mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-11 20:26:39 +02:00
More cleanups of myfiles.xml
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1027 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
29380eaa70
commit
a57aedd3d0
@ -229,6 +229,27 @@ eth3 192.168.3.0/24
|
|||||||
</blockquote>
|
</blockquote>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>RFC1918 File</title>
|
||||||
|
|
||||||
|
<blockquote>
|
||||||
|
<para>I use a stripped-down file which doesn't have to be updated
|
||||||
|
when the IANA allocates a block of IP addresses.</para>
|
||||||
|
</blockquote>
|
||||||
|
|
||||||
|
<blockquote>
|
||||||
|
<programlisting>#SUBNET TARGET
|
||||||
|
169.254.0.0/16 DROP # DHCP autoconfig
|
||||||
|
172.16.0.0/12 logdrop # RFC 1918
|
||||||
|
192.0.2.0/24 logdrop # Example addresses
|
||||||
|
192.168.0.0/16 logdrop # RFC 1918
|
||||||
|
10.24.60.56 DROP # Some idiot in my broadcast domain
|
||||||
|
# has a box configured with this
|
||||||
|
# address.
|
||||||
|
10.0.0.0/8 logdrop # Reserved (RFC 1918)</programlisting>
|
||||||
|
</blockquote>
|
||||||
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>Blacklist File (Partial)</title>
|
<title>Blacklist File (Partial)</title>
|
||||||
|
|
||||||
@ -296,7 +317,7 @@ eth0 eth3 206.124.146.179
|
|||||||
</blockquote>
|
</blockquote>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section id="ProxyARP">
|
||||||
<title>Proxy ARP File</title>
|
<title>Proxy ARP File</title>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
@ -519,24 +540,13 @@ ACCEPT all all icmp
|
|||||||
</blockquote>
|
</blockquote>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
|
||||||
<title>Tcrules File</title>
|
|
||||||
|
|
||||||
<para>This file deals with redirecting html requests to Squid on the DMZ
|
|
||||||
server.</para>
|
|
||||||
|
|
||||||
<blockquote>
|
|
||||||
<programlisting>#TYPE ZONE GATEWAY GATEWAY ZONE PORT
|
|
||||||
gre net $TEXAS
|
|
||||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</programlisting>
|
|
||||||
</blockquote>
|
|
||||||
</section>
|
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>Init File</title>
|
<title>Init File</title>
|
||||||
|
|
||||||
<para>This file deals with redirecting html requests to Squid on the DMZ
|
<blockquote>
|
||||||
server.</para>
|
<para>This file deals with redirecting html requests to <ulink
|
||||||
|
url="Shorewall_Squid_Usage.html#DMZ">Squid on the DMZ server</ulink>.</para>
|
||||||
|
</blockquote>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<programlisting>#
|
<programlisting>#
|
||||||
@ -554,8 +564,10 @@ fi</programlisting>
|
|||||||
<section>
|
<section>
|
||||||
<title>/etc/iproute2/rt_tables</title>
|
<title>/etc/iproute2/rt_tables</title>
|
||||||
|
|
||||||
<para>This file deals with redirecting html requests to Squid on the DMZ
|
<blockquote>
|
||||||
server.</para>
|
<para>This file deals with redirecting html requests to <ulink
|
||||||
|
url="Shorewall_Squid_Usage.html#DMZ">Squid on the DMZ server</ulink>.</para>
|
||||||
|
</blockquote>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<programlisting>#
|
<programlisting>#
|
||||||
@ -576,20 +588,26 @@ fi</programlisting>
|
|||||||
<section>
|
<section>
|
||||||
<title>Tcrules File</title>
|
<title>Tcrules File</title>
|
||||||
|
|
||||||
<para>This file deals with redirecting html requests to Squid on the DMZ
|
<blockquote>
|
||||||
server.</para>
|
<para>This file deals with redirecting html requests to <ulink
|
||||||
|
url="Shorewall_Squid_Usage.html#DMZ">Squid on the DMZ server</ulink>
|
||||||
|
-- in my setup, it is <emphasis role="bold">not</emphasis> used for
|
||||||
|
traffic shapping/control.</para>
|
||||||
|
</blockquote>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<programlisting>#TYPE ZONE GATEWAY GATEWAY ZONE PORT
|
<programlisting>#MARK SOURCE DEST PROTO PORT(S) CLIENT PORT(S)
|
||||||
gre net $TEXAS
|
1:P eth2,eth3 !192.168.0.0/16 tcp 80</programlisting>
|
||||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</programlisting>
|
|
||||||
</blockquote>
|
</blockquote>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>Tcstart File</title>
|
<title>Tcstart File</title>
|
||||||
|
|
||||||
<para>My tcstart file is just the HTB version of WonderShaper.</para>
|
<blockquote>
|
||||||
|
<para>My tcstart file is just the HTB version of <ulink
|
||||||
|
url="http://lartc.org/wondershaper/">The WonderShaper</ulink>.</para>
|
||||||
|
</blockquote>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
@ -598,7 +616,7 @@ gre net $TEXAS
|
|||||||
<blockquote>
|
<blockquote>
|
||||||
<para>This file is Redhat specific and adds a route to my DMZ server
|
<para>This file is Redhat specific and adds a route to my DMZ server
|
||||||
when eth1 is brought up. It allows me to enter <quote>Yes</quote> in
|
when eth1 is brought up. It allows me to enter <quote>Yes</quote> in
|
||||||
the HAVEROUTE column of my Proxy ARP file.</para>
|
the HAVEROUTE column of <link linkend="ProxyARP">my Proxy ARP file</link>.</para>
|
||||||
|
|
||||||
<programlisting>#!/bin/sh
|
<programlisting>#!/bin/sh
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user