mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 22:30:58 +01:00
Clean up shorewall.conf and its documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
243e8f1dbe
commit
03ecdc8c06
@ -71,8 +71,6 @@ CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
|
|||||||
|
|
||||||
RESTOREFILE=
|
RESTOREFILE=
|
||||||
|
|
||||||
IPSECFILE=zones
|
|
||||||
|
|
||||||
LOCKFILE=
|
LOCKFILE=
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
@ -212,4 +210,11 @@ TCP_FLAGS_DISPOSITION=DROP
|
|||||||
|
|
||||||
SMURF_DISPOSITION=DROP
|
SMURF_DISPOSITION=DROP
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
# L E G A C Y O P T I O N
|
||||||
|
# D O N O T D E L E T E O R A L T E R
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
IPSECFILE=zones
|
||||||
|
|
||||||
#LAST LINE -- DO NOT REMOVE
|
#LAST LINE -- DO NOT REMOVE
|
||||||
|
@ -82,8 +82,6 @@ CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
|
|||||||
|
|
||||||
RESTOREFILE=
|
RESTOREFILE=
|
||||||
|
|
||||||
IPSECFILE=zones
|
|
||||||
|
|
||||||
LOCKFILE=
|
LOCKFILE=
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
@ -143,8 +141,6 @@ DISABLE_IPV6=No
|
|||||||
|
|
||||||
DYNAMIC_ZONES=No
|
DYNAMIC_ZONES=No
|
||||||
|
|
||||||
PKTTYPE=Yes
|
|
||||||
|
|
||||||
NULL_ROUTE_RFC1918=No
|
NULL_ROUTE_RFC1918=No
|
||||||
|
|
||||||
MACLIST_TABLE=filter
|
MACLIST_TABLE=filter
|
||||||
@ -223,4 +219,11 @@ TCP_FLAGS_DISPOSITION=DROP
|
|||||||
|
|
||||||
SMURF_DISPOSITION=DROP
|
SMURF_DISPOSITION=DROP
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
# L E G A C Y O P T I O N
|
||||||
|
# D O N O T D E L E T E O R A L T E R
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
IPSECFILE=zones
|
||||||
|
|
||||||
#LAST LINE -- DO NOT REMOVE
|
#LAST LINE -- DO NOT REMOVE
|
||||||
|
@ -82,8 +82,6 @@ CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
|
|||||||
|
|
||||||
RESTOREFILE=
|
RESTOREFILE=
|
||||||
|
|
||||||
IPSECFILE=zones
|
|
||||||
|
|
||||||
LOCKFILE=
|
LOCKFILE=
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
@ -143,8 +141,6 @@ DISABLE_IPV6=No
|
|||||||
|
|
||||||
DYNAMIC_ZONES=No
|
DYNAMIC_ZONES=No
|
||||||
|
|
||||||
PKTTYPE=Yes
|
|
||||||
|
|
||||||
NULL_ROUTE_RFC1918=No
|
NULL_ROUTE_RFC1918=No
|
||||||
|
|
||||||
MACLIST_TABLE=filter
|
MACLIST_TABLE=filter
|
||||||
@ -223,4 +219,11 @@ TCP_FLAGS_DISPOSITION=DROP
|
|||||||
|
|
||||||
SMURF_DISPOSITION=DROP
|
SMURF_DISPOSITION=DROP
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
# L E G A C Y O P T I O N
|
||||||
|
# D O N O T D E L E T E O R A L T E R
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
IPSECFILE=zones
|
||||||
|
|
||||||
#LAST LINE -- DO NOT REMOVE
|
#LAST LINE -- DO NOT REMOVE
|
||||||
|
@ -89,8 +89,6 @@ CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
|
|||||||
|
|
||||||
RESTOREFILE=
|
RESTOREFILE=
|
||||||
|
|
||||||
IPSECFILE=zones
|
|
||||||
|
|
||||||
LOCKFILE=
|
LOCKFILE=
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
@ -150,8 +148,6 @@ DISABLE_IPV6=No
|
|||||||
|
|
||||||
DYNAMIC_ZONES=No
|
DYNAMIC_ZONES=No
|
||||||
|
|
||||||
PKTTYPE=Yes
|
|
||||||
|
|
||||||
NULL_ROUTE_RFC1918=No
|
NULL_ROUTE_RFC1918=No
|
||||||
|
|
||||||
MACLIST_TABLE=filter
|
MACLIST_TABLE=filter
|
||||||
@ -230,4 +226,11 @@ TCP_FLAGS_DISPOSITION=DROP
|
|||||||
|
|
||||||
SMURF_DISPOSITION=DROP
|
SMURF_DISPOSITION=DROP
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
# L E G A C Y O P T I O N
|
