From 9f34a5cb766927e168407bb7786e2484801bd789 Mon Sep 17 00:00:00 2001 From: teastep Date: Thu, 29 Nov 2007 00:56:29 +0000 Subject: [PATCH] Belabor the obvious git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7786 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/configuration_file_basics.xml | 91 ++++++++++++++++-------------- 1 file changed, 48 insertions(+), 43 deletions(-) diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml index 96eaaafb4..1b9380e2f 100644 --- a/docs/configuration_file_basics.xml +++ b/docs/configuration_file_basics.xml @@ -383,50 +383,54 @@ smtp,www,pop3,imap #Services running on the firewall shorewall/params.mgmt: -   MGMT_SERVERS=1.1.1.1,2.2.2.2,3.3.3.3 -    TIME_SERVERS=4.4.4.4 -    BACKUP_SERVERS=5.5.5.5 +   MGMT_SERVERS=1.1.1.1,2.2.2.2,3.3.3.3 +    TIME_SERVERS=4.4.4.4 +    BACKUP_SERVERS=5.5.5.5 -   ----- end params.mgmt ----- +   ----- end params.mgmt ----- -   shorewall/params: +   shorewall/params: -   # Shorewall 1.3 /etc/shorewall/params -    [..] -    ####################################### -   -    INCLUDE params.mgmt    -   -    # params unique to this host here -    #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE +   # Shorewall 1.3 /etc/shorewall/params +    [..] +    ####################################### +   +    INCLUDE params.mgmt    +   +    # params unique to this host here +    #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE -   ----- end params ----- +   ----- end params ----- -   shorewall/rules.mgmt: +   shorewall/rules.mgmt: -   ACCEPT net:$MGMT_SERVERS   $FW    tcp    22 -    ACCEPT $FW          net:$TIME_SERVERS    udp    123 -    ACCEPT $FW          net:$BACKUP_SERVERS  tcp    22 +   ACCEPT net:$MGMT_SERVERS   $FW    tcp    22 +    ACCEPT $FW          net:$TIME_SERVERS    udp    123 +    ACCEPT $FW          net:$BACKUP_SERVERS  tcp    22 -   ----- end rules.mgmt ----- +   ----- end rules.mgmt ----- -   shorewall/rules: +   shorewall/rules: -   # Shorewall version 1.3 - Rules File -    [..] -    ####################################### -   -    INCLUDE rules.mgmt     -   -    # rules unique to this host here -    #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE +   # Shorewall version 1.3 - Rules File +    [..] +    ####################################### +   +    INCLUDE rules.mgmt     +   +    # rules unique to this host here +    #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE -   ----- end rules ----- +   ----- end rules -----
- Embedded Shell and Perl (Added in Shorewall-perl 4.0.6) + Embedded Shell and Perl + + This feature was added in Shorewall-perl 4.0.6. To use it, you must + be running 4.0.6 or later and must be using Shorewall-perl + (SHOREWALL_COMPILER=perl in shorewall.conf). Earlier versions of Shorewall offered extension scripts to allow @@ -621,7 +625,7 @@ use Shorewall::Config qw/shorewall/; Must not have any embedded white space. Valid: routefilter,dhcp,norfc1918 - Invalid: routefilter,     dhcp,     norfc1818 + Invalid: routefilter,     dhcp,     norfc1818 @@ -794,17 +798,17 @@ DNAT net loc:192.168.1.3 tcp 4000:4100 Example:
-     /etc/shorewall/params +     /etc/shorewall/params NET_IF=eth0 NET_BCAST=130.252.100.255 NET_OPTIONS=routefilter,norfc1918 -    /etc/shorewall/interfaces record: +    /etc/shorewall/interfaces record: net $NET_IF $NET_BCAST $NET_OPTIONS -    The result will be the same as if the record had been written +    The result will be the same as if the record had been written net eth0 130.252.100.255 routefilter,norfc1918 @@ -890,15 +894,16 @@ DNAT net loc:192.168.1.3 tcp 4000:4100 MAC Address of an Ethernet Controller -      [root@gateway root]# ifconfig eth0 -      eth0 Link encap:Ethernet HWaddr 02:00:08:E3:FA:55 -      inet addr:206.124.146.176 Bcast:206.124.146.255 Mask:255.255.255.0 -      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 -      RX packets:2398102 errors:0 dropped:0 overruns:0 frame:0 -      TX packets:3044698 errors:0 dropped:0 overruns:0 carrier:0 -      collisions:30394 txqueuelen:100 -      RX bytes:419871805 (400.4 Mb) TX bytes:1659782221 (1582.8 Mb) -      Interrupt:11 Base address:0x1800 +      [root@gateway root]# ifconfig eth0 +      eth0 Link encap:Ethernet HWaddr 02:00:08:E3:FA:55 +      inet addr:206.124.146.176 Bcast:206.124.146.255 Mask:255.255.255.0 +      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 +      RX packets:2398102 errors:0 dropped:0 overruns:0 frame:0 +      TX packets:3044698 errors:0 dropped:0 overruns:0 carrier:0 +      collisions:30394 txqueuelen:100 +      RX bytes:419871805 (400.4 Mb) TX bytes:1659782221 (1582.8 Mb) +      Interrupt:11 Base address:0x1800