From 41c38771451562eef6850755c9e2f8a82afaf1bb Mon Sep 17 00:00:00 2001 From: paulgear Date: Thu, 26 May 2005 10:10:10 +0000 Subject: [PATCH] This is a harmless commit to test syncmail. git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2171 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall2/shorewall.conf | 42 +++++++++++++++++++++++++++------------ 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/Shorewall2/shorewall.conf b/Shorewall2/shorewall.conf index bd83fd91c..bda5ca409 100755 --- a/Shorewall2/shorewall.conf +++ b/Shorewall2/shorewall.conf @@ -158,6 +158,7 @@ LOGALLNEW= # # See the comment at the top of this section for a description of log levels # + BLACKLIST_LOGLEVEL= # @@ -174,7 +175,6 @@ BLACKLIST_LOGLEVEL= # # Example: LOGNEWNOTSYN=debug - LOGNEWNOTSYN=info # @@ -251,6 +251,7 @@ BOGON_LOG_LEVEL=info # LOG_MARTIANS=No + ################################################################################ # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S ################################################################################ @@ -261,12 +262,14 @@ LOG_MARTIANS=No # not specified or if specified with an empty value (e.g., IPTABLES="") then # the iptables executable located via the PATH setting below is used. # + IPTABLES= # # PATH - Change this if you want to change the order in which Shorewall # searches directories for executable files. # + PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin # @@ -336,6 +339,7 @@ CONFIG_PATH=/etc/shorewall:/usr/share/shorewall # assumed. RESTOREFILE= + ################################################################################ # F I R E W A L L O P T I O N S ################################################################################ @@ -345,6 +349,7 @@ RESTOREFILE= # Name of the firewall zone -- if not set or if set to an empty string, "fw" # is assumed. # + FW=fw # @@ -359,6 +364,7 @@ FW=fw # If you set this variable to "Keep" or "keep", Shorewall will neither # enable nor disable packet forwarding. # + IP_FORWARDING=On # @@ -368,6 +374,7 @@ IP_FORWARDING=On # for each NAT external address that you give in /etc/shorewall/nat. If you say # "No" or "no", you must add these aliases youself. # + ADD_IP_ALIASES=Yes # @@ -378,6 +385,7 @@ ADD_IP_ALIASES=Yes # "No" or "no", you must add these aliases youself. LEAVE THIS SET TO "No" unless # you are sure that you need it -- most people don't!!! # + ADD_SNAT_ALIASES=No # @@ -393,6 +401,7 @@ ADD_SNAT_ALIASES=No # You can cause Shorewall to retain existing addresses by setting # RETAIN_ALIASES=Yes. # + RETAIN_ALIASES=No # @@ -475,6 +484,7 @@ MARK_IN_FORWARD_CHAIN=No # # CLAMPMSS=1400 # + CLAMPMSS=No # @@ -571,7 +581,6 @@ MUTEX_TIMEOUT=60 # The behavior of NEWNOTSYN=Yes may also be enabled on a per-interface basis # using the 'newnotsyn' option in /etc/shorewall/interfaces and on a # network or host basis using the same option in /etc/shorewall/hosts. - # # I find that NEWNOTSYN=No tends to result in lots of "stuck" # connections because any network timeout during TCP session tear down @@ -609,6 +618,7 @@ NEWNOTSYN=Yes # If this variable is not set or it is set to the null value then # ADMINISABSENTMINDED=No is assumed. # + ADMINISABSENTMINDED=Yes # @@ -631,6 +641,7 @@ ADMINISABSENTMINDED=Yes # If the BLACKLISTNEWONLY option is not set or is set to the empty value then # BLACKLISTNEWONLY=No is assumed. # + BLACKLISTNEWONLY=Yes # @@ -808,22 +819,27 @@ SAVE_IPSETS=No # # CROSSBEAM SUPPORT # -# If Shorewall is running in a Crossbeam System (www.crossbeamsystems.com) you need -# to activate this directive if you don't want the CPM to think the system is down -# and send a reset signal. Also Crossbeam has a backplane chassis that needs to be -# configured in such a way that accepts all traffic. +# If Shorewall is running in a Crossbeam System (www.crossbeamsystems.com) +# you need to activate this directive if you don't want the CPM to think +# the system is down and send a reset signal during firewall restarts. Also +# Crossbeam has a backplane chassis that needs to be configured in such a +# way that accepts all traffic. # -# If CROSSBEAM=Yes, then during a Shorewall start, restart or clear instead of -# setting the default policies to DROP and then activating established connections, -# Shorewall will first set the default policies to ACCEPT, activate established -# connections and then set the default policies to DROP. After that, Shorewall starts -# generating the rules as usual. +# If CROSSBEAM=Yes, then during a Shorewall start, restart or clear instead +# of setting the default policies to DROP and then activating established +# connections, Shorewall will first set the default policies to ACCEPT, +# activate established connections and then set the default policies to +# DROP. After that, Shorewall starts generating the rules as usual. # -# If CROSSBEAM=No, CROSSBEAM_BACKBONE is not used. If CROSSBEAM is set to Yes, -# CROSSBEAM_BACKBONE will indicate the device used by the backbone. +# If CROSSBEAM=No, CROSSBEAM_BACKBONE is not used. If CROSSBEAM is set to +# Yes, CROSSBEAM_BACKBONE will indicate the device used by the backbone. # # If not specified or if specified as empty (e.g., CROSSBEAM="") then # CROSSBEAM=No is assumed. +# +# FIXME: This needs to be replaced by better generalised routestopped +# support. +# CROSSBEAM=No CROSSBEAM_BACKBONE=eth0