||||||
|
# D O N O T D E L E T E O R A L T E R
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
IPSECFILE=zones
|
||||||
|
|
||||||
#LAST LINE -- DO NOT REMOVE
|
#LAST LINE -- DO NOT REMOVE
|
||||||
|
@ -73,8 +73,6 @@ CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
|
|||||||
|
|
||||||
RESTOREFILE=
|
RESTOREFILE=
|
||||||
|
|
||||||
IPSECFILE=zones
|
|
||||||
|
|
||||||
LOCKFILE=
|
LOCKFILE=
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
@ -198,7 +196,7 @@ EXPORTMODULES=Yes
|
|||||||
|
|
||||||
ACCOUNTING_TABLE=filter
|
ACCOUNTING_TABLE=filter
|
||||||
|
|
||||||
LEGACY_FASTSTART=No
|
LEGACY_FASTSTART=Yes
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# P A C K E T D I S P O S I T I O N
|
# P A C K E T D I S P O S I T I O N
|
||||||
@ -214,4 +212,11 @@ SMURF_DISPOSITION=DROP
|
|||||||
|
|
||||||
FILTER_DISPOSITION=DROP
|
FILTER_DISPOSITION=DROP
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
# L E G A C Y O P T I O N
|
||||||
|
# D O N O T D E L E T E O R A L T E R
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
IPSECFILE=zones
|
||||||
|
|
||||||
#LAST LINE -- DO NOT REMOVE
|
#LAST LINE -- DO NOT REMOVE
|
||||||
|
@ -70,6 +70,9 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
|||||||
#ZONE INTERFACE BROADCAST OPTIONS
|
#ZONE INTERFACE BROADCAST OPTIONS
|
||||||
loc br1 - sfilter=2001:470:b:227::40/124
|
loc br1 - sfilter=2001:470:b:227::40/124
|
||||||
|
|
||||||
|
3) The obsolete PKTTYPE option has been removed from shorewall.conf
|
||||||
|
and the associated manpage.
|
||||||
|
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
I I. K N O W N P R O B L E M S R E M A I N I N G
|
I I. K N O W N P R O B L E M S R E M A I N I N G
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
|
@ -821,6 +821,20 @@ net all DROP info</programlisting>then the chain name is 'net2all'
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><emphasis role="bold">IPSECFILE=zones</emphasis></term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>This option indicates that zone-related ipsec information is
|
||||||
|
found in the zones file (<ulink
|
||||||
|
url="shorewall-zones.html">shorewall-zones</ulink>(5)). The option
|
||||||
|
indicates to the compiler that this is not a legacy configuration
|
||||||
|
where the ipsec information was contained in a separate file. The
|
||||||
|
value of this option must not be changed and the option must not be
|
||||||
|
deleted.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis
|
<term><emphasis
|
||||||
role="bold">IPSET</emphasis>=[<emphasis>pathname</emphasis>]</term>
|
role="bold">IPSET</emphasis>=[<emphasis>pathname</emphasis>]</term>
|
||||||
@ -1475,17 +1489,6 @@ net all DROP info</programlisting>then the chain name is 'net2all'
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term><emphasis role="bold">PKTTYPE=</emphasis>{<emphasis
|
|
||||||
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para><emphasis role="bold">Obsolete</emphasis> - This option is
|
|
||||||
included for compatibility with older Shorewall releases. Its
|
|
||||||
setting has no effect.</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis
|
<term><emphasis
|
||||||
role="bold">RCP_COMMAND="</emphasis><replaceable>command</replaceable><emphasis
|
role="bold">RCP_COMMAND="</emphasis><replaceable>command</replaceable><emphasis
|
||||||
|
Loading…
Reference in New Issue
Block a user