(The Shoreline Firewall) is an iptables based firewall Requires the Shorewall package and adds the capability to create an IPv6 firewall.
| mangle.annotated (shorewall6-5.2.3.6.tar.bz2) | : | mangle.annotated (shorewall6-5.2.6.tar.bz2) |
|---|
| # | | # |
| # Shorewall6 -- /etc/shorewall6/mangle | | # Shorewall6 -- /etc/shorewall6/mangle |
| # | | # |
| # For information about entries in this file, type "man shorewall6-mangle" | | # For information about entries in this file, type "man shorewall6-mangle" |
| # | | # |
|
| # See http://shorewall.net/traffic_shaping.htm for additional information. | | # See https://shorewall.org/traffic_shaping.htm for additional information. |
| # For usage in selecting among multiple ISPs, see | | # For usage in selecting among multiple ISPs, see |
|
| # http://shorewall.net/MultiISP.html | | # https://shorewall.org/MultiISP.html |
| # | | # |
|
| # See http://shorewall.net/PacketMarking.html for a detailed description of | | # See https://shorewall.org/PacketMarking.html for a detailed description of |
| # the Netfilter/Shorewall packet marking mechanism. | | # the Netfilter/Shorewall packet marking mechanism. |
| # | | # |
| ################################################################################
################################################################################
###### | | ################################################################################
################################################################################
###### |
| # | | # |
| # This file was introduced in Shorewall 4.6.0 and replaces shorewall-tcrules(5). | | # This file was introduced in Shorewall 4.6.0 and replaces shorewall-tcrules(5). |
| # This file is only processed by the compiler if: | | # This file is only processed by the compiler if: |
| # | | # |
| # Entries in this file cause packets to be marked as a means of classifying them | | # Entries in this file cause packets to be marked as a means of classifying them |
| # for traffic control or policy routing. | | # for traffic control or policy routing. |
| # | | # |
| # Important | | # Important |
| # | | # |
| # Unlike rules in the shorewall-rules(5) file, evaluation of rules in this file | | # Unlike rules in the shorewall-rules(5) file, evaluation of rules in this file |
| # will continue after a match. So the final mark for each packet will be the one | | # will continue after a match. So the final mark for each packet will be the one |
| # assigned by the LAST tcrule that matches. | | # assigned by the LAST tcrule that matches. |
| # | | # |
| # If you use multiple internet providers with the 'track' option, in /etc/ | | # If you use multiple internet providers with the 'track' option, in /etc/ |
|
| # shorewall/providers be sure to read the restrictions at http:// | | # shorewall/providers be sure to read the restrictions at https://shorewall.org/ |
| # www.shorewall.net/MultiISP.html. | | # MultiISP.html. |
| # | | # |
| # The columns in the file are as follows (where the column name is followed by a | | # The columns in the file are as follows (where the column name is followed by a |
| # different name in parentheses, the different name is used in the alternate | | # different name in parentheses, the different name is used in the alternate |
| # specification syntax). | | # specification syntax). |
| # | | # |
| # ACTION - command[(parameters)][:chain-designator] | | # ACTION - command[(parameters)][:chain-designator] |
| # | | # |
| # The chain-designator indicates the Netfilter chain that the entry applies | | # The chain-designator indicates the Netfilter chain that the entry applies |
| # to and may be one of the following: | | # to and may be one of the following: |
| # | | # |
| | |
| skipping to change at line 695 | | skipping to change at line 695 |
|---|
| # | | # |
| # Beginning with Shorewall 4.5.12, this column can accept a comma-separated | | # Beginning with Shorewall 4.5.12, this column can accept a comma-separated |
| # list of protocols. | | # list of protocols. |
| # | | # |
| # DPORT- {-|port-name-number-or-range[,port-name-number-or-range]...|+ipset} | | # DPORT- {-|port-name-number-or-range[,port-name-number-or-range]...|+ipset} |
| # | | # |
| # Optional destination Ports. A comma-separated list of Port names (from | | # Optional destination Ports. A comma-separated list of Port names (from |
| # services(5)), port numbers or port ranges; if the protocol is icmp, this | | # services(5)), port numbers or port ranges; if the protocol is icmp, this |
