mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-10 15:48:13 +01:00
Update for Shorewall 2.2.0
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1745 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
1026b57442
commit
5a1b6dfeb3
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Shorewall 2.0 -- Sample Interface File For One Interface
|
||||
# Shorewall 2.2 -- Sample Interface File For One Interface
|
||||
#
|
||||
# /etc/shorewall/interfaces
|
||||
#
|
||||
@ -76,6 +76,14 @@
|
||||
# Check packets arriving on this interface
|
||||
# against the /etc/shorewall/blacklist
|
||||
# file.
|
||||
# logmartians
|
||||
# Turn on kernel martian logging (logging
|
||||
# of packets with impossible source
|
||||
# addresses. It is suggested that if you
|
||||
# set routefilter on an interface that
|
||||
# you also set logmartians. This option
|
||||
# may also be enabled globally in the
|
||||
# /etc/shorewall/shorewall.conf file.
|
||||
# maclist
|
||||
# Connection requests from this interface
|
||||
# are compared against the contents of
|
||||
@ -105,9 +113,19 @@
|
||||
# which are not part of an established connection
|
||||
# will be accepted from this interface, even if
|
||||
# NEWNOTSYN=No has been specified in
|
||||
# /etc/shorewall/shorewall.conf.
|
||||
# /etc/shorewall/shorewall.conf. In other
|
||||
# words, packets coming in on this interface
|
||||
# are processed as if NEWNOTSYN=Yes had been
|
||||
# specified in /etc/shorewall/shorewall.conf.
|
||||
#
|
||||
# This option has no effect if NEWNOTSYN=Yes
|
||||
#
|
||||
# It is the opinion of the author that
|
||||
# NEWNOTSYN=No creates more problems than
|
||||
# it solves and I recommend against using
|
||||
# that setting in shorewall.conf (hence
|
||||
# making the use of the 'newnotsyn'
|
||||
# interface option unnecessary).
|
||||
# routeback
|
||||
# If specified, indicates that Shorewall
|
||||
# should include rules that allow filtering
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Shorewall 2.0 -- Sample Policy File For One Interface
|
||||
# Shorewall 2.2 -- Sample Policy File For One Interface
|
||||
#
|
||||
# /etc/shorewall/policy
|
||||
#
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Shorewall version 2.0 - Sample Rules File For One Interface
|
||||
# Shorewall version 2.2 - Sample Rules File For One Interface
|
||||
#
|
||||
# /etc/shorewall/rules
|
||||
#
|
||||
@ -121,6 +121,10 @@
|
||||
# /etc/shorewall/zones, $FW to indicate the firewall
|
||||
# itself or "all"
|
||||
#
|
||||
# When "all" is used either in the SOURCE or DEST column
|
||||
# intra-zone traffic is not affected. You must add
|
||||
# separate rules to handle that traffic.
|
||||
#
|
||||
# Except when "all" is specified, the server may be
|
||||
# further restricted to a particular subnet, host or
|
||||
# interface by appending ":" and the subnet, host or
|
||||
@ -156,14 +160,20 @@
|
||||
# contain the port number on the firewall that the
|
||||
# request should be redirected to.
|
||||
#
|
||||
# PROTO Protocol - Must be "tcp", "udp", "icmp", a number or
|
||||
# "all".
|
||||
# PROTO Protocol - Must be "tcp", "udp", "icmp", "ipp2p",
|
||||
# a number, or "all". "ipp2p" requires ipp2p match
|
||||
# support in your kernel and iptables.
|
||||
#
|
||||
# DEST PORT(S) Destination Ports. A comma-separated list of Port
|
||||
# names (from /etc/services), port numbers or port
|
||||
# ranges; if the protocol is "icmp", this column is
|
||||
# interpreted as the destination icmp-type(s).
|
||||
#
|
||||
# If the protocol is ipp2p, this column is interpreted
|
||||
# as an ipp2p option without the leading "--" (example "bit"
|
||||
# for bit-torrent). If no port is given, "ipp2p" is
|
||||
# assumed.
|
||||
#
|
||||
# A port range is expressed as <low port>:<high port>.
|
||||
#
|
||||
# This column is ignored if PROTOCOL = all but must be
|
||||
@ -185,8 +195,8 @@
|
||||
# ranges.
|
||||
#
|
||||
# If you don't want to restrict client ports but need to
|
||||
# specify an ADDRESS in the next column, then place "-"
|
||||
# in this column.
|
||||
# specify an ORIGINAL DEST in the next column, then place
|
||||
# "-" in this column.
|
||||
#
|
||||
# If your kernel contains multiport match support, then
|
||||
# only a single Netfilter rule will be generated if in
|
||||
@ -213,14 +223,6 @@
|
||||
# destination address in the connection request does not
|
||||
# match any of the addresses listed.
|
||||
#
|
||||
# The address may optionally be followed by
|
||||
# a colon (":") and a second IP address. This causes
|
||||
# Shorewall to use the second IP address as the source
|
||||
# address in forwarded packets. See the Shorewall
|
||||
# documentation for restrictions concerning this feature.
|
||||
# If no source IP address is given, the original source
|
||||
# address is not altered.
|
||||
#
|
||||
# RATE LIMIT You may rate-limit the rule by placing a value in this column:
|
||||
#
|
||||
# <rate>/<interval>[:<burst>]
|
||||
|
||||
Loading…
Reference in New Issue
Block a user