"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "doc/ferm.pod" between
ferm-2.5.tar.xz and ferm-2.5.1.tar.xz

About: ferm is a tool to maintain and setup complicated firewall rules.

ferm.pod  (ferm-2.5.tar.xz):ferm.pod  (ferm-2.5.1.tar.xz)
skipping to change at line 664 skipping to change at line 664
(see L<tc(8)>), or as a decimal, so those two rules are equivalent. (see L<tc(8)>), or as a decimal, so those two rules are equivalent.
=item B<comment> =item B<comment>
Adds a comment of up to 256 characters to a rule, without an effect. Adds a comment of up to 256 characters to a rule, without an effect.
Note that unlike ferm comments ('#'), this one will show up in Note that unlike ferm comments ('#'), this one will show up in
"iptables -L". "iptables -L".
mod comment comment "This is my comment." ACCEPT; mod comment comment "This is my comment." ACCEPT;
The "mod comment" can be omitted, because ferm inserts it
automatically.
=item B<condition> =item B<condition>
Matches if a value in /proc/net/ipt_condition/NAME is 1 (path is Matches if a value in /proc/net/ipt_condition/NAME is 1 (path is
/proc/net/ip6t_condition/NAME for the ip6 domain). /proc/net/ip6t_condition/NAME for the ip6 domain).
mod condition condition (abc def) ACCEPT; mod condition condition (abc def) ACCEPT;
mod condition condition !foo ACCEPT; mod condition condition !foo ACCEPT;
=item B<connbytes> =item B<connbytes>
skipping to change at line 936 skipping to change at line 939
=item B<multiport> =item B<multiport>
Match a set of source or destination ports (UDP and TCP only). Match a set of source or destination ports (UDP and TCP only).
mod multiport source-ports (https ftp); mod multiport source-ports (https ftp);
mod multiport destination-ports (mysql domain); mod multiport destination-ports (mysql domain);
This rule has a big advantage over "dport" and "sport": it generates This rule has a big advantage over "dport" and "sport": it generates
only one rule for up to 15 ports instead of one rule for every port. only one rule for up to 15 ports instead of one rule for every port.
As a shortcut, you can use "sports" and "dports" (without "mod
multiport"):
sports (https ftp);
dports (mysql domain);
=item B<nth> =item B<nth>
Match every 'n'th packet. Match every 'n'th packet.
mod nth every 3; mod nth every 3;
mod nth counter 5 every 2; mod nth counter 5 every 2;
mod nth start 2 every 3; mod nth start 2 every 3;
mod nth start 5 packet 2 every 6; mod nth start 5 packet 2 every 6;
Type "iptables -m nth -h" for details. Type "iptables -m nth -h" for details.
 End of changes. 2 change blocks. 
0 lines changed or deleted 9 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)