mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 14:20:40 +01:00
Changes for 1.3.5
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@159 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
7e54769ec5
commit
5d2c855127
@ -48,6 +48,11 @@
|
|||||||
# requests. 'filterping' takes
|
# requests. 'filterping' takes
|
||||||
# precedence over 'noping' if both are
|
# precedence over 'noping' if both are
|
||||||
# given.
|
# given.
|
||||||
|
# routestopped - (Deprecated -- use
|
||||||
|
# /etc/shorewall/routestopped)
|
||||||
|
# When the firewall is stopped, allow
|
||||||
|
# and route traffic to and from this
|
||||||
|
# interface.
|
||||||
# norfc1918 - This interface should not receive
|
# norfc1918 - This interface should not receive
|
||||||
# any packets whose source is in one
|
# any packets whose source is in one
|
||||||
# of the ranges reserved by RFC 1918
|
# of the ranges reserved by RFC 1918
|
||||||
@ -68,6 +73,19 @@
|
|||||||
# . . blacklist - Check packets arriving on this interface
|
# . . blacklist - Check packets arriving on this interface
|
||||||
# against the /etc/shorewall/blacklist
|
# against the /etc/shorewall/blacklist
|
||||||
# file.
|
# file.
|
||||||
|
# proxyarp -
|
||||||
|
# Sets
|
||||||
|
# /proc/sys/net/ipv4/conf/<interface>/proxy_arp.
|
||||||
|
# Do NOT use this option if you are
|
||||||
|
# employing Proxy ARP through entries in
|
||||||
|
# /etc/shorewall/proxyarp. This option is
|
||||||
|
# intended soley for use with Proxy ARP
|
||||||
|
# sub-networking as described at:
|
||||||
|
# http://www.tldp.org/HOWTO/mini/Proxy-ARP-Subnet
|
||||||
|
#
|
||||||
|
# The order in which you list the options is not
|
||||||
|
# significant but the list should have no embedded white
|
||||||
|
# space.
|
||||||
#
|
#
|
||||||
# Example 1: Suppose you have eth0 connected to a DSL modem and
|
# Example 1: Suppose you have eth0 connected to a DSL modem and
|
||||||
# eth1 connected to your local network and that your
|
# eth1 connected to your local network and that your
|
||||||
@ -75,19 +93,21 @@
|
|||||||
# it's IP address via DHCP from subnet
|
# it's IP address via DHCP from subnet
|
||||||
# 206.191.149.192/27 and you want pings from the internet
|
# 206.191.149.192/27 and you want pings from the internet
|
||||||
# to be ignored. You interface a DMZ with subnet
|
# to be ignored. You interface a DMZ with subnet
|
||||||
# 192.168.2.0/24 using eth2.
|
# 192.168.2.0/24 using eth2. You want to be able to
|
||||||
|
# access the firewall from the local network when the
|
||||||
|
# firewall is stopped.
|
||||||
#
|
#
|
||||||
# Your entries for this setup would look like:
|
# Your entries for this setup would look like:
|
||||||
#
|
#
|
||||||
# net eth0 206.191.149.223 noping,dhcp
|
# net eth0 206.191.149.223 noping,dhcp
|
||||||
# local eth1 192.168.1.255
|
# local eth1 192.168.1.255 routestopped
|
||||||
# dmz eth2 192.168.2.255
|
# dmz eth2 192.168.2.255
|
||||||
#
|
#
|
||||||
# Example 2: The same configuration without specifying broadcast
|
# Example 2: The same configuration without specifying broadcast
|
||||||
# addresses is:
|
# addresses is:
|
||||||
#
|
#
|
||||||
# net eth0 detect noping,dhcp
|
# net eth0 detect noping,dhcp
|
||||||
# loc eth1 detect
|
# loc eth1 detect routestopped
|
||||||
# dmz eth2 detect
|
# dmz eth2 detect
|
||||||
#
|
#
|
||||||
# Example 3: You have a simple dial-in system with no ethernet
|
# Example 3: You have a simple dial-in system with no ethernet
|
||||||
|
@ -1,170 +0,0 @@
|
|||||||
#
|
|
||||||
# Shorewall version 1.3 - Rules File
|
|
||||||
#
|
|
||||||
# /etc/shorewall/rules
|
|
||||||
#
|
|
||||||
# Rules in this file govern connection establishment. Requests and
|
|
||||||
# responses are automatically allowed using connection tracking.
|
|
||||||
#
|
|
||||||
# In most places where an IP address or subnet is allowed, you
|
