"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "manpages/shorewall-interfaces.xml" between
shorewall-docs-xml-5.2.3.6.tar.bz2 and shorewall-docs-xml-5.2.6.tar.bz2

About: Shorewall (The Shoreline Firewall) is an iptables based firewall (documentation; XML)

shorewall-interfaces.xml  (shorewall-docs-xml-5.2.3.6.tar.bz2):shorewall-interfaces.xml  (shorewall-docs-xml-5.2.6.tar.bz2)
skipping to change at line 73 skipping to change at line 73
<varlistentry> <varlistentry>
<term><emphasis role="bold">ZONE</emphasis> - <term><emphasis role="bold">ZONE</emphasis> -
<emphasis>zone-name</emphasis></term> <emphasis>zone-name</emphasis></term>
<listitem> <listitem>
<para>Zone for this interface. Must match the name of a zone <para>Zone for this interface. Must match the name of a zone
declared in /etc/shorewall/zones. You may not list the firewall zone declared in /etc/shorewall/zones. You may not list the firewall zone
in this column.</para> in this column.</para>
<para>If the interface serves multiple zones that will be defined in <para>If the interface serves multiple zones that will be defined in
the <ulink the <ulink url="shorewall-hosts.html">shorewall-hosts</ulink>(5)
url="/manpages/shorewall-hosts.html">shorewall-hosts</ulink>(5)
file, you should place "-" in this column.</para> file, you should place "-" in this column.</para>
<para>If there are multiple interfaces to the same zone, you must <para>If there are multiple interfaces to the same zone, you must
list them in separate entries.</para> list them in separate entries.</para>
<para>Example:</para> <para>Example:</para>
<blockquote> <blockquote>
<programlisting>#ZONE INTERFACE BROADCAST <programlisting>#ZONE INTERFACE BROADCAST
loc eth1 - loc eth1 -
skipping to change at line 100 skipping to change at line 99
<varlistentry> <varlistentry>
<term><emphasis role="bold">INTERFACE</emphasis> - <term><emphasis role="bold">INTERFACE</emphasis> -
<emphasis>interface</emphasis><emphasis <emphasis>interface</emphasis><emphasis
role="bold">[:</emphasis><emphasis>port</emphasis><emphasis role="bold">[:</emphasis><emphasis>port</emphasis><emphasis
role="bold">]</emphasis></term> role="bold">]</emphasis></term>
<listitem> <listitem>
<para>Logical name of interface. Each interface may be listed only <para>Logical name of interface. Each interface may be listed only
once in this file. You may NOT specify the name of a "virtual" once in this file. You may NOT specify the name of a "virtual"
interface (e.g., eth0:0) here; see <ulink interface (e.g., eth0:0) here; see <ulink
url="/FAQ.htm#faq18">http://www.shorewall.net/FAQ.htm#faq18</ulink>. url="../FAQ.htm#faq18">https://shorewall.org/FAQ.htm#faq18</ulink>.
If the <option>physical</option> option is not specified, then the If the <option>physical</option> option is not specified, then the
logical name is also the name of the actual interface.</para> logical name is also the name of the actual interface.</para>
<para>You may use wildcards here by specifying a prefix followed by <para>You may use wildcards here by specifying a prefix followed by
the plus sign ("+"). For example, if you want to make an entry that the plus sign ("+"). For example, if you want to make an entry that
applies to all PPP interfaces, use 'ppp+'; that would match ppp0, applies to all PPP interfaces, use 'ppp+'; that would match ppp0,
ppp1, ppp2, …</para> ppp1, ppp2, …</para>
<para>When using Shorewall versions before 4.1.4, care must be <para>When using Shorewall versions before 4.1.4, care must be
exercised when using wildcards where there is another zone that uses exercised when using wildcards where there is another zone that uses
a matching specific interface. See <ulink a matching specific interface. See <ulink
url="/manpages/shorewall-nesting.html">shorewall-nesting</ulink>(5) url="shorewall-nesting.html">shorewall-nesting</ulink>(5) for a
for a discussion of this problem.</para> discussion of this problem.</para>
<para>Shorewall allows '+' as an interface name, but that usage is <para>Shorewall allows '+' as an interface name, but that usage is
deprecated. A better approach is to specify deprecated. A better approach is to specify
'<option>physical</option>=+' in the OPTIONS column (see '<option>physical</option>=+' in the OPTIONS column (see
below).</para> below).</para>
<para>There is no need to define the loopback interface (lo) in this <para>There is no need to define the loopback interface (lo) in this
file.</para> file.</para>
<para>If a <replaceable>port</replaceable> is given, then the <para>If a <replaceable>port</replaceable> is given, then the
