holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Add the FIREWALL .conf option

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-10-05 15:03:54 -07:00
parent ca7ca4bdfe
commit 14e8568d9e
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
16 changed files with 177 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Shorewall/Perl/Shorewall/Config.pm
View File

@ -900,6 +900,7 @@ sub initialize( $;$$) {
MINIUPNPD => undef ,
VERBOSE_MESSAGES => undef ,
ZERO_MARKS => undef ,
FIREWALL => undef ,
#
# Packet Disposition
#

6
Shorewall/Samples/Universal/shorewall.conf
View File

@ -23,6 +23,12 @@ VERBOSITY=1
PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
###############################################################################
# L O G G I N G
###############################################################################

6
Shorewall/Samples/one-interface/shorewall.conf
View File

@ -34,6 +34,12 @@ VERBOSITY=1
PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
###############################################################################
# L O G G I N G
###############################################################################

6
Shorewall/Samples/three-interfaces/shorewall.conf
View File

@ -31,6 +31,12 @@ VERBOSITY=1
PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
###############################################################################
# L O G G I N G
###############################################################################

6
Shorewall/Samples/two-interfaces/shorewall.conf
View File

@ -34,6 +34,12 @@ VERBOSITY=1
PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
###############################################################################
# L O G G I N G
###############################################################################

6
Shorewall/configfiles/shorewall.conf
View File

@ -23,6 +23,12 @@ VERBOSITY=1
PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
###############################################################################
# L O G G I N G
###############################################################################

13
Shorewall/lib.cli-std
View File

@ -1444,6 +1444,12 @@ remote_reload_command() # $* = original arguments less the command.
option=
shift
;;
D)
[ $# -gt 1 ] || fatal_error "Missing directory name"
g_shorewalldir=$2
option=
shift
;;
T*)
g_confess=Yes
option=${option#T}
@ -1467,7 +1473,7 @@ remote_reload_command() # $* = original arguments less the command.
case $# in
0)
missing_argument
[ -n "$g_shorewalldir" ] || g_shorewalldir='.'
;;
1)
g_shorewalldir="."
@ -1502,6 +1508,11 @@ remote_reload_command() # $* = original arguments less the command.
get_config No
g_haveconfig=Yes
if [ -z "$system" ]; then
system=$FIREWALL
[ -n "$system" ] || fatal_error "No system name given and the FIREWALL option is not set"
fi
else
fatal_error "$g_shorewalldir/$g_program.conf does not exist"
fi

14
Shorewall/manpages/shorewall.conf.xml
View File

@ -911,6 +911,20 @@ net all DROP info</programlisting>then the chain name is 'net-all'
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis
role="bold">FIREWALL</emphasis>=[<emphasis>dnsname-or-ip-address</emphasis>]</term>
<listitem>
<para>This option was added in Shorewall 5.0.13 and may be used on
an administrative system in directories containing the
configurations of remote firewalls. The contents of the variable are
the default value for the <replaceable>system</replaceable>
parameter to the <command>remote-reload</command> and
<command>remote-restart</command> commands.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">FORWARD_CLEAR_MARK=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>

