This is a harmless commit to test syncmail.

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2171 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall2/shorewall.conf

@@ -158,6 +158,7 @@ LOGALLNEW=
 #
 # See the comment at the top of this section for a description of log levels
 #
+
 BLACKLIST_LOGLEVEL=
 
 #
@@ -174,7 +175,6 @@ BLACKLIST_LOGLEVEL=
 #
 # Example: LOGNEWNOTSYN=debug
 
-
 LOGNEWNOTSYN=info
 
 #
@@ -251,6 +251,7 @@ BOGON_LOG_LEVEL=info
 #
 
 LOG_MARTIANS=No
+
 ################################################################################
 #       L O C A T I O N   O F   F I L E S   A N D   D I R E C T O R I E S
 ################################################################################
@@ -261,12 +262,14 @@ LOG_MARTIANS=No
 # not specified or if specified with an empty value (e.g., IPTABLES="") then
 # the iptables executable located via the PATH setting below is used.
 #
+
 IPTABLES=
 
 #
 # PATH - Change this if you want to change the order in which Shorewall
 #        searches directories for executable files.
 #
+
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 
 #
@@ -336,6 +339,7 @@ CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
 # assumed.
 
 RESTOREFILE=
+
 ################################################################################
 #                       F I R E W A L L   O P T I O N S
 ################################################################################
@@ -345,6 +349,7 @@ RESTOREFILE=
 # Name of the firewall zone -- if not set or if set to an empty string, "fw"
 # is assumed.
 #
+
 FW=fw
 
 #
@@ -359,6 +364,7 @@ FW=fw
 # If you set this variable to "Keep" or "keep", Shorewall will neither
 # enable nor disable packet forwarding.
 #
+
 IP_FORWARDING=On
 
 #
@@ -368,6 +374,7 @@ IP_FORWARDING=On
 # for each NAT external address that you give in /etc/shorewall/nat. If you say
 # "No" or "no", you must add these aliases youself.
 #
+
 ADD_IP_ALIASES=Yes
 
 #
@@ -378,6 +385,7 @@ ADD_IP_ALIASES=Yes
 # "No" or "no", you must add these aliases youself. LEAVE THIS SET TO "No" unless
 # you are sure that you need it -- most people don't!!!
 #
+
 ADD_SNAT_ALIASES=No
 
 #
@@ -393,6 +401,7 @@ ADD_SNAT_ALIASES=No
 # You can cause Shorewall to retain existing addresses by setting
 # RETAIN_ALIASES=Yes. 
 #
+
 RETAIN_ALIASES=No
 
 #
@@ -475,6 +484,7 @@ MARK_IN_FORWARD_CHAIN=No
 #
 #	CLAMPMSS=1400
 #
+
 CLAMPMSS=No
 
 #
@@ -571,7 +581,6 @@ MUTEX_TIMEOUT=60
 # The behavior of NEWNOTSYN=Yes may also be enabled on a per-interface basis 
 # using the 'newnotsyn' option in /etc/shorewall/interfaces and on a
 # network or host basis using the same option in /etc/shorewall/hosts.
-
 #
 # I find that NEWNOTSYN=No tends to result in lots of "stuck"
 # connections because any network timeout during TCP session tear down
@@ -609,6 +618,7 @@ NEWNOTSYN=Yes
 # If this variable is not set or it is set to the null value then
 # ADMINISABSENTMINDED=No is assumed.
 #
+
 ADMINISABSENTMINDED=Yes
 
 #
@@ -631,6 +641,7 @@ ADMINISABSENTMINDED=Yes
 # If the BLACKLISTNEWONLY option is not set or is set to the empty value then
 # BLACKLISTNEWONLY=No is assumed.
 #
+
 BLACKLISTNEWONLY=Yes
 
 #
@@ -808,22 +819,27 @@ SAVE_IPSETS=No
 #
 # CROSSBEAM SUPPORT
 #
-# If Shorewall is running in a Crossbeam System (www.crossbeamsystems.com) you need
-# to activate this directive if you don't want the CPM to think the system is down
-# and send a reset signal. Also Crossbeam has a backplane chassis that needs to be
-# configured in such a way that accepts all traffic.
+# If Shorewall is running in a Crossbeam System (www.crossbeamsystems.com)
+# you need to activate this directive if you don't want the CPM to think
+# the system is down and send a reset signal during firewall restarts. Also
+# Crossbeam has a backplane chassis that needs to be configured in such a
+# way that accepts all traffic.
 #
-# If CROSSBEAM=Yes, then during a Shorewall start, restart or clear instead of
-# setting the default policies to DROP and then activating established connections,
-# Shorewall will first set the default policies to ACCEPT, activate established
-# connections and then set the default policies to DROP. After that, Shorewall starts
-# generating the rules as usual.
+# If CROSSBEAM=Yes, then during a Shorewall start, restart or clear instead
+# of setting the default policies to DROP and then activating established
+# connections, Shorewall will first set the default policies to ACCEPT,
+# activate established connections and then set the default policies to
+# DROP. After that, Shorewall starts generating the rules as usual.
 #
-# If CROSSBEAM=No, CROSSBEAM_BACKBONE is not used. If CROSSBEAM is set to Yes,
-# CROSSBEAM_BACKBONE will indicate the device used by the backbone.
+# If CROSSBEAM=No, CROSSBEAM_BACKBONE is not used. If CROSSBEAM is set to
+# Yes, CROSSBEAM_BACKBONE will indicate the device used by the backbone.
 # 
 # If not specified or if specified as empty (e.g., CROSSBEAM="") then
 # CROSSBEAM=No is assumed.
+#
+# FIXME: This needs to be replaced by better generalised routestopped
+# support.
+#
 
 CROSSBEAM=No
 CROSSBEAM_BACKBONE=eth0