"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "Samples6/Universal/interfaces.annotated" between
shorewall6-5.2.3.6.tar.bz2 and shorewall6-5.2.6.tar.bz2

About: Shorewall (The Shoreline Firewall) is an iptables based firewall Requires the Shorewall package and adds the capability to create an IPv6 firewall.

interfaces.annotated  (shorewall6-5.2.3.6.tar.bz2):interfaces.annotated  (shorewall6-5.2.6.tar.bz2)
# #
# Shorewall version 4 - Interfaces File # Shorewall version 4 - Interfaces File
# #
# For information about entries in this file, type "man shorewall-interfaces" # For information about entries in this file, type "man shorewall-interfaces"
# #
# The manpage is also online at # The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-interfaces.html # https://shorewall.org/manpages/shorewall-interfaces.html
# #
############################################################################### ###############################################################################
# #
# The interfaces file serves to define the firewall's network interfaces to # The interfaces file serves to define the firewall's network interfaces to
# Shorewall. The order of entries in this file is not significant in determining # Shorewall. The order of entries in this file is not significant in determining
# zone composition. # zone composition.
# #
# Beginning with Shorewall 4.5.3, the interfaces file supports two different # Beginning with Shorewall 4.5.3, the interfaces file supports two different
# formats: # formats:
# #
skipping to change at line 54 skipping to change at line 54
# Example: # Example:
# #
# #ZONE INTERFACE BROADCAST # #ZONE INTERFACE BROADCAST
# loc eth1 - # loc eth1 -
# loc eth2 - # loc eth2 -
# #
# INTERFACE - interface[:port] # INTERFACE - interface[:port]
# #
# Logical name of interface. Each interface may be listed only once in this # Logical name of interface. Each interface may be listed only once in this
# file. You may NOT specify the name of a "virtual" interface (e.g., eth0:0) # file. You may NOT specify the name of a "virtual" interface (e.g., eth0:0)
# here; see http://www.shorewall.net/FAQ.htm#faq18. If the physical option i s # here; see https://shorewall.org/FAQ.htm#faq18. If the physical option is
# not specified, then the logical name is also the name of the actual # not specified, then the logical name is also the name of the actual
# interface. # interface.
# #
# You may use wildcards here by specifying a prefix followed by the plus sig n # You may use wildcards here by specifying a prefix followed by the plus sig n
# ("+"). For example, if you want to make an entry that applies to all PPP # ("+"). For example, if you want to make an entry that applies to all PPP
# interfaces, use 'ppp+'; that would match ppp0, ppp1, ppp2, … # interfaces, use 'ppp+'; that would match ppp0, ppp1, ppp2, …
# #
# When using Shorewall versions before 4.1.4, care must be exercised when # When using Shorewall versions before 4.1.4, care must be exercised when
# using wildcards where there is another zone that uses a matching specific # using wildcards where there is another zone that uses a matching specific
# interface. See shorewall-nesting(5) for a discussion of this problem. # interface. See shorewall-nesting(5) for a discussion of this problem.
skipping to change at line 358 skipping to change at line 358
# #
# Limit the zone named in the ZONE column to only the listed networks. # Limit the zone named in the ZONE column to only the listed networks.
# The parentheses may be omitted if only a single net is given (e.g., # The parentheses may be omitted if only a single net is given (e.g.,
# nets=192.168.1.0/24). Limited broadcast to the zone is supported. # nets=192.168.1.0/24). Limited broadcast to the zone is supported.
# Beginning with Shorewall 4.4.1, multicast traffic to the zone is also # Beginning with Shorewall 4.4.1, multicast traffic to the zone is also
# supported. # supported.
# #
# nets=dynamic # nets=dynamic
# #
# Defines the zone as dynamic. Requires ipset match support in your # Defines the zone as dynamic. Requires ipset match support in your
# iptables and kernel. See http://www.shorewall.net/Dynamic.html for # iptables and kernel. See https://shorewall.org/Dynamic.html for furthe
# further information. r
# information.
# #
# nodbl # nodbl
# #
# Added in Shorewall 5.0.8. When specified, dynamic blacklisting is # Added in Shorewall 5.0.8. When specified, dynamic blacklisting is
# disabled on the interface. Beginning with Shorewall 5.0.10, nodbl is # disabled on the interface. Beginning with Shorewall 5.0.10, nodbl is
# equivalent to dbl=none. # equivalent to dbl=none.
# #
# nosmurfs # nosmurfs
# #
# IPv4 only. Filter packets for smurfs (packets with a broadcast address # IPv4 only. Filter packets for smurfs (packets with a broadcast address
# as the source). # as the source).
# #
# Smurfs will be optionally logged based on the setting of # Smurfs will be optionally logged based on the setting of
# SMURF_LOG_LEVEL in shorewall.conf(5). After logging, the packets are # SMURF_LOG_LEVEL in shorewall.conf(5). After logging, the packets are
# dropped. # dropped.
# #
# optional # optional
# #
# This option indicates that the firewall should be able to start, even
# if the interface is not usable for handling traffic. It allows use of
# the enable and disable commands on the interface.
#
# When optional is specified for an interface, Shorewall will be silent # When optional is specified for an interface, Shorewall will be silent
# when: # when:
# #
# ☆ a /proc/sys/net/ipv[46]/conf/ entry for the interface cannot be # ☆ a /proc/sys/net/ipv[46]/conf/ entry for the interface cannot be
# modified (including for proxy ARP or proxy NDP). # modified (including for proxy ARP or proxy NDP).
# #
# ☆ The first address of the interface cannot be obtained. # ☆ The first address of the interface cannot be obtained.
# #
# ☆ The gateway of the interface can not be obtained (provider
# interface).
#
# ☆ The interface has been disabled using the disable command.
#
# May not be specified with required. # May not be specified with required.
# #
# physical=name # physical=name
# #
# Added in Shorewall 4.4.4. When specified, the interface or port name i n # Added in Shorewall 4.4.4. When specified, the interface or port name i n
# the INTERFACE column is a logical name that refers to the name given i n # the INTERFACE column is a logical name that refers to the name given i n
# this option. It is useful when you want to specify the same wildcard # this option. It is useful when you want to specify the same wildcard
# port name on two or more bridges. See http://www.shorewall.net/ # port name on two or more bridges. See https://shorewall.org/
# bridge-Shorewall-perl.html#Multiple. # bridge-Shorewall-perl.html#Multiple.
# #
# If the interface name is a wildcard name (ends with '+'), then the # If the interface name is a wildcard name (ends with '+'), then the
# physical name must also end in '+'. The physical name may end in '+' # physical name must also end in '+'. The physical name may end in '+'
# (or be exactly '+') when the interface name is not a wildcard name. # (or be exactly '+') when the interface name is not a wildcard name.
# #
# If physical is not specified, then it's value defaults to the interfac e # If physical is not specified, then it's value defaults to the interfac e
# name. # name.
# #
# proxyarp[={0|1}] # proxyarp[={0|1}]
skipping to change at line 577 skipping to change at line 586
# optional # optional
# physical # physical
# routefilter # routefilter
# proxyarp # proxyarp
# proxyudp # proxyudp
# sourceroute # sourceroute
# #
# upnp # upnp
# #
# Incoming requests from this interface may be remapped via UPNP (upnpd) . # Incoming requests from this interface may be remapped via UPNP (upnpd) .
# See http://www.shorewall.net/UPnP.html. Supported in IPv4 and in IPv6 # See https://shorewall.org/UPnP.html. Supported in IPv4 and in IPv6 in
# in Shorewall 5.1.4 and later. # Shorewall 5.1.4 and later.
# #
# upnpclient # upnpclient
# #
# This option is intended for laptop users who always run Shorewall on # This option is intended for laptop users who always run Shorewall on
# their system yet need to run UPnP-enabled client apps such as # their system yet need to run UPnP-enabled client apps such as
# Transmission (BitTorrent client). The option causes Shorewall to detec t # Transmission (BitTorrent client). The option causes Shorewall to detec t
# the default gateway through the interface and to accept UDP packets # the default gateway through the interface and to accept UDP packets
# from that gateway. Note that, like all aspects of UPnP, this is a # from that gateway. Note that, like all aspects of UPnP, this is a
# security hole so use this option at your own risk. Supported in IPv4 # security hole so use this option at your own risk. Supported in IPv4
# and in IPv6 in Shorewall 5.1.4 and later. # and in IPv6 in Shorewall 5.1.4 and later.
 End of changes. 7 change blocks. 
7 lines changed or deleted 17 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)