"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "configfiles/mangle.annotated" between
shorewall6-5.2.3.6.tar.bz2 and shorewall6-5.2.6.tar.bz2

About: Shorewall (The Shoreline Firewall) is an iptables based firewall Requires the Shorewall package and adds the capability to create an IPv6 firewall.

mangle.annotated  (shorewall6-5.2.3.6.tar.bz2):mangle.annotated  (shorewall6-5.2.6.tar.bz2)
# #
# Shorewall6 -- /etc/shorewall6/mangle # Shorewall6 -- /etc/shorewall6/mangle
# #
# For information about entries in this file, type "man shorewall6-mangle" # For information about entries in this file, type "man shorewall6-mangle"
# #
# See http://shorewall.net/traffic_shaping.htm for additional information. # See https://shorewall.org/traffic_shaping.htm for additional information.
# For usage in selecting among multiple ISPs, see # For usage in selecting among multiple ISPs, see
# http://shorewall.net/MultiISP.html # https://shorewall.org/MultiISP.html
# #
# See http://shorewall.net/PacketMarking.html for a detailed description of # See https://shorewall.org/PacketMarking.html for a detailed description of
# the Netfilter/Shorewall packet marking mechanism. # the Netfilter/Shorewall packet marking mechanism.
# #
################################################################################ ################################################################################ ###### ################################################################################ ################################################################################ ######
# #
# This file was introduced in Shorewall 4.6.0 and replaces shorewall-tcrules(5). # This file was introduced in Shorewall 4.6.0 and replaces shorewall-tcrules(5).
# This file is only processed by the compiler if: # This file is only processed by the compiler if:
# #
# Entries in this file cause packets to be marked as a means of classifying them # Entries in this file cause packets to be marked as a means of classifying them
# for traffic control or policy routing. # for traffic control or policy routing.
# #
# Important # Important
# #
# Unlike rules in the shorewall-rules(5) file, evaluation of rules in this file # Unlike rules in the shorewall-rules(5) file, evaluation of rules in this file
# will continue after a match. So the final mark for each packet will be the one # will continue after a match. So the final mark for each packet will be the one
# assigned by the LAST tcrule that matches. # assigned by the LAST tcrule that matches.
# #
# If you use multiple internet providers with the 'track' option, in /etc/ # If you use multiple internet providers with the 'track' option, in /etc/
# shorewall/providers be sure to read the restrictions at http:// # shorewall/providers be sure to read the restrictions at https://shorewall.org/
# www.shorewall.net/MultiISP.html. # MultiISP.html.
# #
# The columns in the file are as follows (where the column name is followed by a # The columns in the file are as follows (where the column name is followed by a
# different name in parentheses, the different name is used in the alternate # different name in parentheses, the different name is used in the alternate
# specification syntax). # specification syntax).
# #
# ACTION - command[(parameters)][:chain-designator] # ACTION - command[(parameters)][:chain-designator]
# #
# The chain-designator indicates the Netfilter chain that the entry applies # The chain-designator indicates the Netfilter chain that the entry applies
# to and may be one of the following: # to and may be one of the following:
# #
skipping to change at line 695 skipping to change at line 695
# #
# Beginning with Shorewall 4.5.12, this column can accept a comma-separated # Beginning with Shorewall 4.5.12, this column can accept a comma-separated
# list of protocols. # list of protocols.
# #
# DPORT- {-|port-name-number-or-range[,port-name-number-or-range]...|+ipset} # DPORT- {-|port-name-number-or-range[,port-name-number-or-range]...|+ipset}
# #
# Optional destination Ports. A comma-separated list of Port names (from # Optional destination Ports. A comma-separated list of Port names (from
# services(5)), port numbers or port ranges; if the protocol is icmp, this # services(5)), port numbers or port ranges; if the protocol is icmp, this
# column is interpreted as the destination icmp-type(s). ICMP types may be # column is interpreted as the destination icmp-type(s). ICMP types may be
# specified as a numeric type, a numeric type and code separated by a slash # specified as a numeric type, a numeric type and code separated by a slash
