From e66d9f65477b26554393db65edb0b9175c0e0391 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 19 Feb 2016 17:42:54 -0800 Subject: [PATCH] Add DOCKER option Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Config.pm | 2 ++ Shorewall/Samples/Universal/shorewall.conf | 2 ++ Shorewall/Samples/one-interface/shorewall.conf | 2 ++ .../Samples/three-interfaces/shorewall.conf | 2 ++ Shorewall/Samples/two-interfaces/shorewall.conf | 2 ++ Shorewall/configfiles/shorewall.conf | 2 ++ Shorewall/manpages/shorewall.conf.xml | 17 +++++++++++++++-- Shorewall6/Samples6/Universal/shorewall6.conf | 2 ++ .../Samples6/one-interface/shorewall6.conf | 2 ++ .../Samples6/three-interfaces/shorewall6.conf | 2 ++ .../Samples6/two-interfaces/shorewall6.conf | 2 ++ Shorewall6/configfiles/shorewall6.conf | 2 ++ Shorewall6/manpages/shorewall6.conf.xml | 13 +++++++++++++ 13 files changed, 50 insertions(+), 2 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index ae5a2e9ef..eb967cb86 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -874,6 +874,7 @@ sub initialize( $;$$) { WORKAROUNDS => undef , LEGACY_RESTART => undef , RESTART => undef , + DOCKER => undef , # # Packet Disposition # @@ -5857,6 +5858,7 @@ sub get_configuration( $$$$ ) { default_yes_no 'INLINE_MATCHES' , ''; default_yes_no 'BASIC_FILTERS' , ''; default_yes_no 'WORKAROUNDS' , 'Yes'; + default_yes_no 'DOCKER' , ''; if ( supplied( $val = $config{RESTART} ) ) { fatal_error "Invalid value for RESTART ($val)" unless $val =~ /^(restart|reload)$/; diff --git a/Shorewall/Samples/Universal/shorewall.conf b/Shorewall/Samples/Universal/shorewall.conf index d58440ca3..f32ff204d 100644 --- a/Shorewall/Samples/Universal/shorewall.conf +++ b/Shorewall/Samples/Universal/shorewall.conf @@ -146,6 +146,8 @@ DEFER_DNS_RESOLUTION=Yes DISABLE_IPV6=No +DOCKER=No + DELETE_THEN_ADD=Yes DETECT_DNAT_IPADDRS=No diff --git a/Shorewall/Samples/one-interface/shorewall.conf b/Shorewall/Samples/one-interface/shorewall.conf index 456a117db..ac80e41a5 100644 --- a/Shorewall/Samples/one-interface/shorewall.conf +++ b/Shorewall/Samples/one-interface/shorewall.conf @@ -157,6 +157,8 @@ DEFER_DNS_RESOLUTION=Yes DISABLE_IPV6=No +DOCKER=No + DELETE_THEN_ADD=Yes DETECT_DNAT_IPADDRS=No diff --git a/Shorewall/Samples/three-interfaces/shorewall.conf b/Shorewall/Samples/three-interfaces/shorewall.conf index 57787f0a2..4d5492ef8 100644 --- a/Shorewall/Samples/three-interfaces/shorewall.conf +++ b/Shorewall/Samples/three-interfaces/shorewall.conf @@ -154,6 +154,8 @@ DEFER_DNS_RESOLUTION=Yes DISABLE_IPV6=No +DOCKER=No + DELETE_THEN_ADD=Yes DETECT_DNAT_IPADDRS=No diff --git a/Shorewall/Samples/two-interfaces/shorewall.conf b/Shorewall/Samples/two-interfaces/shorewall.conf index 2384f6613..c06e403e9 100644 --- a/Shorewall/Samples/two-interfaces/shorewall.conf +++ b/Shorewall/Samples/two-interfaces/shorewall.conf @@ -157,6 +157,8 @@ DEFER_DNS_RESOLUTION=Yes DISABLE_IPV6=No +DOCKER=No + DELETE_THEN_ADD=Yes DETECT_DNAT_IPADDRS=No diff --git a/Shorewall/configfiles/shorewall.conf b/Shorewall/configfiles/shorewall.conf index 729a3b2a6..7d4386a2b 100644 --- a/Shorewall/configfiles/shorewall.conf +++ b/Shorewall/configfiles/shorewall.conf @@ -150,6 +150,8 @@ DETECT_DNAT_IPADDRS=No DISABLE_IPV6=No +DOCKER=No + DONT_LOAD= DYNAMIC_BLACKLIST=Yes diff --git a/Shorewall/manpages/shorewall.conf.xml b/Shorewall/manpages/shorewall.conf.xml index b85c2cbfd..66af8cdc8 100644 --- a/Shorewall/manpages/shorewall.conf.xml +++ b/Shorewall/manpages/shorewall.conf.xml @@ -733,6 +733,19 @@ + + DOCKER=[Yes|No] + + + Added in Shorewall 5.0.6. When set to Yes, the generated + script will save Docker-generated rules before and restore them + after executing the start, reload and restart commands. If set to No + (the default), the generated script will delete any Docker-generated + rules when executing those commands. + + + DONT_LOAD=[module[,module]...] @@ -763,8 +776,8 @@ Normally, when the SOURCE or DEST columns in shorewall-policy(5) contains 'all', a single policy chain is created - and the policy is enforced in that chain. For example, if the policy - entry is#SOURCE DEST POLICY LOG + and thes policy is enforced in that chain. For example, if the + policy entry is#SOURCE DEST POLICY LOG # LEVEL net all DROP infothen the chain name is 'net-all' ('net2all if ZONE2ZONE=2) which is also the chain named in Shorewall diff --git a/Shorewall6/Samples6/Universal/shorewall6.conf b/Shorewall6/Samples6/Universal/shorewall6.conf index 766db678a..a168064e5 100644 --- a/Shorewall6/Samples6/Universal/shorewall6.conf +++ b/Shorewall6/Samples6/Universal/shorewall6.conf @@ -139,6 +139,8 @@ DEFER_DNS_RESOLUTION=Yes DELETE_THEN_ADD=Yes +DOCKER=No + DONT_LOAD= DYNAMIC_BLACKLIST=Yes diff --git a/Shorewall6/Samples6/one-interface/shorewall6.conf b/Shorewall6/Samples6/one-interface/shorewall6.conf index 8d13446d3..fc0f222d4 100644 --- a/Shorewall6/Samples6/one-interface/shorewall6.conf +++ b/Shorewall6/Samples6/one-interface/shorewall6.conf @@ -140,6 +140,8 @@ DEFER_DNS_RESOLUTION=Yes DELETE_THEN_ADD=Yes +DOCKER=No + DONT_LOAD= DYNAMIC_BLACKLIST=Yes diff --git a/Shorewall6/Samples6/three-interfaces/shorewall6.conf b/Shorewall6/Samples6/three-interfaces/shorewall6.conf index 046ac3a04..7b4c570fb 100644 --- a/Shorewall6/Samples6/three-interfaces/shorewall6.conf +++ b/Shorewall6/Samples6/three-interfaces/shorewall6.conf @@ -139,6 +139,8 @@ DEFER_DNS_RESOLUTION=Yes DELETE_THEN_ADD=Yes +DOCKER=No + DONT_LOAD= DYNAMIC_BLACKLIST=Yes diff --git a/Shorewall6/Samples6/two-interfaces/shorewall6.conf b/Shorewall6/Samples6/two-interfaces/shorewall6.conf index e80e8844c..437234ff9 100644 --- a/Shorewall6/Samples6/two-interfaces/shorewall6.conf +++ b/Shorewall6/Samples6/two-interfaces/shorewall6.conf @@ -139,6 +139,8 @@ DEFER_DNS_RESOLUTION=Yes DELETE_THEN_ADD=Yes +DOCKER=No + DONT_LOAD= DYNAMIC_BLACKLIST=Yes diff --git a/Shorewall6/configfiles/shorewall6.conf b/Shorewall6/configfiles/shorewall6.conf index 628a028ec..c7a23a009 100644 --- a/Shorewall6/configfiles/shorewall6.conf +++ b/Shorewall6/configfiles/shorewall6.conf @@ -139,6 +139,8 @@ DEFER_DNS_RESOLUTION=Yes DELETE_THEN_ADD=Yes +DOCKER=No + DONT_LOAD= DYNAMIC_BLACKLIST=Yes diff --git a/Shorewall6/manpages/shorewall6.conf.xml b/Shorewall6/manpages/shorewall6.conf.xml index 29a734401..f1e8ed43b 100644 --- a/Shorewall6/manpages/shorewall6.conf.xml +++ b/Shorewall6/manpages/shorewall6.conf.xml @@ -611,6 +611,19 @@ + + DOCKER=[Yes|No] + + + Added in Shorewall 5.0.6. When set to Yes, the generated + script will save Docker-generated rules before and restore them + after executing the start, reload and restart commands. If set to No + (the default), the generated script will delete any Docker-generated + rules when executing those commands. + + + DONT_LOAD=[module[,module]...]