forked from extern/shorewall_code
One more checkin. Cleaned up the format.
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@904 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
pauls
parent
14fd1d7d1e
commit
557de48243
@ -63,7 +63,6 @@
|
|||||||
The basic approach will be that we will place the operations staff's class C in its own zone called ops. Here are the appropriate configuration files:
|
The basic approach will be that we will place the operations staff's class C in its own zone called ops. Here are the appropriate configuration files:
|
||||||
</para>
|
</para>
|
||||||
<!-- Zone File -->
|
<!-- Zone File -->
|
||||||
|
|
||||||
<bridgehead renderas="sect4">Zone File</bridgehead>
|
<bridgehead renderas="sect4">Zone File</bridgehead>
|
||||||
<informaltable colsep="1" pgwide="0">
|
<informaltable colsep="1" pgwide="0">
|
||||||
<tgroup cols="3" align="left">
|
<tgroup cols="3" align="left">
|
||||||
@ -111,9 +110,7 @@
|
|||||||
file -- since <literal>ops</literal> is a sub-zone of <literal>loc</literal>, we list it <emphasis>BEFORE</emphasis>
|
file -- since <literal>ops</literal> is a sub-zone of <literal>loc</literal>, we list it <emphasis>BEFORE</emphasis>
|
||||||
<literal>loc</literal>.
|
<literal>loc</literal>.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<!-- Interfaces File -->
|
<!-- Interfaces File -->
|
||||||
|
|
||||||
<bridgehead renderas="sect4">Interfaces File</bridgehead>
|
<bridgehead renderas="sect4">Interfaces File</bridgehead>
|
||||||
<informaltable colsep="1" pgwide="0">
|
<informaltable colsep="1" pgwide="0">
|
||||||
<tgroup cols="4" align="left">
|
<tgroup cols="4" align="left">
|
||||||
@ -164,9 +161,7 @@
|
|||||||
<para>
|
<para>
|
||||||
Because <literal>eth2</literal> interfaces to two zones (<literal>ops</literal> and <literal>loc</literal>), we don't specify a zone for it here.
|
Because <literal>eth2</literal> interfaces to two zones (<literal>ops</literal> and <literal>loc</literal>), we don't specify a zone for it here.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<!-- Hosts File -->
|
<!-- Hosts File -->
|
||||||
|
|
||||||
<bridgehead renderas="sect4">Hosts File</bridgehead>
|
<bridgehead renderas="sect4">Hosts File</bridgehead>
|
||||||
<informaltable colsep="1" pgwide="0">
|
<informaltable colsep="1" pgwide="0">
|
||||||
<tgroup cols="3" align="left">
|
<tgroup cols="3" align="left">
|
||||||
@ -202,9 +197,7 @@
|
|||||||
<para>
|
<para>
|
||||||
Here we define the <literal>ops</literal> and <literal>loc</literal> zones. When Shorewall is stopped, only the hosts in the <literal>ops</literal> zone will be allowed to access the firewall and the <acronym>DMZ</acronym>. I use <literal>0.0.0.0/0</literal> to define the <literal>loc</literal> zone rather than <literal>10.10.0.0/16</literal> so that the limited broadcast address (<literal>255.255.255.255</literal>) falls into that zone. If I used <literal>10.10.0.0/16</literal> then I would have to have a separate entry for that special address.
|
Here we define the <literal>ops</literal> and <literal>loc</literal> zones. When Shorewall is stopped, only the hosts in the <literal>ops</literal> zone will be allowed to access the firewall and the <acronym>DMZ</acronym>. I use <literal>0.0.0.0/0</literal> to define the <literal>loc</literal> zone rather than <literal>10.10.0.0/16</literal> so that the limited broadcast address (<literal>255.255.255.255</literal>) falls into that zone. If I used <literal>10.10.0.0/16</literal> then I would have to have a separate entry for that special address.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<!-- Policy File -->
|
<!-- Policy File -->
|
||||||
|
|
||||||
<bridgehead renderas="sect4">Policy File</bridgehead>
|
<bridgehead renderas="sect4">Policy File</bridgehead>
|
||||||
<informaltable colsep="1" pgwide="0">
|
<informaltable colsep="1" pgwide="0">
|
||||||
<tgroup align="left" cols="5">
|
<tgroup align="left" cols="5">
|
||||||
@ -309,9 +302,7 @@
|
|||||||
<para>
|
<para>
|
||||||
Two entries for <literal>ops</literal> (in bold) have been added to the standard 3-zone policy file.
|
Two entries for <literal>ops</literal> (in bold) have been added to the standard 3-zone policy file.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<!-- Rules File -->
|
<!-- Rules File -->
|
||||||
|
|
||||||
<bridgehead renderas="sect4">Rules File</bridgehead>
|
<bridgehead renderas="sect4">Rules File</bridgehead>
|
||||||
<informaltable colsep="1" pgwide="0">
|
<informaltable colsep="1" pgwide="0">
|
||||||
<tgroup align="left" cols="7">
|
<tgroup align="left" cols="7">
|
||||||
@ -363,9 +354,7 @@
|
|||||||
<para>
|
<para>
|
||||||
This is the rule that transparently redirects web traffic to the transparent proxy running on the firewall. The <emphasis role="bold">SOURCE</emphasis> column explicitly excludes the <literal>ops</literal> zone from the rule.
|
This is the rule that transparently redirects web traffic to the transparent proxy running on the firewall. The <emphasis role="bold">SOURCE</emphasis> column explicitly excludes the <literal>ops</literal> zone from the rule.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<!-- Routestopped File -->
|
<!-- Routestopped File -->
|
||||||
|
|
||||||
<bridgehead renderas="sect4">Routestopped File</bridgehead>
|
<bridgehead renderas="sect4">Routestopped File</bridgehead>
|
||||||
<informaltable colsep="1" pgwide="0">
|
<informaltable colsep="1" pgwide="0">
|
||||||
<tgroup align="left" cols="2">
|
<tgroup align="left" cols="2">
|
||||||
@ -393,5 +382,4 @@
|
|||||||
</tbody>
|
</tbody>
|
||||||
</tgroup>
|
</tgroup>
|
||||||
</informaltable>
|
</informaltable>
|
||||||
|
|
||||||
</article>
|
</article>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user