From 9de434881f90125aca84b435f0a666aa787b65c0 Mon Sep 17 00:00:00 2001 From: judas_iscariote Date: Wed, 16 Aug 2006 07:25:10 +0000 Subject: [PATCH] document MySQL, Bittorrent and other macros. git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4362 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/ports.xml | 59 +++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 51 insertions(+), 8 deletions(-) diff --git a/docs/ports.xml b/docs/ports.xml index 9a3135cd2..8c607dfca 100644 --- a/docs/ports.xml +++ b/docs/ports.xml @@ -97,6 +97,22 @@ FTP/DNAT net dmz:192.168.1.4 Auth/ACCEPT <source> <destination> +
+ BitTorrent + + + This information is valid only for Shorewall 3.2 or later. + + + + We assume BitTorrent client listen + in the default port(s) + + + #ACTION SOURCE DESTINATION PROTO DEST PORT(S) +BitTorrent/ACCEPT <source> <destination> +
+
DNS @@ -125,6 +141,10 @@ DNS/ACCEPT dmz net
Emule + + This information is valid only for Shorewall 3.2 or later. + + In contrast to how the rest of this article is organized, for emule I will give you the rules necessary to run emule on a single machine in your loc network (since that's what 99.99% of you want to do). Assume @@ -153,9 +173,9 @@ DNS/ACCEPT dmz net /etc/shorewall/rules: - #ACTION SOURCE DESTINATION PROTO DEST PORT(S) -DNAT net loc:192.168.1.4 tcp 4662 -DNAT net loc:192.168.1.4 udp 4672 + #ACTION SOURCE DESTINATION PROTO DEST PORT(S) +Edonkey/DNAT net loc:192.168.1.4 +#if you wish to enable the Emule webserver, add this rule too. DNAT net loc:192.168.1.4 tcp 4711
@@ -247,6 +267,26 @@ LDAP/ACCEPT <source> <destina LDAPS/ACCEPT <source> <destination> # LDAP over SSL
+
+ <trademark>MySQL</trademark> + + + This information is valid only for Shorewall 3.2 or later. + + + + Allowing access from untrusted hosts to your + MySQL server represents a severe security risk. + + DO NOT USE THIS if you don't know + how to deal with the consecuences, you have been warned. + + + #ACTION SOURCE DESTINATION PROTO DEST PORT(S) +MySQL/ACCEPT <source> <destination> +
+
NFS @@ -428,16 +468,19 @@ NNTPS/ACCEPT <source> <destination> # secure NNTP VNC - Vncviewer to Vncserver -- TCP port 5900 + <display - number>. + + This information is valid only for Shorewall 3.2 or later. + Vncviewer to Vncserver -- TCP port 5900 + <display number>. + the following rule handles VNC traffic for VNC displays 0 - + 9. + #ACTION SOURCE DESTINATION PROTO DEST PORT(S) -ACCEPT <source> <destination> tcp 5901 #Display Number 1 -ACCEPT <source> <destination> tcp 5902 #Display Number 2 -... +VNC/ACCEPT <source> <destination> + Vncserver to Vncviewer in listen mode -- TCP port 5500.