mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-27 08:39:00 +01:00
Add links and headers to config files and correct a typo
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2060 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
8de478584e
commit
45dc8ba9da
@ -11,6 +11,9 @@
|
|||||||
# 2. Copy this file to /etc/shorewall/action.<action name>
|
# 2. Copy this file to /etc/shorewall/action.<action name>
|
||||||
# 3. Add the desired rules to that file.
|
# 3. Add the desired rules to that file.
|
||||||
#
|
#
|
||||||
|
# Please see http://shorewall.net/Actions.html for additional
|
||||||
|
# information.
|
||||||
|
#
|
||||||
# Columns are:
|
# Columns are:
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
#
|
#
|
||||||
# ACTION names should begin with an upper-case letter to
|
# ACTION names should begin with an upper-case letter to
|
||||||
# distinguish them from Shorewall-generated chain names and
|
# distinguish them from Shorewall-generated chain names and
|
||||||
# they must need the requirements of a Netfilter chain. If
|
# they must meet the requirements of a Netfilter chain. If
|
||||||
# you intend to log from the action then the name must be
|
# you intend to log from the action then the name must be
|
||||||
# no longer than 11 character in length. Names must also
|
# no longer than 11 character in length. Names must also
|
||||||
# meet the requirements for a Bourne Shell identifier (must
|
# meet the requirements for a Bourne Shell identifier (must
|
||||||
@ -24,6 +24,9 @@
|
|||||||
# If you specify ":DROP", ":REJECT" or ":ACCEPT" on a line by
|
# If you specify ":DROP", ":REJECT" or ":ACCEPT" on a line by
|
||||||
# itself, the associated policy will have no common action.
|
# itself, the associated policy will have no common action.
|
||||||
#
|
#
|
||||||
|
# Please see http://shorewall.net/Actions.html for additional
|
||||||
|
# information.
|
||||||
|
#
|
||||||
#ACTION
|
#ACTION
|
||||||
|
|
||||||
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
|
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
#
|
#
|
||||||
# Shorewall 2.2 /usr/share/shorewall/actions.std
|
# Shorewall 2.2 /usr/share/shorewall/actions.std
|
||||||
#
|
#
|
||||||
|
# Please see http://shorewall.net/Actions.html for additional
|
||||||
|
# information.
|
||||||
#
|
#
|
||||||
# Builtin Actions are:
|
# Builtin Actions are:
|
||||||
#
|
#
|
||||||
|
@ -38,6 +38,9 @@
|
|||||||
# ADDRESS/SUBNET PROTOCOL PORT
|
# ADDRESS/SUBNET PROTOCOL PORT
|
||||||
# 192.0.2.126 udp 53
|
# 192.0.2.126 udp 53
|
||||||
#
|
#
|
||||||
|
# Please see http://shorewall.net/blacklisting_support.htm for additional
|
||||||
|
# information.
|
||||||
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
#ADDRESS/SUBNET PROTOCOL PORT
|
#ADDRESS/SUBNET PROTOCOL PORT
|
||||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
||||||
|
@ -4,3 +4,5 @@
|
|||||||
# Add commands below that you want to be executed after shorewall has
|
# Add commands below that you want to be executed after shorewall has
|
||||||
# cleared any existing Netfilter rules and has enabled existing connections.
|
# cleared any existing Netfilter rules and has enabled existing connections.
|
||||||
#
|
#
|
||||||
|
# For additional information, see http://shorewall.net/shorewall_extension_scripts.htm
|
||||||
|
#
|
||||||
|
@ -15,6 +15,8 @@
|
|||||||
# 0.0.0.0/0 is assumed. If your kernel and iptables
|
# 0.0.0.0/0 is assumed. If your kernel and iptables
|
||||||
# include iprange match support then IP address ranges
|
# include iprange match support then IP address ranges
|
||||||
# are also permitted.
|
# are also permitted.
|
||||||
|
#
|
||||||
|
# For additional information, see http://shorewall.net/Documentation.htm#ECN
|
||||||
##############################################################################
|
##############################################################################
|
||||||
#INTERFACE HOST(S)
|
#INTERFACE HOST(S)
|
||||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
||||||
|
@ -135,5 +135,7 @@
|
|||||||
# /etc/shorewall/ipsec file then you do NOT
|
# /etc/shorewall/ipsec file then you do NOT
|
||||||
# need to specify the 'ipsec' option here.
|
# need to specify the 'ipsec' option here.
|
||||||
#
|
#
|
||||||
|
# For additional information, see http://shorewall.net/Documentation.htm#Hosts
|
||||||
|
#
|
||||||
#ZONE HOST(S) OPTIONS
|
#ZONE HOST(S) OPTIONS
|
||||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE
|
||||||
|
@ -4,3 +4,5 @@
|
|||||||
# Add commands below that you want to be executed at the beginning of
|
# Add commands below that you want to be executed at the beginning of
|
||||||
# a "shorewall start" or "shorewall restart" command.
|
# a "shorewall start" or "shorewall restart" command.
|
||||||
#
|
#
|
||||||
|
# For additional information, see http://shorewall.net/shorewall_extension_scripts.htm
|
||||||
|
#
|
||||||
|
@ -5,3 +5,5 @@
|
|||||||
# "shorewall start" or "shorewall restart" commands at the point where
|
# "shorewall start" or "shorewall restart" commands at the point where
|
||||||
# Shorewall has not yet added any perminent rules to the builtin chains.
|
# Shorewall has not yet added any perminent rules to the builtin chains.
|
||||||
#
|
#
|
||||||
|
# For additional information, see http://shorewall.net/shorewall_extension_scripts.htm
|
||||||
|
#
|
||||||
|
@ -201,6 +201,9 @@
|
|||||||
# connections.
|
# connections.
|
||||||
#
|
#
|
||||||
# net ppp0 -
|
# net ppp0 -
|
||||||
|
#
|
||||||
|
# For additional information, see http://shorewall.net/Documentation.htm#Interfaces
|
||||||
|
#
|
||||||
##############################################################################
|
##############################################################################
|
||||||
#ZONE INTERFACE BROADCAST OPTIONS
|
#ZONE INTERFACE BROADCAST OPTIONS
|
||||||
#
|
#
|
||||||
|
@ -1,6 +1,11 @@
|
|||||||
#
|
#
|
||||||
# Shorewall 2.2 - MAC list file
|
# Shorewall 2.2 - MAC list file
|
||||||
#
|
#
|
||||||
|
# This file is used to define the MAC addresses and optionally their
|
||||||
|
# associated IP addresses to be allowed to use the specified interface.
|
||||||
|
# The feature is enabled by using the maclist option in the interfaces
|
||||||
|
# or hosts configuration file.
|
||||||
|
#
|
||||||
# /etc/shorewall/maclist
|
# /etc/shorewall/maclist
|
||||||
#
|
#
|
||||||
# Columns are:
|
# Columns are:
|
||||||
@ -18,6 +23,9 @@
|
|||||||
# list of host and/or subnet addresses. If your kernel
|
# list of host and/or subnet addresses. If your kernel
|
||||||
# and iptables have iprange match support then IP
|
# and iptables have iprange match support then IP
|
||||||
# address ranges are also allowed.
|
# address ranges are also allowed.
|
||||||
|
#
|
||||||
|
# For additional information, see http://shorewall.net/MAC_Validation.html
|
||||||
|
#
|
||||||
##############################################################################
|
##############################################################################
|
||||||
#INTERFACE MAC IP ADDRESSES (Optional)
|
#INTERFACE MAC IP ADDRESSES (Optional)
