Menu
▾
▴
RE: [webmin-l] Shorewall module
|
From: Steve P. <sys...@nw...> - 2005-12-06 00:18:53
|
HI Jamie, The change I've noticed so far is in the 'Zones Setup'. Shorewall 2: ZoneID Display Name Description WAN WAN Link ti I'net Shorewall 3: Zone Type Options In Options Out Options WAN ipv4 Basically, the ZoneID is now also the Display Name, plus there's a list = of other options. I've included the default 'zones' file from 3.0.2 Interfaces and hosts seems the same, haven't dug much deeper as I can't select a zone for rules or policies! Cheers, Steve P. #########################################################################= ### #############3 # Shorewall version 3.0 - Zones File # # /etc/shorewall/zones # # This file determines your network zones. # # Columns are: # # ZONE Short name of the zone (5 Characters or less in length). # The names "all" and "none" are reserved and may not be # used as zone names. # # Where a zone is nested in one or more other zones, # you may follow the (sub)zone name by ":" and a # comma-separated list of the parent zones. The parent # zones must have been defined in earlier records in this # file. # # Example: # # #ZONE TYPE OPTIONS # a ipv4 # b ipv4 # c:a,b ipv4 # # Currently, Shorewall uses this information only to reorder the # zone list so that parent zones appear after their subzones in # the list. In the future, Shorewall may make more extensive use # of that information. # # TYPE ipv4 - This is the standard Shorewall zone type and is the # default if you leave this column empty or if you enter # "-" in the column. Communication with some zone hosts # may be encrypted. Encrypted hosts are designated using # the 'ipsec'option in /etc/shorewall/hosts. # ipsec - Communication with all zone hosts is encrypted # Your kernel and iptables must include policy # match support. # firewall # - Designates the firewall itself. You must have # exactly one 'firewall' zone. No options are # permitted with a 'firewall' zone. The name that you # enter in the ZONE column will be stored in the shell # variable $FW which you may use in other configuration # files to designate the firewall zone. # # OPTIONS, A comma-separated list of options as follows: # IN OPTIONS, # OUT OPTIONS reqid=3D<number> where <number> is specified # using setkey(8) using the 'unique:<number> # option for the SPD level. # # spi=3D<number> where <number> is the SPI of # the SA used to encrypt/decrypt packets. # # proto=3Dah|esp|ipcomp # # mss=3D<number> (sets the MSS field in TCP packets) # # mode=3Dtransport|tunnel # # tunnel-src=3D<address>[/<mask>] (only # available with mode=3Dtunnel) # # tunnel-dst=3D<address>[/<mask>] (only # available with mode=3Dtunnel) # # strict Means that packets must match all rules. # # next Separates rules; can only be used with # strict.. # # Example: # mode=3Dtransport,reqid=3D44 # # The options in the OPTIONS column are applied to both incoming # and outgoing traffic. The IN OPTIONS are applied to incoming # traffic (in addition to OPTIONS) and the OUT OPTIONS are # applied to outgoing traffic. # # If you wish to leave a column empty but need to make an entry # in a following column, use "-". #------------------------------------------------------------------------= --- --- # Example zones: # # You have a three interface firewall with internet, local and DMZ # interfaces. # # #ZONE TYPE OPTIONS IN OUT # # OPTIONS OPTIONS # fw firewall # net # loc # dmz # # # For more information, see = http://www.shorewall.net/Documentation.htm#Zones # #########################################################################= ### ### #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall WAN ipv4 LAN ipv4 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE -----Original Message----- From: web...@li... [mailto:web...@li...] On Behalf Of Jamie Cameron Sent: December 6, 2005 8:04 AM To: web...@li... Subject: Re: [webmin-l] Shorewall module Hi Steve, I am maintaining the Shorewall module (as it is one of the core = modules), but I didn't know that version 3 was out. Do know what changes were made in the config file formats between = versions 2 and 3 that Webmin doesn't yet support? If I had that information, adding version 3 support should be simple.. - Jamie -----Original Message----- From: "Steve Pritchard" <sys...@nw...> Subj: [webmin-l] Shorewall module Date: Tue 6 Dec 2005 5:11 am Size: 769 bytes To: <web...@li...> I've noticed that the Shorewall firewall module for WebMin does not = match the changes in Shorewall 3.02. I'm curious whether there's any plans or timelines to update the mod? I'm not sure who the maintainer is, so = thought I'd post here... Regards, Steve P. ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log = files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=3D7637&alloc_id=3D16865&op=3Dclick - Forwarded by the Webmin mailing list at = web...@li... To remove yourself from this list, go to http://lists.sourceforge.net/lists/listinfo/webadmin-list ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log = files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=3D7637&alloc_id=3D16865&op=3Dclick - Forwarded by the Webmin mailing list at = web...@li... To remove yourself from this list, go to http://lists.sourceforge.net/lists/listinfo/webadmin-list |
