mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-26 04:32:01 +02:00
Update the ports article for 5.0
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
4050aa5180
commit
8fd7de3900
@ -61,7 +61,7 @@
|
|||||||
from the <emphasis role="bold">dmz</emphasis> zone to the <emphasis
|
from the <emphasis role="bold">dmz</emphasis> zone to the <emphasis
|
||||||
role="bold">net</emphasis> zone:</para>
|
role="bold">net</emphasis> zone:</para>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION
|
<programlisting>#ACTION SOURCE DEST
|
||||||
DNS(ACCEPT) dmz net</programlisting>
|
DNS(ACCEPT) dmz net</programlisting>
|
||||||
</note>
|
</note>
|
||||||
|
|
||||||
@ -74,12 +74,12 @@ DNS(ACCEPT) dmz net</programlisting>
|
|||||||
<para>Example: You want to port forward FTP from the net to your server
|
<para>Example: You want to port forward FTP from the net to your server
|
||||||
at 192.168.1.4 in your DMZ. The FTP section below gives you:</para>
|
at 192.168.1.4 in your DMZ. The FTP section below gives you:</para>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DEST PROTO DPORT
|
||||||
FTP(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
FTP(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
||||||
|
|
||||||
<para>You would code your rule as follows:</para>
|
<para>You would code your rule as follows:</para>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
FTP(DNAT) net dmz:192.168.1.4 </programlisting>
|
FTP(DNAT) net dmz:192.168.1.4 </programlisting>
|
||||||
</note>
|
</note>
|
||||||
</section>
|
</section>
|
||||||
@ -93,7 +93,7 @@ FTP(DNAT) net dmz:192.168.1.4 </programlisting>
|
|||||||
anymore.</emphasis></para>
|
anymore.</emphasis></para>
|
||||||
</caution>
|
</caution>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
Auth(ACCEPT) <emphasis> <source></emphasis> <emphasis><destination></emphasis></programlisting>
|
Auth(ACCEPT) <emphasis> <source></emphasis> <emphasis><destination></emphasis></programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
@ -110,14 +110,14 @@ Auth(ACCEPT) <emphasis> <source></emphasis> <emphasis><destination&
|
|||||||
port(s)</emphasis></emphasis></para>
|
port(s)</emphasis></emphasis></para>
|
||||||
</caution>
|
</caution>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
BitTorrent(ACCEPT)<emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
BitTorrent(ACCEPT)<emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="DNS">
|
<section id="DNS">
|
||||||
<title>DNS</title>
|
<title>DNS</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
DNS(ACCEPT) <emphasis> <source></emphasis> <emphasis><destination></emphasis> </programlisting>
|
DNS(ACCEPT) <emphasis> <source></emphasis> <emphasis><destination></emphasis> </programlisting>
|
||||||
|
|
||||||
<para>Note that if you are setting up a DNS server that supports recursive
|
<para>Note that if you are setting up a DNS server that supports recursive
|
||||||
@ -128,7 +128,7 @@ DNS(ACCEPT) <emphasis> <source></emphasis> <emphasis><destination&
|
|||||||
a public DNS server in your DMZ that supports recursive resolution for
|
a public DNS server in your DMZ that supports recursive resolution for
|
||||||
local clients then you would need:</para>
|
local clients then you would need:</para>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
DNS(ACCEPT) all dmz
|
DNS(ACCEPT) all dmz
|
||||||
DNS(ACCEPT) dmz net </programlisting>
|
DNS(ACCEPT) dmz net </programlisting>
|
||||||
|
|
||||||
@ -174,7 +174,7 @@ DNS(ACCEPT) dmz net </programlisting>
|
|||||||
|
|
||||||
<para><filename>/etc/shorewall/rules:</filename></para>
|
<para><filename>/etc/shorewall/rules:</filename></para>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
Edonkey(DNAT) net loc:192.168.1.4
|
Edonkey(DNAT) net loc:192.168.1.4
|
||||||
#if you wish to enable the Emule webserver, add this rule too.
|
#if you wish to enable the Emule webserver, add this rule too.
|
||||||
DNAT net loc:192.168.1.4 tcp 4711</programlisting>
|
DNAT net loc:192.168.1.4 tcp 4711</programlisting>
|
||||||
@ -183,7 +183,7 @@ DNAT net loc:192.168.1.4 tcp 4711</programlisting>
|
|||||||
<section id="FTP">
|
<section id="FTP">
|
||||||
<title>FTP</title>
|
<title>FTP</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
FTP(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
FTP(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
||||||
|
|
||||||
<para>Look <ulink url="FTP.html">here</ulink> for much more
|
<para>Look <ulink url="FTP.html">here</ulink> for much more
|
||||||
@ -212,14 +212,14 @@ FTP(ACCEPT) <emphasis><source></emphasis> <emphasis><destination>
|
|||||||
<listitem>
|
<listitem>
|
||||||
<para>Your loc->net policy is ACCEPT</para>
|
<para>Your loc->net policy is ACCEPT</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</orderedlist><programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
</orderedlist><programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
Gnutella(DNAT) net loc:192.168.1.4</programlisting></para>
|
Gnutella(DNAT) net loc:192.168.1.4</programlisting></para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="ICQ">
|
<section id="ICQ">
|
||||||
<title>ICQ/AIM</title>
|
<title>ICQ/AIM</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
ICQ(ACCEPT) <emphasis><source></emphasis> net</programlisting>
|
ICQ(ACCEPT) <emphasis><source></emphasis> net</programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
@ -236,7 +236,7 @@ ICQ(ACCEPT) <emphasis><source></emphasis> net</programlisting>
|
|||||||
<para>This information is valid only for Shorewall 3.2 or later.</para>
|
<para>This information is valid only for Shorewall 3.2 or later.</para>
|
||||||
</caution>
|
</caution>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
IMAP(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis> # Unsecure IMAP
|
IMAP(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis> # Unsecure IMAP
|
||||||
IMAPS(ACCEPT) <source> <destination> # IMAP over SSL.</programlisting>
|
IMAPS(ACCEPT) <source> <destination> # IMAP over SSL.</programlisting>
|
||||||
</section>
|
</section>
|
||||||
@ -244,7 +244,7 @@ IMAPS(ACCEPT) <source> <destination> # IMAP over SSL.</programlis
|
|||||||
<section id="IPSEC">
|
<section id="IPSEC">
|
||||||
<title>IPSEC</title>
|
<title>IPSEC</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis> <destination></emphasis> 50
|
ACCEPT <emphasis><source></emphasis> <emphasis> <destination></emphasis> 50
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis> <destination></emphasis> 51
|
ACCEPT <emphasis><source></emphasis> <emphasis> <destination></emphasis> 51
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis> <destination></emphasis> udp 500
|
ACCEPT <emphasis><source></emphasis> <emphasis> <destination></emphasis> udp 500
|
||||||
@ -263,9 +263,9 @@ ACCEPT <emphasis><destination></emphasis> <emphasis><source></e
|
|||||||
<para>This information is valid only for Shorewall 3.2 or later.</para>
|
<para>This information is valid only for Shorewall 3.2 or later.</para>
|
||||||
</caution>
|
</caution>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
LDAP(ACCEPT) <emphasis><source></emphasis> <emphasis> <destination></emphasis> <emphasis> #Insecure LDAP</emphasis>
|
LDAP(ACCEPT) <emphasis><source></emphasis> <emphasis> <destination></emphasis> <emphasis> #Insecure LDAP</emphasis>
|
||||||
LDAPS(ACCEPT) <emphasis><emphasis><source></emphasis> <emphasis> <destination></emphasis></emphasis><emphasis></emphasis> # LDAP over SSL</programlisting>
|
LDAPS(ACCEPT) <emphasis><emphasis><source></emphasis> <emphasis> <destination></emphasis></emphasis><emphasis/> # LDAP over SSL</programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="MySQL">
|
<section id="MySQL">
|
||||||
@ -284,14 +284,14 @@ LDAPS(ACCEPT) <emphasis><emphasis><source></emphasis> <emphasis> &
|
|||||||
how to deal with the consequences, you have been warned.</para>
|
how to deal with the consequences, you have been warned.</para>
|
||||||
</caution>
|
</caution>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
MySQL(ACCEPT) <emphasis><source></emphasis> <emphasis> <destination></emphasis> <emphasis> </emphasis></programlisting>
