|ip-port-range]>
Change the destination address of the packet. Change the destination address of the packet.
DNAT to 10.0.0.4; DNAT to 10.0.0.4;
DNAT to 10.0.0.4:80; DNAT to 10.0.0.4:80;
DNAT to 10.0.0.4:1024-2048; DNAT to 10.0.0.4:1024-2048;
DNAT to 10.0.1.1-10.0.1.20; DNAT to 10.0.1.1-10.0.1.20;
=item B<DNPT> =item B<DNPT>
skipping to change at line 1302 skipping to change at line 1322
IDLETIMER timeout 60 label "foo"; IDLETIMER timeout 60 label "foo";
=item B<IPV4OPTSSTRIP> =item B<IPV4OPTSSTRIP>
Strip all the IP options from a packet. This module does not take any Strip all the IP options from a packet. This module does not take any
options. options.
IPV4OPTSSTRIP; IPV4OPTSSTRIP;
=item B<JOOL>
Hands off packets for stateful NAT64 translation via JOOL. Target
requires JOOL to be installed on the system and the jool kernel module
to be loaded.
JOOL instance "foo";
=item B<JOOL_SIIT>
Hands off packets for Stateless IP/ICMP Translation (SIIT) via JOOL.
Target requires JOOL to be installed on the system and the jool_siit
kernel module to be loaded.
JOOL_SIIT instance "foo";
=item B<LED> =item B<LED>
This creates an LED-trigger that can then be attached to system This creates an LED-trigger that can then be attached to system
indicator lights, to blink or illuminate them when certain packets indicator lights, to blink or illuminate them when certain packets
pass through the system. pass through the system.
LED led-trigger-id "foo" led-delay 100 led-always-blink; LED led-trigger-id "foo" led-delay 100 led-always-blink;
=item B<LOG> =item B<LOG>
skipping to change at line 2038 skipping to change at line 2074
=head1 BUGS =head1 BUGS
Bugs? What bugs? Bugs? What bugs?
If you find a bug, please report it on GitHub: If you find a bug, please report it on GitHub:
L<https://github.com/MaxKellermann/ferm/issues> L<https://github.com/MaxKellermann/ferm/issues>
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2001-2017 Max Kellermann <max.kellermann@gmail.com>, Copyright 2001-2021 Max Kellermann <max.kellermann@gmail.com>,
Auke Kok <sofar@foo-projects.org> and various other contributors. Auke Kok <sofar@foo-projects.org> and various other contributors.
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at the Free Software Foundation; either version 2 of the License, or (at
your option) any later version. your option) any later version.
This program is distributed in the hope that it will be useful, but This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 End of changes. 5 change blocks. 
2 lines changed or deleted 38 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)