extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-08 00:34:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rename 'plain' to 'ipv4' in zones file

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2760 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-09-30 17:39:24 +00:00
parent a7258ce1ff
commit f8ebb40ee4
16 changed files with 76 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Shorewall-docs2/Documentation.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2005-09-29</pubdate>
<pubdate>2005-09-30</pubdate>
<copyright>
<year>2001-2005</year>
@ -452,7 +452,7 @@ NET_OPTIONS=blacklist,norfc1918</programlisting>
<member><emphasis role="bold">ipsec</emphasis> - All traffic
to/from this zone is encrypted.</member>
<member><emphasis role="bold">plain</emphasis> - By default,
<member><emphasis role="bold">ipv4</emphasis> - By default,
traffic to/from some of the hosts in this zone is not encrypted.
Any encrypted hosts are designated using the <emphasis
role="bold">ipsec</emphasis> option in <link
@ -1368,9 +1368,9 @@ loc loc REJECT info</programlisting>
<programlisting>#ZONE TYPE OPTION
$FW firewall
sam plain
net plain
loc plain</programlisting>
sam ipv4
net ipv4
loc ipv4</programlisting>
<para><filename>/etc/shorewall/interfaces</filename>:</para>

4
Shorewall-docs2/GenericTunnels.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2003-09-03</pubdate>
<pubdate>2003-09-30</pubdate>
<copyright>
<year>2001</year>
@ -81,7 +81,7 @@
and declare it in /etc/shorewall/zones on both systems as follows.</para>
<programlisting>#ZONE TYPE OPTIONS
vpn plain</programlisting>
vpn ipv4</programlisting>
<para>On system A, the 10.0.0.0/8 will comprise the <emphasis
role="bold">vpn</emphasis> zone. In /etc/shorewall/interfaces:</para>

4
Shorewall-docs2/IPIP.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2005-09-03</pubdate>
<pubdate>2005-09-30</pubdate>
<copyright>
<year>2001</year>
@ -98,7 +98,7 @@
and declare it in /etc/shorewall/zones on both systems as follows.</para>
<programlisting>#ZONE TYPE OPTIONS
vpn plain</programlisting>
vpn ipv4</programlisting>
<para>On system A, the 10.0.0.0/8 will comprise the <emphasis
role="bold">vpn</emphasis> zone. In /etc/shorewall/interfaces:</para>

26
Shorewall-docs2/IPSEC-2.6.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2005-09-12</pubdate>
<pubdate>2005-09-30</pubdate>
<copyright>
<year>2004</year>
@ -219,11 +219,11 @@
<para>By default, encrypted communication is not used to communicate
with the hosts in a zone.</para>
<para>The value <emphasis role="bold">plain</emphasis> is placed in
the TYPE column of the <filename>/etc/shorewall/zones</filename> entry
for the zone and the new <emphasis role="bold">ipsec</emphasis> option
is specified in <filename>/etc/shorewall/hosts</filename> for any
hosts requiring secure communication.</para>
<para>The value <emphasis role="bold">ipv4</emphasis> is placed in the
TYPE column of the <filename>/etc/shorewall/zones</filename> entry for
the zone and the new <emphasis role="bold">ipsec</emphasis> option is
specified in <filename>/etc/shorewall/hosts</filename> for any hosts
requiring secure communication.</para>
</listitem>
</orderedlist>
@ -321,8 +321,8 @@ ipsec net 206.162.148.9
<programlisting>#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
vpn plain
net plain
vpn ipv4
net ipv4
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</programlisting>
</blockquote>
@ -495,8 +495,8 @@ sec ipsec mode=tunnel <emphasis role="bold">mss=1400</emphasis
<programlisting>#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
vpn ipsec
net plain
loc plain
net ipv4
loc ipv4
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</programlisting>
</blockquote>
@ -538,8 +538,8 @@ vpn eth0:0.0.0.0/0
<programlisting>#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
vpn ipsec
net plain
loc plain
net ipv4
loc ipv4
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</programlisting>
<para>/etc/shorewall/tunnels - System B:</para>
@ -751,7 +751,7 @@ ipsec:noah net 192.168.20.0/24 loc</programlisting>
<programlisting>#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
loc ipsec mode=transport
net plain</programlisting>
net ipv4</programlisting>
<para><filename>/etc/shorewall/hosts</filename>:</para>

