diff --git a/LrpN/etc/shorewall/accounting b/LrpN/etc/shorewall/accounting index aa44a3d2a..d21c03326 100644 --- a/LrpN/etc/shorewall/accounting +++ b/LrpN/etc/shorewall/accounting @@ -1,5 +1,5 @@ # -# Shorewall version 2.1 - Accounting File +# Shorewall version 2.2 - Accounting File # # /etc/shorewall/accounting # diff --git a/LrpN/etc/shorewall/actions b/LrpN/etc/shorewall/actions index 9f6bca91f..4ddb30e91 100644 --- a/LrpN/etc/shorewall/actions +++ b/LrpN/etc/shorewall/actions @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /etc/shorewall/actions +# Shorewall 2.2 /etc/shorewall/actions # # This file allows you to define new ACTIONS for use in rules # (/etc/shorewall/rules). You define the iptables rules to diff --git a/LrpN/etc/shorewall/blacklist b/LrpN/etc/shorewall/blacklist index a3c7e457f..4cb06756d 100644 --- a/LrpN/etc/shorewall/blacklist +++ b/LrpN/etc/shorewall/blacklist @@ -1,5 +1,5 @@ # -# Shorewall 2.1 -- Blacklist File +# Shorewall 2.2 -- Blacklist File # # /etc/shorewall/blacklist # diff --git a/LrpN/etc/shorewall/ecn b/LrpN/etc/shorewall/ecn index 9b309eeb9..e09e32540 100644 --- a/LrpN/etc/shorewall/ecn +++ b/LrpN/etc/shorewall/ecn @@ -1,5 +1,5 @@ # -# Shorewall 2.1 - /etc/shorewall/ecn +# Shorewall 2.2 - /etc/shorewall/ecn # # Use this file to list the destinations for which you want to # disable ECN. diff --git a/LrpN/etc/shorewall/hosts b/LrpN/etc/shorewall/hosts index d26d2694a..1fbd5e51c 100644 --- a/LrpN/etc/shorewall/hosts +++ b/LrpN/etc/shorewall/hosts @@ -1,5 +1,5 @@ # -# Shorewall 2.1 - /etc/shorewall/hosts +# Shorewall 2.2 - /etc/shorewall/hosts # # THE ONLY TIME YOU NEED THIS FILE IS WHERE YOU HAVE MORE THAN # ONE ZONE CONNECTED THROUGH A SINGLE INTERFACE. @@ -129,7 +129,11 @@ # NEWNOTSYN=Yes. # # ipsec - The zone is accessed via a -# kernel 2.6 ipsec SA. +# kernel 2.6 ipsec SA. Note that if the +# zone named in the ZONE column is +# specified as an IPSEC zone in the +# /etc/shorewall/ipsec file then you do NOT +# need to specify the 'ipsec' option here. # #ZONE HOST(S) OPTIONS #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE diff --git a/LrpN/etc/shorewall/init b/LrpN/etc/shorewall/init index cdd21c79b..7fb3988e1 100644 --- a/LrpN/etc/shorewall/init +++ b/LrpN/etc/shorewall/init @@ -1,5 +1,5 @@ ############################################################################ -# Shorewall 2.0 -- /etc/shorewall/init +# Shorewall 2.2 -- /etc/shorewall/init # # Add commands below that you want to be executed at the beginning of # a "shorewall start" or "shorewall restart" command. diff --git a/LrpN/etc/shorewall/initdone b/LrpN/etc/shorewall/initdone index 35148d94a..efd2be5d2 100644 --- a/LrpN/etc/shorewall/initdone +++ b/LrpN/etc/shorewall/initdone @@ -1,5 +1,5 @@ ############################################################################ -# Shorewall 2.0 -- /etc/shorewall/initdone +# Shorewall 2.2 -- /etc/shorewall/initdone # # Add commands below that you want to be executed during # "shorewall start" or "shorewall restart" commands at the point where diff --git a/LrpN/etc/shorewall/interfaces b/LrpN/etc/shorewall/interfaces index 35a385142..20e08b99f 100644 --- a/LrpN/etc/shorewall/interfaces +++ b/LrpN/etc/shorewall/interfaces @@ -1,5 +1,5 @@ # -# Shorewall 2.1 -- Interfaces File +# Shorewall 2.2 -- Interfaces File # # /etc/shorewall/interfaces # diff --git a/LrpN/etc/shorewall/ipsec b/LrpN/etc/shorewall/ipsec index d3b352a3f..b6692d8fd 100644 --- a/LrpN/etc/shorewall/ipsec +++ b/LrpN/etc/shorewall/ipsec @@ -1,5 +1,5 @@ # -# Shorewall 2.1 - /etc/shorewall/ipsec +# Shorewall 2.2 - /etc/shorewall/ipsec # # This file defines the attributes of zones with respect to # IPSEC. To use this file, you must be running a 2.6 kernel and diff --git a/LrpN/etc/shorewall/maclist b/LrpN/etc/shorewall/maclist index 147e5405e..b200ddda2 100644 --- a/LrpN/etc/shorewall/maclist +++ b/LrpN/etc/shorewall/maclist @@ -1,5 +1,5 @@ # -# Shorewall 2.1 - MAC list file +# Shorewall 2.2 - MAC list file # # /etc/shorewall/maclist # diff --git a/LrpN/etc/shorewall/masq b/LrpN/etc/shorewall/masq index 38b24447f..c4a1cdd5e 100644 --- a/LrpN/etc/shorewall/masq +++ b/LrpN/etc/shorewall/masq @@ -1,5 +1,5 @@ # -# Shorewall 2.1 - Masquerade file +# Shorewall 2.2 - Masquerade file # # /etc/shorewall/masq # diff --git a/LrpN/etc/shorewall/modules b/LrpN/etc/shorewall/modules index 6621f36b3..f658e3576 100644 --- a/LrpN/etc/shorewall/modules +++ b/LrpN/etc/shorewall/modules @@ -1,5 +1,5 @@ ############################################################################## -# Shorewall 2.0 /etc/shorewall/modules +# Shorewall 2.2 /etc/shorewall/modules # # This file loads the modules needed by the firewall. # diff --git a/LrpN/etc/shorewall/nat b/LrpN/etc/shorewall/nat index ba7746c91..76991ebdd 100644 --- a/LrpN/etc/shorewall/nat +++ b/LrpN/etc/shorewall/nat @@ -1,6 +1,6 @@ ############################################################################## # -# Shorewall 2.0 -- Network Address Translation Table +# Shorewall 2.2 -- Network Address Translation Table # # /etc/shorewall/nat # @@ -16,6 +16,7 @@ # EXTERNAL External IP Address - this should NOT be the primary # IP address of the interface named in the next # column and must not be a DNS Name. +# # INTERFACE Interface that you want to EXTERNAL address to appear # on. If ADD_IP_ALIASES=Yes in shorewall.conf, you may # follow the interface name with ":" and a digit to @@ -29,13 +30,16 @@ # particular entry, follow the interface name with # ":" and no digit (e.g., "eth0:"). # INTERNAL Internal Address (must not be a DNS Name). +# # ALL INTERFACES If Yes or yes, NAT will be effective from all hosts. # If No or no (or left empty) then NAT will be effective # only through the interface named in the INTERFACE # column +# # LOCAL If Yes or yes, NAT will be effective from the firewall # system ############################################################################## -#EXTERNAL INTERFACE INTERNAL ALL LOCAL +#EXTERNAL INTERFACE INTERNAL ALL LOCAL # INTERFACES +# #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE diff --git a/LrpN/etc/shorewall/params b/LrpN/etc/shorewall/params index e0b7142f8..24d1c94ae 100644 --- a/LrpN/etc/shorewall/params +++ b/LrpN/etc/shorewall/params @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /etc/shorewall/params +# Shorewall 2.2 /etc/shorewall/params # # Assign any variables that you need here. # diff --git a/LrpN/etc/shorewall/policy b/LrpN/etc/shorewall/policy index 71a54f541..60a1a6749 100644 --- a/LrpN/etc/shorewall/policy +++ b/LrpN/etc/shorewall/policy @@ -1,5 +1,5 @@ # -# Shorewall 2.1 -- Policy File +# Shorewall 2.2 -- Policy File # # /etc/shorewall/policy # diff --git a/LrpN/etc/shorewall/proxyarp b/LrpN/etc/shorewall/proxyarp index dc89d47c6..c80c1b21c 100644 --- a/LrpN/etc/shorewall/proxyarp +++ b/LrpN/etc/shorewall/proxyarp @@ -1,6 +1,6 @@ ############################################################################## # -# Shorewall 2.1 -- Proxy ARP +# Shorewall 2.2 -- Proxy ARP # # /etc/shorewall/proxyarp # diff --git a/LrpN/etc/shorewall/routestopped b/LrpN/etc/shorewall/routestopped index f67a3422f..df8ea4582 100644 --- a/LrpN/etc/shorewall/routestopped +++ b/LrpN/etc/shorewall/routestopped @@ -1,6 +1,6 @@ ############################################################################## # -# Shorewall 2.1 -- Hosts Accessible when the Firewall is Stopped +# Shorewall 2.2 -- Hosts Accessible when the Firewall is Stopped # # /etc/shorewall/routestopped # diff --git a/LrpN/etc/shorewall/rules b/LrpN/etc/shorewall/rules index a7fad8d48..4cd3a4373 100755 --- a/LrpN/etc/shorewall/rules +++ b/LrpN/etc/shorewall/rules @@ -1,5 +1,5 @@ # -# Shorewall version 2.1 - Rules File +# Shorewall version 2.2 - Rules File # # /etc/shorewall/rules # diff --git a/LrpN/etc/shorewall/start b/LrpN/etc/shorewall/start index 5bf217a60..37077dfb6 100644 --- a/LrpN/etc/shorewall/start +++ b/LrpN/etc/shorewall/start @@ -1,5 +1,5 @@ ############################################################################ -# Shorewall 2.1 -- /etc/shorewall/start +# Shorewall 2.2 -- /etc/shorewall/start # # Add commands below that you want to be executed after shorewall has # been started or restarted. @@ -7,4 +7,4 @@ for file in /etc/shorewall/start.d/* ; do run_user_exit $file done - \ No newline at end of file + diff --git a/LrpN/etc/shorewall/stop b/LrpN/etc/shorewall/stop index 991c7d2cb..ab48d5961 100644 --- a/LrpN/etc/shorewall/stop +++ b/LrpN/etc/shorewall/stop @@ -1,5 +1,5 @@ ############################################################################ -# Shorewall 2.1 -- /etc/shorewall/stop +# Shorewall 2.2 -- /etc/shorewall/stop # # Add commands below that you want to be executed at the beginning of a # "shorewall stop" command. @@ -7,4 +7,4 @@ for file in /etc/shorewall/stop.d/* ; do run_user_exit $file done - \ No newline at end of file + diff --git a/LrpN/etc/shorewall/stopped b/LrpN/etc/shorewall/stopped index b3f3c5de6..d31d023c7 100644 --- a/LrpN/etc/shorewall/stopped +++ b/LrpN/etc/shorewall/stopped @@ -1,5 +1,5 @@ ############################################################################ -# Shorewall 2.1 -- /etc/shorewall/stopped +# Shorewall 2.2 -- /etc/shorewall/stopped # # Add commands below that you want to be executed at the completion of a # "shorewall stop" command. diff --git a/LrpN/etc/shorewall/tcrules b/LrpN/etc/shorewall/tcrules index 7d676f6f3..61a115df7 100644 --- a/LrpN/etc/shorewall/tcrules +++ b/LrpN/etc/shorewall/tcrules @@ -1,5 +1,5 @@ # -# Shorewall version 2.1 - Traffic Control Rules File +# Shorewall version 2.2 - Traffic Control Rules File # # /etc/shorewall/tcrules # diff --git a/LrpN/etc/shorewall/tos b/LrpN/etc/shorewall/tos index ff3864449..1a41a5d6c 100644 --- a/LrpN/etc/shorewall/tos +++ b/LrpN/etc/shorewall/tos @@ -1,5 +1,5 @@ # -# Shorewall 2.1 -- /etc/shorewall/tos +# Shorewall 2.2 -- /etc/shorewall/tos # # This file defines rules for setting Type Of Service (TOS) # diff --git a/LrpN/etc/shorewall/tunnels b/LrpN/etc/shorewall/tunnels index b6fbe5074..41110f06c 100644 --- a/LrpN/etc/shorewall/tunnels +++ b/LrpN/etc/shorewall/tunnels @@ -1,5 +1,5 @@ # -# Shorewall 2.1 - /etc/shorewall/tunnels +# Shorewall 2.2 - /etc/shorewall/tunnels # # This file defines IPSEC, GRE, IPIP and OPENVPN tunnels. # diff --git a/LrpN/etc/shorewall/zones b/LrpN/etc/shorewall/zones index 6e7e2673b..74c828682 100755 --- a/LrpN/etc/shorewall/zones +++ b/LrpN/etc/shorewall/zones @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /etc/shorewall/zones +# Shorewall 2.2 /etc/shorewall/zones # # This file determines your network zones. Columns are: # diff --git a/LrpN/usr/share/shorewall/action.AllowAuth