|
MySQL(ACCEPT) <emphasis><source></emphasis> <emphasis> <destination></emphasis> <emphasis> </emphasis></programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="NFS">
|
<section id="NFS">
|
||||||
<title>NFS</title>
|
<title>NFS</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
ACCEPT <emphasis><z1></emphasis>:<list of client IPs> <emphasis> <z2></emphasis>:a.b.c.d tcp 111
|
ACCEPT <emphasis><z1></emphasis>:<list of client IPs> <emphasis> <z2></emphasis>:a.b.c.d tcp 111
|
||||||
ACCEPT <emphasis><z1></emphasis>:<list of client IPs> <emphasis> <z2></emphasis>:a.b.c.d udp</programlisting>
|
ACCEPT <emphasis><z1></emphasis>:<list of client IPs> <emphasis> <z2></emphasis>:a.b.c.d udp</programlisting>
|
||||||
|
|
||||||
@ -302,14 +302,14 @@ ACCEPT <emphasis><z1></emphasis>:<list of client IPs> <emphasis
|
|||||||
<section id="NTP">
|
<section id="NTP">
|
||||||
<title>NTP (Network Time Protocol)</title>
|
<title>NTP (Network Time Protocol)</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
NTP(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
NTP(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="PCA">
|
<section id="PCA">
|
||||||
<title><trademark>PCAnywhere</trademark></title>
|
<title><trademark>PCAnywhere</trademark></title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
PCA(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
PCA(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
@ -325,7 +325,7 @@ PCA(ACCEPT) <emphasis><source></emphasis> <emphasis><destination>
|
|||||||
<para>This information is valid only for Shorewall 3.2 or later</para>
|
<para>This information is valid only for Shorewall 3.2 or later</para>
|
||||||
</caution>
|
</caution>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
POP3(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis> # Secure
|
POP3(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis> # Secure
|
||||||
POP3S(ACCEPT) <source> <destination> #Unsecure Pop3</programlisting>
|
POP3S(ACCEPT) <source> <destination> #Unsecure Pop3</programlisting>
|
||||||
</section>
|
</section>
|
||||||
@ -333,7 +333,7 @@ POP3S(ACCEPT) <source> <destination> #Unsecure Pop3</programlist
|
|||||||
<section id="PPTP">
|
<section id="PPTP">
|
||||||
<title>PPTP</title>
|
<title>PPTP</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> 47
|
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> 47
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> tcp 1723</programlisting>
|
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> tcp 1723</programlisting>
|
||||||
|
|
||||||
@ -344,14 +344,14 @@ ACCEPT <emphasis><source></emphasis> <emphasis><destination></e
|
|||||||
<section id="Rdate">
|
<section id="Rdate">
|
||||||
<title>rdate</title>
|
<title>rdate</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
Rdate(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
Rdate(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="rsync">
|
<section id="rsync">
|
||||||
<title>rsync</title>
|
<title>rsync</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
Rsync(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
Rsync(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
@ -363,16 +363,16 @@ Rsync(ACCEPT) <emphasis><source></emphasis> <emphasis><destination&
|
|||||||
firewall and is using the default ports</emphasis>.</para>
|
firewall and is using the default ports</emphasis>.</para>
|
||||||
</caution>
|
</caution>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
REDIRECT loc 5060 udp 5060
|
REDIRECT loc 5060 udp 5060
|
||||||
ACCEPT net fw udp 5060
|
ACCEPT net fw udp 5060
|
||||||
ACCEPT <emphasis> net fw udp 7070:7089</emphasis><emphasis></emphasis></programlisting>
|
ACCEPT <emphasis> net fw udp 7070:7089</emphasis><emphasis/></programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="SSH">
|
<section id="SSH">
|
||||||
<title>SSH/SFTP</title>
|
<title>SSH/SFTP</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
SSH(ACCEPT)<emphasis><source></emphasis> <emphasis><destination></emphasis> </programlisting>
|
SSH(ACCEPT)<emphasis><source></emphasis> <emphasis><destination></emphasis> </programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