|
||||||
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
|
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
|
||||||
|
@ -209,6 +209,8 @@
|
|||||||
#
|
#
|
||||||
# THE ORDER OF THE ABOVE TWO RULES IS SIGNIFICANT!!!!!
|
# THE ORDER OF THE ABOVE TWO RULES IS SIGNIFICANT!!!!!
|
||||||
#
|
#
|
||||||
|
# For additional information, see http://shorewall.net/Documentation.htm#Masq
|
||||||
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
#INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC
|
#INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC
|
||||||
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
|
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
|
||||||
|
@ -7,6 +7,7 @@
|
|||||||
# dependency order. i.e., if M2 depends on M1 then you must load M1 before
|
# dependency order. i.e., if M2 depends on M1 then you must load M1 before
|
||||||
# you load M2.
|
# you load M2.
|
||||||
#
|
#
|
||||||
|
# For additional information, see http://shorewall.net/Documentation.htm#modules
|
||||||
|
|
||||||
loadmodule ip_tables
|
loadmodule ip_tables
|
||||||
loadmodule iptable_filter
|
loadmodule iptable_filter
|
||||||
|
@ -38,6 +38,8 @@
|
|||||||
#
|
#
|
||||||
# LOCAL If Yes or yes, NAT will be effective from the firewall
|
# LOCAL If Yes or yes, NAT will be effective from the firewall
|
||||||
# system
|
# system
|
||||||
|
#
|
||||||
|
# For additional information, see http://shorewall.net/NAT.htm
|
||||||
##############################################################################
|
##############################################################################
|
||||||
#EXTERNAL INTERFACE INTERNAL ALL LOCAL
|
#EXTERNAL INTERFACE INTERNAL ALL LOCAL
|
||||||
# INTERFACES
|
# INTERFACES
|
||||||
|
@ -85,6 +85,7 @@
|
|||||||
# #
|
# #
|
||||||
# all all REJECT info
|
# all all REJECT info
|
||||||
#
|
#
|
||||||
|
# See http://shorewall.net/Documentation.htm#Policy for additional information.
|
||||||
###############################################################################
|
###############################################################################
|
||||||
#SOURCE DEST POLICY LOG LIMIT:BURST
|
#SOURCE DEST POLICY LOG LIMIT:BURST
|
||||||
# LEVEL
|
# LEVEL
|
||||||
|
@ -39,6 +39,8 @@
|
|||||||
#
|
#
|
||||||
# #ADDRESS INTERFACE EXTERNAL
|
# #ADDRESS INTERFACE EXTERNAL
|
||||||
# 155.186.235.6 eth1 eth0
|
# 155.186.235.6 eth1 eth0
|
||||||
|
#
|
||||||
|
# See http://shorewall.net/ProxyARP.htm for additional information.
|
||||||
##############################################################################
|
##############################################################################
|
||||||
#ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT
|
#ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT
|
||||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
||||||
|
@ -31,6 +31,10 @@
|
|||||||
# eth2 192.168.1.0/24
|
# eth2 192.168.1.0/24
|
||||||
# eth0 192.0.2.44
|
# eth0 192.0.2.44
|
||||||
# br0 - routeback
|
# br0 - routeback
|
||||||
|
#
|
||||||
|
# See http://shorewall.net/Documentation.htm#Routestopped and
|
||||||
|
# http://shorewall.net/starting_and_stopping_shorewall.htm for additional
|
||||||
|
# information.
|
||||||
##############################################################################
|
##############################################################################
|
||||||
#INTERFACE HOST(S) OPTIONS
|
#INTERFACE HOST(S) OPTIONS
|
||||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
||||||
|
@ -4,3 +4,5 @@
|
|||||||
# Add commands below that you want to be executed after shorewall has
|
# Add commands below that you want to be executed after shorewall has
|
||||||
# been started or restarted.
|
# been started or restarted.
|
||||||
#
|
#
|
||||||
|
# See http://shorewall.net/shorewall_extension_scripts.htm for additional
|
||||||
|
# information.
|
||||||
|
@ -11,3 +11,5 @@
|
|||||||
# This script should not change the firewall configuration directly but may
|
# This script should not change the firewall configuration directly but may
|
||||||
# do so indirectly by running /sbin/shorewall with the 'nolock' option.
|
# do so indirectly by running /sbin/shorewall with the 'nolock' option.
|
||||||
#
|
#
|
||||||
|
# See http://shorewall.net/shorewall_extension_scripts.htm for additional
|
||||||
|
# information.
|
||||||
|
@ -4,3 +4,5 @@
|
|||||||
# Add commands below that you want to be executed at the beginning of a
|
# Add commands below that you want to be executed at the beginning of a
|
||||||
# "shorewall stop" command.
|
# "shorewall stop" command.
|
||||||
#
|
#
|
||||||
|
# See http://shorewall.net/shorewall_extension_scripts.htm for additional
|
||||||
|
# information.
|
||||||
|
@ -4,3 +4,5 @@
|
|||||||
# Add commands below that you want to be executed at the completion of a
|
# Add commands below that you want to be executed at the completion of a
|
||||||
# "shorewall stop" command.
|
# "shorewall stop" command.
|
||||||
#
|
#
|
||||||
|
# See http://shorewall.net/shorewall_extension_scripts.htm for additional
|
||||||
|
# information.
|
||||||
|
@ -147,6 +147,8 @@
|
|||||||
# testing
|
# testing
|
||||||
# :C Designates a connection mark. If omitted,
|
# :C Designates a connection mark. If omitted,
|
||||||
# the packet mark's value is tested.
|
# the packet mark's value is tested.
|
||||||
|
#
|
||||||
|
# See http://shorewall.net/traffic_shaping.htm for additional information.
|
||||||
##############################################################################
|
##############################################################################
|
||||||
#MARK SOURCE DEST PROTO PORT(S) CLIENT USER TEST
|
#MARK SOURCE DEST PROTO PORT(S) CLIENT USER TEST
|
||||||
# PORT(S)
|
# PORT(S)
|
||||||
|
@ -108,6 +108,10 @@
|
|||||||
#
|
#
|
||||||
# generic:udp:4444 net 4.3.99.124
|
# generic:udp:4444 net 4.3.99.124
|
||||||
#
|
#
|
||||||
|
#
|
||||||
|
# See http://shorewall.net/Documentation.htm#Tunnels for additional information.
|
||||||
|
#
|
||||||
# TYPE ZONE GATEWAY GATEWAY
|
# TYPE ZONE GATEWAY GATEWAY
|
||||||
# ZONE
|
# ZONE
|
||||||
|
#
|
||||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
||||||
|
Loading…
Reference in New Issue
Block a user