From 37d9e3be57c7dc4b47ca3732e199f03c4ba6df50 Mon Sep 17 00:00:00 2001 From: teastep Date: Tue, 22 Nov 2005 21:36:26 +0000 Subject: [PATCH] Add mention of arp_ignore where arp_filter is referenced git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3049 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-docs2/shorewall_setup_guide.xml | 5 +++-- Shorewall-docs2/three-interface.xml | 14 ++++++++------ Shorewall-docs2/troubleshoot.xml | 5 +++-- Shorewall-docs2/two-interface.xml | 5 +++-- 4 files changed, 17 insertions(+), 12 deletions(-) diff --git a/Shorewall-docs2/shorewall_setup_guide.xml b/Shorewall-docs2/shorewall_setup_guide.xml index dd9645503..426ed4d6a 100644 --- a/Shorewall-docs2/shorewall_setup_guide.xml +++ b/Shorewall-docs2/shorewall_setup_guide.xml @@ -15,7 +15,7 @@ - 2005-11-01 + 2005-11-22 2001-2005 @@ -385,7 +385,8 @@ all all REJECT info or switch except for testing AND you are running Shorewall version 1.4.7 or later. When using these recent versions, you can test using this kind of configuration if you specify the arp_filter option in + role="bold">arp_filter option or the arp_ignore option in /etc/shorewall/interfaces for all interfaces connected to the common hub/switch. Using such a setup with a production firewall is strongly recommended against. diff --git a/Shorewall-docs2/three-interface.xml b/Shorewall-docs2/three-interface.xml index 6f7021d05..23beb8104 100755 --- a/Shorewall-docs2/three-interface.xml +++ b/Shorewall-docs2/three-interface.xml @@ -15,7 +15,7 @@ - 2005-11-10 + 2005-11-22 2002-2005 @@ -380,11 +380,13 @@ $FW net ACCEPT Do NOT connect the internal and external interface to the same hub or switch except for testing. You - can test using this kind of configuration if you specify the arp_filter - option in /etc/shorewall/interfaces for all - interfaces connected to the common hub/switch. Using such a setup with a production firewall is strongly - recommended against. + can test using this kind of configuration if you specify the arp_filter option or the arp_ignore option in + /etc/shorewall/interfaces for all interfaces + connected to the common hub/switch. Using such a + setup with a production firewall is strongly recommended + against. diff --git a/Shorewall-docs2/troubleshoot.xml b/Shorewall-docs2/troubleshoot.xml index 163a00475..1946bee3a 100644 --- a/Shorewall-docs2/troubleshoot.xml +++ b/Shorewall-docs2/troubleshoot.xml @@ -13,7 +13,7 @@ Eastep - 2005-09-11 + 2005-11-22 2001-2005 @@ -202,7 +202,8 @@ iptables: No chain/target/match by that name requests, this type of setup does NOT work the way that you expect it to. You can test using this kind of configuration if you specify the arp_filter option in arp_filter option or the arp_ignore option in /etc/shorewall/interfaces for all interfaces connected to the common hub/switch. Using such a setup with a production firewall is strongly diff --git a/Shorewall-docs2/two-interface.xml b/Shorewall-docs2/two-interface.xml index 070722a4f..f5df99fe0 100644 --- a/Shorewall-docs2/two-interface.xml +++ b/Shorewall-docs2/two-interface.xml @@ -340,8 +340,9 @@ $FW net ACCEPT The above policy will: firewall directly to the computer using a cross-over cable). Do not connect the internal and external interface to the same hub or switch except for testing.You - can test using this kind of configuration if you specify the - arp_filter option in arp_filter option or the arp_ignore option in /etc/shorewall/interfaces for all interfaces connected to the common hub/switch. Using such a setup with a production firewall is strongly