"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "manpages/shorewall-secmarks.xml" between
shorewall-docs-xml-5.2.3.6.tar.bz2 and shorewall-docs-xml-5.2.6.tar.bz2

About: Shorewall (The Shoreline Firewall) is an iptables based firewall (documentation; XML)

shorewall-secmarks.xml  (shorewall-docs-xml-5.2.3.6.tar.bz2)	:	shorewall-secmarks.xml  (shorewall-docs-xml-5.2.6.tar.bz2)
skipping to change at line 30		skipping to change at line 30
<cmdsynopsis>		<cmdsynopsis>
<command>/etc/shorewall[6]/secmarks</command>		<command>/etc/shorewall[6]/secmarks</command>
</cmdsynopsis>		</cmdsynopsis>
</refsynopsisdiv>		</refsynopsisdiv>
<refsect1>		<refsect1>
<title>Description</title>		<title>Description</title>
<important>		<important>
<para>Unlike rules in the <ulink		<para>Unlike rules in the <ulink
url="/manpages/shorewall-rules.html">shorewall-rules</ulink>(5) file,		url="shorewall-rules.html">shorewall-rules</ulink>(5) file,
evaluation of rules in this file will continue after a match. So the		evaluation of rules in this file will continue after a match. So the
final secmark for each packet will be the one assigned by the LAST rule		final secmark for each packet will be the one assigned by the LAST rule
that matches.</para>		that matches.</para>
</important>		</important>
<para>The secmarks file is used to associate an SELinux context with		<para>The secmarks file is used to associate an SELinux context with
packets. It was added in Shorewall version 4.4.13.</para>		packets. It was added in Shorewall version 4.4.13.</para>
<para>The columns in the file are as follows (where the column name is		<para>The columns in the file are as follows (where the column name is
followed by a different name in parentheses, the different name is used in		followed by a different name in parentheses, the different name is used in
skipping to change at line 184		skipping to change at line 184
</listitem>		</listitem>
</orderedlist>		</orderedlist>
<para>MAC addresses must be prefixed with "~" and use "-" as a		<para>MAC addresses must be prefixed with "~" and use "-" as a
separator.</para>		separator.</para>
<para>Example: ~00-A0-C9-15-39-78</para>		<para>Example: ~00-A0-C9-15-39-78</para>
<para>You may exclude certain hosts from the set already defined		<para>You may exclude certain hosts from the set already defined
through use of an <emphasis>exclusion</emphasis> (see <ulink		through use of an <emphasis>exclusion</emphasis> (see <ulink
url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>(5 )).</para>		url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para>
<para>Addresses may be specified using an ipset name preceded by		<para>Addresses may be specified using an ipset name preceded by
'+'.</para>		'+'.</para>
</listitem>		</listitem>
</varlistentry>		</varlistentry>
<varlistentry>		<varlistentry>
<term><emphasis role="bold">DEST</emphasis> - {<emphasis		<term><emphasis role="bold">DEST</emphasis> - {<emphasis
role="bold">-</emphasis>|{<emphasis>interface</emphasis>|[<emphasis>inte rface</emphasis>:]<emphasis>address-or-range</emphasis>[<emphasis		role="bold">-</emphasis>|{<emphasis>interface</emphasis>|[<emphasis>inte rface</emphasis>:]<emphasis>address-or-range</emphasis>[<emphasis
role="bold">,</emphasis><emphasis>address-or-range</emphasis>]...}[<emph asis>exclusion</emphasis>]</term>		role="bold">,</emphasis><emphasis>address-or-range</emphasis>]...}[<emph asis>exclusion</emphasis>]</term>
skipping to change at line 215		skipping to change at line 215
<listitem>		<listitem>
<para>A comma-separated list of host or network IP addresses.		<para>A comma-separated list of host or network IP addresses.
The list may include ip address ranges if your kernel and		The list may include ip address ranges if your kernel and
iptables include iprange support.</para>		iptables include iprange support.</para>
</listitem>		</listitem>
</orderedlist>		</orderedlist>
<para>You may exclude certain hosts from the set already defined		<para>You may exclude certain hosts from the set already defined
