quote $LOG_LEVEL in shorewall[6].conf files

- Delete AllowICMPs from IPv4 policy action settings Signed-off-by: Tom Eastep <teastep@shorewall.net>
2025-01-03 12:09:14 +01:00 · 2017-03-08 14:16:24 -08:00 · 2017-03-08 14:16:24 -08:00 · 3d8d5aa469
commit 3d8d5aa469
parent 49811d24fa
10 changed files with 63 additions and 63 deletions
--- a/Shorewall/Samples/Universal/shorewall.conf
+++ b/Shorewall/Samples/Universal/shorewall.conf
@ -33,7 +33,7 @@ FIREWALL=
 #		                L O G G I N G
 ###############################################################################
-LOG_LEVEL=info
+LOG_LEVEL="info"
 BLACKLIST_LOG_LEVEL=
@ -55,19 +55,19 @@ LOGTAGONLY=No
 LOGLIMIT="s:1/sec:10"
-MACLIST_LOG_LEVEL=$LOG_LEVEL
+MACLIST_LOG_LEVEL="$LOG_LEVEL"
 RELATED_LOG_LEVEL=
-RPFILTER_LOG_LEVEL=$LOG_LEVEL
+RPFILTER_LOG_LEVEL="$LOG_LEVEL"
-SFILTER_LOG_LEVEL=$LOG_LEVEL
+SFILTER_LOG_LEVEL="$LOG_LEVEL"
-SMURF_LOG_LEVEL=$LOG_LEVEL
+SMURF_LOG_LEVEL="$LOG_LEVEL"
 STARTUP_LOG=/var/log/shorewall-init.log
-TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL
+TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"
 UNTRACKED_LOG_LEVEL=
@ -110,8 +110,8 @@ TC=
 ###############################################################################
 ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
+BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
-DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs"
+DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
 REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"
--- a/Shorewall/Samples/one-interface/shorewall.conf
+++ b/Shorewall/Samples/one-interface/shorewall.conf
@ -121,8 +121,8 @@ TC=
 ###############################################################################
 ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
+BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
-DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs"
+DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
 REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"
--- a/Shorewall/Samples/three-interfaces/shorewall.conf
+++ b/Shorewall/Samples/three-interfaces/shorewall.conf
@ -41,7 +41,7 @@ FIREWALL=
 #		                L O G G I N G
 ###############################################################################
-LOG_LEVEL=info
+LOG_LEVEL="info"
 BLACKLIST_LOG_LEVEL=
@ -63,19 +63,19 @@ LOGTAGONLY=No
 LOGLIMIT="s:1/sec:10"
-MACLIST_LOG_LEVEL=$LOG_LEVEL
+MACLIST_LOG_LEVEL="$LOG_LEVEL"
 RELATED_LOG_LEVEL=
-RPFILTER_LOG_LEVEL=$LOG_LEVEL
+RPFILTER_LOG_LEVEL="$LOG_LEVEL"
-SFILTER_LOG_LEVEL=$LOG_LEVEL
+SFILTER_LOG_LEVEL="$LOG_LEVEL"
-SMURF_LOG_LEVEL=$LOG_LEVEL
+SMURF_LOG_LEVEL="$LOG_LEVEL"
 STARTUP_LOG=/var/log/shorewall-init.log
-TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL
+TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"
 UNTRACKED_LOG_LEVEL=
@ -118,8 +118,8 @@ TC=
 ###############################################################################
 ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
+BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
-DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs"
+DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
 REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"
--- a/Shorewall/Samples/two-interfaces/shorewall.conf
+++ b/Shorewall/Samples/two-interfaces/shorewall.conf
@ -44,7 +44,7 @@ FIREWALL=
 #		                L O G G I N G
 ###############################################################################
-LOG_LEVEL=info
+LOG_LEVEL="info"
 BLACKLIST_LOG_LEVEL=
@ -66,19 +66,19 @@ LOGTAGONLY=No
 LOGLIMIT="s:1/sec:10"
-MACLIST_LOG_LEVEL=$LOG_LEVEL
+MACLIST_LOG_LEVEL="$LOG_LEVEL"
 RELATED_LOG_LEVEL=
-RPFILTER_LOG_LEVEL=$LOG_LEVEL
+RPFILTER_LOG_LEVEL="$LOG_LEVEL"
-SFILTER_LOG_LEVEL=$LOG_LEVEL
+SFILTER_LOG_LEVEL="$LOG_LEVEL"
-SMURF_LOG_LEVEL=$LOG_LEVEL
+SMURF_LOG_LEVEL="$LOG_LEVEL"
 STARTUP_LOG=/var/log/shorewall-init.log
-TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL
+TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"
 UNTRACKED_LOG_LEVEL=
@ -121,8 +121,8 @@ TC=
 ###############################################################################
 ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
+BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
-DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs"
+DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
 REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"
--- a/Shorewall/configfiles/shorewall.conf
+++ b/Shorewall/configfiles/shorewall.conf
@ -33,7 +33,7 @@ FIREWALL=
 #			       L O G G I N G
 ###############################################################################
-LOG_LEVEL=info
+LOG_LEVEL="info"
 BLACKLIST_LOG_LEVEL=
@ -55,19 +55,19 @@ LOGTAGONLY=No
 LOGLIMIT="s:1/sec:10"
-MACLIST_LOG_LEVEL=$LOG_LEVEL
+MACLIST_LOG_LEVEL="$LOG_LEVEL"
 RELATED_LOG_LEVEL=
-RPFILTER_LOG_LEVEL=$LOG_LEVEL
+RPFILTER_LOG_LEVEL="$LOG_LEVEL"
-SFILTER_LOG_LEVEL=$LOG_LEVEL
+SFILTER_LOG_LEVEL="$LOG_LEVEL"
 SMURF_LOG_LEVEL=$LOG_LEVEL
 STARTUP_LOG=/var/log/shorewall-init.log
-TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL
+TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"
 UNTRACKED_LOG_LEVEL=
@ -110,8 +110,8 @@ TC=
 ###############################################################################
 ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs,dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
+BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
-DROP_DEFAULT="Broadcast(DROP),Multicast(DROP),AllowICMPs"
+DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
 REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"
--- a/Shorewall6/Samples6/Universal/shorewall6.conf
+++ b/Shorewall6/Samples6/Universal/shorewall6.conf
@ -34,7 +34,7 @@ FIREWALL=
 #			       L O G G I N G
 ###############################################################################
-LOG_LEVEL=info
+LOG_LEVEL="info"
 BLACKLIST_LOG_LEVEL=
@ -54,19 +54,19 @@ LOGLIMIT="s:1/sec:10"
 LOGTAGONLY=No
-MACLIST_LOG_LEVEL=info
+MACLIST_LOG_LEVEL="$LOG_LEVEL"
 RELATED_LOG_LEVEL=
-RPFILTER_LOG_LEVEL=info
+RPFILTER_LOG_LEVEL="$LOG_LEVEL"
-SFILTER_LOG_LEVEL=info
+SFILTER_LOG_LEVEL="$LOG_LEVEL"
-SMURF_LOG_LEVEL=info
+SMURF_LOG_LEVEL="$LOG_LEVEL"
 STARTUP_LOG=/var/log/shorewall6-init.log
