Document Universal Configuration

Samples/Universal/interfaces

@@ -8,5 +8,5 @@
 #
 ###############################################################################
 #ZONE	INTERFACE	BROADCAST	OPTIONS
-world	all		-		dhcp,physical=+,routeback
+net	all		-		dhcp,physical=+,routeback
 

Samples/Universal/policy

@@ -9,5 +9,5 @@
 ###############################################################################
 #SOURCE	DEST	POLICY		LOG	LIMIT:		CONNLIMIT:
 #				LEVEL	BURST		MASK
-$FW	world	ACCEPT
+$FW	net	ACCEPT
-world	all	DROP		info
+net	all	DROP		info

Samples/Universal/rules

@@ -13,5 +13,5 @@
 #SECTION RELATED
 SECTION NEW
 
-SSH(ACCEPT)	world		$FW
+SSH(ACCEPT)	net		$FW
-Ping(ACCEPT)	world		$FW
+Ping(ACCEPT)	net		$FW

Samples/Universal/zones

@@ -10,5 +10,5 @@
 #ZONE	TYPE		OPTIONS		IN			OUT
 #					OPTIONS			OPTIONS
 fw	firewall
-world	ip
+net	ip
 

Samples6/Universal/interfaces

@@ -8,5 +8,5 @@
 #
 ###############################################################################
 #ZONE	INTERFACE	BROADCAST	OPTIONS
-world	all		-		dhcp,physical=+,routeback
+net	all		-		dhcp,physical=+,routeback
 

Samples6/Universal/policy

@@ -9,6 +9,6 @@
 ###############################################################################
 #SOURCE	DEST	POLICY		LOG	LIMIT:		CONNLIMIT:
 #				LEVEL	BURST		MASK
-fw	world	ACCEPT
+fw	net	ACCEPT
-world	all	DROP
+net	all	DROP
 

Samples6/Universal/rules

@@ -13,5 +13,5 @@
 #SECTION RELATED
 SECTION NEW
 
-SSH(ACCEPT)	world		$FW
+SSH(ACCEPT)	net		$FW
-Ping(ACCEPT)	world		$FW
+Ping(ACCEPT)	net		$FW

Samples6/Universal/zones

@@ -10,5 +10,5 @@
 #ZONE	TYPE		OPTIONS		IN			OUT
 #					OPTIONS			OPTIONS
 fw	firewall
-world	ip
+net	ip
 

Shorewall/changelog.txt

@@ -12,6 +12,8 @@ Changes in Shorewall 4.4.12
 
 6)  Use new hashlimit match syntax if available.
 
+7)  Add Universal sample.
+
 Changes in Shorewall 4.4.11
 
 1)  Apply patch from Gabriel.

Shorewall/releasenotes.txt

@@ -71,6 +71,9 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
 16) Explicit support for Linux-vserver has been added. It is now
     possible to define sub-zones of $FW.
 
+17) A 'Universal' sample configuration is now availale for a
+    'plug-and-play' firewall.
+
 ----------------------------------------------------------------------------
                   I I.  M I G R A T I O N   I S S U E S
 ----------------------------------------------------------------------------
@@ -272,6 +275,10 @@ None.
     <unit> is one of sec, min, hour, day.
 
     If <burst> is not specified, then a value of 5 is assumed.
+
+3)  The sample configurations now include a 'Universal' configuration
+    that will start on any system and protect that system while
+    allowing the system to forward traffic.
     
 ----------------------------------------------------------------------------
 V I.  P R O B L E M S  C O R R E C T E D  A N D  N E W   F E A T U R E S