diff --git a/Shorewall-docs/myfiles.xml b/Shorewall-docs/myfiles.xml index 9d348a4de..707623d74 100644 --- a/Shorewall-docs/myfiles.xml +++ b/Shorewall-docs/myfiles.xml @@ -51,7 +51,7 @@ I have DSL service and have 5 static IP addresses - (206.124.146.176-180). My DSL "modem" (Fujitsu Speedport) is + (206.124.146.176-180). My DSL modem (Fujitsu Speedport) is connected to eth0. I have a local network connected to eth2 (subnet 192.168.1.0/24), a DMZ connected to eth1 (192.168.2.0/24) and a Wireless network connected to eth3 (192.168.3.0/24). @@ -91,15 +91,15 @@ Wookie and the Firewall both run Samba and the Firewall acts as a WINS server. - Wookie is in its own 'whitelist' zone called 'me' - which is embedded in the local zone. + Wookie is in its own whitelist zone called + me which is embedded in the local zone. The wireless network connects to eth3 via a LinkSys WAP11.  In additional to using the rather weak WEP 40-bit encryption (64-bit with the 24-bit preamble), I use MAC verification. This is still a weak combination and if I lived near - a wireless "hot spot", I would probably add IPSEC or something - similar to my WiFi->local connections. + a wireless hot spot, I would probably add IPSEC or + something similar to my WiFi->local connections. The single system in the DMZ (address 206.124.146.177) runs postfix, Courier IMAP (imaps and pop3), DNS, a Web server (Apache) and an FTP @@ -198,7 +198,7 @@ tx Texas Peer Network in Dallas
This is set up so that I can start the firewall before bringing - up my Ethernet interfaces. + up my Ethernet interfaces. #ZONE INERFACE BROADCAST OPTIONS net eth0 206.124.146.255 dhcp,norfc1918,routefilter,blacklist,tcpflags @@ -580,8 +580,8 @@ gre net $TEXAS
I prefer to allow SYN, FIN and RST packets unconditionally - rather than just on 'newnotsyn' interfaces as is the case with - the standard Shorewall ruleset. This file deletes the + rather than just on newnotsyn interfaces as is the case + with the standard Shorewall ruleset. This file deletes the Shorewall-generated rules for these packets and creates my own. #!/bin/sh @@ -603,8 +603,8 @@ run_iptables -A newnotsyn -p tcp --tcp-flags FIN FIN -j ACCEPT
This file is Redhat specific and adds a route to my DMZ server - when eth1 is brought up. It allows me to enter "Yes" in the - HAVEROUTE column of my Proxy ARP file. + when eth1 is brought up. It allows me to enter Yes in + the HAVEROUTE column of my Proxy ARP file. #!/bin/sh