Mention nets=(...) in the Introduction

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9580 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-25 09:03:30 +01:00 · 2009-03-02 23:01:56 +00:00 · 2009-03-02 23:01:56 +00:00 · f0ff364a6f
commit f0ff364a6f
parent cd9b66ad09
1 changed files with 15 additions and 1 deletions
--- a/docs/Introduction.xml
+++ b/docs/Introduction.xml
@ -199,7 +199,21 @@ dmz        eth2          detect</programlisting>
    a zone that contains a limited subset of the IPv4 address space, you use
    the <ulink
    url="manpages/shorewall-hosts.html"><filename>/etc/shorewall/hosts</filename></ulink>
-    file.</para>
+    file or you may use the nets= option in
+    <filename>/etc/shorewall/interfaces</filename>:</para>
+
+    <programlisting>#ZONE      INTERFACE     BROADCAST     OPTIONS
+net        eth0          detect        dhcp,routefilter,nets=(!192.168.0.0/23)
+loc        eth1          detect        nets=(192.168.0.0/24)
+dmz        eth2          detect        nets=(192.168.1.0/24)</programlisting>
+
+    <para>The above file defines the <emphasis>net</emphasis> zone as all IPv4
+    hosts interfacing to the firewall through eth0 <emphasis>except</emphasis>
+    for 192.168.0.0/23, the <emphasis>loc</emphasis> zone as IPv4 hosts
+    192.168.0.0/24 interfacing through eth1 and the <emphasis>dmz</emphasis>
+    as IPv4 hosts 192.168.1.0/24 interfacing through eth2 (Note that
+    192.168.0.0/24 together with 192.168.1.0/24 constitutes
+    192.168.0.0.23).</para>

    <para>Rules about what traffic to allow and what traffic to deny are
    expressed in terms of zones. <itemizedlist spacing="compact">