extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-22 15:43:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Show how to make a dynamic zone a sub-zone

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9165 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-12-24 16:10:46 +00:00
parent c9d9271481
commit fc0158617a
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/ipsets.xml
View File

@ -271,18 +271,20 @@ ipset -B Blacklist 206.124.146.177 -b SMTP</command></programlisting>
<para>The use of ipsets provides a much better way to define dynamic zones
than is provided by the native Shorewall implementation. To define a
dynamic zone of hosts <emphasis role="bold">dyn</emphasis> that interface
dynamic zone of hosts <emphasis role="bold">dyn</emphasis> that is a
sub-zone of zone <emphasis role="bold">loc</emphasis> and that interfaces
through interface eth3, use:</para>
<para>/etc/shorewall/zones:</para>
<programlisting>#ZONE TYPE OPTIONS IN OPTIONS OUT OPTIONS
dyn ipv4</programlisting>
loc ipv4
dyn:loc ipv4</programlisting>
<para>/etc/shorewall/interfaces:</para>
<programlisting>#ZONE INTERFACE OPTIONS
- eth3 …</programlisting>
loc eth3 …</programlisting>
<para>/etc/shorewall/hosts:</para>