mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-22 07:33:43 +01:00
Rename 'plain' to 'ipv4' in zones file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2760 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
a7258ce1ff
commit
f8ebb40ee4
@ -15,7 +15,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2005-09-29</pubdate>
|
||||
<pubdate>2005-09-30</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2001-2005</year>
|
||||
@ -452,7 +452,7 @@ NET_OPTIONS=blacklist,norfc1918</programlisting>
|
||||
<member><emphasis role="bold">ipsec</emphasis> - All traffic
|
||||
to/from this zone is encrypted.</member>
|
||||
|
||||
<member><emphasis role="bold">plain</emphasis> - By default,
|
||||
<member><emphasis role="bold">ipv4</emphasis> - By default,
|
||||
traffic to/from some of the hosts in this zone is not encrypted.
|
||||
Any encrypted hosts are designated using the <emphasis
|
||||
role="bold">ipsec</emphasis> option in <link
|
||||
@ -1368,9 +1368,9 @@ loc loc REJECT info</programlisting>
|
||||
|
||||
<programlisting>#ZONE TYPE OPTION
|
||||
$FW firewall
|
||||
sam plain
|
||||
net plain
|
||||
loc plain</programlisting>
|
||||
sam ipv4
|
||||
net ipv4
|
||||
loc ipv4</programlisting>
|
||||
|
||||
<para><filename>/etc/shorewall/interfaces</filename>:</para>
|
||||
|
||||
|
@ -15,7 +15,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2003-09-03</pubdate>
|
||||
<pubdate>2003-09-30</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2001</year>
|
||||
@ -81,7 +81,7 @@
|
||||
and declare it in /etc/shorewall/zones on both systems as follows.</para>
|
||||
|
||||
<programlisting>#ZONE TYPE OPTIONS
|
||||
vpn plain</programlisting>
|
||||
vpn ipv4</programlisting>
|
||||
|
||||
<para>On system A, the 10.0.0.0/8 will comprise the <emphasis
|
||||
role="bold">vpn</emphasis> zone. In /etc/shorewall/interfaces:</para>
|
||||
|
@ -15,7 +15,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2005-09-03</pubdate>
|
||||
<pubdate>2005-09-30</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2001</year>
|
||||
@ -98,7 +98,7 @@
|
||||
and declare it in /etc/shorewall/zones on both systems as follows.</para>
|
||||
|
||||
<programlisting>#ZONE TYPE OPTIONS
|
||||
vpn plain</programlisting>
|
||||
vpn ipv4</programlisting>
|
||||
|
||||
<para>On system A, the 10.0.0.0/8 will comprise the <emphasis
|
||||
role="bold">vpn</emphasis> zone. In /etc/shorewall/interfaces:</para>
|
||||
|
@ -15,7 +15,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2005-09-12</pubdate>
|
||||
<pubdate>2005-09-30</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2004</year>
|
||||
@ -219,11 +219,11 @@
|
||||
<para>By default, encrypted communication is not used to communicate
|
||||
with the hosts in a zone.</para>
|
||||
|
||||
<para>The value <emphasis role="bold">plain</emphasis> is placed in
|
||||
the TYPE column of the <filename>/etc/shorewall/zones</filename> entry
|
||||
for the zone and the new <emphasis role="bold">ipsec</emphasis> option
|
||||
is specified in <filename>/etc/shorewall/hosts</filename> for any
|
||||
hosts requiring secure communication.</para>
|
||||
<para>The value <emphasis role="bold">ipv4</emphasis> is placed in the
|
||||
TYPE column of the <filename>/etc/shorewall/zones</filename> entry for
|
||||
the zone and the new <emphasis role="bold">ipsec</emphasis> option is
|
||||
specified in <filename>/etc/shorewall/hosts</filename> for any hosts
|
||||
requiring secure communication.</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
@ -321,8 +321,8 @@ ipsec net 206.162.148.9
|
||||
|
||||
<programlisting>#ZONE TYPE OPTIONS IN OUT
|
||||
# OPTIONS OPTIONS
|
||||
vpn plain
|
||||
net plain
|
||||
vpn ipv4
|
||||
net ipv4
|
||||
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</programlisting>
|
||||
</blockquote>
|
||||
|
||||
@ -495,8 +495,8 @@ sec ipsec mode=tunnel <emphasis role="bold">mss=1400</emphasis
|
||||
<programlisting>#ZONE TYPE OPTIONS IN OUT
|
||||
# OPTIONS OPTIONS
|
||||
vpn ipsec
|
||||
net plain
|
||||
loc plain
|
||||
net ipv4
|
||||
loc ipv4
|
||||
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</programlisting>
|
||||
</blockquote>
|
||||
|
||||
@ -538,8 +538,8 @@ vpn eth0:0.0.0.0/0
|
||||
<programlisting>#ZONE TYPE OPTIONS IN OUT
|
||||
# OPTIONS OPTIONS
|
||||
vpn ipsec
|
||||
net plain
|
||||
loc plain
|
||||
net ipv4
|
||||
loc ipv4
|
||||
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</programlisting>
|
||||
|
||||
<para>/etc/shorewall/tunnels - System B:</para>
|
||||
@ -751,7 +751,7 @@ ipsec:noah net 192.168.20.0/24 loc</programlisting>
|
||||
<programlisting>#ZONE TYPE OPTIONS IN OUT
|
||||
# OPTIONS OPTIONS
|
||||
loc ipsec mode=transport
|
||||
net plain</programlisting>
|
||||
net ipv4</programlisting>
|
||||
|
||||
<para><filename>/etc/shorewall/hosts</filename>:</para>
|
||||
|
||||
|
@ -15,7 +15,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2005-09-03</pubdate>
|
||||
<pubdate>2005-09-30</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2001-2005</year>
|
||||
@ -155,8 +155,8 @@ ipsec net 206.161.148.9</programlisting>
|
||||
<para>/etc/shorewall/zones (both systems):</para>
|
||||
|
||||
<programlisting>#ZONE TYPE OPTIONS
|
||||
vpn plain
|
||||
net plain</programlisting>
|
||||
vpn ipv4
|
||||
net ipv4</programlisting>
|
||||
|
||||
<para><emphasis role="bold">If you are running kernel
|
||||
2.4:</emphasis><blockquote>
|
||||
@ -283,13 +283,13 @@ ipsec net 206.161.148.9</programlisting>
|
||||
networks. On System A:</para>
|
||||
|
||||
<programlisting>#ZONE TYPE OPTIONS
|
||||
vpn1 plain
|
||||
vp2 plain</programlisting>
|
||||
vpn1 ipv4
|
||||
vp2 ipv4</programlisting>
|
||||
|
||||
<para>On systems B and C:</para>
|
||||
|
||||
<programlisting>#ZONE TYPE OPTIONS
|
||||
vpn plain</programlisting>
|
||||
vpn ipv4</programlisting>
|
||||
|
||||
<para>At system A, ipsec0 represents two zones so we have the following in
|
||||
/etc/shorewall/interfaces:</para>
|
||||
@ -374,7 +374,7 @@ vpn2 vpn1 ACCEPT</programlisting>
|
||||
<para>/etc/shorewall/zones - System A</para>
|
||||
|
||||
<programlisting>#ZONE TYPE OPTIONS
|
||||
vpn plain</programlisting>
|
||||
vpn ipv4</programlisting>
|
||||
|
||||
<para>In this instance, the mobile system (B) has IP address 134.28.54.2
|
||||
but that cannot be determined in advance. In the /etc/shorewall/tunnels
|
||||
@ -408,9 +408,9 @@ ipsec net 0.0.0.0/0</programlisting>
|
||||
<para>In /etc/shorewall/zones:</para>
|
||||
|
||||
<programlisting>#ZONE TYPE OPTIONS
|
||||
vpn1 plain
|
||||
vpn2 plain
|
||||
vpn3 plain</programlisting>
|
||||
vpn1 ipv4
|
||||
vpn2 ipv4
|
||||
vpn3 ipv4</programlisting>
|
||||
|
||||
<para>In /etc/shorewall/tunnels:</para>
|
||||
|
||||
|
@ -15,7 +15,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2005-09-03</pubdate>
|
||||
<pubdate>2005-09-30</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2003-2005</year>
|
||||
@ -213,8 +213,8 @@
|
||||
<para><filename>/etc/shorewall/zones</filename></para>
|
||||
|
||||
<programlisting>#ZONE TYPE OPTIONS
|
||||
loc1 plain
|
||||
loc plain</programlisting>
|
||||
loc1 ipv4
|
||||
loc ipv4</programlisting>
|
||||
|
||||
<note>
|
||||
<para>the sub-zone (loc1) is defined first!</para>
|
||||
@ -252,8 +252,8 @@ loc1 loc NONE</programlisting>
|
||||
<para><filename>/etc/shorewall/zones</filename></para>
|
||||
|
||||
<programlisting>#ZONE TYPE OPTIONS
|
||||
loc1 plain
|
||||
loc2 plain</programlisting>
|
||||
loc1 ipv4
|
||||
loc2 ipv4</programlisting>
|
||||
|
||||