| # column is interpreted as the destination icmp-type(s). ICMP types may be | | # column is interpreted as the destination icmp-type(s). ICMP types may be |
| # specified as a numeric type, a numeric type and code separated by a slash | | # specified as a numeric type, a numeric type and code separated by a slash |
|
| # (e.g., 3/4), or a typename. See http://www.shorewall.net/ | | # (e.g., 3/4), or a typename. See https://shorewall.org/ |
| # configuration_file_basics.htm#ICMP. | | # configuration_file_basics.htm#ICMP. |
| # | | # |
| # If the protocol is ipp2p, this column is interpreted as an ipp2p option | | # If the protocol is ipp2p, this column is interpreted as an ipp2p option |
| # without the leading "--" (example bit for bit-torrent). If no PORT is | | # without the leading "--" (example bit for bit-torrent). If no PORT is |
| # given, ipp2p is assumed. | | # given, ipp2p is assumed. |
| # | | # |
| # An entry in this field requires that the PROTO column specify icmp (1), tc
p | | # An entry in this field requires that the PROTO column specify icmp (1), tc
p |
| # (6), udp (17), sctp (132) or udplite (136). Use '-' if any of the followin
g | | # (6), udp (17), sctp (132) or udplite (136). Use '-' if any of the followin
g |
| # field is supplied. | | # field is supplied. |
| # | | # |
| | |
| skipping to change at line 950 | | skipping to change at line 950 |
|---|
| # | | # |
| # Defines the starting date and time. | | # Defines the starting date and time. |
| # | | # |
| # datestop=yyyy[-mm[-dd[Thh[:mm[:ss]]]]] | | # datestop=yyyy[-mm[-dd[Thh[:mm[:ss]]]]] |
| # | | # |
| # Defines the ending date and time. | | # Defines the ending date and time. |
| # | | # |
| # SWITCH - [!]switch-name[={0|1}] | | # SWITCH - [!]switch-name[={0|1}] |
| # | | # |
| # Added in Shorewall 5.1.0 and allows enabling and disabling the rule withou
t | | # Added in Shorewall 5.1.0 and allows enabling and disabling the rule withou
t |
|
| # requiring shorewall restart. | | # requiring shorewall reload. |
| # | | # |
| # The rule is enabled if the value stored in /proc/net/nf_condition/ | | # The rule is enabled if the value stored in /proc/net/nf_condition/ |
| # switch-name is 1. The rule is disabled if that file contains 0 (the | | # switch-name is 1. The rule is disabled if that file contains 0 (the |
| # default). If '!' is supplied, the test is inverted such that the rule is | | # default). If '!' is supplied, the test is inverted such that the rule is |
| # enabled if the file contains 0. | | # enabled if the file contains 0. |
| # | | # |
| # Within the switch-name, '@0' and '@{0}' are replaced by the name of the | | # Within the switch-name, '@0' and '@{0}' are replaced by the name of the |
| # chain to which the rule is a added. The switch-name (after '@...' | | # chain to which the rule is a added. The switch-name (after '@...' |
| # expansion) must begin with a letter and be composed of letters, decimal | | # expansion) must begin with a letter and be composed of letters, decimal |
| # digits, underscores or hyphens. Switch names must be 30 characters or less | | # digits, underscores or hyphens. Switch names must be 30 characters or less |
| # in length. | | # in length. |
| # | | # |
| # Switches are normally off. To turn a switch on: | | # Switches are normally off. To turn a switch on: |
| # | | # |
| # echo 1 > /proc/net/nf_condition/switch-name | | # echo 1 > /proc/net/nf_condition/switch-name |
| # | | # |
| # To turn it off again: | | # To turn it off again: |
| # | | # |
| # echo 0 > /proc/net/nf_condition/switch-name | | # echo 0 > /proc/net/nf_condition/switch-name |
| # | | # |
|
| # Switch settings are retained over shorewall restart. | | # Switch settings are retained over shorewall reload. |
| # | | # |
| # When the switch-name is followed by =0 or =1, then the switch is | | # When the switch-name is followed by =0 or =1, then the switch is |
| # initialized to off or on respectively by the start command. Other commands | | # initialized to off or on respectively by the start command. Other commands |
| # do not affect the switch setting. | | # do not affect the switch setting. |
| # | | # |
| # Example | | # Example |
| # | | # |
| # IPv4 Example 1: | | # IPv4 Example 1: |
| # | | # |
| # Mark all ICMP echo traffic with packet mark 1. Mark all peer to peer | | # Mark all ICMP echo traffic with packet mark 1. Mark all peer to peer |
| | | |
| End of changes. 7 change blocks. |
|---|
| 8 lines changed or deleted | | 8 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 