From 8b3e0ce5f2a2d655fa2bb8746960b92442dbed1e Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 11 Apr 2005 21:39:04 +0000 Subject: [PATCH] Remove netmap from /etc git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2047 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Lrp2/etc/netmap | 38 ------------------------------- Lrp2/etc/shorewall/interfaces | 2 ++ Lrp2/etc/shorewall/rules | 10 ++++++-- Lrp2/etc/shorewall/shorewall.conf | 17 ++++++++++---- 4 files changed, 22 insertions(+), 45 deletions(-) delete mode 100644 Lrp2/etc/netmap diff --git a/Lrp2/etc/netmap b/Lrp2/etc/netmap deleted file mode 100644 index 8faac6fc1..000000000 --- a/Lrp2/etc/netmap +++ /dev/null @@ -1,38 +0,0 @@ -############################################################################## -# -# Shorewall 2.2 -- Network Mapping Table -# -# /etc/shorewall/netmap -# -# This file is used to map addresses in one network to corresponding -# addresses in a second network. -# -# WARNING: To use this file, your kernel and iptables must have -# NETMAP support included. -# -# Columns must be separated by white space and are: -# -# TYPE Must be DNAT or SNAT. -# -# If DNAT, traffic entering INTERFACE and addressed to -# NET1 has it's destination address rewritten to the -# corresponding address in NET2. -# -# If SNAT, traffic leaving INTERFACE with a source -# address in NET1 has it's source address rewritten to -# the corresponding address in NET2. -# -# NET1 Network in CIDR format (e.g., 192.168.1.0/24) -# -# INTERFACE The name of a network interface. The interface must -# be defined in /etc/shorewall/interfaces. -# -# NET2 Network in CIDR format -# -# See http://shorewall.net/netmap.html for an example and usage -# information. -# -############################################################################## -#TYPE NET1 INTERFACE NET2 -# -#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE diff --git a/Lrp2/etc/shorewall/interfaces b/Lrp2/etc/shorewall/interfaces index f2e62605d..74080d3c3 100644 --- a/Lrp2/etc/shorewall/interfaces +++ b/Lrp2/etc/shorewall/interfaces @@ -167,6 +167,8 @@ # detectnets - Automatically taylors the zone named # in the ZONE column to include only those # hosts routed through the interface. +# upnp - Incoming requests from this interface may +# be remapped via UPNP (upnpd). # # WARNING: DO NOT SET THE detectnets OPTION ON YOUR # INTERNET INTERFACE. diff --git a/Lrp2/etc/shorewall/rules b/Lrp2/etc/shorewall/rules index 7d4b29efc..d2ac03837 100644 --- a/Lrp2/etc/shorewall/rules +++ b/Lrp2/etc/shorewall/rules @@ -188,14 +188,20 @@ # contain the port number on the firewall that the # request should be redirected to. # -# PROTO Protocol - Must be "tcp", "udp", "icmp", a number, or -# "all". +# PROTO Protocol - Must be "tcp", "udp", "icmp", "ipp2p", +# a number, or "all". "ipp2p" requires ipp2p match +# support in your kernel and iptables. # # DEST PORT(S) Destination Ports. A comma-separated list of Port # names (from /etc/services), port numbers or port # ranges; if the protocol is "icmp", this column is # interpreted as the destination icmp-type(s). # +# If the protocol is ipp2p, this column is interpreted +# as an ipp2p option without the leading "--" (example "bit" +# for bit-torrent). If no port is given, "ipp2p" is +# assumed. +# # A port range is expressed as :. # # This column is ignored if PROTOCOL = all but must be diff --git a/Lrp2/etc/shorewall/shorewall.conf b/Lrp2/etc/shorewall/shorewall.conf index a1e6ccde2..1424f33cd 100755 --- a/Lrp2/etc/shorewall/shorewall.conf +++ b/Lrp2/etc/shorewall/shorewall.conf @@ -1,5 +1,5 @@ ############################################################################## -# /shorewall/shorewall.conf V2.2 - Change the following variables to +# /etc/shorewall/shorewall.conf V2.2 - Change the following variables to # match your setup # # This program is under GPL [http://www.gnu.org/copyleft/gpl.htm] @@ -23,6 +23,11 @@ STARTUP_ENABLED=No # to syslog (8) the importance of a message and a number of parameters # in this file have log levels as their value. # +# These levels are defined by syslog and are used to determine the destination +# of the messages through entries in /etc/syslog.conf (5). The syslog +# documentation refers to these as "priorities"; Netfilter calls them "levels" +# and Shorewall also uses that term. +# # Valid levels are: # # 7 debug @@ -44,8 +49,10 @@ STARTUP_ENABLED=No # specify a log level of ULOG (must be all caps). Rather than log its # messages to syslogd, Shorewall will direct netfilter to log the messages # via the ULOG target which will send them to a process called 'ulogd'. -# ulogd is available from http://www.gnumonks.org/projects/ulogd and can be -# configured to log all Shorewall message to their own log file +# ulogd is available with most Linux distributions (although it probably isn't +# installed by default). Ulogd is also available from +# http://www.gnumonks.org/projects/ulogd and can be configured to log all +# Shorewall message to their own log file ################################################################################ # # LOG FILE LOCATION @@ -544,7 +551,7 @@ MUTEX_TIMEOUT=60 # A packet is said to be NEW if it is not part of or related to an already # established connection. # -# The NETNOTSYN option determines the handling of non-SYN packets (those with +# The NEWNOTSYN option determines the handling of non-SYN packets (those with # SYN off or with ACK or RST on) that are not associated with an already # established connection. # @@ -692,7 +699,7 @@ DYNAMIC_ZONES=No # USE PKTTYPE MATCH # # Some users have reported problems with the PKTTYPE match extension not being -# able to patch certail broadcast packets. If you set PKTTYPE=No then Shorewall +# able to match certain broadcast packets. If you set PKTTYPE=No then Shorewall # will use IP addresses to detect broadcasts rather than pkttype. If not given # or if given as empty (PKTTYPE="") then PKTTYPE=Yes is assumed.