From 4e02031985b3a34725cf8e985782023dd70db22c Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 31 Jul 2010 11:59:25 -0700 Subject: [PATCH] Document Universal Configuration --- Samples/Universal/interfaces | 2 +- Samples/Universal/policy | 4 ++-- Samples/Universal/rules | 4 ++-- Samples/Universal/zones | 2 +- Samples6/Universal/interfaces | 2 +- Samples6/Universal/policy | 4 ++-- Samples6/Universal/rules | 4 ++-- Samples6/Universal/zones | 2 +- Shorewall/changelog.txt | 2 ++ Shorewall/releasenotes.txt | 7 +++++++ 10 files changed, 21 insertions(+), 12 deletions(-) diff --git a/Samples/Universal/interfaces b/Samples/Universal/interfaces index 5e5d7a396..c0526e452 100644 --- a/Samples/Universal/interfaces +++ b/Samples/Universal/interfaces @@ -8,5 +8,5 @@ # ############################################################################### #ZONE INTERFACE BROADCAST OPTIONS -world all - dhcp,physical=+,routeback +net all - dhcp,physical=+,routeback diff --git a/Samples/Universal/policy b/Samples/Universal/policy index a46a81eeb..f73de26c8 100644 --- a/Samples/Universal/policy +++ b/Samples/Universal/policy @@ -9,5 +9,5 @@ ############################################################################### #SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: # LEVEL BURST MASK -$FW world ACCEPT -world all DROP info +$FW net ACCEPT +net all DROP info diff --git a/Samples/Universal/rules b/Samples/Universal/rules index 96bce488b..1517c7db8 100644 --- a/Samples/Universal/rules +++ b/Samples/Universal/rules @@ -13,5 +13,5 @@ #SECTION RELATED SECTION NEW -SSH(ACCEPT) world $FW -Ping(ACCEPT) world $FW +SSH(ACCEPT) net $FW +Ping(ACCEPT) net $FW diff --git a/Samples/Universal/zones b/Samples/Universal/zones index 4d04466c2..5fd0ee009 100644 --- a/Samples/Universal/zones +++ b/Samples/Universal/zones @@ -10,5 +10,5 @@ #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall -world ip +net ip diff --git a/Samples6/Universal/interfaces b/Samples6/Universal/interfaces index 5e5d7a396..c0526e452 100644 --- a/Samples6/Universal/interfaces +++ b/Samples6/Universal/interfaces @@ -8,5 +8,5 @@ # ############################################################################### #ZONE INTERFACE BROADCAST OPTIONS -world all - dhcp,physical=+,routeback +net all - dhcp,physical=+,routeback diff --git a/Samples6/Universal/policy b/Samples6/Universal/policy index 2ddef9083..d0554c2e0 100644 --- a/Samples6/Universal/policy +++ b/Samples6/Universal/policy @@ -9,6 +9,6 @@ ############################################################################### #SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: # LEVEL BURST MASK -fw world ACCEPT -world all DROP +fw net ACCEPT +net all DROP diff --git a/Samples6/Universal/rules b/Samples6/Universal/rules index 96bce488b..1517c7db8 100644 --- a/Samples6/Universal/rules +++ b/Samples6/Universal/rules @@ -13,5 +13,5 @@ #SECTION RELATED SECTION NEW -SSH(ACCEPT) world $FW -Ping(ACCEPT) world $FW +SSH(ACCEPT) net $FW +Ping(ACCEPT) net $FW diff --git a/Samples6/Universal/zones b/Samples6/Universal/zones index 4d04466c2..5fd0ee009 100644 --- a/Samples6/Universal/zones +++ b/Samples6/Universal/zones @@ -10,5 +10,5 @@ #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall -world ip +net ip diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index bb9ee7466..9c2fbf240 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -12,6 +12,8 @@ Changes in Shorewall 4.4.12 6) Use new hashlimit match syntax if available. +7) Add Universal sample. + Changes in Shorewall 4.4.11 1) Apply patch from Gabriel. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index ff1f9c867..6596caa16 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -71,6 +71,9 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES 16) Explicit support for Linux-vserver has been added. It is now possible to define sub-zones of $FW. +17) A 'Universal' sample configuration is now availale for a + 'plug-and-play' firewall. + ---------------------------------------------------------------------------- I I. M I G R A T I O N I S S U E S ---------------------------------------------------------------------------- @@ -272,6 +275,10 @@ None. is one of sec, min, hour, day. If is not specified, then a value of 5 is assumed. + +3) The sample configurations now include a 'Universal' configuration + that will start on any system and protect that system while + allowing the system to forward traffic. ---------------------------------------------------------------------------- V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S