|
||||||
# can preceed the address/subnet with "!" (e.g., !192.168.1.0/24) to
|
|
||||||
# indicate that the rule matches all addresses except the address/subnet
|
|
||||||
# given. Notice that no white space is permitted between "!" and the
|
|
||||||
# address/subnet.
|
|
||||||
#
|
|
||||||
# Columns are:
|
|
||||||
#
|
|
||||||
#
|
|
||||||
# ACTION ACCEPT, DROP, REJECT, DNAT or REDIRECT
|
|
||||||
#
|
|
||||||
# ACCEPT -- allow the connection request
|
|
||||||
# DROP -- ignore the request
|
|
||||||
# REJECT -- disallow the request and return an
|
|
||||||
# icmp-unreachable or an RST packet.
|
|
||||||
# DNAT -- Forward the request to another
|
|
||||||
# system (and optionally another
|
|
||||||
# port).
|
|
||||||
# REDIRECT -- Redirect the request to a local
|
|
||||||
# port on the firewall.
|
|
||||||
#
|
|
||||||
# May optionally be followed by ":" and a syslog log
|
|
||||||
# level (e.g, REJECT:info). This causes the packet to be
|
|
||||||
# logged at the specified level.
|
|
||||||
#
|
|
||||||
# SOURCE Source hosts to which the rule applies. May be a zone
|
|
||||||
# defined in /etc/shorewall/zones or $FW to indicate the
|
|
||||||
# firewall itself. If the ACTION is DNAT or REDIRECT,
|
|
||||||
# sub-zones of the specified zone may be excluded from
|
|
||||||
# the rule by following the zone name with "!' and a
|
|
||||||
# comma-separated list of sub-zone names.
|
|
||||||
#
|
|
||||||
# Clients may be further restricted to a list of subnets
|
|
||||||
# and/or hosts by appending ":" and a comma-separated
|
|
||||||
# list of subnets and/or hosts. Hosts may be specified
|
|
||||||
# by IP or MAC address; mac addresses must begin with
|
|
||||||
# "~" and must use "-" as a separator.
|
|
||||||
#
|
|
||||||
# dmz:192.168.2.2 Host 192.168.2.2 in the DMZ
|
|
||||||
#
|
|
||||||
# net:155.186.235.0/24 Subnet 155.186.235.0/24 on the
|
|
||||||
# Internet
|
|
||||||
#
|
|
||||||
# loc:192.168.1.1,192.168.1.2
|
|
||||||
# Hosts 192.168.1.1 and
|
|
||||||
# 192.168.1.2 in the local zone.
|
|
||||||
# loc:~00-A0-C9-15-39-78 Host in the local zone with
|
|
||||||
# MAC address 00:A0:C9:15:39:78.
|
|
||||||
#
|
|
||||||
# Alternatively, clients may be specified by interface
|
|
||||||
# by appending ":" followed by the interface name. For
|
|
||||||
# example, loc:eth1 specifies a client that
|
|
||||||
# communicates with the firewall system through eth1.
|
|
||||||
#
|
|
||||||
# DEST Location of Server. May be a zone defined in
|
|
||||||
# /etc/shorewall/zones or $FW to indicate the firewall
|
|
||||||
# itself.
|
|
||||||
#
|
|
||||||
# The server may be further restricted to a particular
|
|
||||||
# subnet, host or interface by appending ":" and the
|
|
||||||
# subnet, host or interface. See above.
|
|
||||||
#
|
|
||||||
# The port that the server is listening on may be
|
|
||||||
# included and separated from the server's IP address by
|
|
||||||
# ":". If omitted, the firewall will not modifiy the
|
|
||||||
# destination port.
|
|
||||||
#
|
|
||||||
# Example: loc:192.168.1.3:3128 specifies a local
|
|
||||||
# server at IP address 192.168.1.3 and listening on port
|
|
||||||
# 3128. The port number MUST be specified as an integer
|
|
||||||
# and not as a name from /etc/services.
|
|
||||||
#
|
|
||||||
# if the RESULT is REDIRECT, this column needs only to
|
|
||||||
# contain the port number on the firewall that the
|
|
||||||
# request should be redirected to.
|
|
||||||
#
|
|
||||||
# PROTO Protocol - Must be "tcp", "udp", "icmp", a number,
|
|
||||||
# "all" or "related". If "related", the remainder of the
|
|
||||||
# entry must be omitted and connection requests that are
|
|
||||||
# related to existing requests will be accepted.
|
|
||||||
#
|
|
||||||
# DEST PORT(S) Destination Ports. A comma-separated list of Port
|
|
||||||
# names (from /etc/services), port numbers or port
|
