diff --git a/Shorewall/action.A_Drop b/Shorewall/action.A_Drop index 35f4812f7..5ba82d8ce 100644 --- a/Shorewall/action.A_Drop +++ b/Shorewall/action.A_Drop @@ -1,30 +1,25 @@ # -# Shorewall version 5 - Drop Action +# Shorewall -- /usr/share/shorewall/action.A_Drop # -# /usr/share/shorewall/action.A_Drop +# The audited default DROP common rules # -# The audited default DROP common rules +# This action is invoked before a DROP policy is enforced. The purpose +# of the action is: # -# This action is invoked before a DROP policy is enforced. The purpose -# of the action is: -# -# a) Avoid logging lots of useless cruft. -# b) Ensure that 'auth' requests are rejected, even if the policy is -# DROP. Otherwise, you may experience problems establishing -# connections with servers that use auth. -# c) Ensure that certain ICMP packets that are necessary for successful -# internet operation are always ACCEPTed. +# a) Avoid logging lots of useless cruft. +# b) Ensure that certain ICMP packets that are necessary for successful +# internet operation are always ACCEPTed. # # IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!! # ############################################################################### -#TARGET SOURCE DEST PROTO DPORT SPORT +#ACTION SOURCE DEST PROTO DPORT SPORT # # Count packets that come through here # COUNT # -# Silently DROP 'auth' +# Special Handling for Auth # Auth(A_DROP) # diff --git a/Shorewall/action.A_Reject b/Shorewall/action.A_Reject index b02c1948c..a5f4611aa 100644 --- a/Shorewall/action.A_Reject +++ b/Shorewall/action.A_Reject @@ -1,20 +1,18 @@ # -# Shorewall version 5 - Reject Action +# Shorewall -- /usr/share/shorewall/action.A_Reject # -# /usr/share/shorewall/action.A_Reject +# The audited default REJECT action common rules # -# The audited default REJECT action common rules +# This action is invoked before a REJECT policy is enforced. The purpose +# of the action is: # -# This action is invoked before a REJECT policy is enforced. The purpose -# of the action is: -# -# a) Avoid logging lots of useless cruft. -# b) Ensure that certain ICMP packets that are necessary for successful -# internet operation are always ACCEPTed. +# a) Avoid logging lots of useless cruft. +# b) Ensure that certain ICMP packets that are necessary for successful +# internet operation are always ACCEPTed. # # IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!! ############################################################################### -#TARGET SOURCE DEST PROTO +#ACTION SOURCE DEST PROTO # # Count packets that come through here # diff --git a/Shorewall/action.AutoBL b/Shorewall/action.AutoBL index 9e7f7636d..0822397c6 100644 --- a/Shorewall/action.AutoBL +++ b/Shorewall/action.AutoBL @@ -1,22 +1,24 @@ # -# Shorewall version 5 - Auto Blacklist Action +# Shorewall -- /usr/share/shorewall/action.AutoBL +# +# Auto Blacklist Action # # Parameters are: # -# Event - Name of the event to associate with this blacklist -# Interval -# Count - Interval and number of Packets to trigger blacklisting -# Default is 60 seconds and 5 packets. -# Successive - If a matching packet arrives within this many -# seconds of the preceding one, it should be logged -# and dealt with according to the Disposition and -# Log Level parameters below. Default is 2 seconds. -# Blacklist time - Number of seconds to blacklist -# Default is 300 (5 minutes) -# Disposition - Disposition of blacklisted packets -# Default is DROP -# Log Level - Level to Log Rejects -# Default is info (6) +# Event - Name of the event to associate with this blacklist +# Interval +# Count - Interval and number of Packets to trigger blacklisting +# Default is 60 seconds and 5 packets. +# Successive - If a matching packet arrives within this many +# seconds of the preceding one, it should be logged +# and dealt with according to the Disposition and +# Log Level parameters below. Default is 2 seconds. +# Blacklist time - Number of seconds to blacklist +# Default is 300 (5 minutes) +# Disposition - Disposition of blacklisted packets +# Default is DROP +# Log Level - Level to Log Rejects +# Default is info (6) # ############################################################################### @@ -37,7 +39,7 @@ validate_level( $level ); 1; ?end perl ############################################################################### -#TARGET SOURCE DEST PROTO DPORT SPORT +#ACTION SOURCE DEST PROTO DPORT SPORT # # Silently reject the client if blacklisted # diff --git a/Shorewall/action.AutoBLL b/Shorewall/action.AutoBLL index 79b33e31f..1587099b7 100644 --- a/Shorewall/action.AutoBLL +++ b/Shorewall/action.AutoBLL @@ -1,13 +1,16 @@ # -# Shorewall version 5 - Auto Blacklisting Logger Action +# Shorewall -- /usr/share/shorewall/action.AutoBLL +# +# Auto Blacklisting Logger Action # # Arguments are # -# Event: Name of the blacklisted event -# Disposition: What to do with packets -# Level: Log level and optional tag for logging. +# Event - Name of the blacklisted event +# Disposition - What to do with packets +# Level - Log level and optional tag for logging +# ############################################################################### -#TARGET SOURCE DEST PROTO DPORT SPORT +#ACTION SOURCE DEST PROTO DPORT SPORT # # Log the Reject # diff --git a/Shorewall/action.Broadcast b/Shorewall/action.Broadcast index 019e4e14a..a0ffbf859 100644 --- a/Shorewall/action.Broadcast +++ b/Shorewall/action.Broadcast @@ -1,32 +1,30 @@ # -# Shorewall 4 - Broadcast Action +# Shorewall -- /usr/share/shorewall/action.Broadcast # -# /usr/share/shorewall/action.Broadcast +# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # -# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] +# (c) 2011-2016 Tom Eastep (teastep@shorewall.net) # -# (c) 2011 - Tom Eastep (teastep@shorewall.net) +# Complete documentation is available at http://shorewall.net # -# Complete documentation is available at http://shorewall.net +# This program is free software; you can redistribute it and/or modify +# it under the terms of Version 2 of the GNU General Public License +# as published by the Free Software Foundation. # -# This program is free software; you can redistribute it and/or modify -# it under the terms of Version 2 of the GNU General Public License -# as published by the Free Software Foundation. +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# Broadcast[([|-[,{audit|-}])] # -# Broadcast[([|-[,{audit|-}])] +# Default action is DROP # -# Default action is DROP -# -########################################################################################## +############################################################################### DEFAULTS DROP,- diff --git a/Shorewall/action.DNSAmp b/Shorewall/action.DNSAmp index 807701f35..ce5281c37 100644 --- a/Shorewall/action.DNSAmp +++ b/Shorewall/action.DNSAmp @@ -1,32 +1,33 @@ # -# Shorewall 5 - DNS Amplification Action +# Shorewall -- /usr/share/shorewall/action.DNSAmp # -# /usr/share/shorewall/action.DNSAmp +# DNS Amplification Action # -# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] +# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # -# (c) 2011,2012 - Tom Eastep (teastep@shorewall.net) +# (c) 2011-2016 Tom Eastep (teastep@shorewall.net) # -# Complete documentation is available at http://shorewall.net +# Complete documentation is available at http://shorewall.net # -# This program is free software; you can redistribute it and/or modify -# it under the terms of Version 2 of the GNU General Public License -# as published by the Free Software Foundation. +# This program is free software; you can redistribute it and/or modify +# it under the terms of Version 2 of the GNU General Public License +# as published by the Free Software Foundation. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -# DNSAmp[([])] +# DNSAmp[([])] # -# Default action is DROP +# Default action is DROP # -########################################################################################## +############################################################################### +#ACTION SOURCE DEST PROTO DPORT DEFAULTS DROP diff --git a/Shorewall/action.Drop b/Shorewall/action.Drop index 6a18aee37..4acd4093e 100644 --- a/Shorewall/action.Drop +++ b/Shorewall/action.Drop @@ -1,29 +1,27 @@ # -# Shorewall version 5 - Drop Action +# Shorewall -- /usr/share/shorewall/action.Drop # -# /usr/share/shorewall/action.Drop +# The default DROP common rules # -# The default DROP common rules +# This action is invoked before a DROP policy is enforced. The purpose +# of the action is: # -# This action is invoked before a DROP policy is enforced. The purpose -# of the action is: +# a) Avoid logging lots of useless cruft. +# b) Ensure that certain ICMP packets that are necessary for successful +# internet operation are always ACCEPTed. # -# a) Avoid logging lots of useless cruft. -# b) Ensure that certain ICMP packets that are necessary for successful -# internet operation are always ACCEPTed. +# The action accepts five optional parameters: # -# The action accepts five optional parameters: -# -# 1 - 'audit' or '-'. Default is '-' which means don't audit in builtin -# actions. -# 2 - Action to take with Auth requests. Default is to do nothing special -# with them. -# 3 - Action to take with SMB requests. Default is DROP or A_DROP, -# depending on the setting of the first parameter. -# 4 - Action to take with required ICMP packets. Default is ACCEPT or -# A_ACCEPT depending on the first parameter. -# 5 - Action to take with late UDP replies (UDP source port 53). Default -# is DROP or A_DROP depending on the first parameter. +# 1 - 'audit' or '-'. Default is '-' which means don't audit in builtin +# actions. +# 2 - Action to take with Auth requests. Default is to do nothing special +# with them. +# 3 - Action to take with SMB requests. Default is DROP or A_DROP, +# depending on the setting of the first parameter. +# 4 - Action to take with required ICMP packets. Default is ACCEPT or +# A_ACCEPT depending on the first parameter. +# 5 - Action to take with late UDP replies (UDP source port 53). Default +# is DROP or A_DROP depending on the first parameter. # # IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!! # @@ -39,7 +37,7 @@ DEFAULTS -,-,A_DROP,A_ACCEPT,A_DROP DEFAULTS -,-,DROP,ACCEPT,DROP ?endif -#TARGET SOURCE DEST PROTO DPORT SPORT +#ACTION SOURCE DEST PROTO DPORT SPORT # # Count packets that come through here # diff --git a/Shorewall/action.DropSmurfs b/Shorewall/action.DropSmurfs index 9158df328..58886c9d5 100644 --- a/Shorewall/action.DropSmurfs +++ b/Shorewall/action.DropSmurfs @@ -1,14 +1,14 @@ # -# Shorewall version 5 - Drop Smurfs Action +# Shorewall -- /usr/share/shorewall/action.DropSmurfs # -# /usr/share/shorewall/action.DropSmurfs +# Drop Smurfs Action # -# Accepts a single optional parameter: +# Accepts a single optional parameter: # -# - = Do not Audit -# audit = Audit dropped packets. +# - = Do not Audit +# audit = Audit dropped packets. # -################################################################################# +############################################################################### DEFAULTS - @@ -79,8 +79,3 @@ if ( $family == F_IPV4 ) { } ?end perl; - - - - - diff --git a/Shorewall/action.Established b/Shorewall/action.Established index 2c40e33fc..4c7a924fd 100644 --- a/Shorewall/action.Established +++ b/Shorewall/action.Established @@ -1,32 +1,32 @@ # -# Shorewall 5 - Established Action +# Shorewall -- /usr/share/shorewall/action.Established # -# /usr/share/shorewall/action.Established +# Established Action # -# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] +# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # -# (c) 2011,2012 - Tom Eastep (teastep@shorewall.net) +# (c) 2011-2016 Tom Eastep (teastep@shorewall.net) # -# Complete documentation is available at http://shorewall.net +# Complete documentation is available at http://shorewall.net # -# This program is free software; you can redistribute it and/or modify -# it under the terms of Version 2 of the GNU General Public License -# as published by the Free Software Foundation. +# This program is free software; you can redistribute it and/or modify +# it under the terms of Version 2 of the GNU General Public License +# as published by the Free Software Foundation. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -# Established[([])] +# Established[([])] # -# Default action is ACCEPT +# Default action is ACCEPT # -########################################################################################## +############################################################################### DEFAULTS ACCEPT diff --git a/Shorewall/action.GlusterFS b/Shorewall/action.GlusterFS index ffa3bf11c..9e8352593 100644 --- a/Shorewall/action.GlusterFS +++ b/Shorewall/action.GlusterFS @@ -1,13 +1,14 @@ # -# Shorewall version 5 - GlusterFS Handler for GlusterFS 3.4 and Later +# Shorewall -- /usr/share/shorewall/action.GlusterFS # -# /etc/shorewall/action.GlusterFS +# GlusterFS Handler for GlusterFS 3.4 and Later # # Parameters: -# Bricks: Number of bricks -# IB: 0 or 1, indicating whether Infiniband is used or not # -######################################################################################### +# Bricks - Number of bricks +# IB - 0 or 1, indicating whether Infiniband is used or not +# +############################################################################### DEFAULTS 2,0 @@ -17,8 +18,8 @@ DEFAULTS 2,0 ?error Invalid value for IB (@2) ?endif -#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER -# PORT PORT(S) DEST LIMIT GROUP +#ACTION SOURCE DEST PROTO DPORT + ACCEPT - - udp 