20
Shorewall-docs2/IPSEC.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2005-09-03</pubdate>
<pubdate>2005-09-30</pubdate>
<copyright>
<year>2001-2005</year>
@ -155,8 +155,8 @@ ipsec net 206.161.148.9</programlisting>
<para>/etc/shorewall/zones (both systems):</para>
<programlisting>#ZONE TYPE OPTIONS
vpn plain
net plain</programlisting>
vpn ipv4
net ipv4</programlisting>
<para><emphasis role="bold">If you are running kernel
2.4:</emphasis><blockquote>
@ -283,13 +283,13 @@ ipsec net 206.161.148.9</programlisting>
networks. On System A:</para>
<programlisting>#ZONE TYPE OPTIONS
vpn1 plain
vp2 plain</programlisting>
vpn1 ipv4
vp2 ipv4</programlisting>
<para>On systems B and C:</para>
<programlisting>#ZONE TYPE OPTIONS
vpn plain</programlisting>
vpn ipv4</programlisting>
<para>At system A, ipsec0 represents two zones so we have the following in
/etc/shorewall/interfaces:</para>
@ -374,7 +374,7 @@ vpn2 vpn1 ACCEPT</programlisting>
<para>/etc/shorewall/zones - System A</para>
<programlisting>#ZONE TYPE OPTIONS
vpn plain</programlisting>
vpn ipv4</programlisting>
<para>In this instance, the mobile system (B) has IP address 134.28.54.2
but that cannot be determined in advance. In the /etc/shorewall/tunnels
@ -408,9 +408,9 @@ ipsec net 0.0.0.0/0</programlisting>
<para>In /etc/shorewall/zones:</para>
<programlisting>#ZONE TYPE OPTIONS
vpn1 plain
vpn2 plain
vpn3 plain</programlisting>
vpn1 ipv4
vpn2 ipv4
vpn3 ipv4</programlisting>
<para>In /etc/shorewall/tunnels:</para>

18
Shorewall-docs2/Multiple_Zones.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2005-09-03</pubdate>
<pubdate>2005-09-30</pubdate>
<copyright>
<year>2003-2005</year>
@ -213,8 +213,8 @@
<para><filename>/etc/shorewall/zones</filename></para>
<programlisting>#ZONE TYPE OPTIONS
loc1 plain
loc plain</programlisting>
loc1 ipv4
loc ipv4</programlisting>
<note>
<para>the sub-zone (loc1) is defined first!</para>
@ -252,8 +252,8 @@ loc1 loc NONE</programlisting>
<para><filename>/etc/shorewall/zones</filename></para>
<programlisting>#ZONE TYPE OPTIONS
loc1 plain
loc2 plain</programlisting>
loc1 ipv4
loc2 ipv4</programlisting>
<note>
<para>Here it doesn't matter which zone is defined first.</para>
@ -295,8 +295,8 @@ loc2 loc1 NONE</programlisting>
<para><filename>/etc/shorewall/zones</filename></para>
<programlisting>#ZONE TYPE OPTIONS
loc1 plain
loc plain</programlisting>
loc1 ipv4
loc ipv4</programlisting>
<note>
<para>the sub-zone (loc1) is defined first!</para>
@ -340,8 +340,8 @@ loc1 loc NONE</programlisting>
<para><filename>/etc/shorewall/zones</filename></para>
<programlisting>#ZONE TYPE OPTIONS
loc1 plain
net plain</programlisting>
loc1 ipv4
net ipv4</programlisting>
<note>
<para>the sub-zone (loc) is defined first!</para>

8
Shorewall-docs2/OPENVPN.xml
View File

@ -21,7 +21,7 @@
</author>
</authorgroup>
<pubdate>2005-08-30</pubdate>
<pubdate>2005-09-30</pubdate>
<copyright>
<year>2003</year>
@ -106,7 +106,7 @@
<programlisting>#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
vpn plain</programlisting>
vpn ipv4</programlisting>
</blockquote>
<para>On system A, the 10.0.0.0/8 will comprise the <emphasis
@ -241,7 +241,7 @@ vpn loc ACCEPT</programlisting>
<programlisting>#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
road plain</programlisting>
road ipv4</programlisting>
</blockquote>
<para>On system A, the remote clients will comprise the <emphasis
@ -325,7 +325,7 @@ verb 3</programlisting>
<programlisting>#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
home plain</programlisting>
home ipv4</programlisting>
</blockquote>
<para>On system A, the hosts accessible through the tunnel will comprise

8
Shorewall-docs2/Shorewall_and_Aliased_Interfaces.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2005-09-29</pubdate>
<pubdate>2005-09-30</pubdate>
<copyright>
<year>2001-2005</year>
@ -289,7 +289,7 @@ ACCEPT net loc:192.168.1.3 tcp 22</programlisting></para>
<para>In <filename>/etc/shorewall/zones</filename>:</para>
<programlisting>#ZONE TYPE OPTIONS
loc plain</programlisting>
loc ipv4</programlisting>
<para>In <filename>/etc/shorewall/interfaces</filename>:</para>
@ -310,8 +310,8 @@ loc eth1 192.168.1.255,192.168.20.255 <emphasis role="bold">rout
<para>In <filename>/etc/shorewall/zones</filename>:</para>
<programlisting>#ZONE TYPE OPTIONS
loc plain
loc2 plain</programlisting>
loc ipv4
loc2 ipv4</programlisting>
<para>In <filename>/etc/shorewall/interfaces</filename>:</para>

