mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 06:38:53 +01:00
Adjust nested zone documentation
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5232 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
cb2287437f
commit
b60a2a5b96
@ -444,6 +444,37 @@ NET_OPTIONS=blacklist,norfc1918</programlisting>
|
||||
<quote>all</quote> may not be used as a zone name nor may the zone
|
||||
name assigned to the firewall itself via the FW variable in <xref
|
||||
linkend="Conf" />.</para>
|
||||
|
||||
<para id="Nested">The <filename>/etc/shorewall/interfaces</filename>
|
||||
and <filename>/etc/shorewall/hosts</filename> file allow you to
|
||||
define nested or overlapping zones. Such overlapping/nested zones
|
||||
are allowed and Shorewall normally processes zones in the order that
|
||||
they appear in the <filename>/etc/shorewall/zones</filename> file.
|
||||
So if you have nested zones, you want the sub-zone to appear before
|
||||
the super-zone and in the case of overlapping zones, the rules that
|
||||
will apply to hosts that belong to both zones is determined by which
|
||||
zone appears first in
|
||||
<filename>/etc/shorewall/zones</filename>.</para>
|
||||
|
||||
<para>Hosts that belong to more than one zone may be managed by the
|
||||
rules of all of those zones. This is done through use of the special
|
||||
<link linkend="CONTINUE">CONTINUE policy</link> described
|
||||
below.</para>
|
||||
|
||||
<para>Beginning With Shorewall 3.0, you can adjust the order in
|
||||
which Shorewall generates its rules by using special syntax in the
|
||||
ZONE column of <filename>/etc/shorewall/zones</filename>. Where a
|
||||
zone is nested in one or more other zones, you may follow the
|
||||
(sub)zone name by ":" and a comma-separated list of the parent
|
||||
zones. The parent zones must have been defined in earlier records in
|
||||
this file.</para>
|
||||
|
||||
<para>Example:<blockquote>
|
||||
<programlisting>#ZONE TYPE OPTIONS
|
||||
parnt1 ipv4
|
||||
parnt2 ipv4
|
||||
child:parnt1,parnt2 ipv4</programlisting>
|
||||
</blockquote></para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1081,24 +1112,6 @@ net eth0 detect dhcp,norfc1918
|
||||
<programlisting>#ZONE HOST(S) OPTIONS
|
||||
loc eth1:192.168.1.0/24,192.168.12.0/24</programlisting>
|
||||
</example>
|
||||
|
||||
<section id="Nested">
|
||||
<title>Nested and Overlapping Zones</title>
|
||||
|
||||
<para>The <filename>/etc/shorewall/interfaces</filename> and
|
||||
<filename>/etc/shorewall/hosts</filename> file allow you to define
|
||||
nested or overlapping zones. Such overlapping/nested zones are allowed
|
||||
and Shorewall processes zones in the order that they appear in the
|
||||
<filename>/etc/shorewall/zones</filename> file. So if you have nested
|
||||
zones, you want the sub-zone to appear before the super-zone and in the
|
||||
case of overlapping zones, the rules that will apply to hosts that
|
||||
belong to both zones is determined by which zone appears first in
|
||||
<filename>/etc/shorewall/zones</filename>.</para>
|
||||
|
||||
<para>Hosts that belong to more than one zone may be managed by the
|
||||
rules of all of those zones. This is done through use of the special
|
||||
<link linkend="CONTINUE">CONTINUE policy</link> described below.</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section id="Policy" xreflabel="/etc/shorewall/policy">
|
||||
|
@ -49,7 +49,7 @@
|
||||
role="bold">,</emphasis><emphasis>parent-zone</emphasis>]...]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Nname of the <emphasis>zone</emphasis>. The names "all" and
|
||||
<para>Name of the <emphasis>zone</emphasis>. The names "all" and
|
||||
"none" are reserved and may not be used as zone names. The maximum
|
||||
length of a zone name is determined by the setting of the LOGFORMAT
|
||||
option in shorewall.conf. With the default LOGFORMAT, zone names can
|
||||
|
@ -33,7 +33,8 @@ Español)</a></li>
|
||||
<li><a href="shorewall_quickstart_guide.htm">QuickStart Guides
|
||||
(<span style="font-weight: bold;">HOWTO</span>s for setting up
|
||||
Shorewall in popular configurations)</a></li>
|
||||
<li><a href="manpages/Manpages.html">Shorewall 3.4 Manpages</a><br>
|
||||
<li><a href="manpages/Manpages.html">Shorewall 3.4 <span
|
||||
style="font-weight: bold;">Manpages</span></a><br>
|
||||
</li>
|
||||
<li><a href="Install.htm"><span style="font-weight: bold;">Install</span>ation/<span
|
||||
style="font-weight: bold;">Upgrade</span> Instructions</a></li>
|
||||
|
@ -23,9 +23,7 @@ Documentation License</a></span>”.<br>
|
||||
<p>2007-01-14<br>
|
||||
</p>
|
||||
<hr style="width: 100%; height: 2px;"> <span style="font-weight: bold;">Warning:
|
||||
</span>These manpages are for Shorewall 3.4.0 only. The HTML formatting
|
||||
is still a bit off so please bear with us while we try to correct the
|
||||
problems.<br>
|
||||
</span>These manpages are for Shorewall 3.4.0 only.<br>
|
||||
<h2>Section 5 - Files<br>
|
||||
</h2>
|
||||
<div style="margin-left: 40px;"><a href="shorewall-accounting.html">accounting</a><br>
|
||||
|
@ -130,17 +130,17 @@ problems</a> and <a
|
||||
</ul>
|
||||
The <span style="font-weight: bold;">current Development Release</span>
|
||||
version
|
||||
is 3.4.0-Beta1<br>
|
||||
is 3.4.0-Beta2<br>
|
||||
</div>
|
||||
<ul style="margin-left: 40px;">
|
||||
<li>Here are the <a
|
||||
href="http://www1.shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-Beta1/releasenotes.txt">release
|
||||
href="http://www1.shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-Beta2/releasenotes.txt">release
|
||||
notes</a> <br>
|
||||
</li>
|
||||
<li>Here are the <a
|
||||
href="http://www1.shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-Beta1/known_problems.txt">known
|
||||
href="http://www1.shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-Beta2/known_problems.txt">known
|
||||
problems</a> and <a
|
||||
href="http://www1.shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-Beta1/errata/">updates</a>.</li>
|
||||
href="http://www1.shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-Beta2/errata/">updates</a>.</li>
|
||||
</ul>
|
||||
<div style="margin-left: 40px;">Get them from the <a
|
||||
href="download.htm">download sites</a></div>
|
||||
|
Loading…
Reference in New Issue
Block a user