diff --git a/Samples/three-interfaces/policy b/Samples/three-interfaces/policy index 796e4aaea..d75041192 100644 --- a/Samples/three-interfaces/policy +++ b/Samples/three-interfaces/policy @@ -22,7 +22,16 @@ # zones defined in this sample. This is solely for the purpose of # providing more specific messages in the logs. This is not # necessary for correct operation of the firewall, but greatly -# assists in diagnosing problems. +# assists in diagnosing problems. The policies below are logically +# equivalent to: +# +# loc net ACCEPT +# net all DROP info +# all all REJECT info +# +# The Shorewall-perl compiler will generate the individual policies +# below from the above general policies if you set +# EXPAND_POLICIES=Yes in shorewall.conf. # # diff --git a/Samples/three-interfaces/shorewall.conf b/Samples/three-interfaces/shorewall.conf index 0ab3a8807..bbab4d387 100644 --- a/Samples/three-interfaces/shorewall.conf +++ b/Samples/three-interfaces/shorewall.conf @@ -166,6 +166,8 @@ OPTIMIZE=1 EXPORTPARAMS=No +EXPAND_POLICIES=No + ############################################################################### # P A C K E T D I S P O S I T I O N ############################################################################### diff --git a/Samples/two-interfaces/policy b/Samples/two-interfaces/policy index 5093ffab0..636b4d449 100644 --- a/Samples/two-interfaces/policy +++ b/Samples/two-interfaces/policy @@ -22,10 +22,18 @@ # zones defined in this sample. This is solely for the purpose of # providing more specific messages in the logs. This is not # necessary for correct operation of the firewall, but greatly -# assists in diagnosing problems. +# assists in diagnosing problems. The policies below are logically +# equivalent to: +# +# loc net ACCEPT +# net all DROP info +# all all REJECT info +# +# The Shorewall-perl compiler will generate the individual policies +# below from the above general policies if you set +# EXPAND_POLICIES=Yes in shorewall.conf. # -# # Policies for traffic originating from the local LAN (loc) # # If you want to force clients to access the Internet via a proxy server diff --git a/Samples/two-interfaces/shorewall.conf b/Samples/two-interfaces/shorewall.conf index c70e76c36..1de31f0cf 100644 --- a/Samples/two-interfaces/shorewall.conf +++ b/Samples/two-interfaces/shorewall.conf @@ -165,6 +165,8 @@ OPTIMIZE=1 EXPORTPARAMS=No +EXPAND_POLICIES=No + ############################################################################### # P A C K E T D I S P O S I T I O N ###############################################################################