6
Shorewall-docs2/bridge.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2005-09-03</pubdate>
<pubdate>2005-09-30</pubdate>
<copyright>
<year>2004</year>
@ -489,8 +489,8 @@ rc-update add bridge boot
<programlisting>#ZONE TYPE OPTIONS
fw firewall
net plain
loc plain
net ipv4
loc ipv4
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE</programlisting>
<para>A conventional two-zone policy file is appropriate here —

4
Shorewall-docs2/ipsets.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2005-09-12</pubdate>
<pubdate>2005-09-30</pubdate>
<copyright>
<year>2005</year>
@ -197,7 +197,7 @@ ipset -B Blacklist 206.124.146.177 -b SMTP</command></programlisting>
<para>/etc/shorewall/zones:</para>
<programlisting>#ZONE TYPE OPTIONS IN OPTIONS OUT OPTIONS
dyn plain</programlisting>
dyn ipv4</programlisting>
<para>/etc/shorewall/interfaces:</para>

2
Shorewall-docs2/myfiles.xml
View File

@ -257,7 +257,7 @@ sec ipsec mode=tunnel mss=1400
<blockquote>
<programlisting>#ZONE INTERFACE BROADCAST OPTIONS
net $EXT_IF 206.124.146.255 dhcp,norfc1918,logmartians,blacklist,tcpflags,nosmurfs,arp_filter
net $EXT_IF 206.124.146.255 dhcp,norfc1918,logmartians,blacklist,tcpflags,nosmurfs
loc $INT_IF detect dhcp,routeback
dmz $DMZ_IF -
vpn tun+ -

8
Shorewall-docs2/shorewall_setup_guide.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2005-09-12</pubdate>
<pubdate>2005-09-30</pubdate>
<copyright>
<year>2001-2005</year>
@ -177,9 +177,9 @@
<programlisting>#ZONE TYPE OPTIONS
fw firewall
net plain
loc plain
dmz plain</programlisting>
net ipv4
loc ipv4
dmz ipv4</programlisting>
</important>
<para>Note that Shorewall recognizes the firewall system as its own zone -

4
Shorewall-docs2/standalone.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2005-09-12</pubdate>
<pubdate>2005-09-30</pubdate>
<copyright>
<year>2002-2005</year>
@ -169,7 +169,7 @@
<programlisting>#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net plain</programlisting>
net ipv4</programlisting>
<para>Shorewall zones are defined in <ulink
url="Documentation.htm#Zones"><filename>/etc/shorewall/zones</filename></ulink>.</para>

8
Shorewall-docs2/three-interface.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2005-09-19</pubdate>
<pubdate>2005-09-30</pubdate>
<copyright>
<year>2002-2005</year>
@ -212,9 +212,9 @@
<para><programlisting>#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net plain
loc plain
dmz plain</programlisting>Zone names are defined in
net ipv4
loc ipv4
dmz ipv4</programlisting>Zone names are defined in
<filename>/etc/shorewall/zones</filename>.</para>
<para>Note that Shorewall recognizes the firewall system as its own zone.

11
Shorewall-docs2/two-interface.xml
View File

@ -12,7 +12,7 @@
<surname>Eastep</surname>
</author>
<pubdate>2005-09-20</pubdate>
<pubdate>2005-09-30</pubdate>
<copyright>
<year>2002-</year>
@ -215,10 +215,11 @@
a set of zones. In the two-interface sample configuration, the following
zone names are used:</para>
<para><programlisting>#ZONE IPSEC OPTIONS IN OUT
# ONLY OPTIONS OPTIONS
net
loc</programlisting> Zones are defined in the <ulink
<para><programlisting>#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
loc ipv4</programlisting>Zones are defined in the <ulink
url="Documentation.htm#Zones"><filename
class="directory">/etc/shorewall/</filename><filename>zones</filename></ulink>
file.</para>

10
Shorewall-docs2/whitelisting_under_shorewall.xml
View File

@ -12,7 +12,7 @@
<surname>Eastep</surname>
</author>
<pubdate>2005-09-03</pubdate>
<pubdate>2005-09-30</pubdate>
<copyright>
<year>2002-2005</year>
@ -76,10 +76,10 @@
<programlisting>#ZONE TYPE OPTIONS
fw firewall
net plain
ops plain
loc plain
dmz plain</programlisting>
net ipv4
ops ipv4
loc ipv4
dmz ipv4</programlisting>
<para>The <literal>ops</literal> zone has been added to the standard 3-zone
zones file -- since <literal>ops</literal> is a sub-zone of