From b60a2a5b9632b05bbebebb2c9011388647752554 Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 15 Jan 2007 21:49:21 +0000 Subject: [PATCH] Adjust nested zone documentation git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5232 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/Documentation.xml | 49 +++++++++++++++++++++++------------- manpages/shorewall-zones.xml | 2 +- web/Documentation.html | 3 ++- web/Manpages.html | 4 +-- web/shorewall_index.htm | 8 +++--- 5 files changed, 39 insertions(+), 27 deletions(-) diff --git a/docs/Documentation.xml b/docs/Documentation.xml index 5155aa338..45f134940 100644 --- a/docs/Documentation.xml +++ b/docs/Documentation.xml @@ -444,6 +444,37 @@ NET_OPTIONS=blacklist,norfc1918 all may not be used as a zone name nor may the zone name assigned to the firewall itself via the FW variable in . + + The /etc/shorewall/interfaces + and /etc/shorewall/hosts file allow you to + define nested or overlapping zones. Such overlapping/nested zones + are allowed and Shorewall normally processes zones in the order that + they appear in the /etc/shorewall/zones file. + So if you have nested zones, you want the sub-zone to appear before + the super-zone and in the case of overlapping zones, the rules that + will apply to hosts that belong to both zones is determined by which + zone appears first in + /etc/shorewall/zones. + + Hosts that belong to more than one zone may be managed by the + rules of all of those zones. This is done through use of the special + CONTINUE policy described + below. + + Beginning With Shorewall 3.0, you can adjust the order in + which Shorewall generates its rules by using special syntax in the + ZONE column of /etc/shorewall/zones. Where a + zone is nested in one or more other zones, you may follow the + (sub)zone name by ":" and a comma-separated list of the parent + zones. The parent zones must have been defined in earlier records in + this file. + + Example:
+ #ZONE TYPE OPTIONS +parnt1 ipv4 +parnt2 ipv4 +child:parnt1,parnt2 ipv4 +
@@ -1081,24 +1112,6 @@ net eth0 detect dhcp,norfc1918 #ZONE HOST(S) OPTIONS loc eth1:192.168.1.0/24,192.168.12.0/24 - -
- Nested and Overlapping Zones - - The /etc/shorewall/interfaces and - /etc/shorewall/hosts file allow you to define - nested or overlapping zones. Such overlapping/nested zones are allowed - and Shorewall processes zones in the order that they appear in the - /etc/shorewall/zones file. So if you have nested - zones, you want the sub-zone to appear before the super-zone and in the - case of overlapping zones, the rules that will apply to hosts that - belong to both zones is determined by which zone appears first in - /etc/shorewall/zones. - - Hosts that belong to more than one zone may be managed by the - rules of all of those zones. This is done through use of the special - CONTINUE policy described below. -
diff --git a/manpages/shorewall-zones.xml b/manpages/shorewall-zones.xml index 7f8bcc328..3c81c4b8e 100644 --- a/manpages/shorewall-zones.xml +++ b/manpages/shorewall-zones.xml @@ -49,7 +49,7 @@ role="bold">,parent-zone]...] - Nname of the zone. The names "all" and + Name of the zone. The names "all" and "none" are reserved and may not be used as zone names. The maximum length of a zone name is determined by the setting of the LOGFORMAT option in shorewall.conf. With the default LOGFORMAT, zone names can diff --git a/web/Documentation.html b/web/Documentation.html index 052bdcc3f..5dbe0aa1d 100644 --- a/web/Documentation.html +++ b/web/Documentation.html @@ -33,7 +33,8 @@ Español)
  • QuickStart Guides (HOWTOs for setting up Shorewall in popular configurations)
  • -
  • Shorewall 3.4 Manpages
    +
  • Shorewall 3.4 Manpages
  • Installation/Upgrade Instructions
  • diff --git a/web/Manpages.html b/web/Manpages.html index 6a067646e..cd1a5b3fb 100644 --- a/web/Manpages.html +++ b/web/Manpages.html @@ -23,9 +23,7 @@ Documentation License”.

    2007-01-14


    Warning: -These manpages are for Shorewall 3.4.0 only. The HTML formatting -is still a bit off so please bear with us while we try to correct the -problems.
    +These manpages are for Shorewall 3.4.0 only.

    Section 5 - Files

    accounting
    diff --git a/web/shorewall_index.htm b/web/shorewall_index.htm index 4bbf905ee..cc0bf00f3 100644 --- a/web/shorewall_index.htm +++ b/web/shorewall_index.htm @@ -130,17 +130,17 @@ problems and The current Development Release version -is 3.4.0-Beta1
    +is 3.4.0-Beta2
    Get them from the download sites