Chapter 13 - Configuring The Firewall
The norfc1918 option causes packets arriving on this interface and that have a source
or destination address that is reserved in RFC 1918 to be dropped after being
optionally logged.
The nobogons option causes packets arriving on this interface that have a source
address reserved by the IANA or by other RFCs (other than 1918) to be dropped after
being optionally logged.
The routefilter option invokes the Kernel's route filtering (anti-spoofing) facility on
this interface. The kernel will reject any packets incoming on this interface that have a
source address that would be routed outbound through another interface on the
firewall.
The proxyarp option causes Shorewall to set proxy arp for the interface. Do not set
this option if implementing Proxy ARP through entries in /etc/shorewall/proxarp.
The maclist option causes all connection requests received on this interface to be
subject to MAC address verification. May only be specified for Ethernet interfaces.
The nosmurfs option causes incoming connection requests to be checked to ensure
that they do not have a broadcast or multicast address as their source. Any such
packets will be dropped after being optionally logged according to the setting of
SMURF_LOG_LEVEL in /etc/shorewall/shorewall.conf.
The logmartians option causes the martian logging facility will be enabled on this
interface. See also the LOG_MARTIANS option in /etc/shorewall/shorewall.conf.
Network Zone Hosts
Figure 103: Firewall Zone Hosts
This menu allows you to add, delete and configure interfaces hosting multiple zones.
Add a new zone host by selecting the “Add a new zone host” link or by clicking on
the add-above or add-below images in the Add field. Reorder the hosts by clicking on
the arrows under the Move field.
The Zone field selects a zone that will correspond to a subnet on the interface in
question. The Interface field describes that interface and the IP address or network
field describes the subnet.
Selecting the IPSEC zone Host Option field will identify that the traffic to host in
this zone is encrypted.
The Save and Delete buttons will allow you to edit or delete the zone host. You may
also make changes by manually editing the policy
RuggedCom 123