<note>
|
||||
<para>Here it doesn't matter which zone is defined first.</para>
|
||||
@ -295,8 +295,8 @@ loc2 loc1 NONE</programlisting>
|
||||
<para><filename>/etc/shorewall/zones</filename></para>
|
||||
|
||||
<programlisting>#ZONE TYPE OPTIONS
|
||||
loc1 plain
|
||||
loc plain</programlisting>
|
||||
loc1 ipv4
|
||||
loc ipv4</programlisting>
|
||||
|
||||
<note>
|
||||
<para>the sub-zone (loc1) is defined first!</para>
|
||||
@ -340,8 +340,8 @@ loc1 loc NONE</programlisting>
|
||||
<para><filename>/etc/shorewall/zones</filename></para>
|
||||
|
||||
<programlisting>#ZONE TYPE OPTIONS
|
||||
loc1 plain
|
||||
net plain</programlisting>
|
||||
loc1 ipv4
|
||||
net ipv4</programlisting>
|
||||
|
||||
<note>
|
||||
<para>the sub-zone (loc) is defined first!</para>
|
||||
|
@ -21,7 +21,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2005-08-30</pubdate>
|
||||
<pubdate>2005-09-30</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2003</year>
|
||||
@ -106,7 +106,7 @@
|
||||
|
||||
<programlisting>#ZONE TYPE OPTIONS IN OUT
|
||||
# OPTIONS OPTIONS
|
||||
vpn plain</programlisting>
|
||||
vpn ipv4</programlisting>
|
||||
</blockquote>
|
||||
|
||||
<para>On system A, the 10.0.0.0/8 will comprise the <emphasis
|
||||
@ -241,7 +241,7 @@ vpn loc ACCEPT</programlisting>
|
||||
|
||||
<programlisting>#ZONE TYPE OPTIONS IN OUT
|
||||
# OPTIONS OPTIONS
|
||||
road plain</programlisting>
|
||||
road ipv4</programlisting>
|
||||
</blockquote>
|
||||
|
||||
<para>On system A, the remote clients will comprise the <emphasis
|
||||
@ -325,7 +325,7 @@ verb 3</programlisting>
|
||||
|
||||
<programlisting>#ZONE TYPE OPTIONS IN OUT
|
||||
# OPTIONS OPTIONS
|
||||
home plain</programlisting>
|
||||
home ipv4</programlisting>
|
||||
</blockquote>
|
||||
|
||||
<para>On system A, the hosts accessible through the tunnel will comprise
|
||||
|
@ -15,7 +15,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2005-09-29</pubdate>
|
||||
<pubdate>2005-09-30</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2001-2005</year>
|
||||
@ -289,7 +289,7 @@ ACCEPT net loc:192.168.1.3 tcp 22</programlisting></para>
|
||||
<para>In <filename>/etc/shorewall/zones</filename>:</para>
|
||||
|
||||
<programlisting>#ZONE TYPE OPTIONS
|
||||
loc plain</programlisting>
|
||||
loc ipv4</programlisting>
|
||||
|
||||
<para>In <filename>/etc/shorewall/interfaces</filename>:</para>
|
||||
|
||||
@ -310,8 +310,8 @@ loc eth1 192.168.1.255,192.168.20.255 <emphasis role="bold">rout
|
||||
<para>In <filename>/etc/shorewall/zones</filename>:</para>
|
||||
|
||||
<programlisting>#ZONE TYPE OPTIONS
|
||||
loc plain
|
||||
loc2 plain</programlisting>
|
||||
loc ipv4
|
||||
loc2 ipv4</programlisting>
|
||||
|
||||
<para>In <filename>/etc/shorewall/interfaces</filename>:</para>
|
||||
|
||||
|
@ -15,7 +15,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2005-09-03</pubdate>
|
||||
<pubdate>2005-09-30</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2004</year>
|
||||
@ -489,8 +489,8 @@ rc-update add bridge boot
|
||||
|
||||
<programlisting>#ZONE TYPE OPTIONS
|
||||
fw firewall
|
||||
net plain
|
||||
loc plain
|
||||
net ipv4
|
||||
loc ipv4
|
||||
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE</programlisting>
|
||||
|
||||
<para>A conventional two-zone policy file is appropriate here —
|
||||
|
@ -15,7 +15,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2005-09-12</pubdate>
|
||||
<pubdate>2005-09-30</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2005</year>
|
||||
@ -197,7 +197,7 @@ ipset -B Blacklist 206.124.146.177 -b SMTP</command></programlisting>
|
||||
<para>/etc/shorewall/zones:</para>
|
||||
|
||||
<programlisting>#ZONE TYPE OPTIONS IN OPTIONS OUT OPTIONS
|
||||
dyn plain</programlisting>
