extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-29 02:54:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

Mention nets=(...) in the Introduction

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9580 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2009-03-02 23:01:56 +00:00
parent cd9b66ad09
commit f0ff364a6f
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docs/Introduction.xml
View File

@ -199,7 +199,21 @@ dmz eth2 detect</programlisting>
a zone that contains a limited subset of the IPv4 address space, you use a zone that contains a limited subset of the IPv4 address space, you use
the <ulink the <ulink
url="manpages/shorewall-hosts.html"><filename>/etc/shorewall/hosts</filename></ulink> url="manpages/shorewall-hosts.html"><filename>/etc/shorewall/hosts</filename></ulink>
file.</para> file or you may use the nets= option in
<filename>/etc/shorewall/interfaces</filename>:</para>
<programlisting>#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect dhcp,routefilter,nets=(!192.168.0.0/23)
loc eth1 detect nets=(192.168.0.0/24)
dmz eth2 detect nets=(192.168.1.0/24)</programlisting>
<para>The above file defines the <emphasis>net</emphasis> zone as all IPv4
hosts interfacing to the firewall through eth0 <emphasis>except</emphasis>
for 192.168.0.0/23, the <emphasis>loc</emphasis> zone as IPv4 hosts
192.168.0.0/24 interfacing through eth1 and the <emphasis>dmz</emphasis>
as IPv4 hosts 192.168.1.0/24 interfacing through eth2 (Note that
192.168.0.0/24 together with 192.168.1.0/24 constitutes
192.168.0.0.23).</para>
<para>Rules about what traffic to allow and what traffic to deny are <para>Rules about what traffic to allow and what traffic to deny are
expressed in terms of zones. <itemizedlist spacing="compact"> expressed in terms of zones. <itemizedlist spacing="compact">