extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-19 17:28:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update man pages and sample files

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-12-05 17:45:09 -08:00
parent 439af55312
commit d4957696d1
14 changed files with 108 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Samples/Universal/shorewall.conf
View File

@ -39,6 +39,8 @@ LOGLIMIT=
MACLIST_LOG_LEVEL=info MACLIST_LOG_LEVEL=info
RELATED_LOG_LEVEL=
SFILTER_LOG_LEVEL=info SFILTER_LOG_LEVEL=info
SMURF_LOG_LEVEL=info SMURF_LOG_LEVEL=info
@ -196,6 +198,8 @@ BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
SMURF_DISPOSITION=DROP SMURF_DISPOSITION=DROP
SFILTER_DISPOSITION=DROP SFILTER_DISPOSITION=DROP

4
Samples/one-interface/shorewall.conf
View File

@ -50,6 +50,8 @@ LOGLIMIT=
MACLIST_LOG_LEVEL=info MACLIST_LOG_LEVEL=info
RELATED_LOG_LEVEL=
SFILTER_LOG_LEVEL=info SFILTER_LOG_LEVEL=info
SMURF_LOG_LEVEL=info SMURF_LOG_LEVEL=info
@ -207,6 +209,8 @@ BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
SMURF_DISPOSITION=DROP SMURF_DISPOSITION=DROP
SFILTER_DISPOSITION=DROP SFILTER_DISPOSITION=DROP

4
Samples/three-interfaces/shorewall.conf
View File

@ -48,6 +48,8 @@ LOGLIMIT=
MACLIST_LOG_LEVEL=info MACLIST_LOG_LEVEL=info
RELATED_LOG_LEVEL=
SFILTER_LOG_LEVEL=info SFILTER_LOG_LEVEL=info
SMURF_LOG_LEVEL=info SMURF_LOG_LEVEL=info
@ -205,6 +207,8 @@ BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
SMURF_DISPOSITION=DROP SMURF_DISPOSITION=DROP
SFILTER_DISPOSITION=DROP SFILTER_DISPOSITION=DROP

4
Samples/two-interfaces/shorewall.conf
View File

@ -51,6 +51,8 @@ LOGLIMIT=
MACLIST_LOG_LEVEL=info MACLIST_LOG_LEVEL=info
RELATED_LOG_LEVEL=
SFILTER_LOG_LEVEL=info SFILTER_LOG_LEVEL=info
SMURF_LOG_LEVEL=info SMURF_LOG_LEVEL=info
@ -208,6 +210,8 @@ BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
SMURF_DISPOSITION=DROP SMURF_DISPOSITION=DROP
SFILTER_DISPOSITION=DROP SFILTER_DISPOSITION=DROP

6
Samples6/Universal/shorewall6.conf
View File

@ -38,6 +38,8 @@ LOGTAGONLY=No
MACLIST_LOG_LEVEL=info MACLIST_LOG_LEVEL=info
RELATED_LOG_LEVEL=
SFILTER_LOG_LEVEL=info SFILTER_LOG_LEVEL=info
SMURF_LOG_LEVEL=info SMURF_LOG_LEVEL=info
@ -171,7 +173,9 @@ ZONE2ZONE=2
BLACKLIST_DISPOSITION=DROP BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECTTTT MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
SFILTER_DISPOSITION=DROP SFILTER_DISPOSITION=DROP

4
Samples6/one-interface/shorewall6.conf
View File

@ -38,6 +38,8 @@ LOGTAGONLY=No
MACLIST_LOG_LEVEL=info MACLIST_LOG_LEVEL=info
RELATED_LOG_LEVEL=
SFILTER_LOG_LEVEL=info SFILTER_LOG_LEVEL=info
SMURF_LOG_LEVEL=info SMURF_LOG_LEVEL=info
@ -173,6 +175,8 @@ BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
SFILTER_DISPOSITION=DROP SFILTER_DISPOSITION=DROP
SMURF_DISPOSITION=DROP SMURF_DISPOSITION=DROP

4
Samples6/three-interfaces/shorewall6.conf
View File

@ -38,6 +38,8 @@ LOGTAGONLY=No
MACLIST_LOG_LEVEL=info MACLIST_LOG_LEVEL=info
RELATED_LOG_LEVEL=
SFILTER_LOG_LEVEL=info SFILTER_LOG_LEVEL=info
SMURF_LOG_LEVEL=info SMURF_LOG_LEVEL=info
@ -173,6 +175,8 @@ BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
SFILTER_DISPOSITION=DROP SFILTER_DISPOSITION=DROP
SMURF_DISPOSITION=DROP SMURF_DISPOSITION=DROP

4
Samples6/two-interfaces/shorewall6.conf
View File

@ -38,6 +38,8 @@ LOGTAGONLY=No
MACLIST_LOG_LEVEL=info MACLIST_LOG_LEVEL=info
RELATED_LOG_LEVEL=
SFILTER_LOG_LEVEL=info SFILTER_LOG_LEVEL=info
SMURF_LOG_LEVEL=info SMURF_LOG_LEVEL=info
@ -173,6 +175,8 @@ BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
SFILTER_DISPOSITION=DROP SFILTER_DISPOSITION=DROP
SMURF_DISPOSITION=DROP SMURF_DISPOSITION=DROP

2
Shorewall/Perl/Shorewall/Raw.pm
View File

@ -127,7 +127,7 @@ sub setup_notrack() {
my $nonEmpty = 0; my $nonEmpty = 0;
while ( read_a_line ) { while ( read_a_line ) {
my ( $action, $source, $dest, $proto, $ports, $sports, $user ); my ( $source, $dest, $proto, $ports, $sports, $user );
if ( $format == 1 ) { if ( $format == 1 ) {
( $source, $dest, $proto, $ports, $sports, $user ) = split_line1 'Notrack File', { source => 0, dest => 1, proto => 2, dport => 3, sport => 4, user => 5 }; ( $source, $dest, $proto, $ports, $sports, $user ) = split_line1 'Notrack File', { source => 0, dest => 1, proto => 2, dport => 3, sport => 4, user => 5 };

4
Shorewall6/configfiles/shorewall6.conf
View File

@ -38,6 +38,8 @@ LOGTAGONLY=No
MACLIST_LOG_LEVEL=info MACLIST_LOG_LEVEL=info
RELATED_LOG_LEVEL=
SFILTER_LOG_LEVEL=info SFILTER_LOG_LEVEL=info
SMURF_LOG_LEVEL=info SMURF_LOG_LEVEL=info
@ -173,6 +175,8 @@ BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
SFILTER_DISPOSITION=DROP SFILTER_DISPOSITION=DROP
SMURF_DISPOSITION=DROP SMURF_DISPOSITION=DROP

5
manpages/shorewall-rules.xml
View File

@ -131,6 +131,11 @@
url="shorewall.conf.html">shorewall.conf</ulink>(5) then the <emphasis url="shorewall.conf.html">shorewall.conf</ulink>(5) then the <emphasis
role="bold">BLACKLIST, ALL, ESTABLISHED</emphasis> and <emphasis role="bold">BLACKLIST, ALL, ESTABLISHED</emphasis> and <emphasis
role="bold">RELATED</emphasis> sections must be empty.</para> role="bold">RELATED</emphasis> sections must be empty.</para>
<para>An except is made if you are running Shorewall 4.4.27 or later and
you have specified a non-defualt value for RELATED_DISPOSITION or
RELATED_LOG_LEVEL. In that case, you may have rules in the RELATED
section of this file.</para>
</warning> </warning>
<para>You may omit any section that you don't need. If no Section Headers <para>You may omit any section that you don't need. If no Section Headers

30
manpages/shorewall.conf.xml
View File

@ -1689,6 +1689,36 @@ net all DROP info</programlisting>then the chain name is 'net2all'
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis
role="bold">RELATED_DISPOSITION=[ACCEPT|A_ACCEPT|A_DROP|A_REJECT|DROP|REJECT]</emphasis></term>
<listitem>
<para>Added in Shorewall 4.4.27. Shorewall has traditionally
ACCEPTed RELATED packets that don't match any rule in the RELATED
section of <ulink
url="manpages/shorewall-rules.html">shorewall-rules</ulink> (5).
Concern about the safety of this practice resulted in the addition
of this option. When a packet in RELATED state fails to match any
rule in the RELATED section, the packet is disposed of based on this
setting. The default value is ACCEPT for compatibility with earlier
versions.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis
role="bold">RELATED_LOG_LEVEL=</emphasis><emphasis>log-level</emphasis></term>
<listitem>
<para>Added in Shorewall 4.4.27. Packets in the related state that
do not match any rule in the RELATED section of <ulink
url="manpages/shorewall-rules.html">shorewall-rules</ulink> (5) are
logged at this level. The default value is empty which means no
logging is performed. </para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">REQUIRE_INTERFACE=</emphasis>[<emphasis <term><emphasis role="bold">REQUIRE_INTERFACE=</emphasis>[<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term> role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>

5
manpages6/shorewall6-rules.xml
View File

@ -123,6 +123,11 @@
url="shorewall6.conf.html">shorewall6.conf</ulink>(5) then the <emphasis url="shorewall6.conf.html">shorewall6.conf</ulink>(5) then the <emphasis
role="bold">ESTABLISHED</emphasis> and <emphasis role="bold">ESTABLISHED</emphasis> and <emphasis
role="bold">RELATED</emphasis> sections must be empty.</para> role="bold">RELATED</emphasis> sections must be empty.</para>
<para>An except is made if you are running Shorewall 4.4.27 or later and
you have specified a non-defualt value for RELATED_DISPOSITION or
RELATED_LOG_LEVEL. In that case, you may have rules in the RELATED
section of this file.</para>
</warning> </warning>
<para>You may omit any section that you don't need. If no Section Headers <para>You may omit any section that you don't need. If no Section Headers

30
manpages6/shorewall6.conf.xml
View File

@ -1487,6 +1487,36 @@ net all DROP info</programlisting>then the chain name is 'net2all'
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis
role="bold">RELATED_DISPOSITION=[ACCEPT|A_ACCEPT|A_DROP|A_REJECT|DROP|REJECT]</emphasis></term>
<listitem>
<para>Added in Shorewall 4.4.27. Shorewall has traditionally
ACCEPTed RELATED packets that don't match any rule in the RELATED
section of <ulink
url="manpages6/shorewall6-rules.html">shorewall6-rules</ulink> (5).
Concern about the safety of this practice resulted in the addition
of this option. When a packet in RELATED state fails to match any
rule in the RELATED section, the packet is disposed of based on this
setting. The default value is ACCEPT for compatibility with earlier
versions.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis
role="bold">RELATED_LOG_LEVEL=</emphasis><emphasis>log-level</emphasis></term>
<listitem>
<para>Added in Shorewall 4.4.27. Packets in the related state that
do not match any rule in the RELATED section of <ulink
url="manpages/shorewall-rules.html">shorewall6-rules</ulink> (5) are
logged at this level. The default value is empty which means no
logging is performed.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">REQUIRE_INTERFACE=</emphasis>[<emphasis <term><emphasis role="bold">REQUIRE_INTERFACE=</emphasis>[<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term> role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>