"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "manpages/shorewall-nesting.xml" between
shorewall-docs-xml-5.2.3.6.tar.bz2 and shorewall-docs-xml-5.2.6.tar.bz2

About: Shorewall (The Shoreline Firewall) is an iptables based firewall (documentation; XML)

shorewall-nesting.xml  (shorewall-docs-xml-5.2.3.6.tar.bz2):shorewall-nesting.xml  (shorewall-docs-xml-5.2.6.tar.bz2)
skipping to change at line 30 skipping to change at line 30
<cmdsynopsis> <cmdsynopsis>
<arg choice="plain" <arg choice="plain"
rep="norepeat"><replaceable>child-zone</replaceable>[:<replaceable>parent- zone</replaceable>[,<replaceable>parent-zone</replaceable>]...]</arg> rep="norepeat"><replaceable>child-zone</replaceable>[:<replaceable>parent- zone</replaceable>[,<replaceable>parent-zone</replaceable>]...]</arg>
</cmdsynopsis> </cmdsynopsis>
</refsynopsisdiv> </refsynopsisdiv>
<refsect1> <refsect1>
<title>Description</title> <title>Description</title>
<para>In <ulink <para>In <ulink
url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5), a zone url="shorewall-zones.html">shorewall-zones</ulink>(5), a zone
may be declared to be a sub-zone of one or more other zones using the may be declared to be a sub-zone of one or more other zones using the
above syntax. The <replaceable>child-zone</replaceable> may be neither the above syntax. The <replaceable>child-zone</replaceable> may be neither the
firewall zone nor a vserver zone. The firewall zone may not appear as a firewall zone nor a vserver zone. The firewall zone may not appear as a
parent zone, although all vserver zones are handled as sub-zones of the parent zone, although all vserver zones are handled as sub-zones of the
firewall zone.</para> firewall zone.</para>
<para>Where zones are nested, the CONTINUE policy in <ulink <para>Where zones are nested, the CONTINUE policy in <ulink
url="/manpages/shorewall-policy.html">shorewall-policy</ulink>(5) allows url="shorewall-policy.html">shorewall-policy</ulink>(5) allows
hosts that are within multiple zones to be managed under the rules of all hosts that are within multiple zones to be managed under the rules of all
of these zones.</para> of these zones.</para>
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>Example</title> <title>Example</title>
<para><filename>/etc/shorewall/zones</filename>:</para> <para><filename>/etc/shorewall/zones</filename>:</para>
<programlisting> #ZONE TYPE OPTION <programlisting> #ZONE TYPE OPTION
skipping to change at line 81 skipping to change at line 81
net all DROP info net all DROP info
all all REJECT info</programlisting> all all REJECT info</programlisting>
<para>The second entry above says that when Sam is the client, connection <para>The second entry above says that when Sam is the client, connection
requests should first be processed under rules where the source zone is requests should first be processed under rules where the source zone is
sam and if there is no match then the connection request should be treated sam and if there is no match then the connection request should be treated
under rules where the source zone is net. It is important that this policy under rules where the source zone is net. It is important that this policy
be listed BEFORE the next policy (net to all). You can have this policy be listed BEFORE the next policy (net to all). You can have this policy
generated for you automatically by using the IMPLICIT_CONTINUE option in generated for you automatically by using the IMPLICIT_CONTINUE option in
<ulink <ulink
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para> url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
<para>Partial <filename>/etc/shorewall/rules</filename>:</para> <para>Partial <filename>/etc/shorewall/rules</filename>:</para>
<programlisting> #ACTION SOURCE DEST PROTO DPORT <programlisting> #ACTION SOURCE DEST PROTO DPORT
... ...
DNAT sam loc:192.168.1.3 tcp ssh DNAT sam loc:192.168.1.3 tcp ssh
DNAT net loc:192.168.1.5 tcp www DNAT net loc:192.168.1.5 tcp www
...</programlisting> ...</programlisting>
<para>Given these two rules, Sam can connect to the firewall's internet <para>Given these two rules, Sam can connect to the firewall's internet
 End of changes. 3 change blocks. 
3 lines changed or deleted 3 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)