56
Shorewall/manpages/shorewall.xml
View File

@ -451,9 +451,9 @@
<arg><option>-i</option></arg>
<arg><replaceable>directory</replaceable></arg>
<arg><arg><option>-D</option></arg><replaceable>directory</replaceable></arg>
<arg choice="plain"><replaceable>system</replaceable></arg>
<arg choice="plain"><arg><replaceable>system</replaceable></arg></arg>
</cmdsynopsis>
<cmdsynopsis>
@ -475,9 +475,9 @@
<arg><option>-i</option></arg>
<arg><replaceable>directory</replaceable></arg>
<arg><arg><option>-D</option></arg><replaceable>directory</replaceable></arg>
<arg choice="plain"><replaceable>system</replaceable></arg>
<arg choice="plain"><arg><replaceable>system</replaceable></arg></arg>
</cmdsynopsis>
<cmdsynopsis>
@ -499,9 +499,9 @@
<arg><option>-i</option></arg>
<arg><replaceable>directory</replaceable></arg>
<arg><arg><option>-D</option></arg><replaceable>directory</replaceable></arg>
<arg choice="plain"><replaceable>system</replaceable></arg>
<arg choice="plain"><arg><replaceable>system</replaceable></arg></arg>
</cmdsynopsis>
<cmdsynopsis>
@ -1614,8 +1614,8 @@
<term><emphasis role="bold">remote-start</emphasis>
[-<option>s</option>] [-<option>c</option>] [-<option>r</option>
<replaceable>root-user-name</replaceable>] [-<option>T</option>]
[-<option>i</option>] [ <replaceable>directory</replaceable> ]
<replaceable>system</replaceable></term>
[-<option>i</option>] [ [ -D ] <replaceable>directory</replaceable> ]
[ <replaceable>system</replaceable> ]</term>
<listitem>
<para>This command was renamed from <command>load</command> in
@ -1641,7 +1641,13 @@
directory. If compilation succeeds, then firewall is copied to
<replaceable>system</replaceable> using scp. If the copy succeeds,
Shorewall Lite on <replaceable>system</replaceable> is started via
ssh.</para>
ssh. Beginning with Shorewall 5.0.13, if
<replaceable>system</replaceable> is omitted, then the FIREWALL
option setting in <ulink
url="shorewall6.conf.html">shorewall6.conf(5)</ulink> is assumed. In
that case, if you want to specify a
<replaceable>directory</replaceable>, then the <option>-D</option>
option must be given.</para>
<para>If <emphasis role="bold">-s</emphasis> is specified and the
<emphasis role="bold">start</emphasis> command succeeds, then the
@ -1676,9 +1682,9 @@
<term><emphasis role="bold">remote-reload
</emphasis>[-<option>s</option>] [-<option>c</option>]
[-<option>r</option> <replaceable>root-user-name</replaceable>]
[-<option>T</option>] [-<option>i</option>] [
<replaceable>directory</replaceable> ]
<replaceable>system</replaceable></term>
[-<option>T</option>] [-<option>i</option>] [ [ -D ]
<replaceable>directory</replaceable> ] [
<replaceable>system</replaceable> ]</term>
<listitem>
<para>This command was added in Shorewall 5.0.0.</para>
@ -1702,8 +1708,14 @@
defaulted) directory is compiled to a file called firewall in that
directory. If compilation succeeds, then firewall is copied to
<emphasis>system</emphasis> using scp. If the copy succeeds,
Shorewall Lite on <emphasis>system</emphasis> is restarted via
ssh.</para>
Shorewall Lite on <emphasis>system</emphasis> is restarted via ssh.
Beginning with Shorewall 5.0.13, if
<replaceable>system</replaceable> is omitted, then the FIREWALL
option setting in <ulink
url="shorewall6.conf.html">shorewall6.conf(5)</ulink> is assumed. In
that case, if you want to specify a
<replaceable>directory</replaceable>, then the <option>-D</option>
option must be given.</para>
<para>If <emphasis role="bold">-s</emphasis> is specified and the
<emphasis role="bold">restart</emphasis> command succeeds, then the
@ -1738,9 +1750,9 @@
<term><emphasis role="bold">remote-restart
</emphasis>[-<option>s</option>] [-<option>c</option>]
[-<option>r</option> <replaceable>root-user-name</replaceable>]
[-<option>T</option>] [-<option>i</option>] [
<replaceable>directory</replaceable> ]
<replaceable>system</replaceable></term>
[-<option>T</option>] [-<option>i</option>] [ [ -D ]
<replaceable>directory</replaceable> ] [
<replaceable>system</replaceable> ]</term>
<listitem>
<para>This command was renamed from <command>reload</command> in
@ -1765,8 +1777,14 @@
defaulted) directory is compiled to a file called firewall in that
directory. If compilation succeeds, then firewall is copied to
<emphasis>system</emphasis> using scp. If the copy succeeds,
Shorewall Lite on <emphasis>system</emphasis> is restarted via
ssh.</para>
Shorewall Lite on <emphasis>system</emphasis> is restarted via ssh.
Beginning with Shorewall 5.0.13, if
<replaceable>system</replaceable> is omitted, then the FIREWALL
option setting in <ulink
url="shorewall6.conf.html">shorewall6.conf(5)</ulink> is assumed. In
that case, if you want to specify a
<replaceable>directory</replaceable>, then the <option>-D</option>
option must be given.</para>
<para>If <emphasis role="bold">-s</emphasis> is specified and the
<emphasis role="bold">restart</emphasis> command succeeds, then the

6
Shorewall6/Samples6/Universal/shorewall6.conf
View File

@ -24,6 +24,12 @@ VERBOSITY=1
PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
###############################################################################
# L O G G I N G
###############################################################################

6
Shorewall6/Samples6/one-interface/shorewall6.conf
View File

@ -25,6 +25,12 @@ VERBOSITY=1
PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
###############################################################################
# L O G G I N G
###############################################################################

6
Shorewall6/Samples6/three-interfaces/shorewall6.conf
View File

@ -24,6 +24,12 @@ VERBOSITY=1
PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
###############################################################################
# L O G G I N G
###############################################################################

6
Shorewall6/Samples6/two-interfaces/shorewall6.conf
View File

@ -24,6 +24,12 @@ VERBOSITY=1
PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
###############################################################################
# L O G G I N G
###############################################################################

6
Shorewall6/configfiles/shorewall6.conf
View File

@ -24,6 +24,12 @@ VERBOSITY=1
PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
###############################################################################
# L O G G I N G
###############################################################################

14
Shorewall6/manpages/shorewall6.conf.xml
View File

@ -772,6 +772,20 @@ net all DROP info</programlisting>then the chain name is 'net-all'
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis
role="bold">FIREWALL</emphasis>=[<emphasis>dnsname-or-ip-address</emphasis>]</term>
<listitem>
<para>This option was added in Shorewall 5.0.13 and may be used on
an administrative system in directories containing the
configurations of remote firewalls. The contents of the variable are
the default value for the <replaceable>system</replaceable>
parameter to the <command>remote-reload</command> and
<command>remote-restart</command> commands.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">FORWARD_CLEAR_MARK=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>

