extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-03 03:59:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Replace tables with programlistings

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2628 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-09-03 15:23:41 +00:00
parent b663bdf559
commit 87574c0fe3
1 changed files with 25 additions and 293 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

318
Shorewall-docs2/whitelisting_under_shorewall.xml
View File

@ -12,7 +12,7 @@
<surname>Eastep</surname> <surname>Eastep</surname>
</author> </author>
<pubdate>2005-09-02</pubdate> <pubdate>2005-09-03</pubdate>
<copyright> <copyright>
<year>2002-2005</year> <year>2002-2005</year>
@ -74,53 +74,12 @@
<bridgehead renderas="sect4">Zone File</bridgehead> <bridgehead renderas="sect4">Zone File</bridgehead>
<informaltable colsep="1" pgwide="0"> <programlisting>#ZONE TYPE OPTIONS
<tgroup align="left" cols="3"> fw firewall
<thead valign="middle"> net plain
<row valign="middle"> ops plain
<entry align="left">ZONE</entry> loc plain
dmz plain</programlisting>
<entry align="left">DISPLAY</entry>
<entry align="left">COMMENTS</entry>
</row>
</thead>
<tbody valign="middle">
<row valign="middle">
<entry align="left"><literal>net</literal></entry>
<entry align="left">Net</entry>
<entry align="left">Internet</entry>
</row>
<row valign="middle">
<entry align="left"><literal>ops</literal></entry>
<entry align="left">Operations</entry>
<entry align="left">Operations Staff's Class C</entry>
</row>
<row valign="middle">
<entry align="left"><literal>loc</literal></entry>
<entry align="left">Local</entry>
<entry align="left">Local Class B</entry>
</row>
<row valign="middle">
<entry align="left"><literal>dmz</literal></entry>
<entry align="left">DMZ</entry>
<entry align="left">Demilitarized zone</entry>
</row>
</tbody>
</tgroup>
</informaltable>
<para>The <literal>ops</literal> zone has been added to the standard 3-zone <para>The <literal>ops</literal> zone has been added to the standard 3-zone
zones file -- since <literal>ops</literal> is a sub-zone of zones file -- since <literal>ops</literal> is a sub-zone of
@ -131,53 +90,10 @@
<bridgehead renderas="sect4">Interfaces File</bridgehead> <bridgehead renderas="sect4">Interfaces File</bridgehead>
<informaltable colsep="1" pgwide="0"> <programlisting>#ZONE INTERFACE BROACAST OPTIONS
<tgroup align="left" cols="4"> net eth0 &lt;whatever&gt; ...
<thead valign="middle"> dmz eth1 &lt;whatever&gt; ...
<row valign="middle"> - eth2 10.10.255.255</programlisting>
<entry align="left">ZONE</entry>
<entry align="left">INTERFACE</entry>
<entry align="left">BROADCAST</entry>
<entry align="left">OPTIONS</entry>
</row>
</thead>
<tbody valign="middle">
<row valign="middle">
<entry align="left"><literal>net</literal></entry>
<entry align="left"><literal>eth0</literal></entry>
<entry align="left">&lt;whatever&gt;</entry>
<entry align="left">&lt;options&gt;</entry>
</row>
<row valign="middle">
<entry align="left"><literal>dmz</literal></entry>
<entry align="left"><literal>eth1</literal></entry>
<entry align="left">&lt;whatever&gt;</entry>
<entry align="left"></entry>
</row>
<row>
<entry align="left"><literal>-</literal></entry>
<entry align="left"><literal>eth2</literal></entry>
<entry align="left"><literal>10.10.255.255</literal></entry>
<entry align="left"></entry>
</row>
</tbody>
</tgroup>
</informaltable>
<para>Because <literal>eth2</literal> interfaces to two zones <para>Because <literal>eth2</literal> interfaces to two zones
(<literal>ops</literal> and <literal>loc</literal>), we don't specify a zone (<literal>ops</literal> and <literal>loc</literal>), we don't specify a zone
@ -187,37 +103,9 @@
<bridgehead renderas="sect4">Hosts File</bridgehead> <bridgehead renderas="sect4">Hosts File</bridgehead>
<informaltable colsep="1" pgwide="0"> <programlisting>#ZONE HOST(S) OPTIONS
<tgroup align="left" cols="3"> ops eth2:10.10.10.0/24
<thead valign="middle"> loc eth2:0.0.0.0/0</programlisting>
<row valign="middle">
<entry align="left">ZONE</entry>
<entry align="left">HOST(S)</entry>
<entry align="left">OPTIONS</entry>
</row>
</thead>
<tbody valign="middle">
<row valign="middle">
<entry align="left"><literal>ops</literal></entry>
<entry align="left"><literal>eth2:10.10.10.0/24</literal></entry>
<entry align="left"></entry>
</row>
<row valign="middle">
<entry align="left"><literal>loc</literal></entry>
<entry align="left"><literal>eth2:0.0.0.0/0</literal></entry>
<entry align="left"></entry>
</row>
</tbody>
</tgroup>
</informaltable>
<para>Here we define the <literal>ops</literal> and <literal>loc</literal> <para>Here we define the <literal>ops</literal> and <literal>loc</literal>
zones. When Shorewall is stopped, only the hosts in the zones. When Shorewall is stopped, only the hosts in the