|
||||
dyn ipv4</programlisting>
|
||||
|
||||
<para>/etc/shorewall/interfaces:</para>
|
||||
|
||||
|
@ -257,7 +257,7 @@ sec ipsec mode=tunnel mss=1400
|
||||
|
||||
<blockquote>
|
||||
<programlisting>#ZONE INTERFACE BROADCAST OPTIONS
|
||||
net $EXT_IF 206.124.146.255 dhcp,norfc1918,logmartians,blacklist,tcpflags,nosmurfs,arp_filter
|
||||
net $EXT_IF 206.124.146.255 dhcp,norfc1918,logmartians,blacklist,tcpflags,nosmurfs
|
||||
loc $INT_IF detect dhcp,routeback
|
||||
dmz $DMZ_IF -
|
||||
vpn tun+ -
|
||||
|
@ -15,7 +15,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2005-09-12</pubdate>
|
||||
<pubdate>2005-09-30</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2001-2005</year>
|
||||
@ -177,9 +177,9 @@
|
||||
|
||||
<programlisting>#ZONE TYPE OPTIONS
|
||||
fw firewall
|
||||
net plain
|
||||
loc plain
|
||||
dmz plain</programlisting>
|
||||
net ipv4
|
||||
loc ipv4
|
||||
dmz ipv4</programlisting>
|
||||
</important>
|
||||
|
||||
<para>Note that Shorewall recognizes the firewall system as its own zone -
|
||||
|
@ -15,7 +15,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2005-09-12</pubdate>
|
||||
<pubdate>2005-09-30</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2002-2005</year>
|
||||
@ -169,7 +169,7 @@
|
||||
<programlisting>#ZONE TYPE OPTIONS IN OUT
|
||||
# OPTIONS OPTIONS
|
||||
fw firewall
|
||||
net plain</programlisting>
|
||||
net ipv4</programlisting>
|
||||
|
||||
<para>Shorewall zones are defined in <ulink
|
||||
url="Documentation.htm#Zones"><filename>/etc/shorewall/zones</filename></ulink>.</para>
|
||||
|
@ -15,7 +15,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2005-09-19</pubdate>
|
||||
<pubdate>2005-09-30</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2002-2005</year>
|
||||
@ -212,9 +212,9 @@
|
||||
<para><programlisting>#ZONE TYPE OPTIONS IN OUT
|
||||
# OPTIONS OPTIONS
|
||||
fw firewall
|
||||
net plain
|
||||
loc plain
|
||||
dmz plain</programlisting>Zone names are defined in
|
||||
net ipv4
|
||||
loc ipv4
|
||||
dmz ipv4</programlisting>Zone names are defined in
|
||||
<filename>/etc/shorewall/zones</filename>.</para>
|
||||
|
||||
<para>Note that Shorewall recognizes the firewall system as its own zone.
|
||||
|
@ -12,7 +12,7 @@
|
||||
<surname>Eastep</surname>
|
||||
</author>
|
||||
|
||||
<pubdate>2005-09-20</pubdate>
|
||||
<pubdate>2005-09-30</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2002-</year>
|
||||
@ -215,10 +215,11 @@
|
||||
a set of zones. In the two-interface sample configuration, the following
|
||||
zone names are used:</para>
|
||||
|
||||
<para><programlisting>#ZONE IPSEC OPTIONS IN OUT
|
||||
# ONLY OPTIONS OPTIONS
|
||||
net
|
||||
loc</programlisting> Zones are defined in the <ulink
|
||||
<para><programlisting>#ZONE TYPE OPTIONS IN OUT
|
||||
# OPTIONS OPTIONS
|
||||
fw firewall
|
||||
net ipv4
|
||||
loc ipv4</programlisting>Zones are defined in the <ulink
|
||||
url="Documentation.htm#Zones"><filename
|
||||
class="directory">/etc/shorewall/</filename><filename>zones</filename></ulink>
|
||||
file.</para>
|
||||
|
@ -12,7 +12,7 @@
|
||||
<surname>Eastep</surname>
|
||||
</author>
|
||||
|
||||
<pubdate>2005-09-03</pubdate>
|
||||
<pubdate>2005-09-30</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2002-2005</year>
|
||||
@ -76,10 +76,10 @@
|
||||
|
||||
<programlisting>#ZONE TYPE OPTIONS
|
||||
fw firewall
|
||||
net plain
|
||||
ops plain
|
||||
loc plain
|
||||
dmz plain</programlisting>
|
||||
net ipv4
|
||||
ops ipv4
|
||||
loc ipv4
|
||||
dmz ipv4</programlisting>
|
||||
|
||||
<para>The <literal>ops</literal> zone has been added to the standard 3-zone
|
||||
zones file -- since <literal>ops</literal> is a sub-zone of
|
||||
|
Loading…
Reference in New Issue
Block a user