skipping to change at line 158 skipping to change at line 157
<member>sourceroute</member> <member>sourceroute</member>
<member>upnp</member> <member>upnp</member>
<member>wait</member> <member>wait</member>
</simplelist> </simplelist>
<para>Beginning with Shorewall 4.5.17, if you specify a zone for the <para>Beginning with Shorewall 4.5.17, if you specify a zone for the
'lo' interface, then that zone must be defined as type 'lo' interface, then that zone must be defined as type
<option>local</option> in <ulink <option>local</option> in <ulink
url="/manpages/shorewall-zones.html">shorewall6-zones</ulink>(5).</par a> url="shorewall-zones.html">shorewall6-zones</ulink>(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">BROADCAST</emphasis> (Optional) - <term><emphasis role="bold">BROADCAST</emphasis> (Optional) -
{<emphasis role="bold">-</emphasis>|<emphasis {<emphasis role="bold">-</emphasis>|<emphasis
role="bold">detect</emphasis>|<emphasis>address</emphasis>[,<emphasis>ad dress</emphasis>]...}</term> role="bold">detect</emphasis>|<emphasis>address</emphasis>[,<emphasis>ad dress</emphasis>]...}</term>
<listitem> <listitem>
<para>Only available if FORMAT 1.</para> <para>Only available if FORMAT 1.</para>
skipping to change at line 308 skipping to change at line 307
<para>This option does not work with a wild-card <emphasis <para>This option does not work with a wild-card <emphasis
role="bold">physical</emphasis> name (e.g., eth0.+). role="bold">physical</emphasis> name (e.g., eth0.+).
Beginning with Shorewall 5.1.10, If this option is Beginning with Shorewall 5.1.10, If this option is
specified, a warning is issued and the option is specified, a warning is issued and the option is
ignored.</para> ignored.</para>
</note> </note>
<warning> <warning>
<para>Do not specify <emphasis <para>Do not specify <emphasis
role="bold">arp_ignore</emphasis> for any interface involved role="bold">arp_ignore</emphasis> for any interface involved
in <ulink url="/ProxyARP.htm">Proxy ARP</ulink>.</para> in <ulink url="../ProxyARP.htm">Proxy ARP</ulink>.</para>
</warning> </warning>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">blacklist</emphasis></term> <term><emphasis role="bold">blacklist</emphasis></term>
<listitem> <listitem>
<para>Checks packets arriving on this interface against the <para>Checks packets arriving on this interface against the
<ulink <ulink
url="/manpages/shorewall-blacklist.html">shorewall-blacklist</ul ink>(5) url="shorewall-blacklist.html">shorewall-blacklist</ulink>(5)
file.</para> file.</para>
<para>Beginning with Shorewall 4.4.13:</para> <para>Beginning with Shorewall 4.4.13:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>If a <replaceable>zone</replaceable> is given in the <para>If a <replaceable>zone</replaceable> is given in the
ZONES column, then the behavior is as if <emphasis ZONES column, then the behavior is as if <emphasis
role="bold">blacklist</emphasis> had been specified in the role="bold">blacklist</emphasis> had been specified in the
IN_OPTIONS column of <ulink IN_OPTIONS column of <ulink
url="/manpages/shorewall-zones.html">shorewall-zones</ulink> (5).</para> url="shorewall-zones.html">shorewall-zones</ulink>(5).</para >
</listitem> </listitem>
<listitem> <listitem>
<para>Otherwise, the option is ignored with a <para>Otherwise, the option is ignored with a
warning:</para> warning:</para>
<blockquote> <blockquote>
<para><emphasis role="bold">WARNING: The 'blacklist' <para><emphasis role="bold">WARNING: The 'blacklist'
option is ignored on multi-zone option is ignored on multi-zone
interfaces</emphasis></para> interfaces</emphasis></para>
skipping to change at line 373 skipping to change at line 372
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">dbl={none|src|dst|src-dst}</emphasis></term> role="bold">dbl={none|src|dst|src-dst}</emphasis></term>
<listitem> <listitem>
<para>Added in Shorewall 5.0.10. This option defined whether <para>Added in Shorewall 5.0.10. This option defined whether
or not dynamic blacklisting is applied to packets entering the or not dynamic blacklisting is applied to packets entering the
firewall through this interface and whether the source address firewall through this interface and whether the source address
and/or destination address is to be compared against the and/or destination address is to be compared against the
ipset-based dynamic blacklist (DYNAMIC_BLACKLIST=ipset... in ipset-based dynamic blacklist (DYNAMIC_BLACKLIST=ipset... in
<ulink <ulink url="shorewall.conf.html">shorewall.conf(5)</ulink>).
