Shorewall Terminology And Concepts; Zones; Interfaces - RuggedCom RuggedRouter RX1000 User Manual

ShoreWall Terminology And Concepts

This section provides background on various Shorewall terms and concepts.
References are made to the section where configuration applies.

Zones

A network zone is a collection of interfaces, for which forwarding decisions are made,
for example:
Name
net
loc
dmz
fw
vpn1
vpn2
You may create new zones if you wish. For example if all of your Ethernet interfaces
are part of the local network zone, disallowing traffic from the Internet zone to the
local zone will disallow it to all Ethernet interfaces. If you wanted some interfaces
(but not others) to access the Internet, you could create another zone.
Zones are defined in the file /etc/shorewall/zones and are modified from the Network
Zones menu.

Interfaces

Shorewall Interfaces are simply the Ethernet and WAN interfaces available to the
router. You must place each interface into a network zone.
If an interface supports more than one subnet, place the interface in zone 'Any' and use
the zone hosts setup (see below) to define a zone for each subnet on the interface.
An example follows:
Interface
eth1
eth2
eth3
eth4
w1ppp
Note: In order to improve security the router will create a zone "unusd" and unused
interfaces to this zone when Shorewall starts. A
from "unusd" to all other zones.
Interfaces are defined in the file /etc/shorewall/interfaces and are modified from the
Network Interfaces menu.
RuggedCom
Description
The Internet
Your Local Network
Demilitarized Zone
The firewall itself
IPSec connections on w1ppp
IPSec connections on w2ppp
Zone
loc
loc
Any
dmz
net
Chapter 13 - Configuring The Firewall
policy is also installed that blocks access
113