holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Document BOGON_LOG_LEVEL and add it to shorewall.conf

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1204 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-03-18 16:53:25 +00:00
parent 302cae411e
commit 05caa78e22
2 changed files with 34 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
Shorewall2/releasenotes.txt
View File

@ -9,7 +9,25 @@ Problems Corrected since 2.0.0
----------------------------------------------------------------------- -----------------------------------------------------------------------
Issues when migrating from Shorewall 2.0.0 to Shorewall 2.0.1: Issues when migrating from Shorewall 2.0.0 to Shorewall 2.0.1:
None. 1) The function of 'norfc1918' is now split between that option and a
new 'nobogons' option.
The rfc1918 file released with Shorewall now contains entries for
only those three address ranges reserved by RFC 1918. A 'nobogons'
interface option has been added which handles bogon source
addresses (those which are reserved by the IANA, those reserved for
DHCP auto-configuration and the class C test-net reserved for
testing and documentation examples). This will allow users to
perform RFC 1918 filtering without having to deal with out
of date data from IANA. Those who are willing to update their
/usr/share/shorewall/bogons file regularly can specify the
'nobogons' option in addition to 'norfc1918'.
The level at which bogon packets are logged is specified in the new
BOGON_LOG_LEVEL variable in shorewall.conf. If that option is not
specified or is specified as empty (e.g, BOGON_LOG_LEVEL="") then
bogon packets whose TARGET is 'logdrop' in
/usr/share/shorewall/bogons are logged at the 'info' level.
New Features: New Features:
@ -17,15 +35,5 @@ New Features:
http://shorewall.net/bridge.html http://shorewall.net/bridge.html
2) The rfc1918 file released with Shorewall now contains entries for
only those three address ranges reserved by RFC 1918. A new
'nobogons' interface option has been added which handles bogon
source addresses (those which are reserved by the IANA, those
reserved for DHCP auto-configuration and the class C test-net
reserved for testing and documentation examples). This will allow
users to perform RFC 1918 filtering without having to deal with out
of date data from IANA. Those who are willing to update their
/usr/share/shorewall/bogons file regularly can specify the
'nobogons' option in addition to 'norfc1918'.

15
Shorewall2/shorewall.conf
View File

@ -171,9 +171,24 @@ RFC1918_LOG_LEVEL=info
# Specifies the logging level for smurf packets dropped by the # Specifies the logging level for smurf packets dropped by the
#'nosmurfs' interface option in /etc/shorewall/interfaces. If set to the empty #'nosmurfs' interface option in /etc/shorewall/interfaces. If set to the empty
# value ( SMURF_LOG_LEVEL="" ) then dropped smurfs are not logged. # value ( SMURF_LOG_LEVEL="" ) then dropped smurfs are not logged.
#
# See the comment at the top of this section for a description of log levels
#
SMURF_LOG_LEVEL=info SMURF_LOG_LEVEL=info
#
# BOGON Log Level
#
# Specifies the logging level for bogon packets dropped by the
#'nobogons' interface option in /etc/shorewall/interfaces. If set to the empty
# value ( BOGON_LOG_LEVEL="" ) then packets whose TARGET is 'logdrop'
# in /usr/share/shorewall/bogons are logged at the 'info' level.
#
# See the comment at the top of this section for a description of log levels
#
BOGON_LOG_LEVEL=info
################################################################################ ################################################################################
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
################################################################################ ################################################################################