2002-07-15 18:21:26 +02:00
|
|
|
#
|
2006-11-03 23:57:46 +01:00
|
|
|
# Shorewall version 3.4 - Sample Routestopped File for three-interface configuration.
|
2006-03-17 03:07:39 +01:00
|
|
|
# Copyright (C) 2006 by the Shorewall Team
|
|
|
|
#
|
|
|
|
# This library is free software; you can redistribute it and/or
|
|
|
|
# modify it under the terms of the GNU Lesser General Public
|
|
|
|
# License as published by the Free Software Foundation; either
|
|
|
|
# version 2.1 of the License, or (at your option) any later version.
|
|
|
|
#
|
|
|
|
# See the file README.txt for further details.
|
|
|
|
#
|
2002-07-15 18:21:26 +02:00
|
|
|
#
|
2005-09-21 18:26:16 +02:00
|
|
|
# /etc/shorewall/routestopped
|
2002-07-15 18:21:26 +02:00
|
|
|
#
|
2003-03-12 21:55:17 +01:00
|
|
|
# This file is used to define the hosts that are accessible when the
|
2005-09-21 18:26:16 +02:00
|
|
|
# firewall is stopped or when it is in the process of being
|
|
|
|
# [re]started.
|
|
|
|
#
|
|
|
|
# Columns are:
|
|
|
|
#
|
|
|
|
# INTERFACE - Interface through which host(s) communicate with
|
|
|
|
# the firewall
|
|
|
|
# HOST(S) - (Optional) Comma-separated list of IP/subnet
|
|
|
|
# addresses. If your kernel and iptables include
|
|
|
|
# iprange match support, IP address ranges are also
|
|
|
|
# allowed.
|
2002-07-15 18:21:26 +02:00
|
|
|
#
|
2005-09-21 18:26:16 +02:00
|
|
|
# If left empty or supplied as "-",
|
|
|
|
# 0.0.0.0/0 is assumed.
|
|
|
|
# OPTIONS - (Optional) A comma-separated list of
|
|
|
|
# options. The currently-supported options are:
|
2002-07-15 18:21:26 +02:00
|
|
|
#
|
2005-09-21 18:26:16 +02:00
|
|
|
# routeback - Set up a rule to ACCEPT traffic from
|
|
|
|
# these hosts back to themselves.
|
2002-07-15 18:21:26 +02:00
|
|
|
#
|
2005-09-21 18:26:16 +02:00
|
|
|
# source - Allow traffic from these hosts to ANY
|
|
|
|
# destination. Without this option or the 'dest'
|
|
|
|
# option, only traffic from this host to other
|
|
|
|
# listed hosts (and the firewall) is allowed. If
|
|
|
|
# 'source' is specified then 'routeback' is redundent.
|
2004-11-10 22:30:46 +01:00
|
|
|
#
|
2005-09-21 18:26:16 +02:00
|
|
|
# dest - Allow traffic to these hosts from ANY
|
|
|
|
# source. Without this option or the 'source'
|
|
|
|
# option, only traffic from this host to other
|
|
|
|
# listed hosts (and the firewall) is allowed. If
|
|
|
|
# 'dest' is specified then 'routeback' is redundent.
|
2005-01-11 17:21:12 +01:00
|
|
|
#
|
2005-09-21 18:26:16 +02:00
|
|
|
# critical - Allow traffic between the firewall and
|
|
|
|
# these hosts throughout '[re]start', 'stop' and
|
|
|
|
# 'clear'. Specifying 'critical' on one or more
|
|
|
|
# entries will cause your firewall to be "totally
|
|
|
|
# open" for a brief window during each of those
|
|
|
|
# operations.
|
|
|
|
#
|
|
|
|
# NOTE: The 'source' and 'dest' options work best when used
|
|
|
|
# in conjunction with ADMINISABSENTMINDED=Yes in
|
|
|
|
# /etc/shorewall/shorewall.conf.
|
2005-01-11 17:21:12 +01:00
|
|
|
#
|
2003-03-12 22:43:39 +01:00
|
|
|
# Example:
|
2002-07-15 18:21:26 +02:00
|
|
|
#
|
2005-01-11 17:21:12 +01:00
|
|
|
# INTERFACE HOST(S) OPTIONS
|
2005-09-21 18:26:16 +02:00
|
|
|
# eth2 192.168.1.0/24
|
|
|
|
# eth0 192.0.2.44
|
2005-01-11 17:21:12 +01:00
|
|
|
# br0 - routeback
|
2005-09-21 18:26:16 +02:00
|
|
|
# eth3 - source
|
|
|
|
#
|
|
|
|
# See http://shorewall.net/Documentation.htm#Routestopped and
|
|
|
|
# http://shorewall.net/starting_and_stopping_shorewall.htm for additional
|
|
|
|
# information.
|
|
|
|
#
|
2002-07-15 18:21:26 +02:00
|
|
|
##############################################################################
|
|
|
|
#INTERFACE HOST(S)
|
|
|
|
eth1 -
|
|
|
|
eth2 -
|
|
|
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|