Add warning about default routes to multi-interface HOWTOs

This commit is contained in:
Tom Eastep 2009-11-22 09:28:45 -08:00
parent 5b02ef68a5
commit c1001d7cc9
2 changed files with 12 additions and 2 deletions

View File

@ -460,6 +460,12 @@ root@lists:~# </programlisting>
against</emphasis>.</para>
</caution>
<caution>
<para><emphasis role="bold">Do not configure a default route on your
internal and DMZ interfaces.</emphasis> Your firewall should have
exactly one default route via your ISP's Router.</para>
</caution>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>The Shorewall three-interface sample configuration assumes that the
@ -1135,4 +1141,4 @@ ACCEPT net $FW tcp 80 </programlisting><it
url="starting_and_stopping_shorewall.htm">Operating Shorewall and
Shorewall Lite</ulink> contains a lot of useful operational hints.</para>
</section>
</article>
</article>

View File

@ -418,6 +418,10 @@ root@lists:~# </programlisting>
for all interfaces connected to the common hub/switch. <emphasis
role="bold">Using such a setup with a production firewall is strongly
recommended against</emphasis>.</para>
</warning><warning>
<para><emphasis role="bold">Do not configure a default route on your
internal interface.</emphasis> Your firewall should have exactly one
default route via your ISP's Router.</para>
</warning> <inlinegraphic fileref="images/BD21298_.gif"
format="GIF" /></para>
@ -1142,4 +1146,4 @@ eth0 wlan0</programlisting>
requires the rules listed in the <ulink url="samba.htm">Shorewall/Samba
documentation</ulink>.</para>
</section>
</article>
</article>