Upgrade samples for 1.3.9

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@253 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Samples/one-interface/interfaces

@@ -12,20 +12,24 @@
 #			of a zone defined in /etc/shorewall/zones.
 #
 #			If the interface serves multiple zones that will be
-#			defined in the /etc/shorewall/hosts file, you may
+#			defined in the /etc/shorewall/hosts file, you should
 #			place "-" in this column.
 #	
-#	INTERFACE	Name of interface
+#	INTERFACE	Name of interface. Each interface may be listed only
+#			once in this file.
 #
 #	BROADCAST	The broadcast address for the subnetwork to which the
 #			interface belongs. For P-T-P interfaces, this
-#			column is left black.
+#			column is left black.If the interface has multiple
+#			addresses on multiple subnets then list the broadcast
+#			addresses as a comma-separated list.
 #					    
 #			If you use the special value "detect", the firewall
 #			will detect the broadcast address for you. If you
 #			select this option, the interface must be up before
-#			the firewall is started and you must have iproute
-#			installed.
+#			the firewall is started, you must have iproute
+#			installed and the interface must only be associated
+#			with a single subnet.
 #			
 #			If you don't want to give a value for this column but
 #			you want to enter a value in the OPTIONS column, enter

Samples/one-interface/policy

@@ -18,7 +18,7 @@
 #			in /etc/shorewall/zones, $FW or "all"
 #
 #	POLICY		Policy if no match from the rules file is found. Must
-#			be "ACCEPT", "DENY", "REJECT" or "CONTINUE"
+#			be "ACCEPT", "DROP", "REJECT" or "CONTINUE"
 #
 #	LOG LEVEL	If supplied, each connection handled under the default
 #			POLICY is logged at that level. If not supplied, no

Samples/one-interface/shorewall.conf

@@ -349,4 +349,12 @@ MUTEX_TIMEOUT=60
 
 LOGNEWNOTSYN=
 
+#
+# Forward "Ping"
+#
+# If FORWARDPING is set to "Yes" then Echo Request ("Ping") packets are
+# forwarded by the firewall.
+
+FORWARDPING=Yes
+
 #LAST LINE -- DO NOT REMOVE

Samples/two-interfaces/interfaces

@@ -12,20 +12,24 @@
 #			of a zone defined in /etc/shorewall/zones.
 #
 #			If the interface serves multiple zones that will be
-#			defined in the /etc/shorewall/hosts file, you may
+#			defined in the /etc/shorewall/hosts file, you should
 #			place "-" in this column.
 #	
-#	INTERFACE	Name of interface
+#	INTERFACE	Name of interface. Each interface may be listed only
+#			once in this file.
 #
 #	BROADCAST	The broadcast address for the subnetwork to which the
 #			interface belongs. For P-T-P interfaces, this
-#			column is left black.
+#			column is left black.If the interface has multiple
+#			addresses on multiple subnets then list the broadcast
+#			addresses as a comma-separated list.
 #					    
 #			If you use the special value "detect", the firewall
 #			will detect the broadcast address for you. If you
 #			select this option, the interface must be up before
-#			the firewall is started and you must have iproute
-#			installed.
+#			the firewall is started, you must have iproute
+#			installed and the interface must only be associated
+#			with a single subnet.
 #			
 #			If you don't want to give a value for this column but
 #			you want to enter a value in the OPTIONS column, enter
@@ -119,7 +123,7 @@
 #
 #			net	ppp0	-		noping
 ##############################################################################
-#ZONE	INTERFACE	BROADCAST	OPTIONS
+#ZONE	 INTERFACE	BROADCAST	OPTIONS
 net	eth0		detect		dhcp,routefilter,norfc1918
 loc	eth1		detect		routestopped
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Samples/two-interfaces/policy

@@ -18,7 +18,7 @@
 #			in /etc/shorewall/zones, $FW or "all"
 #
 #	POLICY		Policy if no match from the rules file is found. Must
-#			be "ACCEPT", "DENY", "REJECT" or "CONTINUE"
+#			be "ACCEPT", "DROP", "REJECT" or "CONTINUE"
 #
 #	LOG LEVEL	If supplied, each connection handled under the default
 #			POLICY is logged at that level. If not supplied, no

Samples/two-interfaces/rules

@@ -56,10 +56,13 @@
 #                                               MAC address 00:A0:C9:15:39:78.
 #
 #			Alternatively, clients may be specified by interface
-#			by appending ":" followed by the interface name. For
-#			example, loc:eth1 specifies a client that
-#			communicates with the firewall system through eth1.
-#
+#			by appending ":" to the zone name followed by the
+#			interface name. For example, loc:eth1 specifies a
+#			client that communicates with the firewall system
+#			through eth1. This may be optionally followed by
+#			another colon (":") and an IP/MAC/subnet address
+#			as described above (e.g., loc:eth1:192.168.1.5).
+##
 #	DEST		Location of Server. May be a zone defined in
 #			/etc/shorewall/zones or $FW to indicate the firewall
 #			itself.