"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "Samples6/two-interfaces/rules.annotated" between
shorewall6-5.2.3.6.tar.bz2 and shorewall6-5.2.6.tar.bz2

About: Shorewall (The Shoreline Firewall) is an iptables based firewall Requires the Shorewall package and adds the capability to create an IPv6 firewall.

rules.annotated  (shorewall6-5.2.3.6.tar.bz2):rules.annotated  (shorewall6-5.2.6.tar.bz2)
skipping to change at line 369 skipping to change at line 369
# #
# The mark value may be optionally followed by "/" and a mask value (use d # The mark value may be optionally followed by "/" and a mask value (use d
# to determine those bits of the connection mark to actually be set). # to determine those bits of the connection mark to actually be set).
# When a mask is specified, the result of logically ANDing the mark valu e # When a mask is specified, the result of logically ANDing the mark valu e
# with the mask must be the same as the mark value. # with the mask must be the same as the mark value.
# #
# NFLOG[(nflog-parameters)] # NFLOG[(nflog-parameters)]
# #
# Added in Shorewall 4.5.9.3. Queues matching packets to a back end # Added in Shorewall 4.5.9.3. Queues matching packets to a back end
# logging daemon via a netlink socket then continues to the next rule. # logging daemon via a netlink socket then continues to the next rule.
# See http://www.shorewall.net/shorewall_logging.html. # See https://shorewall.org/shorewall_logging.html.
# #
# The nflog-parameters are a comma-separated list of up to 3 numbers: # The nflog-parameters are a comma-separated list of up to 3 numbers:
# #
# ☆ The first number specifies the netlink group (0-65535). If omitted # ☆ The first number specifies the netlink group (0-65535). If omitted
# (e.g., NFLOG(,0,10)) then a value of 0 is assumed. # (e.g., NFLOG(,0,10)) then a value of 0 is assumed.
# #
# ☆ The second number specifies the maximum number of bytes to copy. I f # ☆ The second number specifies the maximum number of bytes to copy. I f
# omitted, 0 (no limit) is assumed. # omitted, 0 (no limit) is assumed.
# #
# ☆ The third number specifies the number of log messages that should # ☆ The third number specifies the number of log messages that should
skipping to change at line 966 skipping to change at line 966
# #
# Beginning with Shorewall 4.4.19, this column can contain a comma-separated # Beginning with Shorewall 4.4.19, this column can contain a comma-separated
# list of protocol-numbers and/or protocol names. # list of protocol-numbers and/or protocol names.
# #
# DPORT - {-|port-name-number-or-range[,port-name-number-or-range]...|+ipset} # DPORT - {-|port-name-number-or-range[,port-name-number-or-range]...|+ipset}
# #
# Optional destination Ports. A comma-separated list of Port names (from # Optional destination Ports. A comma-separated list of Port names (from
# services(5)), port numbers or port ranges; if the protocol is icmp, this # services(5)), port numbers or port ranges; if the protocol is icmp, this
# column is interpreted as the destination icmp-type(s). ICMP types may be # column is interpreted as the destination icmp-type(s). ICMP types may be
# specified as a numeric type, a numeric type and code separated by a slash # specified as a numeric type, a numeric type and code separated by a slash
# (e.g., 3/4), or a typename. See http://www.shorewall.net/ # (e.g., 3/4), or a typename. See https://shorewall.org/
# configuration_file_basics.htm#ICMP. Note that prior to Shorewall 4.4.19, # configuration_file_basics.htm#ICMP. Note that prior to Shorewall 4.4.19,
# only a single ICMP type may be listed. # only a single ICMP type may be listed.
# #
# If the protocol is ipp2p, this column is interpreted as an ipp2p option # If the protocol is ipp2p, this column is interpreted as an ipp2p option
# without the leading "--" (example bit for bit-torrent). If no port is # without the leading "--" (example bit for bit-torrent). If no port is
# given, ipp2p is assumed. # given, ipp2p is assumed.
# #
# A port range is expressed as lowport:highport. # A port range is expressed as lowport:highport.
# #
# This column is ignored if PROTO = all but must be entered if any of the # This column is ignored if PROTO = all but must be entered if any of the
skipping to change at line 1059 skipping to change at line 1059
# that the original destination address matches one of the listed addresses. # that the original destination address matches one of the listed addresses.
