"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "configfiles/snat.annotated" between
shorewall6-5.2.3.6.tar.bz2 and shorewall6-5.2.6.tar.bz2

About: Shorewall (The Shoreline Firewall) is an iptables based firewall Requires the Shorewall package and adds the capability to create an IPv6 firewall.

[ To the main shorewall6 source changes report ]

snat.annotated  (shorewall6-5.2.3.6.tar.bz2):snat.annotated  (shorewall6-5.2.6.tar.bz2)
# #
# Shorewall6 -- /etc/shorewall6/snat # Shorewall6 -- /etc/shorewall6/snat
# #
# For information about entries in this file, type "man shorewall6-snat" # For information about entries in this file, type "man shorewall6-snat"
# #
# See http://shorewall.net/manpages6/shorewall6-snat.html for more information # See https://shorewall.org/manpages/shorewall-snat.html for more information
# #
################################################################################ ?FORMAT 2
########################################################### ################################################################################
###################################################################
# #
# This file is used to define dynamic NAT (Masquerading) and to define Source NA T # This file is used to define dynamic NAT (Masquerading) and to define Source NA T
# (SNAT). It superseded shorewall-masq(5) in Shorewall 5.0.14. # (SNAT). It superseded shorewall-masq(5) in Shorewall 5.0.14.
# #
# Warning # Warning
# #
# The entries in this file are order-sensitive. The first entry that matches a # The entries in this file are order-sensitive. The first entry that matches a
# particular connection will be the one that is used. # particular connection will be the one that is used.
# #
# Warning # Warning
# #
# If you have more than one ISP link, adding entries to this file will not force # If you have more than one ISP link, adding entries to this file will not force
# connections to go out through a particular link. You must use entries in # connections to go out through a particular link. You must use entries in
# shorewall-rtrules(5) or PREROUTING entries in shorewall-mangle(5) to do that. # shorewall-rtrules(5) or PREROUTING entries in shorewall-mangle(5) to do that.
# #
# Beginning with Shorewall 5.2.6, the snat file supports two different formats:
#
# 1. The SPORT (source port) column is omitted. This is the default unless a "?
# FORMAT 2" compiler directive is included.
#
# 2. The SPORT column immediately follows the DPORT column.
#
# The columns in the file are as follows. # The columns in the file are as follows.
# #
# ACTION # ACTION
# #
# Defines the type of rule to generate. Beginning with Shorewall 5.1.9, with # Defines the type of rule to generate. Beginning with Shorewall 5.1.9, with
# the exception of NFLOG and ULOG, the action may be followed by a colon # the exception of NFLOG and ULOG, the action may be followed by a colon
# (":") and a log level (see shorewall-logging(5)). # (":") and a log level (see shorewall-logging(5)).
# #
# Choices for ACTION are: # Choices for ACTION are:
# #
# action[+][(parameter,...)][:level] # action[+][(parameter,...)][:level]
# #
# where action is an action declared in shorewall-actions(5) with the na t # where action is an action declared in shorewall-actions(5) with the na t
# option. See www.shorewall.net/Actions.html for further information. # option. See https://shorewall.org/Actions.html for further information .
# #
# CONTINUE[+]:level # CONTINUE[+]:level
# #
# Causes matching packets to be exempted from any following rules in the # Causes matching packets to be exempted from any following rules in the
# file. # file.
# #
# LOG:level # LOG:level
# #
# Added in Shorewall 5.1.9. Simply log the packet and continue with the # Added in Shorewall 5.1.9. Simply log the packet and continue with the
# next rule. # next rule.
skipping to change at line 216 skipping to change at line 224
