Beta 4 is now available for testing. Problems corrected since Beta 3:
1) A_ACCEPT! is now recognized as a rules ACTION. Previously, it was
documented in shorewall[6]-rules(5) but was not implemented.
New Features:
The INLINE facility has been enhanced. Here is the entire description:
1) A new INLINE action has been added. This action allows defining
arbitrary iptables rules in the blrules and rules files, as well as
in action and macro bodies.
The basic form of an INLINE rule is as follows:
INLINE <src> <dst> <proto> ... ; <iptables matches and jump>
The <iptables matches and jump> are added to the rule generated by
the contents of the other supplied columns. Given the 'raw' nature
of this action, you should examine the rule generated by the entry
(e.g., 'shorewall check -r') prior to attempting a 'start' or
'restart' operation.
Example:
INLINE $FW net tcp 1234 ; -j SECCTX --name foo
This entry generates the following:
-A fw2net -p 6 --dport 1234 -j SECCTX --name foo
When multiple matches are specified, the compiler will keep them in
the order in which they appear, but they will not necessarily be at
the end of the generated rule. For example, if addresses are
specified in the SOURCE and/or DEST columns, their generated matches
will appear after those specified using ';'.
As part of this change, a new 'builtin' action type has been added.
ip[6]tables targets not supported by Shorewall (such as 'SECCTX' in
the example above), must be defined in your
/etc/shorewall[6]/actions file:
Example:
SECCTX builtin
Such builtin actions may only be used in INLINE action invocations;
they may not appear in the ACTION column of a rule.
If you want to use a standard Shorewall-supported action, you can
pass it as a parameter to INLINE.
Example:
INLINE(ACCEPT) $FW net ; -m foo --bar baz
Note that if you include a log level with INLINE and do not pass a
parameter, Shorewall will automatically assume that the parameter
is LOG. That means that you must not specify a log level if you
specify your own rule target with '-j'.
The alternate input format may be used with INLINE, provided that
the {....} form of alternate input is used.
Example:
INLINE $FW net { owner=teastep } ; -j FOO --bar
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