@ -380,7 +380,7 @@ SSH(ACCEPT)<emphasis><source></emphasis> <emphasis><destination></e
|
|||||||
<title>SMB/NMB (Samba/<trademark>Windows</trademark> Browsing/File
|
<title>SMB/NMB (Samba/<trademark>Windows</trademark> Browsing/File
|
||||||
Sharing)</title>
|
Sharing)</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
SMB(ACCEPT) <emphasis><source></emphasis> <emphasis> <destination></emphasis>
|
SMB(ACCEPT) <emphasis><source></emphasis> <emphasis> <destination></emphasis>
|
||||||
SMB(ACCEPT) <emphasis><destination></emphasis> <emphasis><source></emphasis></programlisting>
|
SMB(ACCEPT) <emphasis><destination></emphasis> <emphasis><source></emphasis></programlisting>
|
||||||
|
|
||||||
@ -394,7 +394,7 @@ SMB(ACCEPT) <emphasis><destination></emphasis> <emphasis><source>
|
|||||||
<para>This information is valid only for Shorewall 3.2 or later.</para>
|
<para>This information is valid only for Shorewall 3.2 or later.</para>
|
||||||
</caution>
|
</caution>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
SMTP(ACCEPT)<emphasis> <source></emphasis> <emphasis><destination></emphasis> #Insecure SMTP
|
SMTP(ACCEPT)<emphasis> <source></emphasis> <emphasis><destination></emphasis> #Insecure SMTP
|
||||||
SMTPS(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis> #SMTP over SSL (TLS)</programlisting>
|
SMTPS(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis> #SMTP over SSL (TLS)</programlisting>
|
||||||
</section>
|
</section>
|
||||||
@ -402,7 +402,7 @@ SMTPS(ACCEPT) <emphasis><source></emphasis> <emphasis><destination&
|
|||||||
<section id="SNMP">
|
<section id="SNMP">
|
||||||
<title>SNMP</title>
|
<title>SNMP</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
SNMP(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
SNMP(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
@ -418,7 +418,7 @@ SNMP(ACCEPT) <emphasis><source></emphasis> <emphasis><destination&g
|
|||||||
role="bold">svnserve mode only.</emphasis></para>
|
role="bold">svnserve mode only.</emphasis></para>
|
||||||
</caution>
|
</caution>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
SVN(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
SVN(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
@ -430,7 +430,7 @@ SVN(ACCEPT) <emphasis><source></emphasis> <emphasis><destination>
|
|||||||
insecure</emphasis>, don't use it.</emphasis></para>
|
insecure</emphasis>, don't use it.</emphasis></para>
|
||||||
</caution>
|
</caution>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
Telnet(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
Telnet(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
@ -447,14 +447,14 @@ Telnet(ACCEPT) <emphasis><source></emphasis> <emphasis><destination
|
|||||||
that the <filename>/etc/shorewall/modules</filename> file released with
|
that the <filename>/etc/shorewall/modules</filename> file released with
|
||||||
recent Shorewall versions contains entries for these modules.</para>
|
recent Shorewall versions contains entries for these modules.</para>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> udp 69</programlisting>
|
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> udp 69</programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="Traceroute">
|
<section id="Traceroute">
|
||||||
<title>Traceroute</title>
|
<title>Traceroute</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
Trcrt(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis> #Good for 10 hops</programlisting>
|
Trcrt(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis> #Good for 10 hops</programlisting>
|
||||||
|
|
||||||
<para>UDP traceroute uses ports 33434 through 33434+<max number of
|
<para>UDP traceroute uses ports 33434 through 33434+<max number of
|
||||||
@ -464,7 +464,7 @@ Trcrt(ACCEPT) <emphasis><source></emphasis> <emphasis><destination&
|
|||||||
automatically since those sample configurations enable all ICMP packet
|
automatically since those sample configurations enable all ICMP packet
|
||||||
types originating on the firewall itself.</para>
|
types originating on the firewall itself.</para>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
ACCEPT fw net icmp
|
ACCEPT fw net icmp