# If you wish to restrict this entry to a particular protocol then enter the # If you wish to restrict this entry to a particular protocol then enter the
# protocol name (from protocols(5)) or number here. See shorewall-rules(5) # protocol name (from protocols(5)) or number here. See shorewall-rules(5)
# for details. # for details.
# #
# Beginning with Shorewall 4.5.12, this column can accept a comma-separated # Beginning with Shorewall 4.5.12, this column can accept a comma-separated
# list of protocols. # list of protocols.
# #
# Beginning with Shorewall 4.6.0, an ipset name can be specified in this # Beginning with Shorewall 4.6.0, an ipset name can be specified in this
# column. This is intended to be used with bitmap:port ipsets. # column. This is intended to be used with bitmap:port ipsets.
# #
# PORT (Optional) - {-|[!]port-name-or-number[,port-name-or-number]...|+ipset} # {PORT|DPORT} (Optional) - {-|[!]port-name-or-number[,port-name-or-number]...|+
# ipset}
#
# The column was renamed to DPORT in Shorewall 5.2.6. Beginning with that
# release, both PORT and DPORT are accepted in the alternative input format,
# #
# If the PROTO column specifies TCP (6), UDP (17), DCCP (33), SCTP (132) or # If the PROTO column specifies TCP (6), UDP (17), DCCP (33), SCTP (132) or
# UDPLITE (136) then you may list one or more port numbers (or names from # UDPLITE (136) then you may list one or more port numbers (or names from
# services(5)) or port ranges separated by commas. # services(5)) or port ranges separated by commas.
# #
# Port ranges are of the form lowport:highport. # Port ranges are of the form lowport:highport.
# #
# Beginning with Shorewall 4.6.0, an ipset name can be specified in this # Beginning with Shorewall 4.6.0, an ipset name can be specified in this
# column. This is intended to be used with bitmap:port ipsets. # column. This is intended to be used with bitmap:port ipsets.
# #
# SPORT {-|[!]port-name-or-number[,port-name-or-number]...|+ipset}
#
# FORMAT 2 only.
#
# If the PROTO column specifies TCP (6), UDP (17), DCCP (33), SCTP (132) or
# UDPLITE (136) then you may list one or more port numbers (or names from
# services(5)) or port ranges separated by commas.
#
# Port ranges are of the form lowport:highport.
#
# An ipset name can be specified in this column. This is intended to be used
# with bitmap:port ipsets.
#
# IPSEC (Optional) - [option[,option]...] # IPSEC (Optional) - [option[,option]...]
# #
# If you specify a value other than "-" in this column, you must be running # If you specify a value other than "-" in this column, you must be running
# kernel 2.6 and your kernel and iptables must include policy match support. # kernel 2.6 and your kernel and iptables must include policy match support.
# #
# Comma-separated list of options from the following. Only packets that will # Comma-separated list of options from the following. Only packets that will
# be encrypted via an SA that matches these options will have their source # be encrypted via an SA that matches these options will have their source
# address changed. # address changed.
# #
# reqid=number # reqid=number
skipping to change at line 486 skipping to change at line 511
# Your sit1 interface has two public IP addresses: 2001:470:a:227::1 and # Your sit1 interface has two public IP addresses: 2001:470:a:227::1 and
# 2001:470:b:227::1. You want to use the iptables statistics match to # 2001:470:b:227::1. You want to use the iptables statistics match to
# masquerade outgoing connections evenly between these two addresses. # masquerade outgoing connections evenly between these two addresses.
# #
# /etc/shorewall/snat: # /etc/shorewall/snat:
# #
# #ACTION SOURCE DEST # #ACTION SOURCE DEST
# SNAT(2001:470:a:227::1) ::/0 sit1 { probabi lity=0.50 } # SNAT(2001:470:a:227::1) ::/0 sit1 { probabi lity=0.50 }
# SNAT(2001:470:a:227::2) ::/0 sit # SNAT(2001:470:a:227::2) ::/0 sit
# #
################################################################################ ################################################################################
########################################################### ###################################################################
#ACTION SOURCE DEST PROTO P #ACTION SOURCE DEST PROTO D
ORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY PORT SPORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY
 End of changes. 7 change blocks. 
5 lines changed or deleted 30 lines changed or added
To the Text Files section of the shorewall6 source changes report or the top of this page
Mainly generated by pkgdiff using rfcdiff
Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)