mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 06:10:42 +01:00
some updates :-)
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2641 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
9e5acc19bd
commit
40f8a9b044
@ -13,7 +13,7 @@
|
|||||||
</author>
|
</author>
|
||||||
</authorgroup>
|
</authorgroup>
|
||||||
|
|
||||||
<pubdate>2005-09-02</pubdate>
|
<pubdate>2005-09-07</pubdate>
|
||||||
|
|
||||||
<copyright>
|
<copyright>
|
||||||
<year>2001-2005</year>
|
<year>2001-2005</year>
|
||||||
@ -49,7 +49,7 @@
|
|||||||
<title>Important Notes</title>
|
<title>Important Notes</title>
|
||||||
|
|
||||||
<note>
|
<note>
|
||||||
<para> Shorewall distribution contains a library of user-defined macros
|
<para>Shorewall distribution contains a library of user-defined macros
|
||||||
that allow for easily allowing or blocking a particular application.
|
that allow for easily allowing or blocking a particular application.
|
||||||
Check your <filename>/usr/share/shorewall/actions.std</filename> file
|
Check your <filename>/usr/share/shorewall/actions.std</filename> file
|
||||||
for a list of macros in your distribution. If you find what you need,
|
for a list of macros in your distribution. If you find what you need,
|
||||||
@ -164,6 +164,31 @@ FTP/ACCEPT <emphasis><source></emphasis> <emphasis><destination>
|
|||||||
information.</para>
|
information.</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>Gnutella</title>
|
||||||
|
|
||||||
|
<para><orderedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>The internal machine running a Gnutella Client has IP address
|
||||||
|
192.168.1.4.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>You use Masquerading or SNAT for the local network.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>The zones are named as they are in the <ulink
|
||||||
|
url="shorewall_quickstart_guide.htm">two- and three-interface
|
||||||
|
QuickStart guides)</ulink>.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Your loc->net policy is ACCEPT</para>
|
||||||
|
</listitem>
|
||||||
|
</orderedlist><programlisting>Gnutella/DNAT net loc:192.168.1.4</programlisting></para>
|
||||||
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>ICQ/AIM</title>
|
<title>ICQ/AIM</title>
|
||||||
|
|
||||||
@ -211,15 +236,14 @@ ACCEPT <emphasis><z1></emphasis>:<list of client IPs> <emphasis
|
|||||||
<title>NTP (Network Time Protocol)</title>
|
<title>NTP (Network Time Protocol)</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> udp 123</programlisting>
|
NTP/ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title><trademark>PCAnywhere</trademark></title>
|
<title><trademark>PCAnywhere</trademark></title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> udp 5632
|
PCA/ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> tcp 5631</programlisting>
|
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
@ -233,8 +257,7 @@ ACCEPT <emphasis><source></emphasis> <emphasis><destination></e
|
|||||||
<para>TCP Port 110 (Secure Pop3 is TCP Port 995)</para>
|
<para>TCP Port 110 (Secure Pop3 is TCP Port 995)</para>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> tcp 110 #Unsecure Pop3
|
POP3/ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> # Secure & Unsecure Pop3</programlisting>
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> tcp 995 #Secure Pop3</programlisting>
|
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
@ -252,14 +275,14 @@ ACCEPT <emphasis><source></emphasis> <emphasis><destination></e
|
|||||||
<title>rdate</title>
|
<title>rdate</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> tcp 37</programlisting>
|
Rdate/ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>rsync</title>
|
<title>rsync</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> tcp 873</programlisting>
|
Rsync/ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
@ -273,10 +296,8 @@ SSH/ACCEPT <emphasis><source></emphasis> <emphasis><destination></e
|
|||||||
<title>SMB/NMB (Samba/Windows Browsing/File Sharing)</title>
|
<title>SMB/NMB (Samba/Windows Browsing/File Sharing)</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis> <destination></emphasis> tcp 137,139,445
|
SMB/ACCEPT <emphasis><source></emphasis> <emphasis> <destination></emphasis>
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis> <destination></emphasis> udp 137:139
|
SMB/ACCEPT <emphasis><destination></emphasis> <emphasis><source></emphasis></programlisting>
|
||||||
ACCEPT <emphasis><destination></emphasis> <emphasis><source></emphasis> tcp 137,139,445
|
|
||||||
ACCEPT <emphasis><destination></emphasis> <emphasis><source></emphasis> udp 137:139</programlisting>
|
|
||||||
|
|
||||||
<para>Also, see <ulink url="samba.htm">this page</ulink>.</para>
|
<para>Also, see <ulink url="samba.htm">this page</ulink>.</para>
|
||||||
</section>
|
</section>
|
||||||
@ -285,7 +306,7 @@ ACCEPT <emphasis><destination></emphasis> <emphasis><source></e
|
|||||||
<title>SMTP</title>
|
<title>SMTP</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> tcp 25 #Insecure SMTP
|
SMTP/ACCEPT<emphasis><source></emphasis> <emphasis><destination></emphasis> #Insecure SMTP
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> tcp 465 #SMTP over SSL (TLS)</programlisting>
|
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> tcp 465 #SMTP over SSL (TLS)</programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
@ -293,15 +314,14 @@ ACCEPT <emphasis><source></emphasis> <emphasis><destination></e
|
|||||||
<title>SNMP</title>
|
<title>SNMP</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> udp 161:162
|
SNMP/ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> tcp 161</programlisting>
|
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>Telnet</title>
|
<title>Telnet</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> tcp 23</programlisting>
|
Telnet/ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
@ -325,8 +345,7 @@ ACCEPT <emphasis><source></emphasis> <emphasis><destination></e
|
|||||||
<title>Traceroute</title>
|
<title>Traceroute</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> udp 33434:33443 #Good for 10 hops
|
Trcrt/ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> #Good for 10 hops</programlisting>
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> icmp 8</programlisting>
|
|
||||||
|
|
||||||
<para>UDP traceroute uses ports 33434 through 33434+<max number of
|
<para>UDP traceroute uses ports 33434 through 33434+<max number of
|
||||||
hops>-1. Note that for the firewall to respond with a TTL expired ICMP
|
hops>-1. Note that for the firewall to respond with a TTL expired ICMP
|
||||||
@ -345,7 +364,7 @@ ACCEPT fw ...</programlisting>
|
|||||||
<title>Usenet (NNTP)</title>
|
<title>Usenet (NNTP)</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> tcp 119</programlisting>
|
NNTP/ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> </programlisting>
|
||||||
|
|
||||||
<para>TCP Port 119</para>
|
<para>TCP Port 119</para>
|
||||||
</section>
|
</section>
|
||||||
@ -367,7 +386,7 @@ ACCEPT <emphasis><source></emphasis> <emphasis><destination></e
|
|||||||
<para>Vncserver to Vncviewer in listen mode -- TCP port 5500.</para>
|
<para>Vncserver to Vncviewer in listen mode -- TCP port 5500.</para>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> tcp 5500</programlisting>
|
VNCL/ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis></programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
@ -386,8 +405,7 @@ ACCEPT <emphasis><source></emphasis> <emphasis><destination></e
|
|||||||
<title>Web Access</title>
|
<title>Web Access</title>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> tcp 80 #Insecure HTTP
|
Web/ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> #Insecure HTTP& Secure HTTP</programlisting>
|
||||||
ACCEPT <emphasis><source></emphasis> <emphasis><destination></emphasis> tcp 443 #Secure HTTP</programlisting>
|
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
|
Loading…
Reference in New Issue
Block a user