holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

More cleanups of myfiles.xml

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1027 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2003-12-30 15:14:49 +00:00
parent 29380eaa70
commit a57aedd3d0
1 changed files with 43 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
Shorewall-docs/myfiles.xml
View File

@ -229,6 +229,27 @@ eth3 192.168.3.0/24
</blockquote>
</section>
<section>
<title>RFC1918 File</title>
<blockquote>
<para>I use a stripped-down file which doesn&#39;t have to be updated
when the IANA allocates a block of IP addresses.</para>
</blockquote>
<blockquote>
<programlisting>#SUBNET TARGET
169.254.0.0/16 DROP # DHCP autoconfig
172.16.0.0/12 logdrop # RFC 1918
192.0.2.0/24 logdrop # Example addresses
192.168.0.0/16 logdrop # RFC 1918
10.24.60.56 DROP # Some idiot in my broadcast domain
# has a box configured with this
# address.
10.0.0.0/8 logdrop # Reserved (RFC 1918)</programlisting>
</blockquote>
</section>
<section>
<title>Blacklist File (Partial)</title>
@ -296,7 +317,7 @@ eth0 eth3 206.124.146.179
</blockquote>
</section>
<section>
<section id="ProxyARP">
<title>Proxy ARP File</title>
<blockquote>
@ -519,24 +540,13 @@ ACCEPT all all icmp
</blockquote>
</section>
<section>
<title>Tcrules File</title>
<para>This file deals with redirecting html requests to Squid on the DMZ
server.</para>
<blockquote>
<programlisting>#TYPE ZONE GATEWAY GATEWAY ZONE PORT
gre net $TEXAS
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</programlisting>
</blockquote>
</section>
<section>
<title>Init File</title>
<para>This file deals with redirecting html requests to Squid on the DMZ
server.</para>
<blockquote>
<para>This file deals with redirecting html requests to <ulink
url="Shorewall_Squid_Usage.html#DMZ">Squid on the DMZ server</ulink>.</para>
</blockquote>
<blockquote>
<programlisting>#
@ -554,8 +564,10 @@ fi</programlisting>
<section>
<title>/etc/iproute2/rt_tables</title>
<para>This file deals with redirecting html requests to Squid on the DMZ
server.</para>
<blockquote>
<para>This file deals with redirecting html requests to <ulink
url="Shorewall_Squid_Usage.html#DMZ">Squid on the DMZ server</ulink>.</para>
</blockquote>
<blockquote>
<programlisting>#
@ -576,20 +588,26 @@ fi</programlisting>
<section>
<title>Tcrules File</title>
<para>This file deals with redirecting html requests to Squid on the DMZ
server.</para>
<blockquote>
<para>This file deals with redirecting html requests to <ulink
url="Shorewall_Squid_Usage.html#DMZ">Squid on the DMZ server</ulink>
-- in my setup, it is <emphasis role="bold">not</emphasis> used for
traffic shapping/control.</para>
</blockquote>
<blockquote>
<programlisting>#TYPE ZONE GATEWAY GATEWAY ZONE PORT
gre net $TEXAS
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</programlisting>
<programlisting>#MARK SOURCE DEST PROTO PORT(S) CLIENT PORT(S)
1:P eth2,eth3 !192.168.0.0/16 tcp 80</programlisting>
</blockquote>
</section>
<section>
<title>Tcstart File</title>
<para>My tcstart file is just the HTB version of WonderShaper.</para>
<blockquote>
<para>My tcstart file is just the HTB version of <ulink
url="http://lartc.org/wondershaper/">The WonderShaper</ulink>.</para>
</blockquote>
</section>
<section>
@ -598,7 +616,7 @@ gre net $TEXAS
<blockquote>
<para>This file is Redhat specific and adds a route to my DMZ server
when eth1 is brought up. It allows me to enter <quote>Yes</quote> in
the HAVEROUTE column of my Proxy ARP file.</para>
the HAVEROUTE column of <link linkend="ProxyARP">my Proxy ARP file</link>.</para>
<programlisting>#!/bin/sh