holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Add mention of arp_ignore where arp_filter is referenced

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3049 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-11-22 21:36:26 +00:00
parent 0d391231d1
commit 37d9e3be57
4 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Shorewall-docs2/shorewall_setup_guide.xml
View File

@ -15,7 +15,7 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2005-11-01</pubdate> <pubdate>2005-11-22</pubdate>
<copyright> <copyright>
<year>2001-2005</year> <year>2001-2005</year>
@ -385,7 +385,8 @@ all all REJECT info</programlisting>
or switch except for testing AND you are running Shorewall version 1.4.7 or switch except for testing AND you are running Shorewall version 1.4.7
or later. When using these recent versions, you can test using this kind or later. When using these recent versions, you can test using this kind
of configuration if you specify the <emphasis of configuration if you specify the <emphasis
role="bold">arp_filter</emphasis> option in role="bold">arp_filter</emphasis> option or the <emphasis
role="bold">arp_ignore</emphasis> option in
<filename>/etc/shorewall/interfaces</filename> for all interfaces <filename>/etc/shorewall/interfaces</filename> for all interfaces
connected to the common hub/switch. Using such a setup with a production connected to the common hub/switch. Using such a setup with a production
firewall is strongly recommended against.</para> firewall is strongly recommended against.</para>

14
Shorewall-docs2/three-interface.xml
View File

@ -15,7 +15,7 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2005-11-10</pubdate> <pubdate>2005-11-22</pubdate>
<copyright> <copyright>
<year>2002-2005</year> <year>2002-2005</year>
@ -380,11 +380,13 @@ $FW net ACCEPT</programlisting>
<caution> <caution>
<para><emphasis role="bold">Do NOT connect the internal and external <para><emphasis role="bold">Do NOT connect the internal and external
interface to the same hub or switch except for testing</emphasis>. You interface to the same hub or switch except for testing</emphasis>. You
can test using this kind of configuration if you specify the arp_filter can test using this kind of configuration if you specify the <emphasis
option in <filename>/etc/shorewall/interfaces</filename> for all role="bold">arp_filter</emphasis> option or the <emphasis
interfaces connected to the common hub/switch. <emphasis role="bold">arp_ignore</emphasis> option in
role="bold">Using such a setup with a production firewall is strongly <filename>/etc/shorewall/interfaces</filename> for all interfaces
recommended against</emphasis>.</para> connected to the common hub/switch. <emphasis role="bold">Using such a
setup with a production firewall is strongly recommended
against</emphasis>.</para>
</caution> </caution>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para> <para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>

5
Shorewall-docs2/troubleshoot.xml
View File

@ -13,7 +13,7 @@
<surname>Eastep</surname> <surname>Eastep</surname>
</author> </author>
<pubdate>2005-09-11</pubdate> <pubdate>2005-11-22</pubdate>
<copyright> <copyright>
<year>2001-2005</year> <year>2001-2005</year>
@ -202,7 +202,8 @@ iptables: No chain/target/match by that name
requests, this type of setup <emphasis role="bold">does NOT work the requests, this type of setup <emphasis role="bold">does NOT work the
way that you expect it to</emphasis>. You can test using this kind of way that you expect it to</emphasis>. You can test using this kind of
configuration if you specify the <emphasis configuration if you specify the <emphasis
role="bold">arp_filter</emphasis> option in <filename><ulink role="bold">arp_filter</emphasis> option or the <emphasis
role="bold">arp_ignore</emphasis> option in <filename><ulink
url="Documentation.htm#Interfaces">/etc/shorewall/interfaces</ulink></filename> url="Documentation.htm#Interfaces">/etc/shorewall/interfaces</ulink></filename>
for all interfaces connected to the common hub/switch. <emphasis for all interfaces connected to the common hub/switch. <emphasis
role="bold">Using such a setup with a production firewall is strongly role="bold">Using such a setup with a production firewall is strongly

5
Shorewall-docs2/two-interface.xml
View File

@ -340,8 +340,9 @@ $FW net ACCEPT</programlisting> The above policy will:
firewall directly to the computer using a cross-over cable). <warning> firewall directly to the computer using a cross-over cable). <warning>
<para><emphasis role="bold">Do not connect the internal and external <para><emphasis role="bold">Do not connect the internal and external
interface to the same hub or switch except for testing</emphasis>.You interface to the same hub or switch except for testing</emphasis>.You
can test using this kind of configuration if you specify the can test using this kind of configuration if you specify the <emphasis
arp_filter option in <filename role="bold">arp_filter</emphasis> option or the <emphasis
role="bold">arp_ignore</emphasis> option in <filename
class="directory">/etc/shorewall/</filename><filename>interfaces</filename> class="directory">/etc/shorewall/</filename><filename>interfaces</filename>
for all interfaces connected to the common hub/switch. <emphasis for all interfaces connected to the common hub/switch. <emphasis
role="bold">Using such a setup with a production firewall is strongly role="bold">Using such a setup with a production firewall is strongly