From 4453bb7dc882e9ece4e8cef25196837e7ac3cbb3 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 17 Jan 2010 16:18:44 -0800 Subject: [PATCH] More updates from 4.5 --- Shorewall-lite/shorewall-lite | 22 +++++++++++----------- Shorewall/shorewall | 12 +++++++++++- Shorewall6-lite/shorewall6-lite | 20 +++++++++----------- Shorewall6/action.Drop | 4 ++-- Shorewall6/action.Reject | 4 ++-- Shorewall6/install.sh | 20 ++++++++++++++++++++ Shorewall6/shorewall6.conf | 6 ++++++ 7 files changed, 61 insertions(+), 27 deletions(-) diff --git a/Shorewall-lite/shorewall-lite b/Shorewall-lite/shorewall-lite index 0e5eb408c..c97def7c7 100755 --- a/Shorewall-lite/shorewall-lite +++ b/Shorewall-lite/shorewall-lite @@ -366,13 +366,14 @@ usage() # $1 = exit status { echo "Usage: $(basename $0) [debug|trace] [nolock] [ -q ] [ -v[-1|{0-2}] ] [ -t ] " echo "where is one of:" + echo " add [:] ... " echo " allow
..." - echo " clear" + echo " clear [ -f ]" + echo " delete [:] ... " echo " drop
..." echo " dump [ -x ]" echo " forget [ ]" echo " help" - echo " hits [ -t ]" echo " ipcalc {
/ |
}" echo " ipdecimal {
| }" echo " iprange
-
" @@ -381,7 +382,7 @@ usage() # $1 = exit status echo " logwatch []" echo " reject
..." echo " reset [ ... ]" - echo " restart [ -n ] [ -p ]" + echo " restart [ -n ] [ -p ] [ -f ] [ ]" echo " restore [ -n ] [ ]" echo " save [ ]" echo " show [ -x ] [ -t {filter|mangle|nat} ] [ {chain [ [ ... ]" @@ -389,19 +390,18 @@ usage() # $1 = exit status echo " show classifiers" echo " show config" echo " show connections" - echo " show dynamic " - echo " show filter" + echo " show filters" echo " show ip" echo " show [ -m ] log" - echo " show [ -x ] mangle|nat|raw" - echo " show routing" - echo " show tc" + echo " show [ -x ] mangle|nat|raw|routing" + echo " show policies" + echo " show tc [ device ]" echo " show vardir" echo " show zones" - echo " start [ -n ] [ -p ]" - echo " stop" + echo " start [ -f ] [ -p ] [ ]" + echo " stop [ -f ]" echo " status" - echo " version" + echo " version [ -a ]" echo exit $1 } diff --git a/Shorewall/shorewall b/Shorewall/shorewall index 92416e4d4..d3a70dd28 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -1396,7 +1396,7 @@ usage() # $1 = exit status echo " show macros" echo " show [ -x ] mangle|nat|raw|routing" echo " show policies" - echo " show tc [ ]" + echo " show tc [ device ]" echo " show vardir" echo " show zones" echo " start [ -f ] [ -n ] [ -p ] [ ]" @@ -1760,6 +1760,11 @@ case "$COMMAND" in [ -n "$debugging" ] && set -x [ $# -eq 1 ] && usage 1 if shorewall_is_started ; then + if ! chain_exists dynamic; then + echo "Dynamic blacklisting is not supported in the current $PRODUCT configuration" + exit 2 + fi + [ -n "$nolock" ] || mutex_on block DROP Dropped $* [ -n "$nolock" ] || mutex_off @@ -1772,6 +1777,11 @@ case "$COMMAND" in [ -n "$debugging" ] && set -x [ $# -eq 1 ] && usage 1 if shorewall_is_started ; then + if ! chain_exists dynamic; then + echo "Dynamic blacklisting is not supported in the current $PRODUCT configuration" + exit 2 + fi + [ -n "$nolock" ] || mutex_on block logdrop Dropped $* [ -n "$nolock" ] || mutex_off diff --git a/Shorewall6-lite/shorewall6-lite b/Shorewall6-lite/shorewall6-lite index 80e29a0ea..4023069d0 100755 --- a/Shorewall6-lite/shorewall6-lite +++ b/Shorewall6-lite/shorewall6-lite @@ -367,28 +367,26 @@ usage() # $1 = exit status echo "Usage: $(basename $0) [debug|trace] [nolock] [ -q ] [ -v[-1|{0-2}] ] [ -t ] " echo "where is one of:" echo " allow
