extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-08-09 15:41:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '5.2.3'

Browse Source 
# Conflicts:
#	docs/Introduction.xml
This commit is contained in:
Tom Eastep
2020-03-06 09:37:41 -08:00
parent e8f49bc9c7 3e2d7cf990
commit fa1aa4b481
20 changed files with 336 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
docs/Docker.xml
View File

@ -13,6 +13,10 @@
<surname>Eastep</surname>
</author>
<author>
<surname>J Cliff Armstrong</surname>
</author>
</authorgroup>
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
@ -20,6 +24,8 @@
<copyright>
<year>2016</year>
<year>2020</year>
<holder>Thomas M. Eastep</holder>
</copyright>
@ -57,6 +63,35 @@
<command>restart</command> or <command>reload</command> operation and
restores those rules along with the Shorewall-generated ruleset.</para>
<important>
<para>Shorewall currently doesn't support Docker Swarm mode.</para>
</important>
<warning>
<para>On Debian and Debian-derived systems, <command>systemctl restart
shorewall</command> will lose Docker rules. You can work around this
issue using a method provided by J Cliff Armstrong:</para>
<para>Type as root:</para>
<programlisting><command>systemctl edit shorewall.service</command></programlisting>
<para>This will open the default terminal editor to a blank file in
which you can paste the following:</para>
<programlisting>[Service]
# reset ExecStop
ExecStop=
# set ExecStop to "stop" instead of "clear"
ExecStop=/sbin/shorewall $OPTIONS stop
</programlisting>
<para> Then type <command>systemctl daemon-reload </command>to activate
the changes. This change will survive future updates of the shorewall
package from apt repositories. The override file itself will be saved to
`/etc/systemd/system/shorewall.service.d/`. </para>
</warning>
<para>This support assumes that the default Docker bridge (docker0) is
being used. It is recommended that this bridge be defined to Shorewall in
<ulink

30
docs/Introduction.xml
View File

@ -16,7 +16,7 @@
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
<copyright>
<year>2003-2015</year>
<year>2003-2020</year>
<year>2019</year>
@ -173,18 +173,22 @@ dmz ipv4</programlisting>
file. In the three-interface sample, the three zones are defined using
that file as follows:</para>
<programlisting>#ZONE INTERFACE OPTIONS
net NET_IF dhcp,routefilter
loc LOC_IF
dmz DMZ_IF</programlisting>
<programlisting>#ZONE INTERFACE OPTIONS
net NET_IF tcpflags,dhcp,nosmurfs,routefilter,logmartians,sourceroute=0,physical=eth0
loc LOC_IF tcpflags,nosmurfs,routefilter,logmartians,physical=eth1
dmz DMZ_IF tcpflags,nosmurfs,routefilter,logmartians,physical=eth2</programlisting>
<para>The above file defines the <emphasis>net</emphasis> zone as all IPv4
hosts interfacing to the firewall through NET_IF, the
<emphasis>loc</emphasis> zone as all IPv4 hosts interfacing through LOC_IF
and the <emphasis>dmz</emphasis> as all IPv4 hosts interfacing through
DMZ_IF. It is important to note that the composition of a zone is defined
in terms of a combination of addresses <emphasis
role="bold">and</emphasis> interfaces. When using the <ulink
eth2. The interface names shown in the INTERFACE column are <emphasis>
logical</emphasis> names which are used throughout the configuration to
refer to the individual interfaces. The actual interface names are
specified using the <emphasis role="bold">physical</emphasis> option. It
is important to note that the composition of a zone is defined in terms of
a combination of addresses <emphasis role="bold">and</emphasis>
interfaces. When using the <ulink
url="manpages/shorewall-interfaces.html"><filename>/etc/shorewall/interfaces</filename></ulink>
file to define a zone, all addresses are included; when you want to define
a zone that contains a limited subset of the IPv4 address space, you use
@ -193,10 +197,12 @@ dmz DMZ_IF</programlisting>
file or you may use the nets= option in
<filename>/etc/shorewall/interfaces</filename>:</para>
<programlisting>#ZONE INTERFACE BROADCAST OPTIONS
net NET_IF detect dhcp,routefilter,nets=(!192.168.0.0/23),physical=eth0
loc LOC_IF detect nets=(192.168.0.0/24),physical=eth1
dmz DMZ_IF detect nets=(192.168.1.0/24),physical=eth2</programlisting>
<programlisting>#ZONE INTERFACE OPTIONS
net NET_IF tcpflags,dhcp,nosmurfs,routefilter,logmartians,sourceroute=0,physical=eth0
loc LOC_IF tcpflags,nosmurfs,routefilter,logmartians,physical=eth1,<emphasis
role="bold">nets=172.20.1.0/24</emphasis>
dmz DMZ_IF tcpflags,nosmurfs,routefilter,logmartians,physical=eth2
</programlisting>
<para>The above file defines the <emphasis>net</emphasis> zone as all IPv4
hosts interfacing to the firewall through eth0 <emphasis>except</emphasis>

1
docs/docs-targetname Normal file
View File

@ -0,0 +1 @@
5.2.3.7

188
docs/html.css Normal file
View File

@ -0,0 +1,188 @@
/* global styles */
body {
font-family: sans-serif;
}
div {
border: 0;
padding: 0.5em;
}
img {
border: 0;
}
hr {
color: #8b8b8b;
}
h4 {
text-align: center;
font-weight: bold;
padding: 0.25em 0.5em;
margin: 0 0 1px;
}
.quote {
font-style: italic;
text-align: center;
}
.strong {
font-weight: bold;
}
.warning {
font-weight: bold;
color: #ff0000;
}
a {
display: block;
border-width: 0;
text-decoration: none;
color: #0060b5;
background: #ffffff;
}
a:hover {
color: #ffffff;
background: #0060b5;
}
/* header styles */
div#header {
position: absolute;
font-size: small;
top: 0;
left: 0;
height: 100px;
width: 95%;
margin: 10px;
}
div#header p {
text-align: center;
}
div#header div#search-form {
float: left;
margin: 0;
padding: 0;
}
div#header div#search-form input#search-text {
background-color: #ffffff;
color: #0060b5;
font-size: small;
border: 1px solid;
vertical-align: middle;
}
div#header div#search-form input#submit-button {
background-color: #ffffff;
color: #0060b5;
font-size: small;
font-weight: bold;
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
border-radius:6px;
text-decoration: none;
cursor: pointer;
border: 1px solid;
vertical-align: middle;
}
div#header div#search-form input#submit-button:hover {
border: 1px solid;
background-color: #0060b5;
color: #ffffff;
box-shadow: 0px 0px 1px #777;
}
div#header div#ml-search {
float: right;
margin: 0;
padding: 0;
}
div#header div#logo {
margin: 0;
padding: 0;
clear: both;
}
/* sidebar styles */
div#sidebar {
position: fixed;
top: 125px;
left: 0;
width: 15%;
margin: 10px;
font-size: small;
}
div#sidebar:hover {
background-position: 0px 0px;
}
div#sidebar a {
text-align: center;
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
border-radius:6px;
}
/* menu styles */
/* main panel styles */
div#main {
position: absolute;
top: 150px;
left: 16%;
width: 62%;
margin: 10px;
}
div#main a {
display: inline;
padding: 0;
}
div#main a:hover {
color: #0060b5;
background: #ffffff;
text-decoration: underline;
}
/* content styles */
div#content div {
padding: 0;
}
div#content code, pre {
font: 100% monospace;
}
div#content table {
width: 100%;
}
div#content table#changelog {
font-size: x-small;
}
/* footer styles */
div#footer p {
text-align: center;
font-size: small;
}
div#footer table {
margin-left: auto;
margin-right: auto;
}
/* doc panel styles */
div#doc {
float: right;
top: 125px;
left: 80%;
width: 15%;
margin: 125px 10px 10px 10px;
font-size: small;
}
div#doc:hover {
background-position: 0px 0px;
}
div#doc a {
padding: 0 5px 0 5px;
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
border-radius:6px;
}
div#doc p.go-top, div#doc p.go-top a, div#doc p.go-top a:hover {
opacity: 0.75;
filter:alpha(opacity=75); /* For IE8 and earlier */
position: fixed;
bottom: 0.5em;
right: 0.5em;
text-decoration: none;
font-size: small;
padding: 0;
display: block;
}
div#doc p.go-top a:hover {
opacity: 1.0;
filter:alpha(opacity=100); /* For IE8 and earlier */
}

1
docs/images/docs-images-targetname Normal file
View File

@ -0,0 +1 @@
5.2.3.7