On Tuesday 20 December 2005 14:39, Timothy J. Massey wrote: > Hello! > > I'm trying to completely understand the meaning of every bit of the port > knocking configuration. I've modified it quite a bit and it works > prefectly. My question is, though, what does the "--name" parameter do? > I've modified it to something different and it works fine, but I would > really like to know what it does and why I need it (and how my changes > might break things!). > > It seems that if you look at them as "rules macros" and if your action fits > in a template they're easy to understand and well-documented. But I don't > see any real great documentation for actions that *don't* fit in a template > like port knocking. In fact, the port knocking example *is* the > documentation! (Imagine my surprise in trying to read all of the > documentation so that I can understand the port knocking setup only to be > told to refer to it as an example! :) ).
Tim, The whole reason for having extension scripts in Shorewall is so that people can use iptables features not directly supported by Shorewall. So by definition, if you need an extension script then you are doing things that are *outside* of Shorewall and if you want to know the details you must look *outside* of Shorewall. Of the iptables documentation available, I think that the best is http://iptables-tutorial.frozentux.net/iptables-tutorial.html. See the section on the 'recent match'. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
pgpZ037prfPrX.pgp
Description: PGP signature
