forked from extern/shorewall_code
Add mention of arp_ignore where arp_filter is referenced
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3049 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
0d391231d1
commit
37d9e3be57
@ -15,7 +15,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2005-11-01</pubdate>
|
||||
<pubdate>2005-11-22</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2001-2005</year>
|
||||
@ -385,7 +385,8 @@ all all REJECT info</programlisting>
|
||||
or switch except for testing AND you are running Shorewall version 1.4.7
|
||||
or later. When using these recent versions, you can test using this kind
|
||||
of configuration if you specify the <emphasis
|
||||
role="bold">arp_filter</emphasis> option in
|
||||
role="bold">arp_filter</emphasis> option or the <emphasis
|
||||
role="bold">arp_ignore</emphasis> option in
|
||||
<filename>/etc/shorewall/interfaces</filename> for all interfaces
|
||||
connected to the common hub/switch. Using such a setup with a production
|
||||
firewall is strongly recommended against.</para>
|
||||
|
@ -15,7 +15,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2005-11-10</pubdate>
|
||||
<pubdate>2005-11-22</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2002-2005</year>
|
||||
@ -380,11 +380,13 @@ $FW net ACCEPT</programlisting>
|
||||
<caution>
|
||||
<para><emphasis role="bold">Do NOT connect the internal and external
|
||||
interface to the same hub or switch except for testing</emphasis>. You
|
||||
can test using this kind of configuration if you specify the arp_filter
|
||||
option in <filename>/etc/shorewall/interfaces</filename> for all
|
||||
interfaces connected to the common hub/switch. <emphasis
|
||||
role="bold">Using such a setup with a production firewall is strongly
|
||||
recommended against</emphasis>.</para>
|
||||
can test using this kind of configuration if you specify the <emphasis
|
||||
role="bold">arp_filter</emphasis> option or the <emphasis
|
||||
role="bold">arp_ignore</emphasis> option in
|
||||
<filename>/etc/shorewall/interfaces</filename> for all interfaces
|
||||
connected to the common hub/switch. <emphasis role="bold">Using such a
|
||||
setup with a production firewall is strongly recommended
|
||||
against</emphasis>.</para>
|
||||
</caution>
|
||||
|
||||
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
|
||||
|
@ -13,7 +13,7 @@
|
||||
<surname>Eastep</surname>
|
||||
</author>
|
||||
|
||||
<pubdate>2005-09-11</pubdate>
|
||||
<pubdate>2005-11-22</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2001-2005</year>
|
||||
@ -202,7 +202,8 @@ iptables: No chain/target/match by that name
|
||||
requests, this type of setup <emphasis role="bold">does NOT work the
|
||||
way that you expect it to</emphasis>. You can test using this kind of
|
||||
configuration if you specify the <emphasis
|
||||
role="bold">arp_filter</emphasis> option in <filename><ulink
|
||||
role="bold">arp_filter</emphasis> option or the <emphasis
|
||||
role="bold">arp_ignore</emphasis> option in <filename><ulink
|
||||
url="Documentation.htm#Interfaces">/etc/shorewall/interfaces</ulink></filename>
|
||||
for all interfaces connected to the common hub/switch. <emphasis
|
||||
role="bold">Using such a setup with a production firewall is strongly
|
||||
|
@ -340,8 +340,9 @@ $FW net ACCEPT</programlisting> The above policy will:
|
||||
firewall directly to the computer using a cross-over cable). <warning>
|
||||
<para><emphasis role="bold">Do not connect the internal and external
|
||||
interface to the same hub or switch except for testing</emphasis>.You
|
||||
can test using this kind of configuration if you specify the
|
||||
arp_filter option in <filename
|
||||
can test using this kind of configuration if you specify the <emphasis
|
||||
role="bold">arp_filter</emphasis> option or the <emphasis
|
||||
role="bold">arp_ignore</emphasis> option in <filename
|
||||
class="directory">/etc/shorewall/</filename><filename>interfaces</filename>
|
||||
for all interfaces connected to the common hub/switch. <emphasis
|
||||
role="bold">Using such a setup with a production firewall is strongly
|
||||
|
Loading…
Reference in New Issue
Block a user