HEX
Server: Apache/2.4.65 (Debian)
System: Linux web6 5.10.0-36-amd64 #1 SMP Debian 5.10.244-1 (2025-09-29) x86_64
User: innocamp (1028)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
$ pwd: /usr/share/shorewall/configfiles/
Upload Files
File: //usr/share/shorewall/configfiles/hosts.annotated
#
# Shorewall -- /etc/shorewall/hosts
#
# For information about entries in this file, type "man shorewall-hosts"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-hosts.html
#
###############################################################################
# 
# This file is used to define zones in terms of subnets and/or individual IP
# addresses. Most simple setups don't need to (should not) place anything in this
# file.
# 
# The order of entries in this file is not significant in determining zone
# composition. Rather, the order that the zones are declared in shorewall-zones
# (5) determines the order in which the records in this file are interpreted.
# 
# Warning
# 
# The only time that you need this file is when you have more than one zone
# connected through a single interface.
# 
# Warning
# 
# If you have an entry for a zone and interface in shorewall-interfaces(5) then
# do not include any entries in this file for that same (zone, interface) pair.
# 
# The columns in the file are as follows.
# 
# ZONE - zone-name
# 
#     The name of a zone declared in shorewall-zones(5). You may not list the
#     firewall zone in this column.
# 
# HOST(S) - interface:{[{address-or-range[,address-or-range]...|+ipset|dynamic}[
#     exclusion]
# 
#     The name of an interface defined in the shorewall-interfaces(5) file
#     followed by a colon (":") and a comma-separated list whose elements are
#     either:
# 
#      a. The IP address of a host.
# 
#      b. A network in CIDR format.
# 
#      c. An IP address range of the form low.address-high.address. Your kernel
#         and iptables must have iprange match support.
# 
#      d. The name of an ipset.
# 
#      e. The word dynamic which makes the zone dynamic in that you can use the 
#         shorewall add and shorewall delete commands to change to composition of
#         the zone.
# 
#         You may also exclude certain hosts through use of an exclusion (see
#         shorewall-exclusion(5).
# 
# OPTIONS (Optional) - [option[,option]...]
# 
#     A comma-separated list of options from the following list. The order in
#     which you list the options is not significant but the list must have no
#     embedded white-space.
# 
#     blacklist
# 
#         Check packets arriving on this port against the shorewall-blacklist(5)
#         file.
# 
#     broadcast
# 
#         Used when you want to include limited broadcasts (destination IP
#         address 255.255.255.255) from the firewall to this zone. Only necessary
#         when:
# 
#          1. The network specified in the HOST(S) column does not include
#             255.255.255.255.
# 
#          2. The zone does not have an entry for this interface in
#             shorewall-interfaces(5).
# 
#     destonly
# 
#         Normally used with the Multi-cast IP address range (224.0.0.0/4).
#         Specifies that traffic will be sent to the specified net(s) but that no
#         traffic will be received from the net(s).
# 
#     ipsec
# 
#         The zone is accessed via a kernel 2.6 ipsec SA. Note that if the zone
#         named in the ZONE column is specified as an IPSEC zone in the
#         shorewall-zones(5) file then you do NOT need to specify the 'ipsec'
#         option here.
# 
#     maclist
# 
#         Connection requests from these hosts are compared against the contents
#         of shorewall-maclist(5). If this option is specified, the interface
#         must be an Ethernet NIC or equivalent and must be up before Shorewall
#         is started.
# 
#     mss=mss
# 
#         Added in Shorewall 4.5.2. When present, causes the TCP mss for new
#         connections to/from the hosts given in the HOST(S) column to be clamped
#         at the specified mss.
# 
#     nosmurfs
# 
#         This option only makes sense for ports on a bridge.
# 
#         Filter packets for smurfs (packets with a broadcast address as the
#         source).
# 
#         Smurfs will be optionally logged based on the setting of
#         SMURF_LOG_LEVEL in shorewall.conf(5). After logging, the packets are
#         dropped.
# 
#     routeback
# 
#         Shorewall should set up the infrastructure to pass packets from this/
#         these address(es) back to themselves. This is necessary if hosts in
#         this group use the services of a transparent proxy that is a member of
#         the group or if DNAT is used to send requests originating from this
#         group to a server in the group.
# 
#     tcpflags
# 
#         Packets arriving from these hosts are checked for certain illegal
#         combinations of TCP flags. Packets found to have such a combination of
#         flags are handled according to the setting of TCP_FLAGS_DISPOSITION
#         after having been logged according to the setting of
#         TCP_FLAGS_LOG_LEVEL.
# 
# Examples
# 
# Example 1
# 
#     The firewall runs a PPTP server which creates a ppp interface for each
#     remote client. The clients are assigned IP addresses in the network
#     192.168.3.0/24 and in a zone named 'vpn'.
# 
#     #ZONE       HOST(S)               OPTIONS
#     vpn         ppp+:192.168.3.0/24
# 
###############################################################################
#ZONE		HOSTS				OPTIONS
@ Telegram