extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-02 19:49:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add the FIREWALL .conf option

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-10-05 15:03:54 -07:00
parent ca7ca4bdfe
commit 14e8568d9e
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
16 changed files with 177 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Shorewall/Perl/Shorewall/Config.pm
View File

@ -900,6 +900,7 @@ sub initialize( $;$$) {
MINIUPNPD => undef , MINIUPNPD => undef ,
VERBOSE_MESSAGES => undef , VERBOSE_MESSAGES => undef ,
ZERO_MARKS => undef , ZERO_MARKS => undef ,
FIREWALL => undef ,
# #
# Packet Disposition # Packet Disposition
# #

6
Shorewall/Samples/Universal/shorewall.conf
View File

@ -23,6 +23,12 @@ VERBOSITY=1
PAGER= PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
############################################################################### ###############################################################################
# L O G G I N G # L O G G I N G
############################################################################### ###############################################################################

6
Shorewall/Samples/one-interface/shorewall.conf
View File

@ -34,6 +34,12 @@ VERBOSITY=1
PAGER= PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
############################################################################### ###############################################################################
# L O G G I N G # L O G G I N G
############################################################################### ###############################################################################

6
Shorewall/Samples/three-interfaces/shorewall.conf
View File

@ -31,6 +31,12 @@ VERBOSITY=1
PAGER= PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
############################################################################### ###############################################################################
# L O G G I N G # L O G G I N G
############################################################################### ###############################################################################

6
Shorewall/Samples/two-interfaces/shorewall.conf
View File

@ -34,6 +34,12 @@ VERBOSITY=1
PAGER= PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
############################################################################### ###############################################################################
# L O G G I N G # L O G G I N G
############################################################################### ###############################################################################

6
Shorewall/configfiles/shorewall.conf
View File

@ -23,6 +23,12 @@ VERBOSITY=1
PAGER= PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
############################################################################### ###############################################################################
# L O G G I N G # L O G G I N G
############################################################################### ###############################################################################

13
Shorewall/lib.cli-std
View File

@ -1444,6 +1444,12 @@ remote_reload_command() # $* = original arguments less the command.
option= option=
shift shift
;; ;;
D)
[ $# -gt 1 ] || fatal_error "Missing directory name"
g_shorewalldir=$2
option=
shift
;;
T*) T*)
g_confess=Yes g_confess=Yes
option=${option#T} option=${option#T}
@ -1467,7 +1473,7 @@ remote_reload_command() # $* = original arguments less the command.
case $# in case $# in
0) 0)
missing_argument [ -n "$g_shorewalldir" ] || g_shorewalldir='.'
;; ;;
1) 1)
g_shorewalldir="." g_shorewalldir="."
@ -1502,6 +1508,11 @@ remote_reload_command() # $* = original arguments less the command.
get_config No get_config No
g_haveconfig=Yes g_haveconfig=Yes
if [ -z "$system" ]; then
system=$FIREWALL
[ -n "$system" ] || fatal_error "No system name given and the FIREWALL option is not set"
fi
else else
fatal_error "$g_shorewalldir/$g_program.conf does not exist" fatal_error "$g_shorewalldir/$g_program.conf does not exist"
fi fi

14
Shorewall/manpages/shorewall.conf.xml
View File

@ -911,6 +911,20 @@ net all DROP info</programlisting>then the chain name is 'net-all'
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis
role="bold">FIREWALL</emphasis>=[<emphasis>dnsname-or-ip-address</emphasis>]</term>
<listitem>
<para>This option was added in Shorewall 5.0.13 and may be used on
an administrative system in directories containing the
configurations of remote firewalls. The contents of the variable are
the default value for the <replaceable>system</replaceable>
parameter to the <command>remote-reload</command> and
<command>remote-restart</command> commands.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">FORWARD_CLEAR_MARK=</emphasis>{<emphasis <term><emphasis role="bold">FORWARD_CLEAR_MARK=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term> role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>

56
Shorewall/manpages/shorewall.xml
View File

@ -451,9 +451,9 @@
<arg><option>-i</option></arg> <arg><option>-i</option></arg>
<arg><replaceable>directory</replaceable></arg> <arg><arg><option>-D</option></arg><replaceable>directory</replaceable></arg>
<arg choice="plain"><replaceable>system</replaceable></arg> <arg choice="plain"><arg><replaceable>system</replaceable></arg></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
@ -475,9 +475,9 @@
<arg><option>-i</option></arg> <arg><option>-i</option></arg>
<arg><replaceable>directory</replaceable></arg> <arg><arg><option>-D</option></arg><replaceable>directory</replaceable></arg>
<arg choice="plain"><replaceable>system</replaceable></arg> <arg choice="plain"><arg><replaceable>system</replaceable></arg></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
@ -499,9 +499,9 @@
<arg><option>-i</option></arg> <arg><option>-i</option></arg>
<arg><replaceable>directory</replaceable></arg> <arg><arg><option>-D</option></arg><replaceable>directory</replaceable></arg>
<arg choice="plain"><replaceable>system</replaceable></arg> <arg choice="plain"><arg><replaceable>system</replaceable></arg></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
@ -1614,8 +1614,8 @@
<term><emphasis role="bold">remote-start</emphasis> <term><emphasis role="bold">remote-start</emphasis>
[-<option>s</option>] [-<option>c</option>] [-<option>r</option> [-<option>s</option>] [-<option>c</option>] [-<option>r</option>
<replaceable>root-user-name</replaceable>] [-<option>T</option>] <replaceable>root-user-name</replaceable>] [-<option>T</option>]
[-<option>i</option>] [ <replaceable>directory</replaceable> ] [-<option>i</option>] [ [ -D ] <replaceable>directory</replaceable> ]
<replaceable>system</replaceable></term> [ <replaceable>system</replaceable> ]</term>
<listitem> <listitem>
<para>This command was renamed from <command>load</command> in <para>This command was renamed from <command>load</command> in
@ -1641,7 +1641,13 @@
directory. If compilation succeeds, then firewall is copied to directory. If compilation succeeds, then firewall is copied to
<replaceable>system</replaceable> using scp. If the copy succeeds, <replaceable>system</replaceable> using scp. If the copy succeeds,
Shorewall Lite on <replaceable>system</replaceable> is started via Shorewall Lite on <replaceable>system</replaceable> is started via
ssh.</para> ssh. Beginning with Shorewall 5.0.13, if
<replaceable>system</replaceable> is omitted, then the FIREWALL
option setting in <ulink
url="shorewall6.conf.html">shorewall6.conf(5)</ulink> is assumed. In
that case, if you want to specify a
<replaceable>directory</replaceable>, then the <option>-D</option>
option must be given.</para>
<para>If <emphasis role="bold">-s</emphasis> is specified and the <para>If <emphasis role="bold">-s</emphasis> is specified and the
<emphasis role="bold">start</emphasis> command succeeds, then the <emphasis role="bold">start</emphasis> command succeeds, then the
@ -1676,9 +1682,9 @@
<term><emphasis role="bold">remote-reload <term><emphasis role="bold">remote-reload
</emphasis>[-<option>s</option>] [-<option>c</option>] </emphasis>[-<option>s</option>] [-<option>c</option>]
[-<option>r</option> <replaceable>root-user-name</replaceable>] [-<option>r</option> <replaceable>root-user-name</replaceable>]
[-<option>T</option>] [-<option>i</option>] [ [-<option>T</option>] [-<option>i</option>] [ [ -D ]
