mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 22:30:58 +01:00
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
This commit is contained in:
commit
b5ee52e8de
@ -529,14 +529,12 @@ EOF
|
||||
emit( ' run_refreshed_exit',
|
||||
' do_iptables -N shorewall' );
|
||||
|
||||
emit ( ' do_iptables -A shorewall -m recent --set --name %CURRENTTIME' ) if have_capability 'RECENT_MATCH';
|
||||
emit( ' do_iptables -A shorewall -m recent --set --name %CURRENTTIME' ) if have_capability 'RECENT_MATCH';
|
||||
|
||||
emit(
|
||||
" set_state Started $config_dir",
|
||||
' [ $0 = ${VARDIR}/firewall ] || cp -f $(my_pathname) ${VARDIR}/firewall',
|
||||
'else',
|
||||
' setup_netfilter'
|
||||
);
|
||||
emit( " set_state Started $config_dir",
|
||||
' [ $0 = ${VARDIR}/firewall ] || cp -f $(my_pathname) ${VARDIR}/firewall',
|
||||
'else',
|
||||
' setup_netfilter' );
|
||||
|
||||
push_indent;
|
||||
emit 'setup_arptables' if $have_arptables;
|
||||
@ -604,12 +602,12 @@ sub compiler {
|
||||
sub validate_boolean( $ ) {
|
||||
my $val = numeric_value( shift );
|
||||
defined($val) && ($val >= 0) && ($val < 2);
|
||||
}
|
||||
}
|
||||
|
||||
sub validate_verbosity( $ ) {
|
||||
my $val = numeric_value( shift );
|
||||
defined($val) && ($val >= MIN_VERBOSITY) && ($val <= MAX_VERBOSITY);
|
||||
}
|
||||
}
|
||||
|
||||
sub validate_family( $ ) {
|
||||
my $val = numeric_value( shift );
|
||||
@ -852,7 +850,7 @@ sub compiler {
|
||||
#
|
||||
setup_tunnels;
|
||||
#
|
||||
# Clear the current filename
|
||||
# Clear the current filename so that the last one processed doesn't appear in error and warning messages
|
||||
#
|
||||
clear_currentfilename;
|
||||
#
|
||||
|
@ -67,6 +67,12 @@
|
||||
<listitem>
|
||||
<para><ulink url="Universal.html">Universal</ulink> configuration --
|
||||
requires no configuration to protect a single system.</para>
|
||||
|
||||
<caution>
|
||||
<para>This configuration places all interfaces in the net zone. If you
|
||||
add another interface or VPN, you will want to select a different
|
||||
QuickStart Guide.</para>
|
||||
</caution>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
@ -182,7 +188,7 @@
|
||||
url="configuration_file_basics.htm#Ranges">Port
|
||||
Ranges</ulink></entry>
|
||||
|
||||
<entry></entry>
|
||||
<entry/>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
|
@ -16,7 +16,7 @@
|
||||
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2003-2014</year>
|
||||
<year>2003-2015</year>
|
||||
|
||||
<holder>Thomas M. Eastep</holder>
|
||||
</copyright>
|
||||
@ -145,18 +145,8 @@
|
||||
setups, you will only need to deal with a few of them.</para>
|
||||
|
||||
<para>Shorewall views the network where it is running as being composed of
|
||||
a set of <firstterm>zones</firstterm>. In the <ulink
|
||||
url="three-interface.htm">three-interface sample configuration</ulink> for
|
||||
example, the following zone names are used:</para>
|
||||
|
||||
<programlisting>#NAME DESCRIPTION
|
||||
fw The firewall itself
|
||||
net The Internet
|
||||
loc Your Local Network
|
||||
dmz Demilitarized Zone</programlisting>
|
||||
|
||||
<para>Zones are declared and given a type in the <ulink
|
||||
url="manpages/shorewall-zones.html"><filename
|
||||
a set of <firstterm>zones</firstterm>. Zones are declared and given a type
|
||||
in the <ulink url="manpages/shorewall-zones.html"><filename
|
||||
class="directory">/etc/shorewall/</filename><filename>zones</filename></ulink>
|
||||
file.Here is the <ulink url="manpages/shorewall-zones.html"><filename
|
||||
class="directory">/etc/shorewall/</filename><filename>zones</filename></ulink>
|
||||
@ -433,8 +423,8 @@ ACCEPT net $FW tcp 22</programlisting>
|
||||
<listitem>
|
||||
<para><emphasis role="bold">Shorewall-init</emphasis>. May be
|
||||
installed with any of the other firewall packages. Allows the firewall
|
||||
to be close prior to bringing up network interfaces. It can also react
|
||||
to interface up/down events.</para>
|
||||
to be closed prior to bringing up network interfaces. It can also
|
||||
react to interface up/down events.</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
</section>
|
||||
|
@ -22,6 +22,8 @@
|
||||
|
||||
<year>2009</year>
|
||||
|
||||
<year>2015</year>
|
||||
|
||||
<holder>Thomas M. Eastep</holder>
|
||||
</copyright>
|
||||
|
||||
@ -97,11 +99,12 @@
|
||||
<section id="Install">
|
||||
<title>Shorewall 4.4</title>
|
||||
|
||||
<para>Shorewall 4.4 discontinues the availability of the legacy
|
||||
<para>Shorewall 4.4 discontinued the availability of the legacy
|
||||
shell-based compiler. All users must migrate to the perl-based compiler
|
||||
before or during an upgrade to Shorewall version 4.4. We highly recommend
|
||||
that current users of the shell-based compiler migrate before upgrading to
|
||||
4.4 so that both compilers are available during the migration.</para>
|
||||
before or during an upgrade to Shorewall version 4.4 or later. We highly
|
||||
recommend that current users of the shell-based compiler migrate before
|
||||
upgrading to 4.4 or later so that both compilers are available during the
|
||||
migration.</para>
|
||||
|
||||
<para>Shorewall 4.4 contains five packages:</para>
|
||||
|
||||
@ -161,11 +164,12 @@
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>Perl (I use Perl 5.8.10 but other 5.8 versions should work
|
||||
fine). <note>
|
||||
<para>Perl (I use Perl 5.14.2 but other 5.8 or later versions should
|
||||
work fine). <note>
|
||||
<para>If you want to be able to use DNS names in your Shorewall6
|
||||
configuration files, then Perl 5.10 is required together with the
|
||||
Perl <emphasis role="bold">Socket6</emphasis> module.</para>
|
||||
configuration files, then Perl 5.10 or later is required together
|
||||
with the Perl <emphasis role="bold">Socket6</emphasis>
|
||||
module.</para>
|
||||
</note></para>
|
||||
</listitem>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user