111,2049 ACCEPT - - tcp 38465:38467 @@ -31,4 +32,3 @@ ACCEPT - - tcp 24007 ?set last_port 49150 + @{1} ACCEPT - - tcp 49151:$last_port - diff --git a/Shorewall/action.IfEvent b/Shorewall/action.IfEvent index e51e99462..b40d5a96d 100644 --- a/Shorewall/action.IfEvent +++ b/Shorewall/action.IfEvent @@ -1,34 +1,38 @@ # -# Shorewall version 5 - Perform an Action based on a Event +# Shorewall -- /usr/share/shorewall/action.IfEvent # -# /etc/shorewall/action.IfEvent +# Perform an Action based on a Event # # Parameters: -# Event: Must start with a letter and be composed of letters, digits, '-', and '_'. -# Action: Anything that can appear in the ACTION column of a rule. -# Duration: Duration in seconds over which the event is to be tested. -# Hit Count: Number of packets seen within the duration -- default is 1 -# Src or Dest: 'src' (default) or 'dst'. Determines if the event is associated with the source -# address (src) or destination address (dst) -# Command: 'check' (default) 'reset', or 'update'. If 'reset', the event will be reset before -# the Action is taken. If 'update', the timestamp associated with the event will -# be updated and the action taken if the time limit/hitcount are matched. -# If '-', the action will be taken if the limit/hitcount are matched but the -# event's timestamp will not be updated. # -# If a duration is specified, then 'checkreap' and 'updatereap' may also -# be used. These are like 'check' and 'update' respectively, but they also -# remove any event entries for the IP address that are older than -# seconds. -# Disposition: Disposition for any event generated. +# Event - Must start with a letter and be composed of letters, digits, +# '-', and '_'. +# Action - Anything that can appear in the ACTION column of a rule. +# Duration - Duration in seconds over which the event is to be tested. +# Hit Count - Number of packets seen within the duration -- default is 1 +# Src or Dest - 'src' (default) or 'dst'. Determines if the event is +# associated with the source address (src) or destination +# address (dst) +# Command - 'check' (default) 'reset', or 'update'. If 'reset', +# the event will be reset before the Action is taken. +# If 'update', the timestamp associated with the event will +# be updated and the action taken if the time limit/hitcount +# are matched. +# If '-', the action will be taken if the limit/hitcount are +# matched but the event's timestamp will not be updated. +# +# If a duration is specified, then 'checkreap' and 'updatereap' +# may also be used. These are like 'check' and 'update' +# respectively, but they also remove any event entries for +# the IP address that are older than seconds. +# Disposition - Disposition for any event generated. # # For additional information, see http://www.shorewall.net/Events.html # -####################################################################################################### +############################################################################### # DO NOT REMOVE THE FOLLOWING LINE -################################################################################################################################################################################################# -#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER -# PORT PORT(S) DEST LIMIT GROUP +############################################################################### +#ACTION SOURCE DEST PROTO DPORT SPORT DEFAULTS -,ACCEPT,-,1,src,check,- diff --git a/Shorewall/action.Invalid b/Shorewall/action.Invalid index c31e91a81..8ff4edca5 100644 --- a/Shorewall/action.Invalid +++ b/Shorewall/action.Invalid @@ -1,35 +1,35 @@ # -# Shorewall 4 - Invalid Action +# Shorewall -- /usr/share/shorewall/action.Invalid # -# /usr/share/shorewall/action.Invalid +# Invalid Action +# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # -# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] +# (c) 2011-2016 Tom Eastep (teastep@shorewall.net) # -# (c) 2011,2012 - Tom Eastep (teastep@shorewall.net) +# Complete documentation is available at http://shorewall.net # -# Complete documentation is available at http://shorewall.net +# This program is free software; you can redistribute it and/or modify +# it under the terms of Version 2 of the GNU General Public License +# as published by the Free Software Foundation. # -# This program is free software; you can redistribute it and/or modify -# it under the terms of Version 2 of the GNU General Public License -# as published by the Free Software Foundation. +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# Invalid[([])] # -# Invalid[([])] +# Default action is DROP # -# Default action is DROP -# -########################################################################################## +############################################################################### DEFAULTS DROP,- # -# All logic for this action is triggered by the 'audit' and 'state' options in actions.std +# All logic for this action is triggered by the 'audit' and 'state' options +# in actions.std # diff --git a/Shorewall/action.New b/Shorewall/action.New index bbe7402c8..f63ed8fa4 100644 --- a/Shorewall/action.New +++ b/Shorewall/action.New @@ -1,32 +1,32 @@ # -# Shorewall 4 - New Action +# Shorewall -- /usr/share/shorewall/action.New # -# /usr/share/shorewall/action.New +# New Action # -# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] +# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # -# (c) 2011,2012 - Tom Eastep (teastep@shorewall.net) +# (c) 2011-2016 Tom Eastep (teastep@shorewall.net) # -# Complete documentation is available at http://shorewall.net +# Complete documentation is available at http://shorewall.net # -# This program is free software; you can redistribute it and/or modify -# it under the terms of Version 2 of the GNU General Public License -# as published by the Free Software Foundation. +# This program is free software; you can redistribute it and/or modify +# it under the terms of Version 2 of the GNU General Public License +# as published by the Free Software Foundation. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -# New[([])] +# New[([])] # -# Default action is ACCEPT +# Default action is ACCEPT # -########################################################################################## +############################################################################### DEFAULTS ACCEPT diff --git a/Shorewall/action.NotSyn b/Shorewall/action.NotSyn index d1d1bee53..39eb40172 100644 --- a/Shorewall/action.NotSyn +++ b/Shorewall/action.NotSyn @@ -1,32 +1,32 @@ # -# Shorewall 4 - NotSyn Action +# Shorewall -- /usr/share/shorewall/action.NotSyn # -# /usr/share/shorewall/action.NotSyn +# NotSyn Action # -# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] +# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # -# (c) 2011 - Tom Eastep (teastep@shorewall.net) +# (c) 2011-2016 Tom Eastep (teastep@shorewall.net) # -# Complete documentation is available at http://shorewall.net +# Complete documentation is available at http://shorewall.net # -# This program is free software; you can redistribute it and/or modify -# it under the terms of Version 2 of the GNU General Public License -# as published by the Free Software Foundation. +# This program is free software; you can redistribute it and/or modify +# it under the terms of Version 2 of the GNU General Public License +# as published by the Free Software Foundation. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -# NotSyn[([])] +# NotSyn[([])] # -# Default action is DROP +# Default action is DROP # -########################################################################################## +############################################################################### DEFAULTS DROP,- diff --git a/Shorewall/action.RST b/Shorewall/action.RST index 2bd1d7926..1e82d183b 100644 --- a/Shorewall/action.RST +++ b/Shorewall/action.RST @@ -1,32 +1,32 @@ # -# Shorewall 4 - RST Action +# Shorewall -- /usr/share/shorewall/action.RST # -# /usr/share/shorewall/action.RST +# RST Action # -# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] +# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # -# (c) 2012 - Tom Eastep (teastep@shorewall.net) +# (c) 2012-2016 Tom Eastep (teastep@shorewall.net) # -# Complete documentation is available at http://shorewall.net +# Complete documentation is available at http://shorewall.net # -# This program is free software; you can redistribute it and/or modify -# it under the terms of Version 2 of the GNU General Public License -# as published by the Free Software Foundation. +# This program is free software; you can redistribute it and/or modify +# it under the terms of Version 2 of the GNU General Public License +# as published by the Free Software Foundation. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -# RST[([])] +# RST[([])] # -# Default action is DROP +# Default action is DROP # -########################################################################################## +############################################################################### DEFAULTS DROP,- diff --git a/Shorewall/action.Reject b/Shorewall/action.Reject index 68ea1f8a1..2aea848be 100644 --- a/Shorewall/action.Reject +++ b/Shorewall/action.Reject @@ -1,29 +1,27 @@ # -# Shorewall version 5 - Reject Action +# Shorewall -- /usr/share/shorewall/action.Reject # -# /usr/share/shorewall/action.Reject +# The default REJECT action common rules # -# The default REJECT action common rules +# This action is invoked before a REJECT policy is enforced. The purpose +# of the action is: # -# This action is invoked before a REJECT policy is enforced. The purpose -# of the action is: +# a) Avoid logging lots of useless cruft. +# b) Ensure that certain ICMP packets that are necessary for successful +# internet operation are always ACCEPTed. # -# a) Avoid logging lots of useless cruft. -# b) Ensure that certain ICMP packets that are necessary for successful -# internet operation are always ACCEPTed. +# The action accepts five optional parameters: # -# The action accepts five optional parameters: -# -# 1 - 'audit' or '-'. Default is '-' which means don't audit in builtin -# actions. -# 2 - Action to take with Auth requests. Default is to do nothing -# special with them. -# 3 - Action to take with SMB requests. Default is REJECT or A_REJECT, -# depending on the setting of the first parameter. -# 4 - Action to take with required ICMP packets. Default is ACCEPT or -# A_ACCEPT depending on the first parameter. -# 5 - Action to take with late UDP replies (UDP source port 53). Default -# is DROP or A_DROP depending on the first parameter. +# 1 - 'audit' or '-'. Default is '-' which means don't audit in builtin +# actions. +# 2 - Action to take with Auth requests. Default is to do nothing +# special with them. +# 3 - Action to take with SMB requests. Default is REJECT or A_REJECT, +# depending on the setting of the first parameter. +# 4 - Action to take with required ICMP packets. Default is ACCEPT or +# A_ACCEPT depending on the first parameter. +# 5 - Action to take with late UDP replies (UDP source port 53). Default +# is DROP or A_DROP depending on the first parameter. # # IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!! ############################################################################### @@ -38,7 +36,7 @@ DEFAULTS -,-,A_REJECT,A_ACCEPT,A_DROP DEFAULTS -,-,REJECT,ACCEPT,DROP ?endif -#TARGET SOURCE DEST PROTO +#ACTION SOURCE DEST PROTO # # Count packets that come through here # diff --git a/Shorewall/action.Related b/Shorewall/action.Related index 36014d775..dc5c19ba6 100644 --- a/Shorewall/action.Related +++ b/Shorewall/action.Related @@ -1,32 +1,32 @@ # -# Shorewall 4 - Related Action +# Shorewall -- /usr/share/shorewall/action.Related # -# /usr/share/shorewall/action.Related +# Related Action # -# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] +# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # -# (c) 2011,2012 - Tom Eastep (teastep@shorewall.net) +# (c) 2011-2016 Tom Eastep (teastep@shorewall.net) # -# Complete documentation is available at http://shorewall.net +# Complete documentation is available at http://shorewall.net # -# This program is free software; you can redistribute it and/or modify -# it under the terms of Version 2 of the GNU General Public License -# as published by the Free Software Foundation. +# This program is free software; you can redistribute it and/or modify +# it under the terms of Version 2 of the GNU General Public License +# as published by the Free Software Foundation. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -# Related[([])] +# Related[([])] # -# Default action is DROP +# Default action is DROP # -########################################################################################## +############################################################################### DEFAULTS DROP diff --git a/Shorewall/action.ResetEvent b/Shorewall/action.ResetEvent index 3a264ad19..a68726f6d 100644 --- a/Shorewall/action.ResetEvent +++ b/Shorewall/action.ResetEvent @@ -1,22 +1,24 @@ # -# Shorewall version 5 - Reset an Event +# Shorewall -- /etc/shorewall/action.ResetEvent # -# /etc/shorewall/action.ResetEvent +# Reset an Event # # Parameters: -# Event: Must start with a letter and be composed of letters, digits, '-', and '_'. -# Action: Action to perform after setting the event. Default is ACCEPT -# Src or Dest: 'src' (default) or 'dst'. Determines if the event is associated with the source -# address (src) or destination address (dst) -# Disposition: Disposition for any rule generated. +# +# Event - Must