More cleanup

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8968 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-06-26 12:42:40 +02:00 · 2008-12-10 02:07:09 +00:00 · 2008-12-10 02:07:09 +00:00 · 63f3b609f7
commit 63f3b609f7
parent 443d418eda
10 changed files with 37 additions and 163 deletions
--- a/Samples6/one-interface/interfaces
+++ b/Samples6/one-interface/interfaces
@ -16,5 +16,5 @@
 #
 ###############################################################################
 #ZONE	INTERFACE	BROADCAST	OPTIONS
-net     eth0            detect          tcpflags,nosmurfs
+net     eth0            detect          tcpflags
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/three-interfaces/interfaces
+++ b/Samples6/three-interfaces/interfaces
@ -1,6 +1,6 @@
 #
-# Shorewall version 4.0 - Sample Interfaces File for three-interface configuration.
+# Shorewall6 version 4.0 - Sample Interfaces File for three-interface configuration.
-# Copyright (C) 2006 by the Shorewall Team
+# Copyright (C) 2006,2008 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@ -16,7 +16,7 @@
 #
 ###############################################################################
 #ZONE	INTERFACE	BROADCAST	OPTIONS
-net     eth0            detect          tcpflags,dhcp,routefilter,nosmurfs,logmartians
+net     eth0            detect          tcpflags
-loc     eth1            detect          tcpflags,nosmurfs
+loc     eth1            detect          tcpflags
 dmz     eth2            detect
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/three-interfaces/rules
+++ b/Samples6/three-interfaces/rules
@ -1,6 +1,6 @@
 #
-# Shorewall version 4.0 - Sample Rules File for three-interface configuration.
+# Shorewall6 version 4.0 - Sample Rules File for three-interface configuration.
-# Copyright (C) 2006,2007 by the Shorewall Team
+# Copyright (C) 2006,2007,2008 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@ -47,9 +47,9 @@ Ping/ACCEPT     loc             dmz
 Ping/ACCEPT     dmz             loc
 Ping/ACCEPT     dmz             net
-ACCEPT		$FW		net		icmp
+ACCEPT		$FW		net		ipv6-icmp
-ACCEPT		$FW		loc		icmp
+ACCEPT		$FW		loc		ipv6-icmp
-ACCEPT		$FW		dmz		icmp
+ACCEPT		$FW		dmz		ipv6-icmp
 # Uncomment this if using Proxy ARP and static NAT and you want to allow ping from
 # the net zone to the dmz and loc
--- a/Samples6/three-interfaces/shorewall6.conf
+++ b/Samples6/three-interfaces/shorewall6.conf
@ -1,7 +1,6 @@
-s###############################################################################
+###############################################################################
 #
-# Shorewall version 4.0 - Sample shorewall.conf for three-interface
+# Shorewall version 3.4 - Sample shorewall.conf for one-interface configuration.
 #                         configuration.
 # Copyright (C) 2006 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
@ -15,7 +14,6 @@ s###############################################################################
 #
 # The manpage is also online at 
 # http://shorewall.net/manpages/shorewall.conf.html
 #
 ###############################################################################
 #		       S T A R T U P   E N A B L E D
 ###############################################################################
@ -28,13 +26,6 @@ STARTUP_ENABLED=No
 VERBOSITY=1
 ###############################################################################
 #                              C O M P I L E R
 #      (setting this to 'perl' requires installation of Shorewall-perl)
 ###############################################################################
 SHOREWALL_COMPILER=
 ###############################################################################
 #			       L O G G I N G
 ###############################################################################