<replaceable>directory</replaceable> ] <replaceable>directory</replaceable> ] [
<replaceable>system</replaceable></term> <replaceable>system</replaceable> ]</term>
<listitem> <listitem>
<para>This command was added in Shorewall 5.0.0.</para> <para>This command was added in Shorewall 5.0.0.</para>
@ -1702,8 +1708,14 @@
defaulted) directory is compiled to a file called firewall in that defaulted) directory is compiled to a file called firewall in that
directory. If compilation succeeds, then firewall is copied to directory. If compilation succeeds, then firewall is copied to
<emphasis>system</emphasis> using scp. If the copy succeeds, <emphasis>system</emphasis> using scp. If the copy succeeds,
Shorewall Lite on <emphasis>system</emphasis> is restarted via Shorewall Lite on <emphasis>system</emphasis> is restarted via ssh.
ssh.</para> Beginning with Shorewall 5.0.13, if
<replaceable>system</replaceable> is omitted, then the FIREWALL
option setting in <ulink
url="shorewall6.conf.html">shorewall6.conf(5)</ulink> is assumed. In
that case, if you want to specify a
<replaceable>directory</replaceable>, then the <option>-D</option>
option must be given.</para>
<para>If <emphasis role="bold">-s</emphasis> is specified and the <para>If <emphasis role="bold">-s</emphasis> is specified and the
<emphasis role="bold">restart</emphasis> command succeeds, then the <emphasis role="bold">restart</emphasis> command succeeds, then the
@ -1738,9 +1750,9 @@
<term><emphasis role="bold">remote-restart <term><emphasis role="bold">remote-restart
</emphasis>[-<option>s</option>] [-<option>c</option>] </emphasis>[-<option>s</option>] [-<option>c</option>]
[-<option>r</option> <replaceable>root-user-name</replaceable>] [-<option>r</option> <replaceable>root-user-name</replaceable>]
[-<option>T</option>] [-<option>i</option>] [ [-<option>T</option>] [-<option>i</option>] [ [ -D ]
<replaceable>directory</replaceable> ] <replaceable>directory</replaceable> ] [
<replaceable>system</replaceable></term> <replaceable>system</replaceable> ]</term>
<listitem> <listitem>
<para>This command was renamed from <command>reload</command> in <para>This command was renamed from <command>reload</command> in
@ -1765,8 +1777,14 @@
defaulted) directory is compiled to a file called firewall in that defaulted) directory is compiled to a file called firewall in that
directory. If compilation succeeds, then firewall is copied to directory. If compilation succeeds, then firewall is copied to
<emphasis>system</emphasis> using scp. If the copy succeeds, <emphasis>system</emphasis> using scp. If the copy succeeds,
Shorewall Lite on <emphasis>system</emphasis> is restarted via Shorewall Lite on <emphasis>system</emphasis> is restarted via ssh.
ssh.</para> Beginning with Shorewall 5.0.13, if
<replaceable>system</replaceable> is omitted, then the FIREWALL
option setting in <ulink
url="shorewall6.conf.html">shorewall6.conf(5)</ulink> is assumed. In
that case, if you want to specify a
<replaceable>directory</replaceable>, then the <option>-D</option>
option must be given.</para>
<para>If <emphasis role="bold">-s</emphasis> is specified and the <para>If <emphasis role="bold">-s</emphasis> is specified and the
<emphasis role="bold">restart</emphasis> command succeeds, then the <emphasis role="bold">restart</emphasis> command succeeds, then the