start with a letter and be composed of letters, digits, +# '-', and '_'. +# Action - Action to perform after setting the event. Default is ACCEPT +# Src or Dest - 'src' (default) or 'dst'. Determines if the event is +# associated with the source address (src) or destination +# address (dst) +# Disposition - Disposition for any rule generated. # # For additional information, see http://www.shorewall.net/Events.html # -####################################################################################################### -# DO NOT REMOVE THE FOLLOWING LINE -################################################################################################################################################################################################# -#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER -# PORT PORT(S) DEST LIMIT GROUP +############################################################################### +# DO NOT REMOVE THE FOLLOWING LINE +############################################################################################################################################################## +#ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST RATE USER MARK CONNLIMIT TIME HEADERS SWITCH HELPER DEFAULTS -,ACCEPT,src,- diff --git a/Shorewall/action.SetEvent b/Shorewall/action.SetEvent index 09be83695..503a4e889 100644 --- a/Shorewall/action.SetEvent +++ b/Shorewall/action.SetEvent @@ -1,14 +1,17 @@ # -# Shorewall version 5 - Set an Event +# Shorewall -- /usr/share/shorewall/action.SetEvent # -# /etc/shorewall/action.SetEvent +# Set an Event # # Parameters: -# Event: Must start with a letter and be composed of letters, digits, '-', and '_'. -# Action: Action to perform after setting the event. Default is ACCEPT -# Src or Dest: 'src' (default) or 'dst'. Determines if the event is associated with the source -# address (src) or destination address (dst) -# Disposition: Disposition for any event generated. +# +# Event - Must start with a letter and be composed of letters, digits, +# '-', and '_'. +# Action - Action to perform after setting the event. Default is ACCEPT +# Src or Dest - 'src' (default) or 'dst'. Determines if the event is +# associated with the source address (src) or destination +# address (dst) +# Disposition - Disposition for any event generated. # # For additional information, see http://www.shorewall.net/Events.html # diff --git a/Shorewall/action.TCPFlags b/Shorewall/action.TCPFlags index 5305d3b2f..42fb4c5ec 100644 --- a/Shorewall/action.TCPFlags +++ b/Shorewall/action.TCPFlags @@ -1,14 +1,14 @@ # -# Shorewall version 5 - Drop TCPFlags Action +# Shorewall -- /usr/share/shorewall/action.TCPFlags # -# /usr/share/shorewall/action.TCPFlags +# Drop TCPFlags Action # -# Accepts a single optional parameter: +# Accepts a single optional parameter: # -# - = Do not Audit -# audit = Audit dropped packets. +# - = Do not Audit +# audit = Audit dropped packets. # -################################################################################# +############################################################################### DEFAULTS - diff --git a/Shorewall/action.Untracked b/Shorewall/action.Untracked index b02dc4c28..6db88d137 100644 --- a/Shorewall/action.Untracked +++ b/Shorewall/action.Untracked @@ -1,32 +1,33 @@ # -# Shorewall 4 - Untracked Action +# Shorewall --/usr/share/shorewall/action.Untracked # -# /usr/share/shorewall/action.Untracked +# Untracked Action # -# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] +# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # -# (c) 2011,2012 - Tom Eastep (teastep@shorewall.net) +# (c) 2011-2016 Tom Eastep (teastep@shorewall.net) # -# Complete documentation is available at http://shorewall.net +# Complete documentation is available at http://shorewall.net # -# This program is free software; you can redistribute it and/or modify -# it under the terms of Version 2 of the GNU General Public License -# as published by the Free Software Foundation. +# This program is free software; you can redistribute it and/or modify +# it under the terms of Version 2 of the GNU General Public License +# as published by the Free Software Foundation. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -# Untracked[([])] +# Untracked[([])] # -# Default action is DROP +# Default action is DROP # -########################################################################################## +############################################################################### + DEFAULTS DROP # diff --git a/Shorewall/action.allowInvalid b/Shorewall/action.allowInvalid index 63f6ea15b..5841856a6 100644 --- a/Shorewall/action.allowInvalid +++ b/Shorewall/action.allowInvalid @@ -1,30 +1,28 @@ -\# -# Shorewall 4 - allowInvalid Action # -# /usr/share/shorewall/action.allowInvalid +# Shorewall -- /usr/share/shorewall/action.allowInvalid # -# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] +# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # -# (c) 2011 - Tom Eastep (teastep@shorewall.net) +# (c) 2011-2016 Tom Eastep (teastep@shorewall.net) # -# Complete documentation is available at http://shorewall.net +# Complete documentation is available at http://shorewall.net # -# This program is free software; you can redistribute it and/or modify -# it under the terms of Version 2 of the GNU General Public License -# as published by the Free Software Foundation. +# This program is free software; you can redistribute it and/or modify +# it under the terms of Version 2 of the GNU General Public License +# as published by the Free Software Foundation. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -# allowInvalid[([audit])] +# allowInvalid[([audit])] # -########################################################################################## +############################################################################### DEFAULTS - diff --git a/Shorewall/action.dropInvalid b/Shorewall/action.dropInvalid index a9db6c634..0582c8de1 100644 --- a/Shorewall/action.dropInvalid +++ b/Shorewall/action.dropInvalid @@ -1,32 +1,30 @@ # -# Shorewall 5 - dropInvalid Action +# Shorewall -- /usr/share/shorewall/action.dropInvalid # -# /usr/share/shorewall/action.dropInvalid +# dropInvalid Action # -# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] +# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # -# (c) 2011 - Tom Eastep (teastep@shorewall.net) +# (c) 2011-2016 Tom Eastep (teastep@shorewall.net) # -# Complete documentation is available at http://shorewall.net +# Complete documentation is available at http://shorewall.net # -# This program is free software; you can redistribute it and/or modify -# it under the terms of Version 2 of the GNU General Public License -# as published by the Free Software Foundation. +# This program is free software; you can redistribute it and/or modify +# it under the terms of Version 2 of the GNU General Public License +# as published by the Free Software Foundation. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -# dropInvalid[([audit])] +# dropInvalid[([audit])] # -########################################################################################## - -DEFAULTS - +############################################################################### DEFAULTS - diff --git a/Shorewall/action.mangletemplate b/Shorewall/action.mangletemplate index 4f4ef2e09..218e0c9a2 100644 --- a/Shorewall/action.mangletemplate +++ b/Shorewall/action.mangletemplate @@ -1,20 +1,20 @@ # -# Shorewall version 5 - Mangle Action Template +# Shorewall -- /etc/shorewall/action.mangletemplate # -# /etc/shorewall/action.mangletemplate +# Mangle Action Template # -# This file is a template for files with names of the form -# /etc/shorewall/action. where is an -# ACTION defined with the mangle option in /etc/shorewall/actions. +# This file is a template for files with names of the form +# /etc/shorewall/action. where is an +# ACTION defined with the mangle option in /etc/shorewall/actions. # -# To define a new action: +# To define a new action: # -# 1. Add the to /etc/shorewall/actions with the mangle option -# 2. Copy this file to /etc/shorewall/action. -# 3. Add the desired rules to that file. +# 1. Add the to /etc/shorewall/actions with the mangle option +# 2. Copy this file to /etc/shorewall/action. +# 3. Add the desired rules to that file. # -# Please see http://shorewall.net/Actions.html for additional -# information. +# Please see http://shorewall.net/Actions.html for additional +# information. # # Columns are the same as in /etc/shorewall/mangle. # diff --git a/Shorewall/action.template b/Shorewall/action.template index e101be76c..d4a344ecf 100644 --- a/Shorewall/action.template +++ b/Shorewall/action.template @@ -1,20 +1,20 @@ # -# Shorewall version 5 - Action Template +# Shorewall -- /usr/share/shorewall/action.template # -# /etc/shorewall/action.template +# Action Template # -# This file is a template for files with names of the form -# /etc/shorewall/action. where is an -# ACTION defined in /etc/shorewall/actions. +# This file is a template for files with names of the form +# /etc/shorewall/action. where is an +# ACTION defined in /etc/shorewall/actions. # -# To define a new action: +# To define a new action: # -# 1. Add the to /etc/shorewall/actions -# 2. Copy this file to /etc/shorewall/action. -# 3. Add the desired rules to that file. +# 1. Add the to /etc/shorewall/actions +# 2. Copy this file to /etc/shorewall/action. +# 3. Add the desired rules to that file. # -# Please see http://shorewall.net/Actions.html for additional -# information. +# Please see http://shorewall.net/Actions.html for additional +# information. # # Columns are the same as in /etc/shorewall/rules. # diff --git a/Shorewall/modules.essential b/Shorewall/modules.essential index b6edaede9..15f2a63ce 100644 --- a/Shorewall/modules.essential +++ b/Shorewall/modules.essential @@ -1,16 +1,16 @@ # -# Shorewall version 5 - Essential Modules File +# Shorewall -- /usr/share/shorewall/modules.essential # -# /usr/share/shorewall/modules.essential +# Essential Modules File # -# This file loads the modules that may be needed by the firewall. +# This file loads the modules that may be needed by the firewall. # -# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in -# dependency order. i.e., if M2 depends on M1 then you must load M1 -# before you load M2. +# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in +# dependency order. i.e., if M2 depends on M1 then you must load M1 +# before you load M2. # -# If you need to modify this file, copy it to /etc/shorewall and modify the -# copy. +# If you need to modify this file, copy it to /etc/shorewall and modify the +# copy. # ############################################################################### # diff --git a/Shorewall/modules.extensions b/Shorewall/modules.extensions index 95bfb4f3f..6ef72b2f5 100644 --- a/Shorewall/modules.extensions +++ b/Shorewall/modules.extensions @@ -1,16 +1,16 @@ # -# Shorewall version 5 - Extensions Modules File +# Shorewall -- /usr/share/shorewall/modules.extensions # -# /usr/share/shorewall/modules.extensions +# Extensions Modules File # -# This file loads the modules that may be needed by the firewall. +# This file loads the modules that may be needed by the firewall. # -# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in -# dependency order. i.e., if M2 depends on M1 then you must load M1 -# before you load M2. +# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in +# dependency order. i.e., if M2 depends on M1 then you must load M1 +# before you load M2. # -# If you need to modify this file, copy it to /etc/shorewall and modify the -# copy. +# If you need to modify this file, copy it to /etc/shorewall and modify the +# copy. # ############################################################################### loadmodule ipt_addrtype diff --git a/Shorewall/modules.ipset b/Shorewall/modules.ipset index 020b2152a..9b8f2bf63 100644 --- a/Shorewall/modules.ipset +++ b/Shorewall/modules.ipset @@ -1,16 +1,16 @@ # -# Shorewall version 5 - IP Set Modules File +# Shorewall -- /usr/share/shorewall/modules.ipset # -# /usr/share/shorewall/modules.ipset +# IP Set Modules File # -# This file loads the modules that may be needed by the firewall. +# This file loads the modules that may be needed by the firewall. # -# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in -# dependency order. i.e., if M2 depends on M1 then you must load M1 -# before you load M2. +# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in +# dependency order. i.e., if M2 depends on M1 then you must load M1 +# before you load M2. # -# If you need to modify this file, copy it to /etc/shorewall and modify the -# copy. +# If you need to modify this file, copy it to /etc/shorewall and modify the +# copy. # ############################################################################### loadmodule xt_set diff --git a/Shorewall/modules.tc b/Shorewall/modules.tc index e6f6dc92a..9a0468727 100644 --- a/Shorewall/modules.tc +++ b/Shorewall/modules.tc @@ -1,16 +1,16 @@ # -# Shorewall version 5 - Traffic Shaping Modules File +# Shorewall -- /usr/share/shorewall/modules.tc # -# /usr/share/shorewall/modules.tc +# Traffic Shaping Modules File # -# This file loads the modules that may be needed by the firewall. +# This file loads the modules that may be needed by the firewall. # -# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in -# dependency order. i.e., if M2 depends on M1 then you must load M1 -# before you load M2. +# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in +# dependency order. i.e., if M2 depends on M1 then you