mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 14:20:40 +01:00
Belabor the obvious
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7786 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
cca9f14a27
commit
9f34a5cb76
@ -383,50 +383,54 @@ smtp,www,pop3,imap #Services running on the firewall</programlisting>
|
|||||||
|
|
||||||
<programlisting> shorewall/params.mgmt:
|
<programlisting> shorewall/params.mgmt:
|
||||||
|
|
||||||
MGMT_SERVERS=1.1.1.1,2.2.2.2,3.3.3.3
|
MGMT_SERVERS=1.1.1.1,2.2.2.2,3.3.3.3
|
||||||
TIME_SERVERS=4.4.4.4
|
TIME_SERVERS=4.4.4.4
|
||||||
BACKUP_SERVERS=5.5.5.5
|
BACKUP_SERVERS=5.5.5.5
|
||||||
|
|
||||||
----- end params.mgmt -----
|
----- end params.mgmt -----
|
||||||
|
|
||||||
shorewall/params:
|
shorewall/params:
|
||||||
|
|
||||||
# Shorewall 1.3 /etc/shorewall/params
|
# Shorewall 1.3 /etc/shorewall/params
|
||||||
[..]
|
[..]
|
||||||
#######################################
|
#######################################
|
||||||
|
|
||||||
INCLUDE params.mgmt
|
INCLUDE params.mgmt
|
||||||
|
|
||||||
# params unique to this host here
|
# params unique to this host here
|
||||||
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
|
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
|
||||||
|
|
||||||
----- end params -----
|
----- end params -----
|
||||||
|
|
||||||
shorewall/rules.mgmt:
|
shorewall/rules.mgmt:
|
||||||
|
|
||||||
ACCEPT net:$MGMT_SERVERS $FW tcp 22
|
ACCEPT net:$MGMT_SERVERS $FW tcp 22
|
||||||
ACCEPT $FW net:$TIME_SERVERS udp 123
|
ACCEPT $FW net:$TIME_SERVERS udp 123
|
||||||
ACCEPT $FW net:$BACKUP_SERVERS tcp 22
|
ACCEPT $FW net:$BACKUP_SERVERS tcp 22
|
||||||
|
|
||||||
----- end rules.mgmt -----
|
----- end rules.mgmt -----
|
||||||
|
|
||||||
shorewall/rules:
|
shorewall/rules:
|
||||||
|
|
||||||
# Shorewall version 1.3 - Rules File
|
# Shorewall version 1.3 - Rules File
|
||||||
[..]
|
[..]
|
||||||
#######################################
|
#######################################
|
||||||
|
|
||||||
INCLUDE rules.mgmt
|
INCLUDE rules.mgmt
|
||||||
|
|
||||||
# rules unique to this host here
|
# rules unique to this host here
|
||||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
||||||
|
|
||||||
----- end rules -----</programlisting>
|
----- end rules -----</programlisting>
|
||||||
</example>
|
</example>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="Embedded">
|
<section id="Embedded">
|
||||||
<title>Embedded Shell and Perl (Added in Shorewall-perl 4.0.6)</title>
|
<title>Embedded Shell and Perl</title>
|
||||||
|
|
||||||
|
<para>This feature was added in Shorewall-perl 4.0.6. To use it, you must
|
||||||
|
be running 4.0.6 or later and must be using Shorewall-perl
|
||||||
|
(SHOREWALL_COMPILER=perl in shorewall.conf).</para>
|
||||||
|
|
||||||
<para>Earlier versions of Shorewall offered <ulink
|
<para>Earlier versions of Shorewall offered <ulink
|
||||||
url="shorewall_extension_scripts.htm">extension scripts</ulink> to allow
|
url="shorewall_extension_scripts.htm">extension scripts</ulink> to allow
|
||||||
@ -621,7 +625,7 @@ use Shorewall::Config qw/shorewall/;</programlisting>
|
|||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Must not have any embedded white space.<programlisting> Valid: routefilter,dhcp,norfc1918
|
<para>Must not have any embedded white space.<programlisting> Valid: routefilter,dhcp,norfc1918
|
||||||
Invalid: routefilter, dhcp, norfc1818</programlisting></para>
|
Invalid: routefilter, dhcp, norfc1818</programlisting></para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
@ -794,17 +798,17 @@ DNAT net loc:192.168.1.3 tcp 4000:4100</programlisting>
|
|||||||
<para>Example:</para>
|
<para>Example:</para>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<programlisting> /etc/shorewall/params
|
<programlisting> /etc/shorewall/params
|
||||||
|
|
||||||
NET_IF=eth0
|
NET_IF=eth0
|
||||||
NET_BCAST=130.252.100.255
|
NET_BCAST=130.252.100.255
|
||||||
NET_OPTIONS=routefilter,norfc1918
|
NET_OPTIONS=routefilter,norfc1918
|
||||||
|
|
||||||
/etc/shorewall/interfaces record:
|
/etc/shorewall/interfaces record:
|
||||||
|
|
||||||
net $NET_IF $NET_BCAST $NET_OPTIONS
|
net $NET_IF $NET_BCAST $NET_OPTIONS
|
||||||
|
|
||||||
The result will be the same as if the record had been written
|
The result will be the same as if the record had been written
|
||||||
|
|
||||||
net eth0 130.252.100.255 routefilter,norfc1918
|
net eth0 130.252.100.255 routefilter,norfc1918
|
||||||
</programlisting>
|
</programlisting>
|
||||||
@ -890,15 +894,16 @@ DNAT net loc:192.168.1.3 tcp 4000:4100</programlisting>
|
|||||||
<example id="mac">
|
<example id="mac">
|
||||||
<title>MAC Address of an Ethernet Controller</title>
|
<title>MAC Address of an Ethernet Controller</title>
|
||||||
|
|
||||||
<programlisting> [root@gateway root]# <command>ifconfig eth0</command>
|
<programlisting> [root@gateway root]# <command>ifconfig eth0</command>
|
||||||
eth0 Link encap:Ethernet HWaddr <emphasis role="bold">02:00:08:E3:FA:55</emphasis>
|
eth0 Link encap:Ethernet HWaddr <emphasis
|
||||||
inet addr:206.124.146.176 Bcast:206.124.146.255 Mask:255.255.255.0
|
role="bold">02:00:08:E3:FA:55</emphasis>
|
||||||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
inet addr:206.124.146.176 Bcast:206.124.146.255 Mask:255.255.255.0
|
||||||
RX packets:2398102 errors:0 dropped:0 overruns:0 frame:0
|
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||||||
TX packets:3044698 errors:0 dropped:0 overruns:0 carrier:0
|
RX packets:2398102 errors:0 dropped:0 overruns:0 frame:0
|
||||||
collisions:30394 txqueuelen:100
|
TX packets:3044698 errors:0 dropped:0 overruns:0 carrier:0
|
||||||
RX bytes:419871805 (400.4 Mb) TX bytes:1659782221 (1582.8 Mb)
|
collisions:30394 txqueuelen:100
|
||||||
Interrupt:11 Base address:0x1800
|
RX bytes:419871805 (400.4 Mb) TX bytes:1659782221 (1582.8 Mb)
|
||||||
|
Interrupt:11 Base address:0x1800
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</example>
|
</example>
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user