url="/manpages/shorewall.conf.html">shorewall.conf(5)</ulink>).
The default is determine by the setting of The default is determine by the setting of
DYNAMIC_BLACKLIST:</para> DYNAMIC_BLACKLIST:</para>
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term>DYNAMIC_BLACKLIST=No</term> <term>DYNAMIC_BLACKLIST=No</term>
<listitem> <listitem>
<para>Default is <emphasis role="bold">none</emphasis> <para>Default is <emphasis role="bold">none</emphasis>
(e.g., no dynamic blacklist checking).</para> (e.g., no dynamic blacklist checking).</para>
skipping to change at line 462 skipping to change at line 460
the firewall</para> the firewall</para>
</listitem> </listitem>
<listitem> <listitem>
<para>the interface has a static IP but is on a LAN <para>the interface has a static IP but is on a LAN
segment with lots of DHCP clients.</para> segment with lots of DHCP clients.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>the interface is a <ulink <para>the interface is a <ulink
url="/SimpleBridge.html">simple bridge</ulink> with a DHCP url="../SimpleBridge.html">simple bridge</ulink> with a
server on one port and DHCP clients on another DHCP server on one port and DHCP clients on another
port.</para> port.</para>
<note> <note>
<para>If you use <ulink <para>If you use <ulink
url="/bridge-Shorewall-perl.html">Shorewall-perl for url="../bridge-Shorewall-perl.html">Shorewall-perl for
firewall/bridging</ulink>, then you need to include firewall/bridging</ulink>, then you need to include
DHCP-specific rules in <ulink DHCP-specific rules in <ulink
url="/manpages/shorewall-rules.html">shorewall-rules</ulin k>(5). url="shorewall-rules.html">shorewall-rules</ulink>(5).
DHCP uses UDP ports 67 and 68.</para> DHCP uses UDP ports 67 and 68.</para>
</note> </note>
</listitem> </listitem>
</orderedlist> </orderedlist>
<para>This option allows DHCP datagrams to enter and leave the <para>This option allows DHCP datagrams to enter and leave the
interface.</para> interface.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
skipping to change at line 576 skipping to change at line 574
<note> <note>
<para>This option does not work with a wild-card <emphasis <para>This option does not work with a wild-card <emphasis
role="bold">physical</emphasis> name (e.g., eth0.+). role="bold">physical</emphasis> name (e.g., eth0.+).
