diff --git a/Shorewall-docs2/Documentation.xml b/Shorewall-docs2/Documentation.xml
index d386ad4d9..30b772434 100644
--- a/Shorewall-docs2/Documentation.xml
+++ b/Shorewall-docs2/Documentation.xml
@@ -15,7 +15,7 @@
- 2005-09-29
+ 2005-09-302001-2005
@@ -452,7 +452,7 @@ NET_OPTIONS=blacklist,norfc1918
ipsec - All traffic
to/from this zone is encrypted.
- plain - By default,
+ ipv4 - By default,
traffic to/from some of the hosts in this zone is not encrypted.
Any encrypted hosts are designated using the ipsec option in
#ZONE TYPE OPTION
$FW firewall
-sam plain
-net plain
-loc plain
+sam ipv4
+net ipv4
+loc ipv4
/etc/shorewall/interfaces:
diff --git a/Shorewall-docs2/GenericTunnels.xml b/Shorewall-docs2/GenericTunnels.xml
index 414df83f3..cc3491343 100644
--- a/Shorewall-docs2/GenericTunnels.xml
+++ b/Shorewall-docs2/GenericTunnels.xml
@@ -15,7 +15,7 @@
- 2003-09-03
+ 2003-09-302001
@@ -81,7 +81,7 @@
and declare it in /etc/shorewall/zones on both systems as follows.
#ZONE TYPE OPTIONS
-vpn plain
+vpn ipv4
On system A, the 10.0.0.0/8 will comprise the vpn zone. In /etc/shorewall/interfaces:
diff --git a/Shorewall-docs2/IPIP.xml b/Shorewall-docs2/IPIP.xml
index 119154e96..7eceb4f51 100644
--- a/Shorewall-docs2/IPIP.xml
+++ b/Shorewall-docs2/IPIP.xml
@@ -15,7 +15,7 @@
- 2005-09-03
+ 2005-09-302001
@@ -98,7 +98,7 @@
and declare it in /etc/shorewall/zones on both systems as follows.
#ZONE TYPE OPTIONS
-vpn plain
+vpn ipv4
On system A, the 10.0.0.0/8 will comprise the vpn zone. In /etc/shorewall/interfaces:
diff --git a/Shorewall-docs2/IPSEC-2.6.xml b/Shorewall-docs2/IPSEC-2.6.xml
index ccb4429d8..34ec30eab 100644
--- a/Shorewall-docs2/IPSEC-2.6.xml
+++ b/Shorewall-docs2/IPSEC-2.6.xml
@@ -15,7 +15,7 @@
- 2005-09-12
+ 2005-09-302004
@@ -219,11 +219,11 @@
By default, encrypted communication is not used to communicate
with the hosts in a zone.
- The value plain is placed in
- the TYPE column of the /etc/shorewall/zones entry
- for the zone and the new ipsec option
- is specified in /etc/shorewall/hosts for any
- hosts requiring secure communication.
+ The value ipv4 is placed in the
+ TYPE column of the /etc/shorewall/zones entry for
+ the zone and the new ipsec option is
+ specified in /etc/shorewall/hosts for any hosts
+ requiring secure communication.
@@ -321,8 +321,8 @@ ipsec net 206.162.148.9
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
-vpn plain
-net plain
+vpn ipv4
+net ipv4
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
@@ -495,8 +495,8 @@ sec ipsec mode=tunnel mss=1400#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
vpn ipsec
-net plain
-loc plain
+net ipv4
+loc ipv4
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
@@ -538,8 +538,8 @@ vpn eth0:0.0.0.0/0
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
vpn ipsec
-net plain
-loc plain
+net ipv4
+loc ipv4
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE/etc/shorewall/tunnels - System B:
@@ -751,7 +751,7 @@ ipsec:noah net 192.168.20.0/24 loc
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
loc ipsec mode=transport
-net plain
+net ipv4
/etc/shorewall/hosts:
diff --git a/Shorewall-docs2/IPSEC.xml b/Shorewall-docs2/IPSEC.xml
index 058f1eaba..2e67ed930 100644
--- a/Shorewall-docs2/IPSEC.xml
+++ b/Shorewall-docs2/IPSEC.xml
@@ -15,7 +15,7 @@
- 2005-09-03
+ 2005-09-302001-2005
@@ -155,8 +155,8 @@ ipsec net 206.161.148.9
/etc/shorewall/zones (both systems):#ZONE TYPE OPTIONS
