2004-08-19 00:29:09 +02:00
|
|
|
#
|
2004-10-26 17:37:00 +02:00
|
|
|
# Shorewall 2.2 - /etc/shorewall/ipsec
|
2004-08-19 00:29:09 +02:00
|
|
|
#
|
|
|
|
# This file defines the attributes of zones with respect to
|
|
|
|
# IPSEC. To use this file, you must be running a 2.6 kernel and
|
|
|
|
# both your kernel and iptables must include Policy Match Support.
|
|
|
|
#
|
|
|
|
# The columns are:
|
|
|
|
#
|
|
|
|
# ZONE The name of a zone defined in /etc/shorewall/zones. The
|
|
|
|
# $FW zone may not be listed.
|
|
|
|
#
|
|
|
|
# IPSEC Yes -- Communication with all zone hosts is encrypted
|
|
|
|
# ONLY No -- Communication with some zone hosts is encrypted.
|
|
|
|
# Encrypted hosts are designated using the 'ipsec'
|
|
|
|
# option in /etc/shorewall/hosts.
|
|
|
|
#
|
2004-08-20 17:37:56 +02:00
|
|
|
# OPTIONS, A comma-separated list of options as follows:
|
2004-08-21 02:22:47 +02:00
|
|
|
# IN OPTIONS,
|
|
|
|
# OUT OPTIONS reqid=<number> where <number> is specified
|
|
|
|
# using setkey(8) using the 'unique:<number>
|
2004-08-19 00:29:09 +02:00
|
|
|
# option for the SPD level.
|
|
|
|
#
|
|
|
|
# spi=<number> where <number> is the SPI of
|
2004-08-19 17:21:32 +02:00
|
|
|
# the SA used to encrypt/decrypt packets.
|
2004-08-19 00:29:09 +02:00
|
|
|
#
|
2004-10-15 22:00:48 +02:00
|
|
|
# proto=ah|esp|ipcomp
|
|
|
|
#
|
|
|
|
# mss=<number> (sets the MSS field in TCP packets)
|
2004-08-19 00:29:09 +02:00
|
|
|
#
|
|
|
|
# mode=transport|tunnel
|
|
|
|
#
|
|
|
|
# tunnel-src=<address>[/<mask>] (only
|
|
|
|
# available with mode=tunnel)
|
|
|
|
#
|
|
|
|
# tunnel-dst=<address>[/<mask>] (only
|
|
|
|
# available with mode=tunnel)
|
|
|
|
#
|
2004-08-21 02:22:47 +02:00
|
|
|
# strict Means that packets must match all rules.
|
|
|
|
#
|
|
|
|
# next Separates rules; can only be used with
|
|
|
|
# strict..
|
|
|
|
#
|
2004-08-19 00:29:09 +02:00
|
|
|
# Example:
|
|
|
|
# mode=transport,reqid=44
|
2004-08-20 17:37:56 +02:00
|
|
|
#
|
|
|
|
# The options in the OPTIONS column are applied to both incoming
|
|
|
|
# and outgoing traffic. The IN OPTIONS are applied to incoming
|
|
|
|
# traffic (in addition to OPTIONS) and the OUT OPTIONS are
|
|
|
|
# applied to outgoing traffic.
|
|
|
|
#
|
|
|
|
# If you wish to leave a column empty but need to make an entry
|
|
|
|
# in a following column, use "-".
|
2004-10-15 20:46:27 +02:00
|
|
|
###################################################################################
|
2004-10-15 22:00:48 +02:00
|
|
|
#ZONE IPSEC OPTIONS IN OUT
|
2004-08-20 17:37:56 +02:00
|
|
|
# ONLY OPTIONS OPTIONS
|
2004-08-19 00:29:09 +02:00
|
|
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
|
|
|
|