mirror of
https://gitlab.com/shorewall/code.git
synced 2025-08-17 20:26:47 +02:00
Update samples for 1.3
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@35 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
@@ -1,21 +1,26 @@
|
||||
#
|
||||
# Shorewall 1.2 -- Interfaces File
|
||||
# Shorewall 1.3 -- Interfaces File
|
||||
#
|
||||
# /etc/shorewall/interfaces
|
||||
#
|
||||
# You must add an entry in this file for each network interface on your
|
||||
# firewall system.
|
||||
#
|
||||
# Columns are:
|
||||
#
|
||||
# ZONE Zone for this interface. Much match the short name
|
||||
# ZONE Zone for this interface. Must match the short name
|
||||
# of a zone defined in /etc/shorewall/zones.
|
||||
#
|
||||
# $<variable-name> is not allowed in this column.
|
||||
#
|
||||
# If the interface serves multiple zones that will be
|
||||
# defined in the /etc/shorewall/hosts file, you may
|
||||
# place "-" in this column.
|
||||
#
|
||||
# INTERFACE Name of interface
|
||||
#
|
||||
# BROADCAST The broadcast address for the subnetwork to which the
|
||||
# interface belongs. For P-T-P interfaces, this
|
||||
# column is left black.
|
||||
#
|
||||
#
|
||||
# If you use the special value "detect", the firewall
|
||||
# will detect the broadcast address for you. If you
|
||||
# select this option, the interface must be up before
|
||||
@@ -29,7 +34,8 @@
|
||||
# OPTIONS A comma-separated list of options including the
|
||||
# following:
|
||||
#
|
||||
# dhcp - interface is managed by DHCP
|
||||
# dhcp - interface is managed by DHCP or used by
|
||||
# a DHCP server running on the firewall.
|
||||
# noping - icmp echo-request (ping) packets should
|
||||
# be ignored on this interface
|
||||
# routestopped - When the firewall is stopped, allow
|
||||
@@ -39,12 +45,22 @@
|
||||
# any packets whose source is in one
|
||||
# of the ranges reserved by RFC 1918
|
||||
# (i.e., private or "non-routable"
|
||||
# addresses.
|
||||
# addresses. If packet mangling is
|
||||
# enabled in shorewall.conf, packets
|
||||
# whose destination addresses are
|
||||
# reserved by RFC 1918 are also rejected.
|
||||
# multi - This interface has multiple IP
|
||||
# addresses and you want to be able to
|
||||
# route between them.
|
||||
# routefilter - turn on kernel route filtering for this
|
||||
# interface (anti-spoofing measure).
|
||||
# dropunclean - Logs and drops mangled/invalid packets
|
||||
#
|
||||
# logunclean - Logs mangled/invalid packets but does
|
||||
# not drop them.
|
||||
# . . blacklist - Check packets arriving on this interface
|
||||
# against the /etc/shorewall/blacklist
|
||||
# file.
|
||||
#
|
||||
# Example 1: Suppose you have eth0 connected to a DSL modem and
|
||||
# eth1 connected to your local network and that your
|
||||
@@ -66,7 +82,7 @@
|
||||
# addresses is:
|
||||
#
|
||||
# net eth0 detect noping,dhcp
|
||||
# local eth1 detect routestopped
|
||||
# loc eth1 detect routestopped
|
||||
# dmz eth2 detect
|
||||
#
|
||||
# Example 3: You have a simple dial-in system with no ethernet
|
||||
|
||||
Reference in New Issue
Block a user