From c1b973a39a5be58eb4465603b971235ed7fedd4d Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Sat, 24 Feb 2024 15:03:05 -0300
Subject: Feat: migrate docs from Ikiwiki to MkDocs

---
 firewall.md | 78 -------------------------------------------------------------
 1 file changed, 78 deletions(-)
 delete mode 100644 firewall.md

(limited to 'firewall.md')

diff --git a/firewall.md b/firewall.md
deleted file mode 100644
index a76a114..0000000
--- a/firewall.md
+++ /dev/null
@@ -1,78 +0,0 @@
-[[!toc levels=4]]
-
-Configuração do shorewall 
-=========================
-
-De início, instale o shorewall:
-
-    apt-get install shorewall
-
-É necessário que o iptables esteja configurado para encaminhar os pacotes de uma porta externa para os vservers. As seguinte diretiva precisa ser alterada na configuração original no arquivo `/etc/shorewall/shorewall.conf`:
-
-    IP_FORWARDING=Yes
-
-O arquivo `/etc/shorewall/interfaces` deve conter a interface de rede:
-
-    #ZONE   INTERFACE       BROADCAST       OPTIONS
-    - eth0 detect tcpflags,blacklist,routefilter,nosmurfs,logmartians,norfc1918
-    #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
-
-O arquivo `/etc/shorewall/zones` deve conter as zonas da rede:
-
-    ###############################################################################
-    #ZONE   TYPE            OPTIONS         IN                      OUT
-    #                                       OPTIONS                 OPTIONS
-    fw      firewall
-    vm      ipv4
-    net     ipv4
-    #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
-
-O arquivo `/etc/shorewall/hosts` associa zonas a subredes:
-
-    #ZONE   HOST(S)                                 OPTIONS
-    vm      eth0:192.168.0.0/24
-    net     eth0:0.0.0.0/0
-    #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE
-
-O arquivo `/etc/shorewall/policy` define as regras para tráfego de pacotes:
-
-    ###############################################################################
-    #SOURCE         DEST            POLICY          LOG             LIMIT:BURST
-    #                                               LEVEL
-    vm              net             ACCEPT
-    $FW             net             ACCEPT
-    $FW             vm              ACCEPT
-    net             all             DROP            info
-    # THE FOLLOWING POLICY MUST BE LAST
-    all             all             REJECT          info
-    #LAST LINE -- DO NOT REMOVE
-
-E o arquivo `/etc/shorewall/rules` define exceções às regras gerais:
-
-    ################################################################
-    #ACTION         SOURCE          DEST            PROTO   DEST
-    SSH/ACCEPT      net             $FW
-    Ping/ACCEPT     net             $FW
-    HTTP/ACCEPT     net             $FW
-    HTTPS/ACCEPT    net             $FW
-    #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
-
-Adicionamos máscaras NAT aos pacotes da rede interna através do `/etc/shorewall/masq`:
-
-    ###############################################################################
-    #INTERFACE              SOURCE          ADDRESS         PROTO   PORT(S) IPSEC   MARK
-    eth0:!192.168.0.0/24    192.168.0.0/24
-    #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
-
-Habilite o shorewall mudando o valor de startup de `/etc/default/shorewall` para `1`:
-
-    startup=1
-
-Finalmente podemos ligar o shorewall:
-
-    /etc/init.d/shorewall start
-
-Shorewall e Puppet 
-==================
-
-Uma vez que um nodo [puppetmaster](../puppet) estiver rodando, o módulo [puppet-shorewall](http://git.sarava.org/?p=puppet-shorewall.git;a=summary) poderá ser utilizado para gerenciar o firewall. No entanto, se você for substituir o presente procedimento pela sua versão via puppet, certifique-se de apagar os arquivos `/etc/shorewall/{masq,policy,zones,rules,interfaces}`. 
-- 
cgit v1.2.3