diff --git a/Shorewall-docs2/three-interface.xml b/Shorewall-docs2/three-interface.xml
index b74f25d84..6f7021d05 100755
--- a/Shorewall-docs2/three-interface.xml
+++ b/Shorewall-docs2/three-interface.xml
@@ -15,7 +15,7 @@
- 2005-12-02
+ 2005-11-10
2002-2005
@@ -312,6 +312,14 @@ $FW net ACCEPT
+ It is important to note that Shorewall policies (and rules) refer to
+ connections and not packet flow. With the
+ policies defined in the /etc/shorewall/policy file shown above,
+ connections are allowed from the loc zone to the
+ net zone even though connections are not allowed from
+ the loc zone to the firewall itself.
+
At this point, edit your /etc/shorewall/policy
diff --git a/Shorewall-docs2/two-interface.xml b/Shorewall-docs2/two-interface.xml
index f51ff3002..f0c6dd97b 100644
--- a/Shorewall-docs2/two-interface.xml
+++ b/Shorewall-docs2/two-interface.xml
@@ -12,7 +12,7 @@
Eastep
- 2005-11-02
+ 2005-11-10
2002-
@@ -260,7 +260,7 @@ loc ipv4Zones are defined in the #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
loc net ACCEPT
net all DROP info
-all all REJECT info In the two-interface
+all all REJECT infoIn the two-interface
sample, the line below is included but commented out. If you want your
firewall system to have full access to servers on the internet, uncomment
that line. #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
@@ -287,6 +287,14 @@ $FW net ACCEPT The above policy will:
+ It is important to note that Shorewall policies (and rules) refer to
+ connections and not packet flow. With the
+ policies defined in the /etc/shorewall/policy file shown above,
+ connections are allowed from the loc zone to the
+ net zone even though connections are not allowed from
+ the loc zone to the firewall itself.
+
At this point, edit your /etc/shorewall/policy
and make any changes that you wish.