extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-08-15 19:23:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Baseline 2.0 Sample Files Revision 1.0

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1187 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
frannie
2004-03-14 18:16:35 +00:00
parent 699a4cf567
commit c5f747624b
16 changed files with 223 additions and 196 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
Samples/two-interfaces/interfaces
View File

@ -1,5 +1,5 @@
#
# Shorewall 1.4.8a -- Sample Interface File For Two Interfaces
# Shorewall 2.0 -- Sample Interface File For Two Interfaces
#
# /etc/shorewall/interfaces
#
@ -26,7 +26,8 @@
# want to make a entry that applies to all PPP
# interfaces, use 'ppp+'.
#
# DO NOT DEFINE THE LOOPBACK INTERFACE (lo) IN THIS FILE.
# There is no need to defiane the loopback interface
# (lo) in this file.
#
# BROADCAST
# The broadcast address for the subnetwork to which the
@ -69,11 +70,6 @@
# interface (anti-spoofing measure). This
# option can also be enabled globally in
# the /etc/shorewall/shorewall.conf file.
# dropunclean
# Logs and drops mangled/invalid packets
# logunclean
# Logs mangled/invalid packets but does
# not drop them.
# blacklist
# Check packets arriving on this interface
# against the /etc/shorewall/blacklist
@ -124,6 +120,20 @@
# the interface can respond to ARP who-has requests
# for IP addresses on any of the firewall's interface.
# The interface must be up when shorewall is started.
# nosmurfs
# Filter packets for smurfs (Packets with a broadcast
# address as the source).
#
# Smurfs will be optionally logged based on the setting
# of SMURF_LOG_LEVEL in shorewall.conf. After logging
# the packets are dropped.
#
# detectnets
# Automatically taylors the zone named in the ZONE column
# to include only those hosts routed through the interface.
#
# WARNING: DO NOT SET THE detectnets OPTION ON YOUR INTERNET INTERFACE!
#
#
# The order in which you list the options is not
# significant but the list should have no embedded white
@ -151,6 +161,6 @@
#
##############################################################################
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect dhcp,routefilter,norfc1918
loc eth1 detect
net eth0 detect dhcp,routefilter,norfc1918,tcpflags
loc eth1 detect tcpflags
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE