Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code

This commit is contained in:
Tom Eastep 2016-04-05 11:46:42 -07:00
commit 54843c617d
41 changed files with 511 additions and 529 deletions

View File

@ -1,7 +1,5 @@
# #
# Shorewall version 5 - Drop Action # Shorewall -- /usr/share/shorewall/action.A_Drop
#
# /usr/share/shorewall/action.A_Drop
# #
# The audited default DROP common rules # The audited default DROP common rules
# #
@ -9,22 +7,19 @@
# of the action is: # of the action is:
# #
# a) Avoid logging lots of useless cruft. # a) Avoid logging lots of useless cruft.
# b) Ensure that 'auth' requests are rejected, even if the policy is # b) Ensure that certain ICMP packets that are necessary for successful
# DROP. Otherwise, you may experience problems establishing
# connections with servers that use auth.
# c) Ensure that certain ICMP packets that are necessary for successful
# internet operation are always ACCEPTed. # internet operation are always ACCEPTed.
# #
# IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!! # IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!!
# #
############################################################################### ###############################################################################
#TARGET SOURCE DEST PROTO DPORT SPORT #ACTION SOURCE DEST PROTO DPORT SPORT
# #
# Count packets that come through here # Count packets that come through here
# #
COUNT COUNT
# #
# Silently DROP 'auth' # Special Handling for Auth
# #
Auth(A_DROP) Auth(A_DROP)
# #

View File

@ -1,7 +1,5 @@
# #
# Shorewall version 5 - Reject Action # Shorewall -- /usr/share/shorewall/action.A_Reject
#
# /usr/share/shorewall/action.A_Reject
# #
# The audited default REJECT action common rules # The audited default REJECT action common rules
# #
@ -14,7 +12,7 @@
# #
# IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!! # IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!!
############################################################################### ###############################################################################
#TARGET SOURCE DEST PROTO #ACTION SOURCE DEST PROTO
# #
# Count packets that come through here # Count packets that come through here
# #

View File

@ -1,5 +1,7 @@
# #
# Shorewall version 5 - Auto Blacklist Action # Shorewall -- /usr/share/shorewall/action.AutoBL
#
# Auto Blacklist Action
# #
# Parameters are: # Parameters are:
# #
@ -37,7 +39,7 @@ validate_level( $level );
1; 1;
?end perl ?end perl
############################################################################### ###############################################################################
#TARGET SOURCE DEST PROTO DPORT SPORT #ACTION SOURCE DEST PROTO DPORT SPORT
# #
# Silently reject the client if blacklisted # Silently reject the client if blacklisted
# #

View File

@ -1,13 +1,16 @@
# #
# Shorewall version 5 - Auto Blacklisting Logger Action # Shorewall -- /usr/share/shorewall/action.AutoBLL
#
# Auto Blacklisting Logger Action
# #
# Arguments are # Arguments are
# #
# Event: Name of the blacklisted event # Event - Name of the blacklisted event
# Disposition: What to do with packets # Disposition - What to do with packets
# Level: Log level and optional tag for logging. # Level - Log level and optional tag for logging
#
############################################################################### ###############################################################################
#TARGET SOURCE DEST PROTO DPORT SPORT #ACTION SOURCE DEST PROTO DPORT SPORT
# #
# Log the Reject # Log the Reject
# #

View File

@ -1,11 +1,9 @@
# #
# Shorewall 4 - Broadcast Action # Shorewall -- /usr/share/shorewall/action.Broadcast
#
# /usr/share/shorewall/action.Broadcast
# #
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
# #
# (c) 2011 - Tom Eastep (teastep@shorewall.net) # (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
# #
# Complete documentation is available at http://shorewall.net # Complete documentation is available at http://shorewall.net
# #
@ -26,7 +24,7 @@
# #
# Default action is DROP # Default action is DROP
# #
########################################################################################## ###############################################################################
DEFAULTS DROP,- DEFAULTS DROP,-

