new samples for the upcoming 2.6 release

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2528 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-26 17:43:15 +01:00 · 2005-08-21 21:10:15 +00:00 · 2005-08-21 21:10:15 +00:00 · d6da8fb9d5
commit d6da8fb9d5
parent bd44195ee7
2 changed files with 13 additions and 8 deletions
--- a/Samples/two-interfaces/interfaces
+++ b/Samples/two-interfaces/interfaces
@ -187,6 +187,6 @@
 #
 ##############################################################################
 #ZONE	INTERFACE	BROADCAST	OPTIONS
-net	eth0		detect		dhcp,routefilter,norfc1918,tcpflags
-loc	eth1		detect		tcpflags
+net	eth0		detect		dhcp,tcpflags,norfc1918,routefilter,nosmurfs,logmartians
+loc	eth1		detect		tcpflags,detectnets
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples/two-interfaces/rules
+++ b/Samples/two-interfaces/rules
@ -340,17 +340,22 @@
 #
 #	Accept DNS connections from the firewall to the network
 #
-ACCEPT		fw		net		tcp	53
-ACCEPT		fw		net		udp	53
+DNS/ACCEPT	fw		net
 #
 #	Accept SSH connections from the local network for administration
 #
-ACCEPT		loc		fw		tcp	22
+SSH/ACCEPT	loc             net	
 #
-#	Allow Ping To And From Firewall
+#	Allow Ping from the local network
 #
-ACCEPT		loc		fw		icmp	8
-ACCEPT		net		fw		icmp	8
+Ping/ACCEPT	loc		fw
+
+#
+# Reject Ping from the "bad" net zone.. and prevent your log from being flooded..
+#
+
+Ping/REJECT:none!     net		fw
+
 ACCEPT		fw		loc		icmp	
 ACCEPT		fw		net		icmp	
 #