-TCP_FLAGS_LOG_LEVEL=info
+TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"
 UNTRACKED_LOG_LEVEL=
--- a/Shorewall6/Samples6/one-interface/shorewall6.conf
+++ b/Shorewall6/Samples6/one-interface/shorewall6.conf
@ -35,7 +35,7 @@ FIREWALL=
 #			       L O G G I N G
 ###############################################################################
-LOG_LEVEL=info
+LOG_LEVEL="info"
 BLACKLIST_LOG_LEVEL=
@ -55,19 +55,19 @@ LOGLIMIT="s:1/sec:10"
 LOGTAGONLY=No
-MACLIST_LOG_LEVEL=info
+MACLIST_LOG_LEVEL="$LOG_LEVEL"
 RELATED_LOG_LEVEL=
-RPFILTER_LOG_LEVEL=info
+RPFILTER_LOG_LEVEL="$LOG_LEVEL"
-SFILTER_LOG_LEVEL=info
+SFILTER_LOG_LEVEL="$LOG_LEVEL"
-SMURF_LOG_LEVEL=info
+SMURF_LOG_LEVEL="$LOG_LEVEL"
 STARTUP_LOG=/var/log/shorewall6-init.log
-TCP_FLAGS_LOG_LEVEL=info
+TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"
 UNTRACKED_LOG_LEVEL=
--- a/Shorewall6/Samples6/three-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/three-interfaces/shorewall6.conf
@ -34,7 +34,7 @@ FIREWALL=
 #			       L O G G I N G
 ###############################################################################
-LOG_LEVEL=info
+LOG_LEVEL="info"
 BLACKLIST_LOG_LEVEL=
@ -54,19 +54,19 @@ LOGLIMIT="s:1/sec:10"
 LOGTAGONLY=No
-MACLIST_LOG_LEVEL=info
+MACLIST_LOG_LEVEL="$LOG_LEVEL"
 RELATED_LOG_LEVEL=
-RPFILTER_LOG_LEVEL=info
+RPFILTER_LOG_LEVEL="$LOG_LEVEL"
-SFILTER_LOG_LEVEL=info
+SFILTER_LOG_LEVEL="$LOG_LEVEL"
-SMURF_LOG_LEVEL=info
+SMURF_LOG_LEVEL="$LOG_LEVEL"
 STARTUP_LOG=/var/log/shorewall6-init.log
-TCP_FLAGS_LOG_LEVEL=info
+TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"
 UNTRACKED_LOG_LEVEL=
--- a/Shorewall6/Samples6/two-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/two-interfaces/shorewall6.conf
@ -34,7 +34,7 @@ FIREWALL=
 #			       L O G G I N G
 ###############################################################################
-LOG_LEVEL=info
+LOG_LEVEL="info"
 BLACKLIST_LOG_LEVEL=
@ -54,19 +54,19 @@ LOGLIMIT="s:1/sec:10"
 LOGTAGONLY=No
-MACLIST_LOG_LEVEL=info
+MACLIST_LOG_LEVEL="$LOG_LEVEL"
 RELATED_LOG_LEVEL=
-RPFILTER_LOG_LEVEL=info
+RPFILTER_LOG_LEVEL="$LOG_LEVEL"
-SFILTER_LOG_LEVEL=info
+SFILTER_LOG_LEVEL="$LOG_LEVEL"
-SMURF_LOG_LEVEL=info
+SMURF_LOG_LEVEL="$LOG_LEVEL"
 STARTUP_LOG=/var/log/shorewall6-init.log
-TCP_FLAGS_LOG_LEVEL=info
+TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"
 UNTRACKED_LOG_LEVEL=
--- a/Shorewall6/configfiles/shorewall6.conf
+++ b/Shorewall6/configfiles/shorewall6.conf
@ -34,7 +34,7 @@ FIREWALL=
 #			       L O G G I N G
 ###############################################################################
-LOG_LEVEL=info
+LOG_LEVEL="info"
 BLACKLIST_LOG_LEVEL=
@ -54,19 +54,19 @@ LOGLIMIT="s:1/sec:10"
 LOGTAGONLY=No
-MACLIST_LOG_LEVEL=$LOG_LEVEL
+MACLIST_LOG_LEVEL="$LOG_LEVEL"
 RELATED_LOG_LEVEL=
-RPFILTER_LOG_LEVEL=$LOG_LEVEL
+RPFILTER_LOG_LEVEL="$LOG_LEVEL"
-SFILTER_LOG_LEVEL=$LOG_LEVEL
+SFILTER_LOG_LEVEL="$LOG_LEVEL"
-SMURF_LOG_LEVEL=$LOG_LEVEL
+SMURF_LOG_LEVEL="$LOG_LEVEL"
 STARTUP_LOG=/var/log/shorewall6-init.log
-TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL
+TCP_FLAGS_LOG_LEVEL=:$LOG_LEVEL"
 UNTRACKED_LOG_LEVEL=