Remove 'detectnets' recommendation from the FAQ

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7378 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-09-21 17:29:28 +00:00
parent 808b7fc0a1
commit fddd1835e9

View File

@ -1627,13 +1627,13 @@ Creating input Chains...
<para><emphasis role="bold">Answer:</emphasis> The above output is <para><emphasis role="bold">Answer:</emphasis> The above output is
perfectly normal. The Net zone is defined as all hosts that are perfectly normal. The Net zone is defined as all hosts that are
connected through eth0 and the local zone is defined as all hosts connected through eth0 and the local zone is defined as all hosts
connected through <filename class="devicefile">eth1</filename>. If you connected through <filename class="devicefile">eth1</filename>. You can
are running Shorewall 1.4.10 or later, you can consider setting the set the <emphasis role="bold">routefilter</emphasis> option on an
<ulink url="manpages/shorewall-interfaces.html"> <emphasis internal interface if you wish to guard against
role="bold">detectnets</emphasis> interface option</ulink> on your local '<firstterm>Martians</firstterm>' (a Martian is a packet with a source
interface (<filename class="devicefile">eth1</filename> in the above IP address that is not routed out of the interface on which the packet
example). That will cause Shorewall to restrict the local zone to only was received). If you do that, it is a good idea to also set the
those networks routed through that interface.</para> <emphasis role="bold">logmartians</emphasis> option.</para>
</section> </section>
<section id="faq22"> <section id="faq22">