holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Use new macro paramater syntax in samples

Browse Source
This commit is contained in:
Tom Eastep 2009-08-07 07:25:57 -07:00
parent a069b8817c
commit 51e70ee1e8
6 changed files with 34 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Samples/one-interface/rules
View File

@ -19,7 +19,7 @@
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded.. # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
Ping/DROP net $FW Ping(DROP) net $FW
# Permit all ICMP traffic FROM the firewall TO the net zone # Permit all ICMP traffic FROM the firewall TO the net zone

24
Samples/three-interfaces/rules
View File

@ -19,33 +19,33 @@
# #
# Accept DNS connections from the firewall to the Internet # Accept DNS connections from the firewall to the Internet
# #
DNS/ACCEPT $FW net DNS(ACCEPT) $FW net
# #
# #
# Accept SSH connections from the local network to the firewall and DMZ # Accept SSH connections from the local network to the firewall and DMZ
# #
SSH/ACCEPT loc $FW SSH(ACCEPT) loc $FW
SSH/ACCEPT loc dmz SSH(ACCEPT) loc dmz
# #
# DMZ DNS access to the Internet # DMZ DNS access to the Internet
# #
DNS/ACCEPT dmz net DNS(ACCEPT) dmz net
# Drop Ping from the "bad" net zone. # Drop Ping from the "bad" net zone.
Ping/DROP net $FW Ping(DROP) net $FW
# #
# Make ping work bi-directionally between the dmz, net, Firewall and local zone # Make ping work bi-directionally between the dmz, net, Firewall and local zone
# (assumes that the loc-> net policy is ACCEPT). # (assumes that the loc-> net policy is ACCEPT).
# #
Ping/ACCEPT loc $FW Ping(ACCEPT) loc $FW
Ping/ACCEPT dmz $FW Ping(ACCEPT) dmz $FW
Ping/ACCEPT loc dmz Ping(ACCEPT) loc dmz
Ping/ACCEPT dmz loc Ping(ACCEPT) dmz loc
Ping/ACCEPT dmz net Ping(ACCEPT) dmz net
ACCEPT $FW net icmp ACCEPT $FW net icmp
ACCEPT $FW loc icmp ACCEPT $FW loc icmp
@ -54,5 +54,5 @@ ACCEPT $FW dmz icmp
# Uncomment this if using Proxy ARP and static NAT and you want to allow ping from # Uncomment this if using Proxy ARP and static NAT and you want to allow ping from
# the net zone to the dmz and loc # the net zone to the dmz and loc
#Ping/ACCEPT net dmz #Ping(ACCEPT) net dmz
#Ping/ACCEPT net loc #Ping(ACCEPT) net loc

8
Samples/two-interfaces/rules
View File

@ -19,21 +19,21 @@
# #
# Accept DNS connections from the firewall to the network # Accept DNS connections from the firewall to the network
# #
DNS/ACCEPT $FW net DNS(ACCEPT) $FW net
# #
# Accept SSH connections from the local network for administration # Accept SSH connections from the local network for administration
# #
SSH/ACCEPT loc $FW SSH(ACCEPT) loc $FW
# #
# Allow Ping from the local network # Allow Ping from the local network
# #
Ping/ACCEPT loc $FW Ping(ACCEPT) loc $FW
# #
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded.. # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
# #
Ping/DROP net $FW Ping(DROP) net $FW
ACCEPT $FW loc icmp ACCEPT $FW loc icmp
ACCEPT $FW net icmp ACCEPT $FW net icmp

2
Samples6/one-interface/rules
View File

@ -16,7 +16,7 @@
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded.. # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
Ping/DROP net $FW Ping(DROP) net $FW
# Permit all ICMP traffic FROM the firewall TO the net zone # Permit all ICMP traffic FROM the firewall TO the net zone

24
Samples6/three-interfaces/rules
View File

@ -16,33 +16,33 @@
# #
# Accept DNS connections from the firewall to the Internet # Accept DNS connections from the firewall to the Internet
# #
DNS/ACCEPT $FW net DNS(ACCEPT) $FW net
# #
# #
# Accept SSH connections from the local network to the firewall and DMZ # Accept SSH connections from the local network to the firewall and DMZ
# #
SSH/ACCEPT loc $FW SSH(ACCEPT) loc $FW
SSH/ACCEPT loc dmz SSH(ACCEPT) loc dmz
# #
# DMZ DNS access to the Internet # DMZ DNS access to the Internet
# #
DNS/ACCEPT dmz net DNS(ACCEPT) dmz net
# Drop Ping from the "bad" net zone. # Drop Ping from the "bad" net zone.
Ping/DROP net $FW Ping(DROP) net $FW
# #
# Make ping work bi-directionally between the dmz, net, Firewall and local zone # Make ping work bi-directionally between the dmz, net, Firewall and local zone
# (assumes that the loc-> net policy is ACCEPT). # (assumes that the loc-> net policy is ACCEPT).
# #
Ping/ACCEPT loc $FW Ping(ACCEPT) loc $FW
Ping/ACCEPT dmz $FW Ping(ACCEPT) dmz $FW
Ping/ACCEPT loc dmz Ping(ACCEPT) loc dmz
Ping/ACCEPT dmz loc Ping(ACCEPT) dmz loc
Ping/ACCEPT dmz net Ping(ACCEPT) dmz net
ACCEPT $FW net ipv6-icmp ACCEPT $FW net ipv6-icmp
ACCEPT $FW loc ipv6-icmp ACCEPT $FW loc ipv6-icmp
@ -51,6 +51,6 @@ ACCEPT $FW dmz ipv6-icmp
# Uncomment this if using Proxy ARP and static NAT and you want to allow ping from # Uncomment this if using Proxy ARP and static NAT and you want to allow ping from
# the net zone to the dmz and loc # the net zone to the dmz and loc
#Ping/ACCEPT net dmz #Ping(ACCEPT) net dmz
#Ping/ACCEPT net loc #Ping(ACCEPT) net loc

8
Samples6/two-interfaces/rules
View File

@ -16,21 +16,21 @@
# #
# Accept DNS connections from the firewall to the network # Accept DNS connections from the firewall to the network
# #
DNS/ACCEPT $FW net DNS(ACCEPT) $FW net
# #
# Accept SSH connections from the local network for administration # Accept SSH connections from the local network for administration
# #
SSH/ACCEPT loc $FW SSH(ACCEPT) loc $FW
# #
# Allow Ping from the local network # Allow Ping from the local network
# #
Ping/ACCEPT loc $FW Ping(ACCEPT) loc $FW
# #
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded.. # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
# #
Ping/DROP net $FW Ping(DROP) net $FW
ACCEPT $FW loc ipv6-icmp ACCEPT $FW loc ipv6-icmp
ACCEPT $FW net ipv6-icmp ACCEPT $FW net ipv6-icmp