#
# Shorewall 1.3 -- Interfaces File
#
# /etc/shorewall/interfaces
#
#	You must add an entry in this file for each network interface on your
#	firewall system.
#
# Columns are:
#
#	ZONE		Zone for this interface. Must match the short name
#			of a zone defined in /etc/shorewall/zones.
#
#			If the interface serves multiple zones that will be
#			defined in the /etc/shorewall/hosts file, you may
#			place "-" in this column.
#	
#	INTERFACE	Name of interface
#
#	BROADCAST	The broadcast address for the subnetwork to which the
#			interface belongs. For P-T-P interfaces, this
#			column is left black.
#					    
#			If you use the special value "detect", the firewall
#			will detect the broadcast address for you. If you
#			select this option, the interface must be up before
#			the firewall is started and you must have iproute
#			installed.
#			
#			If you don't want to give a value for this column but
#			you want to enter a value in the OPTIONS column, enter
#			"-" in this column.
#
#	OPTIONS		A comma-separated list of options including the
#			following:
#
#			dhcp	     - interface is managed by DHCP or used by
#                                      a DHCP server running on the firewall.
#			noping	     - icmp echo-request (ping) packets should
#				       be ignored on this interface
#			routestopped - When the firewall is stopped, allow
#				       and route traffic to and from this
#				       interface.
#			norfc1918    - This interface should not receive
#				       any packets whose source is in one
#				       of the ranges reserved by RFC 1918
#				       (i.e., private or "non-routable"
#				       addresses. If packet mangling is
#				       enabled in shorewall.conf, packets
#				       whose destination addresses are
#				       reserved by RFC 1918 are also rejected.
#			multi	     - This interface has multiple IP
#				       addresses and you want to be able to
#				       route between them.
#			routefilter  - turn on kernel route filtering for this
#				       interface (anti-spoofing measure).
#			dropunclean  - Logs and drops mangled/invalid packets
#
#			logunclean   - Logs mangled/invalid packets but does
#				       not drop them.
#	.	.	blacklist    - Check packets arriving on this interface
#				       against the /etc/shorewall/blacklist
#				       file.
#
#	Example 1:	Suppose you have eth0 connected to a DSL modem and
#			eth1 connected to your local network and that your
#			local subnet is 192.168.1.0/24. The interface gets
#			it's IP address via DHCP from subnet
#			206.191.149.192/27 and you want pings from the internet
#			to be ignored. You interface a DMZ with subnet
#			192.168.2.0/24 using eth2. You want to be able to
#			access the firewall from the local network when the
#			firewall is stopped.
#
#			Your entries for this setup would look like:
#
#			net	eth0	206.191.149.223	noping,dhcp
#			local	eth1	192.168.1.255	routestopped
#			dmz	eth2	192.168.2.255
#
#	Example 2:	The same configuration without specifying broadcast
#			addresses is:
#
#			net	eth0	detect		noping,dhcp
#			loc	eth1	detect		routestopped
#			dmz	eth2	detect
#
#	Example 3:	You have a simple dial-in system with no ethernet
#			connections and you want to ignore ping requests.
#
#			net	ppp0	-		noping
##############################################################################
#ZONE	 INTERFACE	BROADCAST	OPTIONS
net     eth0		detect		dhcp,norfc1918
loc	eth1		detect		routestopped
dmz	eth2		detect		routestopped
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE