Update interface file example in the Introduction article

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2025-01-08 22:58:50 +01:00 · 2020-02-22 10:49:18 -08:00 · 2020-02-22 10:49:18 -08:00 · 3f5e1b5b60
commit 3f5e1b5b60
parent 5021154867
1 changed files with 17 additions and 11 deletions
--- a/docs/Introduction.xml
+++ b/docs/Introduction.xml
@ -16,7 +16,7 @@
    <pubdate><?dbtimestamp format="Y/m/d"?></pubdate>

    <copyright>
-      <year>2003-2015</year>
+      <year>2003-2020</year>

      <holder>Thomas M. Eastep</holder>
    </copyright>
@ -170,17 +170,21 @@ dmz     ipv4</programlisting>
    file. In the three-interface sample, the three zones are defined using
    that file as follows:</para>

-    <programlisting>#ZONE      INTERFACE     BROADCAST     OPTIONS
-net        eth0          detect        dhcp,routefilter
-loc        eth1          detect
-dmz        eth2          detect</programlisting>
+    <programlisting>#ZONE   INTERFACE       OPTIONS
+net     NET_IF          tcpflags,dhcp,nosmurfs,routefilter,logmartians,sourceroute=0,physical=eth0
+loc     LOC_IF          tcpflags,nosmurfs,routefilter,logmartians,physical=eth1
+dmz     DMZ_IF          tcpflags,nosmurfs,routefilter,logmartians,physical=eth2</programlisting>

    <para>The above file defines the <emphasis>net</emphasis> zone as all IPv4
    hosts interfacing to the firewall through eth0, the
    <emphasis>loc</emphasis> zone as all IPv4 hosts interfacing through eth1
    and the <emphasis>dmz</emphasis> as all IPv4 hosts interfacing through
-    eth2. It is important to note that the composition of a zone is defined in
-    terms of a combination of addresses <emphasis role="bold">and</emphasis>
+    eth2. The interface names shown in the INTERFACE column are <emphasis>
+    logical</emphasis> names which are used throughout the configuration to
+    refer to the individual interfaces. The actual interface names are
+    specified using the <emphasis role="bold">physical</emphasis> option. It
+    is important to note that the composition of a zone is defined in terms of
+    a combination of addresses <emphasis role="bold">and</emphasis>
    interfaces. When using the <ulink
    url="manpages/shorewall-interfaces.html"><filename>/etc/shorewall/interfaces</filename></ulink>
    file to define a zone, all addresses are included; when you want to define
@ -190,10 +194,12 @@ dmz        eth2          detect</programlisting>
    file or you may use the nets= option in
    <filename>/etc/shorewall/interfaces</filename>:</para>

-    <programlisting>#ZONE      INTERFACE     BROADCAST     OPTIONS
-net        eth0          detect        dhcp,routefilter,nets=(!192.168.0.0/23)
-loc        eth1          detect        nets=(192.168.0.0/24)
-dmz        eth2          detect        nets=(192.168.1.0/24)</programlisting>
+    <programlisting>#ZONE   INTERFACE       OPTIONS
+net     NET_IF          tcpflags,dhcp,nosmurfs,routefilter,logmartians,sourceroute=0,physical=eth0
+loc     LOC_IF          tcpflags,nosmurfs,routefilter,logmartians,physical=eth1,<emphasis
+        role="bold">nets=172.20.1.0/24</emphasis>
+dmz     DMZ_IF          tcpflags,nosmurfs,routefilter,logmartians,physical=eth2
+</programlisting>

    <para>The above file defines the <emphasis>net</emphasis> zone as all IPv4
    hosts interfacing to the firewall through eth0 <emphasis>except</emphasis>