diff --git a/docs/FAQ.xml b/docs/FAQ.xml index 9f66355ef..9ff01b118 100644 --- a/docs/FAQ.xml +++ b/docs/FAQ.xml @@ -499,7 +499,7 @@ loc eth1 detect routeback In /etc/shorewall/masq: - #INTERFACE SUBNET ADDRESS PROTO PORT(S) + #INTERFACE SOURCE ADDRESS PROTO PORT(S) eth1:192.168.1.5 eth1 192.168.1.254 tcp www @@ -589,7 +589,7 @@ dmz eth2 192.168.2.255 routeback In /etc/shorewall/masq: - #INTERFACE SUBNETS ADDRESS + #INTERFACE SOURCE ADDRESS eth2 eth2 192.168.2.254 Like the silly hack in FAQ 2 above, this will make all @@ -2190,7 +2190,7 @@ ACCEPT loc modem tcp 80 /etc/shorewall/masq: - #INTERFACE SUBNET ADDRESS + #INTERFACE SOURCE ADDRESS eth0 eth1 # eth1 = interface to local network For an example of this when the ADSL/Cable modem is bridged, see diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml index 98c5e9822..805e54ef7 100644 --- a/docs/configuration_file_basics.xml +++ b/docs/configuration_file_basics.xml @@ -383,45 +383,45 @@ smtp,www,pop3,imap #Services running on the firewall shorewall/params.mgmt: -   MGMT_SERVERS=1.1.1.1,2.2.2.2,3.3.3.3 -    TIME_SERVERS=4.4.4.4 -    BACKUP_SERVERS=5.5.5.5 +   MGMT_SERVERS=1.1.1.1,2.2.2.2,3.3.3.3 +    TIME_SERVERS=4.4.4.4 +    BACKUP_SERVERS=5.5.5.5 -   ----- end params.mgmt ----- +   ----- end params.mgmt ----- -   shorewall/params: +   shorewall/params: -   # Shorewall 1.3 /etc/shorewall/params -    [..] -    ####################################### -   -    INCLUDE params.mgmt    -   -    # params unique to this host here -    #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE +   # Shorewall 1.3 /etc/shorewall/params +    [..] +    ####################################### +   +    INCLUDE params.mgmt    +   +    # params unique to this host here +    #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE -   ----- end params ----- +   ----- end params ----- -   shorewall/rules.mgmt: +   shorewall/rules.mgmt: -   ACCEPT net:$MGMT_SERVERS   $FW    tcp    22 -    ACCEPT $FW          net:$TIME_SERVERS    udp    123 -    ACCEPT $FW          net:$BACKUP_SERVERS  tcp    22 +   ACCEPT net:$MGMT_SERVERS   $FW    tcp    22 +    ACCEPT $FW          net:$TIME_SERVERS    udp    123 +    ACCEPT $FW          net:$BACKUP_SERVERS  tcp    22 -   ----- end rules.mgmt ----- +   ----- end rules.mgmt ----- -   shorewall/rules: +   shorewall/rules: -   # Shorewall version 1.3 - Rules File -    [..] -    ####################################### -   -    INCLUDE rules.mgmt     -   -    # rules unique to this host here -    #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE +   # Shorewall version 1.3 - Rules File +    [..] +    ####################################### +   +    INCLUDE rules.mgmt     +   +    # rules unique to this host here +    #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE -   ----- end rules ----- +   ----- end rules ----- @@ -630,7 +630,7 @@ use Shorewall::Config qw/shorewall/; Must not have any embedded white space. Valid: routefilter,dhcp,norfc1918 - Invalid: routefilter,     dhcp,     norfc1818 + Invalid: routefilter,     dhcp,     norfc1818 @@ -803,17 +803,17 @@ DNAT net loc:192.168.1.3 tcp 4000:4100 Example:
-     /etc/shorewall/params +     /etc/shorewall/params NET_IF=eth0 NET_BCAST=130.252.100.255 NET_OPTIONS=routefilter,norfc1918 -    /etc/shorewall/interfaces record: +    /etc/shorewall/interfaces record: net $NET_IF $NET_BCAST $NET_OPTIONS -    The result will be the same as if the record had been written +    The result will be the same as if the record had been written net eth0 130.252.100.255 routefilter,norfc1918 @@ -877,6 +877,21 @@ DNAT net loc:192.168.1.3 tcp 4000:4100 extension script. + + When expanding a variable, the acceptable forms of expansion depend + on whether you are using Shorewall-shell or Shorewall-perl. + + + + Shorewall-shell and all Shoreawll versions prior to 4.0 can use + any form of expansion supported by the shell ($VAR, ${VAR}, + ${VAR:=val}, ...). + + + + Shorewall-perl only supports the $VAR and ${VAR} forms. + +
@@ -899,16 +914,15 @@ DNAT net loc:192.168.1.3 tcp 4000:4100 MAC Address of an Ethernet Controller -      [root@gateway root]# ifconfig eth0 -      eth0 Link encap:Ethernet HWaddr 02:00:08:E3:FA:55 -      inet addr:206.124.146.176 Bcast:206.124.146.255 Mask:255.255.255.0 -      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 -      RX packets:2398102 errors:0 dropped:0 overruns:0 frame:0 -      TX packets:3044698 errors:0 dropped:0 overruns:0 carrier:0 -      collisions:30394 txqueuelen:100 -      RX bytes:419871805 (400.4 Mb) TX bytes:1659782221 (1582.8 Mb) -      Interrupt:11 Base address:0x1800 +      [root@gateway root]# ifconfig eth0 +      eth0 Link encap:Ethernet HWaddr 02:00:08:E3:FA:55 +      inet addr:206.124.146.176 Bcast:206.124.146.255 Mask:255.255.255.0 +      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 +      RX packets:2398102 errors:0 dropped:0 overruns:0 frame:0 +      TX packets:3044698 errors:0 dropped:0 overruns:0 carrier:0 +      collisions:30394 txqueuelen:100 +      RX bytes:419871805 (400.4 Mb) TX bytes:1659782221 (1582.8 Mb) +      Interrupt:11 Base address:0x1800