forked from extern/shorewall_code
Fixe due to validation problems. Use of <figure> replaced by using <bridgehead> for table titles.
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@903 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
6e0128aa17
commit
14fd1d7d1e
@ -63,8 +63,8 @@
|
|||||||
The basic approach will be that we will place the operations staff's class C in its own zone called ops. Here are the appropriate configuration files:
|
The basic approach will be that we will place the operations staff's class C in its own zone called ops. Here are the appropriate configuration files:
|
||||||
</para>
|
</para>
|
||||||
<!-- Zone File -->
|
<!-- Zone File -->
|
||||||
<figure label="1">
|
|
||||||
<title>Zone File</title>
|
<bridgehead renderas="sect4">Zone File</bridgehead>
|
||||||
<informaltable colsep="1" pgwide="0">
|
<informaltable colsep="1" pgwide="0">
|
||||||
<tgroup cols="3" align="left">
|
<tgroup cols="3" align="left">
|
||||||
<thead valign="middle">
|
<thead valign="middle">
|
||||||
@ -111,10 +111,10 @@
|
|||||||
file -- since <literal>ops</literal> is a sub-zone of <literal>loc</literal>, we list it <emphasis>BEFORE</emphasis>
|
file -- since <literal>ops</literal> is a sub-zone of <literal>loc</literal>, we list it <emphasis>BEFORE</emphasis>
|
||||||
<literal>loc</literal>.
|
<literal>loc</literal>.
|
||||||
</para>
|
</para>
|
||||||
</figure>
|
|
||||||
<!-- Interfaces File -->
|
<!-- Interfaces File -->
|
||||||
<figure label="2">
|
|
||||||
<title>Interfaces File</title>
|
<bridgehead renderas="sect4">Interfaces File</bridgehead>
|
||||||
<informaltable colsep="1" pgwide="0">
|
<informaltable colsep="1" pgwide="0">
|
||||||
<tgroup cols="4" align="left">
|
<tgroup cols="4" align="left">
|
||||||
<thead valign="middle">
|
<thead valign="middle">
|
||||||
@ -164,10 +164,10 @@
|
|||||||
<para>
|
<para>
|
||||||
Because <literal>eth2</literal> interfaces to two zones (<literal>ops</literal> and <literal>loc</literal>), we don't specify a zone for it here.
|
Because <literal>eth2</literal> interfaces to two zones (<literal>ops</literal> and <literal>loc</literal>), we don't specify a zone for it here.
|
||||||
</para>
|
</para>
|
||||||
</figure>
|
|
||||||
<!-- Hosts File -->
|
<!-- Hosts File -->
|
||||||
<figure>
|
|
||||||
<title>Hosts File</title>
|
<bridgehead renderas="sect4">Hosts File</bridgehead>
|
||||||
<informaltable colsep="1" pgwide="0">
|
<informaltable colsep="1" pgwide="0">
|
||||||
<tgroup cols="3" align="left">
|
<tgroup cols="3" align="left">
|
||||||
<thead valign="middle">
|
<thead valign="middle">
|
||||||
@ -202,10 +202,10 @@
|
|||||||
<para>
|
<para>
|
||||||
Here we define the <literal>ops</literal> and <literal>loc</literal> zones. When Shorewall is stopped, only the hosts in the <literal>ops</literal> zone will be allowed to access the firewall and the <acronym>DMZ</acronym>. I use <literal>0.0.0.0/0</literal> to define the <literal>loc</literal> zone rather than <literal>10.10.0.0/16</literal> so that the limited broadcast address (<literal>255.255.255.255</literal>) falls into that zone. If I used <literal>10.10.0.0/16</literal> then I would have to have a separate entry for that special address.
|
Here we define the <literal>ops</literal> and <literal>loc</literal> zones. When Shorewall is stopped, only the hosts in the <literal>ops</literal> zone will be allowed to access the firewall and the <acronym>DMZ</acronym>. I use <literal>0.0.0.0/0</literal> to define the <literal>loc</literal> zone rather than <literal>10.10.0.0/16</literal> so that the limited broadcast address (<literal>255.255.255.255</literal>) falls into that zone. If I used <literal>10.10.0.0/16</literal> then I would have to have a separate entry for that special address.
|
||||||
</para>
|
</para>
|
||||||
</figure>
|
|
||||||
<!-- Policy File -->
|
<!-- Policy File -->
|
||||||
<figure label="3">
|
|
||||||
<title>Policy File</title>
|
<bridgehead renderas="sect4">Policy File</bridgehead>
|
||||||
<informaltable colsep="1" pgwide="0">
|
<informaltable colsep="1" pgwide="0">
|
||||||
<tgroup align="left" cols="5">
|
<tgroup align="left" cols="5">
|
||||||
<thead valign="middle">
|
<thead valign="middle">
|
||||||
@ -309,10 +309,10 @@
|
|||||||
<para>
|
<para>
|
||||||
Two entries for <literal>ops</literal> (in bold) have been added to the standard 3-zone policy file.
|
Two entries for <literal>ops</literal> (in bold) have been added to the standard 3-zone policy file.
|
||||||
</para>
|
</para>
|
||||||
</figure>
|
|
||||||
<!-- Rules File -->
|
<!-- Rules File -->
|
||||||
<figure label="4">
|
|
||||||
<title>Rules File</title>
|
<bridgehead renderas="sect4">Rules File</bridgehead>
|
||||||
<informaltable colsep="1" pgwide="0">
|
<informaltable colsep="1" pgwide="0">
|
||||||
<tgroup align="left" cols="7">
|
<tgroup align="left" cols="7">
|
||||||
<thead valign="middle">
|
<thead valign="middle">
|
||||||
@ -363,10 +363,10 @@
|
|||||||
<para>
|
<para>
|
||||||
This is the rule that transparently redirects web traffic to the transparent proxy running on the firewall. The <emphasis role="bold">SOURCE</emphasis> column explicitly excludes the <literal>ops</literal> zone from the rule.
|
This is the rule that transparently redirects web traffic to the transparent proxy running on the firewall. The <emphasis role="bold">SOURCE</emphasis> column explicitly excludes the <literal>ops</literal> zone from the rule.
|
||||||
</para>
|
</para>
|
||||||
</figure>
|
|
||||||
<!-- Routestopped File -->
|
<!-- Routestopped File -->
|
||||||
<figure label="5">
|
|
||||||
<title>Routestopped File</title>
|
<bridgehead renderas="sect4">Routestopped File</bridgehead>
|
||||||
<informaltable colsep="1" pgwide="0">
|
<informaltable colsep="1" pgwide="0">
|
||||||
<tgroup align="left" cols="2">
|
<tgroup align="left" cols="2">
|
||||||
<thead valign="middle">
|
<thead valign="middle">
|
||||||
@ -393,14 +393,5 @@
|
|||||||
</tbody>
|
</tbody>
|
||||||
</tgroup>
|
</tgroup>
|
||||||
</informaltable>
|
</informaltable>
|
||||||
</figure>
|
|
||||||
<para>
|
|
||||||
<revhistory>
|
|
||||||
<revision>
|
|
||||||
<date>December 22, 2003</date>
|
|
||||||
<authorinitials>PAS</authorinitials>
|
|
||||||
<revremark>Initial conversion to DocBook XML from HTML.</revremark>
|
|
||||||
</revision>
|
|
||||||
</revhistory>
|
|
||||||
</para>
|
|
||||||
</article>
|
</article>
|
||||||
|
Loading…
Reference in New Issue
Block a user