extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-25 12:13:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

This is a harmless commit to test syncmail.

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2171 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
paulgear 2005-05-26 10:10:10 +00:00
parent 505837f151
commit 41c3877145
1 changed files with 29 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
Shorewall2/shorewall.conf
View File

@ -158,6 +158,7 @@ LOGALLNEW=
# #
# See the comment at the top of this section for a description of log levels # See the comment at the top of this section for a description of log levels
# #
BLACKLIST_LOGLEVEL= BLACKLIST_LOGLEVEL=
# #
@ -174,7 +175,6 @@ BLACKLIST_LOGLEVEL=
# #
# Example: LOGNEWNOTSYN=debug # Example: LOGNEWNOTSYN=debug
LOGNEWNOTSYN=info LOGNEWNOTSYN=info
# #
@ -251,6 +251,7 @@ BOGON_LOG_LEVEL=info
# #
LOG_MARTIANS=No LOG_MARTIANS=No
################################################################################ ################################################################################
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
################################################################################ ################################################################################
@ -261,12 +262,14 @@ LOG_MARTIANS=No
# not specified or if specified with an empty value (e.g., IPTABLES="") then # not specified or if specified with an empty value (e.g., IPTABLES="") then
# the iptables executable located via the PATH setting below is used. # the iptables executable located via the PATH setting below is used.
# #
IPTABLES= IPTABLES=
# #
# PATH - Change this if you want to change the order in which Shorewall # PATH - Change this if you want to change the order in which Shorewall
# searches directories for executable files. # searches directories for executable files.
# #
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
# #
@ -336,6 +339,7 @@ CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
# assumed. # assumed.
RESTOREFILE= RESTOREFILE=
################################################################################ ################################################################################
# F I R E W A L L O P T I O N S # F I R E W A L L O P T I O N S
################################################################################ ################################################################################
@ -345,6 +349,7 @@ RESTOREFILE=
# Name of the firewall zone -- if not set or if set to an empty string, "fw" # Name of the firewall zone -- if not set or if set to an empty string, "fw"
# is assumed. # is assumed.
# #
FW=fw FW=fw
# #
@ -359,6 +364,7 @@ FW=fw
# If you set this variable to "Keep" or "keep", Shorewall will neither # If you set this variable to "Keep" or "keep", Shorewall will neither
# enable nor disable packet forwarding. # enable nor disable packet forwarding.
# #
IP_FORWARDING=On IP_FORWARDING=On
# #
@ -368,6 +374,7 @@ IP_FORWARDING=On
# for each NAT external address that you give in /etc/shorewall/nat. If you say # for each NAT external address that you give in /etc/shorewall/nat. If you say
# "No" or "no", you must add these aliases youself. # "No" or "no", you must add these aliases youself.
# #
ADD_IP_ALIASES=Yes ADD_IP_ALIASES=Yes
# #
@ -378,6 +385,7 @@ ADD_IP_ALIASES=Yes
# "No" or "no", you must add these aliases youself. LEAVE THIS SET TO "No" unless # "No" or "no", you must add these aliases youself. LEAVE THIS SET TO "No" unless
# you are sure that you need it -- most people don't!!! # you are sure that you need it -- most people don't!!!
# #
ADD_SNAT_ALIASES=No ADD_SNAT_ALIASES=No
# #
@ -393,6 +401,7 @@ ADD_SNAT_ALIASES=No
# You can cause Shorewall to retain existing addresses by setting # You can cause Shorewall to retain existing addresses by setting
# RETAIN_ALIASES=Yes. # RETAIN_ALIASES=Yes.
# #
RETAIN_ALIASES=No RETAIN_ALIASES=No
# #
@ -475,6 +484,7 @@ MARK_IN_FORWARD_CHAIN=No
# #
# CLAMPMSS=1400 # CLAMPMSS=1400
# #
CLAMPMSS=No CLAMPMSS=No
# #
@ -571,7 +581,6 @@ MUTEX_TIMEOUT=60
# The behavior of NEWNOTSYN=Yes may also be enabled on a per-interface basis # The behavior of NEWNOTSYN=Yes may also be enabled on a per-interface basis
# using the 'newnotsyn' option in /etc/shorewall/interfaces and on a # using the 'newnotsyn' option in /etc/shorewall/interfaces and on a
# network or host basis using the same option in /etc/shorewall/hosts. # network or host basis using the same option in /etc/shorewall/hosts.
# #
# I find that NEWNOTSYN=No tends to result in lots of "stuck" # I find that NEWNOTSYN=No tends to result in lots of "stuck"
# connections because any network timeout during TCP session tear down # connections because any network timeout during TCP session tear down
@ -609,6 +618,7 @@ NEWNOTSYN=Yes
# If this variable is not set or it is set to the null value then # If this variable is not set or it is set to the null value then
# ADMINISABSENTMINDED=No is assumed. # ADMINISABSENTMINDED=No is assumed.
# #
ADMINISABSENTMINDED=Yes ADMINISABSENTMINDED=Yes
# #
@ -631,6 +641,7 @@ ADMINISABSENTMINDED=Yes
# If the BLACKLISTNEWONLY option is not set or is set to the empty value then # If the BLACKLISTNEWONLY option is not set or is set to the empty value then
# BLACKLISTNEWONLY=No is assumed. # BLACKLISTNEWONLY=No is assumed.
# #
BLACKLISTNEWONLY=Yes BLACKLISTNEWONLY=Yes
# #
@ -808,22 +819,27 @@ SAVE_IPSETS=No
# #
# CROSSBEAM SUPPORT # CROSSBEAM SUPPORT
# #
# If Shorewall is running in a Crossbeam System (www.crossbeamsystems.com) you need # If Shorewall is running in a Crossbeam System (www.crossbeamsystems.com)
# to activate this directive if you don't want the CPM to think the system is down # you need to activate this directive if you don't want the CPM to think
# and send a reset signal. Also Crossbeam has a backplane chassis that needs to be # the system is down and send a reset signal during firewall restarts. Also
# configured in such a way that accepts all traffic. # Crossbeam has a backplane chassis that needs to be configured in such a
# way that accepts all traffic.
# #
# If CROSSBEAM=Yes, then during a Shorewall start, restart or clear instead of # If CROSSBEAM=Yes, then during a Shorewall start, restart or clear instead
# setting the default policies to DROP and then activating established connections, # of setting the default policies to DROP and then activating established
# Shorewall will first set the default policies to ACCEPT, activate established # connections, Shorewall will first set the default policies to ACCEPT,
# connections and then set the default policies to DROP. After that, Shorewall starts # activate established connections and then set the default policies to
# generating the rules as usual. # DROP. After that, Shorewall starts generating the rules as usual.
# #
# If CROSSBEAM=No, CROSSBEAM_BACKBONE is not used. If CROSSBEAM is set to Yes, # If CROSSBEAM=No, CROSSBEAM_BACKBONE is not used. If CROSSBEAM is set to
# CROSSBEAM_BACKBONE will indicate the device used by the backbone. # Yes, CROSSBEAM_BACKBONE will indicate the device used by the backbone.
# #
# If not specified or if specified as empty (e.g., CROSSBEAM="") then # If not specified or if specified as empty (e.g., CROSSBEAM="") then
# CROSSBEAM=No is assumed. # CROSSBEAM=No is assumed.
#
# FIXME: This needs to be replaced by better generalised routestopped
# support.
#
CROSSBEAM=No CROSSBEAM=No
CROSSBEAM_BACKBONE=eth0 CROSSBEAM_BACKBONE=eth0