Beginning with Shorewall 5.1.10, If this option is Beginning with Shorewall 5.1.10, If this option is
specified, a warning is issued and the option is specified, a warning is issued and the option is
ignored.</para> ignored.</para>
</note> </note>
<blockquote> <blockquote>
<para>This option may also be enabled globally in the <ulink <para>This option may also be enabled globally in the <ulink
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) url="shorewall.conf.html">shorewall.conf</ulink>(5)
file.</para> file.</para>
</blockquote> </blockquote>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">maclist</emphasis></term> <term><emphasis role="bold">maclist</emphasis></term>
<listitem> <listitem>
<para>Connection requests from this interface are compared <para>Connection requests from this interface are compared
against the contents of <ulink against the contents of <ulink
url="/manpages/shorewall-maclist.html">shorewall-maclist</ulink> url="shorewall-maclist.html">shorewall-maclist</ulink>(5). If
(5). this option is specified, the interface must be an Ethernet
If this option is specified, the interface must be an Ethernet
NIC and must be up before Shorewall is started.</para> NIC and must be up before Shorewall is started.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold"><emphasis <term><emphasis role="bold"><emphasis
role="bold">mss</emphasis>=</emphasis><emphasis>number</emphasis>< /term> role="bold">mss</emphasis>=</emphasis><emphasis>number</emphasis>< /term>
<listitem> <listitem>
<para>Added in Shorewall 4.0.3. Causes forwarded TCP SYN <para>Added in Shorewall 4.0.3. Causes forwarded TCP SYN
skipping to change at line 627 skipping to change at line 625
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">nets=dynamic</emphasis></term> <term><emphasis role="bold">nets=dynamic</emphasis></term>
<listitem> <listitem>
<para>Defines the zone as <firstterm>dynamic</firstterm>. <para>Defines the zone as <firstterm>dynamic</firstterm>.
Requires ipset match support in your iptables and kernel. See Requires ipset match support in your iptables and kernel. See
<ulink <ulink
url="/Dynamic.html">http://www.shorewall.net/Dynamic.html</ulink > url="../Dynamic.html">https://shorewall.org/Dynamic.html</ulink>
for further information.</para> for further information.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">nodbl</emphasis></term> <term><emphasis role="bold">nodbl</emphasis></term>
<listitem> <listitem>
<para>Added in Shorewall 5.0.8. When specified, dynamic <para>Added in Shorewall 5.0.8. When specified, dynamic
blacklisting is disabled on the interface. Beginning with blacklisting is disabled on the interface. Beginning with
skipping to change at line 653 skipping to change at line 651
<varlistentry> <varlistentry>
<term><emphasis role="bold">nosmurfs</emphasis></term> <term><emphasis role="bold">nosmurfs</emphasis></term>
<listitem> <listitem>
<para>IPv4 only. Filter packets for smurfs (packets with a <para>IPv4 only. Filter packets for smurfs (packets with a
broadcast address as the source).</para> broadcast address as the source).</para>
<para>Smurfs will be optionally logged based on the setting of <para>Smurfs will be optionally logged based on the setting of
SMURF_LOG_LEVEL in <ulink SMURF_LOG_LEVEL in <ulink
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). url="shorewall.conf.html">shorewall.conf</ulink>(5). After
After logging, the packets are dropped.</para> logging, the packets are dropped.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">optional</emphasis></term> <term><emphasis role="bold">optional</emphasis></term>
<listitem> <listitem>
<para>This option indicates that the firewall should be able
to start, even if the interface is not usable for handling
traffic. It allows use of the <command>enable</command> and
<command>disable</command> commands on the interface.</para>
<para>When <option>optional</option> is specified for an <para>When <option>optional</option> is specified for an
interface, Shorewall will be silent when:</para> interface, Shorewall will be silent when:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>a <filename <para>a <filename
class="directory">/proc/sys/net/ipv[46]/conf/</filename> class="directory">/proc/sys/net/ipv[46]/conf/</filename>
entry for the interface cannot be modified (including for entry for the interface cannot be modified (including for