6
Shorewall6/Samples6/Universal/shorewall6.conf
View File

@ -24,6 +24,12 @@ VERBOSITY=1
PAGER= PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
############################################################################### ###############################################################################
# L O G G I N G # L O G G I N G
############################################################################### ###############################################################################

6
Shorewall6/Samples6/one-interface/shorewall6.conf
View File

@ -25,6 +25,12 @@ VERBOSITY=1
PAGER= PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
############################################################################### ###############################################################################
# L O G G I N G # L O G G I N G
############################################################################### ###############################################################################

6
Shorewall6/Samples6/three-interfaces/shorewall6.conf
View File

@ -24,6 +24,12 @@ VERBOSITY=1
PAGER= PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
############################################################################### ###############################################################################
# L O G G I N G # L O G G I N G
############################################################################### ###############################################################################

6
Shorewall6/Samples6/two-interfaces/shorewall6.conf
View File

@ -24,6 +24,12 @@ VERBOSITY=1
PAGER= PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
############################################################################### ###############################################################################
# L O G G I N G # L O G G I N G
############################################################################### ###############################################################################

6
Shorewall6/configfiles/shorewall6.conf
View File

@ -24,6 +24,12 @@ VERBOSITY=1
PAGER= PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
############################################################################### ###############################################################################
# L O G G I N G # L O G G I N G
############################################################################### ###############################################################################

14
Shorewall6/manpages/shorewall6.conf.xml
View File

@ -772,6 +772,20 @@ net all DROP info</programlisting>then the chain name is 'net-all'
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis
role="bold">FIREWALL</emphasis>=[<emphasis>dnsname-or-ip-address</emphasis>]</term>
<listitem>
<para>This option was added in Shorewall 5.0.13 and may be used on
an administrative system in directories containing the
configurations of remote firewalls. The contents of the variable are
the default value for the <replaceable>system</replaceable>
parameter to the <command>remote-reload</command> and
<command>remote-restart</command> commands.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">FORWARD_CLEAR_MARK=</emphasis>{<emphasis <term><emphasis role="bold">FORWARD_CLEAR_MARK=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term> role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>