b/LrpN/usr/share/shorewall/action.AllowAuth index d06f7d4c3..af54a9e9c 100644 --- a/LrpN/usr/share/shorewall/action.AllowAuth +++ b/LrpN/usr/share/shorewall/action.AllowAuth @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.AllowAuth +# Shorewall 2.2 /usr/share/shorewall/action.AllowAuth # # This action accepts Auth (identd) traffic. # diff --git a/LrpN/usr/share/shorewall/action.AllowDNS b/LrpN/usr/share/shorewall/action.AllowDNS index 52fc83032..9887b9795 100644 --- a/LrpN/usr/share/shorewall/action.AllowDNS +++ b/LrpN/usr/share/shorewall/action.AllowDNS @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.AllowDNS +# Shorewall 2.2 /usr/share/shorewall/action.AllowDNS # # This action accepts DNS traffic. # diff --git a/LrpN/usr/share/shorewall/action.AllowFTP b/LrpN/usr/share/shorewall/action.AllowFTP index e6601f8e7..0a0c9951b 100644 --- a/LrpN/usr/share/shorewall/action.AllowFTP +++ b/LrpN/usr/share/shorewall/action.AllowFTP @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.AllowFTP +# Shorewall 2.2 /usr/share/shorewall/action.AllowFTP # # This action accepts FTP traffic. See # http://www.shorewall.net/FTP.html for additional considerations. diff --git a/LrpN/usr/share/shorewall/action.AllowIMAP b/LrpN/usr/share/shorewall/action.AllowIMAP index 9b4db32d8..71e7b15d1 100644 --- a/LrpN/usr/share/shorewall/action.AllowIMAP +++ b/LrpN/usr/share/shorewall/action.AllowIMAP @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.AllowIMAP +# Shorewall 2.2 /usr/share/shorewall/action.AllowIMAP # # This action accepts IMAP traffic (secure and insecure): # diff --git a/LrpN/usr/share/shorewall/action.AllowNNTP b/LrpN/usr/share/shorewall/action.AllowNNTP index 43820055e..6b6967ddf 100644 --- a/LrpN/usr/share/shorewall/action.AllowNNTP +++ b/LrpN/usr/share/shorewall/action.AllowNNTP @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.AllowNNTP +# Shorewall 2.2 /usr/share/shorewall/action.AllowNNTP # # This action accepts NNTP traffic (Usenet). # diff --git a/LrpN/usr/share/shorewall/action.AllowNTP b/LrpN/usr/share/shorewall/action.AllowNTP index 341bc6a3b..936954769 100644 --- a/LrpN/usr/share/shorewall/action.AllowNTP +++ b/LrpN/usr/share/shorewall/action.AllowNTP @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.AllowNTP +# Shorewall 2.2 /usr/share/shorewall/action.AllowNTP # # This action accepts NTP traffic (ntpd). # @@ -7,4 +7,5 @@ #TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE # PORT PORT(S) DEST LIMIT ACCEPT - - udp 123 +ACCEPT - - udp 1024: 123 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/LrpN/usr/share/shorewall/action.AllowPCA b/LrpN/usr/share/shorewall/action.AllowPCA index b1e504c58..b6e424ca3 100644 --- a/LrpN/usr/share/shorewall/action.AllowPCA +++ b/LrpN/usr/share/shorewall/action.AllowPCA @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.AllowPCA +# Shorewall 2.2 /usr/share/shorewall/action.AllowPCA # # This action accepts PCAnywere (tm) # diff --git a/LrpN/usr/share/shorewall/action.AllowPOP3 b/LrpN/usr/share/shorewall/action.AllowPOP3 index 87f065037..4634b9bbd 100644 --- a/LrpN/usr/share/shorewall/action.AllowPOP3 +++ b/LrpN/usr/share/shorewall/action.AllowPOP3 @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.AllowPOP3 +# Shorewall 2.2 /usr/share/shorewall/action.AllowPOP3 # # This action accepts POP3 traffic (secure and insecure): # diff --git a/LrpN/usr/share/shorewall/action.AllowPing b/LrpN/usr/share/shorewall/action.AllowPing index 36824890f..4ef4eeae1 100644 --- a/LrpN/usr/share/shorewall/action.AllowPing +++ b/LrpN/usr/share/shorewall/action.AllowPing @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.AllowPing +# Shorewall 2.2 /usr/share/shorewall/action.AllowPing # # This action accepts 'ping' requests. # diff --git a/LrpN/usr/share/shorewall/action.AllowRdate b/LrpN/usr/share/shorewall/action.AllowRdate index 521de73d3..5c1d8054f 100644 --- a/LrpN/usr/share/shorewall/action.AllowRdate +++ b/LrpN/usr/share/shorewall/action.AllowRdate @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.AllowRdate +# Shorewall 2.2 /usr/share/shorewall/action.AllowRdate # # This action accepts remote time retrieval (rdate). # diff --git a/LrpN/usr/share/shorewall/action.AllowSMB b/LrpN/usr/share/shorewall/action.AllowSMB index d027b7dd5..b7f1e4412 100644 --- a/LrpN/usr/share/shorewall/action.AllowSMB +++ b/LrpN/usr/share/shorewall/action.AllowSMB @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.AllowSMB +# Shorewall 2.2 /usr/share/shorewall/action.AllowSMB # # Allow Microsoft SMB traffic. You need to invoke this action in # both directions. diff --git a/LrpN/usr/share/shorewall/action.AllowSMTP b/LrpN/usr/share/shorewall/action.AllowSMTP index e0c7b7c17..2ad5f2597 100644 --- a/LrpN/usr/share/shorewall/action.AllowSMTP +++ b/LrpN/usr/share/shorewall/action.AllowSMTP @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.AllowSMTP +# Shorewall 2.2 /usr/share/shorewall/action.AllowSMTP # # This action accepts SMTP (email) traffic. # diff --git a/LrpN/usr/share/shorewall/action.AllowSNMP b/LrpN/usr/share/shorewall/action.AllowSNMP index e3219b8a7..33b1b4c0d 100644 --- a/LrpN/usr/share/shorewall/action.AllowSNMP +++ b/LrpN/usr/share/shorewall/action.AllowSNMP @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.AllowSNMP +# Shorewall 2.2 /usr/share/shorewall/action.AllowSNMP # # This action accepts SNMP traffic (including traps): # diff --git a/LrpN/usr/share/shorewall/action.AllowSSH b/LrpN/usr/share/shorewall/action.AllowSSH index cf32d0705..71ae5adbf 100644 --- a/LrpN/usr/share/shorewall/action.AllowSSH +++ b/LrpN/usr/share/shorewall/action.AllowSSH @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.AllowSSH +# Shorewall 2.2 /usr/share/shorewall/action.AllowSSH # # This action accepts secure shell (SSH) traffic. # diff --git a/LrpN/usr/share/shorewall/action.AllowTelnet b/LrpN/usr/share/shorewall/action.AllowTelnet index ea336576a..3b06d098a 100644 --- a/LrpN/usr/share/shorewall/action.AllowTelnet +++ b/LrpN/usr/share/shorewall/action.AllowTelnet @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.AllowTelnet +# Shorewall 2.2 /usr/share/shorewall/action.AllowTelnet # # This action accepts Telnet traffic. For traffic over the # internet, telnet is inappropriate; use SSH instead diff --git a/LrpN/usr/share/shorewall/action.AllowTrcrt b/LrpN/usr/share/shorewall/action.AllowTrcrt index e4a40093d..63c3950e6 100644 --- a/LrpN/usr/share/shorewall/action.AllowTrcrt +++ b/LrpN/usr/share/shorewall/action.AllowTrcrt @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.AllowTrcrt +# Shorewall 2.2 /usr/share/shorewall/action.AllowTrcrt # # This action accepts Traceroute (for up to 20 hops): # diff --git a/LrpN/usr/share/shorewall/action.AllowVNC b/LrpN/usr/share/shorewall/action.AllowVNC index 199e4a08b..bf6a40aa9 100644 --- a/LrpN/usr/share/shorewall/action.AllowVNC +++ b/LrpN/usr/share/shorewall/action.AllowVNC @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.AllowVNC +# Shorewall 2.2 /usr/share/shorewall/action.AllowVNC # # This action accepts VNC traffic for VNC display's 0 - 9. # diff --git