Tweaks to the Routed Xen domain

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4643 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-08 16:54:10 +01:00 · 2006-10-07 19:43:09 +00:00 · 2006-10-07 19:43:09 +00:00 · ac9020a951
commit ac9020a951
parent 3e5bd699e2
1 changed files with 7 additions and 2 deletions
--- a/docs/XenMyWay-Routed.xml
+++ b/docs/XenMyWay-Routed.xml
@ -194,7 +194,8 @@
        <programlisting>options netloop nloopbacks=1 #Stop netloop from creating 8 vifs</programlisting>

        <para><filename>/etc/xen/auto/02-lists</filename> — configuration file
-        for the lists domain</para>
+        for the lists domain. Note that the vifname is set to 'eth3' for the
+        virtual interface to this vm.</para>

        <programlisting>#  -*- mode: python; -*-

@ -349,7 +350,7 @@ TCP_FLAGS_DISPOSITION=DROP</programlisting>

        <programlisting>#ZONE   TYPE            OPTIONS         IN                      OUT
 #                                       OPTIONS                 OPTIONS
-fw      firewall
+fw      firewall        #The firewall itself.
 net     ipv4            #Internet
 loc     ipv4            #Local wired Zone
 dmz     ipv4            #DMZ
@ -379,6 +380,10 @@ net             vpn             DROP            $LOG
 all             all             REJECT          $LOG
 #LAST LINE -- DO NOT REMOVE</programlisting>

+        <para><filename>Note that the firewall&lt;-&gt;local network interface
+        is wide open so from a security point of view, the firewall system is
+        part of the local zone.</filename></para>
+
        <para><filename>/etc/shorewall/params (edited)</filename>:</para>

        <programlisting>MIRRORS=&lt;comma-separated list of Shorewall mirrors&gt;