# (e.g., 3/4), or a typename. See http://www.shorewall.net/ # (e.g., 3/4), or a typename. See https://shorewall.org/
# configuration_file_basics.htm#ICMP. # configuration_file_basics.htm#ICMP.
# #
# If the protocol is ipp2p, this column is interpreted as an ipp2p option # If the protocol is ipp2p, this column is interpreted as an ipp2p option
# without the leading "--" (example bit for bit-torrent). If no PORT is # without the leading "--" (example bit for bit-torrent). If no PORT is
# given, ipp2p is assumed. # given, ipp2p is assumed.
# #
# An entry in this field requires that the PROTO column specify icmp (1), tc p # An entry in this field requires that the PROTO column specify icmp (1), tc p
# (6), udp (17), sctp (132) or udplite (136). Use '-' if any of the followin g # (6), udp (17), sctp (132) or udplite (136). Use '-' if any of the followin g
# field is supplied. # field is supplied.
# #
skipping to change at line 950 skipping to change at line 950
# #
# Defines the starting date and time. # Defines the starting date and time.
# #
# datestop=yyyy[-mm[-dd[Thh[:mm[:ss]]]]] # datestop=yyyy[-mm[-dd[Thh[:mm[:ss]]]]]
# #
# Defines the ending date and time. # Defines the ending date and time.
# #
# SWITCH - [!]switch-name[={0|1}] # SWITCH - [!]switch-name[={0|1}]
# #
# Added in Shorewall 5.1.0 and allows enabling and disabling the rule withou t # Added in Shorewall 5.1.0 and allows enabling and disabling the rule withou t
# requiring shorewall restart. # requiring shorewall reload.
# #
# The rule is enabled if the value stored in /proc/net/nf_condition/ # The rule is enabled if the value stored in /proc/net/nf_condition/
# switch-name is 1. The rule is disabled if that file contains 0 (the # switch-name is 1. The rule is disabled if that file contains 0 (the
# default). If '!' is supplied, the test is inverted such that the rule is # default). If '!' is supplied, the test is inverted such that the rule is
# enabled if the file contains 0. # enabled if the file contains 0.
# #
# Within the switch-name, '@0' and '@{0}' are replaced by the name of the # Within the switch-name, '@0' and '@{0}' are replaced by the name of the
# chain to which the rule is a added. The switch-name (after '@...' # chain to which the rule is a added. The switch-name (after '@...'
# expansion) must begin with a letter and be composed of letters, decimal # expansion) must begin with a letter and be composed of letters, decimal
# digits, underscores or hyphens. Switch names must be 30 characters or less # digits, underscores or hyphens. Switch names must be 30 characters or less
# in length. # in length.
# #
# Switches are normally off. To turn a switch on: # Switches are normally off. To turn a switch on:
# #
# echo 1 > /proc/net/nf_condition/switch-name # echo 1 > /proc/net/nf_condition/switch-name
# #
# To turn it off again: # To turn it off again:
# #
# echo 0 > /proc/net/nf_condition/switch-name # echo 0 > /proc/net/nf_condition/switch-name
# #
# Switch settings are retained over shorewall restart. # Switch settings are retained over shorewall reload.
# #
# When the switch-name is followed by =0 or =1, then the switch is # When the switch-name is followed by =0 or =1, then the switch is
# initialized to off or on respectively by the start command. Other commands # initialized to off or on respectively by the start command. Other commands
# do not affect the switch setting. # do not affect the switch setting.
# #
# Example # Example
# #
# IPv4 Example 1: # IPv4 Example 1:
# #
# Mark all ICMP echo traffic with packet mark 1. Mark all peer to peer # Mark all ICMP echo traffic with packet mark 1. Mark all peer to peer
 End of changes. 7 change blocks. 
8 lines changed or deleted 8 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)