@ -232,93 +120,12 @@
<bridgehead renderas="sect4">Policy File</bridgehead> <bridgehead renderas="sect4">Policy File</bridgehead>
<informaltable colsep="1" pgwide="0"> <programlisting>#SOURCE DEST POLICY LOG LEVEL
<tgroup align="left" cols="5"> <emphasis role="bold">ops all ACCEPT
<thead valign="middle"> all ops CONTINUE</emphasis>
<row valign="middle"> loc net ACCEPT
<entry align="left">SOURCE</entry> net all DROP info
all all REJECT info</programlisting>
<entry align="left">DEST</entry>
<entry align="left">POLICY</entry>
<entry align="left">LOG LEVEL</entry>
<entry align="left">LIMIT BURST</entry>
</row>
</thead>
<tbody>
<row valign="middle">
<entry align="left"><!-- To color the cell grey, uncomment the following 2 lines
<?dbhtml bgcolor="#EEEEEE" ?>
<?dbfo bgcolor="#EEEEEE" ?>
--> <emphasis role="bold"> <literal>ops</literal> </emphasis></entry>
<entry align="left"><emphasis role="bold"> <literal>all</literal>
</emphasis></entry>
<entry align="left"><emphasis role="bold"> <literal>ACCEPT</literal>
</emphasis></entry>
<entry align="left"></entry>
<entry align="left"></entry>
</row>
<row valign="middle">
<entry align="left"><emphasis role="bold"> <literal>all</literal>
</emphasis></entry>
<entry align="left"><emphasis role="bold"> <literal>ops</literal>
</emphasis></entry>
<entry align="left"><emphasis role="bold">
<literal>CONTINUE</literal> </emphasis></entry>
<entry align="left"></entry>
<entry align="left"></entry>
</row>
<row valign="middle">
<entry align="left"><literal>loc</literal></entry>
<entry align="left"><literal>net</literal></entry>
<entry align="left"><literal>ACCEPT</literal></entry>
<entry align="left"></entry>
<entry align="left"></entry>
</row>
<row valign="middle">
<entry align="left"><literal>net</literal></entry>
<entry align="left"><literal>all</literal></entry>
<entry align="left"><literal>DROP</literal></entry>
<entry align="left"><literal>info</literal></entry>
<entry align="left"></entry>
</row>
<row valign="middle">
<entry align="left"><literal>all</literal></entry>
<entry align="left"><literal>all</literal></entry>
<entry align="left"><literal>REJECT</literal></entry>
<entry align="left"><literal>info</literal></entry>
<entry align="left"></entry>
</row>
</tbody>
</tgroup>
</informaltable>
<para>Two entries for <literal>ops</literal> (in bold) have been added to <para>Two entries for <literal>ops</literal> (in bold) have been added to
the standard 3-zone policy file.</para> the standard 3-zone policy file.</para>
@ -327,61 +134,8 @@
<bridgehead renderas="sect4">Rules File</bridgehead> <bridgehead renderas="sect4">Rules File</bridgehead>
<informaltable colsep="1" pgwide="0"> <programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE PORTS(S) ORIGINAL DEST
<tgroup align="left" cols="7"> REDIRECT loc!ops 3128 tcp http</programlisting>
<thead valign="middle">
<row valign="middle">
<entry align="left">ACTION</entry>
<entry align="left">SOURCE</entry>
<entry align="left">DEST</entry>
<entry align="left">PROTO</entry>
<entry align="left">DEST PORT(S)</entry>
<entry align="left">SOURCE PORT(S)</entry>
<entry align="left">ORIGINAL DEST</entry>
</row>
</thead>
<tbody>
<row valign="middle">
<entry align="left"><literal>REDIRECT</literal></entry>
<entry align="left"><literal>loc!ops</literal></entry>
<entry align="left"><literal>3128</literal></entry>
<entry align="left"><literal>tcp</literal></entry>
<entry align="left"><literal>http</literal></entry>
<entry align="left"></entry>
<entry align="left"></entry>
</row>
<row valign="middle">
<entry align="left"><literal>...</literal></entry>
<entry align="left"></entry>
<entry align="left"></entry>
<entry align="left"></entry>
<entry align="left"></entry>
<entry align="left"></entry>
<entry align="left"></entry>
</row>
</tbody>
</tgroup>
</informaltable>
<para>This is the rule that transparently redirects web traffic to the <para>This is the rule that transparently redirects web traffic to the
transparent proxy running on the firewall. The <emphasis transparent proxy running on the firewall. The <emphasis
@ -392,29 +146,7 @@
<bridgehead renderas="sect4">Routestopped File</bridgehead> <bridgehead renderas="sect4">Routestopped File</bridgehead>
<informaltable colsep="1" pgwide="0"> <programlisting>#INTERFACE HOST(S) OPTIONS
<tgroup align="left" cols="2"> eth1
<thead valign="middle"> eth2 10.10.10.0/24</programlisting>
<row valign="middle">
<entry align="left">INTERFACE</entry>
<entry align="left">HOST(S))</entry>
</row>
</thead>
<tbody>
<row valign="middle">
<entry align="left"><literal>eth1</literal></entry>
<entry align="left"></entry>
</row>
<row valign="middle">
<entry align="left"><literal>eth2</literal></entry>
<entry align="left"><literal>10.10.10.0/24</literal></entry>
</row>
</tbody>
</tgroup>
</informaltable>
</article> </article>