diff --git a/Lrp/etc/shorewall/rules b/Lrp/etc/shorewall/rules
new file mode 100644
index 000000000..274648997
--- /dev/null
+++ b/Lrp/etc/shorewall/rules
@@ -0,0 +1,170 @@
+#
+# Shorewall version 1.3 - Rules File
+#
+# /etc/shorewall/rules
+#
+#	Rules in this file govern connection establishment. Requests and
+#	responses are automatically allowed using connection tracking.
+#
+#	In most places where an IP address or subnet is allowed, you
+#	can preceed the address/subnet with "!" (e.g., !192.168.1.0/24) to
+#	indicate that the rule matches all addresses except the address/subnet
+#	given. Notice that no white space is permitted between "!" and the
+#	address/subnet.
+#
+# Columns are:
+#
+#
+#	ACTION		ACCEPT, DROP, REJECT, DNAT or REDIRECT
+#
+#				ACCEPT   -- allow the connection request
+#				DROP     -- ignore the request
+#				REJECT   -- disallow the request and return an
+#					    icmp-unreachable or an RST packet.
+#				DNAT     -- Forward the request to another
+#					    system (and optionally another
+#					    port).
+#				REDIRECT -- Redirect the request to a local
+#					    port on the firewall.
+#
+#			May optionally be followed by ":" and a syslog log
+#			level (e.g, REJECT:info). This causes the packet to be
+#			logged at the specified level.
+#
+#	SOURCE		Source hosts to which the rule applies. May be a zone
+#                       defined in /etc/shorewall/zones or $FW to indicate the
+#			firewall itself. If the ACTION is DNAT or REDIRECT,
+#			sub-zones of the specified zone may be excluded from
+#			the rule by following the zone name with "!' and a
+#			comma-separated list of sub-zone names.
+#
+#			Clients may be further restricted to a list of subnets
+#			and/or hosts by appending ":" and a comma-separated
+#			list of subnets and/or hosts. Hosts may be specified
+#			by IP or MAC address; mac addresses must begin with
+#			"~" and must use "-" as a separator.
+#
+#			dmz:192.168.2.2		Host 192.168.2.2 in the DMZ
+#
+#			net:155.186.235.0/24	Subnet 155.186.235.0/24 on the
+#						Internet
+#
+#			loc:192.168.1.1,192.168.1.2
+#						Hosts 192.168.1.1 and
+#						192.168.1.2 in the local zone.
+#			loc:~00-A0-C9-15-39-78  Host in the local zone with
+#                                               MAC address 00:A0:C9:15:39:78.
+#
+#			Alternatively, clients may be specified by interface
+#			by appending ":" followed by the interface name. For
+#			example, loc:eth1 specifies a client that
+#			communicates with the firewall system through eth1.
+#
+#	DEST		Location of Server. May be a zone defined in
+#			/etc/shorewall/zones or $FW to indicate the firewall
+#			itself.
+#
+#			The server may be further restricted to a particular
+#			subnet, host or interface by appending ":" and the
+#			subnet, host or interface. See above.
+#
+#			The port that the server is listening on may be
+#			included and separated from the server's IP address by
+#			":". If omitted, the firewall will not modifiy the
+#			destination port.
+#
+#			Example: loc:192.168.1.3:3128 specifies a local
+#			server at IP address 192.168.1.3 and listening on port
+#			3128. The port number MUST be specified as an integer
+#			and not as a name from /etc/services.
+#
+#			if the RESULT is REDIRECT, this column needs only to
+#			contain the port number on the firewall that the
+#			request should be redirected to.
+#
+#	PROTO		Protocol - Must be "tcp", "udp", "icmp", a number,
+#			"all" or "related". If "related", the remainder of the
+#			entry must be omitted and connection requests that are
+#			related to existing requests will be accepted.
+#
+#	DEST PORT(S)    Destination Ports. A comma-separated list of Port
+#			names (from /etc/services), port numbers or port
+#			ranges; if the protocol is "icmp", this column is
+#			interpreted as the destination icmp-type(s).
+#
+#			This column is ignored if PROTOCOL = all but must be
+#			entered if any of the following ields are supplied.
+#			In that case, it is suggested that this field contain
+#			 "-"
+#
+#			If MULTIPORT=Yes in /etc/shorewall/shorewall.conf, then
+#			only a single Netfilter rule will be generated if in
+#			this list and the CLIENT PORT(S) list below:
+#			1. There are 15 or less ports listed.
+#			2. No port ranges are included.
+#			Otherwise, a separate rule will be generated for each
+#			port.
+#
+#	CLIENT PORT(S)	(Optional) Port(s) used by the client. If omitted,
+#			any source port is acceptable. Specified as a comma-
+#			separated list of port names, port numbers or port
+#			ranges.
+#
+#			If you don't want to restrict client ports but need to
+#			specify an ADDRESS in the next column, then place "-"
+#			in this column.
+#
+#			If MULTIPORT=Yes in /etc/shorewall/shorewall.conf, then
+#			only a single Netfilter rule will be generated if in
+#			this list and the DEST PORT(S) list above:
+#			1. There are 15 or less ports listed.
+#			2. No port ranges are included.
+#			Otherwise, a separate rule will be generated for each
+#			port.
+#
+#	ORIGINAL DEST	(0ptional -- only allowed if ACTION is DNAT or 
+#                       REDIRECT) If included and different from the IP
+#			address given in the SERVER column, this is an address
+#			on some interface on the firewall and connections to
+#			that address will be forwarded to the IP and port
+#			specified in the DEST column.
+#
+#			The address may optionally be followed by
+#			a colon (":") and a second IP address. This causes
+#			Shorewall to use the second IP address as the source
+#			address in forwarded packets. See the Shorewall
+#			documentation for restrictions concerning this feature.
+#			If no source IP address is given, the original source
+#			address is not altered.
+#
+#	Example: Accept SMTP requests from the DMZ to the internet
+#
+#	#ACTION SOURCE	DEST PROTO	DEST    SOURCE	ORIGINAL
+#	#                               PORT    PORT(S) DEST
+#	ACCEPT	dmz	net	  tcp	smtp
+#
+#	Example: Forward all ssh and http connection requests from the internet
+#		 to local system 192.168.1.3
+#
+#	#ACTION SOURCE	DEST            PROTO	DEST    SOURCE	ORIGINAL
+#	#                                       PORT    PORT(S) DEST
+#	DNAT	net	loc:192.168.1.3 tcp	ssh,http
+#
+#	Example: Redirect all locally-originating www connection requests to
+#		 port 3128 on the firewall (Squid running on the firewall
+#		 system) except when the destination address is 192.168.2.2
+#
+#	#ACTION  SOURCE	DEST      PROTO	DEST    SOURCE	ORIGINAL
+#	#                               PORT    PORT(S) DEST
+#	REDIRECT loc	3128      tcp	www	 -	!192.168.2.2
+#
+#	Example: All http requests from the internet to address
+#                130.252.100.69 are to be forwarded to 192.168.1.3
+#
+#	#ACTION  SOURCE	DEST      	PROTO	DEST    SOURCE	ORIGINAL
+#	#                               	PORT    PORT(S) DEST
+#	DNAT      net	loc:192.168.1.3 tcp     80      -       130.252.100.69
+##############################################################################
+#ACTION  SOURCE		DEST      	PROTO	DEST    SOURCE	   ORIGINAL
+#                       	        	PORT    PORT(S)    DEST
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE