changed to LEAF (leaf.sourceforge.net) standard

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1339 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-01-15 10:08:43 +01:00 · 2004-05-18 16:47:39 +00:00 · 2004-05-18 16:47:39 +00:00 · 82c91230da
commit 82c91230da
parent e80a35c5f7
6 changed files with 40 additions and 12 deletions
--- a/Lrp2/etc/shorewall/interfaces
+++ b/Lrp2/etc/shorewall/interfaces
@ -190,5 +190,6 @@
 #			net	ppp0	-
 ##############################################################################
 #ZONE	 INTERFACE	BROADCAST	OPTIONS
-#
+net     eth0            detect          dhcp,routefilter,norfc1918
+loc     eth1            detect
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Lrp2/etc/shorewall/masq
+++ b/Lrp2/etc/shorewall/masq
@ -130,4 +130,5 @@
 #
 ###############################################################################
 #INTERFACE	        SUBNET		ADDRESS		PROTO	PORT(S)
+eth0                    eth1
 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
--- a/Lrp2/etc/shorewall/policy
+++ b/Lrp2/etc/shorewall/policy
@ -77,9 +77,13 @@
 #SOURCE		DEST		POLICY		LOG		LIMIT:BURST
 #						LEVEL
 loc		net		ACCEPT
-net		all		DROP		info
+net		all		DROP		ULOG
+# If you want open access to the Internet from your Firewall
+# remove the comment from the following line.
+#fw             net             ACCEPT
+
 #
 # THE FOLLOWING POLICY MUST BE LAST
 #	
-all		all		REJECT		info 
+all		all		REJECT		ULOG
 #LAST LINE -- DO NOT REMOVE
--- a/Lrp2/etc/shorewall/rules
+++ b/Lrp2/etc/shorewall/rules
@ -302,4 +302,25 @@
 ####################################################################################################
 #ACTION  SOURCE		DEST      	PROTO	DEST    SOURCE	   ORIGINAL	RATE		USER/
 #                       	        	PORT    PORT(S)    DEST		LIMIT		GROUP
+#                                               PORT    PORT(S)    DEST         LIMIT
+#      Accept DNS connections from the firewall to the network
+#
+ACCEPT          fw              net             tcp     53
+ACCEPT          fw              net             udp     53
+#       Accept SSH connections from the local network for administration
+#
+ACCEPT          loc             fw              tcp     22
+#       Allow Ping To And From Firewall
+#
+ACCEPT          loc             fw              icmp    8
+ACCEPT          net             fw              icmp    8
+ACCEPT          fw              loc             icmp    8
+ACCEPT          fw              net             icmp    8
+#
+# Bering specific rules:
+# allow loc to fw udp/53 for dnscache to work
+# allow loc to fw tcp/80 for weblet to work
+#
+ACCEPT          loc       fw            udp     53
+ACCEPT          loc       fw            tcp     80
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Lrp2/etc/shorewall/shorewall.conf
+++ b/Lrp2/etc/shorewall/shorewall.conf
@ -52,7 +52,7 @@
 #
 #              http://www.shorewall.net/shorewall_logging.html

-LOGFILE=/var/log/messages
+LOGFILE=/var/log/shorewall.log

 #
 # LOG FORMAT
@ -136,7 +136,7 @@ BLACKLIST_LOGLEVEL=
 # Example: LOGNEWNOTSYN=debug


-LOGNEWNOTSYN=info
+LOGNEWNOTSYN=ULOG

 #
 # MAC List Log Level
@ -148,7 +148,7 @@ LOGNEWNOTSYN=info
 # See the comment at the top of this section for a description of log levels
 #

-MACLIST_LOG_LEVEL=info
+MACLIST_LOG_LEVEL=ULOG

 #
 # TCP FLAGS Log Level
@ -160,7 +160,7 @@ MACLIST_LOG_LEVEL=info
 # See the comment at the top of this section for a description of log levels
 #

-TCP_FLAGS_LOG_LEVEL=info
+TCP_FLAGS_LOG_LEVEL=ULOG

 #
 # RFC1918 Log Level
@ -172,7 +172,7 @@ TCP_FLAGS_LOG_LEVEL=info
 # See the comment at the top of this section for a description of log levels
 #

-RFC1918_LOG_LEVEL=info
+RFC1918_LOG_LEVEL=ULOG

 #
 # SMURF Log Level
@ -186,7 +186,7 @@ RFC1918_LOG_LEVEL=info
 # See the comment at the top of this section for a description of log levels
 #

-SMURF_LOG_LEVEL=info
+SMURF_LOG_LEVEL=ULOG

 #
 # BOGON Log Level
@ -200,7 +200,7 @@ SMURF_LOG_LEVEL=info
 # See the comment at the top of this section for a description of log levels
 #

-BOGON_LOG_LEVEL=info
+BOGON_LOG_LEVEL=ULOG
 ################################################################################
 #       L O C A T I O N   O F   F I L E S   A N D   D I R E C T O R I E S
 ################################################################################
@ -564,8 +564,9 @@ MODULE_SUFFIX=
 # exploited by users who do. Setting DISABLE_IPV6=Yes will cause
 # Shorewall to disable IPV6 traffic to/from and through your 
 # firewall system. This requires that you have ip6tables installed.
+# Should be set to "No" for LEAF/LRP

-DISABLE_IPV6=Yes
+DISABLE_IPV6=No

 #
 # BRIDGING
--- a/Lrp2/etc/shorewall/zones
+++ b/Lrp2/etc/shorewall/zones
@ -15,5 +15,5 @@
 #ZONE	DISPLAY		COMMENTS
 net	Net		Internet
 loc	Local		Local networks
-dmz	DMZ		Demilitarized zone
+#dmz	DMZ		Demilitarized zone
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE