quote $LOG_LEVEL in shorewall[6].conf files

- Delete AllowICMPs from IPv4 policy action settings Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-25 09:03:30 +01:00 · 2017-03-08 14:16:24 -08:00 · 2017-03-08 14:16:24 -08:00 · 0239796d6f
commit 0239796d6f
parent e4bf2b99bf
10 changed files with 63 additions and 63 deletions
--- a/Shorewall/Samples/Universal/shorewall.conf
+++ b/Shorewall/Samples/Universal/shorewall.conf
@ -33,7 +33,7 @@ FIREWALL=
 #		                L O G G I N G
 ###############################################################################

-LOG_LEVEL=info
+LOG_LEVEL="info"

 BLACKLIST_LOG_LEVEL=

@ -55,19 +55,19 @@ LOGTAGONLY=No

 LOGLIMIT="s:1/sec:10"

-MACLIST_LOG_LEVEL=$LOG_LEVEL
+MACLIST_LOG_LEVEL="$LOG_LEVEL"

 RELATED_LOG_LEVEL=

-RPFILTER_LOG_LEVEL=$LOG_LEVEL
+RPFILTER_LOG_LEVEL="$LOG_LEVEL"

-SFILTER_LOG_LEVEL=$LOG_LEVEL
+SFILTER_LOG_LEVEL="$LOG_LEVEL"

-SMURF_LOG_LEVEL=$LOG_LEVEL
+SMURF_LOG_LEVEL="$LOG_LEVEL"

 STARTUP_LOG=/var/log/shorewall-init.log

-TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL
+TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"

 UNTRACKED_LOG_LEVEL=

@ -110,8 +110,8 @@ TC=
 ###############################################################################

 ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
-DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs"
+BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
+DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
 REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs"
--- a/Shorewall/Samples/one-interface/shorewall.conf
+++ b/Shorewall/Samples/one-interface/shorewall.conf
@ -121,8 +121,8 @@ TC=
 ###############################################################################

 ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
-DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs"
+BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
+DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
 REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs"
--- a/Shorewall/Samples/three-interfaces/shorewall.conf
+++ b/Shorewall/Samples/three-interfaces/shorewall.conf
@ -41,7 +41,7 @@ FIREWALL=
 #		                L O G G I N G
 ###############################################################################

-LOG_LEVEL=info
+LOG_LEVEL="info"

 BLACKLIST_LOG_LEVEL=

@ -63,19 +63,19 @@ LOGTAGONLY=No

 LOGLIMIT="s:1/sec:10"

-MACLIST_LOG_LEVEL=$LOG_LEVEL
+MACLIST_LOG_LEVEL="$LOG_LEVEL"

 RELATED_LOG_LEVEL=

-RPFILTER_LOG_LEVEL=$LOG_LEVEL
+RPFILTER_LOG_LEVEL="$LOG_LEVEL"

-SFILTER_LOG_LEVEL=$LOG_LEVEL
+SFILTER_LOG_LEVEL="$LOG_LEVEL"

-SMURF_LOG_LEVEL=$LOG_LEVEL
+SMURF_LOG_LEVEL="$LOG_LEVEL"

 STARTUP_LOG=/var/log/shorewall-init.log

-TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL
+TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"

 UNTRACKED_LOG_LEVEL=

@ -118,8 +118,8 @@ TC=
 ###############################################################################

 ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
-DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs"
+BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
+DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
 REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs"
--- a/Shorewall/Samples/two-interfaces/shorewall.conf
+++ b/Shorewall/Samples/two-interfaces/shorewall.conf
@ -44,7 +44,7 @@ FIREWALL=
 #		                L O G G I N G
 ###############################################################################

-LOG_LEVEL=info
+LOG_LEVEL="info"

 BLACKLIST_LOG_LEVEL=

@ -66,19 +66,19 @@ LOGTAGONLY=No

 LOGLIMIT="s:1/sec:10"

-MACLIST_LOG_LEVEL=$LOG_LEVEL
+MACLIST_LOG_LEVEL="$LOG_LEVEL"

