forked from extern/shorewall_code
Missed a few files on the 2.4 branch copy
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2265 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
paulgear
parent
2a19eb8a5a
commit
9b865953a3
76
Shorewall/providers
Executable file
76
Shorewall/providers
Executable file
@ -0,0 +1,76 @@
|
||||
##############################################################################
|
||||
#
|
||||
# Shorewall 2.4 -- Internet Service Providers
|
||||
#
|
||||
# /etc/shorewall/providers
|
||||
#
|
||||
# This file is used to define additional routing tables. You will
|
||||
# want to define an additional table if:
|
||||
#
|
||||
# - You have connections to more than one ISP or multiple connections
|
||||
# to the same ISP
|
||||
#
|
||||
# - You run Squid as a transparent proxy on a host other than the
|
||||
# firewall.
|
||||
#
|
||||
# To omit a column, enter "-".
|
||||
#
|
||||
# Columns must be separated by white space and are:
|
||||
#
|
||||
# NAME The provider name.
|
||||
#
|
||||
# NUMBER The provider number -- a number between 1 and 15
|
||||
#
|
||||
# MARK A FWMARK value used in your /etc/shorewall/tcrules
|
||||
# file to direct packets to this provider.
|
||||
#
|
||||
# DUPLICATE The name of an existing table to duplicate. May be
|
||||
# 'main' or the name of a previous provider.
|
||||
#
|
||||
# INTERFACE The name of the network interface to the provider.
|
||||
# Must be listed in /etc/shorewall/interfaces.
|
||||
#
|
||||
# GATEWAY The IP address of the provider's gateway router.
|
||||
#
|
||||
# You can enter "detect" here and Shorewall will
|
||||
# attempt to detect the gateway automatically.
|
||||
#
|
||||
# OPTIONS A comma-separated list selected from the following:
|
||||
#
|
||||
# track If specified, connections FROM this interface are
|
||||
# to be tracked so that responses may be routed back
|
||||
# out this same interface.
|
||||
#
|
||||
# You want specify 'track' if internet hosts will be
|
||||
# connecting to local servers through this provider.
|
||||
#
|
||||
# balance The providers that have 'default' specified will
|
||||
# get outbound traffic load-balanced among them. By
|
||||
# default, all interfaces with 'balance' specified
|
||||
# will have the same weight (1). You can change the
|
||||
# weight of an interface by specifiying balance=<weight>
|
||||
# where <weight> is the weight of the route out of
|
||||
# this interface.
|
||||
#
|
||||
# Example: You run squid in your DMZ on IP address 192.168.2.99. Your DMZ
|
||||
# interface is eth2
|
||||
#
|
||||
# #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS
|
||||
# Squid 1 1 - eth2 192.168.2.99 -
|
||||
#
|
||||
# Example:
|
||||
#
|
||||
# eth0 connects to ISP 1. The IP address of eth0 is 206.124.146.176 and
|
||||
# the ISP's gateway router has IP address 206.124.146.254.
|
||||
#
|
||||
# eth1 connects to ISP 2. The IP address of eth1 is 130.252.99.27 and the
|
||||
# ISP's gateway router has IP address 130.252.99.254.
|
||||
#
|
||||
# #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS
|
||||
# ISP1 1 1 main eth0 206.124.146.254 track,balance
|
||||
# ISP2 2 2 main eth1 130.252.99.254 track,balance
|
||||
#
|
||||
# For additional information, see http://shorewall.net/Shorewall_and_Routing.html
|
||||
##############################################################################
|
||||
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS
|
||||
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
|
||||
94
Shorewall/routes
Executable file
94
Shorewall/routes
Executable file
@ -0,0 +1,94 @@
|
||||
#
|
||||
# Shorewall version 2.4 - Routing Rules
|
||||
#
|
||||
# /etc/shorewall/routes
|
||||
#
|
||||
# Entries in this file cause packets to be routed in non-standard
|
||||
# ways.
|
||||
#
|
||||
# I M P O R T A N T ! ! ! !
|
||||
#
|
||||
# In order to use entries in this file, your kernel and iptables must
|
||||
# have ROUTE target support (see the output of "shorewall show
|
||||
# capabilities").
|
||||
#
|
||||
# This facility is *EXPERIMENTAL* -- the Netfilter team have no intention
|
||||
# of ever submitting the ROUTE target patch to kernel.org.
|
||||
#
|
||||
# To omit any column, enter "-" in that column.
|
||||
#
|
||||
# Columns are:
|
||||
#
|
||||
#
|
||||
# SOURCE Source of the packet. May be any of the following:
|
||||
#
|
||||
# - A host or network address
|
||||
# - A network interface name.
|
||||
# - The name of an ipset prefaced with "+"
|
||||
# - $FW (for packets originating on the firewall)
|
||||
# - A MAC address in Shorewall format
|
||||
# - A range of IP addresses (assuming that your
|
||||
# kernel and iptables support range match)
|
||||
# - A network interface name followed by ":"
|
||||
# and an address or address range.
|
||||
#
|
||||
# DEST Destination of the packet. May be any of the
|
||||
# following:
|
||||
#
|
||||
# - A host or network address
|
||||
# - A network interface name (determined from
|
||||
# routing table(s))
|
||||
# - The name of an ipset prefaced with "+"
|
||||
# - A network interface name followed by ":"
|
||||
# and an address or address range.
|
||||
#
|
||||
# PROTO Protocol - Must be "tcp", "udp", "icmp", "ipp2p",
|
||||
# a number, or "all". "ipp2p" requires ipp2p match
|
||||
# support in your kernel and iptables.
|
||||
#
|
||||
# PORT(S) Destination Ports. A comma-separated list of Port
|
||||
# names (from /etc/services), port numbers or port
|
||||
# ranges; if the protocol is "icmp", this column is
|
||||
# interpreted as the destination icmp-type(s).
|
||||
#
|
||||
# Port ranges are allowed in a list only if your
|
||||
# kernel and iptables support Extended Multi-port
|
||||
# match (see the output of "shorewall show capabilities").
|
||||
#
|
||||
# If the protocol is ipp2p, this column is interpreted
|
||||
# as an ipp2p option without the leading "--" (example "bit"
|
||||
# for bit-torrent). If no PORT is given, "ipp2p" is
|
||||
# assumed.
|
||||
#
|
||||
# SOURCE PORT(S) Source port(s). If omitted, any source port is acceptable.
|
||||
# Specified as a comma-separated list of port names, port
|
||||
# numbers or port ranges.
|
||||
#
|
||||
# Port ranges are allowed in a list only if your
|
||||
# kernel and iptables support Extended Multi-port
|
||||
# match (see the output of "shorewall show capabilities").
|
||||
#
|
||||
# TEST Defines a test on the existing packet or connection mark.
|
||||
# The rule will match only if the test returns true. Tests
|
||||
# have the format [!]<value>[/<mask>][:C]
|
||||
#
|
||||
# Where:
|
||||
#
|
||||
# ! Inverts the test (not equal)
|
||||
# <value> Value of the packet or connection mark.
|
||||
# <mask> A mask to be applied to the mark before
|
||||
# testing
|
||||
# :C Designates a connection mark. If omitted,
|
||||
# the packet mark's value is tested.
|
||||
#
|
||||
# INTERFACE The interface that the packet is to be routed out of.
|
||||
# If you specify "-" here, then you must enter the IP address
|
||||
# of a gateway in the GATEWAY column.
|
||||
#
|
||||
# GATEWAY The gateway that the packet is to be forewarded through.
|
||||
#
|
||||
# See http://shorewall.net/Shorewall_and_Routing.html for additional information.
|
||||
#######################################################################################
|
||||
#SOURCE DEST PROTO PORT(S) SOURCE TEST INTERFACE GATEWAY
|
||||
# PORT(S)
|
||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
||||
Loading…
Reference in New Issue
Block a user