56
Shorewall6/manpages/shorewall6.xml
View File

@ -403,9 +403,9 @@
<arg><option>-i</option></arg>
<arg><replaceable>directory</replaceable></arg>
<arg><arg><option>-D</option></arg><replaceable>directory</replaceable></arg>
<arg choice="plain"><replaceable>system</replaceable></arg>
<arg choice="opt"><replaceable>system</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
@ -427,9 +427,9 @@
<arg><option>-i</option></arg>
<arg><replaceable>directory</replaceable></arg>
<arg><arg><option>-D</option></arg><replaceable>directory</replaceable></arg>
<arg choice="plain"><replaceable>system</replaceable></arg>
<arg choice="opt"><replaceable>system</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
@ -451,9 +451,9 @@
<arg><option>-i</option></arg>
<arg><replaceable>directory</replaceable></arg>
<arg><arg><option>-D</option></arg><replaceable>directory</replaceable></arg>
<arg choice="plain"><replaceable>system</replaceable></arg>
<arg choice="opt"><replaceable>system</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
@ -1548,9 +1548,11 @@
<term><emphasis role="bold">remote-reload
</emphasis>[-<option>s</option>] [-<option>c</option>]
[-<option>r</option> <replaceable>root-user-name</replaceable>]
[-<option>T</option>] [-<option>i</option>] [
<replaceable>directory</replaceable> ]
<replaceable>system</replaceable></term>
[-<option>T</option>] [-<option>i</option>] [ [ -D ]
<replaceable>directory</replaceable> ] [
<replaceable>system</replaceable> ]</term>
<term/>
<listitem>
<para>This command was added in Shorewall 5.0.0.</para>
@ -1574,8 +1576,14 @@
defaulted) directory is compiled to a file called firewall in that
directory. If compilation succeeds, then firewall is copied to
<emphasis>system</emphasis> using scp. If the copy succeeds,
Shorewall6 Lite on <emphasis>system</emphasis> is restarted via
ssh.</para>
Shorewall6 Lite on <emphasis>system</emphasis> is restarted via ssh.
Beginning with Shorewall 5.0.13, if
<replaceable>system</replaceable> is omitted, then the FIREWALL
option setting in <ulink
url="shorewall6.conf.html">shorewall6.conf(5)</ulink> is assumed. In
that case, if you want to specify a
<replaceable>directory</replaceable>, then the <option>-D</option>
option must be given.</para>
<para>If <option>-s</option> is specified and the
<command>restart</command> command succeeds, then the remote
@ -1610,9 +1618,9 @@
<term><emphasis role="bold">remote- restart
</emphasis>[-<option>s</option>] [-<option>c</option>]
[-<option>r</option> <replaceable>root-user-name</replaceable>]
[-<option>T</option>] [-<option>i</option>] [
<replaceable>directory</replaceable> ]
<replaceable>system</replaceable></term>
[-<option>T</option>] [-<option>i</option>] [ [ -D ]
<replaceable>directory</replaceable> ] [
<replaceable>system</replaceable> ]</term>
<listitem>
<para>This command was renamed from <command>reload</command> in
@ -1640,6 +1648,14 @@
Shorewall6 Lite on <emphasis>system</emphasis> is restarted via
ssh.</para>
<para>Beginning with Shorewall 5.0.13, if
<replaceable>system</replaceable> is omitted, then the FIREWALL
option setting in <ulink
url="shorewall6.conf.html">shorewall6.conf(5)</ulink> is assumed. In
that case, if you want to specify a
<replaceable>directory</replaceable>, then the <option>-D</option>
option must be given.</para>
<para>If <option>-s</option> is specified and the
<command>restart</command> command succeeds, then the remote
Shorewall6-lite configuration is saved by executing
@ -1673,8 +1689,8 @@
<term><emphasis role="bold">remote-start </emphasis>
[-<option>s</option>] [-<option>c</option>] [-<option>r</option>
<replaceable>root-user-name</replaceable>] [-<option>T</option>]
[-<option>i</option>] [ <replaceable>directory</replaceable> ]
<replaceable>system</replaceable></term>
[-<option>i</option>] [ [-D ] <replaceable>directory</replaceable> ] [
<replaceable>system</replaceable> ]</term>
<listitem>
<para>This command was added in Shorewall 5.0.0.</para>
@ -1699,7 +1715,13 @@
directory. If compilation succeeds, then firewall is copied to
<replaceable>system</replaceable> using scp. If the copy succeeds,
Shorewall6 Lite on <replaceable>system</replaceable> is started via
ssh.</para>
ssh. Beginning with Shorewall 5.0.13, if
<replaceable>system</replaceable> is omitted, then the FIREWALL
option setting in <ulink
url="shorewall6.conf.html">shorewall6.conf(5)</ulink> is assumed. In
that case, if you want to specify a
<replaceable>directory</replaceable>, then the <option>-D</option>
option must be given.</para>
<para>If <option>-s</option> is specified and the <emphasis
role="bold">start</emphasis> command succeeds, then the remote