proxy ARP or proxy NDP).</para> proxy ARP or proxy NDP).</para>
</listitem> </listitem>
<listitem> <listitem>
<para>The first address of the interface cannot be <para>The first address of the interface cannot be
obtained.</para> obtained.</para>
</listitem> </listitem>
<listitem>
<para>The gateway of the interface can not be obtained
(provider interface).</para>
</listitem>
<listitem>
<para>The interface has been disabled using the
<command>disable</command> command.</para>
</listitem>
</itemizedlist> </itemizedlist>
<para>May not be specified with <emphasis <para>May not be specified with <emphasis
role="bold">required</emphasis>.</para> role="bold">required</emphasis>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">physical</emphasis>=<emphasis <term><emphasis role="bold">physical</emphasis>=<emphasis
role="bold"><emphasis>name</emphasis></emphasis></term> role="bold"><emphasis>name</emphasis></emphasis></term>
<listitem> <listitem>
<para>Added in Shorewall 4.4.4. When specified, the interface <para>Added in Shorewall 4.4.4. When specified, the interface
or port name in the INTERFACE column is a logical name that or port name in the INTERFACE column is a logical name that
refers to the name given in this option. It is useful when you refers to the name given in this option. It is useful when you
want to specify the same wildcard port name on two or more want to specify the same wildcard port name on two or more
bridges. See <ulink bridges. See <ulink
url="/bridge-Shorewall-perl.html#Multiple">http://www.shorewall. net/bridge-Shorewall-perl.html#Multiple</ulink>.</para> url="../bridge-Shorewall-perl.html#Multiple">https://shorewall.o rg/bridge-Shorewall-perl.html#Multiple</ulink>.</para>
<para>If the <emphasis>interface</emphasis> name is a wildcard <para>If the <emphasis>interface</emphasis> name is a wildcard
name (ends with '+'), then the physical name (ends with '+'), then the physical
<emphasis>name</emphasis> must also end in '+'. The physical <emphasis>name</emphasis> must also end in '+'. The physical
<replaceable>name</replaceable> may end in '+' (or be exactly <replaceable>name</replaceable> may end in '+' (or be exactly
'+') when the <replaceable>interface</replaceable> name is not '+') when the <replaceable>interface</replaceable> name is not
a wildcard name.</para> a wildcard name.</para>
<para>If <option>physical</option> is not specified, then it's <para>If <option>physical</option> is not specified, then it's
value defaults to the <emphasis>interface</emphasis> value defaults to the <emphasis>interface</emphasis>
skipping to change at line 717 skipping to change at line 730
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">proxyarp[={0|1}]</emphasis></term> <term><emphasis role="bold">proxyarp[={0|1}]</emphasis></term>
<listitem> <listitem>
<para>IPv4 only. Sets <para>IPv4 only. Sets
/proc/sys/net/ipv4/conf/<emphasis>interface</emphasis>/proxy_arp . /proc/sys/net/ipv4/conf/<emphasis>interface</emphasis>/proxy_arp .
Do NOT use this option if you are employing Proxy ARP through Do NOT use this option if you are employing Proxy ARP through
entries in <ulink entries in <ulink
url="/manpages/shorewall-proxyarp.html">shorewall-proxyarp</ulin k>(5). url="shorewall-proxyarp.html">shorewall-proxyarp</ulink>(5).
This option is intended solely for use with Proxy ARP This option is intended solely for use with Proxy ARP
sub-networking as described at: <ulink sub-networking as described at: <ulink
url="http://tldp.org/HOWTO/Proxy-ARP-Subnet/index.html">http://t ldp.org/HOWTO/Proxy-ARP-Subnet/index.html. url="http://tldp.org/HOWTO/Proxy-ARP-Subnet/index.html">http://t ldp.org/HOWTO/Proxy-ARP-Subnet/index.html.
</ulink></para> </ulink></para>
<note> <note>
<para>This option does not work with a wild-card <emphasis <para>This option does not work with a wild-card <emphasis
role="bold">physical</emphasis> name (e.g., eth0.+). role="bold">physical</emphasis> name (e.g., eth0.+).
Beginning with Shorewall 5.1.10, If this option is Beginning with Shorewall 5.1.10, If this option is
specified, a warning is issued and the option is specified, a warning is issued and the option is
skipping to change at line 824 skipping to change at line 837
<note> <note>
<para>This option does not work with a wild-card <emphasis <para>This option does not work with a wild-card <emphasis
role="bold">physical</emphasis> name (e.g., eth0.+). role="bold">physical</emphasis> name (e.g., eth0.+).
