mirror of
https://gitlab.com/shorewall/code.git
synced 2025-02-16 17:51:16 +01:00
More updates from 4.5
This commit is contained in:
Tom Eastep
parent
eb790c6d89
commit
4453bb7dc8
@ -366,13 +366,14 @@ usage() # $1 = exit status
|
||||
{
|
||||
echo "Usage: $(basename $0) [debug|trace] [nolock] [ -q ] [ -v[-1|{0-2}] ] [ -t ] <command>"
|
||||
echo "where <command> is one of:"
|
||||
echo " add <interface>[:<host-list>] ... <zone>"
|
||||
echo " allow <address> ..."
|
||||
echo " clear"
|
||||
echo " clear [ -f ]"
|
||||
echo " delete <interface>[:<host-list>] ... <zone>"
|
||||
echo " drop <address> ..."
|
||||
echo " dump [ -x ]"
|
||||
echo " forget [ <file name> ]"
|
||||
echo " help"
|
||||
echo " hits [ -t ]"
|
||||
echo " ipcalc { <address>/<vlsm> | <address> <netmask> }"
|
||||
echo " ipdecimal { <address> | <integer> }"
|
||||
echo " iprange <address>-<address>"
|
||||
@ -381,7 +382,7 @@ usage() # $1 = exit status
|
||||
echo " logwatch [<refresh interval>]"
|
||||
echo " reject <address> ..."
|
||||
echo " reset [ <chain> ... ]"
|
||||
echo " restart [ -n ] [ -p ]"
|
||||
echo " restart [ -n ] [ -p ] [ -f ] [ <directory> ]"
|
||||
echo " restore [ -n ] [ <file name> ]"
|
||||
echo " save [ <file name> ]"
|
||||
echo " show [ -x ] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]"
|
||||
@ -389,19 +390,18 @@ usage() # $1 = exit status
|
||||
echo " show classifiers"
|
||||
echo " show config"
|
||||
echo " show connections"
|
||||
echo " show dynamic <zone>"
|
||||
echo " show filter"
|
||||
echo " show filters"
|
||||
echo " show ip"
|
||||
echo " show [ -m ] log"
|
||||
echo " show [ -x ] mangle|nat|raw"
|
||||
echo " show routing"
|
||||
echo " show tc"
|
||||
echo " show [ -x ] mangle|nat|raw|routing"
|
||||
echo " show policies"
|
||||
echo " show tc [ device ]"
|
||||
echo " show vardir"
|
||||
echo " show zones"
|
||||
echo " start [ -n ] [ -p ]"
|
||||
echo " stop"
|
||||
echo " start [ -f ] [ -p ] [ <directory> ]"
|
||||
echo " stop [ -f ]"
|
||||
echo " status"
|
||||
echo " version"
|
||||
echo " version [ -a ]"
|
||||
echo
|
||||
exit $1
|
||||
}
|
||||
|
||||
@ -1396,7 +1396,7 @@ usage() # $1 = exit status
|
||||
echo " show macros"
|
||||
echo " show [ -x ] mangle|nat|raw|routing"
|
||||
echo " show policies"
|
||||
echo " show tc [ <device> ]"
|
||||
echo " show tc [ device ]"
|
||||
echo " show vardir"
|
||||
echo " show zones"
|
||||
echo " start [ -f ] [ -n ] [ -p ] [ <directory> ]"
|
||||
@ -1760,6 +1760,11 @@ case "$COMMAND" in
|
||||
[ -n "$debugging" ] && set -x
|
||||
[ $# -eq 1 ] && usage 1
|
||||
if shorewall_is_started ; then
|
||||
if ! chain_exists dynamic; then
|
||||
echo "Dynamic blacklisting is not supported in the current $PRODUCT configuration"
|
||||
exit 2
|
||||
fi
|
||||
|
||||
[ -n "$nolock" ] || mutex_on
|
||||
block DROP Dropped $*
|
||||
[ -n "$nolock" ] || mutex_off
|
||||
@ -1772,6 +1777,11 @@ case "$COMMAND" in
|
||||
[ -n "$debugging" ] && set -x
|
||||
[ $# -eq 1 ] && usage 1
|
||||
if shorewall_is_started ; then
|
||||
if ! chain_exists dynamic; then
|
||||
echo "Dynamic blacklisting is not supported in the current $PRODUCT configuration"
|
||||
exit 2
|
||||
fi
|
||||
|
||||
[ -n "$nolock" ] || mutex_on
|
||||
block logdrop Dropped $*
|
||||
[ -n "$nolock" ] || mutex_off
|
||||
|
||||
@ -367,28 +367,26 @@ usage() # $1 = exit status
|
||||
echo "Usage: $(basename $0) [debug|trace] [nolock] [ -q ] [ -v[-1|{0-2}] ] [ -t ] <command>"
|
||||
echo "where <command> is one of:"
|
||||
echo " allow <address> ..."
|
||||
echo " clear"
|
||||
echo " clear [ -f ]"
|
||||
echo " drop <address> ..."
|
||||
echo " dump [ -x ]"
|
||||
echo " forget [ <file name> ]"
|
||||
echo " help"
|
||||
echo " hits [ -t ]"
|
||||
echo " ipcalc { <address>/<vlsm> | <address> <netmask> }"
|
||||
echo " ipdecimal { <address> | <integer> }"
|
||||
echo " iprange <address>-<address>"
|
||||
echo " load [ -s ] [ -c ] [ -r <root user> ] [ <directory> ] <system>"
|
||||
echo " logdrop <address> ..."
|
||||
echo " logreject <address> ..."
|
||||
echo " logwatch [<refresh interval>]"
|
||||
echo " refresh [ <chain>... ]"
|
||||
echo " reject <address> ..."
|
||||
echo " reset"
|
||||
echo " restart [ -n ] [ -p ]"
|
||||
echo " reset [ <chain> ... ]"
|
||||
echo " restart [ -n ] [ -f ]"
|
||||
echo " restore [ -n ] [ <file name> ]"
|
||||
echo " save [ <file name> ]"
|
||||
echo " show [ -x ] [ -m ] [ -f ] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]|capabilities|classifiers|config|connections|filters|ip|log|mangle|nat|routing|tc|vardir|zones} ]"
|
||||
echo " start [ -f ] [ -n ] [ -p ]"
|
||||
echo " stop"
|
||||
echo " show [ -x ] [ -m ] [-f] [ -t {filter|mangle} ] [ {chain [<chain> [ <chain> ... ]capabilities|classifiers|config|connections|filters|ip|log|macros|mangle|nat|policies|raw|routing|tc|vardir|zones} ]"
|
||||
echo " start [ -f ] [ <directory> ]"
|
||||
echo " stop [ -f ]"
|
||||
echo " status"
|
||||
echo " version"
|
||||
echo " version [ -a ]"
|
||||
echo
|
||||
exit $1
|
||||
}
|
||||
|
||||
@ -22,7 +22,7 @@
|
||||
#
|
||||
# Reject 'auth'
|
||||
#
|
||||
Auth/REJECT
|
||||
Auth(REJECT)
|
||||
#
|
||||
# ACCEPT critical ICMP types
|
||||
#
|
||||
@ -35,7 +35,7 @@ dropInvalid
|
||||
#
|
||||
# Drop Microsoft noise so that it doesn't clutter up the log.
|
||||
#
|
||||
SMB/DROP
|
||||
SMB(DROP)
|
||||
#
|
||||
# Drop 'newnotsyn' traffic so that it doesn't get logged.
|
||||
#
|
||||
|
||||
@ -18,7 +18,7 @@
|
||||
#
|
||||
# Don't log 'auth' -- REJECT
|
||||
#
|
||||
Auth/REJECT
|
||||
Auth(REJECT)
|
||||
#
|
||||
# ACCEPT critical ICMP types
|
||||
#
|
||||
@ -32,7 +32,7 @@ dropInvalid
|
||||
#
|
||||
# Reject Microsoft noise so that it doesn't clutter up the log.
|
||||
#
|
||||
SMB/REJECT
|
||||
SMB(REJECT)
|
||||
#
|
||||
# Drop 'newnotsyn' traffic so that it doesn't get logged.
|
||||
#
|
||||
|
||||
@ -371,6 +371,26 @@ if [ -z "$CYGWIN" -a ! -f ${PREFIX}/etc/shorewall6/tcrules ]; then
|
||||
echo "TC Rules file installed as ${PREFIX}/etc/shorewall6/tcrules"
|
||||
fi
|
||||
|
||||
#
|
||||
# Install the TC Interfaces file
|
||||
#
|
||||
run_install $OWNERSHIP -m 0644 tcinterfaces ${PREFIX}/usr/share/shorewall6/configfiles/tcinterfaces
|
||||
|
||||
if [ -z "$CYGWIN" -a ! -f ${PREFIX}/etc/shorewall6/tcinterfaces ]; then
|
||||
run_install $OWNERSHIP -m 0600 tcinterfaces ${PREFIX}/etc/shorewall6/tcinterfaces
|
||||
echo "TC Interfaces file installed as ${PREFIX}/etc/shorewall6/tcinterfaces"
|
||||
fi
|
||||
|
||||
#
|
||||
# Install the TC Priority file
|
||||
#
|
||||
run_install $OWNERSHIP -m 0644 tcpri ${PREFIX}/usr/share/shorewall6/configfiles/tcpri
|
||||
|
||||
if [ -z "$CYGWIN" -a ! -f ${PREFIX}/etc/shorewall6/tcpri ]; then
|
||||
run_install $OWNERSHIP -m 0600 tcpri ${PREFIX}/etc/shorewall6/tcpri
|
||||
echo "TC Priority file installed as ${PREFIX}/etc/shorewall6/tcpri"
|
||||
fi
|
||||
|
||||
#
|
||||
# Install the TOS file
|
||||
#
|
||||
|
||||
@ -149,6 +149,12 @@ TRACK_PROVIDERS=No
|
||||
|
||||
ZONE2ZONE=2
|
||||
|
||||
ACCOUNTING=Yes
|
||||
|
||||
OPTIMIZE_ACCOUNTING=No
|
||||
|
||||
DYNAMIC_BLACKLIST=Yes
|
||||
|
||||
###############################################################################
|
||||
# P A C K E T D I S P O S I T I O N
|
||||
###############################################################################
|
||||
|
||||
Loading…
Reference in New Issue
Block a user