mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-24 19:51:40 +02:00
Upgrade samples for 1.3.9
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@253 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
0c9f8615c6
commit
93ca6bd86d
@ -12,20 +12,24 @@
|
|||||||
# of a zone defined in /etc/shorewall/zones.
|
# of a zone defined in /etc/shorewall/zones.
|
||||||
#
|
#
|
||||||
# If the interface serves multiple zones that will be
|
# If the interface serves multiple zones that will be
|
||||||
# defined in the /etc/shorewall/hosts file, you may
|
# defined in the /etc/shorewall/hosts file, you should
|
||||||
# place "-" in this column.
|
# place "-" in this column.
|
||||||
#
|
#
|
||||||
# INTERFACE Name of interface
|
# INTERFACE Name of interface. Each interface may be listed only
|
||||||
|
# once in this file.
|
||||||
#
|
#
|
||||||
# BROADCAST The broadcast address for the subnetwork to which the
|
# BROADCAST The broadcast address for the subnetwork to which the
|
||||||
# interface belongs. For P-T-P interfaces, this
|
# interface belongs. For P-T-P interfaces, this
|
||||||
# column is left black.
|
# column is left black.If the interface has multiple
|
||||||
|
# addresses on multiple subnets then list the broadcast
|
||||||
|
# addresses as a comma-separated list.
|
||||||
#
|
#
|
||||||
# If you use the special value "detect", the firewall
|
# If you use the special value "detect", the firewall
|
||||||
# will detect the broadcast address for you. If you
|
# will detect the broadcast address for you. If you
|
||||||
# select this option, the interface must be up before
|
# select this option, the interface must be up before
|
||||||
# the firewall is started and you must have iproute
|
# the firewall is started, you must have iproute
|
||||||
# installed.
|
# installed and the interface must only be associated
|
||||||
|
# with a single subnet.
|
||||||
#
|
#
|
||||||
# If you don't want to give a value for this column but
|
# If you don't want to give a value for this column but
|
||||||
# you want to enter a value in the OPTIONS column, enter
|
# you want to enter a value in the OPTIONS column, enter
|
||||||
|
|||||||
@ -18,7 +18,7 @@
|
|||||||
# in /etc/shorewall/zones, $FW or "all"
|
# in /etc/shorewall/zones, $FW or "all"
|
||||||
#
|
#
|
||||||
# POLICY Policy if no match from the rules file is found. Must
|
# POLICY Policy if no match from the rules file is found. Must
|
||||||
# be "ACCEPT", "DENY", "REJECT" or "CONTINUE"
|
# be "ACCEPT", "DROP", "REJECT" or "CONTINUE"
|
||||||
#
|
#
|
||||||
# LOG LEVEL If supplied, each connection handled under the default
|
# LOG LEVEL If supplied, each connection handled under the default
|
||||||
# POLICY is logged at that level. If not supplied, no
|
# POLICY is logged at that level. If not supplied, no
|
||||||
|
|||||||
@ -349,4 +349,12 @@ MUTEX_TIMEOUT=60
|
|||||||
|
|
||||||
LOGNEWNOTSYN=
|
LOGNEWNOTSYN=
|
||||||
|
|
||||||
|
#
|
||||||
|
# Forward "Ping"
|
||||||
|
#
|
||||||
|
# If FORWARDPING is set to "Yes" then Echo Request ("Ping") packets are
|
||||||
|
# forwarded by the firewall.
|
||||||
|
|
||||||
|
FORWARDPING=Yes
|
||||||
|
|
||||||
#LAST LINE -- DO NOT REMOVE
|
#LAST LINE -- DO NOT REMOVE
|
||||||
|
|||||||
@ -12,20 +12,24 @@
|
|||||||
# of a zone defined in /etc/shorewall/zones.
|
# of a zone defined in /etc/shorewall/zones.
|
||||||
#
|
#
|
||||||
# If the interface serves multiple zones that will be
|
# If the interface serves multiple zones that will be
|
||||||
# defined in the /etc/shorewall/hosts file, you may
|
# defined in the /etc/shorewall/hosts file, you should
|
||||||
# place "-" in this column.
|
# place "-" in this column.
|
||||||
#
|
#
|
||||||
# INTERFACE Name of interface
|
