extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-05 13:08:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

More 3.0 updates

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2715 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-09-20 22:31:53 +00:00
parent 4309521d0c
commit e1ed494516
2 changed files with 61 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
Shorewall-docs2/ports.xml
View File

@ -51,9 +51,9 @@
<note> <note>
<para>Shorewall distribution contains a library of user-defined macros <para>Shorewall distribution contains a library of user-defined macros
that allow for easily allowing or blocking a particular application. that allow for easily allowing or blocking a particular application.
Check your <filename>/usr/share/shorewall/actions.std</filename> file <command>ls <filename>/usr/share/shorewall/</filename>macro.*</command>
for a list of macros in your distribution. If you find what you need, for the list of macros in your distribution. If you find what you need,
you simply use the action in a rule. For example, to allow DNS queries you simply use the macro in a rule. For example, to allow DNS queries
from the <emphasis role="bold">dmz</emphasis> zone to the <emphasis from the <emphasis role="bold">dmz</emphasis> zone to the <emphasis
role="bold">net</emphasis> zone:</para> role="bold">net</emphasis> zone:</para>
@ -84,8 +84,9 @@ FTP/DNAT net dmz:192.168.1.4 </programlisting>
<title>Auth (identd)</title> <title>Auth (identd)</title>
<caution> <caution>
<para><emphasis role="bold"><emphasis>Now,It's 21 Century</emphasis> , <para><emphasis role="bold"><emphasis>It is now the 21st
don't use identd in production anymore.</emphasis></para> Century</emphasis> ; don't use identd in production
anymore.</emphasis></para>
</caution> </caution>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S) <programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
@ -186,7 +187,8 @@ FTP/ACCEPT <emphasis>&lt;source&gt;</emphasis> <emphasis>&lt;destination&gt
<listitem> <listitem>
<para>Your loc-&gt;net policy is ACCEPT</para> <para>Your loc-&gt;net policy is ACCEPT</para>
</listitem> </listitem>
</orderedlist><programlisting>Gnutella/DNAT net loc:192.168.1.4</programlisting></para> </orderedlist><programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
Gnutella/DNAT net loc:192.168.1.4</programlisting></para>
</section> </section>
<section> <section>
@ -434,6 +436,16 @@ ACCEPT &lt;<emphasis>apps</emphasis>&gt; &lt;<emphasis>chooser</emphasis>
<title>Revision History</title> <title>Revision History</title>
<para><revhistory> <para><revhistory>
<revision>
<revnumber>1.17</revnumber>
<date>2005-09-20</date>
<authorinitials>TE</authorinitials>
<revremark>More 3.0 Updates</revremark>
</revision>
<revision> <revision>
<revnumber>1.16</revnumber> <revnumber>1.16</revnumber>

36
Shorewall-docs2/standalone.xml
View File

@ -308,21 +308,18 @@ all all REJECT info</programlisting>
<section> <section>
<title>Enabling other Connections</title> <title>Enabling other Connections</title>
<para>Shorewall includes a collection of actions that can be used to <para>Shorewall includes a collection of macros that can be used to
quickly allow or deny services. You can find a list of the actions quickly allow or deny services. You can find a list of the macros included
included in your version of Shorewall in the file in your version of Shorewall using the command <command>ls
<filename>/usr/share/shorewall/actions.std</filename>.</para> <filename>/usr/share/shorewall/macro.*</filename></command>.</para>
<para>Those actions that allow a connection begin with
<quote>Allow</quote>.</para>
<para>If you wish to enable connections from the internet to your firewall <para>If you wish to enable connections from the internet to your firewall
and you find an appropriate <quote>Allow</quote> action in and you find an appropriate macro in
<filename>/etc/shorewall/actions.std</filename>, the general format of a <filename>/etc/shorewall/macro.*</filename>, the general format of a rule
rule in <filename>/etc/shorewall/rules</filename> is:</para> in <filename>/etc/shorewall/rules</filename> is:</para>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S) <programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
&lt;<emphasis>action</emphasis>&gt; net $FW</programlisting> &lt;<emphasis>macro</emphasis>&gt;/ACCEPT net $FW</programlisting>
<example> <example>
<title>You want to run a Web Server and a IMAP Server on your firewall <title>You want to run a Web Server and a IMAP Server on your firewall
@ -334,10 +331,9 @@ IMAP/ACCEPT net $FW</programlisting>
</example> </example>
<para>You may also choose to code your rules directly without using the <para>You may also choose to code your rules directly without using the
pre-defined actions. This will be necessary in the event that there is not pre-defined macros. This will be necessary in the event that there is not
a pre-defined action that meets your requirements. In that case the a pre-defined macro that meets your requirements. In that case the general
general format of a rule in <filename>/etc/shorewall/rules</filename> format of a rule in <filename>/etc/shorewall/rules</filename> is:</para>
is:</para>
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S) <programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
ACCEPT net $FW <emphasis>&lt;protocol&gt;</emphasis> <emphasis>&lt;port&gt;</emphasis></programlisting> ACCEPT net $FW <emphasis>&lt;protocol&gt;</emphasis> <emphasis>&lt;port&gt;</emphasis></programlisting>
@ -433,6 +429,16 @@ SSH/ACCEPT net $FW </programlisting>
<title>Revision History</title> <title>Revision History</title>
<para><revhistory> <para><revhistory>
<revision>
<revnumber>2.0</revnumber>
<date>2005-09-12</date>
<authorinitials>TE</authorinitials>
<revremark>More 3.0 Updates</revremark>
</revision>
<revision> <revision>
<revnumber>1.9</revnumber> <revnumber>1.9</revnumber>