External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-20 07:59:00 +00:00
Code

doc: document new filters and not documented ones

Browse Source 
Signed-off-by: Aleksandr Alekseev <alexander.alekseev@virtuozzo.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Aleksandr Alekseev 2020-10-22 21:15:52 +03:00 committed by Ján Tomko
parent 2d90e34a6f
commit d467144cf2
2 changed files with 47 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/firewall.html.in
View File

@ -283,12 +283,21 @@ UUID Name
15b1ab2b-b1ac-1be2-ed49-2042caba4abb allow-arp 15b1ab2b-b1ac-1be2-ed49-2042caba4abb allow-arp
6c51a466-8d14-6d11-46b0-68b1a883d00f allow-dhcp 6c51a466-8d14-6d11-46b0-68b1a883d00f allow-dhcp
7517ad6c-bd90-37c8-26c9-4eabcb69848d allow-dhcp-server 7517ad6c-bd90-37c8-26c9-4eabcb69848d allow-dhcp-server
7680776c-77aa-496f-90d6-13097664b925 allow-dhcpv6
9cdaad60-7631-4172-8ccb-ef774be7485b allow-dhcpv6-server
3d38b406-7cf0-8335-f5ff-4b9add35f288 allow-incoming-ipv4 3d38b406-7cf0-8335-f5ff-4b9add35f288 allow-incoming-ipv4
908543c1-902e-45f6-a6ca-1a0ad35e7599 allow-incoming-ipv6
5ff06320-9228-2899-3db0-e32554933415 allow-ipv4 5ff06320-9228-2899-3db0-e32554933415 allow-ipv4
ce8904cc-ad3a-4454-896c-53452882f817 allow-ipv6
db0b1767-d62b-269b-ea96-0cc8b451144e clean-traffic db0b1767-d62b-269b-ea96-0cc8b451144e clean-traffic
6d6ddcc8-1242-4c43-ac63-63af80493132 clean-traffic-gateway
4cf38077-c7d5-4e25-99bb-6c4c9efad294 no-arp-ip-spoofing
0b11a636-ce58-497f-be90-17f63c92487a no-arp-mac-spoofing
f88f1932-debf-4aa1-9fbe-f10d3aa4bc95 no-arp-spoofing f88f1932-debf-4aa1-9fbe-f10d3aa4bc95 no-arp-spoofing
772f112d-52e4-700c-0250-e178a3d91a7a no-ip-multicast 772f112d-52e4-700c-0250-e178a3d91a7a no-ip-multicast
7ee20370-8106-765d-f7ff-8a60d5aaf30b no-ip-spoofing 7ee20370-8106-765d-f7ff-8a60d5aaf30b no-ip-spoofing
f8a51c43-a08f-49b3-b9e2-393d54522dc0 no-ipv6-multicast
a7f0afe9-a428-44b8-8566-c8ee2a669271 no-ipv6-spoofing
d5d3c490-c2eb-68b1-24fc-3ee362fc8af3 no-mac-broadcast d5d3c490-c2eb-68b1-24fc-3ee362fc8af3 no-mac-broadcast
fb57c546-76dc-a372-513f-e8179011b48a no-mac-spoofing fb57c546-76dc-a372-513f-e8179011b48a no-mac-spoofing
dba10ea7-446d-76de-346f-335bd99c1d05 no-other-l2-traffic dba10ea7-446d-76de-346f-335bd99c1d05 no-other-l2-traffic

41
docs/formatnwfilter.html.in
View File

@ -467,8 +467,7 @@ DSTPORTS = [ 80, 8080 ]
</tr> </tr>
<tr> <tr>
<td> IPV6 </td> <td> IPV6 </td>
<td> Not currently implemented: <td> The list of IPV6 addresses in use by an interface </td>
the list of IPV6 addresses in use by an interface </td>
</tr> </tr>
<tr> <tr>
<td> DHCPSERVER </td> <td> DHCPSERVER </td>
@ -2011,11 +2010,35 @@ echo 3 > /proc/sys/net/netfilter/nf_conntrack_icmp_timeout
only allows ARP request and reply messages and enforces only allows ARP request and reply messages and enforces
that those packets contain the MAC and IP addresses that those packets contain the MAC and IP addresses
of the VM.</td> of the VM.</td>
</tr>
<tr>
<td> allow-arp </td>
<td> Allow ARP traffic in both directions</td>
</tr>
<tr>
<td> allow-ipv4 </td>
<td> Allow IPv4 traffic in both directions</td>
</tr>
<tr>
<td> allow-ipv6 </td>
<td> Allow IPv6 traffic in both directions</td>
</tr>
<tr>
<td> allow-incoming-ipv4 </td>
<td> Allow incoming IPv4 traffic</td>
</tr>
<tr>
<td> allow-incoming-ipv6 </td>
<td> Allow incoming IPv6 traffic</td>
</tr> </tr>
<tr> <tr>
<td> allow-dhcp </td> <td> allow-dhcp </td>
<td> Allow a VM to request an IP address via DHCP (from any <td> Allow a VM to request an IP address via DHCP (from any
DHCP server)</td> DHCP server)</td>
</tr>
<tr>
<td> allow-dhcpv6 </td>
<td> Similar to allow-dhcp, but for DHCPv6 </td>
</tr> </tr>
<tr> <tr>
<td> allow-dhcp-server </td> <td> allow-dhcp-server </td>
@ -2023,16 +2046,28 @@ echo 3 > /proc/sys/net/netfilter/nf_conntrack_icmp_timeout
DHCP server. The dotted decimal IP address of the DHCP DHCP server. The dotted decimal IP address of the DHCP
server must be provided in a reference to this filter. server must be provided in a reference to this filter.
The name of the variable must be <i>DHCPSERVER</i>.</td> The name of the variable must be <i>DHCPSERVER</i>.</td>
</tr>
<tr>
<td> allow-dhcpv6-server </td>
<td> Similar to allow-dhcp-server, but for DHCPv6 </td>
</tr> </tr>
<tr> <tr>
<td> no-ip-spoofing </td> <td> no-ip-spoofing </td>
<td> Prevent a VM from sending of IP packets with <td> Prevent a VM from sending of IPv4 packets with
a source IP address different from the one a source IP address different from the one
in the packet. </td> in the packet. </td>
</tr>
<tr>
<td> no-ipv6-spoofing </td>
<td> Similar to no-ip-spoofing, but for IPv6 </td>
</tr> </tr>
<tr> <tr>
<td> no-ip-multicast </td> <td> no-ip-multicast </td>
<td> Prevent a VM from sending IP multicast packets. </td> <td> Prevent a VM from sending IP multicast packets. </td>
</tr>
<tr>
<td> no-ipv6-multicast </td>
<td> Similar to no-ip-multicast, but for IPv6 </td>
</tr> </tr>
<tr> <tr>
<td> clean-traffic </td> <td> clean-traffic </td>