"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "Samples6/two-interfaces/policy.annotated" between
shorewall6-5.2.3.4.tgz and shorewall6-5.2.3.5.tar.bz2

About: Shorewall (The Shoreline Firewall) is an iptables based firewall Requires the Shorewall package and adds the capability to create an IPv6 firewall.

policy.annotated  (shorewall6-5.2.3.4.tgz):policy.annotated  (shorewall6-5.2.3.5.tar.bz2)
skipping to change at line 79 skipping to change at line 79
# the implicit intra-zone ACCEPT policy while "all+" does. # the implicit intra-zone ACCEPT policy while "all+" does.
# #
# Beginning with Shorewall 5.0.12, multiple zones may be listed separated by # Beginning with Shorewall 5.0.12, multiple zones may be listed separated by
# commas. As above, if '+' is specified after two or more zone names, then # commas. As above, if '+' is specified after two or more zone names, then
# the policy overrides the implicit intra-zone ACCEPT policy if the same zon e # the policy overrides the implicit intra-zone ACCEPT policy if the same zon e
# appears in both the SOURCE and DEST columns. # appears in both the SOURCE and DEST columns.
# #
# Beginning with Shorewall 5.2.3, a comma-separated list of excluded zones # Beginning with Shorewall 5.2.3, a comma-separated list of excluded zones
# preceded by "!" may follow all or all+. # preceded by "!" may follow all or all+.
# #
# POLICY - {ACCEPT|DROP|REJECT|BLACKLIST|CONTINUE|QUEUE|NFQUEUE[(queuenumber1[: # POLICY - {ACCEPT|DROP|REJECT|BLACKLIST|CONTINUE|QUEUE|NFQUEUE[([queuenumber1[:
# queuenumber2])]|NONE}[:{[+]policy-action[:level][,...]|None}] # queuenumber2[c]][,bypass]]|bypass)]|NONE}[:{[+]policy-action[:level][,...]
|
# None}]
# #
# Policy if no match from the rules file is found. # Policy if no match from the rules file is found.
# #
# If the policy is neither CONTINUE nor NONE then the policy may be followed # If the policy is neither CONTINUE nor NONE then the policy may be followed
# by ":" and one of the following: # by ":" and one of the following:
# #
# a. The word "None" or "none". This causes any default action defined in # a. The word "None" or "none". This causes any default action defined in
# shorewall.conf(5) to be omitted for this policy. # shorewall.conf(5) to be omitted for this policy.
# #
# b. The name of an action with optional parameters enclosed in parentheses . # b. The name of an action with optional parameters enclosed in parentheses .
skipping to change at line 140 skipping to change at line 141
# #
# NFQUEUE # NFQUEUE
# #
# Queue the request for a user-space application using the # Queue the request for a user-space application using the
# nfnetlink_queue mechanism. If a queuenumber1 is not given, queue zero # nfnetlink_queue mechanism. If a queuenumber1 is not given, queue zero
# (0) is assumed. Beginning with Shorewall 4.6.10, a second queue number # (0) is assumed. Beginning with Shorewall 4.6.10, a second queue number
# (queuenumber2) may be given. This specifies a range of queues to use. # (queuenumber2) may be given. This specifies a range of queues to use.
# Packets are then balanced across the given queues. This is useful for # Packets are then balanced across the given queues. This is useful for
# multicore systems: start multiple instances of the userspace program o n # multicore systems: start multiple instances of the userspace program o n
# queues x, x+1, .. x+n and use "x:x+n". Packets belonging to the same # queues x, x+1, .. x+n and use "x:x+n". Packets belonging to the same
# connection are put into the same nfqueue. # connection are put into the same nfqueue. Beginning with Shorewall
# 5.1.0, queuenumber2 may be followed by the letter 'c' to indicate that
# the CPU ID will be used as an index to map packets to the queues. The
# idea is that you can improve performance if there's a queue per CPU.
# Requires the NFQUEUE CPU Fanout capability in your kernel and iptables
.
#
# Beginning with Shorewall 4.6.10, the keyword bypass can be given. By
# default, if no userspace program is listening on an NFQUEUE, then all
# packets that are to be queued are dropped. When this option is used,
# the NFQUEUE rule behaves like ACCEPT instead.
# #
# CONTINUE # CONTINUE
# #
# Pass the connection request past any other rules that it might also # Pass the connection request past any other rules that it might also
# match (where the source or destination zone in those rules is a # match (where the source or destination zone in those rules is a
# superset of the SOURCE or DEST in this policy). See shorewall-nesting # superset of the SOURCE or DEST in this policy). See shorewall-nesting
# (5) for additional information. # (5) for additional information.
# #
# NONE # NONE
# #
 End of changes. 2 change blocks. 
3 lines changed or deleted 15 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)