 RELATED_LOG_LEVEL=

-RPFILTER_LOG_LEVEL=$LOG_LEVEL
+RPFILTER_LOG_LEVEL="$LOG_LEVEL"

-SFILTER_LOG_LEVEL=$LOG_LEVEL
+SFILTER_LOG_LEVEL="$LOG_LEVEL"

-SMURF_LOG_LEVEL=$LOG_LEVEL
+SMURF_LOG_LEVEL="$LOG_LEVEL"

 STARTUP_LOG=/var/log/shorewall-init.log

-TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL
+TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"

 UNTRACKED_LOG_LEVEL=

@ -121,8 +121,8 @@ TC=
 ###############################################################################

 ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
-DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs"
+BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
+DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
 REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs"
--- a/Shorewall/configfiles/shorewall.conf
+++ b/Shorewall/configfiles/shorewall.conf
@ -33,7 +33,7 @@ FIREWALL=
 #			       L O G G I N G
 ###############################################################################

-LOG_LEVEL=info
+LOG_LEVEL="info"

 BLACKLIST_LOG_LEVEL=

@ -55,19 +55,19 @@ LOGTAGONLY=No

 LOGLIMIT="s:1/sec:10"

-MACLIST_LOG_LEVEL=$LOG_LEVEL
+MACLIST_LOG_LEVEL="$LOG_LEVEL"

 RELATED_LOG_LEVEL=

-RPFILTER_LOG_LEVEL=$LOG_LEVEL
+RPFILTER_LOG_LEVEL="$LOG_LEVEL"

-SFILTER_LOG_LEVEL=$LOG_LEVEL
+SFILTER_LOG_LEVEL="$LOG_LEVEL"

 SMURF_LOG_LEVEL=$LOG_LEVEL

 STARTUP_LOG=/var/log/shorewall-init.log

-TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL
+TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"

 UNTRACKED_LOG_LEVEL=

@ -110,8 +110,8 @@ TC=
 ###############################################################################

 ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
-DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs"
+BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
+DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
 REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs"
--- a/Shorewall6/Samples6/Universal/shorewall6.conf
+++ b/Shorewall6/Samples6/Universal/shorewall6.conf
@ -34,7 +34,7 @@ FIREWALL=
 #			       L O G G I N G
 ###############################################################################

-LOG_LEVEL=info
+LOG_LEVEL="info"

 BLACKLIST_LOG_LEVEL=

@ -54,19 +54,19 @@ LOGLIMIT="s:1/sec:10"

 LOGTAGONLY=No

-MACLIST_LOG_LEVEL=info
+MACLIST_LOG_LEVEL="$LOG_LEVEL"

 RELATED_LOG_LEVEL=

-RPFILTER_LOG_LEVEL=info
+RPFILTER_LOG_LEVEL="$LOG_LEVEL"

-SFILTER_LOG_LEVEL=info
+SFILTER_LOG_LEVEL="$LOG_LEVEL"

-SMURF_LOG_LEVEL=info
+SMURF_LOG_LEVEL="$LOG_LEVEL"

 STARTUP_LOG=/var/log/shorewall6-init.log

-TCP_FLAGS_LOG_LEVEL=info
+TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"

 UNTRACKED_LOG_LEVEL=

--- a/Shorewall6/Samples6/one-interface/shorewall6.conf
+++ b/Shorewall6/Samples6/one-interface/shorewall6.conf
@ -35,7 +35,7 @@ FIREWALL=
 #			       L O G G I N G
 ###############################################################################

-LOG_LEVEL=info
+LOG_LEVEL="info"

 BLACKLIST_LOG_LEVEL=

@ -55,19 +55,19 @@ LOGLIMIT="s:1/sec:10"

 LOGTAGONLY=No

-MACLIST_LOG_LEVEL=info
+MACLIST_LOG_LEVEL="$LOG_LEVEL"

 RELATED_LOG_LEVEL=

-RPFILTER_LOG_LEVEL=info
+RPFILTER_LOG_LEVEL="$LOG_LEVEL"

