"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "manpages/shorewall-interfaces.xml" between
shorewall-docs-xml-5.2.7.tar.bz2 and shorewall-docs-xml-5.2.8.tar.bz2

About: Shorewall (The Shoreline Firewall) is an iptables based firewall (documentation; XML)

shorewall-interfaces.xml  (shorewall-docs-xml-5.2.7.tar.bz2):shorewall-interfaces.xml  (shorewall-docs-xml-5.2.8.tar.bz2)
skipping to change at line 657 skipping to change at line 657
broadcast address as the source).</para> broadcast address as the source).</para>
<para>Smurfs will be optionally logged based on the setting of <para>Smurfs will be optionally logged based on the setting of
SMURF_LOG_LEVEL in <ulink SMURF_LOG_LEVEL in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5). After url="shorewall.conf.html">shorewall.conf</ulink>(5). After
logging, the packets are dropped.</para> logging, the packets are dropped.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>omitanycast</term>
<listitem>
<para>IPv6 only. Added in Shorewall 5.2.8.</para>
<para>Shorewall6 has traditionally generated rules for IPv6
<emphasis>anycast</emphasis> addresses. These rules
include:</para>
<orderedlist numeration="loweralpha">
<listitem>
<para>Packets with these destination IP addresses are
dropped by REJECT rules.</para>
</listitem>
<listitem>
<para>Packets with these source IP addresses are dropped
by the 'nosmurfs' interface option and by the 'dropSmurfs'
action.</para>
</listitem>
<listitem>
<para>Packets with these destination IP addresses are not
logged during policy enforcement.</para>
</listitem>
<listitem>
<para>Packets with these destination IP addresses are
processes by the 'Broadcast' action.</para>
</listitem>
</orderedlist>
<para>This can be inhibited for individual interfaces by
specifying <emphasis role="bold">noanycast</emphasis> for
those interfaces.</para>
<note>
<para>RFC 2526 describes IPv6 subnet anycast addresses. The
RFC makes a distinction between subnets with "IPv6 address
types required to have 64-bit interface identifiers in
EUI-64 format" and all other subnets. When generating these
anycast addresses, the Shorewall compiler does not make this
distinction and unconditionally assumes that the last 128
addresses in the subnet are reserved as anycast
addresses.</para>
</note>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">optional</emphasis></term> <term><emphasis role="bold">optional</emphasis></term>
<listitem> <listitem>
<para>This option indicates that the firewall should be able <para>This option indicates that the firewall should be able
to start, even if the interface is not usable for handling to start, even if the interface is not usable for handling
traffic. It allows use of the <command>enable</command> and traffic. It allows use of the <command>enable</command> and
<command>disable</command> commands on the interface.</para> <command>disable</command> commands on the interface.</para>
<para>When <option>optional</option> is specified for an <para>When <option>optional</option> is specified for an
interface, Shorewall will be silent when:</para> interface, Shorewall will be silent when:</para>
 End of changes. 1 change blocks. 
0 lines changed or deleted 50 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)