|
||||||
# ranges; if the protocol is "icmp", this column is
|
|
||||||
# interpreted as the destination icmp-type(s).
|
|
||||||
#
|
|
||||||
# This column is ignored if PROTOCOL = all but must be
|
|
||||||
# entered if any of the following ields are supplied.
|
|
||||||
# In that case, it is suggested that this field contain
|
|
||||||
# "-"
|
|
||||||
#
|
|
||||||
# If MULTIPORT=Yes in /etc/shorewall/shorewall.conf, then
|
|
||||||
# only a single Netfilter rule will be generated if in
|
|
||||||
# this list and the CLIENT PORT(S) list below:
|
|
||||||
# 1. There are 15 or less ports listed.
|
|
||||||
# 2. No port ranges are included.
|
|
||||||
# Otherwise, a separate rule will be generated for each
|
|
||||||
# port.
|
|
||||||
#
|
|
||||||
# CLIENT PORT(S) (Optional) Port(s) used by the client. If omitted,
|
|
||||||
# any source port is acceptable. Specified as a comma-
|
|
||||||
# separated list of port names, port numbers or port
|
|
||||||
# ranges.
|
|
||||||
#
|
|
||||||
# If you don't want to restrict client ports but need to
|
|
||||||
# specify an ADDRESS in the next column, then place "-"
|
|
||||||
# in this column.
|
|
||||||
#
|
|
||||||
# If MULTIPORT=Yes in /etc/shorewall/shorewall.conf, then
|
|
||||||
# only a single Netfilter rule will be generated if in
|
|
||||||
# this list and the DEST PORT(S) list above:
|
|
||||||
# 1. There are 15 or less ports listed.
|
|
||||||
# 2. No port ranges are included.
|
|
||||||
# Otherwise, a separate rule will be generated for each
|
|
||||||
# port.
|
|
||||||
#
|
|
||||||
# ORIGINAL DEST (0ptional -- only allowed if ACTION is DNAT or
|
|
||||||
# REDIRECT) If included and different from the IP
|
|
||||||
# address given in the SERVER column, this is an address
|
|
||||||
# on some interface on the firewall and connections to
|
|
||||||
# that address will be forwarded to the IP and port
|
|
||||||
# specified in the DEST column.
|
|
||||||
#
|
|
||||||
# The address may optionally be followed by
|
|
||||||
# a colon (":") and a second IP address. This causes
|
|
||||||
# Shorewall to use the second IP address as the source
|
|
||||||
# address in forwarded packets. See the Shorewall
|
|
||||||
# documentation for restrictions concerning this feature.
|
|
||||||
# If no source IP address is given, the original source
|
|
||||||
# address is not altered.
|
|
||||||
#
|
|
||||||
# Example: Accept SMTP requests from the DMZ to the internet
|
|
||||||
#
|
|
||||||
# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
|
|
||||||
# # PORT PORT(S) DEST
|
|
||||||
# ACCEPT dmz net tcp smtp
|
|
||||||
#
|
|
||||||
# Example: Forward all ssh and http connection requests from the internet
|
|
||||||
# to local system 192.168.1.3
|
|
||||||
#
|
|
||||||
# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
|
|
||||||
# # PORT PORT(S) DEST
|
|
||||||
# DNAT net loc:192.168.1.3 tcp ssh,http
|
|
||||||
#
|
|
||||||
# Example: Redirect all locally-originating www connection requests to
|
|
||||||
# port 3128 on the firewall (Squid running on the firewall
|
|
||||||
# system) except when the destination address is 192.168.2.2
|
|
||||||
#
|
|
||||||
# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
|
|
||||||
# # PORT PORT(S) DEST
|
|
||||||
# REDIRECT loc 3128 tcp www - !192.168.2.2
|
|
||||||
#
|
|
||||||
# Example: All http requests from the internet to address
|
|
||||||
# 130.252.100.69 are to be forwarded to 192.168.1.3
|
|
||||||
#
|
|
||||||
# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
|
|
||||||
# # PORT PORT(S) DEST
|
|
||||||
# DNAT net loc:192.168.1.3 tcp 80 - 130.252.100.69
|
|
||||||
##############################################################################
|
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
|
|
||||||
# PORT PORT(S) DEST
|
|
||||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
|
