![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
用到此功能時, 在 interfaces 上的 Zone 要留空
#ZONE INTERFACE BROADCAST OPTIONS
net vzbr0 192.168.123.255 tcpflags,proxyarp=1,blacklist,routeback
- venet0 -
define zones in terms of subnets and/or individual IP addresses
#ZONE HOST(S) OPTIONS
vz venet0:192.168.123.11,\
192.168.123.12,\
192.168.123.13,\
192.168.123.14 routeback
vpn ppp+:192.168.3.0/24
ZONE <-- /etc/shorewall/zones
#ZONE TYPE vz ipv4
HOST:
- host
- CIDR format
- low.address-high.address
OPTIONS:
- routeback <-- transparent proxy
- broadcast <-- destination IP address 255.255.255.255
- maclist <-- /etc/shorewall/maclist
- tcpflags <-- checked for certain illegal combinations of TCP flags
- nosmurfs <-- Filter packets for smurfs (packets with a broadcast address as the source).