-vpn plain
-net plain
+vpn ipv4
+net ipv4
If you are running kernel
2.4:
@@ -283,13 +283,13 @@ ipsec net 206.161.148.9
networks. On System A:
#ZONE TYPE OPTIONS
-vpn1 plain
-vp2 plain
+vpn1 ipv4
+vp2 ipv4
On systems B and C:#ZONE TYPE OPTIONS
-vpn plain
+vpn ipv4
At system A, ipsec0 represents two zones so we have the following in
/etc/shorewall/interfaces:
@@ -374,7 +374,7 @@ vpn2 vpn1 ACCEPT
/etc/shorewall/zones - System A#ZONE TYPE OPTIONS
-vpn plain
+vpn ipv4
In this instance, the mobile system (B) has IP address 134.28.54.2
but that cannot be determined in advance. In the /etc/shorewall/tunnels
@@ -408,9 +408,9 @@ ipsec net 0.0.0.0/0
In /etc/shorewall/zones:#ZONE TYPE OPTIONS
-vpn1 plain
-vpn2 plain
-vpn3 plain
+vpn1 ipv4
+vpn2 ipv4
+vpn3 ipv4
In /etc/shorewall/tunnels:
diff --git a/Shorewall-docs2/Multiple_Zones.xml b/Shorewall-docs2/Multiple_Zones.xml
index ceb478611..b194acb2e 100644
--- a/Shorewall-docs2/Multiple_Zones.xml
+++ b/Shorewall-docs2/Multiple_Zones.xml
@@ -15,7 +15,7 @@
- 2005-09-03
+ 2005-09-302003-2005
@@ -213,8 +213,8 @@
/etc/shorewall/zones#ZONE TYPE OPTIONS
-loc1 plain
-loc plain
+loc1 ipv4
+loc ipv4
the sub-zone (loc1) is defined first!
@@ -252,8 +252,8 @@ loc1 loc NONE
/etc/shorewall/zones#ZONE TYPE OPTIONS
-loc1 plain
-loc2 plain
+loc1 ipv4
+loc2 ipv4
Here it doesn't matter which zone is defined first.
@@ -295,8 +295,8 @@ loc2 loc1 NONE
/etc/shorewall/zones#ZONE TYPE OPTIONS
-loc1 plain
-loc plain
+loc1 ipv4
+loc ipv4
the sub-zone (loc1) is defined first!
@@ -340,8 +340,8 @@ loc1 loc NONE
/etc/shorewall/zones#ZONE TYPE OPTIONS
-loc1 plain
-net plain
+loc1 ipv4
+net ipv4
the sub-zone (loc) is defined first!
diff --git a/Shorewall-docs2/OPENVPN.xml b/Shorewall-docs2/OPENVPN.xml
index b4bb1eb0c..95ee8ae6b 100644
--- a/Shorewall-docs2/OPENVPN.xml
+++ b/Shorewall-docs2/OPENVPN.xml
@@ -21,7 +21,7 @@
- 2005-08-30
+ 2005-09-302003
@@ -106,7 +106,7 @@
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
-vpn plain
+vpn ipv4
On system A, the 10.0.0.0/8 will comprise the #ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
-road plain
+road ipv4
On system A, the remote clients will comprise the #ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
-home plain
+home ipv4
On system A, the hosts accessible through the tunnel will comprise
diff --git a/Shorewall-docs2/Shorewall_and_Aliased_Interfaces.xml b/Shorewall-docs2/Shorewall_and_Aliased_Interfaces.xml
index 3ee35cc46..731e61249 100644
--- a/Shorewall-docs2/Shorewall_and_Aliased_Interfaces.xml
+++ b/Shorewall-docs2/Shorewall_and_Aliased_Interfaces.xml
@@ -15,7 +15,7 @@
- 2005-09-29
+ 2005-09-302001-2005
@@ -289,7 +289,7 @@ ACCEPT net loc:192.168.1.3 tcp 22In /etc/shorewall/zones:#ZONE TYPE OPTIONS
-loc plain
+loc ipv4
In /etc/shorewall/interfaces:
@@ -310,8 +310,8 @@ loc eth1 192.168.1.255,192.168.20.255 rout
In /etc/shorewall/zones:#ZONE TYPE OPTIONS
-loc plain
-loc2 plain
+loc ipv4
+loc2 ipv4
In /etc/shorewall/interfaces:
diff --git a/Shorewall-docs2/bridge.xml b/Shorewall-docs2/bridge.xml
index 50474ae6a..3a226de50 100755
--- a/Shorewall-docs2/bridge.xml
+++ b/Shorewall-docs2/bridge.xml
@@ -15,7 +15,7 @@
- 2005-09-03
+ 2005-09-302004
@@ -489,8 +489,8 @@ rc-update add bridge boot
#ZONE TYPE OPTIONS
fw firewall
-net plain
-loc plain
+net ipv4
+loc ipv4
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVEA conventional two-zone policy file is appropriate here —
diff --git a/Shorewall-docs2/ipsets.xml b/Shorewall-docs2/ipsets.xml
index d5cb39f3f..ba849a8ad 100644
--- a/Shorewall-docs2/ipsets.xml
+++ b/Shorewall-docs2/ipsets.xml
@@ -15,7 +15,7 @@
- 2005-09-12
+ 2005-09-302005
@@ -197,7 +197,7 @@ ipset -B Blacklist 206.124.146.177 -b SMTP
/etc/shorewall/zones:#ZONE TYPE OPTIONS IN OPTIONS OUT OPTIONS
-dyn plain
+dyn ipv4
/etc/shorewall/interfaces:
diff --git a/Shorewall-docs2/myfiles.xml b/Shorewall-docs2/myfiles.xml
index 5dcea831a..c7faaf22f 100644
--- a/Shorewall-docs2/myfiles.xml
+++ b/Shorewall-docs2/myfiles.xml
@@ -257,7 +257,7 @@ sec ipsec mode=tunnel mss=1400
#ZONE INTERFACE BROADCAST OPTIONS
-net $EXT_IF 206.124.146.255 dhcp,norfc1918,logmartians,blacklist,tcpflags,nosmurfs,arp_filter
+net $EXT_IF 206.124.146.255 dhcp,norfc1918,logmartians,blacklist,tcpflags,nosmurfs
loc $INT_IF detect dhcp,routeback
dmz $DMZ_IF -
vpn tun+ -
diff --git a/Shorewall-docs2/shorewall_setup_guide.xml b/Shorewall-docs2/shorewall_setup_guide.xml
index 52077c906..d0759b664 100644
--- a/Shorewall-docs2/shorewall_setup_guide.xml
+++ b/Shorewall-docs2/shorewall_setup_guide.xml
@@ -15,7 +15,7 @@
- 2005-09-12
+ 2005-09-302001-2005
@@ -177,9 +177,9 @@
#ZONE TYPE OPTIONS
fw firewall
-net plain
-loc plain
-dmz plain
+net ipv4
+loc ipv4
+dmz ipv4Note that Shorewall recognizes the firewall system as its own zone -
diff --git a/Shorewall-docs2/standalone.xml b/Shorewall-docs2/standalone.xml
index 9b9b01823..a8a50c215 100644
--- a/Shorewall-docs2/standalone.xml
+++ b/Shorewall-docs2/standalone.xml
@@ -15,7 +15,7 @@
- 2005-09-12
+ 2005-09-302002-2005
@@ -169,7 +169,7 @@
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
-net plain
+net ipv4
Shorewall zones are defined in /etc/shorewall/zones.
diff --git a/Shorewall-docs2/three-interface.xml b/Shorewall-docs2/three-interface.xml
index bfdabd088..ba519c35d 100755
--- a/Shorewall-docs2/three-interface.xml
+++ b/Shorewall-docs2/three-interface.xml
@@ -15,7 +15,7 @@
- 2005-09-19
+ 2005-09-302002-2005
@@ -212,9 +212,9 @@
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
-net plain
-loc plain
-dmz plainZone names are defined in
+net ipv4
+loc ipv4
+dmz ipv4Zone names are defined in
/etc/shorewall/zones.Note that Shorewall recognizes the firewall system as its own zone.
diff --git a/Shorewall-docs2/two-interface.xml b/Shorewall-docs2/two-interface.xml
index 940aa978b..3118495f8 100644
--- a/Shorewall-docs2/two-interface.xml
+++ b/Shorewall-docs2/two-interface.xml
@@ -12,7 +12,7 @@
Eastep
- 2005-09-20
+ 2005-09-302002-
@@ -215,10 +215,11 @@
a set of zones. In the two-interface sample configuration, the following
zone names are used:
- #ZONE IPSEC OPTIONS IN OUT
-# ONLY OPTIONS OPTIONS
-net
-loc Zones are defined in the #ZONE TYPE OPTIONS IN OUT
+# OPTIONS OPTIONS
+fw firewall
+net ipv4
+loc ipv4Zones are defined in the /etc/shorewall/zones
file.
diff --git a/Shorewall-docs2/whitelisting_under_shorewall.xml b/Shorewall-docs2/whitelisting_under_shorewall.xml
index 5de15a397..b189d17b7 100644
--- a/Shorewall-docs2/whitelisting_under_shorewall.xml
+++ b/Shorewall-docs2/whitelisting_under_shorewall.xml
@@ -12,7 +12,7 @@
Eastep
- 2005-09-03
+ 2005-09-302002-2005
@@ -76,10 +76,10 @@
#ZONE TYPE OPTIONS
fw firewall
-net plain
-ops plain
-loc plain
-dmz plain
+net ipv4
+ops ipv4
+loc ipv4
+dmz ipv4
The ops zone has been added to the standard 3-zone
zones file -- since ops is a sub-zone of