@ -259,4 +259,51 @@ MULTIPORT=No
|
|||||||
|
|
||||||
DETECT_DNAT_IPADDRS=No
|
DETECT_DNAT_IPADDRS=No
|
||||||
|
|
||||||
|
# Merge Hosts File
|
||||||
|
#
|
||||||
|
# The traditional behavior of the /etc/shorewall/hosts file has been that
|
||||||
|
# if that file has ANY entry for a zone then the zone must be defined
|
||||||
|
# entirely in the hosts file. This is counter-intuitive and has caused
|
||||||
|
# people some problems.
|
||||||
|
#
|
||||||
|
# By setting MERGE_HOSTS=Yes, a more intuitive behavior of the hosts file
|
||||||
|
# is enabled. With MERGE_HOSTS=Yes, the zone contents in the hosts file
|
||||||
|
# are added to the contents described in the /etc/shorewall/interfaces file.
|
||||||
|
#
|
||||||
|
# Example: Suppose that we have the following interfaces and hosts files:
|
||||||
|
#
|
||||||
|
# Interfaces:
|
||||||
|
#
|
||||||
|
# net eth0
|
||||||
|
# loc eth1
|
||||||
|
# - ppp+
|
||||||
|
#
|
||||||
|
# Hosts:
|
||||||
|
#
|
||||||
|
# loc ppp+:192.168.1.0/24
|
||||||
|
# wrk ppp+:!192.168.1.0/24
|
||||||
|
#
|
||||||
|
# With MERGE_HOSTS=No, the contents of the 'loc' zone would be just
|
||||||
|
# ppp+:192.168.1.0/24. With MERGE_HOSTS=Yes, the contents would be
|
||||||
|
# ppp+:192.168.1.0 and eth1:0.0.0.0/0
|
||||||
|
#
|
||||||
|
# If this variable is not set or is set to the empty value, "No" is assumed.
|
||||||
|
|
||||||
|
MERGE_HOSTS=Yes
|
||||||
|
|
||||||
|
#
|
||||||
|
# Mutex Timeout
|
||||||
|
#
|
||||||
|
# The value of this variable determines the number of seconds that programs
|
||||||
|
# will wait for exclusive access to the Shorewall lock file. After the number
|
||||||
|
# of seconds corresponding to the value of this variable, programs will assume
|
||||||
|
# that the last program to hold the lock died without releasing the lock.
|
||||||
|
#
|
||||||
|
# If not set or set to the empty value, a value of 60 (60 seconds) is assumed.
|
||||||
|
#
|
||||||
|
# An appropriate value for this parameter would be twice the length of time
|
||||||
|
# that it takes your firewall system to process a "shorewall restart" command.
|
||||||
|
|
||||||
|
MUTEX_TIMEOUT=60
|
||||||
|
|
||||||
#LAST LINE -- DO NOT REMOVE
|
#LAST LINE -- DO NOT REMOVE
|
||||||
|
@ -73,6 +73,19 @@
|
|||||||
# . . blacklist - Check packets arriving on this interface
|
# . . blacklist - Check packets arriving on this interface
|
||||||
# against the /etc/shorewall/blacklist
|
# against the /etc/shorewall/blacklist
|
||||||
# file.
|
# file.
|
||||||
|
# proxyarp -
|
||||||
|
# Sets
|
||||||
|
# /proc/sys/net/ipv4/conf/<interface>/proxy_arp.
|
||||||
|
# Do NOT use this option if you are
|
||||||
|
# employing Proxy ARP through entries in
|
||||||
|
# /etc/shorewall/proxyarp. This option is
|
||||||
|
# intended soley for use with Proxy ARP
|
||||||
|
# sub-networking as described at:
|
||||||
|
# http://www.tldp.org/HOWTO/mini/Proxy-ARP-Subnet
|
||||||
|
#
|
||||||
|
# The order in which you list the options is not
|
||||||
|
# significant but the list should have no embedded white
|
||||||
|
# space.
|
||||||
#
|
#
|
||||||
# Example 1: Suppose you have eth0 connected to a DSL modem and
|
# Example 1: Suppose you have eth0 connected to a DSL modem and
|
||||||
# eth1 connected to your local network and that your
|
# eth1 connected to your local network and that your
|
||||||
|
@ -71,14 +71,15 @@
|
|||||||
# The port that the server is listening on may be
|
# The port that the server is listening on may be
|
||||||
# included and separated from the server's IP address by
|
# included and separated from the server's IP address by
|
||||||
# ":". If omitted, the firewall will not modifiy the
|
# ":". If omitted, the firewall will not modifiy the
|
||||||
# destination port.
|
# destination port. A destination port may only be
|
||||||
|
# included if the ACTION is DNAT or REDIRECT.
|
||||||
#
|
#
|
||||||
# Example: loc:192.168.1.3:3128 specifies a local
|
# Example: loc:192.168.1.3:3128 specifies a local
|
||||||
# server at IP address 192.168.1.3 and listening on port
|
# server at IP address 192.168.1.3 and listening on port
|
||||||
# 3128. The port number MUST be specified as an integer
|
# 3128. The port number MUST be specified as an integer
|
||||||
# and not as a name from /etc/services.
|
# and not as a name from /etc/services.
|
||||||
#
|
#
|
||||||
# if the RESULT is REDIRECT, this column needs only to
|
# if the ACTION is REDIRECT, this column needs only to
|
||||||
# contain the port number on the firewall that the
|
# contain the port number on the firewall that the
|
||||||
# request should be redirected to.
|
# request should be redirected to.
|
||||||
#
|
#
|
||||||
@ -92,6 +93,8 @@
|
|||||||
# ranges; if the protocol is "icmp", this column is
|
# ranges; if the protocol is "icmp", this column is
|
||||||
# interpreted as the destination icmp-type(s).
|
# interpreted as the destination icmp-type(s).
|
||||||
#
|
#
|
||||||
|
# A port range is expressed as <low port>:<high port>.
|
||||||
|
#
|
||||||
# This column is ignored if PROTOCOL = all but must be
|
# This column is ignored if PROTOCOL = all but must be
|
||||||
# entered if any of the following ields are supplied.
|
# entered if any of the following ields are supplied.
|
||||||
# In that case, it is suggested that this field contain
|
# In that case, it is suggested that this field contain
|
||||||
|
@ -7,8 +7,6 @@
|
|||||||
# DISPLAY Display name of the zone
|
# DISPLAY Display name of the zone
|
||||||
# COMMENTS Comments about the zone
|
# COMMENTS Comments about the zone
|
||||||
#
|
#
|
||||||
# $<variable-name> is not permitted in this file.
|
|
||||||
#
|
|
||||||
#ZONE DISPLAY COMMENTS
|
#ZONE DISPLAY COMMENTS
|
||||||
net Net Internet
|
net Net Internet
|
||||||
loc Local Local networks
|
loc Local Local networks
|
||||||
|
@ -48,6 +48,11 @@
|
|||||||
# requests. 'filterping' takes
|
# requests. 'filterping' takes
|
||||||
# precedence over 'noping' if both are
|
# precedence over 'noping' if both are
|
||||||
# given.
|
# given.
|
||||||
|
# routestopped - (Deprecated -- use
|
||||||
|
# /etc/shorewall/routestopped)
|
||||||
|
# When the firewall is stopped, allow
|
||||||
|
# and route traffic to and from this
|
||||||
|
# interface.
|
||||||
# norfc1918 - This interface should not receive
|
# norfc1918 - This interface should not receive
|
||||||
# any packets whose source is in one
|
# any packets whose source is in one
|
||||||
# of the ranges reserved by RFC 1918
|
# of the ranges reserved by RFC 1918
|
||||||
@ -68,6 +73,19 @@
|
|||||||
# . . blacklist - Check packets arriving on this interface
|
# . . blacklist - Check packets arriving on this interface
|
||||||
# against the /etc/shorewall/blacklist
|
# against the /etc/shorewall/blacklist
|
||||||
# file.
|
# file.
|
||||||
|
# proxyarp -
|
||||||
|
# Sets
|
||||||
|
# /proc/sys/net/ipv4/conf/<interface>/proxy_arp.
|
||||||
|
# Do NOT use this option if you are
|
||||||
|
# employing Proxy ARP through entries in
|
||||||
|
# /etc/shorewall/proxyarp. This option is
|
||||||
|
# intended soley for use with Proxy ARP
|
||||||
|
# sub-networking as described at:
|
||||||
|
# http://www.tldp.org/HOWTO/mini/Proxy-ARP-Subnet
|
||||||
|
#
|
||||||
|
# The order in which you list the options is not
|
||||||
|
# significant but the list should have no embedded white
|
||||||
|
# space.
|
||||||
#
|
#
|
||||||
# Example 1: Suppose you have eth0 connected to a DSL modem and
|
# Example 1: Suppose you have eth0 connected to a DSL modem and
|
||||||
# eth1 connected to your local network and that your
|
# eth1 connected to your local network and that your
|
||||||
@ -75,19 +93,21 @@
|
|||||||
# it's IP address via DHCP from subnet
|
# it's IP address via DHCP from subnet
|
