holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Update introduction with IPv6 info

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9309 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2009-01-18 16:23:43 +00:00
parent db500018c8
commit f498c4a987
1 changed files with 25 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
docs/Introduction.xml
View File

@ -183,7 +183,7 @@ dmz ipv4
that file as follows:</para> that file as follows:</para>
<programlisting>#ZONE INTERFACE BROADCAST OPTIONS <programlisting>#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect dhcp,routefilter,norfc1918 net eth0 detect dhcp,routefilter
loc eth1 detect loc eth1 detect
dmz eth2 detect</programlisting> dmz eth2 detect</programlisting>
@ -252,14 +252,14 @@ dmz eth2 detect</programlisting>
first policy in <filename first policy in <filename
class="directory">/etc/shorewall/</filename><filename>policy</filename> class="directory">/etc/shorewall/</filename><filename>policy</filename>
that matches the request is applied. If there is a default action defined that matches the request is applied. If there is a default action defined
for the policy in /etc/shorewall/actions (or for the policy in<filename> <ulink
<filename>/usr/share/shorewall/actions.std</filename>) then that action is url="manpages/shorewall.conf.html">/etc/shorewall/shorewall.conf</ulink></filename>
invoked before the policy is enforced. In the standard Shorewall then that action is invoked before the policy is enforced. In the standard
distribution, the DROP policy has a default action called <emphasis Shorewall distribution, the DROP policy has a default action called
role="bold">Drop</emphasis> and the REJECT policy has a default action <emphasis role="bold">Drop</emphasis> and the REJECT policy has a default
called <emphasis role="bold">Reject</emphasis>. Default actions are used action called <emphasis role="bold">Reject</emphasis>. Default actions are
primarily to discard packets silently so that they don't clutter up your used primarily to discard packets silently so that they don't clutter up
log.</para> your log.</para>
<para>The <filename <para>The <filename
class="directory">/etc/shorewall/</filename><filename>policy</filename> class="directory">/etc/shorewall/</filename><filename>policy</filename>
@ -271,7 +271,7 @@ all all REJECT info</programlisting>In the three-interface
sample, the line below is included but commented out. If you want your sample, the line below is included but commented out. If you want your
firewall system to have full access to servers on the Internet, uncomment firewall system to have full access to servers on the Internet, uncomment
that line. <programlisting>#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST that line. <programlisting>#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
$FW net ACCEPT</programlisting> The above policy will: $FW net ACCEPT</programlisting> The above policies will:
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>Allow all connection requests from your local network to the <para>Allow all connection requests from your local network to the
@ -390,6 +390,21 @@ ACCEPT net $FW tcp 22</programlisting>
Shorewall-lite.</para> Shorewall-lite.</para>
</listitem> </listitem>
</orderedlist> </orderedlist>
<para>In Shorewall 4.2.4, two additional packages were added:</para>
<orderedlist>
<listitem>
<para><emphasis role="bold">Shorewall6</emphasis> - The utilities
necessary to <ulink url="IPv6Support.html">control and configure an
IPv6 firewall</ulink>.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Shorewall6-lite</emphasis> - The IPv6
equivalent of Shorewall-lite.</para>
</listitem>
</orderedlist>
</section> </section>
<section id="License"> <section id="License">