-SFILTER_LOG_LEVEL=info
+SFILTER_LOG_LEVEL="$LOG_LEVEL"

-SMURF_LOG_LEVEL=info
+SMURF_LOG_LEVEL="$LOG_LEVEL"

 STARTUP_LOG=/var/log/shorewall6-init.log

-TCP_FLAGS_LOG_LEVEL=info
+TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"

 UNTRACKED_LOG_LEVEL=

--- a/Shorewall6/Samples6/three-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/three-interfaces/shorewall6.conf
@ -34,7 +34,7 @@ FIREWALL=
 #			       L O G G I N G
 ###############################################################################

-LOG_LEVEL=info
+LOG_LEVEL="info"

 BLACKLIST_LOG_LEVEL=

@ -54,19 +54,19 @@ LOGLIMIT="s:1/sec:10"

 LOGTAGONLY=No

-MACLIST_LOG_LEVEL=info
+MACLIST_LOG_LEVEL="$LOG_LEVEL"

 RELATED_LOG_LEVEL=

-RPFILTER_LOG_LEVEL=info
+RPFILTER_LOG_LEVEL="$LOG_LEVEL"

-SFILTER_LOG_LEVEL=info
+SFILTER_LOG_LEVEL="$LOG_LEVEL"

-SMURF_LOG_LEVEL=info
+SMURF_LOG_LEVEL="$LOG_LEVEL"

 STARTUP_LOG=/var/log/shorewall6-init.log

-TCP_FLAGS_LOG_LEVEL=info
+TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"

 UNTRACKED_LOG_LEVEL=

--- a/Shorewall6/Samples6/two-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/two-interfaces/shorewall6.conf
@ -34,7 +34,7 @@ FIREWALL=
 #			       L O G G I N G
 ###############################################################################

-LOG_LEVEL=info
+LOG_LEVEL="info"

 BLACKLIST_LOG_LEVEL=

@ -54,19 +54,19 @@ LOGLIMIT="s:1/sec:10"

 LOGTAGONLY=No

-MACLIST_LOG_LEVEL=info
+MACLIST_LOG_LEVEL="$LOG_LEVEL"

 RELATED_LOG_LEVEL=

-RPFILTER_LOG_LEVEL=info
+RPFILTER_LOG_LEVEL="$LOG_LEVEL"

-SFILTER_LOG_LEVEL=info
+SFILTER_LOG_LEVEL="$LOG_LEVEL"

-SMURF_LOG_LEVEL=info
+SMURF_LOG_LEVEL="$LOG_LEVEL"

 STARTUP_LOG=/var/log/shorewall6-init.log

-TCP_FLAGS_LOG_LEVEL=info
+TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"

 UNTRACKED_LOG_LEVEL=

--- a/Shorewall6/configfiles/shorewall6.conf
+++ b/Shorewall6/configfiles/shorewall6.conf
@ -34,7 +34,7 @@ FIREWALL=
 #			       L O G G I N G
 ###############################################################################

-LOG_LEVEL=info
+LOG_LEVEL="info"

 BLACKLIST_LOG_LEVEL=

@ -54,19 +54,19 @@ LOGLIMIT="s:1/sec:10"

 LOGTAGONLY=No

-MACLIST_LOG_LEVEL=$LOG_LEVEL
+MACLIST_LOG_LEVEL="$LOG_LEVEL"

 RELATED_LOG_LEVEL=

-RPFILTER_LOG_LEVEL=$LOG_LEVEL
+RPFILTER_LOG_LEVEL="$LOG_LEVEL"

-SFILTER_LOG_LEVEL=$LOG_LEVEL
+SFILTER_LOG_LEVEL="$LOG_LEVEL"

-SMURF_LOG_LEVEL=$LOG_LEVEL
+SMURF_LOG_LEVEL="$LOG_LEVEL"

 STARTUP_LOG=/var/log/shorewall6-init.log

-TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL
+TCP_FLAGS_LOG_LEVEL=:$LOG_LEVEL"

 UNTRACKED_LOG_LEVEL=