# This feature is most useful when you want to generate a filter rule that # This feature is most useful when you want to generate a filter rule that
# corresponds to a DNAT- or REDIRECT- rule. In this usage, the list of # corresponds to a DNAT- or REDIRECT- rule. In this usage, the list of
# addresses should not begin with "!". # addresses should not begin with "!".
# #
# It is also possible to specify a set of addresses then exclude part of # It is also possible to specify a set of addresses then exclude part of
# those addresses. For example, 192.168.1.0/24!192.168.1.16/28 specifies the # those addresses. For example, 192.168.1.0/24!192.168.1.16/28 specifies the
# addresses 192.168.1.0-182.168.1.15 and 192.168.1.32-192.168.1.255. See # addresses 192.168.1.0-182.168.1.15 and 192.168.1.32-192.168.1.255. See
# shorewall-exclusion(5). # shorewall-exclusion(5).
# #
# See http://www.shorewall.net/PortKnocking.html for an example of using an # See https://shorewall.org/PortKnocking.html for an example of using an
# entry in this column with a user-defined action rule. # entry in this column with a user-defined action rule.
# #
# This column was formerly labelled ORIGINAL DEST. # This column was formerly labelled ORIGINAL DEST.
# #
# RATE - limit # RATE - limit
# #
# where limit is one of: # where limit is one of:
# #
# [-|[{s|d}[/vlsm]:[name[(ht-buckets,ht-max)]:]rate/{sec|min|hour|day}[:burs t # [-|[{s|d}[/vlsm]:[name[(ht-buckets,ht-max)]:]rate/{sec|min|hour|day}[:burs t
# ] # ]
skipping to change at line 1289 skipping to change at line 1289
# If any: is specified, the rule will match if any of the listed headers are # If any: is specified, the rule will match if any of the listed headers are
# present. If exactly: is specified, the will match packets that exactly # present. If exactly: is specified, the will match packets that exactly
# include all specified headers. If neither is given, any: is assumed. # include all specified headers. If neither is given, any: is assumed.
# #
# If ! is entered, the rule will match those packets which would not be # If ! is entered, the rule will match those packets which would not be
# matched when ! is omitted. # matched when ! is omitted.
# #
# SWITCH - [!]switch-name[={0|1}] # SWITCH - [!]switch-name[={0|1}]
# #
# Added in Shorewall 4.4.24 and allows enabling and disabling the rule # Added in Shorewall 4.4.24 and allows enabling and disabling the rule
# without requiring shorewall restart. # without requiring shorewall reload.
# #
# The rule is enabled if the value stored in /proc/net/nf_condition/ # The rule is enabled if the value stored in /proc/net/nf_condition/
# switch-name is 1. The rule is disabled if that file contains 0 (the # switch-name is 1. The rule is disabled if that file contains 0 (the
# default). If '!' is supplied, the test is inverted such that the rule is # default). If '!' is supplied, the test is inverted such that the rule is
# enabled if the file contains 0. # enabled if the file contains 0.
# #
# Within the switch-name, '@0' and '@{0}' are replaced by the name of the # Within the switch-name, '@0' and '@{0}' are replaced by the name of the
# chain to which the rule is a added. The switch-name (after '@...' # chain to which the rule is a added. The switch-name (after '@...'
# expansion) must begin with a letter and be composed of letters, decimal # expansion) must begin with a letter and be composed of letters, decimal
# digits, underscores or hyphens. Switch names must be 30 characters or less # digits, underscores or hyphens. Switch names must be 30 characters or less
# in length. # in length.
# #
# Switches are normally off. To turn a switch on: # Switches are normally off. To turn a switch on:
# #
# echo 1 > /proc/net/nf_condition/switch-name # echo 1 > /proc/net/nf_condition/switch-name
# #
# To turn it off again: # To turn it off again:
# #
# echo 0 > /proc/net/nf_condition/switch-name # echo 0 > /proc/net/nf_condition/switch-name
# #
# Switch settings are retained over shorewall restart. # Switch settings are retained over shorewall reload.
# #
# Beginning with Shorewall 4.5.10, when the switch-name is followed by =0 or # Beginning with Shorewall 4.5.10, when the switch-name is followed by =0 or
# =1, then the switch is initialized to off or on respectively by the start # =1, then the switch is initialized to off or on respectively by the start
# command. Other commands do not affect the switch setting. # command. Other commands do not affect the switch setting.
# #
# HELPER - [helper] # HELPER - [helper]
# #
# Added in Shorewall 4.5.7. # Added in Shorewall 4.5.7.
# #
# In the NEW section, causes the named conntrack helper to be associated wit h # In the NEW section, causes the named conntrack helper to be associated wit h
 End of changes. 5 change blocks. 
5 lines changed or deleted 5 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)