||||||
# 206.191.149.192/27 and you want pings from the internet
|
# 206.191.149.192/27 and you want pings from the internet
|
||||||
# to be ignored. You interface a DMZ with subnet
|
# to be ignored. You interface a DMZ with subnet
|
||||||
# 192.168.2.0/24 using eth2.
|
# 192.168.2.0/24 using eth2. You want to be able to
|
||||||
|
# access the firewall from the local network when the
|
||||||
|
# firewall is stopped.
|
||||||
#
|
#
|
||||||
# Your entries for this setup would look like:
|
# Your entries for this setup would look like:
|
||||||
#
|
#
|
||||||
# net eth0 206.191.149.223 noping,dhcp
|
# net eth0 206.191.149.223 noping,dhcp
|
||||||
# local eth1 192.168.1.255
|
# local eth1 192.168.1.255 routestopped
|
||||||
# dmz eth2 192.168.2.255
|
# dmz eth2 192.168.2.255
|
||||||
#
|
#
|
||||||
# Example 2: The same configuration without specifying broadcast
|
# Example 2: The same configuration without specifying broadcast
|
||||||
# addresses is:
|
# addresses is:
|
||||||
#
|
#
|
||||||
# net eth0 detect noping,dhcp
|
# net eth0 detect noping,dhcp
|
||||||
# loc eth1 detect
|
# loc eth1 detect routestopped
|
||||||
# dmz eth2 detect
|
# dmz eth2 detect
|
||||||
#
|
#
|
||||||
# Example 3: You have a simple dial-in system with no ethernet
|
# Example 3: You have a simple dial-in system with no ethernet
|
||||||
|
@ -71,14 +71,15 @@
|
|||||||
# The port that the server is listening on may be
|
# The port that the server is listening on may be
|
||||||
# included and separated from the server's IP address by
|
# included and separated from the server's IP address by
|
||||||
# ":". If omitted, the firewall will not modifiy the
|
# ":". If omitted, the firewall will not modifiy the
|
||||||
# destination port.
|
# destination port. A destination port may only be
|
||||||
|
# included if the ACTION is DNAT or REDIRECT.
|
||||||
#
|
#
|
||||||
# Example: loc:192.168.1.3:3128 specifies a local
|
# Example: loc:192.168.1.3:3128 specifies a local
|
||||||
# server at IP address 192.168.1.3 and listening on port
|
# server at IP address 192.168.1.3 and listening on port
|
||||||
# 3128. The port number MUST be specified as an integer
|
# 3128. The port number MUST be specified as an integer
|
||||||
# and not as a name from /etc/services.
|
# and not as a name from /etc/services.
|
||||||
#
|
#
|
||||||
# if the RESULT is REDIRECT, this column needs only to
|
# if the ACTION is REDIRECT, this column needs only to
|
||||||
# contain the port number on the firewall that the
|
# contain the port number on the firewall that the
|
||||||
# request should be redirected to.
|
# request should be redirected to.
|
||||||
#
|
#
|
||||||
@ -92,6 +93,8 @@
|
|||||||
# ranges; if the protocol is "icmp", this column is
|
# ranges; if the protocol is "icmp", this column is
|
||||||
# interpreted as the destination icmp-type(s).
|
# interpreted as the destination icmp-type(s).
|
||||||
#
|
#
|
||||||
|
# A port range is expressed as <low port>:<high port>.
|
||||||
|
#
|
||||||
# This column is ignored if PROTOCOL = all but must be
|
# This column is ignored if PROTOCOL = all but must be
|
||||||
# entered if any of the following ields are supplied.
|
# entered if any of the following ields are supplied.
|
||||||
# In that case, it is suggested that this field contain
|
# In that case, it is suggested that this field contain
|
||||||
|
@ -7,8 +7,6 @@
|
|||||||
# DISPLAY Display name of the zone
|
# DISPLAY Display name of the zone
|
||||||
# COMMENTS Comments about the zone
|
# COMMENTS Comments about the zone
|
||||||
#
|
#
|
||||||
# $<variable-name> is not permitted in this file.
|
|
||||||
#
|
|
||||||
#ZONE DISPLAY COMMENTS
|
#ZONE DISPLAY COMMENTS
|
||||||
net Net Internet
|
net Net Internet
|
||||||
loc Local Local networks
|
loc Local Local networks
|
||||||
|
Loading…
Reference in New Issue
Block a user