holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Combo of Beta2 and IPV6 disable

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1149 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-02-15 17:52:27 +00:00
parent cff939d94e
commit 052194cb9b
10 changed files with 175 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Shorewall2/actions
View File

@ -16,14 +16,6 @@
# respectively is enforced. If you specify ":DROP" or ":REJECT" # respectively is enforced. If you specify ":DROP" or ":REJECT"
# on more than one action then only the last such action will be # on more than one action then only the last such action will be
# taken. # taken.
#
# If you remove the following INCLUDE, you will need to copy the
# definitions you need from the actions.std file into this one.
#
INCLUDE /etc/shorewall/actions.std
#
# Add your entries below here
#
#ACTION #ACTION
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

4
Shorewall2/changelog.txt
View File

@ -40,3 +40,7 @@ Changes since 1.4.10
19) Added a comment to the rules file to aid users who are terminally stupid. 19) Added a comment to the rules file to aid users who are terminally stupid.
20) Only create the action chains that are actually used. 20) Only create the action chains that are actually used.
21) Move actions.std and action.* files to /usr/share/shorewall.
22) Added DISABLE_IPV6 option.

4
Shorewall2/fallback.sh
View File

@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of # shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall. # Shoreline Firewall.
VERSION=2.0.0-Beta1 VERSION=2.0.0-Beta2
usage() # $1 = exit status usage() # $1 = exit status
{ {
@ -131,7 +131,7 @@ restore_file /etc/shorewall/actions.std
restore_file /etc/shorewall/actions restore_file /etc/shorewall/actions
for f in /etc/shorewall/action.*-${VERSION}.bkout; do for f in /usr/share/shorewall/action.*-${VERSION}.bkout; do
restore_file $(echo $f | sed "s/-${VERSION}.bkout//") restore_file $(echo $f | sed "s/-${VERSION}.bkout//")
done done

118
Shorewall2/firewall
View File

@ -1012,6 +1012,12 @@ stop_firewall() {
delete_proxy_arp delete_proxy_arp
[ -n "$CLEAR_TC" ] && delete_tc [ -n "$CLEAR_TC" ] && delete_tc
if [ -n "$DISABLE_IPV6" ]; then
ip6tables -P FORWARD DROP
ip6tables -P INPUT DROP
ip6tables -P OUTPUT DROP
fi
if [ -z "$ADMINISABSENTMINDED" ]; then if [ -z "$ADMINISABSENTMINDED" ]; then
for chain in INPUT OUTPUT FORWARD; do for chain in INPUT OUTPUT FORWARD; do
setpolicy $chain DROP setpolicy $chain DROP
@ -1105,6 +1111,10 @@ clear_firewall() {
setpolicy FORWARD ACCEPT setpolicy FORWARD ACCEPT
setpolicy OUTPUT ACCEPT setpolicy OUTPUT ACCEPT
ip6tables -P INPUT ACCEPT 2> /dev/null
ip6tables -P OUTPUT ACCEPT 2> /dev/null
ip6tables -P FORWARD ACCEPT 2> /dev/null
run_user_exit clear run_user_exit clear
logger "Shorewall Cleared" logger "Shorewall Cleared"
@ -2386,58 +2396,64 @@ process_actions1() {
strip_file actions strip_file actions
while read xaction rest; do strip_file actions.std /usr/share/shorewall/actions.std
[ "x$rest" = x ] || fatal_error "Invalid Action: $xaction $rest"
case $xaction in for inputfile in actions.std actions; do
*:*) while read xaction rest; do
temp=${xaction#*:} [ "x$rest" = x ] || fatal_error "Invalid Action: $xaction $rest"
xaction=${xaction%:*}
case $temp in
ACCEPT|REJECT|DROP)
eval ${temp}_common=$xaction
if ! list_search $xaction $USEDACTIONS; then
USEDACTIONS="$USEDACTIONS $xaction"
[ $command = check ] || createactionchain $xaction
fi
;;
*)
fatal_error "Common Actions are only allowed for ACCEPT, DROP and REJECT"
;;
esac
esac
f=action.$xaction case $xaction in
fn=$(find_file $f) *:*)
temp=${xaction#*:}
xaction=${xaction%:*}
case $temp in
ACCEPT|REJECT|DROP)
eval ${temp}_common=$xaction
if ! list_search $xaction $USEDACTIONS; then
USEDACTIONS="$USEDACTIONS $xaction"
[ $command = check ] || createactionchain $xaction
fi
;;
*)
fatal_error "Common Actions are only allowed for ACCEPT, DROP and REJECT"
;;
esac
esac
eval requiredby_${action}= if ! list_search $xaction $ACTIONS; then
f=action.$xaction
fn=$(find_file $f)
if [ -f $fn ]; then eval requiredby_${action}=
echo " Pre-processing $fn..."
strip_file $f $fn
while read xtarget xclients xservers xprotocol xports xcports xratelimit $xuserspec; do
expandv xtarget
temp="${xtarget%:*}"
case "${temp%<*}" in
ACCEPT|DROP|REJECT|LOG|QUEUE)
;;
*)
if list_search $temp $ACTIONS; then
eval requiredby_${xaction}=\"\$requiredby_${xaction} $temp\"
else
rule="$(echo $xtarget $xclients $xservers $xprotocol $xports $xcports $xratelimit $xuserspec)"
fatal_error "Invalid TARGET in rule \"$rule\""
fi
;;
esac if [ -f $fn ]; then
done < $TMP_DIR/$f echo " Pre-processing $fn..."
else strip_file $f $fn
fatal_error "Missing Action File: $f" while read xtarget xclients xservers xprotocol xports xcports xratelimit $xuserspec; do
fi expandv xtarget
temp="${xtarget%:*}"
case "${temp%<*}" in
ACCEPT|DROP|REJECT|LOG|QUEUE)
;;
*)
if list_search $temp $ACTIONS; then
eval requiredby_${xaction}=\"\$requiredby_${xaction} $temp\"
else
rule="$(echo $xtarget $xclients $xservers $xprotocol $xports $xcports $xratelimit $xuserspec)"
fatal_error "Invalid TARGET in rule \"$rule\""
fi
;;
ACTIONS="$ACTIONS $xaction" esac
done < $TMP_DIR/actions done < $TMP_DIR/$f
else
fatal_error "Missing Action File: $f"
fi
ACTIONS="$ACTIONS $xaction"
fi
done < $TMP_DIR/$inputfile
done
} }
# #
# Generate the transitive closure of $USEDACTIONS (the actions directly referred to in rules and as common actions) then # Generate the transitive closure of $USEDACTIONS (the actions directly referred to in rules and as common actions) then
@ -2508,7 +2524,7 @@ process_actions2() {
# #
for xaction in $USEDACTIONS; do for xaction in $USEDACTIONS; do
case $xaction in case $xaction in
dropNonSyn|dropBcasts) dropNonSyn|dropBcast)
;; ;;
*) *)
f=action.$xaction f=action.$xaction
@ -4278,6 +4294,12 @@ initialize_netfilter () {
setcontinue INPUT setcontinue INPUT
setcontinue OUTPUT setcontinue OUTPUT
if [ -n "$DISABLE_IPV6" ]; then
ip6tables -P FORWARD DROP
ip6tables -P INPUT DROP
ip6tables -P OUTPUT DROP
fi
# #
# Enable the Loopback interface for now # Enable the Loopback interface for now
# #
@ -5441,6 +5463,7 @@ do_initialize() {
ACTIONS= ACTIONS=
USEDACTIONS= USEDACTIONS=
SMURF_LOG_LEVEL= SMURF_LOG_LEVEL=
DISABLE_IPV6=
stopping= stopping=
have_mutex= have_mutex=
@ -5590,6 +5613,7 @@ do_initialize() {
fi fi
ADMINISABSENTMINDED=$(added_param_value_no ADMINISABSENTMINDED $ADMINISABSENTMINDED) ADMINISABSENTMINDED=$(added_param_value_no ADMINISABSENTMINDED $ADMINISABSENTMINDED)
BLACKLISTNEWONLY=$(added_param_value_no BLACKLISTNEWONLY $BLACKLISTNEWONLY) BLACKLISTNEWONLY=$(added_param_value_no BLACKLISTNEWONLY $BLACKLISTNEWONLY)
DISABLE_IPV6=$(added_param_value_no DISABLE_IPV6 $DISABLE_IPV6)
[ -n "$MODULE_SUFFIX" ] || MODULE_SUFFIX="o gz ko o.gz" [ -n "$MODULE_SUFFIX" ] || MODULE_SUFFIX="o gz ko o.gz"
# #

4
Shorewall2/functions
View File

@ -94,6 +94,10 @@ find_file()
*) *)
if [ -n "$SHOREWALL_DIR" -a -f $SHOREWALL_DIR/$1 ]; then if [ -n "$SHOREWALL_DIR" -a -f $SHOREWALL_DIR/$1 ]; then
echo $SHOREWALL_DIR/$1 echo $SHOREWALL_DIR/$1
elif [ -f /etc/shorewall/$1 ]; then
echo /etc/shorewall/$1
elif [ -f /usr/share/shorewall/$1 ]; then
echo /usr/share/shorewall/$1
else else
echo /etc/shorewall/$1 echo /etc/shorewall/$1
fi fi

13
Shorewall2/install.sh
View File

@ -54,7 +54,7 @@
# /etc/rc.d/rc.local file is modified to start the firewall. # /etc/rc.d/rc.local file is modified to start the firewall.
# #
VERSION=2.0.0-Beta1 VERSION=2.0.0-Beta2
usage() # $1 = exit status usage() # $1 = exit status
{ {
@ -503,7 +503,7 @@ fi
# #
# Install the Standard Actions file # Install the Standard Actions file
# #
install_file_with_backup actions.std ${PREFIX}/etc/shorewall/actions.std 0600 install_file_with_backup actions.std ${PREFIX}/usr/share/shorewall/actions.std 0600
echo echo
echo "Standard actions file installed as ${PREFIX}/etc/shorewall/actions.std" echo "Standard actions file installed as ${PREFIX}/etc/shorewall/actions.std"
@ -521,10 +521,10 @@ fi
# Install the Action files # Install the Action files
# #
for f in action.* ; do for f in action.* ; do
if [ -f ${PREFIX}/etc/shorewall/$f ]; then if [ -f ${PREFIX}/usr/share/shorewall/$f ]; then
backup_file /etc/shorewall/$f backup_file /usr/share/shorewall/$f
else else
run_install -o $OWNER -g $GROUP -m 0600 $f ${PREFIX}/etc/shorewall/$f run_install -o $OWNER -g $GROUP -m 0600 $f ${PREFIX}/usr/share/shorewall/$f
echo echo
echo "Action ${f#*.} file installed as ${PREFIX}/etc/shorewall/$f" echo "Action ${f#*.} file installed as ${PREFIX}/etc/shorewall/$f"
fi fi
@ -548,8 +548,9 @@ chmod 644 ${PREFIX}/usr/share/shorewall/version
if [ -z "$PREFIX" ]; then if [ -z "$PREFIX" ]; then
rm -f /usr/share/shorewall/init rm -f /usr/share/shorewall/init
ln -s ${DEST}/firewall /usr/share/shorewall/init ln -s ${DEST}/shorewall /usr/share/shorewall/init
fi fi
# #
# Install the firewall script # Install the firewall script
# #

72
Shorewall2/releasenotes.txt
View File

@ -1,4 +1,4 @@
Shorewall 2.0.0-Beta1 Shorewall 2.0.0-Beta2
---------------------------------------------------------------------- ----------------------------------------------------------------------
Problems Corrected since prior version. Problems Corrected since prior version.
@ -27,13 +27,14 @@ Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0:
/etc/shorewall/common.def /etc/shorewall/common.def
/etc/shorewall/common /etc/shorewall/common
/etc/shorewall/icmpdef /etc/shorewall/icmpdef
/etc/shorewall/action.template
The /etc/shorewall/action file now allows an action to be The /etc/shorewall/action file now allows an action to be
designated as the "common" action for a particular policy type by designated as the "common" action for a particular policy type by
following the action name with ":" and the policy (DROP, REJECT or following the action name with ":" and the policy (DROP, REJECT or
ACCEPT). ACCEPT).
The file /etc/shorewall/actions.std has been added to define those The file /usr/share/shorewall/actions.std has been added to define those
actions that are released as part of Shorewall. In that file are actions that are released as part of Shorewall. In that file are
two actions as follows: two actions as follows:
@ -51,15 +52,20 @@ Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0:
policies but does not specify such an action in the default policies but does not specify such an action in the default
configuration. configuration.
/etc/shorewall/actions contains an INCLUDE for The file /usr/share/shorewall/actions.std catalogs the standard
/etc/shorewall/actions.std. This causes a large number of actions to actions and is processed prior to /etc/shorewall/actions. This
be defined; in the current release: causes a large number of actions to be defined. The files which
define these aactions are also located in /usr/share/shorewall as
is the he action template file (action.template).
In the initial release, the following actions are defined:
dropBcast #Silently Drops Broadcast Traffic
dropNonSyn #Silently Drop Non-syn TCP packets
DropBcast #Silently Drops Broadcast Traffic
DropSMB #Silently Drops Microsoft SMB Traffic DropSMB #Silently Drops Microsoft SMB Traffic
RejectSMB #Silently Reject Microsoft SMB Traffic RejectSMB #Silently Reject Microsoft SMB Traffic
DropUPnP #Silently Drop UPnP Probes DropUPnP #Silently Drop UPnP Probes
DropNonSyn #Silently Drop Non-syn TCP packets
RejectAuth #Silently Reject Auth RejectAuth #Silently Reject Auth
DropPing #Silently Drop Ping DropPing #Silently Drop Ping
DropDNSrep #Silently Drop DNS Replies DropDNSrep #Silently Drop DNS Replies
@ -77,47 +83,38 @@ Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0:
AllowTelnet #Allow Telnet Access (not recommended for use over the AllowTelnet #Allow Telnet Access (not recommended for use over the
#Internet) #Internet)
AllowVNC #Allow VNC, Displays 0-9 AllowVNC #Allow VNC, Displays 0-9
AllowVNCL #Allow access to VNC viewer in listen mode
AllowNTP #Allow Network Time Protocol (ntpd) AllowNTP #Allow Network Time Protocol (ntpd)
AllowRdate #Allow remote time (rdate). AllowRdate #Allow remote time (rdate).
AllowNNTP #Allow network news (Usenet). AllowNNTP #Allow network news (Usenet).
AllowTrcrt #Allows Traceroute (20 hops) AllowTrcrt #Allows Traceroute (20 hops)
AllowSNMP #Allows SNMP (including traps) AllowSNMP #Allows SNMP (including traps)
AllowPCA #Allows PCAnywhere (tm).
Drop:DROP #Common rules for DROP policy Drop:DROP #Common rules for DROP policy
Reject:REJECT #Common Action for Reject policy Reject:REJECT #Common Action for Reject policy
If you don't want to create all of the action chains, you can remove if you want to redefine any of the Shorewall-defined actions,
the INCLUDE and only include those actions that you need. Here's my simply copy the appropriate action file from /usr/share/shorewall
/etc/shorewall/actions file: to /etc/shorewall and modify the copy as desired. Your modified
copy will be used rather than the original one in
/usr/share/shorewall.
DropBcast #Silently Drops Broadcast Traffic Note: The 'dropBcast' and 'dropNonSyn' actions are built into
DropSMB #Silently Drops Microsoft SMB Traffic Shorewall and may not be changed.
RejectSMB #Silently Reject Microsoft SMB Traffic
DropUPnP #Silently Drop UPnP Probes
DropNonSyn #Silently Drop Non-syn TCP packets
RejectAuth #Silently Reject Auth
DropPing #Silently Drop Ping
DropDNSrep #Silently Drop DNS Replies
AllowPing #Accept Ping
Mirrors #Accept traffic from Shorewall Mirrors Beginning with version 2.0.0-Beta2, Shorewall will only create a
chain for those actions that are actually used.
MyDrop:DROP
MyReject:REJECT
At any rate, if you have an existing /etc/shorewall/actions file,
then you MUST either add "INCLUDE /etc/shorewall/actions.std" to
that file or you must include the definitions similar to mine above
in your /etc/shorewall/actions file.
5) The /etc/shorewall directory no longer contains a 'users' file or a 5) The /etc/shorewall directory no longer contains a 'users' file or a
'usersets' file. Similar functionality is now available using 'usersets' file. Similar functionality is now available using
user-defined actions. user-defined actions.
Now, action files created by copying /etc/shorewall/action.template Now, action files created by copying
may now specify a USER and or GROUP name/id in the final column just /usr/share/shorewall/action.template may now specify a USER and or
like in the rules file (see below). It is thus possible to create GROUP name/id in the final column just like in the rules file (see
actions that control traffic from a list of users and/or groups. below). It is thus possible to create actions that control traffic
from a list of users and/or groups.
The last column in /etc/shorewall/rules is now labeled USER/GROUP The last column in /etc/shorewall/rules is now labeled USER/GROUP
and may contain: and may contain:
@ -166,5 +163,16 @@ New Features:
(e.g., "ipsec:noah"), then Shorewall will only create rules for (e.g., "ipsec:noah"), then Shorewall will only create rules for
ESP (protocol 50) and will not create rules for AH (protocol 51). ESP (protocol 50) and will not create rules for AH (protocol 51).
7) A new DISABLE_IPV6 option has been added to shorewall.conf. When
this option is set to "Yes", Shorewall will set the policy for the
IPv6 INPUT, OUTPUT and FORWARD chains to DROP during "shorewall
[re]start" and "shorewall stop". Regardless of the setting of this
variable, "shorewall clear" will silently attempt to set these
policies to ACCEPT.
If this option is not set in your existing shorewall.conf then a
setting of DISABLE_IPV6=No is assumed in which case, Shorewall will
not touch any IPv6 settings except during "shorewall clear".