through use of an <emphasis>exclusion</emphasis> (see <ulink		through use of an <emphasis>exclusion</emphasis> (see <ulink
url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>(5 )).</para>		url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para>
<para>Addresses may be specified using an ipset name preceded by		<para>Addresses may be specified using an ipset name preceded by
'+'.</para>		'+'.</para>
</listitem>		</listitem>
</varlistentry>		</varlistentry>
<varlistentry>		<varlistentry>
<term><emphasis role="bold">PROTO</emphasis> - {<emphasis		<term><emphasis role="bold">PROTO</emphasis> - {<emphasis
role="bold">-</emphasis>|<emphasis		role="bold">-</emphasis>|<emphasis
role="bold">tcp:syn</emphasis>|<emphasis		role="bold">tcp:syn</emphasis>|<emphasis
skipping to change at line 254		skipping to change at line 254
role="bold">,</emphasis><emphasis>port-name-number-or-range</emphasis>]. ..]</term>		role="bold">,</emphasis><emphasis>port-name-number-or-range</emphasis>]. ..]</term>
<listitem>		<listitem>
<para>Optional destination Ports. A comma-separated list of Port		<para>Optional destination Ports. A comma-separated list of Port
names (from services(5)), <emphasis>port number</emphasis>s or		names (from services(5)), <emphasis>port number</emphasis>s or
<emphasis>port range</emphasis>s; if the protocol is <emphasis		<emphasis>port range</emphasis>s; if the protocol is <emphasis
role="bold">icmp</emphasis>, this column is interpreted as the		role="bold">icmp</emphasis>, this column is interpreted as the
destination icmp-type(s). ICMP types may be specified as a numeric		destination icmp-type(s). ICMP types may be specified as a numeric
type, a numeric type and code separated by a slash (e.g., 3/4), or a		type, a numeric type and code separated by a slash (e.g., 3/4), or a
typename. See <ulink		typename. See <ulink
url="/configuration_file_basics.htm#ICMP">http://www.shorewall.net/con figuration_file_basics.htm#ICMP</ulink>.</para>		url="../configuration_file_basics.htm#ICMP">https://shorewall.org/conf iguration_file_basics.htm#ICMP</ulink>.</para>
<para>If the protocol is <emphasis role="bold">ipp2p</emphasis>,		<para>If the protocol is <emphasis role="bold">ipp2p</emphasis>,
this column is interpreted as an ipp2p option without the leading		this column is interpreted as an ipp2p option without the leading
"--" (example <emphasis role="bold">bit</emphasis> for bit-torrent).		"--" (example <emphasis role="bold">bit</emphasis> for bit-torrent).
If no PORT is given, <emphasis role="bold">ipp2p</emphasis> is		If no PORT is given, <emphasis role="bold">ipp2p</emphasis> is
assumed.</para>		assumed.</para>
<para>This column is ignored if PROTOCOL = all but must be entered		<para>This column is ignored if PROTOCOL = all but must be entered
if any of the following field is supplied. In that case, it is		if any of the following field is supplied. In that case, it is
suggested that this field contain "-"</para>		suggested that this field contain "-"</para>
skipping to change at line 418		skipping to change at line 418
<para>/etc/shorewall6/secmarks</para>		<para>/etc/shorewall6/secmarks</para>
</refsect1>		</refsect1>
<refsect1>		<refsect1>
<title>See ALSO</title>		<title>See ALSO</title>
<para><ulink		<para><ulink
url="http://james-morris.livejournal.com/11010.html">http://james-morris.liv ejournal.com/11010.html</ulink></para>		url="http://james-morris.livejournal.com/11010.html">http://james-morris.liv ejournal.com/11010.html</ulink></para>
<para><ulink		<para><ulink
url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configur ation_file_basics.htm#Pairs</ulink></para>		url="../configuration_file_basics.htm#Pairs">https://shorewall.org/configura tion_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8)</para>		<para>shorewall(8)</para>
</refsect1>		</refsect1>
</refentry>		</refentry>
End of changes. 5 change blocks.
5 lines changed or deleted		5 lines changed or added

---