"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "configfiles/snat.annotated" between
shorewall6-5.2.3.6.tar.bz2 and shorewall6-5.2.6.tar.bz2

About: Shorewall (The Shoreline Firewall) is an iptables based firewall Requires the Shorewall package and adds the capability to create an IPv6 firewall.

snat.annotated  (shorewall6-5.2.3.6.tar.bz2):snat.annotated  (shorewall6-5.2.6.tar.bz2)
# #
# Shorewall6 -- /etc/shorewall6/snat # Shorewall6 -- /etc/shorewall6/snat
# #
# For information about entries in this file, type "man shorewall6-snat" # For information about entries in this file, type "man shorewall6-snat"
# #
# See http://shorewall.net/manpages6/shorewall6-snat.html for more information # See https://shorewall.org/manpages/shorewall-snat.html for more information
# #
################################################################################ ?FORMAT 2
########################################################### ################################################################################
###################################################################
# #
# This file is used to define dynamic NAT (Masquerading) and to define Source NA T # This file is used to define dynamic NAT (Masquerading) and to define Source NA T
# (SNAT). It superseded shorewall-masq(5) in Shorewall 5.0.14. # (SNAT). It superseded shorewall-masq(5) in Shorewall 5.0.14.
# #
# Warning # Warning
# #
# The entries in this file are order-sensitive. The first entry that matches a # The entries in this file are order-sensitive. The first entry that matches a
# particular connection will be the one that is used. # particular connection will be the one that is used.
# #
# Warning # Warning
# #
# If you have more than one ISP link, adding entries to this file will not force # If you have more than one ISP link, adding entries to this file will not force
# connections to go out through a particular link. You must use entries in # connections to go out through a particular link. You must use entries in
# shorewall-rtrules(5) or PREROUTING entries in shorewall-mangle(5) to do that. # shorewall-rtrules(5) or PREROUTING entries in shorewall-mangle(5) to do that.
# #
# Beginning with Shorewall 5.2.6, the snat file supports two different formats:
#
# 1. The SPORT (source port) column is omitted. This is the default unless a "?
# FORMAT 2" compiler directive is included.
#
# 2. The SPORT column immediately follows the DPORT column.
#
# The columns in the file are as follows. # The columns in the file are as follows.
# #
# ACTION # ACTION
# #
# Defines the type of rule to generate. Beginning with Shorewall 5.1.9, with # Defines the type of rule to generate. Beginning with Shorewall 5.1.9, with
# the exception of NFLOG and ULOG, the action may be followed by a colon # the exception of NFLOG and ULOG, the action may be followed by a colon
# (":") and a log level (see shorewall-logging(5)). # (":") and a log level (see shorewall-logging(5)).
# #
# Choices for ACTION are: # Choices for ACTION are:
# #
# action[+][(parameter,...)][:level] # action[+][(parameter,...)][:level]
# #
# where action is an action declared in shorewall-actions(5) with the na t # where action is an action declared in shorewall-actions(5) with the na t
# option. See www.shorewall.net/Actions.html for further information. # option. See https://shorewall.org/Actions.html for further information .
# #
# CONTINUE[+]:level # CONTINUE[+]:level
# #
# Causes matching packets to be exempted from any following rules in the # Causes matching packets to be exempted from any following rules in the
# file. # file.
# #
# LOG:level # LOG:level
# #
# Added in Shorewall 5.1.9. Simply log the packet and continue with the # Added in Shorewall 5.1.9. Simply log the packet and continue with the
# next rule. # next rule.
skipping to change at line 216 skipping to change at line 224
# If you wish to restrict this entry to a particular protocol then enter the # If you wish to restrict this entry to a particular protocol then enter the
# protocol name (from protocols(5)) or number here. See shorewall-rules(5) # protocol name (from protocols(5)) or number here. See shorewall-rules(5)
# for details. # for details.
# #
# Beginning with Shorewall 4.5.12, this column can accept a comma-separated # Beginning with Shorewall 4.5.12, this column can accept a comma-separated
# list of protocols. # list of protocols.
# #
# Beginning with Shorewall 4.6.0, an ipset name can be specified in this # Beginning with Shorewall 4.6.0, an ipset name can be specified in this
# column. This is intended to be used with bitmap:port ipsets. # column. This is intended to be used with bitmap:port ipsets.
