Change zone ordering in the IPSEC doc.

- Place net before vpn so that pppoe users who blindly copy examples won't
  get mis-ordered nested zones.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-01-21 05:51:28 -08:00
parent 66b976a934
commit 8d9b1d50d1

View File

@ -297,8 +297,8 @@ ipsec net 206.162.148.9
<programlisting>#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
vpn ipv4
net ipv4
<emphasis role="bold">vpn ipv4</emphasis>
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</programlisting>
</blockquote>
@ -495,8 +495,8 @@ sec ipsec mode=tunnel <emphasis role="bold">mss=1400</emphasis
<programlisting>#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
vpn ipsec
net ipv4
<emphasis role="bold">vpn ipsec</emphasis>
loc ipv4
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</programlisting>
</blockquote>
@ -718,9 +718,9 @@ RACOON=/usr/sbin/racoon</programlisting>
<programlisting>#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
vpn ipsec
l2tp ipv4
net ipv4
vpn ipsec
<emphasis role="bold">l2tp ipv4</emphasis>
loc ipv4
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</programlisting>
</blockquote>
@ -827,9 +827,9 @@ HTTPS(ACCEPT) l2tp $FW
hosts in that network. In that case, IPSEC transport mode is an
appropriate solution.</para>
<para><graphic fileref="images/TransportMode.png" />Here's an example
using the ipsec-tools package. The files shown are from host
192.168.20.10; the configuration of the other nodes is similar.</para>
<para><graphic fileref="images/TransportMode.png"/>Here's an example using
the ipsec-tools package. The files shown are from host 192.168.20.10; the
configuration of the other nodes is similar.</para>
<blockquote>
<para><filename>/etc/racoon/racoon.conf</filename>:</para>