diff --git a/Shorewall/manpages/shorewall-interfaces.xml b/Shorewall/manpages/shorewall-interfaces.xml
index a7802ce62..2b0237d42 100644
--- a/Shorewall/manpages/shorewall-interfaces.xml
+++ b/Shorewall/manpages/shorewall-interfaces.xml
@@ -27,6 +27,34 @@
interfaces to Shorewall. The order of entries in this file is not
significant in determining zone composition.
+ Beginning with Shorewall 4.5.3, the interfaces file supports two
+ different formats:
+
+
+
+ FORMAT 1 (default - deprecated)
+
+
+ There is a BROADCAST column which can be used to specify the
+ broadcast address associated with the interface.
+
+
+
+
+ FORMAT 2
+
+
+ The BROADCAST column is omitted.
+
+
+
+
+ The format is specified by a line as follows:
+
+
+ FORMAT {1|2}
+
+
The columns in the file are as follows.
@@ -128,6 +156,8 @@ loc eth2 -
role="bold">detect|address[,address]...}
+ Only available if FORMAT 1.
+
If you use the special value detect, Shorewall will detect the broadcast
address(es) for you if your iptables and kernel include Address Type
@@ -172,7 +202,7 @@ loc eth2 -
changed; the value assigned to the setting will be the value
specified (if any) or 1 if no value is given.
-
+
This option does not work with a wild-card
@@ -206,7 +236,7 @@ loc eth2 -
8 - do not reply for all local addresses
-
+
This option does not work with a wild-card
@@ -214,7 +244,7 @@ loc eth2 -
the INTERFACE column.
-
+
Do not specify
1
teastep@lists:~$
-
+
This option does not work with a wild-card
@@ -629,7 +659,7 @@ loc eth2 -
changed; the value assigned to the setting will be the value
specified (if any) or 1 if no value is given.
-
+
This option does not work with a wild-card
@@ -705,11 +735,14 @@ loc eth2 -
connected to your local network and that your local subnet is
192.168.1.0/24. The interface gets its IP address via DHCP from
subnet 206.191.149.192/27. You have a DMZ with subnet 192.168.2.0/24
- using eth2.
+ using eth2. Your iptables and/or kernel do not support "Address Type
+ Match" and you prefer to specify broadcast addresses explicitly
+ rather than having Shorewall detect them.
Your entries for this setup would look like:
- #ZONE INTERFACE BROADCAST OPTIONS
+ FORMAT 1
+#ZONE INTERFACE BROADCAST OPTIONS
net eth0 206.191.149.223 dhcp
loc eth1 192.168.1.255
dmz eth2 192.168.2.255
@@ -723,10 +756,11 @@ dmz eth2 192.168.2.255
The same configuration without specifying broadcast addresses
is:
- #ZONE INTERFACE BROADCAST OPTIONS
-net eth0 detect dhcp
-loc eth1 detect
-dmz eth2 detect
+ FORMAT 2
+#ZONE INTERFACE OPTIONS
+net eth0 dhcp
+loc eth1
+dmz eth2
@@ -737,7 +771,8 @@ dmz eth2 detect
You have a simple dial-in system with no ethernet
connections.
- #ZONE INTERFACE BROADCAST OPTIONS
+ FORMAT 2
+#ZONE INTERFACE OPTIONS
net ppp0 -
@@ -749,8 +784,9 @@ net ppp0 -
You have a bridge with no IP address and you want to allow
traffic through the bridge.
- #ZONE INTERFACE BROADCAST OPTIONS
-- br0 - routeback
+ FORMAT 2
+#ZONE INTERFACE OPTIONS
+- br0 routeback
@@ -772,10 +808,9 @@ net ppp0 -
shorewall-blacklist(5), shorewall-hosts(5), shorewall-maclist(5),
shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5),
shorewall-params(5), shorewall-policy(5), shorewall-providers(5),
- shorewall-proxyarp(5), shorewall-rtrules(5),
- shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
- shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
- shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
- shorewall-zones(5)
+ shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5),
+ shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5),
+ shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
+ shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)
diff --git a/Shorewall6/manpages/shorewall6-interfaces.xml b/Shorewall6/manpages/shorewall6-interfaces.xml
index 526a31295..4ebe35b85 100644
--- a/Shorewall6/manpages/shorewall6-interfaces.xml
+++ b/Shorewall6/manpages/shorewall6-interfaces.xml
@@ -27,6 +27,34 @@
interfaces to shorewall6. The order of entries in this file is not
significant in determining zone composition.
+ Beginning with Shorewall 4.5.3, the interfaces file supports two
+ different formats:
+
+
+
+ FORMAT 1 (default - deprecated)
+
+
+ There is a ANYCAST column which provides compatibility with
+ older versions of Shorewall..
+
+
+
+
+ FORMAT 2
+
+
+ The BROADCAST column is omitted.
+
+
+
+
+ The format is specified by a line as follows:
+
+
+ FORMAT {1|2}
+
+
The columns in the file are as follows.
@@ -101,7 +129,8 @@ loc eth2 -
Enter '-' in this column. It
- is here for compatibility between Shorewall6 and Shorewall.
+ is here for compatibility between Shorewall6 and Shorewall and is
+ omitted if FORMAT is 2.
@@ -438,7 +467,8 @@ loc eth2 -
Your entries for this setup would look like:
- #ZONE INTERFACE UNICAST OPTIONS
+ FORMAT 2
+#ZONE INTERFACE OPTIONS
net eth0 -
loc eth1 -
dmz eth2 -
@@ -452,8 +482,9 @@ dmz eth2 -
You have a bridge with no IP address and you want to allow
traffic through the bridge.
- #ZONE INTERFACE BROADCAST OPTIONS
-- br0 - routeback
+ FORMAT 2
+#ZONE INTERFACE OPTIONS
+- br0 routeback