Update the samples for 1.3.2

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@94 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-12-22 06:10:42 +01:00 · 2002-06-25 19:27:55 +00:00 · 2002-06-25 19:27:55 +00:00 · e7b13df2ef
commit e7b13df2ef
parent 399aa099ba
9 changed files with 128 additions and 29 deletions
--- a/Samples/one-interface/interfaces
+++ b/Samples/one-interface/interfaces
@ -36,8 +36,18 @@
 #
 #			dhcp	     - interface is managed by DHCP or used by
 #                                      a DHCP server running on the firewall.
-#			noping	     - icmp echo-request (ping) packets should
+#			noping	     - icmp echo-request (ping) packets
 #				       addressed to the firewall should
 #				       be ignored on this interface
 #			filterping   - icmp echo-request (ping) packets 
 #				       addressed to the firewall should
 #				       be controlled by the rules file and
 #				       applicable policy. If neither 'noping'
 #				       nor 'filterping' are specified then
 #				       the firewall will respond to 'ping'
 #				       requests. 'filterping' takes 
 #				       precedence over 'noping' if both are
 #				       given.
 #			routestopped - When the firewall is stopped, allow
 #				       and route traffic to and from this
 #				       interface.
@ -90,6 +100,6 @@
 #
 #			net	ppp0	-		noping
 ##############################################################################
-#ZONE	INTERFACE	BROADCAST	OPTIONS
+#ZONE	 INTERFACE	BROADCAST	OPTIONS
 net	eth0		detect		norfc1918,routefilter,dhcp
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples/one-interface/rules
+++ b/Samples/one-interface/rules
@ -97,6 +97,14 @@
 #			In that case, it is suggested that this field contain
 #			 "-"
 #
 #			If MULTIPORT=Yes in /etc/shorewall/shorewall.conf, then
 #			only a single Netfilter rule will be generated if in
 #			this list and the CLIENT PORT(S) list below:
 #			1. There are 15 or less ports listed.
 #			2. No port ranges are included.
 #			Otherwise, a separate rule will be generated for each
 #			port.
 #
 #	CLIENT PORT(S)	(Optional) Port(s) used by the client. If omitted,
 #			any source port is acceptable. Specified as a comma-
 #			separated list of port names, port numbers or port
@ -106,7 +114,15 @@
 #			specify an ADDRESS in the next column, then place "-"
 #			in this column.
 #
-#	ORIGINAL DEST	(0ptional -- only allowed if ACTION is DNAT or
+#			If MULTIPORT=Yes in /etc/shorewall/shorewall.conf, then
 #			only a single Netfilter rule will be generated if in
 #			this list and the DEST PORT(S) list above:
 #			1. There are 15 or less ports listed.
 #			2. No port ranges are included.
 #			Otherwise, a separate rule will be generated for each
 #			port.
 #
 #	ORIGINAL DEST	(0ptional -- only allowed if ACTION is DNAT or 
 #                       REDIRECT) If included and different from the IP
 #			address given in the SERVER column, this is an address
 #			on some interface on the firewall and connections to
--- a/Samples/one-interface/shorewall.conf
+++ b/Samples/one-interface/shorewall.conf
@ -1,4 +1,4 @@
-#############################################################################
+##############################################################################
 #  /etc/shorewall/shorewall.conf V1.3 - Change the following variables to
 #  match your setup
 #
@ -37,14 +37,14 @@ STATEDIR=/var/lib/shorewall
 # explicit "related" rules in /etc/shorewall/rules.
 #
-ALLOWRELATED="yes"
+ALLOWRELATED=yes
 #
 # If your netfilter kernel modules are in a directory other than
 # /lib/modules/`uname -r`/kernel/net/ipv4/netfilter then specify that
 # directory in this variable. Example: MODULESDIR=/etc/modules.
-MODULESDIR=""
+MODULESDIR=
 #
 # The next two variables can be used to control the amount of log output
@ -57,8 +57,8 @@ MODULESDIR=""
 # If BOTH variables are set empty then logging will not be rate-limited.
 #
-LOGRATE=""
+LOGRATE=
-LOGBURST=""
+LOGBURST=
 #
@ -80,7 +80,7 @@ LOGUNCLEAN=info
 #
 #              http://www.shorewall.net/FAQ.htm#faq6
-LOGFILE="/var/log/messages"
+LOGFILE=/var/log/messages
 #
 # Enable nat support.
@ -88,7 +88,7 @@ LOGFILE="/var/log/messages"
 # You probally want yes here. Only gateways not doing NAT in any form, like
 # SNAT,DNAT masquerading, port forwading etc. should say "no" here.
 #
-NAT_ENABLED="Yes"
+NAT_ENABLED=Yes
 #
 # Enable mangle support.
@ -98,7 +98,7 @@ NAT_ENABLED="Yes"
 # your firewall. You must enable mangling if you want Traffic Shaping
 # (see TC_ENABLED below).
 #
-MANGLE_ENABLED="Yes"
+MANGLE_ENABLED=Yes
 #
 # Enable IP Forwarding
@ -112,7 +112,7 @@ MANGLE_ENABLED="Yes"
 # If you set this variable to "Keep" or "keep", Shorewall will neither
 # enable nor disable packet forwarding.
 #
-IP_FORWARDING="Off"
+IP_FORWARDING=Off
 #
 # Automatically add IP Aliases
 #
@ -120,7 +120,7 @@ IP_FORWARDING="Off"
 # for each NAT external address that you give in /etc/shorewall/nat. If you say
 # "No" or "no", you must add these aliases youself.
 #
-ADD_IP_ALIASES="Yes"
+ADD_IP_ALIASES=Yes
 #
 # Automatically add SNAT Aliases
@ -129,7 +129,7 @@ ADD_IP_ALIASES="Yes"
 # for each SNAT external address that you give in /etc/shorewall/masq. If you say
 # "No" or "no", you must add these aliases youself.
 #
-ADD_SNAT_ALIASES="No"
+ADD_SNAT_ALIASES=No
 #
 # Enable Traffic Shaping
@ -139,7 +139,7 @@ ADD_SNAT_ALIASES="No"
 # shaping you must have iproute[2] installed (the "ip" and "tc" utilities) and
 # you must enable packet mangling above.
 #
-TC_ENABLED="No"
+TC_ENABLED=No
 #
 # Blacklisting
@ -186,7 +186,7 @@ BLACKLIST_LOGLEVEL=
 #
 # If left blank, or set to "No" or "no", the option is not enabled.
 #
-CLAMPMSS="No"
+CLAMPMSS=No
 #
 # Route Filtering
@ -196,7 +196,7 @@ CLAMPMSS="No"
 #
 # If this variable is not set or is set to the empty value, "No" is assumed.
-ROUTE_FILTER="No"
+ROUTE_FILTER=No
 #
 # NAT before RULES
@ -206,6 +206,26 @@ ROUTE_FILTER="No"
 #
 # If this variable is not set or is set to the empty value, "Yes" is assumed.
-NAT_BEFORE_RULES="Yes"
+NAT_BEFORE_RULES=Yes
 # MULTIPORT
 #
 # If your kernel includes the multiport match option
 # (CONFIG_IP_NF_MATCH_MULTIPORT), you may enable it's use here. When this
 # option is enabled by setting it's value to "Yes" or "yes":
 #
 #	1) If you list more that 15 ports in a comma-seperated list in
 #	   /etc/shorewall/rules, Shorewall will not use the multiport option
 #	   but will generate a separate rule for each element of each port
 #	   list.
 #	2) If you include a port range (<low port>:<high port>) in the
 #	   rule, Shorewall will not use the multiport option but will generate
 #	   a separate rule for each element of each port list.
 #
 # See the /etc/shorewall/rules file for additional information on this option.
 #
 # if this variable is not set or is set to the empty value, "No" is assumed.
 MULTIPORT=No
 #LAST LINE -- DO NOT REMOVE
--- a/Samples/three-interfaces/interfaces
+++ b/Samples/three-interfaces/interfaces
@ -36,8 +36,18 @@
 #
 #			dhcp	     - interface is managed by DHCP or used by
 #                                      a DHCP server running on the firewall.
-#			noping	     - icmp echo-request (ping) packets should
+#			noping	     - icmp echo-request (ping) packets
 #				       addressed to the firewall should
 #				       be ignored on this interface
 #			filterping   - icmp echo-request (ping) packets 
 #				       addressed to the firewall should
 #				       be controlled by the rules file and
 #				       applicable policy. If neither 'noping'
 #				       nor 'filterping' are specified then
 #				       the firewall will respond to 'ping'
 #				       requests. 'filterping' takes 
 #				       precedence over 'noping' if both are
 #				       given.
 #			routestopped - When the firewall is stopped, allow
 #				       and route traffic to and from this
 #				       interface.
--- a/Samples/three-interfaces/masq
+++ b/Samples/three-interfaces/masq
@ -29,15 +29,15 @@
 #
 #	ADDRESS -- (Optional).  If you specify an address here, SNAT will be
 #				used and this will be the source address. If
-#				ADD_SNAT_ALIASES is set to Yes or yes in
+#				ADD_SNAT_ALIASES is set to Yes or yes in 
 #				/etc/shorewall/shorewall.conf then Shorewall
 #				will automatically add this address to the
-#				INTERFACE named in the first column.
+#				INTERFACE named in the first column. 
 #
 #				WARNING: Do NOT specify ADD_SNAT_ALIASES=Yes if
 #				the address given in this column is the primary
 #				IP address for the interface in the INTERFACE
-#				column.
+#				column. 
 #
 #	Example 1:
 #
--- a/Samples/three-interfaces/rules
+++ b/Samples/three-interfaces/rules
@ -97,6 +97,14 @@
 #			In that case, it is suggested that this field contain
 #			 "-"
 #
 #			If MULTIPORT=Yes in /etc/shorewall/shorewall.conf, then
 #			only a single Netfilter rule will be generated if in
 #			this list and the CLIENT PORT(S) list below:
 #			1. There are 15 or less ports listed.
 #			2. No port ranges are included.
 #			Otherwise, a separate rule will be generated for each
 #			port.
 #
 #	CLIENT PORT(S)	(Optional) Port(s) used by the client. If omitted,
 #			any source port is acceptable. Specified as a comma-
 #			separated list of port names, port numbers or port
@ -106,7 +114,15 @@
 #			specify an ADDRESS in the next column, then place "-"
 #			in this column.
 #
-#	ORIGINAL DEST	(0ptional -- only allowed if ACTION is DNAT or
+#			If MULTIPORT=Yes in /etc/shorewall/shorewall.conf, then
 #			only a single Netfilter rule will be generated if in
 #			this list and the DEST PORT(S) list above:
 #			1. There are 15 or less ports listed.
 #			2. No port ranges are included.
 #			Otherwise, a separate rule will be generated for each
 #			port.
 #
 #	ORIGINAL DEST	(0ptional -- only allowed if ACTION is DNAT or 
 #                       REDIRECT) If included and different from the IP
 #			address given in the SERVER column, this is an address
 #			on some interface on the firewall and connections to
--- a/Samples/two-interfaces/interfaces
+++ b/Samples/two-interfaces/interfaces
@ -26,7 +26,7 @@
 #			select this option, the interface must be up before
 #			the firewall is started and you must have iproute
 #			installed.
-#
+#			
 #			If you don't want to give a value for this column but
 #			you want to enter a value in the OPTIONS column, enter
 #			"-" in this column.
@ -36,8 +36,18 @@
 #
 #			dhcp	     - interface is managed by DHCP or used by
 #                                      a DHCP server running on the firewall.
-#			noping	     - icmp echo-request (ping) packets should
+#			noping	     - icmp echo-request (ping) packets
 #				       addressed to the firewall should
 #				       be ignored on this interface
 #			filterping   - icmp echo-request (ping) packets 
 #				       addressed to the firewall should
 #				       be controlled by the rules file and
 #				       applicable policy. If neither 'noping'
 #				       nor 'filterping' are specified then
 #				       the firewall will respond to 'ping'
 #				       requests. 'filterping' takes 
 #				       precedence over 'noping' if both are
 #				       given.
 #			routestopped - When the firewall is stopped, allow
 #				       and route traffic to and from this
 #				       interface.
--- a/Samples/two-interfaces/masq
+++ b/Samples/two-interfaces/masq
@ -29,15 +29,15 @@
 #
 #	ADDRESS -- (Optional).  If you specify an address here, SNAT will be
 #				used and this will be the source address. If
-#				ADD_SNAT_ALIASES is set to Yes or yes in
+#				ADD_SNAT_ALIASES is set to Yes or yes in 
 #				/etc/shorewall/shorewall.conf then Shorewall
 #				will automatically add this address to the
-#				INTERFACE named in the first column.
+#				INTERFACE named in the first column. 
 #
 #				WARNING: Do NOT specify ADD_SNAT_ALIASES=Yes if
 #				the address given in this column is the primary
 #				IP address for the interface in the INTERFACE
-#				column.
+#				column. 
 #
 #	Example 1:
 #
--- a/Samples/two-interfaces/rules
+++ b/Samples/two-interfaces/rules
@ -97,6 +97,14 @@
 #			In that case, it is suggested that this field contain
 #			 "-"
 #
 #			If MULTIPORT=Yes in /etc/shorewall/shorewall.conf, then
 #			only a single Netfilter rule will be generated if in
 #			this list and the CLIENT PORT(S) list below:
 #			1. There are 15 or less ports listed.
 #			2. No port ranges are included.
 #			Otherwise, a separate rule will be generated for each
 #			port.
 #
 #	CLIENT PORT(S)	(Optional) Port(s) used by the client. If omitted,
 #			any source port is acceptable. Specified as a comma-
 #			separated list of port names, port numbers or port
@ -106,7 +114,15 @@
 #			specify an ADDRESS in the next column, then place "-"
 #			in this column.
 #
-#	ORIGINAL DEST	(0ptional -- only allowed if ACTION is DNAT or
+#			If MULTIPORT=Yes in /etc/shorewall/shorewall.conf, then
 #			only a single Netfilter rule will be generated if in
 #			this list and the DEST PORT(S) list above:
 #			1. There are 15 or less ports listed.
 #			2. No port ranges are included.
 #			Otherwise, a separate rule will be generated for each
 #			port.
 #
 #	ORIGINAL DEST	(0ptional -- only allowed if ACTION is DNAT or 
 #                       REDIRECT) If included and different from the IP
 #			address given in the SERVER column, this is an address
 #			on some interface on the firewall and connections to
@ -151,6 +167,7 @@
 ##############################################################################
 #ACTION  SOURCE		DEST      	PROTO	DEST    SOURCE	   ORIGINAL
 #                       	        	PORT    PORT(S)    DEST
 #
 # Accept DNS connections from the firewall to the network
 #
 ACCEPT		fw	  net		tcp	53