Add FAQ 53

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3660 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2006-03-12 16:38:54 +00:00 · 2006-03-12 16:38:54 +00:00 · ec155c4036
commit ec155c4036
parent 8cf217c023
1 changed files with 19 additions and 2 deletions
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@ -17,7 +17,7 @@
      </author>
    </authorgroup>

-    <pubdate>2006-03-02</pubdate>
+    <pubdate>2006-03-11</pubdate>

    <copyright>
      <year>2001-2006</year>
@ -1773,7 +1773,7 @@ eth0               eth1                        # eth1 = interface to local netwo
    </section>
  </section>

-  <section>
+  <section id="faq53">
    <title>Miscellaneous</title>

    <section id="faq19">
@ -1959,5 +1959,22 @@ Shorewall has detected the following iptables/netfilter capabilities:
   Raw Table: Available
 gateway:~#</programlisting>
    </section>
+
+    <section>
+      <title>(FAQ 53) How do I open the firewall for all traffic to/from the
+      LAN?</title>
+
+      <para><emphasis role="bold">Answer:</emphasis> Add these two
+      policies:</para>
+
+      <programlisting>#SOURCE            DESTINATION             POLICY            LOG              LIMIT:BURST
+#                                                            LEVEL
+$FW                loc                     ACCEPT
+loc                $FW                     ACCEPT           </programlisting>
+
+      <para>You can also delete any ACCEPT rules from $FW-&gt;loc and
+      loc-&gt;$FW since those rules are redundant with the above
+      policies.</para>
+    </section>
  </section>
 </article>