holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Update to reflect 1.3.4 Features

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@133 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2002-07-13 14:59:45 +00:00
parent ccdbd9faed
commit e97d6880c3
4 changed files with 40 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Samples/one-interface/interfaces
View File

@ -48,7 +48,9 @@
# requests. 'filterping' takes # requests. 'filterping' takes
# precedence over 'noping' if both are # precedence over 'noping' if both are
# given. # given.
# routestopped - When the firewall is stopped, allow # routestopped - (Deprecated -- use
# /etc/shorewall/routestopped)
# When the firewall is stopped, allow
# and route traffic to and from this # and route traffic to and from this
# interface. # interface.
# norfc1918 - This interface should not receive # norfc1918 - This interface should not receive

31
Samples/one-interface/shorewall.conf
View File

@ -228,4 +228,35 @@ NAT_BEFORE_RULES=Yes
MULTIPORT=No MULTIPORT=No
# DNAT IP Address Detection
#
# Normally when Shorewall encounters the following rule:
#
# DNAT net loc:192.168.1.3 tcp 80
#
# it will forward TCP port 80 connections from the net to 192.168.1.3
# REGARDLESS OF THE ORIGINAL DESTINATION ADDRESS. This behavior is
# convenient for two reasons:
#
# a) If the the network interface has a dynamic IP address, the
# firewall configuration will work even when the address
# changes.
#
# b) It saves having to configure the IP address in the rule
# while still allowing the firewall to be started before the
# internet interface is brought up.
#
# This default behavior can also have a negative effect. If the
# internet interface has more than one IP address then the above
# rule will forward connection requests on all of these addresses;
# that may not be what is desired.
#
# By setting DETECT_DNAT_IPADDRS=Yes, rules such as the above will apply
# only if the original destination address is the primary IP address of
# one of the interfaces associated with the source zone. Note that this
# requires all interfaces to the source zone to be up when the firewall
# is [re]started.
DETECT_DNAT_IPADDRS=No
#LAST LINE -- DO NOT REMOVE #LAST LINE -- DO NOT REMOVE

4
Samples/three-interfaces/interfaces
View File

@ -48,7 +48,9 @@
# requests. 'filterping' takes # requests. 'filterping' takes
# precedence over 'noping' if both are # precedence over 'noping' if both are
# given. # given.
# routestopped - When the firewall is stopped, allow # routestopped - (Deprecated -- use
# /etc/shorewall/routestopped)
# When the firewall is stopped, allow
# and route traffic to and from this # and route traffic to and from this
# interface. # interface.
# norfc1918 - This interface should not receive # norfc1918 - This interface should not receive

4
Samples/two-interfaces/interfaces
View File

@ -48,7 +48,9 @@
# requests. 'filterping' takes # requests. 'filterping' takes
# precedence over 'noping' if both are # precedence over 'noping' if both are
# given. # given.
# routestopped - When the firewall is stopped, allow # routestopped - (Deprecated -- use
# /etc/shorewall/routestopped)
# When the firewall is stopped, allow
# and route traffic to and from this # and route traffic to and from this
# interface. # interface.
# norfc1918 - This interface should not receive # norfc1918 - This interface should not receive