The files in this directory are firewall scripts (iptables firewalls).
Firewall scripts can be named <hostname>-firewall, or 
<descriptivename>-firewall, whatever you prefer.  It's probably a good
idea to make one set of names symlinks to files with the other set of names.

Once upon a time (and at the time of writing), we had two subnets behind
one firewall, with the rack and our programmer closet on one subnet,
and the virus pits^W^Wwindows computers on the other subnet.

TO UPDATE A FIREWALL

(1) Edit the firewall script in this directory.
(2) Run fw-dist <script-name> in this directory.
(3) Log in on firewall host and execute /etc/init.d/cxgn-firewall

TO INSTALL A NEW FIREWALL SCRIPT

(1) Make a new firewall script in this directory.
(2) Run fw-dist <script-name>.
(3) Log in on firewall host.
(4) Create a symlink in /etc/rcN.d to /etc/init.d/cxgn-firewall
    for each runlevel N where the firewall needs to be on (probably
    only the default runlevel; see /etc/inittab).
(5) Make sure the firewall script in /etc/init.d/cxgn-firewall is
    executable.

IF THE FIREWALL PREVENTS YOU FROM LOGGING IN ON THE FIREWALL HOST

(1) Don't panic.
(2) Use the firewall host's system console.  This can involve
    lugging a monitor to the firewall host's location.
(3) Disable the firewall completely with 'iptables --flush'.
(4) You should now be able to ssh into the firewall host.