must load M1 +# before you load M2. # -# If you need to modify this file, copy it to /etc/shorewall and modify the -# copy. +# If you need to modify this file, copy it to /etc/shorewall and modify the +# copy. # ############################################################################### loadmodule sch_sfq diff --git a/Shorewall/modules.xtables b/Shorewall/modules.xtables index a6df8886d..dcb2d3752 100644 --- a/Shorewall/modules.xtables +++ b/Shorewall/modules.xtables @@ -1,16 +1,16 @@ # -# Shorewall version 5 - Xtables Modules File +# Shorewall -- /usr/share/shorewall/modules.xtables # -# /usr/share/shorewall/modules.xtables +# Xtables Modules File # -# This file loads the modules that may be needed by the firewall. +# This file loads the modules that may be needed by the firewall. # -# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in -# dependency order. i.e., if M2 depends on M1 then you must load M1 -# before you load M2. +# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in +# dependency order. i.e., if M2 depends on M1 then you must load M1 +# before you load M2. # -# If you need to modify this file, copy it to /etc/shorewall and modify the -# copy. +# If you need to modify this file, copy it to /etc/shorewall and modify the +# copy. # ############################################################################### loadmodule xt_AUDIT diff --git a/Shorewall6/action.A_AllowICMPs b/Shorewall6/action.A_AllowICMPs index d46b6b3ee..ce87004a4 100644 --- a/Shorewall6/action.A_AllowICMPs +++ b/Shorewall6/action.A_AllowICMPs @@ -1,13 +1,11 @@ # -# Shorewall6 version 5 - Audited AllowICMPs Action +# Shorewall6 -- /usr/share/shorewall6/action.A_AllowICMPs # -# /usr/share/shorewall6/action.A_AllowICMPs -# -# This action A_ACCEPTs needed ICMP types +# This action A_ACCEPTs needed ICMP types # ############################################################################### -#TARGET SOURCE DEST PROTO DEST -# PORT(S) +#ACTION SOURCE DEST PROTO DPORT + ?comment Needed ICMP types (RFC4890) A_ACCEPT - - ipv6-icmp destination-unreachable diff --git a/Shorewall6/action.AllowICMPs b/Shorewall6/action.AllowICMPs index da73b8252..b556bb18c 100644 --- a/Shorewall6/action.AllowICMPs +++ b/Shorewall6/action.AllowICMPs @@ -1,13 +1,10 @@ # -# Shorewall6 version 5 - AllowICMPs Action +# Shorewall6 -- /usr/share/shorewall6/action.AllowICMPs # -# /usr/share/shorewall6/action.AllowICMPs -# -# This action ACCEPTs needed ICMP types +# This action ACCEPTs needed ICMP types # ############################################################################### -#TARGET SOURCE DEST PROTO DEST -# PORT(S) +#ACTION SOURCE DEST PROTO DPORT DEFAULTS ACCEPT diff --git a/Shorewall6/action.Broadcast b/Shorewall6/action.Broadcast index 0db2de574..35557bbee 100644 --- a/Shorewall6/action.Broadcast +++ b/Shorewall6/action.Broadcast @@ -1,32 +1,32 @@ # -# Shorewall 4 - Multicast/Anycast Action +# Shorewall6 -- /usr/share/shorewall6/action.Broadcast # -# /usr/share/shorewall/action.Broadcast +# Multicast/Anycast IPv6 Action # -# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] +# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # -# (c) 2011 - Tom Eastep (teastep@shorewall.net) +# (c) 2011-2016 Tom Eastep (teastep@shorewall.net) # -# Complete documentation is available at http://shorewall.net +# Complete documentation is available at http://shorewall.net # -# This program is free software; you can redistribute it and/or modify -# it under the terms of Version 2 of the GNU General Public License -# as published by the Free Software Foundation. +# This program is free software; you can redistribute it and/or modify +# it under the terms of Version 2 of the GNU General Public License +# as published by the Free Software Foundation. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -# Broadcast[([|-[,{audit|-}])] +# Broadcast[([|-[,{audit|-}])] # -# Default action is DROP +# Default action is DROP # -########################################################################################## +############################################################################### DEFAULTS DROP,- diff --git a/Shorewall6/action.mangletemplate b/Shorewall6/action.mangletemplate index cf312e41e..be4352645 100644 --- a/Shorewall6/action.mangletemplate +++ b/Shorewall6/action.mangletemplate @@ -1,20 +1,17 @@ # -# Shorewall version 5 - Mangle Action Template +# Shorewall6 -- /usr/share/shorewall6/action.mangletemplate # -# /etc/shorewall6/action.mangletemplate +# This file is a template for files with names of the form +# /etc/shorewall/action. where is an +# ACTION defined with the mangle option in /etc/shorewall/actions. # -# This file is a template for files with names of the form -# /etc/shorewall/action. where is an -# ACTION defined with the mangle option in /etc/shorewall/actions. +# To define a new action: # -# To define a new action: +# 1. Add the to /etc/shorewall6/actions with the mangle option +# 2. Copy this file to /etc/shorewall6/action. +# 3. Add the desired rules to that file. # -# 1. Add the to /etc/shorewall6/actions with the mangle option -# 2. Copy this file to /etc/shorewall6/action. -# 3. Add the desired rules to that file. -# -# Please see http://shorewall.net/Actions.html for additional -# information. +# Please see http://shorewall.net/Actions.html for additional information. # # Columns are the same as in /etc/shorewall6/mangle. # diff --git a/Shorewall6/action.template b/Shorewall6/action.template index 2a1974ff2..d2f2fd75b 100644 --- a/Shorewall6/action.template +++ b/Shorewall6/action.template @@ -1,25 +1,21 @@ # -# Shorewall version 5 - Action Template +# Shorewall6 -- /usr/share/shorewall6/action.template # -# /etc/shorewall6/action.template +# Action Template # -# This file is a template for files with names of the form -# /etc/shorewall/action. where is an -# ACTION defined in /etc/shorewall/actions. +# This file is a template for files with names of the form +# /etc/shorewall/action. where is an +# ACTION defined in /etc/shorewall/actions. # -# To define a new action: +# To define a new action: # -# 1. Add the to /etc/shorewall/actions -# 2. Copy this file to /etc/shorewall/action. -# 3. Add the desired rules to that file. +# 1. Add the to /etc/shorewall/actions +# 2. Copy this file to /etc/shorewall/action. +# 3. Add the desired rules to that file. # -# Please see http://shorewall.net/Actions.html for additional -# information. +# Please see http://shorewall.net/Actions.html for additional information. # # Columns are the same as in /etc/shorewall6/rules. # -####################################################################################################### -# DO NOT REMOVE THE FOLLOWING LINE -##################################################################################################################################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER -# PORT PORT(S) DEST LIMIT GROUP +############################################################################################################################################################## +#ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST RATE USER MARK CONNLIMIT TIME HEADERS SWITCH HELPER diff --git a/Shorewall6/lib.base b/Shorewall6/lib.base index 8c5695d1c..555996fb9 100644 --- a/Shorewall6/lib.base +++ b/Shorewall6/lib.base @@ -1,24 +1,24 @@ # -# Shorewall 4.4 -- /usr/share/shorewall6/lib.base +# Shorewall -- /usr/share/shorewall6/lib.base # -# (c) 2011,2014 - Tom Eastep (teastep@shorewall.net) +# (c) 2011-2016 Tom Eastep (teastep@shorewall.net) # -# Complete documentation is available at http://shorewall.net +# Complete documentation is available at http://shorewall.net # -# This program is part of Shorewall. +# This program is part of Shorewall. # -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by the -# Free Software Foundation, either version 2 of the license or, at your -# option, any later version. +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by the +# Free Software Foundation, either version 2 of the license or, at your +# option, any later version. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, see . +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . # # This library contains the code common to all Shorewall components. diff --git a/Shorewall6/modules.essential b/Shorewall6/modules.essential index cefea32ae..9195e416d 100644 --- a/Shorewall6/modules.essential +++ b/Shorewall6/modules.essential @@ -1,16 +1,16 @@ # -# Shorewall6 version 5 - Essential Modules File +# Shorewall6 -- /usr/share/shorewall6/modules.essential # -# /usr/share/shorewall6/modules.essential +# Essential Modules File # -# This file loads the modules that may be needed by the firewall. +# This file loads the modules that may be needed by the firewall. # -# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in -# dependency order. i.e., if M2 depends on M1 then you must load M1 -# before you load M2. +# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in +# dependency order. i.e., if M2 depends on M1 then you must load M1 +# before you load M2. # -# If you need to modify this file, copy it to /etc/shorewall and modify the -# copy. +# If you need to modify this file, copy it to /etc/shorewall and modify the +# copy. # ############################################################################### loadmodule nfnetlink diff --git a/Shorewall6/modules.extensions b/Shorewall6/modules.extensions index 0eff4ed6b..3c0a539bf 100644 --- a/Shorewall6/modules.extensions +++ b/Shorewall6/modules.extensions @@ -1,16 +1,16 @@ # -# Shorewall6 version 5 - Extensions Modules File +# Shorewall6 -- /usr/share/shorewall6/modules.extension # -# /usr/share/shorewall6/modules.extension +# Extensions Modules File # -# This file loads the modules that may be needed by the firewall. +# This file loads the modules that may be needed by the firewall. # -# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in -# dependency order. i.e., if M2 depends on M1 then you must load M1 -# before you load M2. +# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in +# dependency order. i.e., if M2 depends on M1 then you must load M1 +# before you load M2. # -# If you need to modify this file, copy it to /etc/shorewall and modify the -# copy. +# If you need to modify this file, copy it to /etc/shorewall and modify the +# copy. # ############################################################################### loadmodule ip6_queue diff --git a/Shorewall6/modules.ipset b/Shorewall6/modules.ipset index b112e5bfe..682192da5 100644 --- a/Shorewall6/modules.ipset +++ b/Shorewall6/modules.ipset @@ -1,16 +1,16 @@ # -# Shorewall version 5 - IP Set Modules File +# Shorewall6 -- /usr/share/shorewall6/modules.ipset # -# /usr/share/shorewall6/modules.ipset +# IP Set Modules File # -# This file loads the modules that may be needed by the firewall. +# This file loads the modules that may be needed by the firewall. # -# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in -# dependency order. i.e., if M2 depends on M1 then you must load M1 -# before you load M2. +# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in +# dependency order. i.e., if M2 depends on M1 then you must load M1 +# before you load M2. # -# If you need to modify this file, copy it to /etc/shorewall6 and modify the -# copy. +# If you need to modify this file, copy it to /etc/shorewall6 and modify the +# copy. # ############################################################################### loadmodule xt_set diff --git a/Shorewall6/modules.tc b/Shorewall6/modules.tc index e9fcc0921..39c2f5955 100644 --- a/Shorewall6/modules.tc +++ b/Shorewall6/modules.tc @@ -1,16 +1,16 @@ # -# Shorewall6 version 5 - Traffic Shaping Modules File +# Shorewall6 -- /usr/share/shorewall6/modules.tc # -# /usr/share/shorewall6/modules.tc +# Traffic Shaping Modules File # -# This file loads the modules that may be needed by the firewall. +# This file loads the modules that may be needed by the firewall. # -# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in -# dependency order. i.e., if M2 depends on M1 then you must load M1 -# before you load M2. +# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in +# dependency order. i.e., if M2 depends on M1 then you must load M1 +# before you load M2. # -# If you need to modify this file, copy it to /etc/shorewall and modify the -# copy. +# If you need to modify this file, copy it to /etc/shorewall and modify the +# copy. # ############################################################################### loadmodule sch_sfq diff --git a/Shorewall6/modules.xtables b/Shorewall6/modules.xtables index f785aaf81..4c68a9342 100644 --- a/Shorewall6/modules.xtables +++ b/Shorewall6/modules.xtables @@ -1,16 +1,16 @@ # -# Shorewall6 version 5 - Xtables Modules File +# Shorewall6 -- /usr/share/shorewall6/modules.xtables # -# /usr/share/shorewall6/modules.xtables +# Xtables Modules File # -# This file loads the modules that may be needed by the firewall. +# This file loads the modules that may be needed by the firewall. # -# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in -# dependency order. i.e., if M2 depends on M1 then you must load M1 -# before you load M2. +# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in +# dependency order. i.e., if M2 depends on M1 then you must load M1 +# before you load M2. # -# If you need to modify this file, copy it to /etc/shorewall and modify the -# copy. +# If you need to modify this file, copy it to /etc/shorewall and modify the +# copy. # ############################################################################### loadmodule xt_AUDIT