# INTERFACE Name of interface. Each interface may be listed only
|
||||||
|
# once in this file.
|
||||||
#
|
#
|
||||||
# BROADCAST The broadcast address for the subnetwork to which the
|
# BROADCAST The broadcast address for the subnetwork to which the
|
||||||
# interface belongs. For P-T-P interfaces, this
|
# interface belongs. For P-T-P interfaces, this
|
||||||
# column is left black.
|
# column is left black.If the interface has multiple
|
||||||
|
# addresses on multiple subnets then list the broadcast
|
||||||
|
# addresses as a comma-separated list.
|
||||||
#
|
#
|
||||||
# If you use the special value "detect", the firewall
|
# If you use the special value "detect", the firewall
|
||||||
# will detect the broadcast address for you. If you
|
# will detect the broadcast address for you. If you
|
||||||
# select this option, the interface must be up before
|
# select this option, the interface must be up before
|
||||||
# the firewall is started and you must have iproute
|
# the firewall is started, you must have iproute
|
||||||
# installed.
|
# installed and the interface must only be associated
|
||||||
|
# with a single subnet.
|
||||||
#
|
#
|
||||||
# If you don't want to give a value for this column but
|
# If you don't want to give a value for this column but
|
||||||
# you want to enter a value in the OPTIONS column, enter
|
# you want to enter a value in the OPTIONS column, enter
|
||||||
@ -119,7 +123,7 @@
|
|||||||
#
|
#
|
||||||
# net ppp0 - noping
|
# net ppp0 - noping
|
||||||
##############################################################################
|
##############################################################################
|
||||||
#ZONE INTERFACE BROADCAST OPTIONS
|
#ZONE INTERFACE BROADCAST OPTIONS
|
||||||
net eth0 detect dhcp,routefilter,norfc1918
|
net eth0 detect dhcp,routefilter,norfc1918
|
||||||
loc eth1 detect routestopped
|
loc eth1 detect routestopped
|
||||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
||||||
|
|||||||
@ -18,7 +18,7 @@
|
|||||||
# in /etc/shorewall/zones, $FW or "all"
|
# in /etc/shorewall/zones, $FW or "all"
|
||||||
#
|
#
|
||||||
# POLICY Policy if no match from the rules file is found. Must
|
# POLICY Policy if no match from the rules file is found. Must
|
||||||
# be "ACCEPT", "DENY", "REJECT" or "CONTINUE"
|
# be "ACCEPT", "DROP", "REJECT" or "CONTINUE"
|
||||||
#
|
#
|
||||||
# LOG LEVEL If supplied, each connection handled under the default
|
# LOG LEVEL If supplied, each connection handled under the default
|
||||||
# POLICY is logged at that level. If not supplied, no
|
# POLICY is logged at that level. If not supplied, no
|
||||||
|
|||||||
@ -56,10 +56,13 @@
|
|||||||
# MAC address 00:A0:C9:15:39:78.
|
# MAC address 00:A0:C9:15:39:78.
|
||||||
#
|
#
|
||||||
# Alternatively, clients may be specified by interface
|
# Alternatively, clients may be specified by interface
|
||||||
# by appending ":" followed by the interface name. For
|
# by appending ":" to the zone name followed by the
|
||||||
# example, loc:eth1 specifies a client that
|
# interface name. For example, loc:eth1 specifies a
|
||||||
# communicates with the firewall system through eth1.
|
# client that communicates with the firewall system
|
||||||
#
|
# through eth1. This may be optionally followed by
|
||||||
|
# another colon (":") and an IP/MAC/subnet address
|
||||||
|
# as described above (e.g., loc:eth1:192.168.1.5).
|
||||||
|
##
|
||||||
# DEST Location of Server. May be a zone defined in
|
# DEST Location of Server. May be a zone defined in
|
||||||
# /etc/shorewall/zones or $FW to indicate the firewall
|
# /etc/shorewall/zones or $FW to indicate the firewall
|
||||||
# itself.
|
# itself.
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user