holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

More 3.0 updates

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2716 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-09-20 22:39:45 +00:00
parent e1ed494516
commit 193632b084
2 changed files with 15 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
Shorewall-docs2/three-interface.xml
View File

@ -741,15 +741,14 @@ DNS/ACCEPT $FW dmz:10.10.11.1 </programlisting></para>
<para>In the rules shown above, <quote>DNS/ACCEPT</quote> is an example of <para>In the rules shown above, <quote>DNS/ACCEPT</quote> is an example of
a <emphasis>defined macro</emphasis>. Shorewall includes a number of a <emphasis>defined macro</emphasis>. Shorewall includes a number of
defined macros and <ulink url="Actions.html">you can add your own</ulink>. defined macros and <ulink url="Macros.html">you can add your own</ulink>.
To see the list of macros included with your version of Shorewall, look in To see the list of macros included with your version of Shorewall, run the
the file <filename>/usr/share/shorewall/actions.std</filename>.</para> command <command>ls
<filename>/usr/share/shorewall/macro.*</filename></command>.</para>
<para>You don't have to use defined macros when coding a rule in <para>You don't have to use defined macros when coding a rule in
<filename>/etc/shorewall/rules</filename>; the generated Netfilter ruleset <filename>/etc/shorewall/rules</filename>. The first example above (name
is slightly more efficient if you code your rules directly rather than server on the firewall) could also have been coded as follows:</para>
using defined macros. The first example above (name server on the
firewall) could also have been coded as follows:</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S) <programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
ACCEPT loc $FW tcp 53 ACCEPT loc $FW tcp 53
@ -759,7 +758,9 @@ ACCEPT dmz $FW udp 53 </programlist
<para>In cases where Shorewall doesn't include a defined macro to meet <para>In cases where Shorewall doesn't include a defined macro to meet
your needs, you can either define the macro yourself or you can simply your needs, you can either define the macro yourself or you can simply
code the appropriate rules directly.</para> code the appropriate rules directly. <ulink url="ports.html">This
page</ulink> can be of help if you don't know the protocol and port
involved.</para>
</section> </section>
<section> <section>
@ -779,8 +780,8 @@ SSH/ACCEPT loc dmz </programlisting>Those rules allow you to run
connect to those servers from your local systems.</para> connect to those servers from your local systems.</para>
<para>If you wish to enable other connections between your systems, the <para>If you wish to enable other connections between your systems, the
general format for using a defined macro is: <programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S) general format for using a defined macro is: <programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
&lt;<emphasis>macro</emphasis>&gt; <emphasis>&lt;source zone&gt; &lt;destination zone&gt;</emphasis></programlisting></para> &lt;<emphasis>macro</emphasis>&gt;/ACCEPT <emphasis>&lt;source zone&gt; &lt;destination zone&gt;</emphasis></programlisting></para>
<para>The general format when not using a defined action <para>The general format when not using a defined action
is:<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S) is:<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)

8
Shorewall-docs2/two-interface.xml
View File

@ -12,7 +12,7 @@
<surname>Eastep</surname> <surname>Eastep</surname>
</author> </author>
<pubdate>2005-09-12</pubdate> <pubdate>2005-09-20</pubdate>
<copyright> <copyright>
<year>2002-</year> <year>2002-</year>
@ -714,12 +714,12 @@ DNS/ACCEPT $FW net</programlisting>This rule allows
ACCEPT $FW net udp 53 ACCEPT $FW net udp 53
ACCEPT $FW net tcp 53</programlisting></para> ACCEPT $FW net tcp 53</programlisting></para>
<para>In cases where Shorewall doesn't include a defined action to meet <para>In cases where Shorewall doesn't include a defined macro to meet
your needs, you can either define the action yourself or you can simply your needs, you can either define the macro yourself or you can simply
code the appropriate rules directly.</para> code the appropriate rules directly.</para>
<para>The sample also includes: <programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S) <para>The sample also includes: <programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
SSH/ACCEPT loc </programlisting>$FWThat rule allows you to run an SSH/ACCEPT loc $FW </programlisting>That rule allows you to run an
<acronym>SSH</acronym> server on your firewall and connect to that server <acronym>SSH</acronym> server on your firewall and connect to that server
from your local systems.</para> from your local systems.</para>