# # Shorewall 2.0 - /etc/shorewall/hosts # # THE ONLY TIME YOU NEED THIS FILE IS WHERE YOU HAVE MORE THAN # ONE ZONE CONNECTED THROUGH A SINGLE INTERFACE. # # IF YOU DON'T HAVE THAT SITUATION THEN DON'T TOUCH THIS FILE. # # This file is used to define zones in terms of subnets and/or # individual IP addresses. Most simple setups don't need to # (should not) place anything in this file. # # ZONE - The name of a zone defined in /etc/shorewall/zones # # HOST(S) - The name of an interface defined in the # /etc/shorewall/interfaces file followed by a colon (":") and # a comma-separated list whose elements are either: # # a) The IP address of a host # b) A subnetwork in the form # / # c) A physical port name; only allowed when the # interface names a bridge created by the # brctl addbr command. This port must not # be defined in /etc/shorewall/interfaces and may # optionally followed by a colon (":") and a # host or network IP. # See http://www.shorewall.net/Bridge.html for details. # # Examples: # # eth1:192.168.1.3 # eth2:192.168.2.0/24 # eth3:192.168.2.0/24,192.168.3.1 # br0:eth4 # br0:eth0:192.168.1.16/28 # # OPTIONS - A comma-separated list of options. Currently-defined # options are: # # maclist - Connection requests from these hosts # are compared against the contents of # /etc/shorewall/maclist. If this option # is specified, the interface must be # an ethernet NIC and must be up before # Shorewall is started. # # routeback - Shorewall show set up the infrastructure # to pass packets from this/these # address(es) back to themselves. This is # necessary of hosts in this group use the # services of a transparent proxy that is # a member of the group or if DNAT is used # to send requests originating from this # group to a server in the group. # #ZONE HOST(S) OPTIONS #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE