(The Shoreline Firewall) is an iptables based firewall Requires the Shorewall package and adds the capability to create an IPv6 firewall.
| interfaces.annotated (shorewall6-5.2.3.6.tar.bz2) | : | interfaces.annotated (shorewall6-5.2.6.tar.bz2) |
|---|
| # | | # |
| # Shorewall version 4 - Interfaces File | | # Shorewall version 4 - Interfaces File |
| # | | # |
| # For information about entries in this file, type "man shorewall-interfaces" | | # For information about entries in this file, type "man shorewall-interfaces" |
| # | | # |
| # The manpage is also online at | | # The manpage is also online at |
|
| # http://www.shorewall.net/manpages/shorewall-interfaces.html | | # https://shorewall.org/manpages/shorewall-interfaces.html |
| # | | # |
| ############################################################################### | | ############################################################################### |
| # | | # |
| # The interfaces file serves to define the firewall's network interfaces to | | # The interfaces file serves to define the firewall's network interfaces to |
| # Shorewall. The order of entries in this file is not significant in determining | | # Shorewall. The order of entries in this file is not significant in determining |
| # zone composition. | | # zone composition. |
| # | | # |
| # Beginning with Shorewall 4.5.3, the interfaces file supports two different | | # Beginning with Shorewall 4.5.3, the interfaces file supports two different |
| # formats: | | # formats: |
| # | | # |
| | |
| skipping to change at line 54 | | skipping to change at line 54 |
|---|
| # Example: | | # Example: |
| # | | # |
| # #ZONE INTERFACE BROADCAST | | # #ZONE INTERFACE BROADCAST |
| # loc eth1 - | | # loc eth1 - |
| # loc eth2 - | | # loc eth2 - |
| # | | # |
| # INTERFACE - interface[:port] | | # INTERFACE - interface[:port] |
| # | | # |
| # Logical name of interface. Each interface may be listed only once in this | | # Logical name of interface. Each interface may be listed only once in this |
| # file. You may NOT specify the name of a "virtual" interface (e.g., eth0:0) | | # file. You may NOT specify the name of a "virtual" interface (e.g., eth0:0) |
|
| # here; see http://www.shorewall.net/FAQ.htm#faq18. If the physical option i
s | | # here; see https://shorewall.org/FAQ.htm#faq18. If the physical option is |
| # not specified, then the logical name is also the name of the actual | | # not specified, then the logical name is also the name of the actual |
| # interface. | | # interface. |
| # | | # |
| # You may use wildcards here by specifying a prefix followed by the plus sig
n | | # You may use wildcards here by specifying a prefix followed by the plus sig
n |
| # ("+"). For example, if you want to make an entry that applies to all PPP | | # ("+"). For example, if you want to make an entry that applies to all PPP |
| # interfaces, use 'ppp+'; that would match ppp0, ppp1, ppp2, … | | # interfaces, use 'ppp+'; that would match ppp0, ppp1, ppp2, … |
| # | | # |
| # When using Shorewall versions before 4.1.4, care must be exercised when | | # When using Shorewall versions before 4.1.4, care must be exercised when |
| # using wildcards where there is another zone that uses a matching specific | | # using wildcards where there is another zone that uses a matching specific |
| # interface. See shorewall-nesting(5) for a discussion of this problem. | | # interface. See shorewall-nesting(5) for a discussion of this problem. |
| | |
| skipping to change at line 358 | | skipping to change at line 358 |
|---|
| # | | # |
| # Limit the zone named in the ZONE column to only the listed networks. | | # Limit the zone named in the ZONE column to only the listed networks. |
| # The parentheses may be omitted if only a single net is given (e.g., | | # The parentheses may be omitted if only a single net is given (e.g., |
| # nets=192.168.1.0/24). Limited broadcast to the zone is supported. | | # nets=192.168.1.0/24). Limited broadcast to the zone is supported. |
| # Beginning with Shorewall 4.4.1, multicast traffic to the zone is also | | # Beginning with Shorewall 4.4.1, multicast traffic to the zone is also |
| # supported. | | # supported. |
| # | | # |
| # nets=dynamic | | # nets=dynamic |
| # | | # |
| # Defines the zone as dynamic. Requires ipset match support in your | | # Defines the zone as dynamic. Requires ipset match support in your |
|
| # iptables and kernel. See http://www.shorewall.net/Dynamic.html for | | # iptables and kernel. See https://shorewall.org/Dynamic.html for furthe |
| # further information. | | r |
| | # information. |
| # | | # |
| # nodbl | | # nodbl |
| # | | # |
| # Added in Shorewall 5.0.8. When specified, dynamic blacklisting is | | # Added in Shorewall 5.0.8. When specified, dynamic blacklisting is |
| # disabled on the interface. Beginning with Shorewall 5.0.10, nodbl is | | # disabled on the interface. Beginning with Shorewall 5.0.10, nodbl is |
| # equivalent to dbl=none. | | # equivalent to dbl=none. |
| # | | # |
| # nosmurfs | | # nosmurfs |
| # | | # |
| # IPv4 only. Filter packets for smurfs (packets with a broadcast address | | # IPv4 only. Filter packets for smurfs (packets with a broadcast address |
| # as the source). | | # as the source). |
| # | | # |
| # Smurfs will be optionally logged based on the setting of | | # Smurfs will be optionally logged based on the setting of |
| # SMURF_LOG_LEVEL in shorewall.conf(5). After logging, the packets are | | # SMURF_LOG_LEVEL in shorewall.conf(5). After logging, the packets are |
| # dropped. | | # dropped. |
| # | | # |
| # optional | | # optional |
| # | | # |
|
| | # This option indicates that the firewall should be able to start, even |
| | # if the interface is not usable for handling traffic. It allows use of |
| | # the enable and disable commands on the interface. |
| | # |
| # When optional is specified for an interface, Shorewall will be silent | | # When optional is specified for an interface, Shorewall will be silent |
| # when: | | # when: |
| # | | # |
| # ☆ a /proc/sys/net/ipv[46]/conf/ entry for the interface cannot be | | # ☆ a /proc/sys/net/ipv[46]/conf/ entry for the interface cannot be |
| # modified (including for proxy ARP or proxy NDP). | | # modified (including for proxy ARP or proxy NDP). |
| # | | # |
| # ☆ The first address of the interface cannot be obtained. | | # ☆ The first address of the interface cannot be obtained. |
| # | | # |
|
| | # ☆ The gateway of the interface can not be obtained (provider |
| | # interface). |
| | # |
| | # ☆ The interface has been disabled using the disable command. |
| | # |
| # May not be specified with required. | | # May not be specified with required. |
| # | | # |
| # physical=name | | # physical=name |
| # | | # |
| # Added in Shorewall 4.4.4. When specified, the interface or port name i
n | | # Added in Shorewall 4.4.4. When specified, the interface or port name i
n |
| # the INTERFACE column is a logical name that refers to the name given i
n | | # the INTERFACE column is a logical name that refers to the name given i
n |
| # this option. It is useful when you want to specify the same wildcard | | # this option. It is useful when you want to specify the same wildcard |
|
| # port name on two or more bridges. See http://www.shorewall.net/ | | # port name on two or more bridges. See https://shorewall.org/ |
| # bridge-Shorewall-perl.html#Multiple. | | # bridge-Shorewall-perl.html#Multiple. |
| # | | # |
| # If the interface name is a wildcard name (ends with '+'), then the | | # If the interface name is a wildcard name (ends with '+'), then the |
| # physical name must also end in '+'. The physical name may end in '+' | | # physical name must also end in '+'. The physical name may end in '+' |
| # (or be exactly '+') when the interface name is not a wildcard name. | | # (or be exactly '+') when the interface name is not a wildcard name. |
| # | | # |
| # If physical is not specified, then it's value defaults to the interfac
e | | # If physical is not specified, then it's value defaults to the interfac
e |
| # name. | | # name. |
| # | | # |
| # proxyarp[={0|1}] | | # proxyarp[={0|1}] |
| | |
| skipping to change at line 577 | | skipping to change at line 586 |
|---|
| # optional | | # optional |
| # physical | | # physical |
| # routefilter | | # routefilter |
| # proxyarp | | # proxyarp |
| # proxyudp | | # proxyudp |
| # sourceroute | | # sourceroute |
| # | | # |
| # upnp | | # upnp |
| # | | # |
| # Incoming requests from this interface may be remapped via UPNP (upnpd)
. | | # Incoming requests from this interface may be remapped via UPNP (upnpd)
. |
|
| # See http://www.shorewall.net/UPnP.html. Supported in IPv4 and in IPv6 | | # See https://shorewall.org/UPnP.html. Supported in IPv4 and in IPv6 in |
| # in Shorewall 5.1.4 and later. | | # Shorewall 5.1.4 and later. |
| # | | # |
| # upnpclient | | # upnpclient |
| # | | # |
| # This option is intended for laptop users who always run Shorewall on | | # This option is intended for laptop users who always run Shorewall on |
| # their system yet need to run UPnP-enabled client apps such as | | # their system yet need to run UPnP-enabled client apps such as |
| # Transmission (BitTorrent client). The option causes Shorewall to detec
t | | # Transmission (BitTorrent client). The option causes Shorewall to detec
t |
| # the default gateway through the interface and to accept UDP packets | | # the default gateway through the interface and to accept UDP packets |
| # from that gateway. Note that, like all aspects of UPnP, this is a | | # from that gateway. Note that, like all aspects of UPnP, this is a |
| # security hole so use this option at your own risk. Supported in IPv4 | | # security hole so use this option at your own risk. Supported in IPv4 |
| # and in IPv6 in Shorewall 5.1.4 and later. | | # and in IPv6 in Shorewall 5.1.4 and later. |
| | | |
| End of changes. 7 change blocks. |
|---|
| 7 lines changed or deleted | | 17 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 