| shorewall-exclusion.xml (shorewall-docs-xml-5.2.3.6.tar.bz2) | : | shorewall-exclusion.xml (shorewall-docs-xml-5.2.6.tar.bz2) |
|---|
| | |
| skipping to change at line 53 | | skipping to change at line 53 |
|---|
| <para>No embedded white-space is allowed.</para> | | <para>No embedded white-space is allowed.</para> |
| | |
| <para>Exclusion can appear after a list of addresses and/or address | | <para>Exclusion can appear after a list of addresses and/or address |
| ranges. In that case, the final list of address is formed by taking the | | ranges. In that case, the final list of address is formed by taking the |
| first list and then removing the addresses defined in the | | first list and then removing the addresses defined in the |
| exclusion.</para> | | exclusion.</para> |
| | |
| <para>Beginning in Shorewall 4.4.13, the second form of exclusion is | | <para>Beginning in Shorewall 4.4.13, the second form of exclusion is |
| allowed after <emphasis role="bold">all</emphasis> and <emphasis | | allowed after <emphasis role="bold">all</emphasis> and <emphasis |
| role="bold">any</emphasis> in the SOURCE and DEST columns of <ulink | | role="bold">any</emphasis> in the SOURCE and DEST columns of <ulink |
|
| url="/manpages/shorewall-rules.html">shorewall-rules</ulink>(5). It allows | | url="shorewall-rules.html">shorewall-rules</ulink>(5). It allows |
| you to omit arbitrary zones from the list generated by those key | | you to omit arbitrary zones from the list generated by those key |
| words.</para> | | words.</para> |
| | |
| <warning> | | <warning> |
| <para>If you omit a sub-zone and there is an explicit or explicit | | <para>If you omit a sub-zone and there is an explicit or explicit |
| CONTINUE policy, a connection to/from that zone can still be matched by | | CONTINUE policy, a connection to/from that zone can still be matched by |
| the rule generated for a parent zone.</para> | | the rule generated for a parent zone.</para> |
| | |
| <para>For example:</para> | | <para>For example:</para> |
| | |
| | |
| skipping to change at line 93 | | skipping to change at line 93 |
|---|
| <para>In this case, SSH connections from <emphasis | | <para>In this case, SSH connections from <emphasis |
| role="bold">z2</emphasis> to <emphasis role="bold">net</emphasis> will | | role="bold">z2</emphasis> to <emphasis role="bold">net</emphasis> will |
| be accepted by the generated <emphasis role="bold">z1</emphasis> to | | be accepted by the generated <emphasis role="bold">z1</emphasis> to |
| net ACCEPT rule.</para> | | net ACCEPT rule.</para> |
| </blockquote> | | </blockquote> |
| </warning> | | </warning> |
| | |
| <para>In most contexts, ipset names can be used as an | | <para>In most contexts, ipset names can be used as an |
| <replaceable>address-or-range</replaceable>. Beginning with Shorewall | | <replaceable>address-or-range</replaceable>. Beginning with Shorewall |
| 4.4.14, ipset lists enclosed in +[...] may also be included (see <ulink | | 4.4.14, ipset lists enclosed in +[...] may also be included (see <ulink |
|
| url="/manpages/shorewall-ipsets.html">shorewall-ipsets</ulink> (5)). The | | url="shorewall-ipsets.html">shorewall-ipsets</ulink> (5)). The |
| semantics of these lists when used in an exclusion are as follows:</para> | | semantics of these lists when used in an exclusion are as follows:</para> |
| | |
| <itemizedlist> | | <itemizedlist> |
| <listitem> | | <listitem> |
| <para>!+[<replaceable>set1</replaceable>,<replaceable>set2</replaceable>
,...<replaceable>setN</replaceable>] | | <para>!+[<replaceable>set1</replaceable>,<replaceable>set2</replaceable>
,...<replaceable>setN</replaceable>] |
| produces a packet match if the packet does not match at least one of | | produces a packet match if the packet does not match at least one of |
| the sets. In other words, it is like NOT match | | the sets. In other words, it is like NOT match |
| <replaceable>set1</replaceable> OR NOT match | | <replaceable>set1</replaceable> OR NOT match |
| <replaceable>set2</replaceable> ... OR NOT match | | <replaceable>set2</replaceable> ... OR NOT match |
| <replaceable>setN</replaceable>.</para> | | <replaceable>setN</replaceable>.</para> |
| | | |
| End of changes. 2 change blocks. |
|---|
| 2 lines changed or deleted | | 2 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 