# #
# PORT (Optional) - {-|[!]port-name-or-number[,port-name-or-number]...|+ipset} # {PORT|DPORT} (Optional) - {-|[!]port-name-or-number[,port-name-or-number]...|+
# ipset}
#
# The column was renamed to DPORT in Shorewall 5.2.6. Beginning with that
# release, both PORT and DPORT are accepted in the alternative input format,
# #
# If the PROTO column specifies TCP (6), UDP (17), DCCP (33), SCTP (132) or # If the PROTO column specifies TCP (6), UDP (17), DCCP (33), SCTP (132) or
# UDPLITE (136) then you may list one or more port numbers (or names from # UDPLITE (136) then you may list one or more port numbers (or names from
# services(5)) or port ranges separated by commas. # services(5)) or port ranges separated by commas.
# #
# Port ranges are of the form lowport:highport. # Port ranges are of the form lowport:highport.
# #
# Beginning with Shorewall 4.6.0, an ipset name can be specified in this # Beginning with Shorewall 4.6.0, an ipset name can be specified in this
# column. This is intended to be used with bitmap:port ipsets. # column. This is intended to be used with bitmap:port ipsets.
# #
# SPORT {-|[!]port-name-or-number[,port-name-or-number]...|+ipset}
#
# FORMAT 2 only.
#
# If the PROTO column specifies TCP (6), UDP (17), DCCP (33), SCTP (132) or
# UDPLITE (136) then you may list one or more port numbers (or names from
# services(5)) or port ranges separated by commas.
#
# Port ranges are of the form lowport:highport.
#
# An ipset name can be specified in this column. This is intended to be used
# with bitmap:port ipsets.
#
# IPSEC (Optional) - [option[,option]...] # IPSEC (Optional) - [option[,option]...]
# #
# If you specify a value other than "-" in this column, you must be running # If you specify a value other than "-" in this column, you must be running
# kernel 2.6 and your kernel and iptables must include policy match support. # kernel 2.6 and your kernel and iptables must include policy match support.
# #
# Comma-separated list of options from the following. Only packets that will # Comma-separated list of options from the following. Only packets that will
# be encrypted via an SA that matches these options will have their source # be encrypted via an SA that matches these options will have their source
# address changed. # address changed.
# #
# reqid=number # reqid=number
skipping to change at line 486 skipping to change at line 511
# Your sit1 interface has two public IP addresses: 2001:470:a:227::1 and # Your sit1 interface has two public IP addresses: 2001:470:a:227::1 and
# 2001:470:b:227::1. You want to use the iptables statistics match to # 2001:470:b:227::1. You want to use the iptables statistics match to
# masquerade outgoing connections evenly between these two addresses. # masquerade outgoing connections evenly between these two addresses.
# #
# /etc/shorewall/snat: # /etc/shorewall/snat:
# #
# #ACTION SOURCE DEST # #ACTION SOURCE DEST
# SNAT(2001:470:a:227::1) ::/0 sit1 { probabi lity=0.50 } # SNAT(2001:470:a:227::1) ::/0 sit1 { probabi lity=0.50 }
# SNAT(2001:470:a:227::2) ::/0 sit # SNAT(2001:470:a:227::2) ::/0 sit
# #
################################################################################ ################################################################################
########################################################### ###################################################################
#ACTION SOURCE DEST PROTO P #ACTION SOURCE DEST PROTO D
ORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY PORT SPORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY
 End of changes. 7 change blocks. 
5 lines changed or deleted 30 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)