extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-22 05:28:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add DOCKER option

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-02-19 17:42:54 -08:00
parent 2ee1d11f94
commit e66d9f6547
13 changed files with 50 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Perl/Shorewall/Config.pm
View File

@ -874,6 +874,7 @@ sub initialize( $;$$) {
WORKAROUNDS => undef , WORKAROUNDS => undef ,
LEGACY_RESTART => undef , LEGACY_RESTART => undef ,
RESTART => undef , RESTART => undef ,
DOCKER => undef ,
# #
# Packet Disposition # Packet Disposition
# #
@ -5857,6 +5858,7 @@ sub get_configuration( $$$$ ) {
default_yes_no 'INLINE_MATCHES' , ''; default_yes_no 'INLINE_MATCHES' , '';
default_yes_no 'BASIC_FILTERS' , ''; default_yes_no 'BASIC_FILTERS' , '';
default_yes_no 'WORKAROUNDS' , 'Yes'; default_yes_no 'WORKAROUNDS' , 'Yes';
default_yes_no 'DOCKER' , '';
if ( supplied( $val = $config{RESTART} ) ) { if ( supplied( $val = $config{RESTART} ) ) {
fatal_error "Invalid value for RESTART ($val)" unless $val =~ /^(restart|reload)$/; fatal_error "Invalid value for RESTART ($val)" unless $val =~ /^(restart|reload)$/;

2
Shorewall/Samples/Universal/shorewall.conf
View File

@ -146,6 +146,8 @@ DEFER_DNS_RESOLUTION=Yes
DISABLE_IPV6=No DISABLE_IPV6=No
DOCKER=No
DELETE_THEN_ADD=Yes DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No DETECT_DNAT_IPADDRS=No

2
Shorewall/Samples/one-interface/shorewall.conf
View File

@ -157,6 +157,8 @@ DEFER_DNS_RESOLUTION=Yes
DISABLE_IPV6=No DISABLE_IPV6=No
DOCKER=No
DELETE_THEN_ADD=Yes DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No DETECT_DNAT_IPADDRS=No

2
Shorewall/Samples/three-interfaces/shorewall.conf
View File

@ -154,6 +154,8 @@ DEFER_DNS_RESOLUTION=Yes
DISABLE_IPV6=No DISABLE_IPV6=No
DOCKER=No
DELETE_THEN_ADD=Yes DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No DETECT_DNAT_IPADDRS=No

2
Shorewall/Samples/two-interfaces/shorewall.conf
View File

@ -157,6 +157,8 @@ DEFER_DNS_RESOLUTION=Yes
DISABLE_IPV6=No DISABLE_IPV6=No
DOCKER=No
DELETE_THEN_ADD=Yes DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No DETECT_DNAT_IPADDRS=No

2
Shorewall/configfiles/shorewall.conf
View File

@ -150,6 +150,8 @@ DETECT_DNAT_IPADDRS=No
DISABLE_IPV6=No DISABLE_IPV6=No
DOCKER=No
DONT_LOAD= DONT_LOAD=
DYNAMIC_BLACKLIST=Yes DYNAMIC_BLACKLIST=Yes

17
Shorewall/manpages/shorewall.conf.xml
View File

@ -733,6 +733,19 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis role="bold">DOCKER=</emphasis>[<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
<listitem>
<para>Added in Shorewall 5.0.6. When set to Yes, the generated
script will save Docker-generated rules before and restore them
after executing the start, reload and restart commands. If set to No
(the default), the generated script will delete any Docker-generated
rules when executing those commands.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">DONT_LOAD=</emphasis>[<emphasis>module</emphasis>[,<emphasis>module</emphasis>]...]</term> role="bold">DONT_LOAD=</emphasis>[<emphasis>module</emphasis>[,<emphasis>module</emphasis>]...]</term>
@ -763,8 +776,8 @@
<listitem> <listitem>
<para>Normally, when the SOURCE or DEST columns in <para>Normally, when the SOURCE or DEST columns in
shorewall-policy(5) contains 'all', a single policy chain is created shorewall-policy(5) contains 'all', a single policy chain is created
and the policy is enforced in that chain. For example, if the policy and thes policy is enforced in that chain. For example, if the
entry is<programlisting>#SOURCE DEST POLICY LOG policy entry is<programlisting>#SOURCE DEST POLICY LOG
# LEVEL # LEVEL
net all DROP info</programlisting>then the chain name is 'net-all' net all DROP info</programlisting>then the chain name is 'net-all'
('net2all if ZONE2ZONE=2) which is also the chain named in Shorewall ('net2all if ZONE2ZONE=2) which is also the chain named in Shorewall

2
Shorewall6/Samples6/Universal/shorewall6.conf
View File

@ -139,6 +139,8 @@ DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes DELETE_THEN_ADD=Yes
DOCKER=No
DONT_LOAD= DONT_LOAD=
DYNAMIC_BLACKLIST=Yes DYNAMIC_BLACKLIST=Yes

2
Shorewall6/Samples6/one-interface/shorewall6.conf
View File

@ -140,6 +140,8 @@ DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes DELETE_THEN_ADD=Yes
DOCKER=No
DONT_LOAD= DONT_LOAD=
DYNAMIC_BLACKLIST=Yes DYNAMIC_BLACKLIST=Yes

2
Shorewall6/Samples6/three-interfaces/shorewall6.conf
View File

@ -139,6 +139,8 @@ DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes DELETE_THEN_ADD=Yes
DOCKER=No
DONT_LOAD= DONT_LOAD=
DYNAMIC_BLACKLIST=Yes DYNAMIC_BLACKLIST=Yes

2
Shorewall6/Samples6/two-interfaces/shorewall6.conf
View File

@ -139,6 +139,8 @@ DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes DELETE_THEN_ADD=Yes
DOCKER=No
DONT_LOAD= DONT_LOAD=
DYNAMIC_BLACKLIST=Yes DYNAMIC_BLACKLIST=Yes

2
Shorewall6/configfiles/shorewall6.conf
View File

@ -139,6 +139,8 @@ DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes DELETE_THEN_ADD=Yes
DOCKER=No
DONT_LOAD= DONT_LOAD=
DYNAMIC_BLACKLIST=Yes DYNAMIC_BLACKLIST=Yes

13
Shorewall6/manpages/shorewall6.conf.xml
View File

@ -611,6 +611,19 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis role="bold">DOCKER=</emphasis>[<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
<listitem>
<para>Added in Shorewall 5.0.6. When set to Yes, the generated
script will save Docker-generated rules before and restore them
after executing the start, reload and restart commands. If set to No
(the default), the generated script will delete any Docker-generated
rules when executing those commands.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">DONT_LOAD=</emphasis>[<emphasis>module</emphasis>[,<emphasis>module</emphasis>]...]</term> role="bold">DONT_LOAD=</emphasis>[<emphasis>module</emphasis>[,<emphasis>module</emphasis>]...]</term>