extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-19 17:28:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add default action specifications to /etc/shorewall/actions

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4483 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-08-30 18:20:08 +00:00
parent 4a4403029f
commit dc77b9ca6b
3 changed files with 11 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/actions
View File

@ -30,4 +30,6 @@
# #
############################################################################### ###############################################################################
#ACTION #ACTION
Drop:DROP # Default action for DROP
Reject:REJECT # Default action for REJECT
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

7
Shorewall/policy
View File

@ -60,13 +60,12 @@
# "all". # "all".
# #
# If the policy is ACCEPT, DROP, REJECT or QUEUE then # If the policy is ACCEPT, DROP, REJECT or QUEUE then
# the policy may be followed by ":" and one of the # the policy should be followed by ":" and one of the
# following: # following:
# #
# a) The word "None" or "none". This causes any default # a) The word "None" or "none". This causes any default
# action define in /etc/shorewall/actions.std or # action define in /etc/shorewall/actions to be
# /etc/shorewall/actions to be omitted for this # omitted for this policy.
# policy.
# b) The name of an action (requires that USE_ACTIONS=Yes # b) The name of an action (requires that USE_ACTIONS=Yes
# in shorewall.conf). That action will be invoked # in shorewall.conf). That action will be invoked
# before the policy is enforced. # before the policy is enforced.

45
Shorewall/releasenotes.txt
View File

@ -71,49 +71,16 @@ Migration Considerations:
Features section below), we need a way to define default rules Features section below), we need a way to define default rules
for a policy. for a policy.
The solution is to extend the POLICY column in
/etc/shorewall/policy and to remove the specification of
a default action in /etc/shorewall/actions.std.
When the POLICY is ACCEPT, DROP, REJECT or QUEUE then the policy
may be followed by ":" and one of the following:
a) The word "None" or "none". This causes any default
action define in /etc/shorewall/actions to be omitted for
this policy.
b) The name of an action (requires that USE_ACTIONS=Yes
in shorewall.conf). That action will be invoked
before the policy is enforced.
c) The name of a macro. The rules in that macro will
be applied before the policy is enforced. This
does not require USE_ACTIONS=Yes.
Example:
#SOURCE DEST POLICY LOG
# LEVEL
loc net ACCEPT
net all DROP:Drop info
#
# THE FOLLOWING POLICY MUST BE LAST
#
all all REJECT:Reject info
With USE_ACTIONS=Yes, the above will work the same way that the
pre-3.3 setup did. The 'Drop' and 'Reject' actions will be invoked
before the DROP and REJECT policies are enforced.
With USE_ACTION=No, there will be no Drop or Reject actions so
Shorewall will look for macros by that name; as described in item
2) above, these macros are provided as part of the Shorewall 3.3
release.
If you are happy with the way that things worked in prior releases, If you are happy with the way that things worked in prior releases,
then simply add these two lines to your /etc/shorewall/actions: then simply add these two lines to your /etc/shorewall/actions file
if they are not already there (and you have not defined different
default actions for DROP and/or REJECT):
Drop:DROP Drop:DROP
Reject:REJECT Reject:REJECT
Otherwise, please read item 3) in the New Features section below.
New Features: New Features:
1) In order to accomodate small embedded applications, Shorewall 3.3 1) In order to accomodate small embedded applications, Shorewall 3.3