document more macros and services

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4283 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
judas_iscariote 2006-07-27 03:28:19 +00:00
parent f5fef4526a
commit 6ee356877f

View File

@ -13,10 +13,14 @@
</author> </author>
</authorgroup> </authorgroup>
<othercredit>
<surname>Cristian Rodriguez R.</surname>
</othercredit>
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate> <pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
<copyright> <copyright>
<year>2001-2006</year> <year>2001-<?dbtimestamp format="Y"?></year>
<holder>Thomas M. Eastep</holder> <holder>Thomas M. Eastep</holder>
</copyright> </copyright>
@ -202,13 +206,18 @@ ICQ/ACCEPT <emphasis>&lt;source&gt;</emphasis> net</programlisting>
<title>IMAP</title> <title>IMAP</title>
<caution> <caution>
<para>When accessing you mail from the internet,use <emphasis <para>When accessing your mail from the internet,use <emphasis
role="bold">only</emphasis> <emphasis role="bold">IMAP over role="bold">only</emphasis> <emphasis role="bold">IMAP over
SSL</emphasis></para> SSL.</emphasis></para>
</caution>
<caution>
<para>This information is valid only for Shorewall 3.2 or later.</para>
</caution> </caution>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S) <programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
IMAP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> #Secure &amp; Unsecure IMAP</programlisting> IMAP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> # Unsecure IMAP
IMAPS/ACCEPT &lt;source&gt; &lt;destination&gt; # IMAP over SSL.</programlisting>
</section> </section>
<section> <section>
@ -226,6 +235,18 @@ ACCEPT <emphasis>&lt;destination&gt;</emphasis> <emphasis>&lt;source&gt;</e
url="VPN.htm">here</ulink>.</para> url="VPN.htm">here</ulink>.</para>
</section> </section>
<section>
<title>LDAP</title>
<caution>
<para>This information is valid only for Shorewall 3.2 or later.</para>
</caution>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
LDAP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis> &lt;destination&gt;</emphasis> <emphasis> #Insecure LDAP</emphasis>
LDAPS/ACCEPT <emphasis><emphasis>&lt;source&gt;</emphasis> <emphasis> &lt;destination&gt;</emphasis></emphasis><emphasis></emphasis> # LDAP over SSL</programlisting>
</section>
<section> <section>
<title>NFS</title> <title>NFS</title>
@ -252,17 +273,20 @@ PCA/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt
</section> </section>
<section> <section>
<title>Pop3</title> <title>POP3</title>
<caution> <caution>
<para>If Possible , <emphasis role="bold">Avoid this protocol</emphasis> <para>If Possible , <emphasis role="bold">Avoid this protocol</emphasis>
, use <emphasis role="bold">IMAP</emphasis> instead.</para> , use <emphasis role="bold">IMAP</emphasis> instead.</para>
</caution> </caution>
<para>TCP Port 110 (Secure Pop3 is TCP Port 995)</para> <caution>
<para>This information is valid only for Shorewall 3.2 or later</para>
</caution>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S) <programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
POP3/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> # Secure &amp; Unsecure Pop3</programlisting> POP3/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> # Secure
POP3S/ACCEPT &lt;source&gt; &lt;destination&gt; #Unsecure Pop3</programlisting>
</section> </section>
<section> <section>
@ -298,7 +322,8 @@ SSH/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</e
</section> </section>
<section> <section>
<title>SMB/NMB (Samba/Windows Browsing/File Sharing)</title> <title>SMB/NMB (Samba/<trademark>Windows</trademark> Browsing/File
Sharing)</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S) <programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
SMB/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis> &lt;destination&gt;</emphasis> SMB/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis> &lt;destination&gt;</emphasis>
@ -310,9 +335,13 @@ SMB/ACCEPT <emphasis>&lt;destination&gt;</emphasis> <emphasis>&lt;source&gt
<section> <section>
<title>SMTP</title> <title>SMTP</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S) <caution>
SMTP/ACCEPT<emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> #Insecure SMTP <para>This information is valid only for Shorewall 3.2 or later.</para>
ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> tcp 465 #SMTP over SSL (TLS)</programlisting> </caution>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
SMTP/ACCEPT<emphasis> &lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> #Insecure SMTP
SMTPS/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> #SMTP over SSL (TLS)</programlisting>
</section> </section>
<section> <section>
@ -322,9 +351,30 @@ ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</e
SNMP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting> SNMP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
</section> </section>
<section>
<title>SVN</title>
<caution>
<para>This information is valid only for Shorewall 3.2 or later.</para>
</caution>
<caution>
<para>This rule is for Subversion running in <emphasis
role="bold">svnserve mode only.</emphasis></para>
</caution>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
SVN/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
</section>
<section> <section>
<title>Telnet</title> <title>Telnet</title>
<caution>
<para><emphasis role="bold"><emphasis>The telnet protocol is very
insecure</emphasis>, don't use it.</emphasis></para>
</caution>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S) <programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
Telnet/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting> Telnet/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis></programlisting>
</section> </section>
@ -369,7 +419,8 @@ ACCEPT fw ...</programlisting>
<title>Usenet (NNTP)</title> <title>Usenet (NNTP)</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S) <programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
NNTP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> </programlisting> NNTP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis>
NNTPS/ACCEPT &lt;source&gt; &lt;destination&gt; # secure NNTP</programlisting>
<para>TCP Port 119</para> <para>TCP Port 119</para>
</section> </section>
@ -409,8 +460,13 @@ VNCL/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&g
<section> <section>
<title>Web Access</title> <title>Web Access</title>
<caution>
<para>This information is valid for Shorewall 3.2 or later.</para>
</caution>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S) <programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
Web/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> #Insecure HTTP&amp; Secure HTTP</programlisting> HTTP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt;</emphasis> #Insecure HTTP
HTTPS/ACCEPT &lt;source&gt; &lt;destination&gt; #Secure HTTP</programlisting>
</section> </section>
<section> <section>
@ -454,6 +510,16 @@ ACCEPT &lt;<emphasis>apps</emphasis>&gt; &lt;<emphasis>chooser</emphasis>
<title>Revision History</title> <title>Revision History</title>
<para><revhistory> <para><revhistory>
<revision>
<revnumber>1.18</revnumber>
<date>2006-07-18</date>
<authorinitials>CR</authorinitials>
<revremark>Updated for Shorewall 3.2</revremark>
</revision>
<revision> <revision>
<revnumber>1.18</revnumber> <revnumber>1.18</revnumber>