@ -57,21 +48,13 @@ LOGALLNEW=
 BLACKLIST_LOGLEVEL=
 MACLIST_LOG_LEVEL=info
 TCP_FLAGS_LOG_LEVEL=info
 RFC1918_LOG_LEVEL=info
 SMURF_LOG_LEVEL=info
 LOG_MARTIANS=Yes
 ###############################################################################
 #	L O C A T I O N	  O F	F I L E S   A N D   D I R E C T O R I E S
 ###############################################################################
-IPTABLES=
+IP6TABLES=
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
@ -81,12 +64,10 @@ SUBSYSLOCK=/var/lock/subsys/shorewall
 MODULESDIR=
-CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
+CONFIG_PATH=/usr/share/shorewall6/configfiles:/usr/share/shorewall6
 RESTOREFILE=
 IPSECFILE=zones
 LOCKFILE=
 ###############################################################################
@ -110,15 +91,7 @@ RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
 #			F I R E W A L L	  O P T I O N S
 ###############################################################################
-IP_FORWARDING=On
+TC_ENABLED=No
 ADD_IP_ALIASES=Yes
 ADD_SNAT_ALIASES=No
 RETAIN_ALIASES=No
 TC_ENABLED=Internal
 TC_EXPERT=No
@ -128,46 +101,20 @@ MARK_IN_FORWARD_CHAIN=No
 CLAMPMSS=No
 ROUTE_FILTER=No
 DETECT_DNAT_IPADDRS=No
 MUTEX_TIMEOUT=60
 ADMINISABSENTMINDED=Yes
 BLACKLISTNEWONLY=Yes
 DELAYBLACKLISTLOAD=No
 MODULE_SUFFIX=
 DISABLE_IPV6=Yes
 BRIDGING=No
 DYNAMIC_ZONES=No
 PKTTYPE=Yes
 RFC1918_STRICT=No
 MACLIST_TABLE=filter
 MACLIST_TTL=
 SAVE_IPSETS=No
 MAPOLDACTIONS=No
 FASTACCEPT=No
 IMPLICIT_CONTINUE=No
 HIGH_ROUTE_MARKS=No
 USE_ACTIONS=Yes
 OPTIMIZE=1
 EXPORTPARAMS=No
@ -178,22 +125,20 @@ KEEP_RT_TABLES=No
 DELETE_THEN_ADD=Yes
 MULTICAST=No
 DONT_LOAD=
 AUTO_COMMENT=Yes
 MANGLE_ENABLED=Yes
 USE_DEFAULT_RT=Yes
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################
 BLACKLIST_DISPOSITION=DROP
 MACLIST_DISPOSITION=REJECT
 TCP_FLAGS_DISPOSITION=DROP
 #LAST LINE -- DO NOT REMOVE
--- a/Samples6/two-interfaces/interfaces
+++ b/Samples6/two-interfaces/interfaces
@ -16,6 +16,6 @@
 #
 ###############################################################################
 #ZONE	INTERFACE	BROADCAST	OPTIONS
-net     eth0            detect          dhcp,tcpflags,routefilter,nosmurfs,logmartians
+net     eth0            detect          tcpflags
-loc     eth1            detect          tcpflags,nosmurfs
+loc     eth1            detect          tcpflags
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/two-interfaces/masq
+++ b/Samples6/two-interfaces/masq
@ -1,19 +0,0 @@
 #
 # Shorewall version 4.0 - Sample Masq file for two-interface configuration.
 # Copyright (C) 2006 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
 # License as published by the Free Software Foundation; either
 # version 2.1 of the License, or (at your option) any later version.
 #
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall-masq"
 #
 # For additional information, see http://shorewall.net/Documentation.htm#Masq
 #
 ###############################################################################
 #INTERFACE		SOURCE		ADDRESS		PROTO	PORT(S)	IPSEC	MARK
 eth0                    eth1
 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
--- a/Samples6/two-interfaces/rules
+++ b/Samples6/two-interfaces/rules
@ -35,8 +35,8 @@ Ping/ACCEPT	loc		$FW
 Ping/DROP	net		$FW
-ACCEPT		$FW		loc		icmp
+ACCEPT		$FW		loc		ipv6-icmp
-ACCEPT		$FW		net		icmp
+ACCEPT		$FW		net		ipv6-icmp
 #
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/two-interfaces/shorewall6.conf
+++ b/Samples6/two-interfaces/shorewall6.conf
@ -1,7 +1,7 @@
 ###############################################################################
 #
-# Shorewall version 4.0 - Sample shorewall.conf for two-interface configuration.
+# Shorewall version 3.4 - Sample shorewall.conf for one-interface configuration.
-# Copyright (C) 2006,2007 by the Shorewall Team
+# Copyright (C) 2006 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@ -26,13 +26,6 @@ STARTUP_ENABLED=No
 VERBOSITY=1
 ###############################################################################
 #                              C O M P I L E R
 #      (setting this to 'perl' requires installation of Shorewall-perl)
 ###############################################################################
 SHOREWALL_COMPILER=
 ###############################################################################
 #			       L O G G I N G
 ###############################################################################
@ -55,21 +48,13 @@ LOGALLNEW=
 BLACKLIST_LOGLEVEL=
 MACLIST_LOG_LEVEL=info
 TCP_FLAGS_LOG_LEVEL=info
 RFC1918_LOG_LEVEL=info
 SMURF_LOG_LEVEL=info
 LOG_MARTIANS=Yes
 ###############################################################################
 #	L O C A T I O N	  O F	F I L E S   A N D   D I R E C T O R I E S
 ###############################################################################
-IPTABLES=
+IP6TABLES=
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
@ -79,12 +64,10 @@ SUBSYSLOCK=/var/lock/subsys/shorewall
 MODULESDIR=
-CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
+CONFIG_PATH=/usr/share/shorewall6/configfiles:/usr/share/shorewall6
 RESTOREFILE=
 IPSECFILE=zones
 LOCKFILE=
 ###############################################################################
@ -108,15 +91,7 @@ RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
 #			F I R E W A L L	  O P T I O N S
 ###############################################################################
-IP_FORWARDING=On
+TC_ENABLED=No
 ADD_IP_ALIASES=Yes
 ADD_SNAT_ALIASES=No
 RETAIN_ALIASES=No
 TC_ENABLED=Internal
 TC_EXPERT=No
@ -126,74 +101,44 @@ MARK_IN_FORWARD_CHAIN=No
 CLAMPMSS=No
 ROUTE_FILTER=No
 DETECT_DNAT_IPADDRS=No
 MUTEX_TIMEOUT=60
 ADMINISABSENTMINDED=Yes
 BLACKLISTNEWONLY=Yes
 DELAYBLACKLISTLOAD=No
 MODULE_SUFFIX=
 DISABLE_IPV6=Yes
 BRIDGING=No
 DYNAMIC_ZONES=No
 PKTTYPE=Yes
 RFC1918_STRICT=No
 MACLIST_TABLE=filter
 MACLIST_TTL=
 SAVE_IPSETS=No
 MAPOLDACTIONS=No
 FASTACCEPT=No
 IMPLICIT_CONTINUE=No
 HIGH_ROUTE_MARKS=No
 USE_ACTIONS=Yes
 OPTIMIZE=1
 EXPORTPARAMS=No
 EXPAND_POLICIES=No
 EXPAND_POLICIES=Yes
 KEEP_RT_TABLES=No
 DELETE_THEN_ADD=Yes
 MULTICAST=No
 DONT_LOAD=
 AUTO_COMMENT=Yes
 MANGLE_ENABLED=Yes
 USE_DEFAULT_RT=Yes
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################
 BLACKLIST_DISPOSITION=DROP
 MACLIST_DISPOSITION=REJECT
 TCP_FLAGS_DISPOSITION=DROP
 #LAST LINE -- DO NOT REMOVE
--- a/Samples6/two-interfaces/zones
+++ b/Samples6/two-interfaces/zones
@ -17,7 +17,7 @@
 #ZONE	TYPE	OPTIONS			IN			OUT
 #					OPTIONS			OPTIONS
 fw	firewall
-net	ipv4
+net	ipv6
-loc	ipv4
+loc	ipv6
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall-perl/Shorewall/Compiler.pm
+++ b/Shorewall-perl/Shorewall/Compiler.pm
@ -949,14 +949,17 @@ sub compiler {
    #
    # /proc stuff
    #
-    setup_arp_filtering;
+    if ( $family == F_IPV4 ) {
-    setup_route_filtering;
+	setup_arp_filtering;
-    setup_martian_logging;
+	setup_route_filtering;
 	setup_martian_logging;
    }
    setup_source_routing;
    #
    # Proxy Arp
    #
-    setup_proxy_arp;
+    setup_proxy_arp if $family == F_IPV4;
    #
    # Handle MSS setings in the zones file
    #