Shorewall-2.0.1

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1244 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-08-19 05:01:47 +02:00 · 2004-04-05 21:13:45 +00:00
parent da2433f994
commit e53e24b7e9
46 changed files with 2248 additions and 1177 deletions
--- a/STABLE2/interfaces
+++ b/STABLE2/interfaces
@@ -46,31 +46,51 @@
 #	OPTIONS		A comma-separated list of options including the
 #			following:
 #
-#			dhcp	     - interface is managed by DHCP or used by
-#                                      a DHCP server running on the firewall or
-#				       you have a static IP but are on a LAN
-#				       segment with lots of Laptop DHCP clients.
+#			dhcp	     - Specify this option when any of
+#				       the following are true:
+#				       1. the interface gets its IP address
+#				          via DHCP 
+#				       2. the interface is used by
+#                                         a DHCP server running on the firewall
+#				       3. you have a static IP but are on a LAN
+#				          segment with lots of Laptop DHCP
+#					  clients.
+#				       4. the interface is a bridge with
+#				          a DHCP server on one port and DHCP
+#					  clients on another port.
+#
 #			norfc1918    - This interface should not receive
 #				       any packets whose source is in one
 #				       of the ranges reserved by RFC 1918
 #				       (i.e., private or "non-routable"
-#				       addresses. If packet mangling is
-#				       enabled in shorewall.conf, packets
-#				       whose destination addresses are
-#				       reserved by RFC 1918 are also rejected.
+#				       addresses. If packet mangling or
+#				       connection-tracking match is enabled in
+#				       your kernel, packets whose destination
+#				       addresses are reserved by RFC 1918 are
+#				       also rejected.
+#
+#			nobogons    -  This interface should not receive
+#				       any packets whose source is in one
+#				       of the ranges reserved by IANA (this
+#				       option does not cover those ranges
+#				       reserved by RFC 1918 -- see above).
+#
 #			routefilter  - turn on kernel route filtering for this
 #				       interface (anti-spoofing measure). This
 #                                      option can also be enabled globally in
 #				       the /etc/shorewall/shorewall.conf file.
+#
 #	.	.	blacklist    - Check packets arriving on this interface
 #				       against the /etc/shorewall/blacklist
 #				       file.
+#
 #			maclist	     - Connection requests from this interface
 #				       are compared against the contents of
 #				       /etc/shorewall/maclist. If this option
 #				       is specified, the interface must be
 #				       an ethernet NIC and must be up before
 #				       Shorewall is started.
+#
 #			tcpflags     - Packets arriving on this interface are
 #				       checked for certain illegal combinations
 #				       of TCP flags. Packets found to have
@@ -79,6 +99,7 @@
 #				       TCP_FLAGS_DISPOSITION after having been
 #				       logged according to the setting of
 #				       TCP_FLAGS_LOG_LEVEL.
+#
 #			proxyarp     -
 #				Sets
 #				/proc/sys/net/ipv4/conf/<interface>/proxy_arp.
@@ -127,7 +148,7 @@
 #				       hosts routed through the interface.
 #
 #		        WARNING: DO NOT SET THE detectnets OPTION ON YOUR
-#			         INTERNET INTERFACE!
+#			         INTERNET INTERFACE.
 #
 #			The order in which you list the options is not
 #			significant but the list should have no embedded white