View File

@ -1,11 +1,11 @@
# #
# Shorewall 5 - DNS Amplification Action # Shorewall -- /usr/share/shorewall/action.DNSAmp
# #
# /usr/share/shorewall/action.DNSAmp # DNS Amplification Action
# #
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
# #
# (c) 2011,2012 - Tom Eastep (teastep@shorewall.net) # (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
# #
# Complete documentation is available at http://shorewall.net # Complete documentation is available at http://shorewall.net
# #
@ -26,7 +26,8 @@
# #
# Default action is DROP # Default action is DROP
# #
########################################################################################## ###############################################################################
#ACTION SOURCE DEST PROTO DPORT
DEFAULTS DROP DEFAULTS DROP

View File

@ -1,7 +1,5 @@
# #
# Shorewall version 5 - Drop Action # Shorewall -- /usr/share/shorewall/action.Drop
#
# /usr/share/shorewall/action.Drop
# #
# The default DROP common rules # The default DROP common rules
# #
@ -39,7 +37,7 @@ DEFAULTS -,-,A_DROP,A_ACCEPT,A_DROP
DEFAULTS -,-,DROP,ACCEPT,DROP DEFAULTS -,-,DROP,ACCEPT,DROP
?endif ?endif
#TARGET SOURCE DEST PROTO DPORT SPORT #ACTION SOURCE DEST PROTO DPORT SPORT
# #
# Count packets that come through here # Count packets that come through here
# #

View File

@ -1,14 +1,14 @@
# #
# Shorewall version 5 - Drop Smurfs Action # Shorewall -- /usr/share/shorewall/action.DropSmurfs
# #
# /usr/share/shorewall/action.DropSmurfs # Drop Smurfs Action
# #
# Accepts a single optional parameter: # Accepts a single optional parameter:
# #
# - = Do not Audit # - = Do not Audit
# audit = Audit dropped packets. # audit = Audit dropped packets.
# #
################################################################################# ###############################################################################
DEFAULTS - DEFAULTS -
@ -79,8 +79,3 @@ if ( $family == F_IPV4 ) {
} }
?end perl; ?end perl;

View File

@ -1,11 +1,11 @@
# #
# Shorewall 5 - Established Action # Shorewall -- /usr/share/shorewall/action.Established
# #
# /usr/share/shorewall/action.Established # Established Action
# #
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
# #
# (c) 2011,2012 - Tom Eastep (teastep@shorewall.net) # (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
# #
# Complete documentation is available at http://shorewall.net # Complete documentation is available at http://shorewall.net
# #
@ -26,7 +26,7 @@
# #
# Default action is ACCEPT # Default action is ACCEPT
# #
########################################################################################## ###############################################################################
DEFAULTS ACCEPT DEFAULTS ACCEPT

View File

@ -1,13 +1,14 @@
# #
# Shorewall version 5 - GlusterFS Handler for GlusterFS 3.4 and Later # Shorewall -- /usr/share/shorewall/action.GlusterFS
# #
# /etc/shorewall/action.GlusterFS # GlusterFS Handler for GlusterFS 3.4 and Later
# #
# Parameters: # Parameters:
# Bricks: Number of bricks
# IB: 0 or 1, indicating whether Infiniband is used or not
# #
######################################################################################### # Bricks - Number of bricks
# IB - 0 or 1, indicating whether Infiniband is used or not
#
###############################################################################
DEFAULTS 2,0 DEFAULTS 2,0
@ -17,8 +18,8 @@ DEFAULTS 2,0
?error Invalid value for IB (@2) ?error Invalid value for IB (@2)
?endif ?endif
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER #ACTION SOURCE DEST PROTO DPORT
# PORT PORT(S) DEST LIMIT GROUP
ACCEPT - - udp 111,2049 ACCEPT - - udp 111,2049
ACCEPT - - tcp 38465:38467 ACCEPT - - tcp 38465:38467
@ -31,4 +32,3 @@ ACCEPT - - tcp 24007
?set last_port 49150 + @{1} ?set last_port 49150 + @{1}
ACCEPT - - tcp 49151:$last_port ACCEPT - - tcp 49151:$last_port

