forked from extern/shorewall_code
Minor vserver doc update
This commit is contained in:
Tom Eastep
parent
63154367ad
commit
c8274f0538
@ -1682,14 +1682,13 @@ sub generate_loopback_rules1( $$$$ ) {
|
|||||||
|
|
||||||
for my $typeref ( values %{$dest_hosts_ref} ) {
|
for my $typeref ( values %{$dest_hosts_ref} ) {
|
||||||
for my $hostref ( @{$typeref->{'%vserver%'}} ) {
|
for my $hostref ( @{$typeref->{'%vserver%'}} ) {
|
||||||
my $ipsec_match = match_ipsec_out $z2 , $hostref;
|
|
||||||
my $exclusion = dest_exclusion( $hostref->{exclusions}, $chain);
|
my $exclusion = dest_exclusion( $hostref->{exclusions}, $chain);
|
||||||
|
|
||||||
for my $net ( @{$hostref->{hosts}} ) {
|
for my $net ( @{$hostref->{hosts}} ) {
|
||||||
add_jump( $chainref,
|
add_jump( $chainref,
|
||||||
$exclusion ,
|
$exclusion ,
|
||||||
0,
|
0,
|
||||||
join('', $match, $ipsec_match,, match_dest_net( $net ) ) )
|
join('', $match, match_dest_net( $net ) ) )
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -53,8 +53,9 @@
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Their contents must be defined using the <ulink
|
<para>Their contents must be defined using the <ulink
|
||||||
url="manpages/shorewall-hosts.html">shorewall-hosts </ulink>(5)
|
url="manpages/shorewall-hosts.html">shorewall-hosts </ulink>(5) file.
|
||||||
file.</para>
|
The <emphasis role="bold">ipsec</emphasis> option may not be
|
||||||
|
specified.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
@ -82,6 +83,31 @@
|
|||||||
applications. Such connections will appear to come from the $FW zone
|
applications. Such connections will appear to come from the $FW zone
|
||||||
rather than the intended Vserver zone.</para>
|
rather than the intended Vserver zone.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>While you can define the vservers to be associated with the
|
||||||
|
network interface where their IP addresses are added at vserver
|
||||||
|
startup time, Shorewall internally associates all vservers with the
|
||||||
|
loopback interface (<emphasis role="bold">lo</emphasis>). Here's an
|
||||||
|
example of how that association can show up:</para>
|
||||||
|
|
||||||
|
<programlisting>gateway:~# shorewall show zones
|
||||||
|
Shorewall 4.4.11-Beta2 Zones at gateway - Fri Jul 2 12:26:30 PDT 2010
|
||||||
|
|
||||||
|
fw (firewall)
|
||||||
|
drct (ipv4)
|
||||||
|
eth4:+drct_eth4
|
||||||
|
loc (ipv4)
|
||||||
|
eth4:0.0.0.0/0
|
||||||
|
net (ipv4)
|
||||||
|
eth1:0.0.0.0/0
|
||||||
|
vpn (ipv4)
|
||||||
|
tun+:0.0.0.0/0
|
||||||
|
dmz (<emphasis role="bold">vserver</emphasis>)
|
||||||
|
<emphasis role="bold">lo</emphasis>:70.90.191.124/31
|
||||||
|
|
||||||
|
gateway:~#</programlisting>
|
||||||
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user