56
Shorewall6/manpages/shorewall6.xml
View File

@ -403,9 +403,9 @@
<arg><option>-i</option></arg> <arg><option>-i</option></arg>
<arg><replaceable>directory</replaceable></arg> <arg><arg><option>-D</option></arg><replaceable>directory</replaceable></arg>
<arg choice="plain"><replaceable>system</replaceable></arg> <arg choice="opt"><replaceable>system</replaceable></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
@ -427,9 +427,9 @@
<arg><option>-i</option></arg> <arg><option>-i</option></arg>
<arg><replaceable>directory</replaceable></arg> <arg><arg><option>-D</option></arg><replaceable>directory</replaceable></arg>
<arg choice="plain"><replaceable>system</replaceable></arg> <arg choice="opt"><replaceable>system</replaceable></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
@ -451,9 +451,9 @@
<arg><option>-i</option></arg> <arg><option>-i</option></arg>
<arg><replaceable>directory</replaceable></arg> <arg><arg><option>-D</option></arg><replaceable>directory</replaceable></arg>
<arg choice="plain"><replaceable>system</replaceable></arg> <arg choice="opt"><replaceable>system</replaceable></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
@ -1548,9 +1548,11 @@
<term><emphasis role="bold">remote-reload <term><emphasis role="bold">remote-reload
</emphasis>[-<option>s</option>] [-<option>c</option>] </emphasis>[-<option>s</option>] [-<option>c</option>]
[-<option>r</option> <replaceable>root-user-name</replaceable>] [-<option>r</option> <replaceable>root-user-name</replaceable>]
[-<option>T</option>] [-<option>i</option>] [ [-<option>T</option>] [-<option>i</option>] [ [ -D ]
<replaceable>directory</replaceable> ] <replaceable>directory</replaceable> ] [
<replaceable>system</replaceable></term> <replaceable>system</replaceable> ]</term>
<term/>
<listitem> <listitem>
<para>This command was added in Shorewall 5.0.0.</para> <para>This command was added in Shorewall 5.0.0.</para>
@ -1574,8 +1576,14 @@
defaulted) directory is compiled to a file called firewall in that defaulted) directory is compiled to a file called firewall in that
directory. If compilation succeeds, then firewall is copied to directory. If compilation succeeds, then firewall is copied to
<emphasis>system</emphasis> using scp. If the copy succeeds, <emphasis>system</emphasis> using scp. If the copy succeeds,
Shorewall6 Lite on <emphasis>system</emphasis> is restarted via Shorewall6 Lite on <emphasis>system</emphasis> is restarted via ssh.
ssh.</para> Beginning with Shorewall 5.0.13, if
<replaceable>system</replaceable> is omitted, then the FIREWALL
option setting in <ulink
url="shorewall6.conf.html">shorewall6.conf(5)</ulink> is assumed. In
that case, if you want to specify a
<replaceable>directory</replaceable>, then the <option>-D</option>
option must be given.</para>
<para>If <option>-s</option> is specified and the <para>If <option>-s</option> is specified and the
<command>restart</command> command succeeds, then the remote <command>restart</command> command succeeds, then the remote
@ -1610,9 +1618,9 @@
<term><emphasis role="bold">remote- restart <term><emphasis role="bold">remote- restart
</emphasis>[-<option>s</option>] [-<option>c</option>] </emphasis>[-<option>s</option>] [-<option>c</option>]
[-<option>r</option> <replaceable>root-user-name</replaceable>] [-<option>r</option> <replaceable>root-user-name</replaceable>]
[-<option>T</option>] [-<option>i</option>] [ [-<option>T</option>] [-<option>i</option>] [ [ -D ]
<replaceable>directory</replaceable> ] <replaceable>directory</replaceable> ] [
<replaceable>system</replaceable></term> <replaceable>system</replaceable> ]</term>
<listitem> <listitem>
<para>This command was renamed from <command>reload</command> in <para>This command was renamed from <command>reload</command> in
@ -1640,6 +1648,14 @@
Shorewall6 Lite on <emphasis>system</emphasis> is restarted via Shorewall6 Lite on <emphasis>system</emphasis> is restarted via
ssh.</para> ssh.</para>
<para>Beginning with Shorewall 5.0.13, if
<replaceable>system</replaceable> is omitted, then the FIREWALL
option setting in <ulink
url="shorewall6.conf.html">shorewall6.conf(5)</ulink> is assumed. In
that case, if you want to specify a
<replaceable>directory</replaceable>, then the <option>-D</option>
option must be given.</para>
<para>If <option>-s</option> is specified and the <para>If <option>-s</option> is specified and the
<command>restart</command> command succeeds, then the remote <command>restart</command> command succeeds, then the remote
Shorewall6-lite configuration is saved by executing Shorewall6-lite configuration is saved by executing
@ -1673,8 +1689,8 @@
<term><emphasis role="bold">remote-start </emphasis> <term><emphasis role="bold">remote-start </emphasis>
[-<option>s</option>] [-<option>c</option>] [-<option>r</option> [-<option>s</option>] [-<option>c</option>] [-<option>r</option>
<replaceable>root-user-name</replaceable>] [-<option>T</option>] <replaceable>root-user-name</replaceable>] [-<option>T</option>]
[-<option>i</option>] [ <replaceable>directory</replaceable> ] [-<option>i</option>] [ [-D ] <replaceable>directory</replaceable> ] [
<replaceable>system</replaceable></term> <replaceable>system</replaceable> ]</term>
<listitem> <listitem>
<para>This command was added in Shorewall 5.0.0.</para> <para>This command was added in Shorewall 5.0.0.</para>
@ -1699,7 +1715,13 @@
directory. If compilation succeeds, then firewall is copied to directory. If compilation succeeds, then firewall is copied to
<replaceable>system</replaceable> using scp. If the copy succeeds, <replaceable>system</replaceable> using scp. If the copy succeeds,
Shorewall6 Lite on <replaceable>system</replaceable> is started via Shorewall6 Lite on <replaceable>system</replaceable> is started via
ssh.</para> ssh. Beginning with Shorewall 5.0.13, if
<replaceable>system</replaceable> is omitted, then the FIREWALL
option setting in <ulink
url="shorewall6.conf.html">shorewall6.conf(5)</ulink> is assumed. In
that case, if you want to specify a
<replaceable>directory</replaceable>, then the <option>-D</option>
option must be given.</para>
<para>If <option>-s</option> is specified and the <emphasis <para>If <option>-s</option> is specified and the <emphasis
role="bold">start</emphasis> command succeeds, then the remote role="bold">start</emphasis> command succeeds, then the remote