Add warning about default routes to multi-interface HOWTOs

2009-11-22 09:28:45 -08:00 · 2009-11-22 09:28:45 -08:00 · 617fddf1bd
commit 617fddf1bd
parent d43ba935d1
2 changed files with 12 additions and 2 deletions
--- a/docs/three-interface.xml
+++ b/docs/three-interface.xml
@ -460,6 +460,12 @@ root@lists:~# </programlisting>
      against</emphasis>.</para>
    </caution>

+    <caution>
+      <para><emphasis role="bold">Do not configure a default route on your
+      internal and DMZ interfaces.</emphasis> Your firewall should have
+      exactly one default route via your ISP's Router.</para>
+    </caution>
+
    <para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>

    <para>The Shorewall three-interface sample configuration assumes that the
--- a/docs/two-interface.xml
+++ b/docs/two-interface.xml
@ -418,6 +418,10 @@ root@lists:~# </programlisting>
        for all interfaces connected to the common hub/switch. <emphasis
        role="bold">Using such a setup with a production firewall is strongly
        recommended against</emphasis>.</para>
+      </warning><warning>
+        <para><emphasis role="bold">Do not configure a default route on your
+        internal interface.</emphasis> Your firewall should have exactly one
+        default route via your ISP's Router.</para>
      </warning> <inlinegraphic fileref="images/BD21298_.gif"
    format="GIF" /></para>