|
||||||
ACCEPT fw loc icmp
|
ACCEPT fw loc icmp
|
||||||
ACCEPT fw ...</programlisting>
|
ACCEPT fw ...</programlisting>
|
||||||
@ -473,7 +473,7 @@ ACCEPT fw ...</programlisting>
|
|||||||
<section id="NNTP">
|
<section id="NNTP">
|
||||||
<title>Usenet (NNTP)</title>
|
<title>Usenet (NNTP)</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
NNTP(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis>
|
NNTP(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis>
|
||||||
NNTPS(ACCEPT) <source> <destination> # secure NNTP</programlisting>
|
NNTPS(ACCEPT) <source> <destination> # secure NNTP</programlisting>
|
||||||
|
|
||||||
@ -493,13 +493,13 @@ NNTPS(ACCEPT) <source> <destination> # secure NNTP</programlisti
|
|||||||
<para>the following rule handles VNC traffic for VNC displays 0 -
|
<para>the following rule handles VNC traffic for VNC displays 0 -
|
||||||
9.</para>
|
9.</para>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
VNC(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis>
|
VNC(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis>
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
|
||||||
<para>Vncserver to Vncviewer in listen mode -- TCP port 5500.</para>
|
<para>Vncserver to Vncviewer in listen mode -- TCP port 5500.</para>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
VNCL(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
VNCL(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
@ -519,7 +519,7 @@ VNCL(ACCEPT) <emphasis><source></emphasis> <emphasis><destination&g
|
|||||||
<para>This information is valid for Shorewall 3.2 or later.</para>
|
<para>This information is valid for Shorewall 3.2 or later.</para>
|
||||||
</caution>
|
</caution>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
HTTP(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis> #Insecure HTTP
|
HTTP(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis> #Insecure HTTP
|
||||||
HTTPS(ACCEPT) <source> <destination> #Secure HTTP</programlisting>
|
HTTPS(ACCEPT) <source> <destination> #Secure HTTP</programlisting>
|
||||||
</section>
|
</section>
|
||||||
@ -527,7 +527,7 @@ HTTPS(ACCEPT) <source> <destination> #Secure HTTP</programlisti
|
|||||||
<section id="Webmin">
|
<section id="Webmin">
|
||||||
<title>Webmin</title>
|
<title>Webmin</title>
|
||||||
|
|
||||||
<para><programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<para><programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
Webmin(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis> </programlisting>Webmin
|
Webmin(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis> </programlisting>Webmin
|
||||||
use TCP port 10000.</para>
|
use TCP port 10000.</para>
|
||||||
</section>
|
</section>
|
||||||
@ -535,7 +535,7 @@ Webmin(ACCEPT) <emphasis><source></emphasis> <emphasis><destination
|
|||||||
<section id="Whois">
|
<section id="Whois">
|
||||||
<title>Whois</title>
|
<title>Whois</title>
|
||||||
|
|
||||||
<para><programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<para><programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
Whois(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis> </programlisting></para>
|
Whois(ACCEPT) <emphasis><source></emphasis> <emphasis><destination></emphasis> </programlisting></para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
@ -546,7 +546,7 @@ Whois(ACCEPT) <emphasis><source></emphasis> <emphasis><destination&
|
|||||||
<<emphasis>chooser</emphasis>> and the Display Manager/X
|
<<emphasis>chooser</emphasis>> and the Display Manager/X
|
||||||
applications are running at <<emphasis>apps</emphasis>>.</para>
|
applications are running at <<emphasis>apps</emphasis>>.</para>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
|
||||||
ACCEPT <<emphasis>chooser</emphasis>> <<emphasis>apps</emphasis>> udp 177 #XDMCP
|
ACCEPT <<emphasis>chooser</emphasis>> <<emphasis>apps</emphasis>> udp 177 #XDMCP
|
||||||
ACCEPT <<emphasis>apps</emphasis>> <<emphasis>chooser</emphasis>> tcp 6000:6009 #X Displays 0-9</programlisting>
|
ACCEPT <<emphasis>apps</emphasis>> <<emphasis>chooser</emphasis>> tcp 6000:6009 #X Displays 0-9</programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user