Beginning with Shorewall 5.1.10, If this option is Beginning with Shorewall 5.1.10, If this option is
specified, a warning is issued and the option is specified, a warning is issued and the option is
ignored.</para> ignored.</para>
</note> </note>
<para>This option can also be enabled globally via the <para>This option can also be enabled globally via the
ROUTE_FILTER option in the <ulink ROUTE_FILTER option in the <ulink
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) url="shorewall.conf.html">shorewall.conf</ulink>(5)
file.</para> file.</para>
<important> <important>
<para>If ROUTE_FILTER=Yes in <ulink <para>If ROUTE_FILTER=Yes in <ulink
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5), url="shorewall.conf.html">shorewall.conf</ulink>(5), or if
or if your distribution sets net.ipv4.conf.all.rp_filter=1 your distribution sets net.ipv4.conf.all.rp_filter=1 in
in <filename>/etc/sysctl.conf</filename>, then setting <filename>/etc/sysctl.conf</filename>, then setting
<emphasis role="bold">routefilter</emphasis>=0 in an <emphasis role="bold">routefilter</emphasis>=0 in an
<replaceable>interface</replaceable> entry will not disable <replaceable>interface</replaceable> entry will not disable
route filtering on that route filtering on that
<replaceable>interface</replaceable>! The effective setting <replaceable>interface</replaceable>! The effective setting
for an <replaceable>interface</replaceable> is the maximum for an <replaceable>interface</replaceable> is the maximum
of the contents of of the contents of
<filename>/proc/sys/net/ipv4/conf/all/rp_filter</filename> <filename>/proc/sys/net/ipv4/conf/all/rp_filter</filename>
and the routefilter setting specified in this file and the routefilter setting specified in this file
(/proc/sys/net/ipv4/conf/<replaceable>interface</replaceable>/ rp_filter).</para> (/proc/sys/net/ipv4/conf/<replaceable>interface</replaceable>/ rp_filter).</para>
</important> </important>
<note> <note>
<para>There are certain cases where <para>There are certain cases where
<option>routefilter</option> cannot be used on an <option>routefilter</option> cannot be used on an
interface:</para> interface:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>If USE_DEFAULT_RT=Yes in <ulink <para>If USE_DEFAULT_RT=Yes in <ulink
url="/manpages/shorewall.conf.html">shorewall.conf</ulink> url="shorewall.conf.html">shorewall.conf</ulink>(5) and
(5) the interface is listed in <ulink
and the interface is listed in <ulink url="shorewall-providers.html">shorewall-providers</ulink>
url="/manpages/shorewall-providers.html">shorewall-provide (5).</para>
rs</ulink>(5).</para>
</listitem> </listitem>
<listitem> <listitem>
<para>If there is an entry for the interface in <ulink <para>If there is an entry for the interface in <ulink
url="/manpages/shorewall-providers.html">shorewall-provide rs</ulink>(5) url="shorewall-providers.html">shorewall-providers</ulink> (5)
that doesn't specify the <option>balance</option> that doesn't specify the <option>balance</option>
option.</para> option.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>If IPSEC is used to allow a road-warrior to have a <para>If IPSEC is used to allow a road-warrior to have a
local address, then any interface through which the local address, then any interface through which the
road-warrior might connect cannot specify road-warrior might connect cannot specify
<option>routefilter</option>.</para> <option>routefilter</option>.</para>
</listitem> </listitem>
skipping to change at line 1010 skipping to change at line 1023
</itemizedlist> </itemizedlist>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">upnp</emphasis></term> <term><emphasis role="bold">upnp</emphasis></term>
<listitem> <listitem>
<para>Incoming requests from this interface may be remapped <para>Incoming requests from this interface may be remapped
via UPNP (upnpd). See <ulink via UPNP (upnpd). See <ulink
url="/UPnP.html">http://www.shorewall.net/UPnP.html</ulink>. url="../UPnP.html">https://shorewall.org/UPnP.html</ulink>.
Supported in IPv4 and in IPv6 in Shorewall 5.1.4 and Supported in IPv4 and in IPv6 in Shorewall 5.1.4 and
later.</para> later.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">upnpclient</emphasis></term> <term><emphasis role="bold">upnpclient</emphasis></term>
<listitem> <listitem>
<para>This option is intended for laptop users who always run <para>This option is intended for laptop users who always run
skipping to change at line 1130 skipping to change at line 1143
<para>/etc/shorewall/interfaces</para> <para>/etc/shorewall/interfaces</para>
<para>/etc/shorewall6/interfaces</para> <para>/etc/shorewall6/interfaces</para>
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configur ation_file_basics.htm#Pairs</ulink></para> url="../configuration_file_basics.htm#Pairs">https://shorewall.org/configura tion_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8)</para> <para>shorewall(8)</para>
</refsect1> </refsect1>
</refentry> </refentry>
 End of changes. 25 change blocks. 
36 lines changed or deleted 47 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)