holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Use new macro paramater syntax in samples

Browse Source
This commit is contained in:
Tom Eastep 2009-08-07 07:25:57 -07:00
parent a069b8817c
commit 51e70ee1e8
6 changed files with 34 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Samples/one-interface/rules
View File

@ -19,7 +19,7 @@
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
Ping/DROP net $FW
Ping(DROP) net $FW
# Permit all ICMP traffic FROM the firewall TO the net zone

24
Samples/three-interfaces/rules
View File

@ -19,33 +19,33 @@
#
# Accept DNS connections from the firewall to the Internet
#
DNS/ACCEPT $FW net
DNS(ACCEPT) $FW net
#
#
# Accept SSH connections from the local network to the firewall and DMZ
#
SSH/ACCEPT loc $FW
SSH/ACCEPT loc dmz
SSH(ACCEPT) loc $FW
SSH(ACCEPT) loc dmz
#
# DMZ DNS access to the Internet
#
DNS/ACCEPT dmz net
DNS(ACCEPT) dmz net
# Drop Ping from the "bad" net zone.
Ping/DROP net $FW
Ping(DROP) net $FW
#
# Make ping work bi-directionally between the dmz, net, Firewall and local zone
# (assumes that the loc-> net policy is ACCEPT).
#
Ping/ACCEPT loc $FW
Ping/ACCEPT dmz $FW
Ping/ACCEPT loc dmz
Ping/ACCEPT dmz loc
Ping/ACCEPT dmz net
Ping(ACCEPT) loc $FW
Ping(ACCEPT) dmz $FW
Ping(ACCEPT) loc dmz
Ping(ACCEPT) dmz loc
Ping(ACCEPT) dmz net
ACCEPT $FW net icmp
ACCEPT $FW loc icmp
@ -54,5 +54,5 @@ ACCEPT $FW dmz icmp
# Uncomment this if using Proxy ARP and static NAT and you want to allow ping from
# the net zone to the dmz and loc
#Ping/ACCEPT net dmz
#Ping/ACCEPT net loc
#Ping(ACCEPT) net dmz
#Ping(ACCEPT) net loc

8
Samples/two-interfaces/rules
View File

@ -19,21 +19,21 @@
#
# Accept DNS connections from the firewall to the network
#
DNS/ACCEPT $FW net
DNS(ACCEPT) $FW net
#
# Accept SSH connections from the local network for administration
#
SSH/ACCEPT loc $FW
SSH(ACCEPT) loc $FW
#
# Allow Ping from the local network
#
Ping/ACCEPT loc $FW
Ping(ACCEPT) loc $FW
#
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
#
Ping/DROP net $FW
Ping(DROP) net $FW
ACCEPT $FW loc icmp
ACCEPT $FW net icmp

2
Samples6/one-interface/rules
View File

@ -16,7 +16,7 @@
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
Ping/DROP net $FW
Ping(DROP) net $FW
# Permit all ICMP traffic FROM the firewall TO the net zone

24
Samples6/three-interfaces/rules
View File

@ -16,33 +16,33 @@
#
# Accept DNS connections from the firewall to the Internet
#
DNS/ACCEPT $FW net
DNS(ACCEPT) $FW net
#
#
# Accept SSH connections from the local network to the firewall and DMZ
#
SSH/ACCEPT loc $FW
SSH/ACCEPT loc dmz
SSH(ACCEPT) loc $FW
SSH(ACCEPT) loc dmz
#
# DMZ DNS access to the Internet
#
DNS/ACCEPT dmz net
DNS(ACCEPT) dmz net
# Drop Ping from the "bad" net zone.
Ping/DROP net $FW
Ping(DROP) net $FW
#
# Make ping work bi-directionally between the dmz, net, Firewall and local zone
# (assumes that the loc-> net policy is ACCEPT).
#
Ping/ACCEPT loc $FW
Ping/ACCEPT dmz $FW
Ping/ACCEPT loc dmz
Ping/ACCEPT dmz loc
Ping/ACCEPT dmz net
Ping(ACCEPT) loc $FW
Ping(ACCEPT) dmz $FW
Ping(ACCEPT) loc dmz
Ping(ACCEPT) dmz loc
Ping(ACCEPT) dmz net
ACCEPT $FW net ipv6-icmp
ACCEPT $FW loc ipv6-icmp
@ -51,6 +51,6 @@ ACCEPT $FW dmz ipv6-icmp
# Uncomment this if using Proxy ARP and static NAT and you want to allow ping from
# the net zone to the dmz and loc
#Ping/ACCEPT net dmz
#Ping/ACCEPT net loc
#Ping(ACCEPT) net dmz
#Ping(ACCEPT) net loc

8
Samples6/two-interfaces/rules
View File

@ -16,21 +16,21 @@
#
# Accept DNS connections from the firewall to the network
#
DNS/ACCEPT $FW net
DNS(ACCEPT) $FW net
#
# Accept SSH connections from the local network for administration
#
SSH/ACCEPT loc $FW
SSH(ACCEPT) loc $FW
#
# Allow Ping from the local network
#
Ping/ACCEPT loc $FW
Ping(ACCEPT) loc $FW
#
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
#
Ping/DROP net $FW
Ping(DROP) net $FW
ACCEPT $FW loc ipv6-icmp
ACCEPT $FW net ipv6-icmp