"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "manpages/shorewall-hosts.xml" between
shorewall-docs-xml-5.2.3.6.tar.bz2 and shorewall-docs-xml-5.2.6.tar.bz2

About: Shorewall (The Shoreline Firewall) is an iptables based firewall (documentation; XML)

shorewall-hosts.xml  (shorewall-docs-xml-5.2.3.6.tar.bz2):shorewall-hosts.xml  (shorewall-docs-xml-5.2.6.tar.bz2)
skipping to change at line 34 skipping to change at line 34
<refsect1> <refsect1>
<title>Description</title> <title>Description</title>
<para>This file is used to define zones in terms of subnets and/or <para>This file is used to define zones in terms of subnets and/or
individual IP addresses. Most simple setups don't need to (should not) individual IP addresses. Most simple setups don't need to (should not)
place anything in this file.</para> place anything in this file.</para>
<para>The order of entries in this file is not significant in determining <para>The order of entries in this file is not significant in determining
zone composition. Rather, the order that the zones are declared in <ulink zone composition. Rather, the order that the zones are declared in <ulink
url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5) determines url="shorewall-zones.html">shorewall-zones</ulink>(5) determines
the order in which the records in this file are interpreted.</para> the order in which the records in this file are interpreted.</para>
<warning> <warning>
<para>The only time that you need this file is when you have more than <para>The only time that you need this file is when you have more than
one zone connected through a single interface.</para> one zone connected through a single interface.</para>
</warning> </warning>
<warning> <warning>
<para>If you have an entry for a zone and interface in <ulink <para>If you have an entry for a zone and interface in <ulink
url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5) url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
then do not include any entries in this file for that same (zone, then do not include any entries in this file for that same (zone,
interface) pair.</para> interface) pair.</para>
</warning> </warning>
<para>The columns in the file are as follows.</para> <para>The columns in the file are as follows.</para>
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term><emphasis role="bold">ZONE</emphasis> - <term><emphasis role="bold">ZONE</emphasis> -
<emphasis>zone-name</emphasis></term> <emphasis>zone-name</emphasis></term>
<listitem> <listitem>
<para>The name of a zone declared in <ulink <para>The name of a zone declared in <ulink
url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5). You url="shorewall-zones.html">shorewall-zones</ulink>(5). You
may not list the firewall zone in this column.</para> may not list the firewall zone in this column.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">HOST(S)</emphasis> - <term><emphasis role="bold">HOST(S)</emphasis> -
<emphasis>interface</emphasis>:{[{<emphasis>address-or-range</emphasis>[ <emphasis <emphasis>interface</emphasis>:{[{<emphasis>address-or-range</emphasis>[ <emphasis
role="bold">,</emphasis><emphasis>address-or-range</emphasis>]...|<empha sis role="bold">,</emphasis><emphasis>address-or-range</emphasis>]...|<empha sis
role="bold">+</emphasis><emphasis>ipset</emphasis>|<emphasis role="bold">+</emphasis><emphasis>ipset</emphasis>|<emphasis
role="bold">dynamic</emphasis>}[<emphasis>exclusion</emphasis>]</term> role="bold">dynamic</emphasis>}[<emphasis>exclusion</emphasis>]</term>
<listitem> <listitem>
<para>The name of an interface defined in the <ulink <para>The name of an interface defined in the <ulink
url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink> (5) url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
file followed by a colon (":") and a comma-separated list whose file followed by a colon (":") and a comma-separated list whose
elements are either:</para> elements are either:</para>
<orderedlist numeration="loweralpha"> <orderedlist numeration="loweralpha">
<listitem> <listitem>
<para>The IP <replaceable>address</replaceable> of a <para>The IP <replaceable>address</replaceable> of a
host.</para> host.</para>
</listitem> </listitem>
<listitem> <listitem>
skipping to change at line 107 skipping to change at line 107
<para>The word <option>dynamic</option> which makes the zone <para>The word <option>dynamic</option> which makes the zone
dynamic in that you can use the <command>shorewall add</command> dynamic in that you can use the <command>shorewall add</command>
and <command>shorewall delete</command> commands to change to and <command>shorewall delete</command> commands to change to
composition of the zone.</para> composition of the zone.</para>
</listitem> </listitem>
</orderedlist> </orderedlist>
<blockquote> <blockquote>
<para>You may also exclude certain hosts through use of an <para>You may also exclude certain hosts through use of an
<emphasis>exclusion</emphasis> (see <ulink <emphasis>exclusion</emphasis> (see <ulink
url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink> (5).</para> url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5).</para >
</blockquote> </blockquote>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">OPTIONS</emphasis> (Optional) - <term><emphasis role="bold">OPTIONS</emphasis> (Optional) -
[<emphasis>option</emphasis>[<emphasis [<emphasis>option</emphasis>[<emphasis
role="bold">,</emphasis><emphasis>option</emphasis>]...]</term> role="bold">,</emphasis><emphasis>option</emphasis>]...]</term>
<listitem> <listitem>
<para>A comma-separated list of options from the following list. The <para>A comma-separated list of options from the following list. The
order in which you list the options is not significant but the list order in which you list the options is not significant but the list
must have no embedded white-space.</para> must have no embedded white-space.</para>
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term><emphasis role="bold">blacklist</emphasis></term> <term><emphasis role="bold">blacklist</emphasis></term>
<listitem> <listitem>
<para>Check packets arriving on this port against the <ulink <para>Check packets arriving on this port against the <ulink
url="/manpages/shorewall-blacklist.html">shorewall-blacklist</ul ink>(5) url="shorewall-blacklist.html">shorewall-blacklist</ulink>(5)
file.</para> file.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">broadcast</emphasis></term> <term><emphasis role="bold">broadcast</emphasis></term>
<listitem> <listitem>
<para>Used when you want to include limited broadcasts <para>Used when you want to include limited broadcasts
(destination IP address 255.255.255.255) from the firewall to (destination IP address 255.255.255.255) from the firewall to
skipping to change at line 150 skipping to change at line 150
<orderedlist> <orderedlist>
<listitem> <listitem>
<para>The network specified in the HOST(S) column does not <para>The network specified in the HOST(S) column does not
include 255.255.255.255.</para> include 255.255.255.255.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>The zone does not have an entry for this interface <para>The zone does not have an entry for this interface
in <ulink in <ulink
url="/manpages/shorewall-interfaces.html">shorewall-interfac es</ulink>(5).</para> url="shorewall-interfaces.html">shorewall-interfaces</ulink> (5).</para>
</listitem> </listitem>
</orderedlist> </orderedlist>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">destonly</emphasis></term> <term><emphasis role="bold">destonly</emphasis></term>
<listitem> <listitem>
<para>Normally used with the Multi-cast IP address range <para>Normally used with the Multi-cast IP address range
skipping to change at line 174 skipping to change at line 174
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">ipsec</emphasis></term> <term><emphasis role="bold">ipsec</emphasis></term>
<listitem> <listitem>
<para>The zone is accessed via a kernel 2.6 ipsec SA. Note <para>The zone is accessed via a kernel 2.6 ipsec SA. Note
that if the zone named in the ZONE column is specified as an that if the zone named in the ZONE column is specified as an
IPSEC zone in the <ulink IPSEC zone in the <ulink
url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5) url="shorewall-zones.html">shorewall-zones</ulink>(5)
file then you do NOT need to specify the 'ipsec' option file then you do NOT need to specify the 'ipsec' option
here.</para> here.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">maclist</emphasis></term> <term><emphasis role="bold">maclist</emphasis></term>
<listitem> <listitem>
<para>Connection requests from these hosts are compared <para>Connection requests from these hosts are compared
against the contents of <ulink against the contents of <ulink
url="/manpages/shorewall-maclist.html">shorewall-maclist</ulink> (5). url="shorewall-maclist.html">shorewall-maclist</ulink>(5).
If this option is specified, the interface must be an Ethernet If this option is specified, the interface must be an Ethernet
NIC or equivalent and must be up before Shorewall is NIC or equivalent and must be up before Shorewall is
started.</para> started.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">mss</emphasis>=<replaceable>mss</replaceable></term> role="bold">mss</emphasis>=<replaceable>mss</replaceable></term>
skipping to change at line 217 skipping to change at line 217
<listitem> <listitem>
<para>This option only makes sense for ports on a <para>This option only makes sense for ports on a
bridge.</para> bridge.</para>
<para>Filter packets for smurfs (packets with a broadcast <para>Filter packets for smurfs (packets with a broadcast
address as the source).</para> address as the source).</para>
<para>Smurfs will be optionally logged based on the setting of <para>Smurfs will be optionally logged based on the setting of
SMURF_LOG_LEVEL in <ulink SMURF_LOG_LEVEL in <ulink
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). url="shorewall.conf.html">shorewall.conf</ulink>(5).
After logging, the packets are dropped.</para> After logging, the packets are dropped.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">routeback</emphasis></term> <term><emphasis role="bold">routeback</emphasis></term>
<listitem> <listitem>
<para>Shorewall should set up the infrastructure to pass <para>Shorewall should set up the infrastructure to pass
packets from this/these address(es) back to themselves. This packets from this/these address(es) back to themselves. This
skipping to change at line 281 skipping to change at line 281
<para>/etc/shorewall/hosts</para> <para>/etc/shorewall/hosts</para>
<para>/etc/shorewall6/hosts</para> <para>/etc/shorewall6/hosts</para>
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>See ALSO</title> <title>See ALSO</title>
<para><ulink <para><ulink
url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configur ation_file_basics.htm#Pairs</ulink></para> url="../configuration_file_basics.htm#Pairs">https://shorewall.org/configura tion_file_basics.htm#Pairs</ulink></para>
<para>shorewall(8)</para> <para>shorewall(8)</para>
</refsect1> </refsect1>
</refentry> </refentry>
 End of changes. 11 change blocks. 
11 lines changed or deleted 11 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)