Clean up the Introduction article

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2019-04-01 15:10:27 -07:00 · 2019-04-01 15:10:27 -07:00 · aa97b1b283
commit aa97b1b283
parent 53495ec0a8
1 changed files with 21 additions and 13 deletions
--- a/docs/Introduction.xml
+++ b/docs/Introduction.xml
@ -18,6 +18,8 @@
    <copyright>
      <year>2003-2015</year>

+      <year>2019</year>
+
      <holder>Thomas M. Eastep</holder>
    </copyright>

@ -126,7 +128,8 @@
        </listitem>

        <listitem>
-          <para><ulink url="http://www.ipcop.org">ipcop</ulink></para>
+          <para><ulink url="https://comparite.ch/free-firewall">Other free
+          firewalls</ulink></para>
        </listitem>
      </itemizedlist>

@ -170,18 +173,18 @@ dmz     ipv4</programlisting>
    file. In the three-interface sample, the three zones are defined using
    that file as follows:</para>

-    <programlisting>#ZONE      INTERFACE     BROADCAST     OPTIONS
-net        eth0          detect        dhcp,routefilter
-loc        eth1          detect
-dmz        eth2          detect</programlisting>
+    <programlisting>#ZONE      INTERFACE     OPTIONS
+net        NET_IF        dhcp,routefilter
+loc        LOC_IF
+dmz        DMZ_IF</programlisting>

    <para>The above file defines the <emphasis>net</emphasis> zone as all IPv4
-    hosts interfacing to the firewall through eth0, the
-    <emphasis>loc</emphasis> zone as all IPv4 hosts interfacing through eth1
+    hosts interfacing to the firewall through NET_IF, the
+    <emphasis>loc</emphasis> zone as all IPv4 hosts interfacing through LOC_IF
    and the <emphasis>dmz</emphasis> as all IPv4 hosts interfacing through
-    eth2. It is important to note that the composition of a zone is defined in
-    terms of a combination of addresses <emphasis role="bold">and</emphasis>
-    interfaces. When using the <ulink
+    DMZ_IF. It is important to note that the composition of a zone is defined
+    in terms of a combination of addresses <emphasis
+    role="bold">and</emphasis> interfaces. When using the <ulink
    url="manpages/shorewall-interfaces.html"><filename>/etc/shorewall/interfaces</filename></ulink>
    file to define a zone, all addresses are included; when you want to define
    a zone that contains a limited subset of the IPv4 address space, you use
@ -191,9 +194,9 @@ dmz        eth2          detect</programlisting>
    <filename>/etc/shorewall/interfaces</filename>:</para>

    <programlisting>#ZONE      INTERFACE     BROADCAST     OPTIONS
-net        eth0          detect        dhcp,routefilter,nets=(!192.168.0.0/23)
-loc        eth1          detect        nets=(192.168.0.0/24)
-dmz        eth2          detect        nets=(192.168.1.0/24)</programlisting>
+net        NET_IF        detect        dhcp,routefilter,nets=(!192.168.0.0/23),physical=eth0
+loc        LOC_IF        detect        nets=(192.168.0.0/24),physical=eth1
+dmz        DMZ_IF        detect        nets=(192.168.1.0/24),physical=eth2</programlisting>

    <para>The above file defines the <emphasis>net</emphasis> zone as all IPv4
    hosts interfacing to the firewall through eth0 <emphasis>except</emphasis>
@ -203,6 +206,11 @@ dmz        eth2          detect        nets=(192.168.1.0/24)</programlisting>
    192.168.0.0/24 together with 192.168.1.0/24 comprises
    192.168.0.0/23).</para>

+    <para>Note that the names NET_IF, LOC_IF and DMZ_IF are <emphasis>logical
+    interface names</emphasis> which are mapped to actual physical network
+    interfaces using the <emphasis role="bold">physical=</emphasis> option in
+    each interface file entry.</para>
+
    <para>Rules about what traffic to allow and what traffic to deny are
    expressed in terms of zones. <itemizedlist spacing="compact">
        <listitem>