..." - echo " clear" + echo " clear [ -f ]" echo " drop
..." echo " dump [ -x ]" echo " forget [ ]" echo " help" - echo " hits [ -t ]" - echo " ipcalc {
/ |
}" - echo " ipdecimal {
| }" - echo " iprange
-
" + echo " load [ -s ] [ -c ] [ -r ] [ ] " echo " logdrop
..." echo " logreject
..." echo " logwatch []" + echo " refresh [ ... ]" echo " reject
..." - echo " reset" - echo " restart [ -n ] [ -p ]" + echo " reset [ ... ]" + echo " restart [ -n ] [ -f ]" echo " restore [ -n ] [ ]" echo " save [ ]" - echo " show [ -x ] [ -m ] [ -f ] [ -t {filter|mangle|nat} ] [ {chain [ [ ... ]|capabilities|classifiers|config|connections|filters|ip|log|mangle|nat|routing|tc|vardir|zones} ]" - echo " start [ -f ] [ -n ] [ -p ]" - echo " stop" + echo " show [ -x ] [ -m ] [-f] [ -t {filter|mangle} ] [ {chain [ [ ... ]capabilities|classifiers|config|connections|filters|ip|log|macros|mangle|nat|policies|raw|routing|tc|vardir|zones} ]" + echo " start [ -f ] [ ]" + echo " stop [ -f ]" echo " status" - echo " version" + echo " version [ -a ]" echo exit $1 } diff --git a/Shorewall6/action.Drop b/Shorewall6/action.Drop index 0eb31dd3f..206b0cb22 100644 --- a/Shorewall6/action.Drop +++ b/Shorewall6/action.Drop @@ -22,7 +22,7 @@ # # Reject 'auth' # -Auth/REJECT +Auth(REJECT) # # ACCEPT critical ICMP types # @@ -35,7 +35,7 @@ dropInvalid # # Drop Microsoft noise so that it doesn't clutter up the log. # -SMB/DROP +SMB(DROP) # # Drop 'newnotsyn' traffic so that it doesn't get logged. # diff --git a/Shorewall6/action.Reject b/Shorewall6/action.Reject index 94590c412..49f3c683b 100644 --- a/Shorewall6/action.Reject +++ b/Shorewall6/action.Reject @@ -18,7 +18,7 @@ # # Don't log 'auth' -- REJECT # -Auth/REJECT +Auth(REJECT) # # ACCEPT critical ICMP types # @@ -32,7 +32,7 @@ dropInvalid # # Reject Microsoft noise so that it doesn't clutter up the log. # -SMB/REJECT +SMB(REJECT) # # Drop 'newnotsyn' traffic so that it doesn't get logged. # diff --git a/Shorewall6/install.sh b/Shorewall6/install.sh index 412e40154..cbf1c2f1a 100755 --- a/Shorewall6/install.sh +++ b/Shorewall6/install.sh @@ -371,6 +371,26 @@ if [ -z "$CYGWIN" -a ! -f ${PREFIX}/etc/shorewall6/tcrules ]; then echo "TC Rules file installed as ${PREFIX}/etc/shorewall6/tcrules" fi +# +# Install the TC Interfaces file +# +run_install $OWNERSHIP -m 0644 tcinterfaces ${PREFIX}/usr/share/shorewall6/configfiles/tcinterfaces + +if [ -z "$CYGWIN" -a ! -f ${PREFIX}/etc/shorewall6/tcinterfaces ]; then + run_install $OWNERSHIP -m 0600 tcinterfaces ${PREFIX}/etc/shorewall6/tcinterfaces + echo "TC Interfaces file installed as ${PREFIX}/etc/shorewall6/tcinterfaces" +fi + +# +# Install the TC Priority file +# +run_install $OWNERSHIP -m 0644 tcpri ${PREFIX}/usr/share/shorewall6/configfiles/tcpri + +if [ -z "$CYGWIN" -a ! -f ${PREFIX}/etc/shorewall6/tcpri ]; then + run_install $OWNERSHIP -m 0600 tcpri ${PREFIX}/etc/shorewall6/tcpri + echo "TC Priority file installed as ${PREFIX}/etc/shorewall6/tcpri" +fi + # # Install the TOS file # diff --git a/Shorewall6/shorewall6.conf b/Shorewall6/shorewall6.conf index 9d9875400..bfa9f4c40 100644 --- a/Shorewall6/shorewall6.conf +++ b/Shorewall6/shorewall6.conf @@ -149,6 +149,12 @@ TRACK_PROVIDERS=No ZONE2ZONE=2 +ACCOUNTING=Yes + +OPTIMIZE_ACCOUNTING=No + +DYNAMIC_BLACKLIST=Yes + ############################################################################### # P A C K E T D I S P O S I T I O N ###############################################################################