View File

@ -1,34 +1,38 @@
# #
# Shorewall version 5 - Perform an Action based on a Event # Shorewall -- /usr/share/shorewall/action.IfEvent
# #
# /etc/shorewall/action.IfEvent # Perform an Action based on a Event
# #
# Parameters: # Parameters:
# Event: Must start with a letter and be composed of letters, digits, '-', and '_'.
# Action: Anything that can appear in the ACTION column of a rule.
# Duration: Duration in seconds over which the event is to be tested.
# Hit Count: Number of packets seen within the duration -- default is 1
# Src or Dest: 'src' (default) or 'dst'. Determines if the event is associated with the source
# address (src) or destination address (dst)
# Command: 'check' (default) 'reset', or 'update'. If 'reset', the event will be reset before
# the Action is taken. If 'update', the timestamp associated with the event will
# be updated and the action taken if the time limit/hitcount are matched.
# If '-', the action will be taken if the limit/hitcount are matched but the
# event's timestamp will not be updated.
# #
# If a duration is specified, then 'checkreap' and 'updatereap' may also # Event - Must start with a letter and be composed of letters, digits,
# be used. These are like 'check' and 'update' respectively, but they also # '-', and '_'.
# remove any event entries for the IP address that are older than <duration> # Action - Anything that can appear in the ACTION column of a rule.
# seconds. # Duration - Duration in seconds over which the event is to be tested.
# Disposition: Disposition for any event generated. # Hit Count - Number of packets seen within the duration -- default is 1
# Src or Dest - 'src' (default) or 'dst'. Determines if the event is
# associated with the source address (src) or destination
# address (dst)
# Command - 'check' (default) 'reset', or 'update'. If 'reset',
# the event will be reset before the Action is taken.
# If 'update', the timestamp associated with the event will
# be updated and the action taken if the time limit/hitcount
# are matched.
# If '-', the action will be taken if the limit/hitcount are
# matched but the event's timestamp will not be updated.
#
# If a duration is specified, then 'checkreap' and 'updatereap'
# may also be used. These are like 'check' and 'update'
# respectively, but they also remove any event entries for
# the IP address that are older than <duration> seconds.
# Disposition - Disposition for any event generated.
# #
# For additional information, see http://www.shorewall.net/Events.html # For additional information, see http://www.shorewall.net/Events.html
# #
####################################################################################################### ###############################################################################
# DO NOT REMOVE THE FOLLOWING LINE # DO NOT REMOVE THE FOLLOWING LINE
################################################################################################################################################################################################# ###############################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER #ACTION SOURCE DEST PROTO DPORT SPORT
# PORT PORT(S) DEST LIMIT GROUP
DEFAULTS -,ACCEPT,-,1,src,check,- DEFAULTS -,ACCEPT,-,1,src,check,-

View File

@ -1,11 +1,10 @@
# #
# Shorewall 4 - Invalid Action # Shorewall -- /usr/share/shorewall/action.Invalid
#
# /usr/share/shorewall/action.Invalid
# #
# Invalid Action
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
# #
# (c) 2011,2012 - Tom Eastep (teastep@shorewall.net) # (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
# #
# Complete documentation is available at http://shorewall.net # Complete documentation is available at http://shorewall.net
# #
@ -26,10 +25,11 @@
# #
# Default action is DROP # Default action is DROP
# #
########################################################################################## ###############################################################################
DEFAULTS DROP,- DEFAULTS DROP,-
# #
# All logic for this action is triggered by the 'audit' and 'state' options in actions.std # All logic for this action is triggered by the 'audit' and 'state' options
# in actions.std
# #

View File

@ -1,11 +1,11 @@
# #
# Shorewall 4 - New Action # Shorewall -- /usr/share/shorewall/action.New
# #
# /usr/share/shorewall/action.New # New Action
# #
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
# #
# (c) 2011,2012 - Tom Eastep (teastep@shorewall.net) # (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
# #
# Complete documentation is available at http://shorewall.net # Complete documentation is available at http://shorewall.net
# #
@ -26,7 +26,7 @@
# #
# Default action is ACCEPT # Default action is ACCEPT
# #
########################################################################################## ###############################################################################
DEFAULTS ACCEPT DEFAULTS ACCEPT

View File

@ -1,11 +1,11 @@
# #
# Shorewall 4 - NotSyn Action # Shorewall -- /usr/share/shorewall/action.NotSyn
# #
# /usr/share/shorewall/action.NotSyn # NotSyn Action
# #
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
# #
# (c) 2011 - Tom Eastep (teastep@shorewall.net) # (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
# #
# Complete documentation is available at http://shorewall.net # Complete documentation is available at http://shorewall.net
# #
@ -26,7 +26,7 @@
# #
# Default action is DROP # Default action is DROP
# #
########################################################################################## ###############################################################################
DEFAULTS DROP,- DEFAULTS DROP,-

View File

@ -1,11 +1,11 @@
# #
# Shorewall 4 - RST Action # Shorewall -- /usr/share/shorewall/action.RST
# #
# /usr/share/shorewall/action.RST # RST Action
# #
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
# #
# (c) 2012 - Tom Eastep (teastep@shorewall.net) # (c) 2012-2016 Tom Eastep (teastep@shorewall.net)
# #
# Complete documentation is available at http://shorewall.net # Complete documentation is available at http://shorewall.net
# #
@ -26,7 +26,7 @@
# #
# Default action is DROP # Default action is DROP
# #
########################################################################################## ###############################################################################
DEFAULTS DROP,- DEFAULTS DROP,-

View File

@ -1,7 +1,5 @@
# #
# Shorewall version 5 - Reject Action # Shorewall -- /usr/share/shorewall/action.Reject
#
# /usr/share/shorewall/action.Reject
# #
# The default REJECT action common rules # The default REJECT action common rules
# #
@ -38,7 +36,7 @@ DEFAULTS -,-,A_REJECT,A_ACCEPT,A_DROP
DEFAULTS -,-,REJECT,ACCEPT,DROP DEFAULTS -,-,REJECT,ACCEPT,DROP
?endif ?endif
#TARGET SOURCE DEST PROTO #ACTION SOURCE DEST PROTO
# #
# Count packets that come through here # Count packets that come through here
# #

View File

@ -1,11 +1,11 @@
# #
# Shorewall 4 - Related Action # Shorewall -- /usr/share/shorewall/action.Related
# #
# /usr/share/shorewall/action.Related # Related Action
# #
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
# #
# (c) 2011,2012 - Tom Eastep (teastep@shorewall.net) # (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
# #
# Complete documentation is available at http://shorewall.net # Complete documentation is available at http://shorewall.net
# #
@ -26,7 +26,7 @@
# #
# Default action is DROP # Default action is DROP
# #
########################################################################################## ###############################################################################
DEFAULTS DROP DEFAULTS DROP

View File

@ -1,22 +1,24 @@
# #
# Shorewall version 5 - Reset an Event # Shorewall -- /etc/shorewall/action.ResetEvent
# #
# /etc/shorewall/action.ResetEvent # Reset an Event
# #
# Parameters: # Parameters:
# Event: Must start with a letter and be composed of letters, digits, '-', and '_'. #
# Action: Action to perform after setting the event. Default is ACCEPT # Event - Must start with a letter and be composed of letters, digits,
# Src or Dest: 'src' (default) or 'dst'. Determines if the event is associated with the source # '-', and '_'.
# address (src) or destination address (dst) # Action - Action to perform after setting the event. Default is ACCEPT
# Disposition: Disposition for any rule generated. # Src or Dest - 'src' (default) or 'dst'. Determines if the event is
# associated with the source address (src) or destination
# address (dst)
# Disposition - Disposition for any rule generated.
# #
# For additional information, see http://www.shorewall.net/Events.html # For additional information, see http://www.shorewall.net/Events.html
# #
####################################################################################################### ###############################################################################
# DO NOT REMOVE THE FOLLOWING LINE # DO NOT REMOVE THE FOLLOWING LINE
################################################################################################################################################################################################# ##############################################################################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER #ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST RATE USER MARK CONNLIMIT TIME HEADERS SWITCH HELPER
# PORT PORT(S) DEST LIMIT GROUP
DEFAULTS -,ACCEPT,src,- DEFAULTS -,ACCEPT,src,-

View File

@ -1,14 +1,17 @@
# #
# Shorewall version 5 - Set an Event # Shorewall -- /usr/share/shorewall/action.SetEvent
# #
# /etc/shorewall/action.SetEvent # Set an Event
# #
# Parameters: # Parameters:
# Event: Must start with a letter and be composed of letters, digits, '-', and '_'. #
# Action: Action to perform after setting the event. Default is ACCEPT # Event - Must start with a letter and be composed of letters, digits,
# Src or Dest: 'src' (default) or 'dst'. Determines if the event is associated with the source # '-', and '_'.
# address (src) or destination address (dst) # Action - Action to perform after setting the event. Default is ACCEPT
# Disposition: Disposition for any event generated. # Src or Dest - 'src' (default) or 'dst'. Determines if the event is
# associated with the source address (src) or destination
# address (dst)
# Disposition - Disposition for any event generated.
# #
# For additional information, see http://www.shorewall.net/Events.html # For additional information, see http://www.shorewall.net/Events.html
# #

View File

@ -1,14 +1,14 @@
# #
# Shorewall version 5 - Drop TCPFlags Action # Shorewall -- /usr/share/shorewall/action.TCPFlags
# #
# /usr/share/shorewall/action.TCPFlags # Drop TCPFlags Action
# #
# Accepts a single optional parameter: # Accepts a single optional parameter:
# #
# - = Do not Audit # - = Do not Audit
# audit = Audit dropped packets. # audit = Audit dropped packets.
# #
################################################################################# ###############################################################################
DEFAULTS - DEFAULTS -

View File

@ -1,11 +1,11 @@
# #
# Shorewall 4 - Untracked Action # Shorewall --/usr/share/shorewall/action.Untracked
# #
# /usr/share/shorewall/action.Untracked # Untracked Action
# #
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
# #
# (c) 2011,2012 - Tom Eastep (teastep@shorewall.net) # (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
# #
# Complete documentation is available at http://shorewall.net # Complete documentation is available at http://shorewall.net
# #
@ -26,7 +26,8 @@
# #
# Default action is DROP # Default action is DROP
# #
########################################################################################## ###############################################################################
DEFAULTS DROP DEFAULTS DROP
# #

View File

@ -1,11 +1,9 @@
\#
# Shorewall 4 - allowInvalid Action
# #
# /usr/share/shorewall/action.allowInvalid # Shorewall -- /usr/share/shorewall/action.allowInvalid
# #
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
# #
# (c) 2011 - Tom Eastep (teastep@shorewall.net) # (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
# #
# Complete documentation is available at http://shorewall.net # Complete documentation is available at http://shorewall.net
# #
@ -24,7 +22,7 @@
# #
# allowInvalid[([audit])] # allowInvalid[([audit])]
# #
########################################################################################## ###############################################################################
DEFAULTS - DEFAULTS -

View File

@ -1,11 +1,11 @@
# #
# Shorewall 5 - dropInvalid Action # Shorewall -- /usr/share/shorewall/action.dropInvalid
# #
# /usr/share/shorewall/action.dropInvalid # dropInvalid Action
# #
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
# #
# (c) 2011 - Tom Eastep (teastep@shorewall.net) # (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
# #
# Complete documentation is available at http://shorewall.net # Complete documentation is available at http://shorewall.net
# #
@ -24,9 +24,7 @@
# #
# dropInvalid[([audit])] # dropInvalid[([audit])]
# #
########################################################################################## ###############################################################################
DEFAULTS -
DEFAULTS - DEFAULTS -

View File

@ -1,7 +1,7 @@
# #
# Shorewall version 5 - Mangle Action Template # Shorewall -- /etc/shorewall/action.mangletemplate
# #
# /etc/shorewall/action.mangletemplate # Mangle Action Template
# #
# This file is a template for files with names of the form # This file is a template for files with names of the form
# /etc/shorewall/action.<action-name> where <action> is an # /etc/shorewall/action.<action-name> where <action> is an

View File

@ -1,7 +1,7 @@
# #
# Shorewall version 5 - Action Template # Shorewall -- /usr/share/shorewall/action.template
# #
# /etc/shorewall/action.template # Action Template
# #
# This file is a template for files with names of the form # This file is a template for files with names of the form
# /etc/shorewall/action.<action-name> where <action> is an # /etc/shorewall/action.<action-name> where <action> is an

View File

@ -1,7 +1,7 @@
# #
# Shorewall version 5 - Essential Modules File # Shorewall -- /usr/share/shorewall/modules.essential
# #
# /usr/share/shorewall/modules.essential # Essential Modules File
# #
# This file loads the modules that may be needed by the firewall. # This file loads the modules that may be needed by the firewall.
# #

View File

@ -1,7 +1,7 @@
# #
# Shorewall version 5 - Extensions Modules File # Shorewall -- /usr/share/shorewall/modules.extensions
# #
# /usr/share/shorewall/modules.extensions # Extensions Modules File
# #
# This file loads the modules that may be needed by the firewall. # This file loads the modules that may be needed by the firewall.
# #

View File

@ -1,7 +1,7 @@
# #
# Shorewall version 5 - IP Set Modules File # Shorewall -- /usr/share/shorewall/modules.ipset
# #
# /usr/share/shorewall/modules.ipset # IP Set Modules File
# #
# This file loads the modules that may be needed by the firewall. # This file loads the modules that may be needed by the firewall.
# #

View File

@ -1,7 +1,7 @@
# #
# Shorewall version 5 - Traffic Shaping Modules File # Shorewall -- /usr/share/shorewall/modules.tc
# #
# /usr/share/shorewall/modules.tc # Traffic Shaping Modules File
# #
# This file loads the modules that may be needed by the firewall. # This file loads the modules that may be needed by the firewall.
# #

View File

@ -1,7 +1,7 @@
# #
# Shorewall version 5 - Xtables Modules File # Shorewall -- /usr/share/shorewall/modules.xtables
# #
# /usr/share/shorewall/modules.xtables # Xtables Modules File
# #
# This file loads the modules that may be needed by the firewall. # This file loads the modules that may be needed by the firewall.
# #

View File

@ -1,13 +1,11 @@
# #
# Shorewall6 version 5 - Audited AllowICMPs Action # Shorewall6 -- /usr/share/shorewall6/action.A_AllowICMPs
#
# /usr/share/shorewall6/action.A_AllowICMPs
# #
# This action A_ACCEPTs needed ICMP types # This action A_ACCEPTs needed ICMP types
# #
############################################################################### ###############################################################################
#TARGET SOURCE DEST PROTO DEST #ACTION SOURCE DEST PROTO DPORT
# PORT(S)
?comment Needed ICMP types (RFC4890) ?comment Needed ICMP types (RFC4890)
A_ACCEPT - - ipv6-icmp destination-unreachable A_ACCEPT - - ipv6-icmp destination-unreachable

View File

@ -1,13 +1,10 @@
# #
# Shorewall6 version 5 - AllowICMPs Action # Shorewall6 -- /usr/share/shorewall6/action.AllowICMPs
#
# /usr/share/shorewall6/action.AllowICMPs
# #
# This action ACCEPTs needed ICMP types # This action ACCEPTs needed ICMP types
# #
############################################################################### ###############################################################################
#TARGET SOURCE DEST PROTO DEST #ACTION SOURCE DEST PROTO DPORT
# PORT(S)
DEFAULTS ACCEPT DEFAULTS ACCEPT

View File

@ -1,11 +1,11 @@
# #
# Shorewall 4 - Multicast/Anycast Action # Shorewall6 -- /usr/share/shorewall6/action.Broadcast
# #
# /usr/share/shorewall/action.Broadcast # Multicast/Anycast IPv6 Action
# #
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
# #
# (c) 2011 - Tom Eastep (teastep@shorewall.net) # (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
# #
# Complete documentation is available at http://shorewall.net # Complete documentation is available at http://shorewall.net
# #
@ -26,7 +26,7 @@
# #
# Default action is DROP # Default action is DROP
# #
########################################################################################## ###############################################################################
DEFAULTS DROP,- DEFAULTS DROP,-

View File

@ -1,7 +1,5 @@
# #
# Shorewall version 5 - Mangle Action Template # Shorewall6 -- /usr/share/shorewall6/action.mangletemplate
#
# /etc/shorewall6/action.mangletemplate
# #
# This file is a template for files with names of the form # This file is a template for files with names of the form
# /etc/shorewall/action.<action-name> where <action> is an # /etc/shorewall/action.<action-name> where <action> is an
@ -13,8 +11,7 @@
# 2. Copy this file to /etc/shorewall6/action.<action name> # 2. Copy this file to /etc/shorewall6/action.<action name>
# 3. Add the desired rules to that file. # 3. Add the desired rules to that file.
# #
# Please see http://shorewall.net/Actions.html for additional # Please see http://shorewall.net/Actions.html for additional information.
# information.
# #
# Columns are the same as in /etc/shorewall6/mangle. # Columns are the same as in /etc/shorewall6/mangle.
# #

View File

@ -1,7 +1,7 @@
# #
# Shorewall version 5 - Action Template # Shorewall6 -- /usr/share/shorewall6/action.template
# #
# /etc/shorewall6/action.template # Action Template
# #
# This file is a template for files with names of the form # This file is a template for files with names of the form
# /etc/shorewall/action.<action-name> where <action> is an # /etc/shorewall/action.<action-name> where <action> is an
@ -13,13 +13,9 @@
# 2. Copy this file to /etc/shorewall/action.<action name> # 2. Copy this file to /etc/shorewall/action.<action name>
# 3. Add the desired rules to that file. # 3. Add the desired rules to that file.
# #
# Please see http://shorewall.net/Actions.html for additional # Please see http://shorewall.net/Actions.html for additional information.
# information.
# #
# Columns are the same as in /etc/shorewall6/rules. # Columns are the same as in /etc/shorewall6/rules.
# #
####################################################################################################### ##############################################################################################################################################################
# DO NOT REMOVE THE FOLLOWING LINE #ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST RATE USER MARK CONNLIMIT TIME HEADERS SWITCH HELPER
#####################################################################################################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER
# PORT PORT(S) DEST LIMIT GROUP

View File

@ -1,7 +1,7 @@
# #
# Shorewall 4.4 -- /usr/share/shorewall6/lib.base # Shorewall -- /usr/share/shorewall6/lib.base
# #
# (c) 2011,2014 - Tom Eastep (teastep@shorewall.net) # (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
# #
# Complete documentation is available at http://shorewall.net # Complete documentation is available at http://shorewall.net
# #

View File

@ -1,7 +1,7 @@
# #
# Shorewall6 version 5 - Essential Modules File # Shorewall6 -- /usr/share/shorewall6/modules.essential
# #
# /usr/share/shorewall6/modules.essential # Essential Modules File
# #
# This file loads the modules that may be needed by the firewall. # This file loads the modules that may be needed by the firewall.
# #

View File

@ -1,7 +1,7 @@
# #
# Shorewall6 version 5 - Extensions Modules File # Shorewall6 -- /usr/share/shorewall6/modules.extension
# #
# /usr/share/shorewall6/modules.extension # Extensions Modules File
# #
# This file loads the modules that may be needed by the firewall. # This file loads the modules that may be needed by the firewall.
# #

View File

@ -1,7 +1,7 @@
# #
# Shorewall version 5 - IP Set Modules File # Shorewall6 -- /usr/share/shorewall6/modules.ipset
# #
# /usr/share/shorewall6/modules.ipset # IP Set Modules File
# #
# This file loads the modules that may be needed by the firewall. # This file loads the modules that may be needed by the firewall.
# #

View File

@ -1,7 +1,7 @@
# #
# Shorewall6 version 5 - Traffic Shaping Modules File # Shorewall6 -- /usr/share/shorewall6/modules.tc
# #
# /usr/share/shorewall6/modules.tc # Traffic Shaping Modules File
# #
# This file loads the modules that may be needed by the firewall. # This file loads the modules that may be needed by the firewall.
# #

View File

@ -1,7 +1,7 @@
# #
# Shorewall6 version 5 - Xtables Modules File # Shorewall6 -- /usr/share/shorewall6/modules.xtables
# #
# /usr/share/shorewall6/modules.xtables # Xtables Modules File
# #
# This file loads the modules that may be needed by the firewall. # This file loads the modules that may be needed by the firewall.
# #