# # Shorewall 1.4 - /etc/shorewall/hosts # # THERE ARE TWO CASES WHERE YOU NEED THIS FILE: # # 1) YOU HAVE MULTIPLE NETWORKS IN THE SAME ZONE CONNECTED TO # A SINGLE INTERFACE AND YOU WANT THE SHOREWALL BOX TO ROUTE # BETWEEN THESE NETWORKS. # # 2) YOU HAVE MORE THAN ONE ZONE CONNECTED THROUGH A SINGLE # INTERFACE. # # IF YOU DON'T HAVE EITHER OF THESE SITUATIONS THEN DON'T TOUCH # THIS FILE. # # This file is used to define zones in terms of subnets and/or # individual IP addresses. Most simple setups don't need to # (should not) place anything in this file. # # ZONE - The name of a zone defined in /etc/shorewall/zones # # HOST(S) - The name of an interface followed by a colon (":") and # a comma-separated list whose elements are either: # # a) The IP address of a host # b) A subnetwork in the form # / # # The interface must be defined in the # /etc/shorewall/interfaces file. # # Examples: # # eth1:192.168.1.3 # eth2:192.168.2.0/24 # eth3:192.168.2.0/24,192.168.3.1 # # OPTIONS - A comma-separated list of options. Currently-defined # options are: # # maclist - Connection requests from these hosts # are compared against the contents of # /etc/shorewall/maclist. If this option # is specified, the interface must be # an ethernet NIC and must be up before # Shorewall is started. # # routeback - Shorewall show set up the infrastructure # to pass packets from this/these # address(es) back to themselves. This is # necessary of hosts in this group use the # services of a transparent proxy that is # a member of the group or if DNAT is used # to send requests originating from this # group to a server in the group. # # #ZONE HOST(S) OPTIONS vpn %s:%s/%s net %s:0.0.0.0/0 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE