From f0ff364a6f8ee1238c8cf00be48831d0ac6cc063 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Mon, 2 Mar 2009 23:01:56 +0000
Subject: [PATCH] Mention nets=(...) in the Introduction

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9580 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 docs/Introduction.xml | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/docs/Introduction.xml b/docs/Introduction.xml
index 9f08094f7..1ecd0316d 100644
--- a/docs/Introduction.xml
+++ b/docs/Introduction.xml
@@ -199,7 +199,21 @@ dmz        eth2          detect</programlisting>
     a zone that contains a limited subset of the IPv4 address space, you use
     the <ulink
     url="manpages/shorewall-hosts.html"><filename>/etc/shorewall/hosts</filename></ulink>
-    file.</para>
+    file or you may use the nets= option in
+    <filename>/etc/shorewall/interfaces</filename>:</para>
+
+    <programlisting>#ZONE      INTERFACE     BROADCAST     OPTIONS
+net        eth0          detect        dhcp,routefilter,nets=(!192.168.0.0/23)
+loc        eth1          detect        nets=(192.168.0.0/24)
+dmz        eth2          detect        nets=(192.168.1.0/24)</programlisting>
+
+    <para>The above file defines the <emphasis>net</emphasis> zone as all IPv4
+    hosts interfacing to the firewall through eth0 <emphasis>except</emphasis>
+    for 192.168.0.0/23, the <emphasis>loc</emphasis> zone as IPv4 hosts
+    192.168.0.0/24 interfacing through eth1 and the <emphasis>dmz</emphasis>
+    as IPv4 hosts 192.168.1.0/24 interfacing through eth2 (Note that
+    192.168.0.0/24 together with 192.168.1.0/24 constitutes
+    192.168.0.0.23).</para>
 
     <para>Rules about what traffic to allow and what traffic to deny are
     expressed in terms of zones. <itemizedlist spacing="compact">