a/LrpN/usr/share/shorewall/action.AllowVNCL b/LrpN/usr/share/shorewall/action.AllowVNCL index ad6082037..2bcabd2a4 100644 --- a/LrpN/usr/share/shorewall/action.AllowVNCL +++ b/LrpN/usr/share/shorewall/action.AllowVNCL @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.AllowVNCL +# Shorewall 2.2 /usr/share/shorewall/action.AllowVNCL # # This action accepts VNC traffic from Vncservers to Vncviewers in listen mode. # diff --git a/LrpN/usr/share/shorewall/action.AllowWeb b/LrpN/usr/share/shorewall/action.AllowWeb index 10368559f..f32049606 100644 --- a/LrpN/usr/share/shorewall/action.AllowWeb +++ b/LrpN/usr/share/shorewall/action.AllowWeb @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.AllowWeb +# Shorewall 2.2 /usr/share/shorewall/action.AllowWeb # # This action accepts WWW traffic (secure and insecure): # @@ -7,5 +7,5 @@ #TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT PORT(S) LIMIT GROUP ACCEPT - - tcp 80 -ACCEPT - - TCP 443 +ACCEPT - - tcp 443 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/LrpN/usr/share/shorewall/action.Drop b/LrpN/usr/share/shorewall/action.Drop index 7b42e2c2d..fc8188d18 100644 --- a/LrpN/usr/share/shorewall/action.Drop +++ b/LrpN/usr/share/shorewall/action.Drop @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.Drop +# Shorewall 2.2 /usr/share/shorewall/action.Drop # # The default DROP common rules # diff --git a/LrpN/usr/share/shorewall/action.DropDNSrep b/LrpN/usr/share/shorewall/action.DropDNSrep index 71d66b7fe..760ac92e3 100644 --- a/LrpN/usr/share/shorewall/action.DropDNSrep +++ b/LrpN/usr/share/shorewall/action.DropDNSrep @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.DropDNSrep +# Shorewall 2.2 /usr/share/shorewall/action.DropDNSrep # # This action silently drops DNS UDP replies # diff --git a/LrpN/usr/share/shorewall/action.DropPing b/LrpN/usr/share/shorewall/action.DropPing index f9764ef1e..fb079bac6 100644 --- a/LrpN/usr/share/shorewall/action.DropPing +++ b/LrpN/usr/share/shorewall/action.DropPing @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.DropPing +# Shorewall 2.2 /usr/share/shorewall/action.DropPing # # This action silently drops 'ping' requests. # diff --git a/LrpN/usr/share/shorewall/action.DropSMB b/LrpN/usr/share/shorewall/action.DropSMB index 3f026cac0..ac2218470 100644 --- a/LrpN/usr/share/shorewall/action.DropSMB +++ b/LrpN/usr/share/shorewall/action.DropSMB @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.DropSMB +# Shorewall 2.2 /usr/share/shorewall/action.DropSMB # # This action silently drops Microsoft SMB traffic # diff --git a/LrpN/usr/share/shorewall/action.DropUPnP b/LrpN/usr/share/shorewall/action.DropUPnP index ba320a6c0..30a4865f8 100644 --- a/LrpN/usr/share/shorewall/action.DropUPnP +++ b/LrpN/usr/share/shorewall/action.DropUPnP @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.DropUPnP +# Shorewall 2.2 /usr/share/shorewall/action.DropUPnP # # This action silently drops UPnP probes on UDP port 1900 # diff --git a/LrpN/usr/share/shorewall/action.Reject b/LrpN/usr/share/shorewall/action.Reject index 54ca5e031..9e116eb22 100644 --- a/LrpN/usr/share/shorewall/action.Reject +++ b/LrpN/usr/share/shorewall/action.Reject @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.Reject +# Shorewall 2.2 /usr/share/shorewall/action.Reject # # The default REJECT action common rules # diff --git a/LrpN/usr/share/shorewall/action.RejectAuth b/LrpN/usr/share/shorewall/action.RejectAuth index efc7f9d47..a89ee4dfc 100644 --- a/LrpN/usr/share/shorewall/action.RejectAuth +++ b/LrpN/usr/share/shorewall/action.RejectAuth @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.RejectAuth +# Shorewall 2.2 /usr/share/shorewall/action.RejectAuth # # This action silently rejects Auth (tcp 113) traffic # diff --git a/LrpN/usr/share/shorewall/action.RejectSMB b/LrpN/usr/share/shorewall/action.RejectSMB index eb7bc8687..19cc5af2d 100644 --- a/LrpN/usr/share/shorewall/action.RejectSMB +++ b/LrpN/usr/share/shorewall/action.RejectSMB @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/action.RejectSMB +# Shorewall 2.2 /usr/share/shorewall/action.RejectSMB # # This action silently rejects Microsoft SMB traffic # diff --git a/LrpN/usr/share/shorewall/action.template b/LrpN/usr/share/shorewall/action.template index ccb68b66b..80152daa5 100644 --- a/LrpN/usr/share/shorewall/action.template +++ b/LrpN/usr/share/shorewall/action.template @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /etc/shorewall/action.template +# Shorewall 2.2 /etc/shorewall/action.template # # This file is a template for files with names of the form # /etc/shorewall/action. where is an diff --git a/LrpN/usr/share/shorewall/actions.std b/LrpN/usr/share/shorewall/actions.std index 99df52e95..7b357a0f5 100644 --- a/LrpN/usr/share/shorewall/actions.std +++ b/LrpN/usr/share/shorewall/actions.std @@ -1,5 +1,5 @@ # -# Shorewall 2.1 /usr/share/shorewall/actions.std +# Shorewall 2.2 /usr/share/shorewall/actions.std # # # Builtin Actions are: diff --git a/LrpN/usr/share/shorewall/firewall b/LrpN/usr/share/shorewall/firewall index 101970b82..456584f4f 100755 --- a/LrpN/usr/share/shorewall/firewall +++ b/LrpN/usr/share/shorewall/firewall @@ -1,6 +1,6 @@ #!/bin/sh # -# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V2.1 +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V2.2 # # This program is under GPL [http://www.gnu.org/copyleft/gpl.htm] # @@ -1986,7 +1986,6 @@ setup_mac_lists() { # # Process the maclist file producing the verification rules # - while read interface mac addresses; do expandv interface mac addresses @@ -2750,7 +2749,7 @@ check_config() { echo "Determining Zones..." determine_zones - check_dupliate_zones + check_duplicate_zones [ -z "$zones" ] && startup_error "ERROR: No Zones Defined" @@ -5834,20 +5833,22 @@ add_common_rules() { ;; esac - run_iptables2 -A norfc1918 $(source_ip_range $networks) -j $target - - if [ -n "$CONNTRACK_MATCH" ]; then - # - # We have connection tracking match -- match on the original destination - # - run_iptables2 -A norfc1918 -m conntrack --ctorigdst $networks -j $target - elif [ -n "$MANGLE_ENABLED" ]; then - # - # No connection tracking match but we have mangling -- add a rule to - # the mangle table - # - run_iptables2 -t mangle -A man1918 $(dest_ip_range $networks) -j $target - fi + for network in $(separate_list $networks); do + run_iptables2 -A norfc1918 $(source_ip_range $network) -j $target + + if [ -n "$CONNTRACK_MATCH" ]; then + # + # We have connection tracking match -- match on the original destination + # + run_iptables2 -A norfc1918 -m conntrack --ctorigdst $network -j $target + elif [ -n "$MANGLE_ENABLED" ]; then + # + # No connection tracking match but we have mangling -- add a rule to + # the mangle table + # + run_iptables2 -t mangle -A man1918 $(dest_ip_range $network) -j $target + fi + done done < $TMP_DIR/rfc1918 for host in $hosts; do diff --git a/LrpN/usr/share/shorewall/version b/LrpN/usr/share/shorewall/version index 6e5ee9932..d977366ad 100644 --- a/LrpN/usr/share/shorewall/version +++ b/LrpN/usr/share/shorewall/version @@ -1 +1 @@ -2.2.0-Beta1 +2.2.0-Beta2