#
# Shorewall version 3.0 - Zones File
#
# /etc/shorewall/zones
#
#	This file determines your network zones.
#
# Columns are:
#
#	ZONE	Short name of the zone (5 Characters or less in length).
#		The names "all" and "none" are reserved and may not be
#		used as zone names.
#
#		Where a zone is nested in one or more other zones,
#		you may follow the (sub)zone name by ":" and a
#		comma-separated list of the parent zones. The parent
#		zones must have been defined in earlier records in this
#		file.
#
#		Example:
#
#			#ZONE     TYPE     OPTIONS
#			a	  ipv4
#			b	  ipv4
#			c:a,b     ipv4
#
#		Currently, Shorewall uses this information only to reorder the
#		zone list so that parent zones appear after their subzones in
#		the list. In the future, Shorewall may make more extensive use
#		of that information.
#
#	TYPE	ipv4 -	This is the standard Shorewall zone type and is the
#			default if you leave this column empty or if you enter
#			"-" in the column. Communication with some zone hosts
#			may be encrypted. Encrypted hosts are designated using
#			the 'ipsec'option in /etc/shorewall/hosts.
#		ipsec -	Communication with all zone hosts is encrypted
#			Your kernel and iptables must include policy
#			match support.
#		firewall
#		      - Designates the firewall itself. You must have
#			exactly one 'firewall' zone. No options are
#			permitted with a 'firewall' zone. The name that you
#			enter in the ZONE column will be stored in the shell
#			variable $FW which you may use in other configuration
#			files to designate the firewall zone.
#
#	OPTIONS,	A comma-separated list of options as follows:
#	IN OPTIONS,
#	OUT OPTIONS	reqid=<number> where <number> is specified
#			using setkey(8) using the 'unique:<number>
#			option for the SPD level.
#
#			spi=<number> where <number> is the SPI of
#			the SA used to encrypt/decrypt packets.
#
#			proto=ah|esp|ipcomp
#
#			mss=<number> (sets the MSS field in TCP packets)
#
#			mode=transport|tunnel
#
#			tunnel-src=<address>[/<mask>] (only
#			available with mode=tunnel)
#
#			tunnel-dst=<address>[/<mask>] (only
#			available with mode=tunnel)
#
#			strict	Means that packets must match all rules.
#
#			next	Separates rules; can only be used with
#				strict..
#
#		Example:
#			mode=transport,reqid=44
#
#	The options in the OPTIONS column are applied to both incoming
#	and outgoing traffic. The IN OPTIONS are applied to incoming
#	traffic (in addition to OPTIONS) and the OUT OPTIONS are
#	applied to outgoing traffic.
#
#	If you wish to leave a column empty but need to make an entry
#	in a following column, use "-".
#------------------------------------------------------------------------------
# Example zones:
#
#	You have a three interface firewall with internet, local and DMZ
#	interfaces.
#
#	#ZONE	TYPE		OPTIONS		IN			OUT
#	#					OPTIONS			OPTIONS
#	fw	firewall
#	net
#	loc
#	dmz
#
#
# For more information, see http://www.shorewall.net/Documentation.htm#Zones
#
###############################################################################
#ZONE	TYPE		OPTIONS		IN			OUT
#					OPTIONS			OPTIONS
fw	firewall
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE