extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-28 02:23:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Back out Crossbeam documentaiton Changes

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2222 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-06-04 00:59:39 +00:00
parent 1d62d894ef
commit b4aea1680b
3 changed files with 26 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
Shorewall2/firewall
View File

@ -1512,14 +1512,6 @@ deleteallchains() {
run_iptables -X
}
# Create rules to accept traffic into the crossbeam backbone
#
addcrossbeamrules() {
run_iptables -A INPUT -i $CROSSBEAM_BACKBONE -j ACCEPT
run_iptables -A OUTPUT -o $CROSSBEAM_BACKBONE -j ACCEPT
run_iptables -A FORWARD -i $CROSSBEAM_BACKBONE -o $CROSSBEAM_BACKBONE -j ACCEPT
}
##
# Source a user exit file if it exists
#
@ -1805,8 +1797,6 @@ stop_firewall() {
[ -n "$DISABLE_IPV6" ] && disable_ipv6_1
if [ -z "$CROSSBEAM" ]; then
if [ -z "$ADMINISABSENTMINDED" ]; then
for chain in INPUT OUTPUT FORWARD; do
setpolicy $chain DROP
@ -1827,40 +1817,6 @@ stop_firewall() {
done
fi
else
if [ -z "$ADMINISABSENTMINDED" ]; then
for chain in INPUT OUTPUT FORWARD; do
setpolicy $chain ACCEPT
done
deleteallchains
addcrossbeamrules
for chain in INPUT OUTPUT FORWARD; do
setpolicy $chain DROP
done
else
for chain in INPUT FORWARD; do
setpolicy $chain ACCEPT
done
setpolicy OUTPUT ACCEPT
deleteallchains
addcrossbeamrules
for chain in INPUT FORWARD; do
setcontinue $chain
done
for chain in INPUT FORWARD; do
setpolicy $chain DROP
done
fi
fi
hosts=
[ -f $TMP_DIR/routestopped ] || strip_file routestopped
@ -6517,8 +6473,6 @@ initialize_netfilter () {
exists_OUTPUT=Yes
exists_FORWARD=Yes
if [ -z "$CROSSBEAM" ]; then
setpolicy INPUT DROP
setpolicy OUTPUT DROP
setpolicy FORWARD DROP
@ -6529,25 +6483,6 @@ initialize_netfilter () {
setcontinue INPUT
setcontinue OUTPUT
else
setpolicy INPUT ACCEPT
setpolicy OUTPUT ACCEPT
setpolicy FORWARD ACCEPT
deleteallchains
addcrossbeamrules
setcontinue FORWARD
setcontinue INPUT
setcontinue OUTPUT
setpolicy INPUT DROP
setpolicy OUTPUT DROP
setpolicy FORWARD DROP
fi
f=$(find_file ipsets)
if [ -f $f ]; then
@ -8119,8 +8054,6 @@ do_initialize() {
RESTOREBASE=
TMP_DIR=
CROSSBEAM=
CROSSBEAM_BACKBONE=
ALL_INTERFACES=
ROUTEMARK_INTERFACES=
ROUTEMARK=256
@ -8319,9 +8252,6 @@ do_initialize() {
DROPINVALID=$(added_param_value_yes DROPINVALID $DROPINVALID)
RFC1918_STRICT=$(added_param_value_no RFC1918_STRICT $RFC1918_STRICT)
SAVE_IPSETS=$(added_param_value_no SAVE_IPSETS $SAVE_IPSETS)
# Check if we are on a crossbeam machine
CROSSBEAM=$(added_param_value_no CROSSBEAM $CROSSBEAM)
[ -z "$CROSSBEAM_BACKBONE" ] && CROSSBEAM_BACKBONE=eth0
#
# Strip the files that we use often
#

28
Shorewall2/releasenotes.txt
View File

@ -328,31 +328,7 @@ New Features in version 2.4.0
GATEWAY The gateway that the packet is to be forewarded
through.
5) Crossbeam Support (Thanks to Juan Jesús Prieto and the folks at
eneotecnologia.com)
If Shorewall is running in a Crossbeam System
(www.crossbeamsystems.com) you need to activate this directive if
you don't want the CPM to think the system is down and send a reset
signal. Also Crossbeam has a backplane chassis that needs to be
configured in such a way that it accepts all traffic.
This change adds two new options in /etc/shorewall/shorewall.conf:
CROSSBEAM and CROSSBEAM_BACKBONE.
If CROSSBEAM=Yes, then during a Shorewall start, restart or clear
instead of setting the default policies to DROP and then activating
established connections, Shorewall will first set the default
policies to ACCEPT, activate established connections and then set
the default policies to DROP. After that, Shorewall starts
generating the rules as usual.
If CROSSBEAM=No, CROSSBEAM_BACKBONE is not used. If CROSSBEAM is set
to Yes, CROSSBEAM_BACKBONE indicates the device used by the
backbone. If not specified or if specified as empty (e.g.,
CROSSBEAM="") then CROSSBEAM=No is assumed.
6) Normally when Shorewall is stopped, starting or restarting then
5) Normally when Shorewall is stopped, starting or restarting then
connections are allowed from hosts listed in
/etc/shorewall/routestopped to the firewall and to other hosts
listed in /etc/shorewall/routestopped.
@ -367,7 +343,7 @@ New Features in version 2.4.0
host. When 'source' is specified in an entry, it is unnecessary to
also specify 'routeback'.
7) This change was implemented by Lorenzo Martignoni. It provides two
6) This change was implemented by Lorenzo Martignoni. It provides two
new commands: "safe-start" and "safe-restart".
safe-start starts Shorewall then prompts you to ask you if

28
Shorewall2/shorewall.conf
View File

@ -816,34 +816,6 @@ MACLIST_TTL=
SAVE_IPSETS=No
#
# CROSSBEAM SUPPORT
#
# If Shorewall is running in a Crossbeam System (www.crossbeamsystems.com)
# you need to activate this directive if you don't want the CPM to think
# the system is down and send a reset signal during firewall restarts. Also
# Crossbeam has a backplane chassis that needs to be configured in such a
# way that accepts all traffic.
#
# If CROSSBEAM=Yes, then during a Shorewall start, restart or clear instead
# of setting the default policies to DROP and then activating established
# connections, Shorewall will first set the default policies to ACCEPT,
# activate established connections and then set the default policies to
# DROP. After that, Shorewall starts generating the rules as usual.
#
# If CROSSBEAM=No, CROSSBEAM_BACKBONE is not used. If CROSSBEAM is set to
# Yes, CROSSBEAM_BACKBONE will indicate the device used by the backbone.
#
# If not specified or if specified as empty (e.g., CROSSBEAM="") then
# CROSSBEAM=No is assumed.
#
# FIXME: This needs to be replaced by better generalised routestopped
# support.
#
CROSSBEAM=No
CROSSBEAM_BACKBONE=eth0
################################################################################
# P A C K E T D I S P O S I T I O N
################################################################################