aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2021-09-10 14:16:58 +0300
committerKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2021-09-21 15:29:20 +0300
commitdc9c17bfb9bc5af43340d1fb22049acb504cbe5e (patch)
tree607006b9cf3f7479d5640a29710601aaa8f4e64a
parent53f9cd6e065c8f88de8586d823baa451e129cbb1 (diff)
downloadawall-dc9c17bfb9bc5af43340d1fb22049acb504cbe5e.tar.gz
awall-dc9c17bfb9bc5af43340d1fb22049acb504cbe5e.tar.bz2
awall-dc9c17bfb9bc5af43340d1fb22049acb504cbe5e.tar.xz
README: custom: match is optional
-rw-r--r--README.md13
1 files changed, 7 insertions, 6 deletions
diff --git a/README.md b/README.md
index be53dae..c3dada9 100644
--- a/README.md
+++ b/README.md
@@ -640,12 +640,13 @@ Customized chains can be defined in the top-level dictionary named
packets can be sent to the chain by defining the value of the
**action** attribute of an awall rule as this identifier prefixed by
**custom:**. The values of the dictionary are lists of objects. Each
-object maps to a single rule in the custom iptables chain, defined
-using two attributes: **match** for match options and **target** for
-the target with its options. The target can also refer to another
-customized chain, using the **custom:** prefix. It is also possible to
-constrain each rule to IPv4 or IPv6 only by defining the **family**
-attribute as **inet** or **inet6**, respectively.
+object maps to a single rule in the custom iptables chain, typically
+defined using two attributes: **match** for match options and
+**target** for the target with its options. The target can also refer
+to another customized chain, using the **custom:** prefix. If
+**match** is left unspecified, the rule will match all packets. It is
+also possible to constrain each rule to IPv4 or IPv6 only by defining
+the **family** attribute as **inet** or **inet6**, respectively.
## <a name="dedicated"></a>Co-Existence with Other Firewall Management Tools