diff --git a/Shorewall/Samples/Universal/params b/Shorewall/Samples/Universal/params new file mode 100644 index 000000000..a9fa8f7a9 --- /dev/null +++ b/Shorewall/Samples/Universal/params @@ -0,0 +1,15 @@ +# +# Shorewall - Sample Params File for universal configuration. +# Copyright (C) 2006-2014 by the Shorewall Team +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# See the file README.txt for further details. +#------------------------------------------------------------------------------------------------------------ +# For information on entries in this file, type "man shorewall-params" +###################################################################################################################################################################################################### + +LOG=info # Change this to change the way in which packets are logged. diff --git a/Shorewall/Samples/Universal/shorewall.conf b/Shorewall/Samples/Universal/shorewall.conf index 49504a8bb..c001c8473 100644 --- a/Shorewall/Samples/Universal/shorewall.conf +++ b/Shorewall/Samples/Universal/shorewall.conf @@ -108,11 +108,11 @@ TC= ############################################################################### ACCEPT_DEFAULT="none" -BLACKLIST_DEFAULT="Drop" -DROP_DEFAULT="Drop" +BLACKLIST_DEFAULT="dropBcast,dropInvalid:$LOG,dropNotSyn:$LOG" +DROP_DEFAULT="dropBcast,dropInvalid:$LOG,dropNotSyn:$LOG" NFQUEUE_DEFAULT="none" QUEUE_DEFAULT="none" -REJECT_DEFAULT="Reject" +REJECT_DEFAULT="dropBcast,dropInvalid:$LOG" ############################################################################### # R S H / R C P C O M M A N D S diff --git a/Shorewall/Samples/one-interface/params b/Shorewall/Samples/one-interface/params new file mode 100644 index 000000000..3ce1cab01 --- /dev/null +++ b/Shorewall/Samples/one-interface/params @@ -0,0 +1,15 @@ +# +# Shorewall - Sample Params File for one-interface configuration. +# Copyright (C) 2006-2014 by the Shorewall Team +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# See the file README.txt for further details. +#------------------------------------------------------------------------------------------------------------ +# For information on entries in this file, type "man shorewall-params" +###################################################################################################################################################################################################### + +LOG=info # Change this to change the way in which packets are logged. diff --git a/Shorewall/Samples/one-interface/shorewall.conf b/Shorewall/Samples/one-interface/shorewall.conf index 1379b6aca..f6a37d81c 100644 --- a/Shorewall/Samples/one-interface/shorewall.conf +++ b/Shorewall/Samples/one-interface/shorewall.conf @@ -64,19 +64,19 @@ LOGTAGONLY=No LOGLIMIT="s:1/sec:10" -MACLIST_LOG_LEVEL=info +MACLIST_LOG_LEVEL="$LOG" RELATED_LOG_LEVEL= -RPFILTER_LOG_LEVEL=info +RPFILTER_LOG_LEVEL="$LOG" -SFILTER_LOG_LEVEL=info +SFILTER_LOG_LEVEL="$LOG" -SMURF_LOG_LEVEL=info +SMURF_LOG_LEVEL="$LOG" STARTUP_LOG=/var/log/shorewall-init.log -TCP_FLAGS_LOG_LEVEL=info +TCP_FLAGS_LOG_LEVEL="$LOG" UNTRACKED_LOG_LEVEL= @@ -100,7 +100,6 @@ LOCKFILE= MODULESDIR= -NFACCT= PERL=/usr/bin/perl @@ -119,11 +118,11 @@ TC= ############################################################################### ACCEPT_DEFAULT="none" -BLACKLIST_DEFAULT="Drop" -DROP_DEFAULT="Drop" +BLACKLIST_DEFAULT="dropBcast,dropInvalid:$LOG,dropNotSyn:$LOG" +DROP_DEFAULT="dropBcast,dropInvalid:$LOG,dropNotSyn:$LOG" NFQUEUE_DEFAULT="none" QUEUE_DEFAULT="none" -REJECT_DEFAULT="Reject" +REJECT_DEFAULT="dropBcast,dropInvalid:$LOG" ############################################################################### # R S H / R C P C O M M A N D S diff --git a/Shorewall/Samples/three-interfaces/params b/Shorewall/Samples/three-interfaces/params new file mode 100644 index 000000000..442a2fd82 --- /dev/null +++ b/Shorewall/Samples/three-interfaces/params @@ -0,0 +1,15 @@ +# +# Shorewall - Sample Params File for three-interface configuration. +# Copyright (C) 2006-2014 by the Shorewall Team +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# See the file README.txt for further details. +#------------------------------------------------------------------------------------------------------------ +# For information on entries in this file, type "man shorewall-params" +###################################################################################################################################################################################################### + +LOG=info # Change this to change the way in which packets are logged. diff --git a/Shorewall/Samples/three-interfaces/shorewall.conf b/Shorewall/Samples/three-interfaces/shorewall.conf index e7a0b769a..1a594ade1 100644 --- a/Shorewall/Samples/three-interfaces/shorewall.conf +++ b/Shorewall/Samples/three-interfaces/shorewall.conf @@ -116,11 +116,11 @@ TC= ############################################################################### ACCEPT_DEFAULT="none" -BLACKLIST_DEFAULT="Drop" -DROP_DEFAULT="Drop" +BLACKLIST_DEFAULT="dropBcast,dropInvalid:$LOG,dropNotSyn:$LOG" +DROP_DEFAULT="dropBcast,dropInvalid:$LOG,dropNotSyn:$LOG" NFQUEUE_DEFAULT="none" QUEUE_DEFAULT="none" -REJECT_DEFAULT="Reject" +REJECT_DEFAULT="dropBcast,dropInvalid:$LOG" ############################################################################### # R S H / R C P C O M M A N D S diff --git a/Shorewall/Samples/two-interfaces/params b/Shorewall/Samples/two-interfaces/params new file mode 100644 index 000000000..77c73ad9f --- /dev/null +++ b/Shorewall/Samples/two-interfaces/params @@ -0,0 +1,15 @@ +# +# Shorewall - Sample Params File for two-interface configuration. +# Copyright (C) 2006-2014 by the Shorewall Team +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# See the file README.txt for further details. +#------------------------------------------------------------------------------------------------------------ +# For information on entries in this file, type "man shorewall-params" +###################################################################################################################################################################################################### + +LOG=info # Change this to change the way in which packets are logged. diff --git a/Shorewall/Samples/two-interfaces/shorewall.conf b/Shorewall/Samples/two-interfaces/shorewall.conf index 183c29ee6..e1a9ee408 100644 --- a/Shorewall/Samples/two-interfaces/shorewall.conf +++ b/Shorewall/Samples/two-interfaces/shorewall.conf @@ -119,11 +119,11 @@ TC= ############################################################################### ACCEPT_DEFAULT="none" -BLACKLIST_DEFAULT="Drop" -DROP_DEFAULT="Drop" +BLACKLIST_DEFAULT="dropBcast,dropInvalid:$LOG,dropNotSyn:$LOG" +DROP_DEFAULT="dropBcast,dropInvalid:$LOG,dropNotSyn:$LOG" NFQUEUE_DEFAULT="none" QUEUE_DEFAULT="none" -REJECT_DEFAULT="Reject" +REJECT_DEFAULT="dropBcast,dropInvalid:$LOG" ############################################################################### # R S H / R C P C O M M A N D S diff --git a/Shorewall/configfiles/params b/Shorewall/configfiles/params index 0c50d5810..ba3a76f9e 100644 --- a/Shorewall/configfiles/params +++ b/Shorewall/configfiles/params @@ -22,3 +22,4 @@ # net eth0 130.252.100.255 routefilter,norfc1918 # ############################################################################### +LOG=info # Default Log Level diff --git a/Shorewall/configfiles/shorewall.conf b/Shorewall/configfiles/shorewall.conf index 39a162234..12561acbf 100644 --- a/Shorewall/configfiles/shorewall.conf +++ b/Shorewall/configfiles/shorewall.conf @@ -2,7 +2,7 @@ # # Shorewall Version 5 -- /etc/shorewall/shorewall.conf # -# For information about the settings in this file, type "man shorewall.conf" +# For $LOGrmation about the settings in this file, type "man shorewall.conf" # # Manpage also online at http://www.shorewall.net/manpages/shorewall.conf.html ############################################################################### @@ -53,19 +53,19 @@ LOGTAGONLY=No LOGLIMIT="s:1/sec:10" -MACLIST_LOG_LEVEL=info +MACLIST_LOG_LEVEL=$LOG RELATED_LOG_LEVEL= -RPFILTER_LOG_LEVEL=info +RPFILTER_LOG_LEVEL=$LOG -SFILTER_LOG_LEVEL=info +SFILTER_LOG_LEVEL=$LOG -SMURF_LOG_LEVEL=info +SMURF_LOG_LEVEL=$LOG STARTUP_LOG=/var/log/shorewall-init.log -TCP_FLAGS_LOG_LEVEL=info +TCP_FLAGS_LOG_LEVEL=$LOG UNTRACKED_LOG_LEVEL= @@ -108,11 +108,11 @@ TC= ############################################################################### ACCEPT_DEFAULT=none -BLACKLIST_DEFAULT=Drop -DROP_DEFAULT=Drop +BLACKLIST_DEFAULT=dropBcasts,dropNotSyn:$LOG,dropInvalid:$LOG +DROP_DEFAULT=dropBcasts,dropNotSyn:$LOG,dropInvalid:$LOG NFQUEUE_DEFAULT=none QUEUE_DEFAULT=none -REJECT_DEFAULT=Reject +REJECT_DEFAULT=dropBcasts,dropInvalid:$LOG ############################################################################### # R S H / R C P C O M M A N D S