shorewall_code/Shorewall/zones

#
# Shorewall version 3.3 - Zones File
#
# /etc/shorewall/zones
#
#	This file declares your network zones. You specify the hosts in
#	each zone through entries in /etc/shorewall/interfaces or
#	/etc/shorewall/hosts.
#
#	WARNING: The format of this file changed in Shorewall 3.0.0. You can
#		 continue to use your old records provided that you set
#		 IPSECFILE=ipsec in /etc/shorewall/shorewall.conf. This will
#		 signal Shorewall that the IPSEC-related zone options are
#		 still specified in /etc/shorewall/ipsec rather than in this
#		 file.
#
#		 To use records in the format described below, you must have
#		 IPSECFILE=zones specified in /etc/shorewall/shorewall.conf
#		 AND YOU MUST NOT SET THE 'FW' VARIABLE IN THAT FILE!!!!!
#
# Columns are:
#
#	ZONE	Short name of the zone. The names "all" and "none" are reserved
#		and may not be used as zone names. The maximum length of a
#		zone name is determined by the setting of the LOGFORMAT option 
#		in shorewall.conf. With the default LOGFORMAT, zone names can
#		be at most 5 characters long.
#
#		Where a zone is nested in one or more other zones,
#		you may follow the (sub)zone name by ":" and a
#		comma-separated list of the parent zones. The parent
#		zones must have been defined in earlier records in this
#		file.
#
#		Example:
#
#			#ZONE     TYPE     OPTIONS
#			a	  ipv4
#			b	  ipv4
#			c:a,b     ipv4
#
#		Currently, Shorewall uses this information to reorder the
#		zone list so that parent zones appear after their subzones in
#		the list. The IMPLICIT_CONTINUE option in shorewall.conf can
#		also create implicit CONTINUE policies to/from the subzone.
#
#		In the future, Shorewall may make additional use
#		of nesting information.
#
#	TYPE	ipv4 -	This is the standard Shorewall zone type and is the
#			default if you leave this column empty or if you enter
#			"-" in the column. Communication with some zone hosts
#			may be encrypted. Encrypted hosts are designated using
#			the 'ipsec'option in /etc/shorewall/hosts.
#		ipsec -	Communication with all zone hosts is encrypted
#			Your kernel and iptables must include policy
#			match support.
#		firewall
#		      - Designates the firewall itself. You must have
#			exactly one 'firewall' zone. No options are
#			permitted with a 'firewall' zone. The name that you
#			enter in the ZONE column will be stored in the shell
#			variable $FW which you may use in other configuration
#			files to designate the firewall zone.
#
#	OPTIONS,	A comma-separated list of options as follows:
#	IN OPTIONS,
#	OUT OPTIONS	reqid=<number> where <number> is specified
#			using setkey(8) using the 'unique:<number>
#			option for the SPD level.
#
#			spi=<number> where <number> is the SPI of
#			the SA used to encrypt/decrypt packets.
#
#			proto=ah|esp|ipcomp
#
#			mss=<number> (sets the MSS field in TCP packets)
#
#			mode=transport|tunnel
#
#			tunnel-src=<address>[/<mask>] (only
#			available with mode=tunnel)
#
#			tunnel-dst=<address>[/<mask>] (only
#			available with mode=tunnel)
#
#			strict	Means that packets must match all rules.
#
#			next	Separates rules; can only be used with
#				strict
#
#		Example:
#			mode=transport,reqid=44
#
#	The options in the OPTIONS column are applied to both incoming
#	and outgoing traffic. The IN OPTIONS are applied to incoming
#	traffic (in addition to OPTIONS) and the OUT OPTIONS are
#	applied to outgoing traffic.
#
#	If you wish to leave a column empty but need to make an entry
#	in a following column, use "-".
#------------------------------------------------------------------------------
# Example zones:
#
#	You have a three interface firewall with internet, local and DMZ
#	interfaces.
#
#	#ZONE	TYPE		OPTIONS		IN			OUT
#	#					OPTIONS			OPTIONS
#	fw	firewall
#	net	ipv4
#	loc	ipv4
#	dmz	ipv4
#
#
# For more information, see http://www.shorewall.net/Documentation.htm#Zones
#
###############################################################################
#ZONE	TYPE		OPTIONS		IN			OUT
#					OPTIONS			OPTIONS
fw	firewall
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE