2004-08-19 00:29:09 +02:00
|
|
|
#
|
|
|
|
|
# Shorewall 2.1 - /etc/shorewall/ipsec
|
|
|
|
|
#
|
|
|
|
|
# This file defines the attributes of zones with respect to
|
|
|
|
|
# IPSEC. To use this file, you must be running a 2.6 kernel and
|
|
|
|
|
# both your kernel and iptables must include Policy Match Support.
|
|
|
|
|
#
|
|
|
|
|
# The columns are:
|
|
|
|
|
#
|
|
|
|
|
# ZONE The name of a zone defined in /etc/shorewall/zones. The
|
|
|
|
|
# $FW zone may not be listed.
|
|
|
|
|
#
|
|
|
|
|
# IPSEC Yes -- Communication with all zone hosts is encrypted
|
|
|
|
|
# ONLY No -- Communication with some zone hosts is encrypted.
|
|
|
|
|
# Encrypted hosts are designated using the 'ipsec'
|
|
|
|
|
# option in /etc/shorewall/hosts.
|
|
|
|
|
#
|
|
|
|
|
# OPTIONS A comma-separated list of options as follows:
|
|
|
|
|
# reqid=<number> where <number> is specified
|
|
|
|
|
# using setkey(8) using the 'unique:<number>
|
|
|
|
|
# option for the SPD level.
|
|
|
|
|
#
|
|
|
|
|
# spi=<number> where <number> is the SPI of
|
2004-08-19 17:21:32 +02:00
|
|
|
# the SA used to encrypt/decrypt packets.
|
2004-08-19 00:29:09 +02:00
|
|
|
#
|
|
|
|
|
# proto=ah|esp|ipcomp
|
|
|
|
|
#
|
|
|
|
|
# mode=transport|tunnel
|
|
|
|
|
#
|
|
|
|
|
# tunnel-src=<address>[/<mask>] (only
|
|
|
|
|
# available with mode=tunnel)
|
|
|
|
|
#
|
|
|
|
|
# tunnel-dst=<address>[/<mask>] (only
|
|
|
|
|
# available with mode=tunnel)
|
|
|
|
|
#
|
|
|
|
|
# Example:
|
|
|
|
|
# mode=transport,reqid=44
|
|
|
|
|
################################################################################
|
|
|
|
|
#ZONE IPSEC OPTIONS
|
|
|
|
|
# ONLY
|
|
|
|
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
|
|
|
|
|