10
Shorewall2/shorewall.conf
View File

@ -514,6 +514,16 @@ BLACKLISTNEWONLY=Yes
MODULE_SUFFIX= MODULE_SUFFIX=
#
# DISABLE IPV6
#
# Distributions (notably SuSE) are beginning to ship with IPV6
# enabled. If you are not using IPV6, you are at risk of being
# exploited by users who do. Setting DISABLE_IPV6=Yes will cause
# Shorewall to disable IPV6 traffic to/from and through your
# firewall system. This requires that you have ip6tables installed.
DISABLE_IPV6=Yes
################################################################################ ################################################################################
# P A C K E T D I S P O S I T I O N # P A C K E T D I S P O S I T I O N
################################################################################ ################################################################################

62
Shorewall2/shorewall.spec
View File

@ -72,8 +72,6 @@ fi
%attr(0700,root,root) %dir /etc/shorewall %attr(0700,root,root) %dir /etc/shorewall
%attr(0700,root,root) %dir /usr/share/shorewall %attr(0700,root,root) %dir /usr/share/shorewall
%attr(0700,root,root) %dir /var/lib/shorewall %attr(0700,root,root) %dir /var/lib/shorewall
%attr(0600,root,root) /usr/share/shorewall/version
%attr(0600,root,root) /etc/shorewall/actions.std
%attr(0600,root,root) %config(noreplace) /etc/shorewall/shorewall.conf %attr(0600,root,root) %config(noreplace) /etc/shorewall/shorewall.conf
%attr(0600,root,root) %config(noreplace) /etc/shorewall/zones %attr(0600,root,root) %config(noreplace) /etc/shorewall/zones
%attr(0600,root,root) %config(noreplace) /etc/shorewall/policy %attr(0600,root,root) %config(noreplace) /etc/shorewall/policy
@ -98,40 +96,44 @@ fi
%attr(0600,root,root) %config(noreplace) /etc/shorewall/stopped %attr(0600,root,root) %config(noreplace) /etc/shorewall/stopped
%attr(0600,root,root) %config(noreplace) /etc/shorewall/ecn %attr(0600,root,root) %config(noreplace) /etc/shorewall/ecn
%attr(0600,root,root) %config(noreplace) /etc/shorewall/accounting %attr(0600,root,root) %config(noreplace) /etc/shorewall/accounting
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowAuth
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowDNS
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowFTP
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowIMAP
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowNNTP
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowNTP
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowPCA
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowPing
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowPOP3
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowRdate
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowSMB
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowSMTP
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowSNMP
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowSSH
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowTelnet
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowTrcrt
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowVNC
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowVNCL*
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowWeb
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.Drop
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.DropDNSrep
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.DropPing
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.DropSMB
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.DropUPnP
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.Reject
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.RejectAuth
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.RejectSMB
%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.template
%attr(0600,root,root) %config(noreplace) /etc/shorewall/actions %attr(0600,root,root) %config(noreplace) /etc/shorewall/actions
%attr(0544,root,root) /sbin/shorewall %attr(0544,root,root) /sbin/shorewall
%attr(0600,root,root) /usr/share/shorewall/version
%attr(0600,root,root) /usr/share/shorewall/actions.std
%attr(0600,root,root) /usr/share/shorewall/action.AllowAuth
%attr(0600,root,root) /usr/share/shorewall/action.AllowDNS
%attr(0600,root,root) /usr/share/shorewall/action.AllowFTP
%attr(0600,root,root) /usr/share/shorewall/action.AllowIMAP
%attr(0600,root,root) /usr/share/shorewall/action.AllowNNTP
%attr(0600,root,root) /usr/share/shorewall/action.AllowNTP
%attr(0600,root,root) /usr/share/shorewall/action.AllowPCA
%attr(0600,root,root) /usr/share/shorewall/action.AllowPing
%attr(0600,root,root) /usr/share/shorewall/action.AllowPOP3
%attr(0600,root,root) /usr/share/shorewall/action.AllowRdate
%attr(0600,root,root) /usr/share/shorewall/action.AllowSMB
%attr(0600,root,root) /usr/share/shorewall/action.AllowSMTP
%attr(0600,root,root) /usr/share/shorewall/action.AllowSNMP
%attr(0600,root,root) /usr/share/shorewall/action.AllowSSH
%attr(0600,root,root) /usr/share/shorewall/action.AllowTelnet
%attr(0600,root,root) /usr/share/shorewall/action.AllowTrcrt
%attr(0600,root,root) /usr/share/shorewall/action.AllowVNC
%attr(0600,root,root) /usr/share/shorewall/action.AllowVNCL
%attr(0600,root,root) /usr/share/shorewall/action.AllowWeb
%attr(0600,root,root) /usr/share/shorewall/action.Drop
%attr(0600,root,root) /usr/share/shorewall/action.DropDNSrep
%attr(0600,root,root) /usr/share/shorewall/action.DropPing
%attr(0600,root,root) /usr/share/shorewall/action.DropSMB
%attr(0600,root,root) /usr/share/shorewall/action.DropUPnP
%attr(0600,root,root) /usr/share/shorewall/action.Reject
%attr(0600,root,root) /usr/share/shorewall/action.RejectAuth
%attr(0600,root,root) /usr/share/shorewall/action.RejectSMB
%attr(0600,root,root) /usr/share/shorewall/action.template
%attr(0444,root,root) /usr/share/shorewall/functions %attr(0444,root,root) /usr/share/shorewall/functions
%attr(0544,root,root) /usr/share/shorewall/firewall %attr(0544,root,root) /usr/share/shorewall/firewall
%attr(0544,root,root) /usr/share/shorewall/help %attr(0544,root,root) /usr/share/shorewall/help
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
%changelog %changelog

2
Shorewall2/uninstall.sh
View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version # You may only use this script to uninstall the version
# shown below. Simply run this script to remove Seattle Firewall # shown below. Simply run this script to remove Seattle Firewall
VERSION=2.0.0-Beta1 VERSION=2.0.0-Beta2
usage() # $1 = exit status usage() # $1 = exit status
{ {