Adjust nested zone documentation

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5232 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-01-15 21:49:21 +00:00
parent cb2287437f
commit b60a2a5b96
5 changed files with 39 additions and 27 deletions

View File

@ -444,6 +444,37 @@ NET_OPTIONS=blacklist,norfc1918</programlisting>
<quote>all</quote> may not be used as a zone name nor may the zone
name assigned to the firewall itself via the FW variable in <xref
linkend="Conf" />.</para>
<para id="Nested">The <filename>/etc/shorewall/interfaces</filename>
and <filename>/etc/shorewall/hosts</filename> file allow you to
define nested or overlapping zones. Such overlapping/nested zones
are allowed and Shorewall normally processes zones in the order that
they appear in the <filename>/etc/shorewall/zones</filename> file.
So if you have nested zones, you want the sub-zone to appear before
the super-zone and in the case of overlapping zones, the rules that
will apply to hosts that belong to both zones is determined by which
zone appears first in
<filename>/etc/shorewall/zones</filename>.</para>
<para>Hosts that belong to more than one zone may be managed by the
rules of all of those zones. This is done through use of the special
<link linkend="CONTINUE">CONTINUE policy</link> described
below.</para>
<para>Beginning With Shorewall 3.0, you can adjust the order in
which Shorewall generates its rules by using special syntax in the
ZONE column of <filename>/etc/shorewall/zones</filename>. Where a
zone is nested in one or more other zones, you may follow the
(sub)zone name by ":" and a comma-separated list of the parent
zones. The parent zones must have been defined in earlier records in
this file.</para>
<para>Example:<blockquote>
<programlisting>#ZONE TYPE OPTIONS
parnt1 ipv4
parnt2 ipv4
child:parnt1,parnt2 ipv4</programlisting>
</blockquote></para>
</listitem>
</varlistentry>
@ -1081,24 +1112,6 @@ net eth0 detect dhcp,norfc1918
<programlisting>#ZONE HOST(S) OPTIONS
loc eth1:192.168.1.0/24,192.168.12.0/24</programlisting>
</example>
<section id="Nested">
<title>Nested and Overlapping Zones</title>
<para>The <filename>/etc/shorewall/interfaces</filename> and
<filename>/etc/shorewall/hosts</filename> file allow you to define
nested or overlapping zones. Such overlapping/nested zones are allowed
and Shorewall processes zones in the order that they appear in the
<filename>/etc/shorewall/zones</filename> file. So if you have nested
zones, you want the sub-zone to appear before the super-zone and in the
case of overlapping zones, the rules that will apply to hosts that
belong to both zones is determined by which zone appears first in
<filename>/etc/shorewall/zones</filename>.</para>
<para>Hosts that belong to more than one zone may be managed by the
rules of all of those zones. This is done through use of the special
<link linkend="CONTINUE">CONTINUE policy</link> described below.</para>
</section>
</section>
<section id="Policy" xreflabel="/etc/shorewall/policy">

View File

@ -49,7 +49,7 @@
role="bold">,</emphasis><emphasis>parent-zone</emphasis>]...]</term>
<listitem>
<para>Nname of the <emphasis>zone</emphasis>. The names "all" and
<para>Name of the <emphasis>zone</emphasis>. The names "all" and
"none" are reserved and may not be used as zone names. The maximum
length of a zone name is determined by the setting of the LOGFORMAT
option in shorewall.conf. With the default LOGFORMAT, zone names can

View File

@ -33,7 +33,8 @@ Español)</a></li>
<li><a href="shorewall_quickstart_guide.htm">QuickStart Guides
(<span style="font-weight: bold;">HOWTO</span>s for setting up
Shorewall in popular configurations)</a></li>
<li><a href="manpages/Manpages.html">Shorewall 3.4 Manpages</a><br>
<li><a href="manpages/Manpages.html">Shorewall 3.4 <span
style="font-weight: bold;">Manpages</span></a><br>
</li>
<li><a href="Install.htm"><span style="font-weight: bold;">Install</span>ation/<span
style="font-weight: bold;">Upgrade</span> Instructions</a></li>

View File

@ -23,9 +23,7 @@ Documentation License</a></span>”.<br>
<p>2007-01-14<br>
</p>
<hr style="width: 100%; height: 2px;"> <span style="font-weight: bold;">Warning:
</span>These manpages are for Shorewall 3.4.0 only. The HTML formatting
is still a bit off so please bear with us while we try to correct the
problems.<br>
</span>These manpages are for Shorewall 3.4.0 only.<br>
<h2>Section 5 - Files<br>
</h2>
<div style="margin-left: 40px;"><a href="shorewall-accounting.html">accounting</a><br>

View File

@ -130,17 +130,17 @@ problems</a> and <a
</ul>
The <span style="font-weight: bold;">current Development Release</span>
version
is 3.4.0-Beta1<br>
is 3.4.0-Beta2<br>
</div>
<ul style="margin-left: 40px;">
<li>Here are the <a
href="http://www1.shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-Beta1/releasenotes.txt">release
href="http://www1.shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-Beta2/releasenotes.txt">release
notes</a> <br>
</li>
<li>Here are the <a
href="http://www1.shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-Beta1/known_problems.txt">known
href="http://www1.shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-Beta2/known_problems.txt">known
problems</a> and <a
href="http://www1.shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-Beta1/errata/">updates</a>.</li>
href="http://www1.shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-Beta2/errata/">updates</a>.</li>
</ul>
<div style="margin-left: 40px;">Get them from the <a
href="download.htm">download sites</a></div>