holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Adjust nested zone documentation

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5232 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-01-15 21:49:21 +00:00
parent cb2287437f
commit b60a2a5b96
5 changed files with 39 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
docs/Documentation.xml
View File

@ -444,6 +444,37 @@ NET_OPTIONS=blacklist,norfc1918</programlisting>
<quote>all</quote> may not be used as a zone name nor may the zone <quote>all</quote> may not be used as a zone name nor may the zone
name assigned to the firewall itself via the FW variable in <xref name assigned to the firewall itself via the FW variable in <xref
linkend="Conf" />.</para> linkend="Conf" />.</para>
<para id="Nested">The <filename>/etc/shorewall/interfaces</filename>
and <filename>/etc/shorewall/hosts</filename> file allow you to
define nested or overlapping zones. Such overlapping/nested zones
are allowed and Shorewall normally processes zones in the order that
they appear in the <filename>/etc/shorewall/zones</filename> file.
So if you have nested zones, you want the sub-zone to appear before
the super-zone and in the case of overlapping zones, the rules that
will apply to hosts that belong to both zones is determined by which
zone appears first in
<filename>/etc/shorewall/zones</filename>.</para>
<para>Hosts that belong to more than one zone may be managed by the
rules of all of those zones. This is done through use of the special
<link linkend="CONTINUE">CONTINUE policy</link> described
below.</para>
<para>Beginning With Shorewall 3.0, you can adjust the order in
which Shorewall generates its rules by using special syntax in the
ZONE column of <filename>/etc/shorewall/zones</filename>. Where a
zone is nested in one or more other zones, you may follow the
(sub)zone name by ":" and a comma-separated list of the parent
zones. The parent zones must have been defined in earlier records in
this file.</para>
<para>Example:<blockquote>
<programlisting>#ZONE TYPE OPTIONS
parnt1 ipv4
parnt2 ipv4
child:parnt1,parnt2 ipv4</programlisting>
</blockquote></para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1081,24 +1112,6 @@ net eth0 detect dhcp,norfc1918
<programlisting>#ZONE HOST(S) OPTIONS <programlisting>#ZONE HOST(S) OPTIONS
loc eth1:192.168.1.0/24,192.168.12.0/24</programlisting> loc eth1:192.168.1.0/24,192.168.12.0/24</programlisting>
</example> </example>
<section id="Nested">
<title>Nested and Overlapping Zones</title>
<para>The <filename>/etc/shorewall/interfaces</filename> and
<filename>/etc/shorewall/hosts</filename> file allow you to define
nested or overlapping zones. Such overlapping/nested zones are allowed
and Shorewall processes zones in the order that they appear in the
<filename>/etc/shorewall/zones</filename> file. So if you have nested
zones, you want the sub-zone to appear before the super-zone and in the
case of overlapping zones, the rules that will apply to hosts that
belong to both zones is determined by which zone appears first in
<filename>/etc/shorewall/zones</filename>.</para>
<para>Hosts that belong to more than one zone may be managed by the
rules of all of those zones. This is done through use of the special
<link linkend="CONTINUE">CONTINUE policy</link> described below.</para>
</section>
</section> </section>
<section id="Policy" xreflabel="/etc/shorewall/policy"> <section id="Policy" xreflabel="/etc/shorewall/policy">

2
manpages/shorewall-zones.xml
View File

@ -49,7 +49,7 @@
role="bold">,</emphasis><emphasis>parent-zone</emphasis>]...]</term> role="bold">,</emphasis><emphasis>parent-zone</emphasis>]...]</term>
<listitem> <listitem>
<para>Nname of the <emphasis>zone</emphasis>. The names "all" and <para>Name of the <emphasis>zone</emphasis>. The names "all" and
"none" are reserved and may not be used as zone names. The maximum "none" are reserved and may not be used as zone names. The maximum
length of a zone name is determined by the setting of the LOGFORMAT length of a zone name is determined by the setting of the LOGFORMAT
option in shorewall.conf. With the default LOGFORMAT, zone names can option in shorewall.conf. With the default LOGFORMAT, zone names can

3
web/Documentation.html
View File

@ -33,7 +33,8 @@ Español)</a></li>
<li><a href="shorewall_quickstart_guide.htm">QuickStart Guides <li><a href="shorewall_quickstart_guide.htm">QuickStart Guides
(<span style="font-weight: bold;">HOWTO</span>s for setting up (<span style="font-weight: bold;">HOWTO</span>s for setting up
Shorewall in popular configurations)</a></li> Shorewall in popular configurations)</a></li>
<li><a href="manpages/Manpages.html">Shorewall 3.4 Manpages</a><br> <li><a href="manpages/Manpages.html">Shorewall 3.4 <span
style="font-weight: bold;">Manpages</span></a><br>
</li> </li>
<li><a href="Install.htm"><span style="font-weight: bold;">Install</span>ation/<span <li><a href="Install.htm"><span style="font-weight: bold;">Install</span>ation/<span
style="font-weight: bold;">Upgrade</span> Instructions</a></li> style="font-weight: bold;">Upgrade</span> Instructions</a></li>

4
web/Manpages.html
View File

@ -23,9 +23,7 @@ Documentation License</a></span>”.<br>
<p>2007-01-14<br> <p>2007-01-14<br>
</p> </p>
<hr style="width: 100%; height: 2px;"> <span style="font-weight: bold;">Warning: <hr style="width: 100%; height: 2px;"> <span style="font-weight: bold;">Warning:
</span>These manpages are for Shorewall 3.4.0 only. The HTML formatting </span>These manpages are for Shorewall 3.4.0 only.<br>
is still a bit off so please bear with us while we try to correct the
problems.<br>
<h2>Section 5 - Files<br> <h2>Section 5 - Files<br>
</h2> </h2>
<div style="margin-left: 40px;"><a href="shorewall-accounting.html">accounting</a><br> <div style="margin-left: 40px;"><a href="shorewall-accounting.html">accounting</a><br>

8
web/shorewall_index.htm
View File

@ -130,17 +130,17 @@ problems</a> and <a
</ul> </ul>
The <span style="font-weight: bold;">current Development Release</span> The <span style="font-weight: bold;">current Development Release</span>
version version
is 3.4.0-Beta1<br> is 3.4.0-Beta2<br>
</div> </div>
<ul style="margin-left: 40px;"> <ul style="margin-left: 40px;">
<li>Here are the <a <li>Here are the <a
href="http://www1.shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-Beta1/releasenotes.txt">release href="http://www1.shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-Beta2/releasenotes.txt">release
notes</a> <br> notes</a> <br>
</li> </li>
<li>Here are the <a <li>Here are the <a
href="http://www1.shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-Beta1/known_problems.txt">known href="http://www1.shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-Beta2/known_problems.txt">known
problems</a> and <a problems</a> and <a
href="http://www1.shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-Beta1/errata/">updates</a>.</li> href="http://www1.shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-Beta2/errata/">updates</a>.</li>
</ul> </ul>
<div style="margin-left: 40px;">Get them from the <a <div style="margin-left: 40px;">Get them from the <a
href="download.htm">download sites</a></div> href="download.htm">download sites</a></div>