From 0239796d6f83daf1a12ac2ad3e32277362fa6024 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 8 Mar 2017 14:16:24 -0800 Subject: [PATCH] quote $LOG_LEVEL in shorewall[6].conf files - Delete AllowICMPs from IPv4 policy action settings Signed-off-by: Tom Eastep --- Shorewall/Samples/Universal/shorewall.conf | 16 ++++++++-------- Shorewall/Samples/one-interface/shorewall.conf | 4 ++-- .../Samples/three-interfaces/shorewall.conf | 16 ++++++++-------- Shorewall/Samples/two-interfaces/shorewall.conf | 16 ++++++++-------- Shorewall/configfiles/shorewall.conf | 14 +++++++------- Shorewall6/Samples6/Universal/shorewall6.conf | 12 ++++++------ .../Samples6/one-interface/shorewall6.conf | 12 ++++++------ .../Samples6/three-interfaces/shorewall6.conf | 12 ++++++------ .../Samples6/two-interfaces/shorewall6.conf | 12 ++++++------ Shorewall6/configfiles/shorewall6.conf | 12 ++++++------ 10 files changed, 63 insertions(+), 63 deletions(-) diff --git a/Shorewall/Samples/Universal/shorewall.conf b/Shorewall/Samples/Universal/shorewall.conf index dfdc1f0ad..ab5b6ec4d 100644 --- a/Shorewall/Samples/Universal/shorewall.conf +++ b/Shorewall/Samples/Universal/shorewall.conf @@ -33,7 +33,7 @@ FIREWALL= # L O G G I N G ############################################################################### -LOG_LEVEL=info +LOG_LEVEL="info" BLACKLIST_LOG_LEVEL= @@ -55,19 +55,19 @@ LOGTAGONLY=No LOGLIMIT="s:1/sec:10" -MACLIST_LOG_LEVEL=$LOG_LEVEL +MACLIST_LOG_LEVEL="$LOG_LEVEL" RELATED_LOG_LEVEL= -RPFILTER_LOG_LEVEL=$LOG_LEVEL +RPFILTER_LOG_LEVEL="$LOG_LEVEL" -SFILTER_LOG_LEVEL=$LOG_LEVEL +SFILTER_LOG_LEVEL="$LOG_LEVEL" -SMURF_LOG_LEVEL=$LOG_LEVEL +SMURF_LOG_LEVEL="$LOG_LEVEL" STARTUP_LOG=/var/log/shorewall-init.log -TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL +TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL" UNTRACKED_LOG_LEVEL= @@ -110,8 +110,8 @@ TC= ############################################################################### ACCEPT_DEFAULT=none -BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" -DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs" +BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" +DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)" NFQUEUE_DEFAULT=none QUEUE_DEFAULT=none REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs" diff --git a/Shorewall/Samples/one-interface/shorewall.conf b/Shorewall/Samples/one-interface/shorewall.conf index 7ba21d91f..e18a20344 100644 --- a/Shorewall/Samples/one-interface/shorewall.conf +++ b/Shorewall/Samples/one-interface/shorewall.conf @@ -121,8 +121,8 @@ TC= ############################################################################### ACCEPT_DEFAULT=none -BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" -DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs" +BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" +DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)" NFQUEUE_DEFAULT=none QUEUE_DEFAULT=none REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs" diff --git a/Shorewall/Samples/three-interfaces/shorewall.conf b/Shorewall/Samples/three-interfaces/shorewall.conf index b2e923040..f7302678e 100644 --- a/Shorewall/Samples/three-interfaces/shorewall.conf +++ b/Shorewall/Samples/three-interfaces/shorewall.conf @@ -41,7 +41,7 @@ FIREWALL= # L O G G I N G ############################################################################### -LOG_LEVEL=info +LOG_LEVEL="info" BLACKLIST_LOG_LEVEL= @@ -63,19 +63,19 @@ LOGTAGONLY=No LOGLIMIT="s:1/sec:10" -MACLIST_LOG_LEVEL=$LOG_LEVEL +MACLIST_LOG_LEVEL="$LOG_LEVEL" RELATED_LOG_LEVEL= -RPFILTER_LOG_LEVEL=$LOG_LEVEL +RPFILTER_LOG_LEVEL="$LOG_LEVEL" -SFILTER_LOG_LEVEL=$LOG_LEVEL +SFILTER_LOG_LEVEL="$LOG_LEVEL" -SMURF_LOG_LEVEL=$LOG_LEVEL +SMURF_LOG_LEVEL="$LOG_LEVEL" STARTUP_LOG=/var/log/shorewall-init.log -TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL +TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL" UNTRACKED_LOG_LEVEL= @@ -118,8 +118,8 @@ TC= ############################################################################### ACCEPT_DEFAULT=none -BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" -DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs" +BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" +DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)" NFQUEUE_DEFAULT=none QUEUE_DEFAULT=none REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs" diff --git a/Shorewall/Samples/two-interfaces/shorewall.conf b/Shorewall/Samples/two-interfaces/shorewall.conf index af1b19453..2d13a7383 100644 --- a/Shorewall/Samples/two-interfaces/shorewall.conf +++ b/Shorewall/Samples/two-interfaces/shorewall.conf @@ -44,7 +44,7 @@ FIREWALL= # L O G G I N G ############################################################################### -LOG_LEVEL=info +LOG_LEVEL="info" BLACKLIST_LOG_LEVEL= @@ -66,19 +66,19 @@ LOGTAGONLY=No LOGLIMIT="s:1/sec:10" -MACLIST_LOG_LEVEL=$LOG_LEVEL +MACLIST_LOG_LEVEL="$LOG_LEVEL" RELATED_LOG_LEVEL= -RPFILTER_LOG_LEVEL=$LOG_LEVEL +RPFILTER_LOG_LEVEL="$LOG_LEVEL" -SFILTER_LOG_LEVEL=$LOG_LEVEL +SFILTER_LOG_LEVEL="$LOG_LEVEL" -SMURF_LOG_LEVEL=$LOG_LEVEL +SMURF_LOG_LEVEL="$LOG_LEVEL" STARTUP_LOG=/var/log/shorewall-init.log -TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL +TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL" UNTRACKED_LOG_LEVEL= @@ -121,8 +121,8 @@ TC= ############################################################################### ACCEPT_DEFAULT=none -BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" -DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs" +BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" +DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)" NFQUEUE_DEFAULT=none QUEUE_DEFAULT=none REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs" diff --git a/Shorewall/configfiles/shorewall.conf b/Shorewall/configfiles/shorewall.conf index 9b62cdae2..41a79a4e4 100644 --- a/Shorewall/configfiles/shorewall.conf +++ b/Shorewall/configfiles/shorewall.conf @@ -33,7 +33,7 @@ FIREWALL= # L O G G I N G ############################################################################### -LOG_LEVEL=info +LOG_LEVEL="info" BLACKLIST_LOG_LEVEL= @@ -55,19 +55,19 @@ LOGTAGONLY=No LOGLIMIT="s:1/sec:10" -MACLIST_LOG_LEVEL=$LOG_LEVEL +MACLIST_LOG_LEVEL="$LOG_LEVEL" RELATED_LOG_LEVEL= -RPFILTER_LOG_LEVEL=$LOG_LEVEL +RPFILTER_LOG_LEVEL="$LOG_LEVEL" -SFILTER_LOG_LEVEL=$LOG_LEVEL +SFILTER_LOG_LEVEL="$LOG_LEVEL" SMURF_LOG_LEVEL=$LOG_LEVEL STARTUP_LOG=/var/log/shorewall-init.log -TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL +TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL" UNTRACKED_LOG_LEVEL= @@ -110,8 +110,8 @@ TC= ############################################################################### ACCEPT_DEFAULT=none -BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" -DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs" +BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" +DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)" NFQUEUE_DEFAULT=none QUEUE_DEFAULT=none REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs" diff --git a/Shorewall6/Samples6/Universal/shorewall6.conf b/Shorewall6/Samples6/Universal/shorewall6.conf index 4d6e8518d..7ef896e88 100644 --- a/Shorewall6/Samples6/Universal/shorewall6.conf +++ b/Shorewall6/Samples6/Universal/shorewall6.conf @@ -34,7 +34,7 @@ FIREWALL= # L O G G I N G ############################################################################### -LOG_LEVEL=info +LOG_LEVEL="info" BLACKLIST_LOG_LEVEL= @@ -54,19 +54,19 @@ LOGLIMIT="s:1/sec:10" LOGTAGONLY=No -MACLIST_LOG_LEVEL=info +MACLIST_LOG_LEVEL="$LOG_LEVEL" RELATED_LOG_LEVEL= -RPFILTER_LOG_LEVEL=info +RPFILTER_LOG_LEVEL="$LOG_LEVEL" -SFILTER_LOG_LEVEL=info +SFILTER_LOG_LEVEL="$LOG_LEVEL" -SMURF_LOG_LEVEL=info +SMURF_LOG_LEVEL="$LOG_LEVEL" STARTUP_LOG=/var/log/shorewall6-init.log -TCP_FLAGS_LOG_LEVEL=info +TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL" UNTRACKED_LOG_LEVEL= diff --git a/Shorewall6/Samples6/one-interface/shorewall6.conf b/Shorewall6/Samples6/one-interface/shorewall6.conf index 2b1550d07..57a850b19 100644 --- a/Shorewall6/Samples6/one-interface/shorewall6.conf +++ b/Shorewall6/Samples6/one-interface/shorewall6.conf @@ -35,7 +35,7 @@ FIREWALL= # L O G G I N G ############################################################################### -LOG_LEVEL=info +LOG_LEVEL="info" BLACKLIST_LOG_LEVEL= @@ -55,19 +55,19 @@ LOGLIMIT="s:1/sec:10" LOGTAGONLY=No -MACLIST_LOG_LEVEL=info +MACLIST_LOG_LEVEL="$LOG_LEVEL" RELATED_LOG_LEVEL= -RPFILTER_LOG_LEVEL=info +RPFILTER_LOG_LEVEL="$LOG_LEVEL" -SFILTER_LOG_LEVEL=info +SFILTER_LOG_LEVEL="$LOG_LEVEL" -SMURF_LOG_LEVEL=info +SMURF_LOG_LEVEL="$LOG_LEVEL" STARTUP_LOG=/var/log/shorewall6-init.log -TCP_FLAGS_LOG_LEVEL=info +TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL" UNTRACKED_LOG_LEVEL= diff --git a/Shorewall6/Samples6/three-interfaces/shorewall6.conf b/Shorewall6/Samples6/three-interfaces/shorewall6.conf index 785212b8c..d3908f024 100644 --- a/Shorewall6/Samples6/three-interfaces/shorewall6.conf +++ b/Shorewall6/Samples6/three-interfaces/shorewall6.conf @@ -34,7 +34,7 @@ FIREWALL= # L O G G I N G ############################################################################### -LOG_LEVEL=info +LOG_LEVEL="info" BLACKLIST_LOG_LEVEL= @@ -54,19 +54,19 @@ LOGLIMIT="s:1/sec:10" LOGTAGONLY=No -MACLIST_LOG_LEVEL=info +MACLIST_LOG_LEVEL="$LOG_LEVEL" RELATED_LOG_LEVEL= -RPFILTER_LOG_LEVEL=info +RPFILTER_LOG_LEVEL="$LOG_LEVEL" -SFILTER_LOG_LEVEL=info +SFILTER_LOG_LEVEL="$LOG_LEVEL" -SMURF_LOG_LEVEL=info +SMURF_LOG_LEVEL="$LOG_LEVEL" STARTUP_LOG=/var/log/shorewall6-init.log -TCP_FLAGS_LOG_LEVEL=info +TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL" UNTRACKED_LOG_LEVEL= diff --git a/Shorewall6/Samples6/two-interfaces/shorewall6.conf b/Shorewall6/Samples6/two-interfaces/shorewall6.conf index c5c71a291..f67cbcfaa 100644 --- a/Shorewall6/Samples6/two-interfaces/shorewall6.conf +++ b/Shorewall6/Samples6/two-interfaces/shorewall6.conf @@ -34,7 +34,7 @@ FIREWALL= # L O G G I N G ############################################################################### -LOG_LEVEL=info +LOG_LEVEL="info" BLACKLIST_LOG_LEVEL= @@ -54,19 +54,19 @@ LOGLIMIT="s:1/sec:10" LOGTAGONLY=No -MACLIST_LOG_LEVEL=info +MACLIST_LOG_LEVEL="$LOG_LEVEL" RELATED_LOG_LEVEL= -RPFILTER_LOG_LEVEL=info +RPFILTER_LOG_LEVEL="$LOG_LEVEL" -SFILTER_LOG_LEVEL=info +SFILTER_LOG_LEVEL="$LOG_LEVEL" -SMURF_LOG_LEVEL=info +SMURF_LOG_LEVEL="$LOG_LEVEL" STARTUP_LOG=/var/log/shorewall6-init.log -TCP_FLAGS_LOG_LEVEL=info +TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL" UNTRACKED_LOG_LEVEL= diff --git a/Shorewall6/configfiles/shorewall6.conf b/Shorewall6/configfiles/shorewall6.conf index abdf48426..24a3a4fd2 100644 --- a/Shorewall6/configfiles/shorewall6.conf +++ b/Shorewall6/configfiles/shorewall6.conf @@ -34,7 +34,7 @@ FIREWALL= # L O G G I N G ############################################################################### -LOG_LEVEL=info +LOG_LEVEL="info" BLACKLIST_LOG_LEVEL= @@ -54,19 +54,19 @@ LOGLIMIT="s:1/sec:10" LOGTAGONLY=No -MACLIST_LOG_LEVEL=$LOG_LEVEL +MACLIST_LOG_LEVEL="$LOG_LEVEL" RELATED_LOG_LEVEL= -RPFILTER_LOG_LEVEL=$LOG_LEVEL +RPFILTER_LOG_LEVEL="$LOG_LEVEL" -SFILTER_LOG_LEVEL=$LOG_LEVEL +SFILTER_LOG_LEVEL="$LOG_LEVEL" -SMURF_LOG_LEVEL=$LOG_LEVEL +SMURF_LOG_LEVEL="$LOG_LEVEL" STARTUP_LOG=/var/log/shorewall6-init.log -TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL +TCP_FLAGS_LOG_LEVEL=:$LOG_LEVEL" UNTRACKED_LOG_LEVEL=